CN105590206B - Method for verifying terminal authenticity in electronic cash transaction - Google Patents
Method for verifying terminal authenticity in electronic cash transaction Download PDFInfo
- Publication number
- CN105590206B CN105590206B CN201410688974.3A CN201410688974A CN105590206B CN 105590206 B CN105590206 B CN 105590206B CN 201410688974 A CN201410688974 A CN 201410688974A CN 105590206 B CN105590206 B CN 105590206B
- Authority
- CN
- China
- Prior art keywords
- terminal
- information
- transaction
- electronic cash
- payment card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a method for verifying the authenticity of a terminal in an electronic cash transaction, which comprises the following steps: the terminal initiates an electronic cash transaction with the payment card, and sends terminal authenticity information to the payment card; the payment card receives and records terminal authenticity information and transaction information of electronic cash transaction; the payment card sends transaction information and terminal authenticity information to a card issuing institution; the card issuing mechanism forwards the terminal authenticity information to the acquiring mechanism, and the acquiring mechanism verifies the terminal authenticity information. The method and the system effectively prevent electronic cash from being stolen and brushed, protect the property safety of users, and provide great flexibility and expandability for further upgrading of terminal authentication in the future.
Description
Technical Field
The invention relates to the technical field of electronic commerce, in particular to a method for verifying terminal authenticity in electronic cash transaction.
Background
Currently, payment cards in the form of financial IC cards are widely used, and people generally use payment cards to transact in various merchants, which makes transactions of people safer and life more convenient. The storage unit in the payment card records electronic cash in the account of the user, which is present in the form of digital information and circulated through the internet. The simplest form of electronic cash transaction is represented by data interaction between three entities (merchant, user, bank).
In the field of electronic commerce, the issue of security of electronic cash held by a user is of paramount importance and in any case is a priority. In order to prevent fraudulent use of the user's electronic cash by a fake terminal initiating an electronic cash transaction, the existing solutions are mainly to perform a mutual authentication between the payment card and the terminal (e.g. a POS machine), as is used in the enhanced electronic cash application specification of the chinese union of bank. However, this solution has the following disadvantages:
firstly, increasing transaction time: the payment card needs to perform a data interaction process of certificate transmission and corresponding encryption/decryption and electronic signature verification with the terminal, which undoubtedly increases processing time, and this significantly reduces user experience for offline transactions in which transaction time is emphasized.
Secondly, the flexibility is not enough: in the scheme, the authentication mode between the payment card and the terminal needs to be fixed, once the terminal adopts different authentication modes or adds new authentication modes for other terminals due to the technical progress, corresponding software modification needs to be carried out on the payment card, and the method is very inconvenient for issued cards.
Accordingly, it would be desirable to have a secure and efficient method of verifying the authenticity of a terminal in an electronic cash transaction.
Disclosure of Invention
The invention aims to provide a safe and efficient method for verifying the authenticity of a terminal in an electronic cash transaction.
In order to achieve the above purpose, the invention provides a technical scheme as follows:
a method of verifying terminal authenticity in an electronic cash transaction, wherein a terminal is disposed within a merchant premises by an acquirer which sets terminal authenticity information within the terminal, the method comprising the steps of: the terminal initiates an electronic cash transaction with the payment card, and sends terminal authenticity information to the payment card; the payment card receives and records the terminal authenticity information and the transaction information of the electronic cash transaction; the payment card sends transaction information and terminal authenticity information to a card issuing institution; the card issuing mechanism forwards the terminal authenticity information to the acquiring mechanism, and the acquiring mechanism verifies the terminal authenticity information.
Preferably, the following steps are also included after step d): e) the acquiring mechanism judges whether the terminal is a fake terminal or not based on the terminal authenticity information and returns a judgment result to the card issuing mechanism; f) and if the judgment result indicates that the terminal is a fake terminal, the card issuing organization initiates a cancelling action of the electronic cash transaction.
Preferably, unique transaction information is generated for each electronic cash transaction.
Preferably, the payment card records at least one transaction message and at least one terminal authenticity message, wherein each terminal authenticity message corresponds to at least one transaction message.
The method for verifying the authenticity of the terminal in the electronic cash transaction can effectively prevent the electronic cash from being stolen, protect the property safety of the user and enhance the user experience of the electronic cash transaction, and also has the advantages of less change to the conventional electronic cash transaction flow and obviously reduced transaction time, and in addition, the method provides great flexibility and expandability for the further upgrading of the terminal authentication in the future.
Drawings
Fig. 1 is a flow chart illustrating a method for verifying terminal authenticity in an electronic cash transaction according to a first embodiment of the present invention.
Fig. 2 is a schematic diagram of a data interaction process between a payment card and an issuer and an acquirer.
Detailed Description
It should be noted that, in the embodiments of the present invention, a terminal (for example, a POS machine) is disposed in a merchant by an acquirer, the acquirer sets terminal authenticity information in the terminal, a payment card is issued to a user by an issuer, the payment card has a storage unit in which account information (including at least electronic cash balance information) of the user is recorded, and the user uses the payment card to perform an electronic cash transaction in the merchant. The acquiring organization and the issuing organization can be the same bank or different banks.
As shown in fig. 1, the present invention provides a method for verifying the authenticity of a terminal in an electronic cash transaction, which comprises the following steps:
step S10, the terminal initiates an electronic cash transaction with the payment card, and the terminal sends terminal authenticity information to the payment card.
Specifically, an application providing an electronic cash transaction service is first enabled on the terminal, and then an electronic cash transaction can be performed with the payment card. The terminal may send the terminal authenticity information to the payment card immediately after the application is enabled, or may send the terminal authenticity information to the payment card after the application, during the course of conducting an electronic cash transaction, for example, along with transaction authorization amount information.
Preferably, the terminal sends the transaction authorization amount information and the terminal authenticity information to the payment card, so that the number of data interaction in the electronic cash transaction process can be reduced.
The acquirer sets unique terminal authenticity information for each terminal to distinguish them from each other and prevent counterfeiting of the terminal.
The terminal authenticity information may include, for example, an identification of the acquirer, an identification of the terminal, an identification of the merchant, and the like.
Further, the acquiring mechanism protects the terminal authenticity information, and ensures authenticity, confidentiality, integrity and non-forgeability of the terminal. The specific protection mode is determined by the acquirer, and for example, the protection modes such as random numbers, encryption of payment card keys and card issuer keys, electronic signature and the like can be adopted.
Step S20, the payment card receives and records the terminal authenticity information and the transaction information of the electronic cash transaction.
In this step, the payment card receives terminal authenticity information and transaction information of the electronic cash transaction from the terminal, and records both in a storage unit of the payment card.
If the payment card finds that the terminal authenticity information is not received, the transaction can be rejected.
The transaction information for an electronic cash transaction may include, for example: transaction authorization amount information, transaction time, transaction serial number and the like.
The method comprises the steps of generating unique transaction information for each electronic cash transaction, wherein each transaction information corresponds to one piece of terminal authenticity information.
After a plurality of electronic cash transactions, a payment card held by a user records a plurality of transaction information and at least one piece of terminal authenticity information, wherein each piece of terminal authenticity information corresponds to at least one piece of transaction information.
It can be understood that, in the storage unit of the payment card, the recorded terminal authenticity information and the transaction information may be in a one-to-many relationship, that is, the terminal authenticity information corresponding to a plurality of pieces of transaction information is the same, indicating that the user has performed multiple transactions in the same merchant; it is also possible that there is a one-to-one relationship, i.e. that a certain transaction information corresponds to a unique piece of terminal authenticity information, indicating that the user has performed only one transaction in a certain merchant.
Step S30, the payment card sends transaction information and terminal authenticity information to the issuer.
This step occurs when the user networks the payment card, for example, to top up electronic cash. Fig. 2 shows a data interaction process between the payment card and the card issuer and the acquirer.
Preferably, the payment card sends all unprocessed terminal real information records to the card issuing institution, and the card issuing institution processes each transaction respectively so as to continue the circulation of electronic cash according to the real transaction condition.
The "terminal authenticity information record" referred to herein contains terminal authenticity information, transaction information, and a correspondence between the two.
And step S40, the card issuing institution transmits the terminal authenticity information to the acquirer, and the acquirer verifies the terminal authenticity information.
The terminal authenticity information records the identification of the acquiring mechanism, and the card issuing mechanism forwards the terminal authenticity information to the acquiring mechanism according to the identification. In order to improve the efficiency, the card issuing mechanism can be provided with a transfer center, and a centralized and unified distribution mode is adopted to transmit a plurality of pieces of terminal authenticity information.
In particular, the issuer may be a different bank, or a different business department of the same bank, than the acquirer. As described above, the terminals are arranged by the acquiring mechanism, which sets unique terminal authenticity information for each terminal and protects it; thus, the acquirer may verify the terminal authenticity information to determine the authenticity of the terminal that initiated the electronic cash transaction.
According to a further improved embodiment of the present invention, after step S40, the following two steps may be further included:
the acquiring mechanism judges whether the terminal is a fake terminal or not based on the terminal authenticity information and returns a judgment result to the card issuing mechanism;
if the judgment result indicates that the terminal is a fake terminal, the card issuing organization initiates a cancelling action of the electronic cash transaction.
Specifically, if the judgment result indicates that the terminal is a real terminal, no special processing is needed, and the electronic cash is circulated according to a normal transaction mode; if the judgment result indicates that the terminal is a fake terminal, the acquirer initiates a cancellation action, namely: informing the card issuing mechanism to recover the electronic cash amount on the payment card, for example, adopting an electronic cash recharging process, or setting a special electronic cash amount recovery process; after the recovery is finished, the card issuing organization clears all records of transaction information related to the pseudo terminal on the payment card, and can also prompt the user, take safety measures and the like.
The method for verifying the authenticity of the terminal in the electronic cash transaction provided by the embodiment can effectively prevent the electronic cash from being stolen, protect the property safety of the user and enhance the user experience of the electronic cash transaction, and also has the advantages of less change to the existing electronic cash transaction flow and obviously reduced transaction time.
The above description is only for the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Based on the idea of the invention, a person skilled in the art can make various modifications without departing from the idea of the invention and the accompanying claims.
Claims (5)
1. A method of verifying terminal authenticity in an electronic cash transaction, wherein the terminal is disposed within a merchant by an acquirer that sets terminal authenticity information within the terminal, the method comprising the steps of:
a) the terminal initiates an electronic cash transaction with a payment card, and the terminal sends the terminal authenticity information to the payment card;
b) the payment card receives and records the terminal authenticity information and the transaction information of the electronic cash transaction;
c) the payment card sends the transaction information and the terminal authenticity information to a card issuing institution;
d) the card sending mechanism forwards the terminal authenticity information to the acquiring mechanism, and the acquiring mechanism verifies the terminal authenticity information;
wherein the terminal authenticity information comprises the acquirer, the terminal and the merchant identifier;
wherein the terminal is configured to send the transaction information to the payment card together with the terminal authenticity information.
2. The method of claim 1, further comprising, after said step d), the steps of:
e) the acquiring mechanism judges whether the terminal is a fake terminal or not based on the terminal authenticity information and returns a judgment result to the card issuing mechanism;
f) and if the judgment result indicates that the terminal is a fake terminal, the card issuing institution initiates a cancelling action of the electronic cash transaction.
3. The method according to claim 1, wherein the acquirer protects the terminal authenticity information.
4. The method of claim 1, wherein each of said electronic cash transactions generates unique said transaction information.
5. The method of claim 1, wherein said payment card records at least one piece of said transaction information and at least one piece of said terminal authenticity information, wherein each said terminal authenticity information corresponds to at least one said transaction information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410688974.3A CN105590206B (en) | 2014-11-26 | 2014-11-26 | Method for verifying terminal authenticity in electronic cash transaction |
| PCT/CN2015/093892 WO2016082673A1 (en) | 2014-11-26 | 2015-11-05 | Method for verifying authenticity of terminal in electronic cash transaction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410688974.3A CN105590206B (en) | 2014-11-26 | 2014-11-26 | Method for verifying terminal authenticity in electronic cash transaction |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105590206A CN105590206A (en) | 2016-05-18 |
| CN105590206B true CN105590206B (en) | 2020-10-23 |
Family
ID=55929771
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410688974.3A Active CN105590206B (en) | 2014-11-26 | 2014-11-26 | Method for verifying terminal authenticity in electronic cash transaction |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105590206B (en) |
| WO (1) | WO2016082673A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101105776A (en) * | 2007-01-10 | 2008-01-16 | 上海瀚银信息技术有限公司 | Standard extension card with embedded CPU IC and method for realizing electronic payment |
| CN101178822A (en) * | 2007-11-29 | 2008-05-14 | 信雅达***工程股份有限公司 | Method supporting user verifying legitimacy of bank brushing card terminal equipment |
| CN103268676A (en) * | 2013-04-02 | 2013-08-28 | 广州御银科技股份有限公司 | System and method for verifying authenticity of financial self-service terminal |
| CN103548047A (en) * | 2010-12-30 | 2014-01-29 | 拉尔斯·奥洛夫·康恩葛尔迪 | Terminal authenticity verification |
| CN103870958A (en) * | 2012-12-13 | 2014-06-18 | 北京旋极信息技术股份有限公司 | Mobile payment method and mobile payment exclusive device |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8171531B2 (en) * | 2005-11-16 | 2012-05-01 | Broadcom Corporation | Universal authentication token |
| US20090313129A1 (en) * | 2008-06-11 | 2009-12-17 | Lmr Inventions, Llc | System and method for verifying user identity information in financial transactions |
| CN102411817B (en) * | 2011-09-19 | 2014-01-01 | 中国工商银行股份有限公司 | Method and system for identifying bank self-service machine |
| US20140289130A1 (en) * | 2013-03-25 | 2014-09-25 | iAXEPT Ltd | Secure remotely configurable point of sale terminal |
| US20140297435A1 (en) * | 2013-03-28 | 2014-10-02 | Hoiling Angel WONG | Bank card secured payment system and method using real-time communication technology |
-
2014
- 2014-11-26 CN CN201410688974.3A patent/CN105590206B/en active Active
-
2015
- 2015-11-05 WO PCT/CN2015/093892 patent/WO2016082673A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101105776A (en) * | 2007-01-10 | 2008-01-16 | 上海瀚银信息技术有限公司 | Standard extension card with embedded CPU IC and method for realizing electronic payment |
| CN101178822A (en) * | 2007-11-29 | 2008-05-14 | 信雅达***工程股份有限公司 | Method supporting user verifying legitimacy of bank brushing card terminal equipment |
| CN103548047A (en) * | 2010-12-30 | 2014-01-29 | 拉尔斯·奥洛夫·康恩葛尔迪 | Terminal authenticity verification |
| CN103870958A (en) * | 2012-12-13 | 2014-06-18 | 北京旋极信息技术股份有限公司 | Mobile payment method and mobile payment exclusive device |
| CN103268676A (en) * | 2013-04-02 | 2013-08-28 | 广州御银科技股份有限公司 | System and method for verifying authenticity of financial self-service terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105590206A (en) | 2016-05-18 |
| WO2016082673A1 (en) | 2016-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11620647B2 (en) | Provisioning of access credentials using device codes | |
| US11943231B2 (en) | Token and cryptogram using transaction specific information | |
| US20230274240A1 (en) | Transaction signing utilizing asymmetric cryptography | |
| KR101915676B1 (en) | Card settlement terminal and card settlement system | |
| CN108337093A (en) | POS terminal personal identification method, POS terminal and server | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| CN104951937A (en) | Authentication method and authentication system among mobile devices | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| WO2011094280A2 (en) | System and method for generating a dynamic card value | |
| CN101939945B (en) | A payment method and system for certification by a smart card with a display and a keyboard using one time dynamic cipher code | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| US20120254041A1 (en) | One-time credit card numbers | |
| CN103400265A (en) | Quick payment method and system based on position information | |
| CN103198405A (en) | Intelligent payment method and system based on camera scanning verification | |
| EP3702991A1 (en) | Mobile payments using multiple cryptographic protocols | |
| CN116233836A (en) | Method and system for relay attack detection | |
| CN103353973A (en) | Banking transaction authentication method based on video verification, and banking transaction authentication system based on video verification | |
| CN104899741A (en) | Online payment method and online payment system based on IC bank card | |
| CN104282096B (en) | Realize the method for digital signature and for realizing the POS terminal of digital signature | |
| Ogundele et al. | The implementation of a full EMV smartcard for a point-of-sale transaction and its impact on the PCI DSS | |
| CN105590206B (en) | Method for verifying terminal authenticity in electronic cash transaction | |
| CN104268780A (en) | Trade order confirmation method and device and server | |
| Ogundele et al. | Fraud reduction on emv payment cards by the implementation of stringent security features | |
| Ogundele et al. | The implementation of a full emv smartcard for a point-of-sale transaction | |
| US20140337224A1 (en) | Cardholder Changeable CVV2 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |