CN108352990B - Method and system for transmitting data - Google Patents

Method and system for transmitting data Download PDF

Info

Publication number
CN108352990B
CN108352990B CN201880000121.2A CN201880000121A CN108352990B CN 108352990 B CN108352990 B CN 108352990B CN 201880000121 A CN201880000121 A CN 201880000121A CN 108352990 B CN108352990 B CN 108352990B
Authority
CN
China
Prior art keywords
terminal
account information
pos terminal
ciphertext
pin code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201880000121.2A
Other languages
Chinese (zh)
Other versions
CN108352990A (en
Inventor
万文超
洪逸轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Publication of CN108352990A publication Critical patent/CN108352990A/en
Application granted granted Critical
Publication of CN108352990B publication Critical patent/CN108352990B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

The present invention relates to the field of data processing, and in particular, to a method and a system for transmitting data. The method comprises the steps that a public key is obtained from a POS terminal through a mobile terminal; the mobile terminal encrypts the PIN code according to the public key to obtain a PIN code ciphertext; the mobile terminal sends the PIN code ciphertext to the POS terminal so that the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key; and the mobile terminal forwards the ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal verifies the validity of the account information according to the ciphertext of the account information. The cost is reduced while the PIN code transmission safety is improved.

Description

Method and system for transmitting data
Technical Field
The present invention relates to the field of data processing, and in particular, to a method and a system for transmitting data.
Background
With the rapid development of the electronic payment industry, bank card payment and industry card payment are more and more popular with people due to the characteristics of rapidness and convenience. To secure the cardholder account, the cardholder typically enters a Personal Identification Number (PIN) through a secure POS terminal and is then transmitted by the POS to a payment terminal, which authenticates the cardholder's identity. In order to prevent the PIN code from being leaked or cracked so as to protect the property security of the cardholder, the PIN code must be encrypted and protected in the whole payment process, and the PIN code is prevented from appearing in a plaintext form. Therefore, secure transmission of the PIN code has been an important ring in the payment process. How to transmit the PIN code to the payment terminal securely, there are several ways in general at present:
the first method is as follows: the POS terminal is used for inputting and transmitting the PIN code, namely the PIN code is input on a password PAD (PIN PAD) of the POS terminal, and then the PIN code is encrypted by the POS terminal and then is directly transmitted to the payment terminal through a communication module of the POS terminal. However, this method requires the POS terminal to be equipped with a password keyboard module and a communication module, which results in an increase in the cost of the POS terminal.
The second method comprises the following steps: storing a PIN encryption key by using general equipment such as a mobile phone or a tablet, inputting and transmitting a PIN by using the equipment, encrypting by using the general equipment and transmitting to a payment terminal; however, general devices such as mobile phones and tablet computers are not financial devices which are used exclusively and subjected to strict security detection, and PIN encryption keys stored on such devices are easy to steal and even replace, so that the PIN encryption is unsafe.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: how to reduce the cost while improving the security of PIN code transmission.
In order to solve the technical problems, the invention adopts the technical scheme that:
the invention provides a method for transmitting data, which comprises the following steps:
the mobile terminal acquires a public key from the POS terminal;
the mobile terminal encrypts the PIN code according to the public key to obtain a PIN code ciphertext;
the mobile terminal sends the PIN code ciphertext to the POS terminal so that the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
and the mobile terminal forwards the ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal verifies the validity of the account information according to the ciphertext of the account information.
The present invention also provides a system for transmitting data, comprising:
the first acquisition module is used for the mobile terminal to acquire a public key from the POS terminal;
the first encryption module is used for encrypting the PIN code by the mobile terminal according to the public key to obtain a PIN code ciphertext;
the first sending module is used for sending the PIN code ciphertext to the POS terminal by the mobile terminal so that the POS terminal can obtain account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
and the forwarding module is used for forwarding the ciphertext of the account information from the POS terminal to the payment terminal by the mobile terminal so that the payment terminal verifies the validity of the account information according to the ciphertext of the account information.
The invention has the beneficial effects that: the method comprises the steps that a public key is obtained from the POS terminal in real time through the mobile terminal, the PIN code input to the mobile terminal by a user is encrypted by using the public key and then is sent to the POS terminal, the POS terminal returns an account number information ciphertext with validity verifiable by the payment terminal according to the PIN code, and the account number information ciphertext is forwarded to the payment terminal by the mobile terminal. Different from the prior art, the mobile terminal does not store a fixed encryption key for transmitting the PIN code, and the account information fed back by the POS terminal is also in the form of a ciphertext in the mobile terminal, so that even if the mobile terminal used by a user does not have the high security of financial equipment, lawless persons cannot steal and replace the encryption key through invading a mobile phone terminal, and the PIN code input by the mobile terminal carried by the user is also high in security. Meanwhile, the POS terminal does not need to be provided with a password keyboard, and the production cost of the POS terminal is reduced.
Drawings
FIG. 1 is a block flow diagram of an embodiment of a method for transmitting data according to the present invention;
FIG. 2 is a block diagram of a system for transmitting data according to an embodiment of the present invention;
description of reference numerals:
1. a first acquisition module; 2. a first encryption module; 3. a first sending module; 4. and a forwarding module.
Detailed Description
The most key technical conception of the invention is as follows: the method comprises the steps that a public key is obtained from the POS terminal in real time through the mobile terminal, the PIN code input to the mobile terminal by a user is encrypted by using the public key and then is sent to the POS terminal, the POS terminal returns an account number information ciphertext with validity verifiable by the payment terminal according to the PIN code, and the account number information ciphertext is forwarded to the payment terminal by the mobile terminal. The PIN code transmission safety is improved, and meanwhile the cost is reduced.
Referring to fig. 1 and fig. 2,
as shown in fig. 1, the present invention provides a method for transmitting data, including:
the mobile terminal acquires a public key from the POS terminal;
the mobile terminal encrypts the PIN code according to the public key to obtain a PIN code ciphertext;
the mobile terminal sends the PIN code ciphertext to the POS terminal so that the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
and the mobile terminal forwards the ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal verifies the validity of the account information according to the ciphertext of the account information.
Further, the mobile terminal obtains the public key from the POS terminal, specifically:
the mobile terminal sends a public key acquisition request to the POS terminal;
when the POS terminal receives the public key acquisition request, the POS terminal randomly generates a pair of asymmetric secret keys; the pair of asymmetric keys comprises a public key and a private key;
and the POS terminal sends the public key to the mobile terminal.
According to the description, when the mobile terminal needs to transmit the PIN code each time, the payment terminal randomly generates a pair of asymmetric keys for encrypting the PIN code, and the one-time key is used for encrypting the PIN code, so that the security of PIN code transmission is improved.
Further, the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key, specifically:
the POS terminal decrypts the PIN code ciphertext according to the private key to obtain a PIN code plaintext;
and the POS terminal acquires the account information corresponding to the PIN code plaintext.
According to the description, the private key capable of decrypting the PIN code ciphertext only exists in the financial equipment POS terminal with higher security, and the general equipment mobile terminal does not have the key for decrypting the PIN code ciphertext, so that lawless persons cannot replace or steal the private key for encrypting the PIN code by attacking the mobile terminal, and the security of PIN code transmission is improved.
Further, still include:
and the POS terminal encrypts the account information according to a preset symmetric key to obtain a ciphertext of the account information.
Further, the payment terminal verifies the validity of the account information according to the ciphertext of the account information, and specifically comprises the following steps:
the payment terminal acquires the symmetric key;
the payment terminal decrypts the ciphertext of the account information according to the symmetric key to obtain an account information plaintext;
and the payment terminal verifies the validity of the plaintext of the account information.
Further, still include:
generating the symmetric key;
presetting the symmetric key to a POS terminal;
and presetting the symmetric key to the payment terminal.
It can be known from the above description that the symmetric key for encrypting and decrypting the account information ciphertext only exists in the financial device POS terminal and the payment terminal with higher security, and the symmetric key for decrypting the account information is not used in the general device mobile terminal, so that the security of the account information is improved.
Further, still include:
and when the account information is valid, the payment terminal executes the payment operation corresponding to the account information according to a payment request sent by the POS terminal.
Further, still include:
the mobile terminal and the payment terminal establish SSL connection;
and the mobile terminal establishes a safe Bluetooth connection with the POS terminal.
According to the description, the mobile terminal, the POS terminal and the payment terminal are in a safe and reliable communication connection mode, and the safety of PIN code transmission is improved.
As shown in fig. 2, the present invention further provides a system for transmitting data, including:
a first obtaining module 1, configured to obtain, by a mobile terminal, a public key from a POS terminal;
the first encryption module 2 is used for encrypting the PIN code by the mobile terminal according to the public key to obtain a PIN code ciphertext;
the first sending module 3 is used for sending the PIN code ciphertext to the POS terminal by the mobile terminal so that the POS terminal can obtain account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
and the forwarding module 4 is used for the mobile terminal to forward the ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal can verify the validity of the account information according to the ciphertext of the account information.
Further, the first obtaining module comprises:
the mobile terminal comprises a first sending unit, a second sending unit and a public key acquiring unit, wherein the first sending unit is used for sending a public key acquiring request to the POS terminal by the mobile terminal;
the generating unit is used for generating a pair of asymmetric keys at random by the POS terminal when the POS terminal receives the public key obtaining request; the pair of asymmetric keys comprises a public key and a private key;
and the second sending unit is used for sending the public key to the mobile terminal by the POS terminal.
Further, the first transmitting module includes:
the first decryption unit is used for decrypting the PIN code ciphertext according to the private key by the POS terminal to obtain a PIN code plaintext;
and the first acquisition unit is used for the POS terminal to acquire the account information corresponding to the PIN code plaintext.
Further, still include:
and the second encryption module is used for encrypting the account information by the POS terminal according to a preset symmetric key to obtain a ciphertext of the account information.
Further, the forwarding module includes:
a second obtaining unit, configured to obtain the symmetric key by the payment terminal;
the second decryption unit is used for decrypting the ciphertext of the account information by the payment terminal according to the symmetric key to obtain the plaintext of the account information;
and the verification unit is used for verifying the validity of the plaintext of the account information by the payment terminal.
Further, still include:
a generating module for generating the symmetric key;
the first presetting module is used for presetting the symmetric key to the POS terminal;
and the second presetting module is used for presetting the symmetric key to the payment terminal.
Further, still include:
and the second sending module is used for executing the payment operation corresponding to the account information by the payment terminal according to the payment request sent by the POS terminal when the account information is valid.
Further, still include:
the first establishing module is used for establishing SSL connection between the mobile terminal and the payment terminal;
and the second establishing module is used for establishing safe Bluetooth connection between the mobile terminal and the POS terminal.
The first embodiment of the invention is as follows:
the present embodiment provides a method for transmitting data, including:
s1, the mobile terminal and the payment terminal establish SSL connection; and the mobile terminal establishes a safe Bluetooth connection with the POS terminal.
The payment terminal and the POS terminal are provided with security modules which can manage keys and provide encryption and decryption functions.
And S2, the mobile terminal acquires the public key from the POS terminal. The method specifically comprises the following steps:
the mobile terminal sends a public key acquisition request to the POS terminal;
when the POS terminal receives the public key acquisition request, the POS terminal randomly generates a pair of asymmetric secret keys; the pair of asymmetric keys comprises a public key and a private key;
and the POS terminal sends the public key to the mobile terminal.
Wherein only the POS terminal has the private key.
And S3, the mobile terminal encrypts the PIN code according to the public key to obtain a PIN code ciphertext.
And S4, the mobile terminal sends the PIN code ciphertext to the POS terminal.
And S5, the POS terminal acquires account information corresponding to the PIN code ciphertext according to the private key corresponding to the public key. The method specifically comprises the following steps:
the POS terminal decrypts the PIN code ciphertext according to the private key to obtain a PIN code plaintext;
the POS terminal acquires the account information corresponding to the PIN code plaintext;
and the POS terminal encrypts the account information according to a preset symmetric key to obtain a ciphertext of the account information.
Wherein the symmetric key is generated in advance; presetting the symmetric key to a POS terminal; and presetting the symmetric key to the payment terminal. Only the POS terminal and the payment terminal have the symmetric key.
The safety module of the POS terminal uses a standard PINBLOCK algorithm to enable primary account number data PAN and PIN to form account number information (PINBLOK).
And S6, the mobile terminal forwards the ciphertext of the account information from the POS terminal to the payment terminal.
And S7, the payment terminal verifies the validity of the account information according to the ciphertext of the account information. The method specifically comprises the following steps:
the payment terminal acquires the symmetric key;
the payment terminal decrypts the ciphertext of the account information according to the symmetric key to obtain an account information plaintext;
and the payment terminal verifies the validity of the plaintext of the account information.
And S8, when the account information is valid, the payment terminal executes the payment operation corresponding to the account information according to the payment request sent by the POS terminal.
As can be seen from the above description, in the present embodiment, the PIN code is to be securely transmitted, and the PIN code is input on the mobile terminal of the general-purpose device other than the financial device, but the mobile terminal itself does not store the key for encrypting the PIN code. The mobile terminal adopts the public key of the asymmetric key to encrypt the PIN code, and the public key is issued by the POS terminal every time, so that one-time pad is realized.
The security of the key for encrypting the PIN code is also embodied in that a private key for decrypting the PIN ciphertext only exists in the security module of the POS terminal, and the security mechanism of the POS terminal can ensure the security of the security module.
The PIN code is safe in the whole life cycle, is encrypted by using a public key immediately after being input on the mobile terminal, and exists in a ciphertext form all the time in the transmission process. Only the security module of the POS terminal can obtain the plaintext of the PIN code and immediately compose pinlock and encrypt it.
POS terminal and mobile terminal, mobile terminal and payment terminal all use the secure channel to communicate. For example, the communication connection is established by adopting the Bluetooth 4.2 communication protocol and the SSL communication protocol, and the open protocols can effectively prevent man-in-the-middle attacks.
The existing payment scheme of the POS terminal can prevent replay attack, and the typical methods include using UKPT (using single key for each transaction) key, having message sequence number field in interactive message, using random number to participate and the like.
The second embodiment of the invention is as follows:
the present embodiment provides a system for transmitting data, including:
the method comprises the steps that a first establishing module triggers the mobile terminal to establish SSL connection with a payment terminal; the second establishing module triggers the mobile terminal to establish safe Bluetooth connection with the POS terminal.
The generation module generates a symmetric key; the first preset module presets the symmetric key to the POS terminal; and the second preset module presets the symmetric key to the payment terminal.
The first acquisition module triggers the mobile terminal to acquire a public key from the POS terminal; the method specifically comprises the following steps: the first sending unit triggers the mobile terminal to send a public key acquisition request to the POS terminal; when the POS terminal receives the public key acquisition request, the generating unit triggers the POS terminal to randomly generate a pair of asymmetric secret keys; the pair of asymmetric keys comprises a public key and a private key; and the second sending unit triggers the POS terminal to send the public key to the mobile terminal.
And the first encryption module triggers the mobile terminal to encrypt the PIN code according to the public key to obtain a PIN code ciphertext.
And the first sending module triggers the mobile terminal to send the PIN code ciphertext to the POS terminal.
The first decryption unit triggers the POS terminal to decrypt the PIN cipher text according to the private key to obtain a PIN plaintext; the first acquisition unit triggers the POS terminal to acquire the account information corresponding to the PIN code plaintext; and the second encryption module triggers the POS terminal to encrypt the account information according to a preset symmetric key to obtain a ciphertext of the account information.
And the forwarding module triggers the mobile terminal to forward the ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal verifies the validity of the account information according to the ciphertext of the account information.
The second acquisition unit triggers the payment terminal to acquire the symmetric key; the second decryption unit triggers the payment terminal to decrypt the ciphertext of the account information according to the symmetric key to obtain the plaintext of the account information; and the verification unit triggers the payment terminal to verify the validity of the plaintext of the account information.
And when the account information is valid, the second sending module triggers the payment terminal to execute the payment operation corresponding to the account information according to the payment request sent by the POS terminal.
In summary, according to the method and system for transmitting data provided by the present invention, the mobile terminal does not store a fixed encryption key for transmitting the PIN code, and the account information fed back by the POS terminal is also present in the mobile terminal in the form of a ciphertext, so that even if the mobile terminal used by the user does not have the high security of the financial device, a lawless person cannot steal and replace the encryption key by invading the mobile terminal, thereby enabling the user to use the mobile terminal carried by the user to input the PIN code with high security. Meanwhile, the POS terminal does not need to be provided with a password keyboard, and the production cost of the POS terminal is reduced. Furthermore, when the mobile terminal needs to transmit the PIN code each time, the payment terminal randomly generates a pair of asymmetric keys for encrypting the PIN code, and the keys are used once, so that the security of PIN code transmission is improved. Furthermore, the private key capable of decrypting the PIN cipher text only exists in the financial equipment POS terminal with higher security, and a secret key used for decrypting the PIN cipher text is not used in the general equipment mobile terminal, so that lawless persons cannot replace or steal the private key used for encrypting the PIN through attacking the mobile terminal, and the security of PIN transmission is improved. Furthermore, the symmetric key for encrypting and decrypting the account information ciphertext only exists in the financial equipment POS terminal and the payment terminal with higher security, and the symmetric key for decrypting the account information is not used in the universal equipment mobile terminal, so that the security of the account information is improved. Furthermore, a safe and reliable communication connection mode is adopted among the mobile terminal, the POS terminal and the payment terminal, so that the safety of PIN code transmission is improved.

Claims (14)

1. A method of transmitting data, comprising:
the mobile terminal acquires a public key from the POS terminal in real time;
the mobile terminal encrypts the PIN code according to the public key to obtain a PIN code ciphertext;
the mobile terminal sends the PIN code ciphertext to the POS terminal so that the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
the mobile terminal forwards the account information ciphertext from the POS terminal to the payment terminal so that the payment terminal verifies the validity of the account information according to the account information ciphertext;
the mobile terminal acquires a public key from the POS terminal, specifically:
the mobile terminal sends a public key acquisition request to the POS terminal;
when the POS terminal receives the public key acquisition request, the POS terminal randomly generates a pair of asymmetric secret keys; the pair of asymmetric keys comprises a public key and a private key;
and the POS terminal sends the public key to the mobile terminal.
2. The method for transmitting data according to claim 1, wherein the POS terminal obtains account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key, specifically:
the POS terminal decrypts the PIN code ciphertext according to the private key to obtain a PIN code plaintext;
and the POS terminal acquires the account information corresponding to the PIN code plaintext.
3. The method of claim 1, further comprising:
and the POS terminal encrypts the account information according to a preset symmetric key to obtain a ciphertext of the account information.
4. The method for transmitting data according to claim 3, wherein the payment terminal verifies the validity of the account information according to the ciphertext of the account information, and specifically comprises:
the payment terminal acquires the symmetric key;
the payment terminal decrypts the ciphertext of the account information according to the symmetric key to obtain an account information plaintext;
and the payment terminal verifies the validity of the plaintext of the account information.
5. The method of claim 4, further comprising:
generating the symmetric key;
presetting the symmetric key to a POS terminal;
and presetting the symmetric key to the payment terminal.
6. The method of claim 1, further comprising:
and when the account information is valid, the payment terminal executes the payment operation corresponding to the account information according to a payment request sent by the POS terminal.
7. The method of claim 1, further comprising:
the mobile terminal and the payment terminal establish SSL connection;
and the mobile terminal establishes a safe Bluetooth connection with the POS terminal.
8. A system for transmitting data, comprising:
the first acquisition module is used for acquiring a public key from the POS terminal in real time by the mobile terminal;
the first encryption module is used for encrypting the PIN code by the mobile terminal according to the public key to obtain a PIN code ciphertext;
the first sending module is used for sending the PIN code ciphertext to the POS terminal by the mobile terminal so that the POS terminal can obtain account information corresponding to the PIN code ciphertext according to a private key corresponding to the public key;
the forwarding module is used for the mobile terminal to forward a ciphertext of the account information from the POS terminal to the payment terminal so that the payment terminal can verify the validity of the account information according to the ciphertext of the account information;
the first obtaining module comprises:
the mobile terminal comprises a first sending unit, a second sending unit and a public key acquiring unit, wherein the first sending unit is used for sending a public key acquiring request to the POS terminal by the mobile terminal;
the generating unit is used for generating a pair of asymmetric keys at random by the POS terminal when the POS terminal receives the public key obtaining request; the pair of asymmetric keys comprises a public key and a private key;
and the second sending unit is used for sending the public key to the mobile terminal by the POS terminal.
9. The system for transmitting data according to claim 8, wherein the first sending module comprises:
the first decryption unit is used for decrypting the PIN code ciphertext according to the private key by the POS terminal to obtain a PIN code plaintext;
and the first acquisition unit is used for the POS terminal to acquire the account information corresponding to the PIN code plaintext.
10. The system for transmitting data according to claim 8, further comprising:
and the second encryption module is used for encrypting the account information by the POS terminal according to a preset symmetric key to obtain a ciphertext of the account information.
11. The system for transmitting data according to claim 10, wherein said forwarding module comprises:
a second obtaining unit, configured to obtain the symmetric key by the payment terminal;
the second decryption unit is used for decrypting the ciphertext of the account information by the payment terminal according to the symmetric key to obtain the plaintext of the account information;
and the verification unit is used for verifying the validity of the plaintext of the account information by the payment terminal.
12. The system for transmitting data according to claim 11, further comprising:
a generating module for generating the symmetric key;
the first presetting module is used for presetting the symmetric key to the POS terminal;
and the second presetting module is used for presetting the symmetric key to the payment terminal.
13. The system for transmitting data according to claim 8, further comprising:
and the second sending module is used for executing the payment operation corresponding to the account information by the payment terminal according to the payment request sent by the POS terminal when the account information is valid.
14. The system for transmitting data according to claim 8, further comprising:
the first establishing module is used for establishing SSL connection between the mobile terminal and the payment terminal;
and the second establishing module is used for establishing safe Bluetooth connection between the mobile terminal and the POS terminal.
CN201880000121.2A 2018-02-27 2018-02-27 Method and system for transmitting data Active CN108352990B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/077307 WO2019165572A1 (en) 2018-02-27 2018-02-27 Data transmission method and system

Publications (2)

Publication Number Publication Date
CN108352990A CN108352990A (en) 2018-07-31
CN108352990B true CN108352990B (en) 2021-03-05

Family

ID=62956415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880000121.2A Active CN108352990B (en) 2018-02-27 2018-02-27 Method and system for transmitting data

Country Status (2)

Country Link
CN (1) CN108352990B (en)
WO (1) WO2019165572A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019165572A1 (en) * 2018-02-27 2019-09-06 福建联迪商用设备有限公司 Data transmission method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515350A (en) * 2009-04-08 2009-08-26 候万春 System and method for realizing security payment by mobile telephone
CN102467789A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Retail outlet account transfer operating system and transaction data encryption transmission method
CN103136668A (en) * 2011-11-28 2013-06-05 中兴通讯股份有限公司 Terminal payment method, terminal and payment platform

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9436940B2 (en) * 2012-07-09 2016-09-06 Maxim Integrated Products, Inc. Embedded secure element for authentication, storage and transaction within a mobile terminal
CN104838399B (en) * 2012-12-10 2019-08-27 维萨国际服务协会 Remote transaction is authenticated using mobile device
US20140289129A1 (en) * 2013-03-25 2014-09-25 iAXEPT Ltd Method for secure contactless communication of a smart card and a point of sale terminal
CN103903141B (en) * 2014-03-14 2018-05-08 福建联迪商用设备有限公司 A kind of O2O safe payment methods, system and a kind of POS terminal
AU2015264124B2 (en) * 2014-05-21 2019-05-09 Visa International Service Association Offline authentication
WO2019165572A1 (en) * 2018-02-27 2019-09-06 福建联迪商用设备有限公司 Data transmission method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101515350A (en) * 2009-04-08 2009-08-26 候万春 System and method for realizing security payment by mobile telephone
CN102467789A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Retail outlet account transfer operating system and transaction data encryption transmission method
CN103136668A (en) * 2011-11-28 2013-06-05 中兴通讯股份有限公司 Terminal payment method, terminal and payment platform

Also Published As

Publication number Publication date
CN108352990A (en) 2018-07-31
WO2019165572A1 (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN107896147B (en) Method and system for negotiating temporary session key based on national cryptographic algorithm
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
CN111615105B (en) Information providing and acquiring method, device and terminal
US20120240204A1 (en) System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication
CN108401494B (en) Method and system for transmitting data
US10089627B2 (en) Cryptographic authentication and identification method using real-time encryption
CN107679847B (en) Mobile transaction privacy protection method based on near field communication bidirectional identity authentication
CN103763631A (en) Authentication method, server and television
CN103067401A (en) Method and system for key protection
CN105245341A (en) Remote identity authentication method and system and remote account opening method and system
CN102664898A (en) Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system
EP1277299A1 (en) Method for securing communications between a terminal and an additional user equipment
CN109754241B (en) Hard wallet and verification method based on hard wallet
CN103326862A (en) Electronically signing method and system
CN104935441A (en) Authentication method and relevant devices and systems
CN105407467A (en) Short message encryption methods, devices and system
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN113507372A (en) Bidirectional authentication method for interface request
US20120284787A1 (en) Personal Secured Access Devices
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN102056156B (en) Computer Data Security is downloaded to the method and system of mobile terminal
CN113099457A (en) Method and system for binding vehicle and mobile terminal
CN108352990B (en) Method and system for transmitting data
CN102571346B (en) Method and device for preventing password of intelligent secret key device user from being stolen
US9876774B2 (en) Communication security system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant