CN101686225A - Methods of data encryption and key generation for on-line payment - Google Patents
Methods of data encryption and key generation for on-line payment Download PDFInfo
- Publication number
- CN101686225A CN101686225A CN200810200736A CN200810200736A CN101686225A CN 101686225 A CN101686225 A CN 101686225A CN 200810200736 A CN200810200736 A CN 200810200736A CN 200810200736 A CN200810200736 A CN 200810200736A CN 101686225 A CN101686225 A CN 101686225A
- Authority
- CN
- China
- Prior art keywords
- key
- chip
- encryption
- plaintext
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 230000008569 process Effects 0.000 claims description 60
- 230000001680 brushing effect Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 19
- 230000004044 response Effects 0.000 description 18
- 230000007246 mechanism Effects 0.000 description 16
- 238000012546 transfer Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 7
- 230000003213 activating effect Effects 0.000 description 6
- 238000012795 verification Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000001994 activation Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a method of data encryption for on-line payment, which comprises the following steps: brushing a card through a keyboard and inputting a transaction password by a user; encrypting magnetic track information and the transaction password; receiving and decrypting the magnetic track information, the transaction password and MAC data, encrypting the magnetic track information,the transaction password and the MAC data for the second time and organizing messages; carrying out digital signatures on message data; and transmitting all the messages to a payment gateway by a network browser. The invention also discloses a method for key generation, which comprises the following steps: setting an encryption main key and an MAC main key; applying to the payment gateway for downloading a terminal main key; taking a root key in an encryption machine of the payment gateway; and generating the terminal main key according to the serial number of a safety chip and obtaining a terminal public key. By the methods of the data encryption and the key generation, triple encryption of symmetrical encryption, asymmetric encryption and an SSL passage is adopted when the sensitive dataand the transaction data of a bank card are transmitted on the Internet, one machine with one key and one time with one key are realized, and the invention has very high safety.
Description
Technical Field
The invention relates to the field of e-commerce application, in particular to a secure payment technology in e-commerce application.
Background
With the development of economy and the improvement of living standard of people, bank cards have become a ubiquitous payment tool and payment means in daily life. For example, POS terminals in shopping malls, supermarkets, airports, or hotels provide convenient services to users, and cardholders can realize cashless payment by only inputting the password of a bank card. In addition, with the explosion of electronic commerce on the internet, the online payment service of the bank card also presents a rapidly growing situation, compared with the traditional service of the bank card, the online payment belongs to a new business field, and an online buyer provides a bank card account and a personal password when performing online payment so as to complete commodity purchase.
However, in a prosperous network economy era, because a risk management system and risk prevention measures are not perfect, a high potential risk is brought to the online payment service, and a lot of negative effects are brought to the use of the online payment service by the card holders. Even some netizens use the self-made false website to cheat the bank card account and the transaction password of the card holder, so as to lead the online economic case of the balance in the bank card to emerge endlessly, and to a certain extent, the enthusiasm of the card holder for online payment is greatly discounted.
How to provide a safe, easy-to-use and sufficiently safe payment means is the most concerned technical problem for cardholders, and meanwhile, the safe, easy-to-use and trusted payment means is also a great driving force for network merchants to expand business opportunities and increase profits. Although, in the prior art, an issuer has introduced an online banking service for the development of electronic commerce, and a hardware security chip is used as a carrier of a transaction certificate to improve the security of a transaction, and an online payment service is provided by binding a bank card and the transaction certificate in the background, a user must first purchase the hardware security chip at a bank and bind a certain bank card, which is high in cost and complicated in operation steps, and subsequent service change can only be handled at a bank counter, which brings inconvenience to the user.
On the other hand, personal PCs are increasingly popularized in home life, and whether card swiping transactions can be introduced into a payment link of online shopping by expanding the financial management function of a common home computer so as to realize online ordering and card swiping payment is a difficult problem which needs to be solved urgently by technicians in the banking service industry.
Disclosure of Invention
Aiming at the technical defects of online payment of users in the prior art, the invention provides a data encryption method and a key generation method for online payment. The encryption and/or decryption of the sensitive data of the bank card is completed by respectively designing a security chip and an encryption chip on a mainboard and a keyboard of a computer so as to realize the secure transmission of the data. Different from the existing online payment service, in the payment system, a user not only needs to input a bank card password, but also needs to perform card swiping operation on a keyboard of a computer to acquire magnetic track information data of the bank card, and the magnetic track information data is encrypted by an encryption chip on the keyboard and is sent to a security chip on a computer mainboard.
According to one aspect of the invention, a data encryption method for online payment is provided. The data encryption method comprises the following steps:
after a user orders a commodity, swiping a card through a keyboard and inputting a transaction password so as to generate a magnetic track information plaintext and a transaction password plaintext;
the encryption chip encrypts the magnetic track information plaintext and the transaction password plaintext and converts the magnetic track information plaintext and the transaction password plaintext into corresponding magnetic track information ciphertext, transaction information ciphertext and MAC data;
the safety chip receives and decrypts the magnetic track information ciphertext, the transaction password ciphertext and the MAC data, and converts the magnetic track information ciphertext, the transaction password plaintext, the transaction data plaintext and the safety chip number;
the safety chip carries out secondary encryption on the magnetic track information plaintext and the transaction password plaintext and organizes a message, and the transaction data plaintext and the safety chip number are added into the message;
the security chip carries out digital signature on the message data and encrypts the digital signature and the transaction data plaintext; and
and the network browser sends all the messages to the payment gateway through the SSL protocol.
The encryption chip is arranged in a keyboard of the computer, and the security chip is arranged on a mainboard of the computer.
The encryption chip is provided with an encryption master key and an MAC master key.
The security chip is provided with an encryption master key, an MAC master key, a terminal master key and a terminal certificate. Further, the terminal certificate includes a terminal public key, a terminal private key, and a payment gateway public key.
The encryption main key of the encryption chip and the key generation algorithm of the encryption main key of the security chip are the same, and the encryption chip and the security chip perform symmetric encryption based on the encryption main key. In addition, the encryption chip of the keyboard uses the encryption master key to negotiate an encryption process key with the security chip of the main board, and encrypts the track information plaintext and the transaction password plaintext using the encryption process key.
The security chip of the mainboard decrypts the track information ciphertext and the transaction password ciphertext from the encryption chip by using the encryption process key.
The step of negotiating the encryption process key between the encryption chip on the keyboard and the security chip on the mainboard comprises the following steps:
the encryption chip presets a key generation algorithm;
the security chip presets a key generation algorithm the same as that of the encryption chip;
the encryption chip randomly generates a random factor, and calculates an encryption process key according to the encryption main key and the random factor;
the encryption chip sends a connection request and a random factor to the security chip;
the security chip calculates an encryption process key according to the encryption main key and the random factor; and
and completing the key agreement based on the symmetric root key.
The secondary encryption refers to that the security chip negotiates a process key with the payment gateway through a terminal master key, and encrypts a track information plaintext and a transaction password plaintext by using the process key and a 3DES algorithm, wherein the 3DES algorithm adopts a 128-bit long key.
The security chip carries out digital signature on message data through a terminal private key, encrypts the digital signature and transaction data plaintext by using a payment gateway public key and negotiates a random factor of a process key, and the algorithm of the digital signature uses an RSA algorithm of a 1024-bit long key.
Wherein, the key synchronization between the security chip and the encryption chip comprises:
setting an encryption master key and an MAC master key;
sending a request for applying a secret key to the security chip through the BIOS;
automatically injecting the applied key into the encryption chip by the BIOS by using a keyboard driver; and
and completing the key synchronization between the security chip and the encryption chip.
According to still another aspect of the present invention, there is provided a key generation method in a data encryption method for online payment, the method including:
setting an encryption main key and an MAC main key to synchronize keys between the security chip and the encryption chip;
sending a request to a payment gateway to apply for downloading a terminal master key;
calling a root key in the payment gateway encryption machine;
generating a terminal master key by the root key in a scattered manner according to the serial number of the security chip; and
and acquiring the terminal public key according to the security chip number.
The encryption chip is arranged in a keyboard of the computer, and the security chip is arranged on a mainboard of the computer.
The encryption chip is provided with an encryption master key and an MAC master key; and, the security chip has an encryption master key, a MAC master key, a terminal master key, and a terminal certificate. More specifically, the terminal certificate includes a terminal public key, a terminal private key, and a payment gateway public key.
After the wallet program on the computer sends a terminal certificate initialization command to the security chip, the security chip generates and stores an RSA key pair. The RSA key pair includes a terminal private key and a terminal public key.
The data encryption and key generation method of the invention can use personal PC as a platform to provide a safe online payment environment for card holders, integrates the convenience of electronic commerce on the Internet and the safety of a financing computer, adopts data encryption transmission from a computer keyboard, a computer mainboard, a payment gateway to a clearing and transfer mechanism, introduces the traditional card-swiping transaction into the payment link of online transaction, realizes 'online ordering and card-swiping payment', and greatly facilitates network users while promoting the online payment safety level. Moreover, when the data encryption and key generation method of the invention is used for transmitting the sensitive data and the transaction data of the bank card on the Internet, the symmetric encryption, the asymmetric encryption and the triple encryption of an SSL channel are adopted, so that one-machine-one-key and one-time-one-key are realized, and the method has extremely high security.
Drawings
The various aspects of the present invention will become more apparent to the reader after reading the detailed description of the invention with reference to the attached drawings. Wherein,
FIG. 1 is a schematic flow chart of the method for realizing online payment based on a financial computer;
FIG. 2 is a schematic diagram of a financial computer for implementing online payment according to the present invention;
FIG. 3 is a schematic diagram illustrating the principle of activating a financial computer prior to using an online payment service in accordance with the present invention;
FIG. 4 is a schematic diagram showing data encryption during a process of receiving a message from a cardholder to a third party payment gateway when a financial computer of the present invention is used for online payment;
FIG. 5 is a schematic diagram showing the storage of various keys used for making payments over a network in accordance with the present invention;
FIG. 6 is a schematic diagram showing the generation of the terminal master key and the terminal public key stored on the motherboard of the financial computer according to the present invention;
FIG. 7 is a schematic diagram illustrating the principle of the present invention in which a security chip on a motherboard and an encryption chip on a keyboard negotiate an encryption process key based on an encryption master key;
FIG. 8 is a schematic block diagram of the present invention for achieving key synchronization between a security chip and an encryption chip;
FIG. 9 is a schematic diagram illustrating a process of initializing a security chip on a motherboard of a financial computer according to the present invention;
FIG. 10 is a flow chart illustrating the registration of the bank card for online payment on the payment gateway according to the present invention;
FIG. 11 is a schematic diagram showing the payment process of the financial computer-based online payment system of the present invention; while
Fig. 12 is a schematic diagram showing the collection process of the financial computer-based online payment system of the invention.
Detailed Description
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
FIG. 1 is a schematic flow chart of the method for realizing online payment based on a financial computer. Here, the financial computer means a home computer having an online payment function. It should be understood by those skilled in the art that fig. 1 not only can represent the structural components of the payment system of the present invention, but also can illustrate the specific flow chart of the payment system for making online payment.
Referring to fig. 1, the payment system includes: a financial computer 10 of a network user, a payment gateway 20, a clearing relay 30, an issuer 40, and a network merchant 50. The network users are users of card issuing and China Unionpay, hold Unionpay cards and are owners of the financial computers, and are responsible for card swiping behaviors on the financial computers; the payment gateway 20 (also called a receipt service mechanism) expands the Internet B2C merchants paying by using a financial computer, and provides receipt services such as fund settlement, error request submission and the like for network merchants; the clearing switching mechanism 30 is a network for operating financial computers to access to the front and exchange, and performs cross-bank payment clearing service; the card issuer 40 is an issuer of a bank card held by a network user; and the network merchant 50 is an entity or institution that provides business services to the cardholder over the internet. It should be noted that the issuer may directly receive the sensitive data and the transaction data from the payment gateway without transferring through the clearing relay mechanism, and return the response information to the payment gateway. More specifically, the financial computer 10 includes at least a motherboard 104 and a keyboard 102.
When the payment system is used for online payment, the method mainly comprises the following steps:
step S1, the network user as the card holder accesses the online network merchant 50 through the financing computer 10, orders the goods and selects the financing computer payment mode to pay;
step S2, receiving a payment mode of a financial computer, and redirecting the webpage to a payment page unified with China Unionpay;
step S3, the financial computer 10 of the network user detects the waiting payment information from the payment gateway 20, the special indicator light on the keyboard of the financial computer 10 is lighted to prompt the user to swipe the card and input the password;
step S4, the card holder swipes the card through the keyboard integrated with the card reader, and after inputting the trade password, the magnetic track information and the trade password are sent to the security chip on the mainboard of the financial computer 10 in an encrypted mode;
step S5, the security chip receives the magnetic track information and the transaction password from the keyboard, and sends the encrypted data together with the transaction data to the payment gateway 20;
step S6, the payment gateway 20 determines whether the received information is legal, and if so, sends the transaction information to the clearing relay 30; if the rule is not matched, ending and returning;
step S7, the clearing transfer mechanism 30 forwards the transaction information to the card issuer 40;
step S8, the issuer 40 returns a response to the clearing relay agency 30;
step S9, the clearing transfer mechanism 30 forwards the return response of the issuer to the payment gateway 20;
step S10, the payment gateway 20 notifies the online network merchant 50 of the transaction result;
step S11, the online network merchant 50 matches the transaction result with the order, and returns a transaction result notification response;
step S12, the payment gateway 20 returns a payment result page to the financial computer 10, and the user returns an online network merchant website through a link in the payment result page to inquire and confirm the payment result; and
at step S13, the online network merchant 50 sends the corresponding merchandise to the cardholder.
In the above steps, the payment gateway is a payment gateway of the chinese union pay, and is mainly used for expanding internet B2C merchants based on a financial computer payment method, and providing payment services such as fund settlement and error request submission for the merchants.
In the above steps, the cardholder makes payment by swiping a card on a financial computer. However, the cardholder and cardholder may be the same person or different persons.
Fig. 2 is a schematic diagram showing the structure of a financial computer for realizing online payment according to the invention. Referring to fig. 2, the financial computer 10 at least includes a motherboard 104 and a keyboard 102, wherein the motherboard 104 has a security chip 1041, and the keyboard 102 has an encryption chip 1021, a card reader, a payment indicator light, and the like. As shown in fig. 1, when the payment system of the present invention performs online secure payment, first, the web page is redirected to a payment page unified with the union pay, when a dedicated indicator of a keyboard is turned on, a card reader is used by a card holder to swipe a card and input a transaction password, at this time, an encryption chip 1021 transmits magnetic track information and the transaction password input by the card holder to a security chip 1041 on a motherboard in an encrypted manner, and the security chip 1041 decrypts the encrypted information and organizes a transaction message, and encrypts sensitive transaction data in the transaction message again through the security chip and then transmits the encrypted transaction data to a background. As for the key mechanism and negotiation between the secure chip 1041 and the encryption chip 1021, it will be described in detail in the subsequent figures.
Preferably, the keypad for entering the transaction code employs a code keypad, or at least a PIN entry device that achieves the security level of the code keypad. The keyboard is provided with a special switching key, the card reader receives magnetic track information of the bank card only when the online payment mode based on the financial computer is switched, and meanwhile, an encryption chip arranged in the keyboard encrypts a transaction password input by a user.
When a network user submits a payment request at a payment gateway, the computer receives information waiting for payment, and the special indicator light of the keyboard is turned on to prompt the user to carry out card swiping operation. Further, when the payment setting is overtime, and the card holder does not pay by swiping the card for a certain time, the special indicator lamp of the keyboard is turned off, and the card holder needs to submit the payment request on the unified payment page of the payment gateway again. This prevents counterfeiting of the card keypad, which cannot respond in real time to the information to be paid.
Fig. 3 shows a schematic diagram of the principle of activating a financial computer before using the online payment service according to the present invention. Referring to fig. 3, the home computer having a security chip on its main board and an encryption chip on its keyboard according to the present invention must be activated before using a financial function. The specific activation process comprises the following steps:
firstly, a network user enters a corresponding menu item in Basic Input Output System (BIOS) setting and selects to activate a financial function of a computer;
then, BIOS sends command to the keyboard to inquire the keyboard state and confirm that the keyboard is equipped with the encryption chip; sending an instruction to the mainboard to inquire the state of the mainboard and confirm that the safety chip is arranged on the mainboard; at the moment, the keyboard and the mainboard receive corresponding query instructions and return state information;
step S3, BIOS sends the initialization activating command and receives the response information of the mainboard; the mainboard returns unique response information;
step S4, analyzing the response information and sending the new transmission key to the keyboard, and receiving the response information of the keyboard; writing a new key into the keyboard, and locking a communication mechanism between an encryption chip of the keyboard and a security chip of the mainboard;
step S5, BIOS sends the command of activating keyboard to activate the function of managing money; the mainboard sets up new transmission key, records the keyboard serial number and starts the financial function.
Fig. 4 is a schematic diagram showing data encryption in a process of receiving a message from a cardholder to a third party payment gateway when a financial computer of the present invention is used for online payment. Referring to fig. 4, the transmission flow of the encrypted data mainly involves an encryption chip of a keyboard, a security chip of a motherboard, and a third party payment gateway. Moreover, data encryption mainly exists from a card holder swiping a card to a security chip of a mainboard by using a keyboard integrated with a card reader, and from the security chip of the mainboard to a third party payment gateway. Hereinafter, the detailed description will be made using nodes (1), (2), (3), (4), and (5) in the flow, respectively.
It should be noted that the track information ciphertext, the transaction password ciphertext, the transaction data ciphertext and the digital signature in fig. 4 all represent encrypted data, and the track information plaintext, the transaction password plaintext, the transaction data plaintext and the security chip number all represent unencrypted data or data obtained by decrypting encrypted data.
The node (1), the network user swipes the card and inputs the trade password through the keyboard, in order to produce the magnetic track information plaintext corresponding to magnetic track information and trade password plaintext corresponding to trade password, the encryption chip of the keyboard utilizes encryption process key and MAC process key to change magnetic track information plaintext and trade password plaintext into magnetic track information cipher text, trade information cipher text and MAC data;
the node (2), after the security chip of the mainboard receives magnetic track information cipher text, trade information cipher text and MAC data from the encryption chip, use MAC process key to verify data not to change at first, use the encryption process key to decipher magnetic track information cipher text and trade cipher text, and convert to magnetic track information plaintext, trade cipher plaintext, trade data plaintext and security chip number, here, the communication between encryption chip and security chip of the mainboard of the keyboard adopts the mechanism of symmetric encryption, the encryption chip of the keyboard uses the encryption main key and security chip negotiation encryption process key of the mainboard, and utilize the encryption process key to decipher magnetic track information cipher text and trade cipher text; the encryption chip of the keyboard uses the MAC master key to negotiate an MAC process key, and then calculates a message verification code of the ciphertext by using the MAC process key so as to ensure that the data is not changed;
the system comprises a node (3), a safety chip of a mainboard negotiates a process key with a third-party payment gateway through a terminal main key, and generates a magnetic track information ciphertext and a transaction password ciphertext by using the process key and a 3DES algorithm, wherein the 3DES algorithm adopts a 128-bit long key, and adds transaction data plaintext such as order information and the like and a safety chip number in a message;
and the node (4) and the security chip of the mainboard perform digital signature on the message data through a terminal private key, and then encrypt the digital signature and the transaction data plaintext in the node (3) and the random factor of the negotiation process key by using a payment gateway public key in the terminal certificate. The asymmetric encryption and digital signature algorithm uses an RSA algorithm of a 1024-bit long key; and
and after receiving the message, the third party payment gateway firstly disperses a public key corresponding to the terminal through the number of the security chip, decrypts the transaction data ciphertext, the random factor and the digital signature by using a self private key, checks the digital signature by using the terminal public key, calculates a process key by using the random factor and a terminal main key, and finally decrypts by using the process key to obtain a magnetic track information plaintext and a transaction password plaintext. After obtaining all data cleartext, the third party payment gateway encrypts the transaction password by using the working key negotiated with the clearing transfer mechanism, and forwards the transaction password, the magnetic track information and the transaction data to the clearing transfer mechanism through the financial network.
Compared with the online payment method in the prior art, the payment system disclosed by the invention has the following characteristics that:
the encryption chip of the keyboard encrypts magnetic track information generated by card swiping of a user and an input transaction password to transmit the magnetic track information and the input transaction password to the security chip of the mainboard;
when data is transmitted on the Internet, the symmetric encryption, the asymmetric encryption and the triple encryption of an SSL channel are adopted to realize one-machine-one-key and one-time-one-key; here, a secret key means that each financial management computer has a unique secret key; the one-time pad means that different encryption keys are adopted on each transmission node;
the magnetic track information and the transaction password are encrypted and transmitted on any node of the network;
the password keyboard ensures that sensitive data is not changed before reaching a security chip of the mainboard through the MAC; the integrity of the transaction transmitted on the Internet is ensured through a terminal certificate signature and an HTTP (hyper text transport protocol); and the non-repudiation of the transaction is ensured through the terminal certificate signature, and the original message (including the signature) of the financial transaction is stored so as to ensure the evidence to be checked when disputes occur.
Fig. 5 shows a schematic storage diagram of various keys used for making online payments according to the present invention. As shown in fig. 5, the cryptographic chip 1021 of the keyboard has a cryptographic master key and a MAC master key, and the secure chip 1041 of the motherboard has a cryptographic master key, a MAC master key, a terminal master key, and a terminal certificate. The terminal certificate comprises a self public key, a private key and a third party payment gateway public key and is used for carrying out asymmetric encryption with the third party payment gateway; the encryption main key is used for carrying out symmetric encryption between the security chip and the encryption chip and negotiating an encryption process key; and the MAC master key is used to negotiate a MAC procedure key. In addition, the terminal master key is used for symmetrically encrypting the security chip of the mainboard and the third-party payment gateway.
Fig. 6 is a schematic diagram showing the generation of the terminal master key and the terminal public key stored on the main board of the financial computer according to the present invention. As described above, the terminal master key is used for symmetric encryption between the secure chip of the main board and the third party payment gateway, and in more detail, the secure chip on the main board negotiates a process key with the third party payment gateway through the terminal master key, and encrypts a transaction password plaintext and a track information plaintext by using the process key and a 3DES algorithm. Referring to fig. 6, generating the terminal master key and the terminal public key includes:
and 606, acquiring the terminal public key according to the security chip number.
Wherein the acquired terminal convention is used for checking the digital signature.
Wherein, the encryption machine of third party payment gateway mainly is used for encryption and decryption operation, includes: decrypting the transaction data ciphertext, the random factor and the digital signature by using a private key of the payment gateway; based on the process key obtained by calculating the random factor and the terminal master key, decrypting to obtain a magnetic track information plaintext and a transaction password plaintext; the transaction password is encrypted using a work key negotiated with the clearing relay authority.
Fig. 7 is a schematic diagram illustrating the principle of the secure chip on the motherboard and the cryptographic chip on the keyboard negotiating the cryptographic process key based on the cryptographic master key according to the present invention. As described above, a symmetric encryption communication mechanism is adopted between the encryption chip of the keyboard and the security chip of the motherboard, specifically, the encryption chip of the keyboard uses the encryption main key to negotiate an encryption process key with the security chip of the motherboard, and encrypts a magnetic track information plaintext and a transaction password plaintext by using the encryption process key; on the other hand, after receiving the track information ciphertext and the transaction password ciphertext, the security chip decrypts the track information ciphertext and the transaction password ciphertext by using the same encryption process key. The negotiating the encryption process key includes:
Those skilled in the art will understand that the encryption chip of the keyboard may negotiate the MAC process key using the MAC master key in a similar manner to the above-described procedure, and likewise, the security chip of the motherboard may negotiate the process key with the third party payment gateway using the terminal master key; and the third party payment gateway may negotiate a work key with the clearing relay authority.
Fig. 8 shows a schematic block diagram of the key synchronization between the security chip and the encryption chip in the present invention. Referring to fig. 8, the encryption chip of the keyboard and the security chip of the motherboard perform data transmission using the encryption master key and the MAC master key, and the encryption master key and the MAC master key are only used to ensure the integrity of data information transmitted from the keyboard to the security chip, regardless of the third party payment gateway. The key synchronization between the security chip and the encryption chip comprises the following steps:
FIG. 9 is a flow chart illustrating the initialization of the security chip on the motherboard of the financial computer according to the present invention. When a network user uses a bank card to carry out online payment on a financial computer, the bank card is registered on a third-party payment gateway and then can be used, namely, the third-party payment gateway can identify the bank card of a card holder. For this purpose, a program for managing and registering bank cards is specially arranged on the financial computer, and the program is mainly used for safely transmitting the bank card information of the user to a third party payment gateway for registration. Only the bank card registered at the payment gateway can handle the online payment service, and the procedure for registering the bank card is similar to the function of a wallet, and is not called a wallet procedure. The wallet program may be a separate application program or a program running on a web page for initializing a security chip on the motherboard, managing registered bank cards and setting default payment cards.
From the perspective of secure payment, the bank card information of the user is encrypted by the secure chip and then transmitted over the internet every time when the user transacts. The initialization process comprises the following steps:
the wallet program inquires about the validity of the certificate;
the security chip returns the certificate status to the wallet program, if the certificate is valid, the initialization process is ended, and if the certificate is invalid, a certificate initialization command is sent to the security chip;
after receiving the initialization command, the security chip generates an RSA key pair, stores a private key of the security chip and returns a public key of the security chip to the wallet program;
the wallet program receives the public key of the security chip, acquires personal information and then sends the personal information to the payment gateway for digital signature;
sending the information to be signed to CA for signature, and returning the digital certificate to the wallet program; and
the wallet program receives the certificate and sends a command STORE CERT to save to the secure chip.
The digital certificate stored on the security chip can be used for encryption or signature during transaction, and if the certificate is invalid or does not exist, the online payment cannot be completed.
As illustrated in fig. 9, the cardholder's bank card may only be used after registering with the third party payment gateway. Thus, fig. 10 shows a flow chart of the invention for registering the bank card for online payment on the payment gateway. The registration process comprises the following steps:
the user opens the wallet program and selects the function of registering the bank card;
the financial computer prompts the user to swipe the card and input the PIN;
the user conducts card swiping operation and inputs PIN;
the financial computer encrypts the magnetic track information of the card and the transaction password and sends the encrypted magnetic track information and the encrypted transaction password to the third party payment gateway;
the third party payment gateway decrypts the received magnetic track information and the transaction password of the bank card, sends the magnetic track information and the transaction password to a corresponding card issuing bank for verification, and returns response information to the financial management computer according to the verification result of the card issuing bank; and
the financial computer receives the response information and prompts the success or failure of the registration of the bank card.
The main steps of registering a bank card for online payment on a payment gateway are briefly described above. Here, in order to describe the registration process in more detail, we do not divide it into four nodes, specifically: the wallet program prompts a user to swipe a card and input PIN, the security chip on the mainboard processes the magnetic track information ciphertext and the transaction password ciphertext from the encryption chip, and the wallet program sends data to the third party payment gateway and the third party payment gateway binds a bank card. The following detailed operation steps for the four nodes are described as follows:
(1) wallet program prompting user to swipe card and input PIN
a. A wallet program of the financial computer sends a card swiping signal to the keyboard, and a special indicator lamp of the keyboard is turned on to prompt a user to perform card swiping operation;
b. the user swipes the card, and the keyboard encrypts the magnetic track information of the bank card and waits for reading;
c. the wallet program reads the magnetic track information ciphertext and sends the magnetic track information ciphertext to the security chip;
d. the wallet program prompts the user to enter a PIN; and
e. and the user inputs the PIN, and the keyboard encrypts the transaction password and waits to read the transaction password.
(2) The safety chip on the mainboard processes the magnetic track information cryptograph and the transaction password cryptograph from the encryption chip
a. The safety chip replaces the cipher text and the signature only after receiving the magnetic track information cipher text and the transaction cipher text;
b. after receiving the magnetic track information ciphertext, the safety chip decrypts the magnetic track information ciphertext, checks whether the format is correct, and sets a flag bit to indicate that the magnetic track information is ready if the format is successful;
c. after receiving the transaction password ciphertext, the security chip decrypts the transaction password ciphertext, checks whether the format is correct, and sets a flag bit to indicate that the transaction password is ready if the format is successful;
d. after setting the flag bit each time, checking whether the magnetic track information and the transaction password are both possessed, if so, carrying out the next step, otherwise, waiting for setting the flag bit;
e. the security chip generates a random symmetric key SK with 16 bits length, and the transaction password and the magnetic track information are encrypted by using the SK;
f. information obtained by encrypting the SK by using the public key of the third-party payment gateway is called an envelope, and a transaction password ciphertext and a magnetic track information ciphertext are signed by using a private key of a security chip according to a certain format to obtain signature information;
g. returning a transaction password ciphertext and a magnetic track information ciphertext; and
h. returning envelope and signature information.
(3) Wallet program sending data to third party payment gateway
a. Prompting to input information such as bank card names, e-mails and the like; and
b. and the personalized information, the envelope, the signature information, the magnetic track information ciphertext and the transaction password ciphertext are combined into a message and sent to the third-party payment gateway.
(4) Third party payment gateway binding bank card
a. After receiving the message, the third party payment gateway uses a private key to open an envelope to obtain SK;
b. decrypting the PIN by using the SK magnetic track information ciphertext, and re-encrypting the magnetic track information by using a terminal secret key of a bank;
c. the magnetic track information and the transaction password are sent to an issuer for verification; and
d. returning a response message to the wallet program
If the verification is successful, the bank card number and the hardware serial number of the financial computer are bound to form a corresponding relation and stored in the security chip; if the verification fails, response information is returned to prompt that the user is not successful in registration.
Fig. 11 shows a payment flow diagram of the financial computer-based online payment system of the invention. The payment process comprises the following steps:
the network user browses the website, chooses and purchases the commodity and appoints to use a financing computer payment mode;
selecting and determining a bank card for payment by a user;
activating a wallet program by the financial computer, prompting a user to swipe a card and input a PIN;
a user executes card swiping operation on a keyboard and inputs a PIN;
the financial computer receives the encrypted magnetic track information and the encrypted PIN;
checking whether the current bank card is in an authentication card list of the security chip, if not, prompting that the user cannot pay, and if so, acquiring order information and bank card information and then organizing a message to send to a payment gateway;
the payment gateway receives the message, checks the binding relationship, forwards the message to the clearing transfer mechanism after confirming that the transaction can be carried out, and obtains the response information of the clearing transfer mechanism;
the payment gateway sends a payment success message to the merchant and obtains an order query URL;
the merchant receives the payment success message, matches the order and prepares for delivery;
the payment gateway returns response information to the financial computer, and the financial computer receives the response information and prompts the end of the transaction; and
the user selects to continue shopping or to exit.
The wallet program is activated to carry out online payment, and the online payment can be divided into two types, wherein one type is that when payment is selected on a shopping website, the payment is automatically skipped to a uniform payment page of a payment gateway, and the wallet program is called by the payment page through a wallet interface; and the other is that when the payment page is clicked, the target page is automatically guided to a shopping information file with a certain format automatically generated by a merchant website, and the file type and the wallet program form association in a financial computer.
Fig. 12 is a schematic diagram showing the collection process of the financial computer-based online payment system of the invention. Similar to the payment process shown in fig. 11, the collection process includes:
the network user selects and purchases commodities and appoints to use a financial computer payment mode;
the merchant starts a financing computer to collect and transfer money, and requires a user to swipe a card and input a PIN;
activating a money collection program by the financing computer;
the user swipes the card and inputs PIN;
the financial computer receives the encrypted magnetic track information and the encrypted PIN, organizes the message and sends the message to the payment gateway;
the payment gateway receives the message, checks the binding relationship, forwards the message to the clearing transfer mechanism after confirming that the transaction can be carried out, and obtains the response information of the clearing transfer mechanism;
the payment gateway sends a payment success message to the merchant and obtains an order query URL;
the merchant receives the account transfer notice and confirms that the money receiving is successful;
the payment gateway returns the response information to the financial computer, and the financial computer receives the response information and prompts the end of the transaction; and
the merchant delivers the goods to the user.
Hereinbefore, specific embodiments of the present invention are described with reference to the drawings. However, those skilled in the art will appreciate that various modifications and substitutions can be made to the specific embodiments of the present invention without departing from the spirit and scope of the invention. Such modifications and substitutions are intended to be included within the scope of the present invention as defined by the appended claims.
Claims (15)
1. A data encryption method for online payment, comprising the steps of:
after a user orders a commodity, swiping a card through a keyboard and inputting a transaction password so as to generate a magnetic track information plaintext and a transaction password plaintext;
the encryption chip encrypts the magnetic track information plaintext and the transaction password plaintext and converts the magnetic track information plaintext and the transaction password plaintext into corresponding magnetic track information ciphertext, transaction information ciphertext and MAC data;
the safety chip receives and decrypts the magnetic track information ciphertext, the transaction password ciphertext and the MAC data, and converts the magnetic track information ciphertext, the transaction password plaintext, the transaction data plaintext and the safety chip number;
the safety chip carries out secondary encryption on the magnetic track information plaintext and the transaction password plaintext and organizes a message, and the transaction data plaintext and the safety chip number are added into the message;
the security chip carries out digital signature on the message data and encrypts the digital signature and the transaction data plaintext; and
and the network browser sends all the messages to the payment gateway through the SSL protocol.
2. The method of claim 1, wherein the cryptographic chip is disposed within a keyboard of a computer and the security chip is disposed on a motherboard of the computer.
3. The method of claim 1, wherein the cryptographic chip has a cryptographic master key and a MAC master key.
4. The method of claim 1, wherein the secure chip has an encryption master key, a MAC master key, a terminal master key, and a terminal certificate.
5. The method of claim 3 or 4, wherein the cryptographic master key of the cryptographic chip and the key generation algorithm of the cryptographic master key of the secure chip are the same, and the cryptographic chip and the secure chip perform symmetric encryption based on the cryptographic master key.
6. The method of claim 5, wherein the cryptographic chip of the keyboard negotiates a cryptographic process key with the secure chip of the motherboard using the cryptographic master key and encrypts track information plaintext and transaction password plaintext using the cryptographic process key.
7. The method of claim 6, wherein the step of negotiating an encryption process key comprises:
the encryption chip presets a key generation algorithm;
the security chip presets a key generation algorithm the same as that of the encryption chip;
the encryption chip randomly generates a random factor, and calculates an encryption process key according to the encryption main key and the random factor;
the encryption chip sends a connection request and a random factor to the security chip;
the security chip calculates an encryption process key according to the encryption main key and the random factor; and
and completing the key agreement based on the symmetric root key.
8. The method of claim 1, wherein the secondary encryption is that the security chip negotiates a process key with the payment gateway through a terminal master key and encrypts track information plaintext and transaction password plaintext using the process key and a 3DES algorithm.
9. The method of claim 1, wherein the security chip digitally signs the message data with a terminal private key, and encrypts the digital signature and the transaction data plaintext with a payment gateway public key and negotiates a random factor for a process key.
10. The method of claim 1, wherein the performing key synchronization between the secure chip and the cryptographic chip comprises:
setting an encryption master key and an MAC master key;
sending a request for applying a secret key to the security chip through the BIOS;
automatically injecting the applied key into the encryption chip by the BIOS by using a keyboard driver; and
and completing the key synchronization between the security chip and the encryption chip.
11. A key generation method in the data encryption method according to claim 1, characterized by comprising:
setting an encryption main key and an MAC main key to synchronize keys between the security chip and the encryption chip;
sending a request to a payment gateway to apply for downloading a terminal master key;
calling a root key in the payment gateway encryption machine;
generating a terminal master key by the root key in a scattered manner according to the serial number of the security chip; and
and acquiring the terminal public key according to the security chip number.
12. The method of claim 11, wherein the cryptographic chip is disposed within a keyboard of a computer and the security chip is disposed on a motherboard of the computer.
13. The method of claim 11, wherein the cryptographic chip has a cryptographic master key and a MAC master key.
14. The method of claim 11, wherein the secure chip has an encryption master key, a MAC master key, a terminal master key, and a terminal certificate.
15. The method of claim 11, wherein the secure chip generates and stores an RSA key pair after the wallet program on the computer sends a terminal certificate initialization command to the secure chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810200736A CN101686225A (en) | 2008-09-28 | 2008-09-28 | Methods of data encryption and key generation for on-line payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810200736A CN101686225A (en) | 2008-09-28 | 2008-09-28 | Methods of data encryption and key generation for on-line payment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101686225A true CN101686225A (en) | 2010-03-31 |
Family
ID=42049198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810200736A Pending CN101686225A (en) | 2008-09-28 | 2008-09-28 | Methods of data encryption and key generation for on-line payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101686225A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883096A (en) * | 2010-06-07 | 2010-11-10 | 北京天地融科技有限公司 | Method, device and system for safely transferring data between electronic signature tools |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102404121A (en) * | 2011-11-30 | 2012-04-04 | 华为技术有限公司 | Ciphertext processing method, device and system |
| CN102568097A (en) * | 2010-12-08 | 2012-07-11 | 邵通 | Method and system for improving safety of electronic wallets |
| CN103117856A (en) * | 2012-01-16 | 2013-05-22 | 深圳市家富通汇科技有限公司 | Method and apparatus for provisioning applications in mobile devices |
| CN103345799A (en) * | 2013-06-08 | 2013-10-09 | 钱袋网(北京)信息技术有限公司 | Card swiping device and method for encrypting information of bank card in card swiping device |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
| CN103714639A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Method and system enabling safe operation of POS terminal to be achieved |
| CN104376493A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Safe processing system and method based on encryption equipment |
| CN105095701A (en) * | 2014-05-06 | 2015-11-25 | 黄熙镜 | User authentication method and device and terminal equipment |
| CN105306201A (en) * | 2014-06-13 | 2016-02-03 | 广州涌智信息科技有限公司 | Encrypted data transmission method |
| CN105684346A (en) * | 2013-09-27 | 2016-06-15 | 金雅拓股份有限公司 | Method for securing over-the-air communication between a mobile application and a gateway |
| CN105868653A (en) * | 2016-03-29 | 2016-08-17 | 山东华芯富创电子科技有限公司 | Password input method and device |
| CN105894662A (en) * | 2016-03-29 | 2016-08-24 | 山东华芯富创电子科技有限公司 | Password input device and system using same |
| CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
| CN106302482A (en) * | 2016-08-22 | 2017-01-04 | 浙江省数字安全证书管理有限公司 | A kind of browser-cross uses hardware encryption medium data safe transmission system and method |
| CN106506149A (en) * | 2016-11-07 | 2017-03-15 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminals and TSP platforms |
| CN106537432A (en) * | 2014-07-17 | 2017-03-22 | 卓格莱特有限责任公司 | Method and device for securing access to wallets in which cryptocurrencies are stored |
| CN106529941A (en) * | 2016-11-24 | 2017-03-22 | 深圳市久通物联科技股份有限公司 | PBOC micro payment security promotion method |
| CN106559412A (en) * | 2016-10-11 | 2017-04-05 | 北京元心科技有限公司 | Strengthen the method and system of authentication safety |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| CN106228713B (en) * | 2016-07-26 | 2018-08-10 | 中国银联股份有限公司 | Data processing system and method for multiple POS terminals |
| CN108460597A (en) * | 2018-03-23 | 2018-08-28 | 银联商务股份有限公司 | A kind of key management system and method |
| CN108596593A (en) * | 2018-04-20 | 2018-09-28 | 珠海横琴盛达兆业科技投资有限公司 | A method of the pharmacy's shortcut key cash register realized based on B/S framework |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN112464188A (en) * | 2020-12-14 | 2021-03-09 | 艾体威尔电子技术(北京)有限公司 | Method for binding payment terminal and peripheral password keyboard |
| US11531984B2 (en) | 2016-06-28 | 2022-12-20 | Advanced New Technologies Co., Ltd. | Method and device facilitating expansion of primary payment instruments |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1527208A (en) * | 2003-09-25 | 2004-09-08 | 联想(北京)有限公司 | Method and device for realizing computer safety and enciphering based on identity confirmation |
| CN1588954A (en) * | 2004-07-27 | 2005-03-02 | 中国工商银行 | Intelligent terminal, system including said intelligent terminal and data exchanging method |
| CN1598794A (en) * | 2003-09-19 | 2005-03-23 | 联想(北京)有限公司 | Computer terminal safety system based on safety chip |
| CN101192295A (en) * | 2006-11-30 | 2008-06-04 | 讯想科技股份有限公司 | Chip credit card network transaction system and method |
-
2008
- 2008-09-28 CN CN200810200736A patent/CN101686225A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1598794A (en) * | 2003-09-19 | 2005-03-23 | 联想(北京)有限公司 | Computer terminal safety system based on safety chip |
| CN1527208A (en) * | 2003-09-25 | 2004-09-08 | 联想(北京)有限公司 | Method and device for realizing computer safety and enciphering based on identity confirmation |
| CN1588954A (en) * | 2004-07-27 | 2005-03-02 | 中国工商银行 | Intelligent terminal, system including said intelligent terminal and data exchanging method |
| CN101192295A (en) * | 2006-11-30 | 2008-06-04 | 讯想科技股份有限公司 | Chip credit card network transaction system and method |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883096A (en) * | 2010-06-07 | 2010-11-10 | 北京天地融科技有限公司 | Method, device and system for safely transferring data between electronic signature tools |
| CN101883096B (en) * | 2010-06-07 | 2014-07-02 | 天地融科技股份有限公司 | Method, device and system for safely transferring data between electronic signature tools |
| CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
| CN102568097A (en) * | 2010-12-08 | 2012-07-11 | 邵通 | Method and system for improving safety of electronic wallets |
| CN102404121B (en) * | 2011-11-30 | 2014-03-12 | 华为技术有限公司 | Method, device and system for processing cipher text |
| CN102404121A (en) * | 2011-11-30 | 2012-04-04 | 华为技术有限公司 | Ciphertext processing method, device and system |
| CN103117856B (en) * | 2012-01-16 | 2015-07-01 | 深圳市可秉资产管理合伙企业(有限合伙) | Method and apparatus for provisioning applications in mobile devices |
| CN103117856A (en) * | 2012-01-16 | 2013-05-22 | 深圳市家富通汇科技有限公司 | Method and apparatus for provisioning applications in mobile devices |
| CN103684759A (en) * | 2012-09-11 | 2014-03-26 | 中国银联股份有限公司 | Terminal data encrypting method and device |
| CN103714639B (en) * | 2013-03-15 | 2016-05-04 | 福建联迪商用设备有限公司 | A kind of method and system that realize the operation of POS terminal security |
| CN103714639A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Method and system enabling safe operation of POS terminal to be achieved |
| CN103716320A (en) * | 2013-03-15 | 2014-04-09 | 福建联迪商用设备有限公司 | Security downloading method and system of TMK |
| CN103716320B (en) * | 2013-03-15 | 2017-08-01 | 福建联迪商用设备有限公司 | A kind of terminal master key TMK safety downloading method and systems |
| CN103345799A (en) * | 2013-06-08 | 2013-10-09 | 钱袋网(北京)信息技术有限公司 | Card swiping device and method for encrypting information of bank card in card swiping device |
| CN103345799B (en) * | 2013-06-08 | 2015-08-05 | 北京钱袋宝支付技术有限公司 | Bank card information encryption method and swiping card equipment in swiping card equipment |
| CN105684346A (en) * | 2013-09-27 | 2016-06-15 | 金雅拓股份有限公司 | Method for securing over-the-air communication between a mobile application and a gateway |
| CN105684346B (en) * | 2013-09-27 | 2019-11-19 | 金雅拓股份有限公司 | Ensure the method for air communication safety between mobile application and gateway |
| CN105095701A (en) * | 2014-05-06 | 2015-11-25 | 黄熙镜 | User authentication method and device and terminal equipment |
| CN105306201A (en) * | 2014-06-13 | 2016-02-03 | 广州涌智信息科技有限公司 | Encrypted data transmission method |
| CN105306201B (en) * | 2014-06-13 | 2018-09-28 | 广州涌智信息科技有限公司 | A method of transmission is encrypted to data |
| CN106537432A (en) * | 2014-07-17 | 2017-03-22 | 卓格莱特有限责任公司 | Method and device for securing access to wallets in which cryptocurrencies are stored |
| CN104376493A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Safe processing system and method based on encryption equipment |
| CN105894662A (en) * | 2016-03-29 | 2016-08-24 | 山东华芯富创电子科技有限公司 | Password input device and system using same |
| CN105868653A (en) * | 2016-03-29 | 2016-08-17 | 山东华芯富创电子科技有限公司 | Password input method and device |
| CN106059771A (en) * | 2016-05-06 | 2016-10-26 | 上海动联信息技术股份有限公司 | Intelligent POS machine secret key management system and method |
| US11531984B2 (en) | 2016-06-28 | 2022-12-20 | Advanced New Technologies Co., Ltd. | Method and device facilitating expansion of primary payment instruments |
| CN106228713B (en) * | 2016-07-26 | 2018-08-10 | 中国银联股份有限公司 | Data processing system and method for multiple POS terminals |
| TWI668646B (en) * | 2016-07-26 | 2019-08-11 | 中國銀聯股份有限公司 | Data processing system and method for multiple POS terminals |
| CN106302482A (en) * | 2016-08-22 | 2017-01-04 | 浙江省数字安全证书管理有限公司 | A kind of browser-cross uses hardware encryption medium data safe transmission system and method |
| CN106559412A (en) * | 2016-10-11 | 2017-04-05 | 北京元心科技有限公司 | Strengthen the method and system of authentication safety |
| CN106506149A (en) * | 2016-11-07 | 2017-03-15 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminals and TSP platforms |
| CN106506149B (en) * | 2016-11-07 | 2019-10-22 | 福建星海通信科技有限公司 | Key generation method and system between a kind of TBOX terminal and TSP platform |
| CN106572106A (en) * | 2016-11-07 | 2017-04-19 | 福建星海通信科技有限公司 | Method of transmitting message between TBOX terminal and TSP platform |
| CN106529941A (en) * | 2016-11-24 | 2017-03-22 | 深圳市久通物联科技股份有限公司 | PBOC micro payment security promotion method |
| CN108460597A (en) * | 2018-03-23 | 2018-08-28 | 银联商务股份有限公司 | A kind of key management system and method |
| CN108460597B (en) * | 2018-03-23 | 2022-03-15 | 银联商务股份有限公司 | Key management system and method |
| CN108596593A (en) * | 2018-04-20 | 2018-09-28 | 珠海横琴盛达兆业科技投资有限公司 | A method of the pharmacy's shortcut key cash register realized based on B/S framework |
| CN111600829A (en) * | 2019-02-21 | 2020-08-28 | 杭州萤石软件有限公司 | Secure communication method and system for Internet of things equipment |
| CN112464188A (en) * | 2020-12-14 | 2021-03-09 | 艾体威尔电子技术(北京)有限公司 | Method for binding payment terminal and peripheral password keyboard |
| CN112464188B (en) * | 2020-12-14 | 2023-10-31 | 艾体威尔电子技术(北京)有限公司 | Binding method of payment terminal and peripheral password keyboard |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101686225A (en) | Methods of data encryption and key generation for on-line payment | |
| US20230004947A1 (en) | Device enrollment system and method | |
| CN101685512A (en) | Computer, payment system and method thereof for realizing on-line payment | |
| JP4955894B2 (en) | Method and system for executing secure electronic commerce by looping back authorization request data | |
| JP5667228B2 (en) | Transaction conversion system | |
| US20020152180A1 (en) | System and method for performing secure remote real-time financial transactions over a public communications infrastructure with strong authentication | |
| CN108476227A (en) | System and method for equipment push supply | |
| US20050097060A1 (en) | Method for electronic commerce using security token and apparatus thereof | |
| KR100411448B1 (en) | public-key infrastructure based digital certificate methods of issuing and system thereof | |
| US20030154376A1 (en) | Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using | |
| AU2001283489A1 (en) | Method and system for conducting secure electronic commerce transactions with authorization request data loop-back | |
| WO2001080190A1 (en) | A method and system for a virtual safe | |
| KR20060034228A (en) | Customer authentication in e-commerce transactions | |
| AU2001248198A1 (en) | A method and system for a virtual safe | |
| KR20060070484A (en) | Systems and methods for conducting secure payment transactions using a formatted data structure | |
| WO2002039342A1 (en) | Private electronic value bank system | |
| JP2011192297A (en) | Electronic settlement method, information processing device, and information processing system | |
| WO2001020509A1 (en) | Electronic wallet | |
| JP2004527861A (en) | Method for conducting secure cashless payment transactions and cashless payment system | |
| JPH10171887A (en) | On-line shopping system | |
| JP2002279195A (en) | Consumer system and password input terminal device | |
| KR20000036484A (en) | Cd card for the internet home shopping | |
| KR20000072682A (en) | System and method for issuing and paymenting virtual card based on certification | |
| KR20020021413A (en) | A method and system for the provision of electronic commerce and shopping via cable television systems and associated entertainment terminals | |
| KR20020061719A (en) | Security settlement system of electronic commerce |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100331 |