[go: up one dir, main page]

CN101686225A - Methods of data encryption and key generation for on-line payment - Google Patents

Methods of data encryption and key generation for on-line payment Download PDF

Info

Publication number
CN101686225A
CN101686225A CN200810200736A CN200810200736A CN101686225A CN 101686225 A CN101686225 A CN 101686225A CN 200810200736 A CN200810200736 A CN 200810200736A CN 200810200736 A CN200810200736 A CN 200810200736A CN 101686225 A CN101686225 A CN 101686225A
Authority
CN
China
Prior art keywords
key
encryption
chip
master key
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810200736A
Other languages
Chinese (zh)
Inventor
何朔
孟宏文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN200810200736A priority Critical patent/CN101686225A/en
Publication of CN101686225A publication Critical patent/CN101686225A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明揭示了一种用于网上支付的数据加密方法,包括:用户通过键盘刷卡和输入交易密码;对磁道信息和交易密码加密;接收和解密磁道信息、交易密码和MAC数据,并对其进行二次加密和组织报文;对报文数据进行数字签名;以及网络浏览器将全部报文发送至支付网关。本发明也揭示了一种密钥生成方法,包括:设定加密主密钥和MAC主密钥;向支付网关申请下载终端主密钥;调取支付网关加密机中的根密钥;根据安全芯片编号生成终端主密钥和获取终端公钥。采用本发明的数据加密和密钥生成方法,在互联网上传输银行卡的敏感数据及交易数据时,采用对称加密、非对称加密和SSL通道的三重加密,实现“一机一密”和“一次一密”,具有极高的安全性。

Figure 200810200736

The invention discloses a data encryption method for online payment, including: the user swipes the card through the keyboard and inputs the transaction password; encrypts the magnetic track information and the transaction password; receives and decrypts the magnetic track information, the transaction password and MAC data, and performs Re-encrypt and organize the message; digitally sign the message data; and the web browser send the entire message to the payment gateway. The present invention also discloses a key generation method, including: setting the encryption master key and the MAC master key; applying to the payment gateway for downloading the terminal master key; calling the root key in the encryption machine of the payment gateway; The chip number generates the terminal master key and obtains the terminal public key. Using the data encryption and key generation method of the present invention, when transmitting sensitive data and transaction data of bank cards on the Internet, symmetric encryption, asymmetric encryption and triple encryption of SSL channels are used to realize "one machine, one secret" and "one-time One secret", with extremely high security.

Figure 200810200736

Description

一种用于网上支付的数据加密和密钥生成方法 A data encryption and key generation method for online payment

技术领域 technical field

本发明涉及电子商务应用领域,尤其涉及电子商务应用中的安全支付技术。The invention relates to the field of e-commerce application, in particular to the safe payment technology in the e-commerce application.

背景技术 Background technique

随着经济的发展和人们生活水平的提高,银行卡已经成为日常生活中随处可见的支付工具和支付手段。例如,在商场、超市、机场或者酒店中的POS终端为用户提供了便捷的服务,持卡人只需输入银行卡的密码就可以实现无币支付。此外,随着互联网上电子商务的蓬勃发展,银行卡的网上支付业务也呈现出迅速增长的态势,与银行卡的传统业务相比,网上支付属于新兴的业务领域,网上买家在进行网上支付时提供银行卡账号和个人密码,就可以完成商品购买。With the development of the economy and the improvement of people's living standards, bank cards have become a payment tool and means of payment that can be seen everywhere in daily life. For example, POS terminals in shopping malls, supermarkets, airports or hotels provide users with convenient services. Cardholders only need to enter the password of the bank card to realize currencyless payment. In addition, with the vigorous development of e-commerce on the Internet, the online payment business of bank cards has also shown a rapid growth trend. Compared with the traditional business of bank cards, online payment is an emerging business field. Online buyers are making online payments. When you provide your bank card account number and personal password, you can complete the product purchase.

然而,在繁荣的网络经济时代,由于风险管理制度和风险防范措施尚未完善,给网上支付业务带来较高的潜在风险,也给持卡人使用该网上支付业务带来诸多的负面影响。甚至,一些网民利用自制的虚假网站来骗取持卡人的银行卡账号和交易密码,以冒领银行卡内余额的网上经济案件层出不穷,一定程度上也使得持卡人使用网上支付的积极性大打折扣。However, in the era of prosperous Internet economy, the risk management system and risk prevention measures have not yet been perfected, which brings high potential risks to the online payment business, and also brings many negative effects to the cardholders using the online payment business. Even, some netizens use self-made false websites to defraud cardholders' bank card account numbers and transaction passwords, and there are endless online economic cases in order to falsely claim the balance in the bank card, which also makes cardholders' enthusiasm for online payment greatly reduced to a certain extent. .

如何提供一个安全、易用、足够安全的支付手段是持卡人最为关注的技术问题,与此同时,安全、易用和备受信任的支付手段对于网络商户拓展商机和增长利润也是巨大的推动力。虽然,在现有技术中,发卡行针对电子商务的发展推出了网上银行业务,并采用硬件安全芯片作为交易证书的载体来提高交易的安全性,通过将银行卡和交易证书在后台绑定的方式提供网上支付业务,但是用户必须首先到银行购买硬件安全芯片,并绑定某张银行卡,成本较高,操作步骤繁琐,后续的业务变更还只能到银行柜台办理,给用户带来诸多不便。How to provide a safe, easy-to-use, and sufficiently secure payment method is the technical issue that cardholders are most concerned about. At the same time, a safe, easy-to-use, and trusted payment method is also a huge impetus for online merchants to expand business opportunities and increase profits. force. Although, in the prior art, the card issuing bank has launched online banking services for the development of e-commerce, and uses a hardware security chip as the carrier of the transaction certificate to improve the security of the transaction, by binding the bank card and the transaction certificate in the background However, users must first go to the bank to purchase a hardware security chip and bind it to a bank card. The cost is high and the operation steps are cumbersome. Subsequent business changes can only be handled at the bank counter, which brings many problems to users. inconvenient.

另一方面,个人PC在家庭生活中日益普及,能否通过扩展普通家用电脑的理财功能,将刷卡交易引入到网上购物的支付环节,以实现“网上订购、刷卡支付”,是摆在银行服务业的技术人员面前迫切需要解决的难题。On the other hand, personal PCs are becoming more and more popular in family life. Whether the credit card transactions can be introduced into the payment link of online shopping by expanding the financial management functions of ordinary household computers, so as to realize "online ordering and credit card payment" is a question of banking services. It is a difficult problem that urgently needs to be solved in front of the technical personnel of the industry.

发明内容 Contents of the invention

针对现有技术中用户在进行网上支付时所存在的上述技术缺陷,本发明提供了一种用于网上支付的数据加密方法和密钥生成方法。通过分别在电脑的主板和键盘上设计安全芯片和加密芯片来完成银行卡敏感数据的加密和/或解密,以实现数据的安全传输。与现有的网上支付业务不同,在该支付系统中用户不仅要输入银行卡密码,而且还需要在电脑的键盘上执行刷卡操作以获取银行卡的磁道信息数据,并通过键盘上的加密芯片进行加密而发送至电脑主板上的安全芯片。Aiming at the above-mentioned technical defects in the prior art when users make online payment, the present invention provides a data encryption method and a key generation method for online payment. By designing a security chip and an encryption chip on the motherboard and keyboard of the computer respectively, the encryption and/or decryption of the sensitive data of the bank card is completed, so as to realize the safe transmission of data. Different from the existing online payment business, in this payment system, users not only need to enter the bank card password, but also need to perform card swiping operations on the keyboard of the computer to obtain the magnetic track information data of the bank card, and through the encryption chip on the keyboard. Encrypted and sent to the security chip on the computer's motherboard.

按照本发明的一个方面,提供了一种用于网上支付的数据加密方法。该数据加密方法包括:According to one aspect of the present invention, a data encryption method for online payment is provided. The data encryption methods include:

用户订购商品后,通过键盘刷卡并输入交易密码,以产生磁道信息明文和交易密码明文;After ordering the goods, the user swipes the card through the keyboard and enters the transaction password to generate the plaintext of the magnetic track information and the plaintext of the transaction password;

加密芯片对磁道信息明文和交易密码明文进行加密,并转换为相应的磁道信息密文、交易信息密文和MAC数据;The encryption chip encrypts the plaintext of the track information and the plaintext of the transaction password, and converts them into the corresponding ciphertext of the track information, ciphertext of the transaction information and MAC data;

安全芯片接收和解密磁道信息密文、交易密码密文和MAC数据,并转换为磁道信息明文、交易密码明文、交易数据明文和安全芯片编号;The security chip receives and decrypts the ciphertext of the track information, the ciphertext of the transaction password and MAC data, and converts them into the plaintext of the track information, the plaintext of the transaction password, the plaintext of the transaction data and the security chip number;

安全芯片对磁道信息明文、交易密码明文进行二次加密并组织报文,在报文中加入交易数据明文和安全芯片编号;The security chip performs secondary encryption on the plaintext of the track information and the plaintext of the transaction password, organizes the message, and adds the plaintext of the transaction data and the security chip number to the message;

安全芯片对报文数据进行数字签名,并加密数字签名和交易数据明文;以及The security chip digitally signs the message data, and encrypts the digital signature and the plaintext of the transaction data; and

网络浏览器通过SSL协议将全部报文发送至支付网关。The web browser sends all the messages to the payment gateway through the SSL protocol.

其中,加密芯片设置在计算机的键盘内,并且安全芯片设置在计算机的主板上。Wherein, the encryption chip is set in the keyboard of the computer, and the security chip is set on the main board of the computer.

其中,加密芯片具有加密主密钥和MAC主密钥。Wherein, the encryption chip has an encryption master key and a MAC master key.

其中,安全芯片具有加密主密钥、MAC主密钥、终端主密钥和终端证书。进一步,终端证书包括终端公钥、终端私钥和支付网关公钥。Wherein, the security chip has an encryption master key, a MAC master key, a terminal master key and a terminal certificate. Further, the terminal certificate includes a terminal public key, a terminal private key and a payment gateway public key.

其中,加密芯片的加密主密钥和安全芯片的加密主密钥的密钥生成算法相同,并且加密芯片和安全芯片基于加密主密钥进行对称加密。此外,键盘的加密芯片使用加密主密钥与主板的安全芯片协商加密过程密钥,并利用该加密过程密钥来加密磁道信息明文和交易密码明文。Wherein, the encryption master key of the encryption chip and the encryption master key of the security chip have the same key generation algorithm, and the encryption chip and the security chip perform symmetric encryption based on the encryption master key. In addition, the encryption chip of the keyboard uses the encryption master key to negotiate the encryption process key with the security chip of the motherboard, and uses the encryption process key to encrypt the plaintext of the track information and the plaintext of the transaction password.

其中,主板的安全芯片使用加密过程密钥来解密来自加密芯片的磁道信息密文和交易密码密文。Among them, the security chip of the main board uses the encryption process key to decrypt the ciphertext of the magnetic track information and the ciphertext of the transaction password from the encryption chip.

其中,键盘上的加密芯片和主板上的安全芯片协商加密过程密钥的步骤包括:Wherein, the encryption chip on the keyboard and the security chip on the motherboard negotiate the steps of the encryption process key including:

加密芯片预设密钥生成算法;Encryption chip preset key generation algorithm;

安全芯片预设与加密芯片相同的密钥生成算法;The security chip presets the same key generation algorithm as the encryption chip;

加密芯片随机生成一个随机因子,并根据加密主密钥和随机因子计算加密过程密钥;The encryption chip randomly generates a random factor, and calculates the encryption process key according to the encryption master key and the random factor;

加密芯片向安全芯片发送连接请求和随机因子;The encryption chip sends a connection request and a random factor to the security chip;

安全芯片根据加密主密钥和随机因子计算加密过程密钥;以及The security chip calculates the encryption process key based on the encryption master key and the random factor; and

完成基于对称根密钥的过程密钥协商。Complete the process key agreement based on the symmetric root key.

其中,二次加密是指安全芯片通过终端主密钥与支付网关协商过程密钥,并使用过程密钥及3DES算法加密磁道信息明文和交易密码明文,3DES算法采用128位的长密钥。Among them, secondary encryption means that the security chip negotiates the process key with the payment gateway through the terminal master key, and uses the process key and the 3DES algorithm to encrypt the plaintext of the track information and the plaintext of the transaction password. The 3DES algorithm uses a 128-bit long key.

其中,安全芯片通过终端私钥对报文数据进行数字签名,并且使用支付网关公钥加密数字签名和交易数据明文及协商过程密钥的随机因子,数字签名的算法使用1024位长密钥的RSA算法。Among them, the security chip digitally signs the message data through the terminal private key, and uses the public key of the payment gateway to encrypt the digital signature and the plaintext of the transaction data and the random factor of the negotiation process key. The digital signature algorithm uses RSA with a 1024-bit long key. algorithm.

其中,安全芯片和所述加密芯片间实现密钥同步包括:Wherein, implementing key synchronization between the security chip and the encryption chip includes:

设定加密主密钥和MAC主密钥;Set encryption master key and MAC master key;

通过BIOS向安全芯片发出申请密钥的请求;Send a request to apply for a key to the security chip through the BIOS;

利用键盘驱动程序由BIOS自动将申请到的密钥注入加密芯片;以及Using the keyboard driver to automatically inject the applied key into the encryption chip by the BIOS; and

完成安全芯片和加密芯片间的密钥同步。Complete the key synchronization between the security chip and the encryption chip.

按照本发明的又一个方面,提供了一种在用于网上支付的数据加密方法中的密钥生成方法,该方法包括:According to another aspect of the present invention, a method for generating a key in a data encryption method for online payment is provided, the method comprising:

设定加密主密钥和MAC主密钥,以同步安全芯片和加密芯片间的密钥;Set the encryption master key and MAC master key to synchronize the keys between the security chip and the encryption chip;

向支付网关发送请求,申请下载终端主密钥;Send a request to the payment gateway to apply for downloading the terminal master key;

调取所述支付网关加密机中的根密钥;Retrieve the root key in the encryption machine of the payment gateway;

根据安全芯片编号由所述根密钥分散生成终端主密钥;以及generating a terminal master key distributedly from the root key according to the security chip number; and

根据安全芯片编号来获取终端公钥。Obtain the terminal public key according to the security chip number.

其中,加密芯片设置在计算机的键盘内,并且安全芯片设置在计算机的主板上。Wherein, the encryption chip is set in the keyboard of the computer, and the security chip is set on the main board of the computer.

其中,加密芯片具有加密主密钥和MAC主密钥;并且,安全芯片具有加密主密钥、MAC主密钥、终端主密钥和终端证书。更为具体地,终端证书包括终端公钥、终端私钥和支付网关公钥。Wherein, the encryption chip has an encryption master key and a MAC master key; and, the security chip has an encryption master key, a MAC master key, a terminal master key and a terminal certificate. More specifically, the terminal certificate includes a terminal public key, a terminal private key and a payment gateway public key.

其中,计算机上的钱包程序向安全芯片发送终端证书初始化命令后,安全芯片生成并保存RSA密钥对。该RSA密钥对包括终端私钥和终端公钥。Wherein, after the wallet program on the computer sends the terminal certificate initialization command to the security chip, the security chip generates and saves the RSA key pair. The RSA key pair includes a terminal private key and a terminal public key.

采用本发明的数据加密和密钥生成方法,能够以个人PC为平台,为持卡人提供一个安全的网上支付环境,将互联网上电子商务的便捷性和理财电脑的安全性集于一体,从计算机键盘、计算机主板、支付网关到清算转接机构均采用数据加密传输,将传统的刷卡交易引入网上交易的支付环节,实现“网上订购、刷卡支付”,在提升网上支付安全级别的同时,也极大地方便了网络用户。而且,利用本发明的数据加密和密钥生成方法,在互联网上传输银行卡的敏感数据及交易数据时,采用对称加密、非对称加密和SSL通道的三重加密,实现“一机一密”和“一次一密”,具有极高的安全性。By adopting the data encryption and key generation method of the present invention, the personal PC can be used as a platform to provide a safe online payment environment for cardholders, integrating the convenience of e-commerce on the Internet and the security of a financial management computer, from Computer keyboards, computer motherboards, payment gateways and clearing transfer agencies all adopt encrypted data transmission, and introduce traditional credit card transactions into the payment link of online transactions to realize "online ordering and card payment". While improving the security level of online payment, it also Greatly facilitate the network users. Moreover, using the data encryption and key generation method of the present invention, when transmitting sensitive data and transaction data of bank cards on the Internet, symmetric encryption, asymmetric encryption and triple encryption of SSL channels are used to realize "one machine, one secret" and "One time pad" has extremely high security.

附图说明 Description of drawings

读者在参照附图阅读了本发明的具体实施方式以后,将会更清楚地了解本发明的各个方面。其中,Readers will have a clearer understanding of various aspects of the present invention after reading the detailed description of the present invention with reference to the accompanying drawings. in,

图1示出了本发明基于理财电脑来实现网上支付的流程示意图;Fig. 1 shows the schematic flow chart of realizing online payment based on the financial management computer in the present invention;

图2示出了本发明用于实现网上支付的理财电脑的结构示意图;Fig. 2 shows the structural representation of the financial management computer used to realize online payment in the present invention;

图3示出了本发明在使用网上支付业务前激活理财电脑的原理示意图;Fig. 3 shows the schematic diagram of the principle of activating the financial management computer before using the online payment service in the present invention;

图4示出了采用本发明的理财电脑进行网上支付时,从持卡人刷卡到第三方支付网关接收报文过程中的数据加密示意图;Fig. 4 shows a schematic diagram of data encryption in the process of receiving messages from the cardholder swiping the card to the third-party payment gateway when the financial management computer of the present invention is used for online payment;

图5示出了依据本发明进行网上支付而采用的各种密钥的存储示意图;Fig. 5 shows the storage diagram of various keys adopted for online payment according to the present invention;

图6示出了本发明理财电脑的主板上所存储的终端主密钥和终端公钥的生成示意图;Fig. 6 shows the generation schematic diagram of the terminal master key and the terminal public key stored on the motherboard of the financial management computer of the present invention;

图7示出了本发明理财电脑的主板上的安全芯片和键盘上的加密芯片基于加密主密钥而协商加密过程密钥的原理示意图;Fig. 7 shows a schematic diagram of the principles of negotiating encryption process keys based on the encryption master key between the security chip on the motherboard of the financial management computer and the encryption chip on the keyboard of the present invention;

图8示出了本发明中实现安全芯片和加密芯片间密钥同步的原理框图;Fig. 8 shows a functional block diagram for realizing key synchronization between a security chip and an encryption chip in the present invention;

图9示出了本发明理财电脑的主板上的安全芯片进行初始化的流程示意图;Fig. 9 shows a schematic flow diagram of initializing the security chip on the motherboard of the wealth management computer of the present invention;

图10示出了本发明用于网上支付的银行卡在支付网关上注册的流程示意图;Fig. 10 shows a schematic flow chart of the registration of the bank card used for online payment on the payment gateway according to the present invention;

图11示出了本发明基于理财电脑的网上支付系统的支付流程示意图;而Fig. 11 shows the payment flow diagram of the present invention based on the online payment system of the financial management computer; and

图12示出了本发明基于理财电脑的网上支付系统的收款流程示意图。Fig. 12 shows a schematic diagram of the collection process of the online payment system based on the wealth management computer of the present invention.

具体实施方式 Detailed ways

下面参照附图,对本发明的具体实施方式作进一步的详细描述。The specific implementation manners of the present invention will be described in further detail below with reference to the accompanying drawings.

图1示出了本发明基于理财电脑来实现网上支付的流程示意图。这里,理财电脑是指具有网上支付功能的家用电脑。本领域的技术人员应当理解,图1不仅可以表示本发明的支付系统的结构组成,而且还可以说明该支付系统进行网上支付的具体流程示意图。Fig. 1 shows a schematic flow diagram of realizing online payment based on a wealth management computer in the present invention. Here, the wealth management computer refers to a home computer with an online payment function. Those skilled in the art should understand that Fig. 1 can not only represent the structural composition of the payment system of the present invention, but also illustrate the specific flow chart of the payment system for online payment.

参照图1,该支付系统包括:网络用户的理财电脑10、支付网关20、清算转接机构30、发卡行40、以及网络商户50。其中,网络用户是发卡行和中国银联的用户,持有银联卡并且是理财电脑的所有者,对理财电脑上发生的刷卡行为负责;支付网关20(也称为收单服务机构)拓展使用理财电脑支付的互联网B2C商户,为网络商户提供资金结算、差错请求提交等收单服务;清算转接机构30是运营理财电脑接入前置和交换的网络,并进行跨行支付清算服务;发卡行40是网络用户持有的银行卡的发卡机构;以及网络商户50是通过互联网为持卡人提供商业服务的单位或机构。需要指出的是,发卡行可以不经过清算转接机构中转,直接接收来自所述支付网关的敏感数据和交易数据,并返回响应信息至所述支付网关。更加具体地,理财电脑10至少包括主板104和键盘102。Referring to FIG. 1 , the payment system includes: a financial management computer 10 of a network user, a payment gateway 20 , a clearing transfer agency 30 , a card issuing bank 40 , and an online merchant 50 . Among them, the network user is a user of the card issuing bank and China UnionPay, holds a UnionPay card and is the owner of the wealth management computer, and is responsible for the card swiping behavior on the wealth management computer; the payment gateway 20 (also known as the acquiring service agency) expands the use of wealth management The Internet B2C merchants of computer payment provide acquiring services such as fund settlement and error request submission for online merchants; the clearing and switching agency 30 is the network that operates financial management computers connected to the front-end and exchange, and provides inter-bank payment and clearing services; the card issuing bank 40 is the card issuer of the bank card held by the network user; and the network merchant 50 is a unit or organization that provides business services to cardholders through the Internet. It should be pointed out that the card issuing bank can directly receive the sensitive data and transaction data from the payment gateway without going through the clearing transfer agency, and return the response information to the payment gateway. More specifically, the wealth management computer 10 includes at least a motherboard 104 and a keyboard 102 .

当采用上述支付系统进行网上支付时,主要包括以下步骤:When using the above payment system for online payment, it mainly includes the following steps:

步骤S1,作为持卡人的网络用户通过理财电脑10访问在线网络商户50,订购商品并选择理财电脑支付方式进行支付;Step S1, the network user as the cardholder visits the online network merchant 50 through the financial management computer 10, orders goods and selects the financial management computer payment method to pay;

步骤S2,接受理财电脑支付方式,将网页重定向至中国银联统一的支付页面;Step S2, accept the financial computer payment method, and redirect the webpage to the unified payment page of China UnionPay;

步骤S3,网络用户的理财电脑10检测到来自支付网关20的等待支付信息,理财电脑10键盘上的专用指示灯亮起,以提示用户刷卡并输入密码;Step S3, the financial management computer 10 of the network user detects the waiting payment information from the payment gateway 20, and the special indicator light on the keyboard of the financial management computer 10 lights up to prompt the user to swipe the card and input the password;

步骤S4,持卡人通过集成了读卡器的键盘进行刷卡,当输入交易密码后,将磁道信息和交易密码以加密的方式送往理财电脑10主板上的安全芯片;Step S4, the cardholder swipes the card through the keyboard integrated with the card reader, and after entering the transaction password, the magnetic track information and the transaction password are sent to the security chip on the main board of the financial management computer 10 in an encrypted manner;

步骤S5,安全芯片接收来自键盘的磁道信息和交易密码,再次加密后连同交易数据一起发送至支付网关20;Step S5, the security chip receives the magnetic track information and the transaction password from the keyboard, encrypts it again and sends it to the payment gateway 20 together with the transaction data;

步骤S6,支付网关20判断所接收的信息是否合法,如果合法则将交易信息发送到清算转接机构30;如果不合法则结束并返回;Step S6, the payment gateway 20 judges whether the received information is legal, and if it is legal, it sends the transaction information to the settlement transfer agency 30; if it is not legal, it ends and returns;

步骤S7,清算转接机构30转发交易信息至发卡行40;Step S7, the clearing transfer agency 30 forwards the transaction information to the issuing bank 40;

步骤S8,发卡行40返回应答至清算转接机构30;Step S8, the card issuing bank 40 returns a response to the clearing transfer agency 30;

步骤S9,清算转接机构30将发卡行的返回应答转发至支付网关20;Step S9, the clearing transfer agency 30 forwards the return response from the issuing bank to the payment gateway 20;

步骤S10,支付网关20将交易结果通知在线网络商户50;Step S10, the payment gateway 20 notifies the online network merchant 50 of the transaction result;

步骤S11,在线网络商户50将交易结果和订单匹配,返回交易结果通知应答;Step S11, the online network merchant 50 matches the transaction result with the order, and returns a transaction result notification response;

步骤S12,支付网关20向理财电脑10返回支付结果页面,用户通过支付结果页面中的链接返回在线网络商户网站以查询确认支付结果;以及Step S12, the payment gateway 20 returns the payment result page to the wealth management computer 10, and the user returns to the online merchant website through the link in the payment result page to check and confirm the payment result; and

步骤S13,该在线网络商户50将相应的商品发送至持卡人。In step S13, the online network merchant 50 sends corresponding commodities to the cardholder.

其中,在上述步骤里,支付网关是指中国银联的支付网关,其主要用于拓展基于理财电脑支付方式的互联网B2C商户,并为商户提供资金结算、差错请求提交等收单服务。Among them, in the above steps, the payment gateway refers to the payment gateway of China UnionPay, which is mainly used to expand Internet B2C merchants based on financial computer payment methods, and provide merchants with acquiring services such as fund settlement and error request submission.

其中,在上述步骤里,持卡人在理财电脑上进行刷卡支付。但是,刷卡人和持卡人可以是同一个人,也可以是不同的人。Wherein, in the above steps, the cardholder makes payment by swiping the card on the financial management computer. However, the person who swipes the card and the cardholder can be the same person or different people.

图2示出了本发明用于实现网上支付的理财电脑的结构示意图。参照图2,理财电脑10至少包括主板104和键盘102,其中,主板104具有安全芯片1041,以及键盘102具有加密芯片1021、读卡器和支付指示灯等。如图1所述,本发明的支付系统在进行网上安全支付时,首先网页重定向至银联统一的支付页面,当键盘的专用指示灯亮起,持卡人利用读卡器进行刷卡并输入交易密码,此时,加密芯片1021将持卡人输入的磁道信息和交易密码以加密方式传送至主板上的安全芯片1041,并且安全芯片1041解密该加密信息后组织交易报文,再次通过安全芯片加密交易报文中的敏感交易数据后发送至后台。至于安全芯片1041和加密芯片1021之间的密钥机制和协商将在后续的附图中具体描述。Fig. 2 shows a schematic structural diagram of a wealth management computer for realizing online payment according to the present invention. Referring to FIG. 2 , the wealth management computer 10 includes at least a main board 104 and a keyboard 102 , wherein the main board 104 has a security chip 1041 , and the keyboard 102 has an encryption chip 1021 , a card reader, and a payment indicator light. As shown in Figure 1, when the payment system of the present invention performs online security payment, the web page is first redirected to the unified payment page of UnionPay, and when the special indicator light of the keyboard lights up, the cardholder uses the card reader to swipe the card and enter the transaction password , at this time, the encryption chip 1021 transmits the magnetic track information and transaction password input by the cardholder to the security chip 1041 on the motherboard in an encrypted manner, and the security chip 1041 decrypts the encrypted information and organizes the transaction message, and encrypts the transaction again through the security chip The sensitive transaction data in the message is sent to the background. The key mechanism and negotiation between the security chip 1041 and the encryption chip 1021 will be specifically described in the subsequent drawings.

优选地,用于输入交易密码的小键盘采用密码键盘,或者至少采用达到密码键盘的安全水平的PIN输入设备。其中,键盘设置专用切换键,只有切换到基于理财电脑的网上支付方式时,读卡器才接收银行卡的磁道信息,同时由键盘内置的加密芯片对用户输入的交易密码进行加密。Preferably, the keypad for inputting the transaction password is a PIN pad, or at least a PIN input device that reaches the security level of a PIN pad. Among them, the keyboard is equipped with a special switch key, and only when switching to the online payment method based on the financial management computer, the card reader receives the magnetic track information of the bank card, and at the same time, the encryption chip built into the keyboard encrypts the transaction password entered by the user.

其中,键盘也设置专用的指示灯及其驱动程序,当网络用户在支付网关提交支付请求时,电脑将接收到等待支付的信息,键盘的专用指示灯亮起,以提示用户可以进行刷卡操作。进一步,等待支付设置超时处理,当持卡人超过一定时间仍未刷卡支付时,键盘的专用指示灯熄灭,持卡人须重新到支付网关的统一支付页面上提交支付请求。这样就可以防止伪造刷卡键盘,因为伪造的刷卡键盘无法对等待支付信息作出实时响应。Among them, the keyboard is also equipped with a dedicated indicator light and its driver. When the network user submits a payment request at the payment gateway, the computer will receive the information of waiting for payment, and the special indicator light of the keyboard will light up to prompt the user to perform card swiping operations. Further, wait for the payment setting to be timed out. When the cardholder has not swiped the card for payment for a certain period of time, the special indicator light on the keyboard will go out, and the cardholder must submit a payment request on the unified payment page of the payment gateway again. This prevents counterfeit swipe keypads that cannot respond in real time to pending payment information.

图3示出本发明在使用网上支付业务前激活理财电脑的原理示意图。参照图3,本发明中在其主板上具有安全芯片和在其键盘上具有加密芯片的家用电脑在使用理财功能前,必须予以激活。其具体的激活流程为:Fig. 3 shows a schematic diagram of the principle of activating the financial management computer before using the online payment service in the present invention. With reference to Fig. 3, in the present invention, the home computer with safety chip on its mainboard and encryption chip on its keyboard must be activated before using the financial management function. The specific activation process is as follows:

首先,网络用户进入基本输入输出系统(BIOS)设置中相应的菜单项,选择激活电脑的理财功能;First, the network user enters the corresponding menu item in the basic input output system (BIOS) setting, and selects to activate the financial management function of the computer;

接着,BIOS向键盘发送指令以查询键盘状态,确认键盘上装有加密芯片;向主板发送指令以查询主板状态,确认主板上装有安全芯片;此时,键盘和主板均接收相应的查询指令,并返回状态信息;Then, the BIOS sends commands to the keyboard to check the status of the keyboard, confirming that the keyboard is equipped with an encryption chip; sending commands to the motherboard to check the status of the motherboard, confirming that the security chip is installed on the motherboard; at this time, both the keyboard and the motherboard receive corresponding query commands and return status information;

步骤S3,BIOS发送初始化激活命令并接收主板的响应信息;并且主板返回唯一的响应信息;Step S3, the BIOS sends an initialization activation command and receives a response message from the motherboard; and the motherboard returns a unique response message;

步骤S4,分析响应信息并将新的传输密钥发送到键盘,接收键盘的响应信息;并且键盘写入新密钥,锁定键盘的加密芯片和主板的安全芯片之间的通讯机制;Step S4, analyzing the response information and sending the new transmission key to the keyboard, receiving the response information of the keyboard; and writing the new key into the keyboard, locking the communication mechanism between the encryption chip of the keyboard and the security chip of the motherboard;

步骤S5,BIOS发送激活键盘命令,以激活计算机的理财功能;主板设置新的传输密钥,记录键盘串号并启动理财功能。In step S5, the BIOS sends an activation keyboard command to activate the financial management function of the computer; the motherboard sets a new transmission key, records the serial number of the keyboard, and activates the financial management function.

图4示出了采用本发明的理财电脑进行网上支付时,从持卡人刷卡到第三方支付网关接收报文过程中的数据加密示意图。参照图4,在该加密数据的传输流程中主要涉及键盘的加密芯片、主板的安全芯片以及第三方支付网关。并且,数据加密主要存在于从持卡人利用集成了读卡器的键盘刷卡到主板的安全芯片、从主板的安全芯片到第三方支付网关。以下,分别使用流程中的节点(1)、(2)、(3)、(4)和(5)进行详细描述。Fig. 4 shows a schematic diagram of data encryption in the process of receiving a message from the cardholder swiping the card to the third-party payment gateway when the financial management computer of the present invention is used for online payment. Referring to FIG. 4 , the encrypted data transmission process mainly involves the encryption chip of the keyboard, the security chip of the motherboard and the third-party payment gateway. Moreover, data encryption mainly exists from the cardholder using the keyboard integrated with the card reader to swipe the card to the security chip on the main board, and from the security chip on the main board to the third-party payment gateway. In the following, nodes (1), (2), (3), (4) and (5) in the process are used to describe in detail.

需要指出的是,图4中的磁道信息密文、交易密码密文、交易数据密文以及数字签名均表示加密数据,而磁道信息明文、交易密码明文、交易数据明文和安全芯片编号均表示未加密数据或者已加密数据解密后的数据。It should be pointed out that the ciphertext of track information, ciphertext of transaction password, ciphertext of transaction data and digital signature in Fig. Encrypted data or data after decryption of encrypted data.

节点(1),网络用户通过键盘刷卡并输入交易密码,以产生对应于磁道信息的磁道信息明文和对应于交易密码的交易密码明文,键盘的加密芯片利用加密过程密钥以及MAC过程密钥将磁道信息明文和交易密码明文转换为磁道信息密文、交易信息密文和MAC数据;Node (1), the network user swipes the card through the keyboard and enters the transaction password to generate the plaintext of the track information corresponding to the track information and the plaintext of the transaction password corresponding to the transaction password. The encryption chip of the keyboard uses the encryption process key and the MAC process key to convert The plaintext of the magnetic track information and the plaintext of the transaction password are converted into the ciphertext of the magnetic track information, the ciphertext of the transaction information and MAC data;

节点(2),主板的安全芯片接收到来自加密芯片的磁道信息密文、交易信息密文和MAC数据后,首先使用MAC过程密钥验证数据未被更改,再使用加密过程密钥来解密磁道信息密文和交易密码密文,并转换为磁道信息明文、交易密码明文、交易数据明文和安全芯片编号,这里,键盘的加密芯片和主板的安全芯片之间的通讯采用对称加密的机制,键盘的加密芯片使用加密主密钥与主板的安全芯片协商加密过程密钥,并利用加密过程密钥来解密磁道信息密文和交易密码密文;以及键盘的加密芯片使用MAC主密钥协商MAC过程密钥,再用MAC过程密钥计算密文的消息验证码,以确保数据未被更改;Node (2), after the security chip of the main board receives the track information ciphertext, transaction information ciphertext and MAC data from the encryption chip, it first uses the MAC process key to verify that the data has not been changed, and then uses the encryption process key to decrypt the track Information ciphertext and transaction password ciphertext, and converted into track information plaintext, transaction password plaintext, transaction data plaintext and security chip number, here, the communication between the encryption chip of the keyboard and the security chip of the motherboard adopts a symmetric encryption mechanism, the keyboard The encryption chip of the keyboard uses the encryption master key to negotiate the encryption process key with the security chip of the motherboard, and uses the encryption process key to decrypt the ciphertext of the track information and the transaction password ciphertext; and the encryption chip of the keyboard uses the MAC master key to negotiate the MAC process Key, and then use the MAC process key to calculate the message verification code of the ciphertext to ensure that the data has not been changed;

节点(3),主板的安全芯片通过终端主密钥与第三方支付网关协商过程密钥,并使用过程密钥及3DES算法加密产生磁道信息密文和交易密码密文,其中3DES算法采用128位长密钥,并在报文中加入订单信息等交易数据明文及安全芯片编号;Node (3), the security chip of the main board negotiates the process key with the third-party payment gateway through the terminal master key, and uses the process key and 3DES algorithm to encrypt and generate the track information ciphertext and transaction ciphertext, in which the 3DES algorithm uses 128 bits Long key, and add order information and other transaction data plaintext and security chip number to the message;

节点(4),主板的安全芯片通过终端私钥对报文数据进行数字签名,再使用终端证书中的支付网关公钥加密数字签名和节点(3)中的交易数据明文及协商过程密钥的随机因子。其中非对称加密和数字签名算法使用1024位长密钥的RSA算法;以及Node (4), the security chip on the main board digitally signs the message data through the terminal private key, and then uses the payment gateway public key in the terminal certificate to encrypt the digital signature and the plain text of the transaction data in node (3) and the negotiation process key random factor. where the asymmetric encryption and digital signature algorithms use the RSA algorithm with a 1024-bit long key; and

节点(5),网络浏览器通过SSL协议将全部报文发送至第三方支付网关,该第三方支付网关接收到报文后,首先通过安全芯片编号分散出终端对应的公钥,使用自身私钥解密交易数据密文、随机因子和数字签名,并使用终端公钥核对数字签名,再使用随机因子和终端主密钥计算得出过程密钥,最后使用过程密钥解密得到磁道信息明文和交易密码明文。在获得所有数据明文后,第三方支付网关使用与清算转接机构协商的工作密钥加密交易密码,并与磁道信息、交易数据一起通过金融网转发至清算转接机构。Node (5), the web browser sends all the messages to the third-party payment gateway through the SSL protocol. After the third-party payment gateway receives the message, it first distributes the public key corresponding to the terminal through the security chip number, and uses its own private key Decrypt the transaction data ciphertext, random factor and digital signature, and use the terminal public key to check the digital signature, then use the random factor and the terminal master key to calculate the process key, and finally use the process key to decrypt the plaintext of the track information and the transaction password clear text. After obtaining all data plaintext, the third-party payment gateway encrypts the transaction password with the working key negotiated with the clearing transfer agency, and forwards it to the clearing transfer agency through the financial network together with the track information and transaction data.

通过上述数据传输流程可以知晓,本发明的支付系统相对于现有技术中的网上支付方法,具有如下特点:It can be known from the above data transmission process that the payment system of the present invention has the following characteristics compared with the online payment method in the prior art:

通过键盘的加密芯片将用户刷卡产生的磁道信息和输入的交易密码进行加密以传输到主板的安全芯片;Through the encryption chip of the keyboard, the magnetic track information generated by the user swiping the card and the transaction password entered are encrypted to be transmitted to the security chip of the main board;

在互联网上传输数据时,采用对称加密、非对称加密和SSL通道的三重加密,实现“一机一密”和“一次一密”;这里,一机一密是指每台理财电脑具有唯一性的密钥;一次一密是指在每个传输节点上采用不同的加密密钥;When transmitting data on the Internet, symmetric encryption, asymmetric encryption and triple encryption of SSL channels are used to realize "one secret for one machine" and "one secret for one time"; here, one secret for each computer means that each financial management computer is unique key; one-time pad refers to the use of different encryption keys on each transmission node;

磁道信息和交易密码在网络的任何节点上均为加密传输;Track information and transaction passwords are transmitted encrypted on any node of the network;

密码键盘通过MAC保证敏感数据到达主板的安全芯片前不被更改;通过终端证书签名及HTTP通信协议保证交易在互联网上传输的完整性;以及通过终端证书签名保证交易的不可否认性,保存金融交易的原始报文(含签名),以确保在发生争议时有据可查。The PINpad uses MAC to ensure that sensitive data will not be changed before it reaches the security chip on the main board; through terminal certificate signature and HTTP communication protocol to ensure the integrity of transaction transmission on the Internet; and through terminal certificate signature to ensure the non-repudiation of transactions and save financial transactions The original message (including signature) to ensure that it is well documented in the event of a dispute.

图5示出了依据本发明进行网上支付而采用的各种密钥的存储示意图。如图5所示,键盘的加密芯片1021具有加密主密钥和MAC主密钥,主板的安全芯片1041具有加密主密钥、MAC主密钥、终端主密钥和终端证书。其中,终端证书包括自身公钥和私钥以及第三方支付网关公钥,用于与第三方支付网关进行非对称加密;加密主密钥用于在安全芯片和加密芯片间进行对称加密,并协商加密过程密钥;和MAC主密钥用于协商MAC过程密钥。此外,终端主密钥用于主板的安全芯片与第三方支付网关进行对称加密。Fig. 5 shows a storage diagram of various keys used for online payment according to the present invention. As shown in FIG. 5 , the encryption chip 1021 of the keyboard has an encryption master key and a MAC master key, and the security chip 1041 of the motherboard has an encryption master key, a MAC master key, a terminal master key and a terminal certificate. Among them, the terminal certificate includes its own public key and private key and the public key of the third-party payment gateway, which is used for asymmetric encryption with the third-party payment gateway; the encryption master key is used for symmetric encryption between the security chip and the encryption chip, and negotiated Encryption process key; and MAC master key for negotiating the MAC process key. In addition, the terminal master key is used for symmetric encryption between the motherboard's security chip and the third-party payment gateway.

图6示出了本发明理财电脑的主板上所存储的终端主密钥和终端公钥的生成示意图。如上所述,终端主密钥用于主板的安全芯片与第三方支付网关进行对称加密,更为详细地,主板上的安全芯片通过终端主密钥与第三方支付网关协商过程密钥,使用该过程密钥及3DES算法加密交易密码明文和磁道信息明文。参照图6,生成终端主密钥和终端公钥包括:Fig. 6 shows a schematic diagram of generating a terminal master key and a terminal public key stored on the motherboard of the financial management computer according to the present invention. As mentioned above, the terminal master key is used for symmetric encryption between the security chip on the motherboard and the third-party payment gateway. The process key and the 3DES algorithm encrypt the plaintext of the transaction password and the plaintext of the track information. Referring to Figure 6, generating a terminal master key and a terminal public key includes:

步骤600,向第三方支付网关发送请求,申请下载终端主密钥;Step 600, sending a request to the third-party payment gateway to apply for downloading the terminal master key;

步骤602,调取该第三方支付网关加密机中的根密钥;Step 602, calling the root key in the encryption machine of the third-party payment gateway;

步骤604,根据安全芯片编号由该根密钥分散生成终端主密钥;以及Step 604, generating terminal master keys distributedly from the root key according to the security chip number; and

步骤606,根据安全芯片编号来获取终端公钥。Step 606, obtain the terminal public key according to the security chip number.

其中,所获取的终端公约用于核对数字签名。Wherein, the acquired terminal contract is used to check the digital signature.

其中,第三方支付网关的加密机主要用于加密和解密操作,包括:使用支付网关自身私钥解密交易数据密文、随机因子和数字签名;基于随机因子和终端主密钥计算得出的过程密钥,解密得到磁道信息明文和交易密码明文;使用与清算转接机构协商的工作密钥加密交易密码。Among them, the encryption machine of the third-party payment gateway is mainly used for encryption and decryption operations, including: using the payment gateway's own private key to decrypt transaction data ciphertext, random factors and digital signatures; the process of calculating based on random factors and terminal master keys Key, decrypted to obtain the plaintext of the track information and the plaintext of the transaction password; use the working key negotiated with the clearing transfer agency to encrypt the transaction password.

图7示出了本发明理财电脑的主板上的安全芯片和键盘上的加密芯片基于加密主密钥而协商加密过程密钥的原理示意图。如上所述,键盘的加密芯片和主板的安全芯片间采用对称加密的通讯机制,具体来说,键盘的加密芯片使用加密主密钥与主板的安全芯片协商加密过程密钥,并用该加密过程密钥加密磁道信息明文和交易密码明文;另一方面,安全芯片在接收到磁道信息密文和交易密码密文后,利用相同的加密过程密钥来解密磁道信息密文和交易密码密文。该协商加密过程密钥包括:Fig. 7 shows a schematic diagram of the principles of the security chip on the main board of the financial management computer and the encryption chip on the keyboard negotiating the key of the encryption process based on the encryption master key according to the present invention. As mentioned above, the encryption chip of the keyboard and the security chip of the main board adopt a communication mechanism of symmetric encryption. Specifically, the encryption chip of the keyboard uses the encryption master key to negotiate with the security chip of the main board to On the other hand, after the security chip receives the ciphertext of the track information and the ciphertext of the transaction cipher, it uses the same encryption process key to decrypt the ciphertext of the track information and the ciphertext of the transaction cipher. The negotiated encryption process keys include:

步骤700,加密芯片预设密钥生成算法;Step 700, encryption chip preset key generation algorithm;

步骤702,安全芯片预设与加密芯片相同的密钥生成算法;Step 702, the security chip presets the same key generation algorithm as that of the encryption chip;

步骤704,加密芯片随机生成一个随机因子,并根据加密主密钥和随机因子计算加密过程密钥;Step 704, the encryption chip randomly generates a random factor, and calculates the encryption process key according to the encryption master key and the random factor;

步骤706,键盘的加密芯片向主板的安全芯片发送连接请求和随机因子;Step 706, the encryption chip of the keyboard sends a connection request and a random factor to the security chip of the motherboard;

步骤708,安全芯片根据加密主密钥和随机因子计算加密过程密钥;以及Step 708, the security chip calculates the encryption process key according to the encryption master key and the random factor; and

步骤710,完成基于对称根密钥的过程密钥协商。Step 710, complete the process key agreement based on the symmetric root key.

本领域的技术人员应当理解,键盘的加密芯片可以采用与上述流程类似的方法使用MAC主密钥协商MAC过程密钥,同样,主板的安全芯片可以使用终端主密钥与第三方支付网关协商过程密钥;以及第三方支付网关可以与清算转接机构协商工作密钥。Those skilled in the art should understand that the encryption chip of the keyboard can use the MAC master key to negotiate the MAC process key in a method similar to the above process, and similarly, the security chip of the motherboard can use the terminal master key to negotiate the process with the third-party payment gateway keys; and third-party payment gateways can negotiate working keys with clearing intermediaries.

图8示出了本发明中实现安全芯片和加密芯片间密钥同步的原理框图。参照图8,键盘的加密芯片和主板的安全芯片采用加密主密钥和MAC主密钥进行数据传输,并且加密主密钥和MAC主密钥仅仅用于保证从键盘到安全芯片传输数据信息的完整性,与第三方支付网关无关。实现安全芯片和加密芯片间密钥同步包括:FIG. 8 shows a functional block diagram for implementing key synchronization between a security chip and an encryption chip in the present invention. Referring to Figure 8, the encryption chip of the keyboard and the security chip of the motherboard use the encryption master key and the MAC master key for data transmission, and the encryption master key and the MAC master key are only used to ensure the transmission of data information from the keyboard to the security chip. Integrity, independent of third-party payment gateways. Realizing key synchronization between security chip and encryption chip includes:

步骤800,设定加密主密钥和MAC主密钥;Step 800, setting encryption master key and MAC master key;

步骤802,通过BIOS向安全芯片发出申请密钥的请求;Step 802, sending a request for a key to the security chip through the BIOS;

步骤804,利用键盘驱动程序由BIOS自动将申请到的密钥注入加密芯片;以及Step 804, using the keyboard driver to automatically inject the applied key into the encryption chip by the BIOS; and

步骤806,完成安全芯片和加密芯片之间的密钥同步。Step 806, completing key synchronization between the security chip and the encryption chip.

图9示出了本发明理财电脑的主板上的安全芯片进行初始化的流程示意图。当网络用户在理财电脑上使用银行卡进行网上支付时,首先须将银行卡在第三方支付网关上注册后才可以使用,即第三方支付网关能够识别持卡人的银行卡。为此,在理财电脑上专门设置有一个用来管理注册银行卡的程序,其主要是将用户的银行卡信息安全地传送到第三方支付网关进行注册。只有在支付网关进行了注册的银行卡才可以办理网上支付业务,因该注册银行卡的程序类似于钱包的功能,我们不妨将其称为钱包程序。该钱包程序可以是单独的应用程序,或者在网页上运行的程序,用于初始化主板上的安全芯片,管理注册的银行卡并设置默认的支付卡片。FIG. 9 shows a schematic flow diagram of initialization of the security chip on the motherboard of the financial management computer of the present invention. When a network user uses a bank card to make online payment on a wealth management computer, the bank card must first be registered on the third-party payment gateway before it can be used, that is, the third-party payment gateway can recognize the cardholder's bank card. For this reason, a program for managing registered bank cards is specially set up on the wealth management computer, which is mainly to safely transmit the user's bank card information to a third-party payment gateway for registration. Only bank cards that have been registered in the payment gateway can handle online payment services. Because the program for registering bank cards is similar to the function of a wallet, we might as well call it a wallet program. The wallet program can be a separate application program, or a program running on a webpage, which is used to initialize the security chip on the motherboard, manage registered bank cards and set default payment cards.

从安全支付的角度考虑,用户的银行卡信息每次在交易时都将由安全芯片进行加密处理后才在互联网上进行传输。其初始化的流程包括:From the perspective of safe payment, the user's bank card information will be encrypted by the security chip before being transmitted on the Internet every time a transaction is made. Its initialization process includes:

钱包程序查询证书的有效性;The wallet program queries the validity of the certificate;

安全芯片返回证书状态到钱包程序,若证书有效,则结束该初始化过程,若证书无效,则向安全芯片发送证书初始化命令;The security chip returns the certificate status to the wallet program. If the certificate is valid, the initialization process is ended. If the certificate is invalid, a certificate initialization command is sent to the security chip;

安全芯片接收初始化命令后,生成RSA密钥对,并保存安全芯片的私钥,返回安全芯片的公钥至钱包程序;After the security chip receives the initialization command, it generates an RSA key pair, saves the private key of the security chip, and returns the public key of the security chip to the wallet program;

钱包程序接收安全芯片的公钥,取得个人信息后发送支付网关进行数字签名;The wallet program receives the public key of the security chip, obtains personal information and sends it to the payment gateway for digital signature;

将待签名信息送CA签名,返回数字证书至钱包程序;以及Send the information to be signed to CA for signature, and return the digital certificate to the wallet program; and

钱包程序接收证书并发送命令STORE_CERT以保存至安全芯片。The wallet program receives the certificate and sends the command STORE_CERT to save it to the security chip.

其中,存储在安全芯片上的数字证书可以在交易时用来加密或进行签名,如果证书失效或者不存在,则网上支付行为将无法完成。Among them, the digital certificate stored on the security chip can be used to encrypt or sign the transaction. If the certificate is invalid or does not exist, the online payment will not be completed.

如图9所述,持卡人的银行卡只有在第三方支付网关上注册后才可以使用。因而,图10示出了本发明用于网上支付的银行卡在支付网关上注册的流程示意图。该注册流程包括:As shown in Figure 9, the cardholder's bank card can only be used after it is registered on the third-party payment gateway. Therefore, FIG. 10 shows a schematic flowchart of the registration of the bank card used for online payment on the payment gateway according to the present invention. The registration process includes:

用户打开钱包程序,选择注册银行卡功能;The user opens the wallet program and selects the function of registering a bank card;

理财电脑提示用户刷卡并输入PIN;The financial management computer prompts the user to swipe the card and enter the PIN;

用户进行刷卡操作并输入PIN;The user swipes the card and enters the PIN;

理财电脑将卡片的磁道信息及交易密码加密后送往第三方支付网关;The wealth management computer encrypts the magnetic track information and transaction password of the card and sends it to the third-party payment gateway;

第三方支付网关将收到的银行卡的磁道信息和交易密码解密后,发送至相应的发卡行进行验证,根据发卡行的验证结果向理财电脑返回响应信息;以及The third-party payment gateway decrypts the magnetic track information and transaction password of the received bank card, sends it to the corresponding card issuing bank for verification, and returns a response message to the financial management computer according to the verification result of the card issuing bank; and

理财电脑接收该响应信息,提示银行卡注册成功或失败。The wealth management computer receives the response information and prompts whether the bank card registration is successful or failed.

以上简要描述了用于网上支付的银行卡在支付网关上注册的主要步骤。这里,为了更加详细地介绍注册流程,我们不妨将其划分为四个节点,具体为:钱包程序提示用户刷卡及输入PIN、主板上的安全芯片对来自加密芯片的磁道信息密文和交易密码密文进行处理、钱包程序发送数据至第三方支付网关、以及第三方支付网关绑定银行卡。下面对该四个节点的详细操作步骤说明如下:The above briefly describes the main steps of registering a bank card for online payment on the payment gateway. Here, in order to introduce the registration process in more detail, we might as well divide it into four nodes, specifically: the wallet program prompts the user to swipe the card and enter the PIN; The text is processed, the wallet program sends the data to the third-party payment gateway, and the third-party payment gateway binds the bank card. The detailed operation steps of the four nodes are as follows:

(1)钱包程序提示用户刷卡及输入PIN(1) The wallet program prompts the user to swipe the card and enter the PIN

a.理财电脑的钱包程序向键盘发送刷卡信号,键盘的专用指示灯亮起以提示用户进行刷卡操作;a. The wallet program of the financial management computer sends a card swiping signal to the keyboard, and the special indicator light of the keyboard lights up to prompt the user to swipe the card;

b.用户刷卡,键盘将银行卡的磁道信息加密后等待读取;b. When the user swipes the card, the keyboard encrypts the magnetic track information of the bank card and waits for reading;

c.钱包程序读取磁道信息密文后送至安全芯片;c. The wallet program reads the ciphertext of the magnetic track information and sends it to the security chip;

d.钱包程序提示用户输入PIN;以及d. The wallet program prompts the user for a PIN; and

e.用户输入PIN,键盘将交易密码加密后等待读取。e. The user enters the PIN, and the keyboard encrypts the transaction password and waits for it to be read.

(2)主板上的安全芯片对来自加密芯片的磁道信息密文和交易密码密文进行处理(2) The security chip on the motherboard processes the ciphertext of the magnetic track information and the ciphertext of the transaction password from the encryption chip

a.安全芯片只有在接收磁道信息密文和交易密码密文后才替换密文和签名;a. The security chip replaces the ciphertext and signature only after receiving the ciphertext of the magnetic track information and the ciphertext of the transaction password;

b.安全芯片接收磁道信息密文后,对其进行解密,检查格式是否正确,如果成功则设置标志位,指示磁道信息就绪;b. After the security chip receives the ciphertext of the track information, it decrypts it, checks whether the format is correct, and if successful, sets the flag to indicate that the track information is ready;

c.安全芯片接收交易密码密文后,对其进行解密,检查格式是否正确,如果成功则设置标志位,指示交易密码就绪;c. After the security chip receives the transaction password ciphertext, it decrypts it, checks whether the format is correct, and if successful, sets the flag to indicate that the transaction password is ready;

d.每次设置标志位后均检查是否磁道信息和交易密码都具备,如果具备则进行下一步,否则等待设置标志位;d. After each flag is set, check whether the track information and transaction password are available, if so, go to the next step, otherwise wait for the flag to be set;

e.安全芯片生成一个16位长的随机对称密钥SK,将交易密码和磁道信息使用SK进行加密;e. The security chip generates a 16-bit long random symmetric key SK, and encrypts the transaction password and track information with SK;

f.用第三方支付网关公钥对SK加密得到的信息称为信封,用安全芯片私钥对交易密码密文和磁道信息密文按照一定的格式签名,得到签名信息;f. The information obtained by encrypting the SK with the public key of the third-party payment gateway is called an envelope, and the private key of the security chip is used to sign the transaction password ciphertext and the track information ciphertext according to a certain format to obtain the signature information;

g.返回交易密码密文和磁道信息密文;以及g. Return the ciphertext of the transaction password and the ciphertext of the track information; and

h.返回信封和签名信息。h. Return envelope and signature information.

(3)钱包程序发送数据至第三方支付网关(3) The wallet program sends data to the third-party payment gateway

a.提示输入银行卡名称和电子邮件等信息;以及a. Prompt to enter information such as bank card name and email; and

b.将个性化信息和信封、签名信息及磁道信息密文和交易密码密文一起组成报文发送至第三方支付网关。b. Combine personalized information, envelope, signature information, magnetic track information ciphertext and transaction password ciphertext together to form a message and send it to the third-party payment gateway.

(4)第三方支付网关绑定银行卡(4) Third-party payment gateway binding bank card

a.第三方支付网关收到报文后,用私钥解开信封,得到SK;a. After receiving the message, the third-party payment gateway uses the private key to unlock the envelope and obtain the SK;

b.用SK磁道信息密文解密PIN,并用银行的终端密钥重新加密磁道信息;b. Use the SK track information ciphertext to decrypt the PIN, and re-encrypt the track information with the bank's terminal key;

c.将磁道信息和交易密码发送至发卡行进行验证;以及c. Send the track information and transaction password to the issuing bank for verification; and

d.返回成功与否的响应报文至钱包程序d. Return a successful response message to the wallet program

其中,若验证成功,则对银行卡卡号和理财电脑的硬件序号进行绑定,形成对应关系并保存到安全芯片;若验证失败,则返回响应信息提示用户注册不成功。Among them, if the verification is successful, the bank card number and the hardware serial number of the wealth management computer are bound to form a corresponding relationship and stored in the security chip; if the verification fails, a response message is returned to prompt the user to register unsuccessfully.

图11示出了本发明基于理财电脑的网上支付系统的支付流程示意图。该支付流程包括:Fig. 11 shows a schematic diagram of the payment process of the online payment system based on the wealth management computer of the present invention. The payment process includes:

网络用户浏览网站,选购商品并指定使用理财电脑支付方式;Internet users browse the website, purchase goods and designate the payment method using the financial management computer;

用户选择支付的银行卡并确定;The user selects the bank card for payment and confirms it;

理财电脑激活钱包程序,提示用户刷卡并输入PIN;The financial computer activates the wallet program, prompting the user to swipe the card and enter the PIN;

用户在键盘上执行刷卡操作并输入PIN;The user performs a card swiping operation on the keyboard and enters the PIN;

理财电脑接收加密磁道信息和加密PIN;The financial management computer receives encrypted magnetic track information and encrypted PIN;

检查当前的银行卡是否在安全芯片的认证卡列表里,如果不在,提示用户无法进行支付,如果存在,则获取订单信息和银行卡信息后组织报文发送到支付网关;Check whether the current bank card is in the authentication card list of the security chip. If not, prompt the user that the payment cannot be made. If it exists, obtain the order information and bank card information and organize the message to be sent to the payment gateway;

支付网关收到报文,检查绑定关系,确认可以交易后,转发报文至清算转接机构,并取得清算转接机构的响应信息;The payment gateway receives the message, checks the binding relationship, and after confirming that the transaction is possible, forwards the message to the clearing transfer agency and obtains the response information from the clearing transfer agency;

支付网关发送付款成功消息至商户,并得到订单查询URL;The payment gateway sends a payment success message to the merchant and gets the order query URL;

商户接收付款成功消息,匹配订单,准备发货;The merchant receives the payment success message, matches the order, and prepares to ship;

支付网关返回响应信息至理财电脑,理财电脑接收该响应信息,提示交易结束;以及The payment gateway returns a response message to the financial management computer, and the financial management computer receives the response message and prompts the end of the transaction; and

用户选择继续购物或者退出。The user chooses to continue shopping or exit.

其中,激活钱包程序进行网上支付可以分为两种,一种是在购物网站上选择支付时自动跳转到支付网关的统一支付页面,由支付页面通过钱包接口调用钱包程序;另一种是点击支付页面时,目标页面自动导向到由商户网站自动生成一定格式的购物信息文件,该文件类型和钱包程序在理财电脑形成关联。Among them, activating the wallet program for online payment can be divided into two types, one is to automatically jump to the unified payment page of the payment gateway when selecting payment on the shopping website, and the payment page calls the wallet program through the wallet interface; the other is to click On the payment page, the target page is automatically directed to a shopping information file in a certain format automatically generated by the merchant website, and the file type is associated with the wallet program on the financial management computer.

图12示出了本发明基于理财电脑的网上支付系统的收款流程示意图。与图11所示的支付流程相类似,该收款流程包括:Fig. 12 shows a schematic diagram of the collection process of the online payment system based on the wealth management computer of the present invention. Similar to the payment process shown in Figure 11, the collection process includes:

网络用户选购商品并指定使用理财电脑支付方式;Internet users purchase goods and designate payment methods using financial management computers;

商户启用理财电脑进行收款转账,要求用户刷卡和输入PIN;The merchant activates the financial management computer to collect and transfer money, and requires the user to swipe the card and enter the PIN;

理财电脑激活收款程序;The financial computer activates the collection program;

用户刷卡并输入PIN;The user swipes the card and enters the PIN;

理财电脑接收加密磁道信息和加密PIN,并组织报文发送至支付网关;The financial management computer receives the encrypted magnetic track information and encrypted PIN, and organizes the message to be sent to the payment gateway;

支付网关收到报文,检查绑定关系,确认可以交易后,转发报文至清算转接机构,并取得清算转接机构的响应信息;The payment gateway receives the message, checks the binding relationship, and after confirming that the transaction is possible, forwards the message to the clearing transfer agency and obtains the response information from the clearing transfer agency;

支付网关发送付款成功消息至商户,并得到订单查询URL;The payment gateway sends a payment success message to the merchant and gets the order query URL;

商户接收转账通知,确认收款成功;The merchant receives the transfer notification and confirms the success of the payment;

支付网关返回该响应信息至理财电脑,理财电脑接收该响应信息,提示交易结束;以及The payment gateway returns the response information to the financial management computer, and the financial management computer receives the response information and prompts that the transaction is completed; and

商户交付商品给该用户。The merchant delivers the product to the user.

上文中,参照附图描述了本发明的具体实施方式。但是,本领域中的普通技术人员能够理解,在不偏离本发明的精神和范围的情况下,还可以对本发明的具体实施方式作各种变更和替换。这些变更和替换都落在本发明权利要求书所限定的范围内。Hereinbefore, specific embodiments of the present invention have been described with reference to the accompanying drawings. However, those skilled in the art can understand that without departing from the spirit and scope of the present invention, various changes and substitutions can be made to the specific embodiments of the present invention. These changes and substitutions all fall within the scope defined by the claims of the present invention.

Claims (15)

1. A data encryption method for online payment, comprising the steps of:
after a user orders a commodity, swiping a card through a keyboard and inputting a transaction password so as to generate a magnetic track information plaintext and a transaction password plaintext;
the encryption chip encrypts the magnetic track information plaintext and the transaction password plaintext and converts the magnetic track information plaintext and the transaction password plaintext into corresponding magnetic track information ciphertext, transaction information ciphertext and MAC data;
the safety chip receives and decrypts the magnetic track information ciphertext, the transaction password ciphertext and the MAC data, and converts the magnetic track information ciphertext, the transaction password plaintext, the transaction data plaintext and the safety chip number;
the safety chip carries out secondary encryption on the magnetic track information plaintext and the transaction password plaintext and organizes a message, and the transaction data plaintext and the safety chip number are added into the message;
the security chip carries out digital signature on the message data and encrypts the digital signature and the transaction data plaintext; and
and the network browser sends all the messages to the payment gateway through the SSL protocol.
2. The method of claim 1, wherein the cryptographic chip is disposed within a keyboard of a computer and the security chip is disposed on a motherboard of the computer.
3. The method of claim 1, wherein the cryptographic chip has a cryptographic master key and a MAC master key.
4. The method of claim 1, wherein the secure chip has an encryption master key, a MAC master key, a terminal master key, and a terminal certificate.
5. The method of claim 3 or 4, wherein the cryptographic master key of the cryptographic chip and the key generation algorithm of the cryptographic master key of the secure chip are the same, and the cryptographic chip and the secure chip perform symmetric encryption based on the cryptographic master key.
6. The method of claim 5, wherein the cryptographic chip of the keyboard negotiates a cryptographic process key with the secure chip of the motherboard using the cryptographic master key and encrypts track information plaintext and transaction password plaintext using the cryptographic process key.
7. The method of claim 6, wherein the step of negotiating an encryption process key comprises:
the encryption chip presets a key generation algorithm;
the security chip presets a key generation algorithm the same as that of the encryption chip;
the encryption chip randomly generates a random factor, and calculates an encryption process key according to the encryption main key and the random factor;
the encryption chip sends a connection request and a random factor to the security chip;
the security chip calculates an encryption process key according to the encryption main key and the random factor; and
and completing the key agreement based on the symmetric root key.
8. The method of claim 1, wherein the secondary encryption is that the security chip negotiates a process key with the payment gateway through a terminal master key and encrypts track information plaintext and transaction password plaintext using the process key and a 3DES algorithm.
9. The method of claim 1, wherein the security chip digitally signs the message data with a terminal private key, and encrypts the digital signature and the transaction data plaintext with a payment gateway public key and negotiates a random factor for a process key.
10. The method of claim 1, wherein the performing key synchronization between the secure chip and the cryptographic chip comprises:
setting an encryption master key and an MAC master key;
sending a request for applying a secret key to the security chip through the BIOS;
automatically injecting the applied key into the encryption chip by the BIOS by using a keyboard driver; and
and completing the key synchronization between the security chip and the encryption chip.
11. A key generation method in the data encryption method according to claim 1, characterized by comprising:
setting an encryption main key and an MAC main key to synchronize keys between the security chip and the encryption chip;
sending a request to a payment gateway to apply for downloading a terminal master key;
calling a root key in the payment gateway encryption machine;
generating a terminal master key by the root key in a scattered manner according to the serial number of the security chip; and
and acquiring the terminal public key according to the security chip number.
12. The method of claim 11, wherein the cryptographic chip is disposed within a keyboard of a computer and the security chip is disposed on a motherboard of the computer.
13. The method of claim 11, wherein the cryptographic chip has a cryptographic master key and a MAC master key.
14. The method of claim 11, wherein the secure chip has an encryption master key, a MAC master key, a terminal master key, and a terminal certificate.
15. The method of claim 11, wherein the secure chip generates and stores an RSA key pair after the wallet program on the computer sends a terminal certificate initialization command to the secure chip.
CN200810200736A 2008-09-28 2008-09-28 Methods of data encryption and key generation for on-line payment Pending CN101686225A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810200736A CN101686225A (en) 2008-09-28 2008-09-28 Methods of data encryption and key generation for on-line payment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810200736A CN101686225A (en) 2008-09-28 2008-09-28 Methods of data encryption and key generation for on-line payment

Publications (1)

Publication Number Publication Date
CN101686225A true CN101686225A (en) 2010-03-31

Family

ID=42049198

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810200736A Pending CN101686225A (en) 2008-09-28 2008-09-28 Methods of data encryption and key generation for on-line payment

Country Status (1)

Country Link
CN (1) CN101686225A (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883096A (en) * 2010-06-07 2010-11-10 北京天地融科技有限公司 Method, device and system for safely transferring data between electronic signature tools
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN102404121A (en) * 2011-11-30 2012-04-04 华为技术有限公司 A method, device and system for processing ciphertext
CN102568097A (en) * 2010-12-08 2012-07-11 邵通 Method and system for improving safety of electronic wallets
CN103117856A (en) * 2012-01-16 2013-05-22 深圳市家富通汇科技有限公司 Method and device for configuring applications in mobile devices
CN103345799A (en) * 2013-06-08 2013-10-09 钱袋网(北京)信息技术有限公司 Card swiping device and method for encrypting information of bank card in card swiping device
CN103684759A (en) * 2012-09-11 2014-03-26 中国银联股份有限公司 Terminal data encrypting method and device
CN103716320A (en) * 2013-03-15 2014-04-09 福建联迪商用设备有限公司 Security downloading method and system of TMK
CN104376493A (en) * 2014-10-29 2015-02-25 中国建设银行股份有限公司 Safe processing system and method based on encryption equipment
CN105095701A (en) * 2014-05-06 2015-11-25 黄熙镜 User authentication method and device and terminal equipment
CN105306201A (en) * 2014-06-13 2016-02-03 广州涌智信息科技有限公司 Encrypted data transmission method
CN105684346A (en) * 2013-09-27 2016-06-15 金雅拓股份有限公司 Method for securing over-the-air communication between a mobile application and a gateway
CN105868653A (en) * 2016-03-29 2016-08-17 山东华芯富创电子科技有限公司 Password input method and device
CN105894662A (en) * 2016-03-29 2016-08-24 山东华芯富创电子科技有限公司 Password input device and system using same
CN106059771A (en) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 Intelligent POS machine secret key management system and method
CN106302482A (en) * 2016-08-22 2017-01-04 浙江省数字安全证书管理有限公司 A kind of browser-cross uses hardware encryption medium data safe transmission system and method
CN106506149A (en) * 2016-11-07 2017-03-15 福建星海通信科技有限公司 Key generation method and system between a kind of TBOX terminals and TSP platforms
CN106529941A (en) * 2016-11-24 2017-03-22 深圳市久通物联科技股份有限公司 PBOC micro payment security promotion method
CN106537432A (en) * 2014-07-17 2017-03-22 卓格莱特有限责任公司 Method and device for securing access to wallets in which cryptocurrencies are stored
CN106559412A (en) * 2016-10-11 2017-04-05 北京元心科技有限公司 Strengthen the method and system of authentication safety
CN106572106A (en) * 2016-11-07 2017-04-19 福建星海通信科技有限公司 Method of transmitting message between TBOX terminal and TSP platform
CN106228713B (en) * 2016-07-26 2018-08-10 中国银联股份有限公司 Data processing system and method for multiple POS terminals
CN108460597A (en) * 2018-03-23 2018-08-28 银联商务股份有限公司 A kind of key management system and method
CN108596593A (en) * 2018-04-20 2018-09-28 珠海横琴盛达兆业科技投资有限公司 A method of the pharmacy's shortcut key cash register realized based on B/S framework
CN111600829A (en) * 2019-02-21 2020-08-28 杭州萤石软件有限公司 Secure communication method and system for Internet of things equipment
CN112464188A (en) * 2020-12-14 2021-03-09 艾体威尔电子技术(北京)有限公司 Method for binding payment terminal and peripheral password keyboard
US11531984B2 (en) 2016-06-28 2022-12-20 Advanced New Technologies Co., Ltd. Method and device facilitating expansion of primary payment instruments
CN116112241A (en) * 2023-01-13 2023-05-12 长城信息股份有限公司 Software and hardware combined safety communication method and system for self-service equipment
CN116308353A (en) * 2023-03-10 2023-06-23 招商银行股份有限公司 IC card transaction method, system, terminal device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1527208A (en) * 2003-09-25 2004-09-08 联想(北京)有限公司 Method and device for realizing computer safety and enciphering based on identity confirmation
CN1588954A (en) * 2004-07-27 2005-03-02 中国工商银行 Intelligent terminal, system including said intelligent terminal and data exchanging method
CN1598794A (en) * 2003-09-19 2005-03-23 联想(北京)有限公司 Computer terminal safety system based on safety chip
CN101192295A (en) * 2006-11-30 2008-06-04 讯想科技股份有限公司 Chip credit card network transaction system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1598794A (en) * 2003-09-19 2005-03-23 联想(北京)有限公司 Computer terminal safety system based on safety chip
CN1527208A (en) * 2003-09-25 2004-09-08 联想(北京)有限公司 Method and device for realizing computer safety and enciphering based on identity confirmation
CN1588954A (en) * 2004-07-27 2005-03-02 中国工商银行 Intelligent terminal, system including said intelligent terminal and data exchanging method
CN101192295A (en) * 2006-11-30 2008-06-04 讯想科技股份有限公司 Chip credit card network transaction system and method

Cited By (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101883096A (en) * 2010-06-07 2010-11-10 北京天地融科技有限公司 Method, device and system for safely transferring data between electronic signature tools
CN101883096B (en) * 2010-06-07 2014-07-02 天地融科技股份有限公司 Method, device and system for safely transferring data between electronic signature tools
CN101964793A (en) * 2010-10-08 2011-02-02 上海银联电子支付服务有限公司 Method and system for transmitting data between terminal and server and sign-in and payment method
CN102568097A (en) * 2010-12-08 2012-07-11 邵通 Method and system for improving safety of electronic wallets
CN102404121B (en) * 2011-11-30 2014-03-12 华为技术有限公司 Ciphertext processing method, device and system
CN102404121A (en) * 2011-11-30 2012-04-04 华为技术有限公司 A method, device and system for processing ciphertext
CN103117856B (en) * 2012-01-16 2015-07-01 深圳市可秉资产管理合伙企业(有限合伙) Method and apparatus for configuring applications in a mobile device
CN103117856A (en) * 2012-01-16 2013-05-22 深圳市家富通汇科技有限公司 Method and device for configuring applications in mobile devices
CN103684759A (en) * 2012-09-11 2014-03-26 中国银联股份有限公司 Terminal data encrypting method and device
CN103716320A (en) * 2013-03-15 2014-04-09 福建联迪商用设备有限公司 Security downloading method and system of TMK
CN103714639A (en) * 2013-03-15 2014-04-09 福建联迪商用设备有限公司 Method and system enabling safe operation of POS terminal to be achieved
CN103716320B (en) * 2013-03-15 2017-08-01 福建联迪商用设备有限公司 A kind of terminal master key TMK safety downloading method and systems
CN103714639B (en) * 2013-03-15 2016-05-04 福建联迪商用设备有限公司 A kind of method and system that realize the operation of POS terminal security
CN103345799A (en) * 2013-06-08 2013-10-09 钱袋网(北京)信息技术有限公司 Card swiping device and method for encrypting information of bank card in card swiping device
CN103345799B (en) * 2013-06-08 2015-08-05 北京钱袋宝支付技术有限公司 Bank card information encryption method and swiping card equipment in swiping card equipment
CN105684346B (en) * 2013-09-27 2019-11-19 金雅拓股份有限公司 Ensure the method for air communication safety between mobile application and gateway
CN105684346A (en) * 2013-09-27 2016-06-15 金雅拓股份有限公司 Method for securing over-the-air communication between a mobile application and a gateway
CN105095701A (en) * 2014-05-06 2015-11-25 黄熙镜 User authentication method and device and terminal equipment
CN105306201B (en) * 2014-06-13 2018-09-28 广州涌智信息科技有限公司 A method of transmission is encrypted to data
CN105306201A (en) * 2014-06-13 2016-02-03 广州涌智信息科技有限公司 Encrypted data transmission method
CN106537432A (en) * 2014-07-17 2017-03-22 卓格莱特有限责任公司 Method and device for securing access to wallets in which cryptocurrencies are stored
CN104376493A (en) * 2014-10-29 2015-02-25 中国建设银行股份有限公司 Safe processing system and method based on encryption equipment
CN105894662A (en) * 2016-03-29 2016-08-24 山东华芯富创电子科技有限公司 Password input device and system using same
CN105868653A (en) * 2016-03-29 2016-08-17 山东华芯富创电子科技有限公司 Password input method and device
CN106059771A (en) * 2016-05-06 2016-10-26 上海动联信息技术股份有限公司 Intelligent POS machine secret key management system and method
US11531984B2 (en) 2016-06-28 2022-12-20 Advanced New Technologies Co., Ltd. Method and device facilitating expansion of primary payment instruments
TWI668646B (en) * 2016-07-26 2019-08-11 中國銀聯股份有限公司 Data processing system and method for multiple POS terminals
CN106228713B (en) * 2016-07-26 2018-08-10 中国银联股份有限公司 Data processing system and method for multiple POS terminals
CN106302482A (en) * 2016-08-22 2017-01-04 浙江省数字安全证书管理有限公司 A kind of browser-cross uses hardware encryption medium data safe transmission system and method
CN106559412A (en) * 2016-10-11 2017-04-05 北京元心科技有限公司 Strengthen the method and system of authentication safety
CN106572106A (en) * 2016-11-07 2017-04-19 福建星海通信科技有限公司 Method of transmitting message between TBOX terminal and TSP platform
CN106506149A (en) * 2016-11-07 2017-03-15 福建星海通信科技有限公司 Key generation method and system between a kind of TBOX terminals and TSP platforms
CN106506149B (en) * 2016-11-07 2019-10-22 福建星海通信科技有限公司 Key generation method and system between a kind of TBOX terminal and TSP platform
CN106529941A (en) * 2016-11-24 2017-03-22 深圳市久通物联科技股份有限公司 PBOC micro payment security promotion method
CN108460597B (en) * 2018-03-23 2022-03-15 银联商务股份有限公司 A key management system and method
CN108460597A (en) * 2018-03-23 2018-08-28 银联商务股份有限公司 A kind of key management system and method
CN108596593A (en) * 2018-04-20 2018-09-28 珠海横琴盛达兆业科技投资有限公司 A method of the pharmacy's shortcut key cash register realized based on B/S framework
CN111600829A (en) * 2019-02-21 2020-08-28 杭州萤石软件有限公司 Secure communication method and system for Internet of things equipment
CN112464188A (en) * 2020-12-14 2021-03-09 艾体威尔电子技术(北京)有限公司 Method for binding payment terminal and peripheral password keyboard
CN112464188B (en) * 2020-12-14 2023-10-31 艾体威尔电子技术(北京)有限公司 Binding method of payment terminal and peripheral password keyboard
CN116112241A (en) * 2023-01-13 2023-05-12 长城信息股份有限公司 Software and hardware combined safety communication method and system for self-service equipment
CN116112241B (en) * 2023-01-13 2025-03-14 长城信息股份有限公司 Software and hardware combined safety communication method and system for self-service equipment
CN116308353A (en) * 2023-03-10 2023-06-23 招商银行股份有限公司 IC card transaction method, system, terminal device and storage medium

Similar Documents

Publication Publication Date Title
CN101686225A (en) Methods of data encryption and key generation for on-line payment
CN101685512A (en) Computer, payment system and method thereof for realizing on-line payment
JP6214724B2 (en) Method, apparatus and system for secure provisioning, transmission and authentication of payment data
CN107230070B (en) Digital currency system
RU2518680C2 (en) Verification of portable consumer devices
KR102277060B1 (en) System and method for encryption
CN101211451B (en) Circle deposit system based on digital signature and method
GB2512595A (en) Integrated contactless mpos implementation
JP2019525645A (en) Cryptographic authentication and tokenized transactions
JP2006527430A (en) Customer authentication system and method in commercial transactions
CN104424565A (en) Digital card-based payment system and method
CN102968717A (en) Electronic payment method, relevant device and system
WO2016118087A1 (en) System and method for secure online payment using integrated circuit card
US20210209594A1 (en) System and methods for using limit-use encrypted code to transfer values securely among users
CN107292606A (en) A kind of method of payment and device
CN115956252A (en) Fast cryptocurrency transaction processing
JPWO2006082913A1 (en) Network payment card, network payment program, authentication server, shopping system and payment method
CN103065241A (en) Cloud credit card transaction system and transaction method thereof
US20210133736A1 (en) Method of electronic payment by means of a Uniform Resource Identifier (URI)
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing
TWI748630B (en) Two-dimensional bar code payment method based on mobile phone business card and its payment system, computer readable storage medium and computer equipment
JP2008152338A (en) System and method for credit card settlement using personal digital assistance
WO2012070923A1 (en) A method and a system to ensure a secured online transaction for a debit card
CN101996457A (en) Network cash collection device and payment method used in the network cash collection device
JP7695736B1 (en) Information processing system, information processing method, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100331