+

WO2025016143A1 - Deployment method and device for security authorization of pos machine, and storage medium - Google Patents

Deployment method and device for security authorization of pos machine, and storage medium Download PDF

Info

Publication number
WO2025016143A1
WO2025016143A1 PCT/CN2024/100247 CN2024100247W WO2025016143A1 WO 2025016143 A1 WO2025016143 A1 WO 2025016143A1 CN 2024100247 W CN2024100247 W CN 2024100247W WO 2025016143 A1 WO2025016143 A1 WO 2025016143A1
Authority
WO
WIPO (PCT)
Prior art keywords
preset
server
information
serial number
verification result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/100247
Other languages
French (fr)
Chinese (zh)
Inventor
黎明
魏鸣飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PAX Computer Technology Shenzhen Co Ltd
Original Assignee
PAX Computer Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PAX Computer Technology Shenzhen Co Ltd filed Critical PAX Computer Technology Shenzhen Co Ltd
Publication of WO2025016143A1 publication Critical patent/WO2025016143A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present application belongs to the technical field of POS machines, and in particular, relates to a method, device and storage medium for secure authorization deployment of a POS machine.
  • POS machines At present, with the widespread use of POS machines, the electronic settlement of social consumption is becoming increasingly mature, and the fierce market competition has also brought many financial risks.
  • customers' POS machines When customers' POS machines are disassembled for repair, system settings, and security changes, they must be granted security permissions through the authorization system before they can operate.
  • the authorization system can be deployed independently on the server by the customer, but some customers may deploy the authorization system arbitrarily, or authorize POS machines that were originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.
  • the embodiments of the present application provide a method, device and storage medium for deploying secure authorization of a POS machine, which can solve the problem in the prior art that some customers may arbitrarily deploy the authorization system, or authorize a POS machine that is originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.
  • a first aspect of an embodiment of the present application provides a POS machine security authorization deployment method, which is applied to a server side and includes:
  • the client security permission is granted.
  • the preset server information includes first preset customer information, a preset server serial number hash value, and first signature information
  • the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key
  • Determining a first verification result of the server based on the server serial number hash value and preset server information includes:
  • the first preset condition is that the first signature verification result passes and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value.
  • the server determines the first verification result. After the results, it also includes:
  • the first preset customer information is stored in the server.
  • the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list, and second signature information
  • the second signature information is information after the second preset customer information and the preset terminal serial number list are signed based on a private key
  • determining a second verification result of the preset terminal whitelist information includes:
  • the second preset condition is that the second signature verification result passes and the second comparison result is that the first preset customer information and the second preset customer information are the same.
  • the method further includes:
  • the preset terminal serial number list is stored in the server.
  • granting the client security permission includes:
  • the client is granted security authority.
  • determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information includes:
  • the third preset condition is that the terminal serial number is included in a preset terminal serial number list.
  • a second aspect of the embodiment of the present application provides a POS machine security authorization deployment method, which is applied to a client, including:
  • the security authority granted by the server is obtained.
  • a third aspect of the embodiment of the present application provides a POS machine security authorization deployment device, which is applied to a server side, including:
  • An information acquisition module is used to obtain a server serial number hash value, preset server information, and preset terminal whitelist information;
  • a first verification module used to determine a first verification result of the server based on a hash value of a server serial number and preset server information
  • a second verification module configured to determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result satisfies the first preset condition
  • a sequence receiving module configured to receive a terminal sequence number transmitted by the client if the second verification result satisfies a second preset condition
  • the third verification module is used to grant the client security authority if the terminal serial number and the preset terminal whitelist information meet the third preset condition.
  • the first verification module includes:
  • a first signature verification unit used to determine a first signature verification result based on the public key and the first signature information
  • a first comparison unit configured to determine a first comparison result of the server based on a hash value of the server serial number and a preset hash value of the server serial number;
  • the first verification unit is used to determine a first verification result of the server based on the first signature verification result and the first comparison result.
  • the POS terminal security authorization deployment device further includes:
  • the first storage module is used to store the first preset customer information to the server side if the first verification result meets the first preset condition.
  • the second verification module includes:
  • a second signature verification unit configured to determine a second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition
  • a second comparison unit configured to determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information
  • the second verification unit is used to determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.
  • the POS terminal security authorization deployment device further includes:
  • the second storage module is used to store the preset terminal serial number list in the server side if the second verification result meets the second preset condition.
  • the third verification module includes:
  • a third comparison unit configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information
  • the permission granting unit is used to grant the client security permission if the third verification result meets the third preset condition.
  • the third comparison unit is specifically configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and a preset terminal serial number list.
  • a fourth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores a computer program.
  • the computer program is executed by a processor, the POS terminal security authorization deployment method described in the first aspect is implemented.
  • the first aspect of the embodiment of the present application provides a method for deploying secure authorization of a POS machine.
  • the server serial number hash value is obtained, and the server serial number hash value is verified based on the preset server information. This can verify whether the server deployed by the authorization system is the correct server, so that the authorization system can only be deployed on the correct server. If the server verification is successful, the terminal serial number of the POS machine accessing the authorization system by the client is verified based on the preset terminal whitelist information that has passed the verification. If the terminal serial number verification is successful, the POS machine security authority is granted, which can ensure that the authorization system only authorizes the POS machine that can be authorized, thereby strictly controlling the security of the POS machine authorization and preventing the authorization system from illegally authorizing.
  • FIG1 is a schematic diagram of a first flow chart of a method for deploying secure authorization of a POS terminal provided in an embodiment of the present application
  • FIG. 2 is a schematic diagram of a second flow chart of a POS terminal security authorization deployment method provided in an embodiment of the present application
  • FIG3 is a schematic diagram of a third process flow of a POS terminal security authorization deployment method provided in an embodiment of the present application.
  • FIG4 is a schematic diagram of a fourth flow chart of a POS terminal security authorization deployment method provided in an embodiment of the present application.
  • FIG5 is a schematic diagram of the structure of a POS terminal security authorization deployment device provided in an embodiment of the present application.
  • the term “if” can be interpreted as “when” or “uponce” or “in response to determining” or “in response to detecting”, depending on the context.
  • the phrase “if it is determined” or “if [described condition or event] is detected” can be interpreted as meaning “uponce it is determined” or “in response to determining” or “uponce [described condition or event] is detected” or “in response to detecting [described condition or event]", depending on the context.
  • references to "one embodiment” or “some embodiments” etc. described in the specification of this application mean that one or more embodiments of the present application include specific features, structures or characteristics described in conjunction with the embodiment. Therefore, the statements “in one of the embodiments”, “in some embodiments”, “in some other embodiments”, “in some other embodiments”, etc. that appear in different places in this specification do not necessarily refer to the same embodiment, but mean “one or more but not all embodiments", unless otherwise specifically emphasized in other ways.
  • the terms “including”, “comprising”, “having” and their variations all mean “including but not limited to", unless otherwise specifically emphasized in other ways. "Multiple” means “two or more”.
  • POS machines At present, with the widespread use of POS machines, the electronic settlement of social consumption is becoming increasingly mature, and the fierce market competition has also brought many financial risks.
  • customers' POS machines When customers' POS machines are disassembled for repair, system settings, and security changes, they must be granted security permissions through the authorization system before they can operate.
  • the authorization system can be deployed independently on the server by the customer, but some customers may deploy the authorization system arbitrarily, or authorize POS machines that were originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.
  • an embodiment of the present application provides a POS machine security authorization deployment method, which is applied to the server side.
  • the method obtains a server serial number hash value, preset server information and preset terminal information, and determines a first verification result of the server based on the server serial number hash value and the preset server information. If the first verification result meets the first preset condition, a second verification result of the preset terminal information is determined based on the preset server information and the preset terminal information. If the second verification result meets the second preset condition, the terminal serial number transmitted by the client is received. If the terminal serial number and the preset terminal information meet the third preset condition, the client is granted security permissions. This allows the authorization system to be deployed only on the correct server, and ensures that the authorization system only authorizes POS machines that can be authorized, thereby avoiding illegal authorization of the authorization system and improving the security of POS machine authorization.
  • the POS terminal security authorization deployment method provided by the present application is exemplarily described below in conjunction with specific embodiments.
  • the POS machine security authorization deployment method provided in this embodiment is applied to the server side, and includes:
  • the POS machine manufacturer can first connect the encryption machine, also known as the authorization machine, to the customer's server to deploy the authorization system on the customer's server.
  • the server can be a server based on the Windows environment. Then the customer connects the POS machine that needs authorization to his own terminal device, such as a computer, and uses the authorization tool in the terminal device to access the authorization system in the server through the Internet.
  • the authorization tool is a desktop tool that can be run by double-clicking the corresponding exe file after decompression.
  • the server and the encryption machine constitute the server side, and the POS machine and the terminal device constitute the client side.
  • server verification and POS terminal serial number verification can be performed.
  • the server serial number hash value, preset server information, and preset terminal whitelist information are obtained.
  • the server serial number hash value can be a hash value of the CPU serial number of the server deployed by the authorization system after hash processing
  • the preset server information can be information about the server that can be deployed by the authorization system, that is, the correct server
  • the preset terminal whitelist information can be information about the POS machine that can be authorized by the authorization system.
  • the above-mentioned preset server information and the above-mentioned preset terminal whitelist information can be deployed to the server in the form of files along with the authorization system, and specifically stored in a specified directory in the authorization system deployment file to facilitate subsequent verification of the server and terminal serial numbers.
  • S200 Determine a first verification result of the server based on a hash value of the server serial number and preset server information.
  • the server deployed by the authorization system can be verified.
  • the first verification result of the server is determined based on the server serial number hash value and the preset server information, and the server serial number hash value is verified by the preset server information to determine the first verification result of the server.
  • the preset server information includes first preset customer information, a preset server serial number hash value and first signature information
  • the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key.
  • the above-mentioned preset server serial number hash value can be a hash value of the CPU serial number of the server that can be deployed by the authorization system after hash processing.
  • the server CPU serial number can be hashed.
  • the above-mentioned first preset customer information can be the customer information of the server corresponding to the above-mentioned preset server serial number hash value, that is, the correct customer information that the authorization system can authorize.
  • the above-mentioned first signature information can be the signature information obtained by signing the above-mentioned first preset customer information and the above-mentioned preset server serial number hash value using the private key of the POS machine manufacturing company.
  • the specific signing process is to first send the first preset customer information and the preset server serial number hash value to the terminal of the POS machine manufacturing company. After the operator uses the private key in the encryption machine of the POS machine manufacturing company to sign, the signature information is sent to the server for authorization deployment.
  • determining the first verification result of the server includes:
  • S210 Determine a first signature verification result based on the public key and the first signature information.
  • the above-mentioned first signature information can be verified when the authorization system is started.
  • the above-mentioned determination of the first signature verification result based on the public key and the first signature information can be to call the public key stored in the authorization system to verify the first signature information in the above-mentioned preset server information, thereby determining the above-mentioned first signature verification result. If the above-mentioned preset server information is tampered with, the above-mentioned first signature verification result will fail. If the above-mentioned preset server information is not tampered with, the above-mentioned first signature verification result will pass.
  • S220 Determine a first comparison result of the server based on the server serial number hash value and a preset server serial number hash value.
  • the server serial number hash value can be verified through the preset server information.
  • the first comparison result of the server is determined based on the server serial number hash value and the preset server serial number hash value, which can be determined by comparing the server serial number hash value with the preset server serial number hash value. If the server serial number hash value is the same as the preset server serial number hash value, the first comparison result is passed. If the server serial number hash value is not the same as the preset server serial number hash value, the first comparison result is not passed.
  • S230 Determine a first verification result of the server based on the first signature verification result and the first comparison result.
  • the first verification result of the server is determined based on the first verification result and the first comparison result, which can be based on the first verification result of the first signature information, the hash value of the server serial number and the pre- A first verification result of the server is determined by a first comparison result of the hash value of the server serial number.
  • the first preset condition is that both the first signature verification result and the first comparison result are passed, that is, the preset server information has not been tampered with, and the server serial number hash value is the same as the preset server serial number hash value.
  • the method further includes: if the first verification result meets the first preset condition, storing the first preset customer information on the server.
  • the first verification result satisfies the first preset condition, it means that the server deployed by the authorization system is the correct server and the server verification is passed. If the first verification result satisfies the first preset condition, the first preset customer information is stored on the server side, which can be after the server verification is passed, the first preset customer information is written into the memory of the server, so as to be configured in the server, indicating that the first preset customer information is the correct customer information.
  • the server deployed by the authorization system is the correct server. If the server verification is passed, the terminal serial number of the POS machine connected to the authorization system can be verified again. Before performing the terminal serial number verification, it is necessary to verify whether the above-mentioned preset terminal whitelist information is the correct customer's own preset terminal whitelist information.
  • the above-mentioned second verification result of determining the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information can be to verify the above-mentioned preset terminal whitelist information through the first preset customer information in the above-mentioned preset server information, thereby determining the second verification result of the above-mentioned preset terminal whitelist information.
  • the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list and second signature information
  • the second signature information is information after the second preset customer information and the preset terminal serial number list are signed based on a private key.
  • the above-mentioned preset terminal serial number list can be a list of terminal serial numbers of POS machines that can be authorized by the authorization system
  • the above-mentioned second preset customer information can be the information of the customer of the POS machine corresponding to the above-mentioned preset terminal serial number list.
  • the above-mentioned signing of the second preset customer information and the preset terminal serial number list based on the private key can be signed by using the private key of the POS machine manufacturer to sign the hash value of the above-mentioned second preset customer information and the above-mentioned preset terminal serial number list after hash processing.
  • the specific signing process is to first send the second preset customer information and the preset terminal serial number list to the terminal of the POS machine manufacturer, and after the operator signs with the private key in the encryption machine of the POS machine manufacturer, send the signature information to the server for authorization deployment.
  • the above-mentioned preset terminal whitelist information can be directly read into the memory of the server when the authorization system is started to prevent other customers from maliciously tampering with the above-mentioned preset terminal whitelist information.
  • determining the second verification result of the preset terminal whitelist information includes:
  • the above-mentioned second signature information can be verified when the authorization system is started.
  • the above-mentioned determination of the second signature verification result based on the public key and the second signature information can be to call the public key stored in the authorization system to verify the second signature information in the above-mentioned preset terminal whitelist information, thereby determining the above-mentioned second signature verification result. If the above-mentioned preset terminal whitelist information is tampered with, the above-mentioned second signature verification result will fail. If the above-mentioned preset terminal whitelist information has not been tampered with, the above-mentioned second signature verification result will pass.
  • S320 Determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information.
  • the first preset client in the above-mentioned preset server information can be used before performing terminal serial number verification.
  • the information verifies the second preset customer information in the preset terminal whitelist information.
  • the second comparison result of the customer information is determined based on the first preset customer information and the second preset customer information, and the second comparison result of the customer information is determined by comparing the first preset customer information with the second preset customer information. If the first preset customer information and the second preset customer information are the same, the second comparison result passes; if the first preset customer information and the second preset customer information are different, the second comparison result fails.
  • S330 Determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.
  • the second verification result of the preset terminal information is determined based on the second signature verification result and the second comparison result.
  • the second verification result of the preset terminal whitelist information is determined based on the second signature verification result of the second signature information and the second comparison result of the first preset customer information and the second preset customer information.
  • the second preset condition is that both the second signature verification result and the second comparison result are passed, that is, the preset terminal whitelist information has not been tampered with, and the first preset customer information is the same as the second preset customer information.
  • the server after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, it also includes: if the second verification result meets the second preset condition, storing the preset terminal serial number list to the server.
  • the above-mentioned first preset customer information has been determined to be the information of the correct customer, if the above-mentioned second verification result meets the above-mentioned second preset condition, it means that the above-mentioned preset terminal whitelist information is also the preset terminal whitelist information of the correct customer, and the above-mentioned preset terminal whitelist information is verified. If the above-mentioned second verification result meets the second preset condition, the preset terminal serial number list is stored on the server side. It can be that after the preset terminal whitelist information is verified, the preset terminal serial number list in the above-mentioned preset terminal whitelist information is written into the memory of the server, so as to perform the subsequent verification of the terminal serial number. By verifying the preset terminal whitelist information, the customer can only use his own preset terminal serial number list for terminal serial number verification, avoiding the customer from maliciously using the preset terminal serial number list of other customers.
  • the preset terminal whitelist information is the correct preset terminal information of the client, and the preset terminal whitelist information is verified.
  • the preset terminal serial number list in the preset terminal whitelist information can be used to verify the terminal serial number of the POS machine that the client accesses the authorization system.
  • the terminal serial number can be the SN (Serial Number) of the POS machine.
  • the terminal serial number of the POS machine of the client accessing the authorization system can be verified through the above-mentioned preset terminal whitelist information, and it can be determined whether the above-mentioned terminal serial number and the above-mentioned preset terminal whitelist information meet the third preset condition. If so, the client is granted the security authority to access the POS machine of the authorization system.
  • granting the client security permission includes:
  • S510 Determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information.
  • the third verification result of the terminal serial number is determined based on the third comparison result between the terminal serial number and the preset terminal whitelist information.
  • the terminal serial number of the POS machine of the client accessing the authorization system is compared with the preset terminal whitelist information to obtain the third comparison result, and the third verification result of the terminal serial number is determined based on the third comparison result.
  • the third verification result of the terminal serial number is determined based on the third comparison result of the terminal serial number and the preset terminal whitelist information, including: The third verification result of the terminal serial number is determined by comparing the results; the third preset condition is that the terminal serial number is included in the preset terminal serial number list.
  • the third verification result of the terminal serial number is determined based on the third comparison result between the terminal serial number and the preset terminal serial number list.
  • the terminal serial number of the POS machine for client access to the authorization system is compared with the preset terminal serial number list in the preset terminal whitelist information to obtain the third comparison result, and the third verification result of the terminal serial number is determined based on the third comparison result.
  • the third verification result satisfies the third preset condition, it means that the terminal serial number of the POS machine accessed by the client to the authorization system is included in the preset terminal serial number list, the POS machine accessed by the client to the authorization system is a POS machine that can be authorized, and the authorization system can authorize the POS machine security permissions.
  • the terminal serial number and the preset terminal whitelist information do not meet the third preset condition, it means that the terminal serial number of the POS machine accessed by the client to the authorization system is not included in the preset terminal serial number list, the POS machine accessed by the client to the authorization system is a POS machine that cannot be authorized, and the authorization system does not grant the POS machine security permissions.
  • the authorization system can be a web system running on a Windows server.
  • the administrator can deploy the authorization system on the customer's server and operate the authorization system through a browser.
  • the customer's POS machine needs to be authorized for security permissions, the customer can connect the POS machine to his terminal device, such as a computer, and then use the authorization tool in the terminal device to access the authorization system through the Internet.
  • the authorization system is deployed on the customer's server, by obtaining the server's serial number hash value and verifying the server serial number hash value based on the preset server information, it can be verified whether the server deployed by the authorization system is the correct server, so that the authorization system can only be deployed on the correct server.
  • the server verification passes, the terminal serial number of the customer's POS machine accessing the authorization system is verified based on the preset terminal whitelist information that has passed the verification. If the terminal serial number verification passes, the POS machine security permissions are granted, which can ensure that the authorization system only authorizes POS machines that can be authorized, thereby strictly controlling the security of POS machine authorization and preventing the authorization system from illegally authorizing.
  • the embodiment of the present application also provides a POS machine security authorization deployment method, which is applied to the client, including: sending the terminal serial number to the server; if the terminal serial number and the preset terminal whitelist information meet the third preset condition, obtaining the security authority granted by the server.
  • the above-mentioned POS machine security authorization deployment method applied to the client is based on the same concept as the above-mentioned POS machine security authorization deployment method applied to the server. Its specific functions and technical effects can be found in the embodiment of the above-mentioned POS machine security authorization deployment method applied to the server, and will not be repeated here.
  • this embodiment provides a POS machine security authorization deployment device, which is applied to the server side.
  • the POS machine security authorization deployment device 500 includes:
  • the information acquisition module 510 is used to obtain the server serial number hash value, preset server information and preset terminal whitelist information;
  • a first verification module 520 configured to determine a first verification result of the server based on a hash value of the server serial number and preset server information
  • the second verification module 530 is used to determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result meets the first preset condition;
  • the sequence receiving module 540 is used to receive the terminal sequence number transmitted by the client if the second verification result meets the second preset condition;
  • the third verification module 550 is used to grant the client security authority if the terminal serial number and the preset terminal whitelist information meet the third preset condition.
  • the first verification module includes:
  • a first signature verification unit used to determine a first signature verification result based on the public key and the first signature information
  • a first comparison unit configured to determine a first comparison result of the server based on a hash value of the server serial number and a preset hash value of the server serial number;
  • the first verification unit is used to determine a first verification result of the server based on the first signature verification result and the first comparison result.
  • the POS terminal security authorization deployment device further includes:
  • the first storage module is used to store the first preset customer information to the server side if the first verification result meets the first preset condition.
  • the second verification module includes:
  • a second signature verification unit configured to determine a second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition
  • a second comparison unit configured to determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information
  • the second verification unit is used to determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.
  • the POS terminal security authorization deployment device further includes:
  • the second storage module is used to store the preset terminal serial number list in the server side if the second verification result meets the second preset condition.
  • the third verification module includes:
  • a third comparison unit configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information
  • the permission granting unit is used to grant the client security permission if the third verification result meets the third preset condition.
  • the third comparison unit is specifically configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and a preset terminal serial number list.
  • the technicians in the relevant field can clearly understand that for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example for illustration.
  • the above-mentioned function allocation can be completed by different functional units and modules as needed, that is, the internal structure of the device can be divided into different functional units or modules to complete all or part of the functions described above.
  • the functional units and modules in the embodiment can be integrated in a processing unit, or each unit can exist physically separately, or two or more units can be integrated in one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or in the form of software functional units.
  • the embodiment of the present application further provides a computer-readable storage medium, which stores a computer program.
  • a computer program When the computer program is executed by a processor, the steps in the above-mentioned method embodiments can be implemented.
  • the present application implements all or part of the processes in the above-mentioned embodiment method, which can be completed by instructing the relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium.
  • the computer program When the computer program is executed by a processor, it can implement the steps of each of the above-mentioned method embodiments.
  • the computer program includes computer program code, and the computer program code can be in source code form, object code form, executable file or some intermediate form.
  • the computer-readable medium may at least include: any entity or device that can carry the computer program code to a terminal device, a recording medium, a computer memory, a read-only memory (ROM, Read-Only

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

The present application is suitable for the technical field of POS machines, and provides a deployment method and device for security authorization of a POS machine, and a storage medium. The deployment method for security authorization of a POS machine is applied to a server side, and comprises: acquiring a server serial number hash value, preset server information and preset terminal whitelist information; determining a first verification result of a server on the basis of the server serial number hash value and the preset server information; if the first verification result satisfies a first preset condition, determining a second verification result of the preset terminal whitelist information on the basis of the preset server information and the preset terminal whitelist information; if the second verification result satisfies a second preset condition, receiving a terminal serial number transmitted by a client; and if the terminal serial number and the preset terminal whitelist information satisfy a third preset condition, granting the client a security permission. According to the present application, an authorization system can only be deployed on the correct server, illegitimate authorization of the authorization system can be avoided, and the authorization security of the POS machine is improved.

Description

一种POS机安全授权部署方法、装置及存储介质A method, device and storage medium for POS machine security authorization deployment

本申请要求于2023年7月14日提交中国专利局,申请号为202310868972.1申请名称为“一种POS机安全授权部署方法、装置及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to a Chinese patent application filed with the China Patent Office on July 14, 2023, with application number 202310868972.1 and entitled “A method, device and storage medium for secure authorization deployment of a POS machine”, the entire contents of which are incorporated by reference in this application.

技术领域Technical Field

本申请属于POS机技术领域,尤其涉及一种POS机安全授权部署方法、装置及存储介质。The present application belongs to the technical field of POS machines, and in particular, relates to a method, device and storage medium for secure authorization deployment of a POS machine.

背景技术Background Art

目前,随着POS机的广泛使用,社会消费结算电子化日益成熟,激烈的市场竞争也带来了众多的金融风险。客户的POS机在做一些拆机维修、系统设置、以及涉及安全的改动的时候,必须通过授权系统授予安全权限后,才能进行操作。授权系统可以由客户独立部署在服务器上,但是一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性。At present, with the widespread use of POS machines, the electronic settlement of social consumption is becoming increasingly mature, and the fierce market competition has also brought many financial risks. When customers' POS machines are disassembled for repair, system settings, and security changes, they must be granted security permissions through the authorization system before they can operate. The authorization system can be deployed independently on the server by the customer, but some customers may deploy the authorization system arbitrarily, or authorize POS machines that were originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.

发明内容Summary of the invention

本申请实施例提供了一种POS机安全授权部署方法、装置及存储介质,可以解决现有技术存在的一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性的问题。The embodiments of the present application provide a method, device and storage medium for deploying secure authorization of a POS machine, which can solve the problem in the prior art that some customers may arbitrarily deploy the authorization system, or authorize a POS machine that is originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.

本申请实施例的第一方面提供一种POS机安全授权部署方法,应用于服务器端,包括:A first aspect of an embodiment of the present application provides a POS machine security authorization deployment method, which is applied to a server side and includes:

获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Obtain the server serial number hash value, preset server information, and preset terminal whitelist information;

基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;Determine a first verification result of the server based on the server serial number hash value and preset server information;

若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;If the first verification result satisfies the first preset condition, determining a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information;

若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;If the second verification result satisfies the second preset condition, receiving the terminal serial number transmitted by the client;

若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。If the terminal serial number and the preset terminal whitelist information meet the third preset condition, the client security permission is granted.

在其中一个实施例中,预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,第一签名信息为基于私钥对第一预设客户信息和预设服务器序列号哈希值分别进行签名后的信息;In one embodiment, the preset server information includes first preset customer information, a preset server serial number hash value, and first signature information, and the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key;

基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,包括:Determining a first verification result of the server based on the server serial number hash value and preset server information includes:

基于公钥和第一签名信息,确定第一验签结果;Determine a first signature verification result based on the public key and the first signature information;

基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果;Determine a first comparison result of the server based on the server serial number hash value and the preset server serial number hash value;

基于第一验签结果和第一对比结果,确定服务器的第一验证结果;Determine a first verification result of the server based on the first signature verification result and the first comparison result;

第一预设条件为第一验签结果通过且所述第一对比结果为服务器序列号哈希值和预设服务器序列号哈希值相同。The first preset condition is that the first signature verification result passes and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value.

在其中一个实施例中,基于第一验签结果和第一对比结果,确定服务器的第一验证 结果之后,还包括:In one embodiment, based on the first verification result and the first comparison result, the server determines the first verification result. After the results, it also includes:

若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。If the first verification result meets the first preset condition, the first preset customer information is stored in the server.

在其中一个实施例中,预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,第二签名信息为基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名后的信息;In one embodiment, the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list, and second signature information, and the second signature information is information after the second preset customer information and the preset terminal serial number list are signed based on a private key;

若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,包括:If the first verification result satisfies the first preset condition, based on the preset server information and the preset terminal whitelist information, determining a second verification result of the preset terminal whitelist information includes:

若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information;

基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;Determining a second comparison result of the customer information based on the first preset customer information and the second preset customer information;

基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果;Determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result;

第二预设条件为第二验签结果通过且所述第二对比结果为第一预设客户信息和第二预设客户信息相同。The second preset condition is that the second signature verification result passes and the second comparison result is that the first preset customer information and the second preset customer information are the same.

在其中一个实施例中,基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果之后,还包括:In one embodiment, after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, the method further includes:

若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。If the second verification result meets the second preset condition, the preset terminal serial number list is stored in the server.

在其中一个实施例中,若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限,包括:In one embodiment, if the terminal serial number and the preset terminal whitelist information meet the third preset condition, granting the client security permission includes:

基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;Determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information;

若第三验证结果满足所述第三预设条件,授予客户端安全权限。If the third verification result meets the third preset condition, the client is granted security authority.

在其中一个实施例中,基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,包括:In one embodiment, determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information includes:

基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果;Determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal serial number list;

第三预设条件为终端序列号包含在预设终端序列号列表内。The third preset condition is that the terminal serial number is included in a preset terminal serial number list.

本申请实施例的第二方面提供一种POS机安全授权部署方法,应用于客户端,包括:A second aspect of the embodiment of the present application provides a POS machine security authorization deployment method, which is applied to a client, including:

发送终端序列号至服务器端;Send the terminal serial number to the server;

若终端序列号和预设终端白名单信息满足第三预设条件,获取服务器端授予的安全权限。If the terminal serial number and the preset terminal whitelist information meet the third preset condition, the security authority granted by the server is obtained.

本申请实施例的第三方面提供一种POS机安全授权部署装置,应用于服务器端,包括:A third aspect of the embodiment of the present application provides a POS machine security authorization deployment device, which is applied to a server side, including:

信息获取模块,用于获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;An information acquisition module is used to obtain a server serial number hash value, preset server information, and preset terminal whitelist information;

第一验证模块,用于基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;A first verification module, used to determine a first verification result of the server based on a hash value of a server serial number and preset server information;

第二验证模块,用于若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;A second verification module, configured to determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result satisfies the first preset condition;

序列接收模块,用于若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;A sequence receiving module, configured to receive a terminal sequence number transmitted by the client if the second verification result satisfies a second preset condition;

第三验证模块,用于若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。The third verification module is used to grant the client security authority if the terminal serial number and the preset terminal whitelist information meet the third preset condition.

在其中一个实施例中,第一验证模块,包括:In one embodiment, the first verification module includes:

第一验签单元,用于基于公钥和第一签名信息,确定第一验签结果;A first signature verification unit, used to determine a first signature verification result based on the public key and the first signature information;

第一对比单元,用于基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果; A first comparison unit, configured to determine a first comparison result of the server based on a hash value of the server serial number and a preset hash value of the server serial number;

第一验证单元,用于基于第一验签结果和第一对比结果,确定服务器的第一验证结果。The first verification unit is used to determine a first verification result of the server based on the first signature verification result and the first comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS terminal security authorization deployment device further includes:

第一存储模块,用于若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。The first storage module is used to store the first preset customer information to the server side if the first verification result meets the first preset condition.

在其中一个实施例中,第二验证模块,包括:In one embodiment, the second verification module includes:

第二验签单元,用于若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;A second signature verification unit, configured to determine a second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition;

第二对比单元,用于基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;A second comparison unit, configured to determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information;

第二验证单元,用于基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。The second verification unit is used to determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS terminal security authorization deployment device further includes:

第二存储模块,用于若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。The second storage module is used to store the preset terminal serial number list in the server side if the second verification result meets the second preset condition.

在其中一个实施例中,第三验证模块,包括:In one embodiment, the third verification module includes:

第三对比单元,用于基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;A third comparison unit, configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information;

权限授予单元,用于若第三验证结果满足第三预设条件,授予客户端安全权限。The permission granting unit is used to grant the client security permission if the third verification result meets the third preset condition.

在其中一个实施例中,第三对比单元,具体用于基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果。In one of the embodiments, the third comparison unit is specifically configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and a preset terminal serial number list.

本申请实施例的第四方面提供一种计算机可读存储介质,计算机可读存储介质存储有计算机程序,计算机程序被处理器执行时实现第一方面所述的POS机安全授权部署方法。A fourth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores a computer program. When the computer program is executed by a processor, the POS terminal security authorization deployment method described in the first aspect is implemented.

本申请实施例的第一方面提供的POS机安全授权部署方法,通过在授权系统部署在客户的服务器上时,获取服务器的序列号哈希值,并基于预设服务器信息对服务器序列号哈希值进行验证,能够验证授权系统所部署的服务器是否为正确的服务器,使得授权系统只能部署在正确的服务器上。若服务器验证通过,再基于验证通过的预设终端白名单信息对客户端接入授权系统的POS机的终端序列号进行验证,若终端序列号验证通过则授予POS机安全权限,能够确保授权系统只对可以进行授权的POS机授权,从而严格把控POS机授权的安全性,防止授权系统非法授权。The first aspect of the embodiment of the present application provides a method for deploying secure authorization of a POS machine. When the authorization system is deployed on the client's server, the server serial number hash value is obtained, and the server serial number hash value is verified based on the preset server information. This can verify whether the server deployed by the authorization system is the correct server, so that the authorization system can only be deployed on the correct server. If the server verification is successful, the terminal serial number of the POS machine accessing the authorization system by the client is verified based on the preset terminal whitelist information that has passed the verification. If the terminal serial number verification is successful, the POS machine security authority is granted, which can ensure that the authorization system only authorizes the POS machine that can be authorized, thereby strictly controlling the security of the POS machine authorization and preventing the authorization system from illegally authorizing.

可以理解的是,上述第二方面、第三方面和第四方面的有益效果可以参见上述第一方面中的相关描述,在此不再赘述。It can be understood that the beneficial effects of the second, third and fourth aspects mentioned above can be found in the relevant description of the first aspect mentioned above, and will not be repeated here.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本申请具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the specific implementation methods of the present application or the technical solutions in the prior art, the drawings required for use in the specific implementation methods or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are some implementation methods of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

图1为本申请实施例提供的POS机安全授权部署方法的第一种流程示意图;FIG1 is a schematic diagram of a first flow chart of a method for deploying secure authorization of a POS terminal provided in an embodiment of the present application;

图2为本申请实施例提供的POS机安全授权部署方法的第二种流程示意图;FIG. 2 is a schematic diagram of a second flow chart of a POS terminal security authorization deployment method provided in an embodiment of the present application;

图3为本申请实施例提供的POS机安全授权部署方法的第三种流程示意图;FIG3 is a schematic diagram of a third process flow of a POS terminal security authorization deployment method provided in an embodiment of the present application;

图4为本申请实施例提供的POS机安全授权部署方法的第四种流程示意图;FIG4 is a schematic diagram of a fourth flow chart of a POS terminal security authorization deployment method provided in an embodiment of the present application;

图5为本申请实施例提供的POS机安全授权部署装置的结构示意图。 FIG5 is a schematic diagram of the structure of a POS terminal security authorization deployment device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、设备、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, specific details such as specific system structures, technologies, etc. are provided for the purpose of illustration rather than limitation, so as to provide a thorough understanding of the embodiments of the present application. However, it should be clear to those skilled in the art that the present application may also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to prevent unnecessary details from obstructing the description of the present application.

应当理解,当在本申请说明书和所附权利要求书中使用时,术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in the present specification and the appended claims, the term "comprising" indicates the presence of described features, wholes, steps, operations, elements and/or components, but does not exclude the presence or addition of one or more other features, wholes, steps, operations, elements, components and/or combinations thereof.

还应当理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be understood that the term “and/or” used in the specification and appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes these combinations.

如在本申请说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in the specification and appended claims of this application, the term "if" can be interpreted as "when" or "uponce" or "in response to determining" or "in response to detecting", depending on the context. Similarly, the phrase "if it is determined" or "if [described condition or event] is detected" can be interpreted as meaning "uponce it is determined" or "in response to determining" or "uponce [described condition or event] is detected" or "in response to detecting [described condition or event]", depending on the context.

在本申请说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在其中一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。“多个”表示“两个或两个以上”。References to "one embodiment" or "some embodiments" etc. described in the specification of this application mean that one or more embodiments of the present application include specific features, structures or characteristics described in conjunction with the embodiment. Therefore, the statements "in one of the embodiments", "in some embodiments", "in some other embodiments", "in some other embodiments", etc. that appear in different places in this specification do not necessarily refer to the same embodiment, but mean "one or more but not all embodiments", unless otherwise specifically emphasized in other ways. The terms "including", "comprising", "having" and their variations all mean "including but not limited to", unless otherwise specifically emphasized in other ways. "Multiple" means "two or more".

目前,随着POS机的广泛使用,社会消费结算电子化日益成熟,激烈的市场竞争也带来了众多的金融风险。客户的POS机在做一些拆机维修、系统设置、以及涉及安全的改动的时候,必须通过授权系统授予安全权限后,才能进行操作。授权系统可以由客户独立部署在服务器上,但是一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性。At present, with the widespread use of POS machines, the electronic settlement of social consumption is becoming increasingly mature, and the fierce market competition has also brought many financial risks. When customers' POS machines are disassembled for repair, system settings, and security changes, they must be granted security permissions through the authorization system before they can operate. The authorization system can be deployed independently on the server by the customer, but some customers may deploy the authorization system arbitrarily, or authorize POS machines that were originally not authorized through the authorization system, resulting in illegal authorization of the authorization system and affecting the security of POS machine authorization.

针对上述问题,本申请实施例提供了一种POS机安全授权部署方法,应用于服务器端,该方法通过获取服务器序列号哈希值、预设服务器信息以及预设终端信息,基于服务器序列号哈希值和预设服务器信息确定服务器的第一验证结果,若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端信息确定预设终端信息的第二验证结果,若第二验证结果满足第二预设条件,接收客户端传送的终端序列号,若终端序列号和预设终端信息满足第三预设条件,授予客户端安全权限,能够使得授权系统只能部署在正确的服务器上,还能够确保授权系统只对可以进行授权的POS机授权,避免授权系统非法授权,提高了POS机授权的安全性。In response to the above problems, an embodiment of the present application provides a POS machine security authorization deployment method, which is applied to the server side. The method obtains a server serial number hash value, preset server information and preset terminal information, and determines a first verification result of the server based on the server serial number hash value and the preset server information. If the first verification result meets the first preset condition, a second verification result of the preset terminal information is determined based on the preset server information and the preset terminal information. If the second verification result meets the second preset condition, the terminal serial number transmitted by the client is received. If the terminal serial number and the preset terminal information meet the third preset condition, the client is granted security permissions. This allows the authorization system to be deployed only on the correct server, and ensures that the authorization system only authorizes POS machines that can be authorized, thereby avoiding illegal authorization of the authorization system and improving the security of POS machine authorization.

下面结合具体实施例对本申请提供的POS机安全授权部署方法进行示例性的说明。The POS terminal security authorization deployment method provided by the present application is exemplarily described below in conjunction with specific embodiments.

如图1所示,本实施例提供的POS机安全授权部署方法,应用于服务器端,包括:As shown in FIG1 , the POS machine security authorization deployment method provided in this embodiment is applied to the server side, and includes:

S100、获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息。S100, obtaining a server serial number hash value, preset server information, and preset terminal whitelist information.

在应用中,当客户的POS机需要授权来做拆机维修、系统设置、以及涉及安全的改动操作时,首先可以由POS机的生产公司将加密机又称授权机连接至客户的服务器,以便于将授权系统部署至客户的服务器上,上述服务器可以是基于windows环境的服务器。接着由客户将需要授权的POS机连接到自己的终端设备例如电脑上,使用终端设备中的授权工具通过互联网对上述服务器中的授权系统进行访问,授权工具是一个桌面工具,解压后双击对应的exe文件即可运行。服务器和加密机构成了服务器端,POS机和终端设备构成了客户端。 In the application, when the customer's POS machine needs authorization to disassemble and repair the machine, set up the system, and perform security-related modification operations, the POS machine manufacturer can first connect the encryption machine, also known as the authorization machine, to the customer's server to deploy the authorization system on the customer's server. The server can be a server based on the Windows environment. Then the customer connects the POS machine that needs authorization to his own terminal device, such as a computer, and uses the authorization tool in the terminal device to access the authorization system in the server through the Internet. The authorization tool is a desktop tool that can be run by double-clicking the corresponding exe file after decompression. The server and the encryption machine constitute the server side, and the POS machine and the terminal device constitute the client side.

在应用中,为确保授权系统部署在正确的服务器,以及授权系统接入的是可以进行授权的POS机,可以进行服务器验证和POS机的终端序列号验证。在授权系统启动的时候,获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息,上述服务器序列号哈希值可以是授权系统所部署的服务器的CPU序列号进行哈希处理后的哈希值,上述预设服务器信息可以是授权系统可以部署的服务器即正确的服务器有关的信息,上述预设终端白名单信息可以是授权系统可以进行授权的POS机有关的信息。In the application, in order to ensure that the authorization system is deployed on the correct server and that the authorization system is connected to a POS machine that can be authorized, server verification and POS terminal serial number verification can be performed. When the authorization system is started, the server serial number hash value, preset server information, and preset terminal whitelist information are obtained. The server serial number hash value can be a hash value of the CPU serial number of the server deployed by the authorization system after hash processing, the preset server information can be information about the server that can be deployed by the authorization system, that is, the correct server, and the preset terminal whitelist information can be information about the POS machine that can be authorized by the authorization system.

在应用中,在部署授权系统时,可以将上述预设服务器信息和上述预设终端白名单信息以文件形式跟随授权系统部署至服务器上,具体存放至授权系统部署文件中的一个指定目录,以便于后续进行服务器和终端序列号的验证。In the application, when deploying the authorization system, the above-mentioned preset server information and the above-mentioned preset terminal whitelist information can be deployed to the server in the form of files along with the authorization system, and specifically stored in a specified directory in the authorization system deployment file to facilitate subsequent verification of the server and terminal serial numbers.

S200、基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果。S200: Determine a first verification result of the server based on a hash value of the server serial number and preset server information.

在应用中,为确保授权系统部署在正确的服务器,可以对授权系统所部署的服务器进行验证。上述基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,可以是通过上述预设服务器信息对上述服务器序列号哈希值进行验证,从而确定服务器的第一验证结果。In the application, to ensure that the authorization system is deployed on the correct server, the server deployed by the authorization system can be verified. The first verification result of the server is determined based on the server serial number hash value and the preset server information, and the server serial number hash value is verified by the preset server information to determine the first verification result of the server.

在其中一个实施例中,预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,第一签名信息为基于私钥对第一预设客户信息和预设服务器序列号哈希值分别进行签名后的信息。In one of the embodiments, the preset server information includes first preset customer information, a preset server serial number hash value and first signature information, and the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key.

在应用中,上述预设服务器序列号哈希值可以是授权系统可以部署的服务器的CPU序列号进行哈希处理后的哈希值,为了避免攻击者轻易的推算出相关的信息,可以对服务器CPU序列号进行哈希处理,上述第一预设客户信息可以是上述预设服务器序列号哈希值对应的服务器所属客户信息,即该授权系统可以进行授权的正确客户信息,上述第一签名信息可以是使用POS机生产公司的私钥对上述第一预设客户信息以及上述预设服务器序列号哈希值进行签名得到的签名信息,具体签名过程为首先将第一预设客户信息和预设服务器序列号哈希值发送至POS机生产公司的终端,待操作人员使用POS机生产公司加密机中的私钥进行签名后,将签名信息发送至服务器端进行授权部署。In the application, the above-mentioned preset server serial number hash value can be a hash value of the CPU serial number of the server that can be deployed by the authorization system after hash processing. In order to prevent attackers from easily calculating related information, the server CPU serial number can be hashed. The above-mentioned first preset customer information can be the customer information of the server corresponding to the above-mentioned preset server serial number hash value, that is, the correct customer information that the authorization system can authorize. The above-mentioned first signature information can be the signature information obtained by signing the above-mentioned first preset customer information and the above-mentioned preset server serial number hash value using the private key of the POS machine manufacturing company. The specific signing process is to first send the first preset customer information and the preset server serial number hash value to the terminal of the POS machine manufacturing company. After the operator uses the private key in the encryption machine of the POS machine manufacturing company to sign, the signature information is sent to the server for authorization deployment.

如图2所示,基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,包括:As shown in FIG2 , based on the server serial number hash value and the preset server information, determining the first verification result of the server includes:

S210、基于公钥和第一签名信息,确定第一验签结果。S210: Determine a first signature verification result based on the public key and the first signature information.

在应用中,为防止上述预设服务器信息被篡改,在授权系统启动时,可以对上述第一签名信息进行验签。上述基于公钥和第一签名信息,确定第一验签结果,可以是调用授权系统中存放的公钥对上述预设服务器信息中的第一签名信息进行验签,从而确定上述第一验签结果。若上述预设服务器信息被篡改,则上述第一验签结果就会不通过,若上述预设服务器信息未被篡改,则上述第一验签结果通过。In the application, in order to prevent the above-mentioned preset server information from being tampered with, the above-mentioned first signature information can be verified when the authorization system is started. The above-mentioned determination of the first signature verification result based on the public key and the first signature information can be to call the public key stored in the authorization system to verify the first signature information in the above-mentioned preset server information, thereby determining the above-mentioned first signature verification result. If the above-mentioned preset server information is tampered with, the above-mentioned first signature verification result will fail. If the above-mentioned preset server information is not tampered with, the above-mentioned first signature verification result will pass.

S220、基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果。S220: Determine a first comparison result of the server based on the server serial number hash value and a preset server serial number hash value.

在应用中,在授权系统启动的时候,为了验证授权系统所部署的服务器是否为正确的服务器,可以在获取了上述服务器序列号哈希值后,通过上述预设服务器信息对上述服务器序列号哈希值进行验证。上述基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果,可以是将上述服务器序列号哈希值和上述预设服务器序列号哈希值进行对比,从而确定上述第一对比结果。若上述服务器序列号哈希值和上述预设服务器序列号哈希值相同,则上述第一对比结果通过,若上述服务器序列号哈希值和上述预设服务器序列号哈希值不相同,则上述第一对比结果不通过。In the application, when the authorization system is started, in order to verify whether the server deployed by the authorization system is the correct server, after obtaining the server serial number hash value, the server serial number hash value can be verified through the preset server information. The first comparison result of the server is determined based on the server serial number hash value and the preset server serial number hash value, which can be determined by comparing the server serial number hash value with the preset server serial number hash value. If the server serial number hash value is the same as the preset server serial number hash value, the first comparison result is passed. If the server serial number hash value is not the same as the preset server serial number hash value, the first comparison result is not passed.

S230、基于第一验签结果和第一对比结果,确定服务器的第一验证结果。S230: Determine a first verification result of the server based on the first signature verification result and the first comparison result.

在应用中,上述基于第一验签结果和第一对比结果,确定服务器的第一验证结果,可以是基于上述第一签名信息的第一验签结果,以及上述服务器序列号哈希值和上述预 设服务器序列号哈希值的第一对比结果确定服务器的第一验证结果。In the application, the first verification result of the server is determined based on the first verification result and the first comparison result, which can be based on the first verification result of the first signature information, the hash value of the server serial number and the pre- A first verification result of the server is determined by a first comparison result of the hash value of the server serial number.

在其中一个实施例中,上述第一预设条件为上述第一验签结果和上述第一对比结果均通过,即上述预设服务器信息未被篡改,且上述服务器序列号哈希值和上述预设服务器序列号哈希值相同。In one of the embodiments, the first preset condition is that both the first signature verification result and the first comparison result are passed, that is, the preset server information has not been tampered with, and the server serial number hash value is the same as the preset server serial number hash value.

在其中一个实施例中,基于第一验签结果和第一对比结果,确定服务器的第一验证结果之后,还包括:若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。In one of the embodiments, after determining the first verification result of the server based on the first signature verification result and the first comparison result, the method further includes: if the first verification result meets the first preset condition, storing the first preset customer information on the server.

在应用中,若上述第一验证结果满足上述第一预设条件,则说明授权系统所部署的服务器为正确的服务器,服务器验证通过。上述若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端,可以是在服务器验证通过之后,将上述第一预设客户信息写入服务器的内存中,以此配置在服务器中,表明上述第一预设客户信息为正确客户的信息。In the application, if the first verification result satisfies the first preset condition, it means that the server deployed by the authorization system is the correct server and the server verification is passed. If the first verification result satisfies the first preset condition, the first preset customer information is stored on the server side, which can be after the server verification is passed, the first preset customer information is written into the memory of the server, so as to be configured in the server, indicating that the first preset customer information is the correct customer information.

S300、若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果。S300: If the first verification result meets the first preset condition, determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information.

在应用中,若上述第一验证结果满足上述第一预设条件,则说明授权系统所部署的服务器为正确的服务器,服务器验证通过,可以再对接入授权系统的POS机的终端序列号进行验证。在进行终端序列号验证之前,需要验证上述预设终端白名单信息是否为正确客户自己的预设终端白名单信息。上述基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,可以是通过上述预设服务器信息中的第一预设客户信息对上述预设终端白名单信息进行验证,从而确定上述预设终端白名单信息的第二验证结果。In the application, if the above-mentioned first verification result meets the above-mentioned first preset condition, it means that the server deployed by the authorization system is the correct server. If the server verification is passed, the terminal serial number of the POS machine connected to the authorization system can be verified again. Before performing the terminal serial number verification, it is necessary to verify whether the above-mentioned preset terminal whitelist information is the correct customer's own preset terminal whitelist information. The above-mentioned second verification result of determining the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information can be to verify the above-mentioned preset terminal whitelist information through the first preset customer information in the above-mentioned preset server information, thereby determining the second verification result of the above-mentioned preset terminal whitelist information.

在其中一个实施例中,预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,第二签名信息为基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名后的信息。In one embodiment, the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list and second signature information, and the second signature information is information after the second preset customer information and the preset terminal serial number list are signed based on a private key.

在应用中,上述预设终端序列号列表可以是授权系统可以进行授权的POS机的终端序列号组成的列表,上述第二预设客户信息可以是上述预设终端序列号列表对应的POS机所属客户的信息。上述基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名,可以是使用POS机生产公司的私钥对上述第二预设客户信息以及上述预设终端序列号列表进行哈希处理后的哈希值分别进行签名,具体签名过程为首先将第二预设客户信息和预设终端序列号列表发送至POS机生产公司的终端,待操作人员使用POS机生产公司加密机中的私钥进行签名后,将签名信息发送至服务器端进行授权部署。上述预设终端白名单信息可以在授权系统启动的时候直接读取到服务器的内存中,防止其他客户恶意篡改上述预设终端白名单信息。In the application, the above-mentioned preset terminal serial number list can be a list of terminal serial numbers of POS machines that can be authorized by the authorization system, and the above-mentioned second preset customer information can be the information of the customer of the POS machine corresponding to the above-mentioned preset terminal serial number list. The above-mentioned signing of the second preset customer information and the preset terminal serial number list based on the private key can be signed by using the private key of the POS machine manufacturer to sign the hash value of the above-mentioned second preset customer information and the above-mentioned preset terminal serial number list after hash processing. The specific signing process is to first send the second preset customer information and the preset terminal serial number list to the terminal of the POS machine manufacturer, and after the operator signs with the private key in the encryption machine of the POS machine manufacturer, send the signature information to the server for authorization deployment. The above-mentioned preset terminal whitelist information can be directly read into the memory of the server when the authorization system is started to prevent other customers from maliciously tampering with the above-mentioned preset terminal whitelist information.

如图3所示,若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,包括:As shown in FIG3 , if the first verification result satisfies the first preset condition, based on the preset server information and the preset terminal whitelist information, determining the second verification result of the preset terminal whitelist information includes:

S310、若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果。S310: If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information.

在应用中,为防止上述预设终端白名单信息被篡改,在授权系统启动时,可以对上述第二签名信息进行验签。上述基于公钥和第二签名信息,确定第二验签结果,可以是调用授权系统中存放的公钥对上述预设终端白名单信息中的第二签名信息进行验签,从而确定上述第二验签结果。若上述预设终端白名单信息被篡改,则上述第二验签结果就会不通过,若上述预设终端白名单信息未被篡改,则上述第二验签结果通过。In the application, in order to prevent the above-mentioned preset terminal whitelist information from being tampered with, the above-mentioned second signature information can be verified when the authorization system is started. The above-mentioned determination of the second signature verification result based on the public key and the second signature information can be to call the public key stored in the authorization system to verify the second signature information in the above-mentioned preset terminal whitelist information, thereby determining the above-mentioned second signature verification result. If the above-mentioned preset terminal whitelist information is tampered with, the above-mentioned second signature verification result will fail. If the above-mentioned preset terminal whitelist information has not been tampered with, the above-mentioned second signature verification result will pass.

S320、基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果。S320: Determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information.

在应用中,在进行终端序列号验证之前,为了验证上述预设终端白名单信息是否为正确客户自己的预设终端白名单信息,可以通过上述预设服务器信息中的第一预设客户 信息对上述预设终端白名单信息中的第二预设客户信息进行验证。上述基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果,可以是将上述第一预设客户信息和上述第二预设客户信息进行对比,从而确定客户信息的第二对比结果。若上述第一预设客户信息和上述第二预设客户信息相同,则上述第二对比结果通过,若上述第一预设客户信息和上述第二预设客户信息不相同,则上述第二对比结果不通过。In the application, before performing terminal serial number verification, in order to verify whether the above-mentioned preset terminal whitelist information is the correct client's own preset terminal whitelist information, the first preset client in the above-mentioned preset server information can be used. The information verifies the second preset customer information in the preset terminal whitelist information. The second comparison result of the customer information is determined based on the first preset customer information and the second preset customer information, and the second comparison result of the customer information is determined by comparing the first preset customer information with the second preset customer information. If the first preset customer information and the second preset customer information are the same, the second comparison result passes; if the first preset customer information and the second preset customer information are different, the second comparison result fails.

S330、基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。S330: Determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.

在应用中,上述基于第二验签结果和第二对比结果,确定预设终端信息的第二验证结果,可以是基于上述第二签名信息的第二验签结果,以及上述第一预设客户信息和上述第二预设客户信息的第二对比结果确定预设终端白名单信息的第二验证结果。In the application, the second verification result of the preset terminal information is determined based on the second signature verification result and the second comparison result. The second verification result of the preset terminal whitelist information is determined based on the second signature verification result of the second signature information and the second comparison result of the first preset customer information and the second preset customer information.

在其中一个实施例中,上述第二预设条件为上述第二验签结果和上述第二对比结果均通过,即上述预设终端白名单信息未被篡改,且上述第一预设客户信息和上述第二预设客户信息相同。In one embodiment, the second preset condition is that both the second signature verification result and the second comparison result are passed, that is, the preset terminal whitelist information has not been tampered with, and the first preset customer information is the same as the second preset customer information.

在其中一个实施例中,基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果之后,还包括:若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。In one of the embodiments, after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, it also includes: if the second verification result meets the second preset condition, storing the preset terminal serial number list to the server.

在应用中,由于上述第一预设客户信息已经被确定为正确客户的信息,因此若上述第二验证结果满足上述第二预设条件,则说明上述预设终端白名单信息也就是正确客户自己的预设终端白名单信息,上述预设终端白名单信息验证通过。上述若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端,可以是在预设终端白名单信息验证通过后,将上述预设终端白名单信息中的预设终端序列号列表写入服务器的内存中,以便后续进行终端序列号的验证。通过进行预设终端白名单信息的验证,能够使得客户只能使用自己的预设终端序列号列表进行终端序列号验证,避免客户恶意的使用其他客户的预设终端序列号列表。In the application, since the above-mentioned first preset customer information has been determined to be the information of the correct customer, if the above-mentioned second verification result meets the above-mentioned second preset condition, it means that the above-mentioned preset terminal whitelist information is also the preset terminal whitelist information of the correct customer, and the above-mentioned preset terminal whitelist information is verified. If the above-mentioned second verification result meets the second preset condition, the preset terminal serial number list is stored on the server side. It can be that after the preset terminal whitelist information is verified, the preset terminal serial number list in the above-mentioned preset terminal whitelist information is written into the memory of the server, so as to perform the subsequent verification of the terminal serial number. By verifying the preset terminal whitelist information, the customer can only use his own preset terminal serial number list for terminal serial number verification, avoiding the customer from maliciously using the preset terminal serial number list of other customers.

S400、若第二验证结果满足第二预设条件,接收客户端传送的终端序列号。S400: If the second verification result satisfies the second preset condition, receive the terminal serial number transmitted by the client.

在应用中,若上述第二验证结果满足上述第二预设条件,则说明上述预设终端白名单信息为正确客户自己的预设终端信息,上述预设终端白名单信息验证通过,此时可以利用上述预设终端白名单信息中的预设终端序列号列表对客户端接入授权系统的POS机进行终端序列号验证。上述终端序列号可以是POS机的SN(SerialIn the application, if the second verification result meets the second preset condition, it means that the preset terminal whitelist information is the correct preset terminal information of the client, and the preset terminal whitelist information is verified. At this time, the preset terminal serial number list in the preset terminal whitelist information can be used to verify the terminal serial number of the POS machine that the client accesses the authorization system. The terminal serial number can be the SN (Serial Number) of the POS machine.

S500、若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。S500: If the terminal serial number and the preset terminal whitelist information meet the third preset condition, grant the client security authority.

在应用中,为了使授权系统只对可以进行授权的POS机进行授权,可以通过上述预设终端白名单信息对客户端接入授权系统的POS机的终端序列号进行验证,判断上述终端序列号与上述预设终端白名单信息是否满足第三预设条件,若满足则授予客户端接入授权系统的POS机安全权限。In the application, in order to make the authorization system authorize only the POS machines that can be authorized, the terminal serial number of the POS machine of the client accessing the authorization system can be verified through the above-mentioned preset terminal whitelist information, and it can be determined whether the above-mentioned terminal serial number and the above-mentioned preset terminal whitelist information meet the third preset condition. If so, the client is granted the security authority to access the POS machine of the authorization system.

如图4所示,上述若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限,包括:As shown in FIG. 4 , if the terminal serial number and the preset terminal whitelist information meet the third preset condition, granting the client security permission includes:

S510、基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果。S510: Determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information.

在应用中,上述基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,可以是将客户端接入授权系统的POS机的终端序列号与上述预设终端白名单信息进行对比得到上述第三对比结果,并根据上述第三对比结果确定终端序列号的第三验证结果。In the application, the third verification result of the terminal serial number is determined based on the third comparison result between the terminal serial number and the preset terminal whitelist information. The terminal serial number of the POS machine of the client accessing the authorization system is compared with the preset terminal whitelist information to obtain the third comparison result, and the third verification result of the terminal serial number is determined based on the third comparison result.

在一个实施例中,上述基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,包括:基于终端序列号和预设终端序列号列表的第三对 比结果,确定终端序列号的第三验证结果;上述第三预设条件为上述终端序列号包含在上述预设终端序列号列表内。In one embodiment, the third verification result of the terminal serial number is determined based on the third comparison result of the terminal serial number and the preset terminal whitelist information, including: The third verification result of the terminal serial number is determined by comparing the results; the third preset condition is that the terminal serial number is included in the preset terminal serial number list.

在应用中,上述基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果,可以是将客户端接入授权系统的POS机的终端序列号与上述预设终端白名单信息中的预设终端序列号列表进行对比,得到上述第三对比结果,并根据上述第三对比结果确定终端序列号的第三验证结果。In the application, the third verification result of the terminal serial number is determined based on the third comparison result between the terminal serial number and the preset terminal serial number list. The terminal serial number of the POS machine for client access to the authorization system is compared with the preset terminal serial number list in the preset terminal whitelist information to obtain the third comparison result, and the third verification result of the terminal serial number is determined based on the third comparison result.

S520、若第三验证结果满足第三预设条件,授予客户端安全权限。S520: If the third verification result meets the third preset condition, grant the client security authority.

在应用中,若上述第三验证结果满足上述第三预设条件,则说明客户端接入授权系统的POS机的终端序列号包含在上述预设终端序列号列表内,客户端接入授权系统的POS机是可以进行授权的POS机,授权系统可以授权POS机安全权限。若上述终端序列号和上述预设终端白名单信息不满足第三预设条件,则说明客户端接入授权系统的POS机的终端序列号不包含在上述预设终端序列号列表内,客户端接入授权系统的POS机是不可以进行授权的POS机,授权系统不授予POS机安全权限。In the application, if the third verification result satisfies the third preset condition, it means that the terminal serial number of the POS machine accessed by the client to the authorization system is included in the preset terminal serial number list, the POS machine accessed by the client to the authorization system is a POS machine that can be authorized, and the authorization system can authorize the POS machine security permissions. If the terminal serial number and the preset terminal whitelist information do not meet the third preset condition, it means that the terminal serial number of the POS machine accessed by the client to the authorization system is not included in the preset terminal serial number list, the POS machine accessed by the client to the authorization system is a POS machine that cannot be authorized, and the authorization system does not grant the POS machine security permissions.

具体地,在对POS授权使用场景中,授权系统可以是运行在windows服务器上的一个web系统,管理员可以将授权系统部署至客户的服务器上,并通过浏览器对授权系统进行操作。在客户的POS机需要进行安全权限的授权时,客户可以将POS机接入自己的终端设备例如电脑,再使用终端设备中的授权工具通过互联网对授权系统进行访问。授权系统部署在客户的服务器上时,通过获取服务器的序列号哈希值,并基于预设服务器信息对服务器序列号哈希值进行验证,能够验证授权系统所部署的服务器是否为正确的服务器,使得授权系统只能部署在正确的服务器上。若服务器验证通过,再基于验证通过的预设终端白名单信息对客户接入授权系统的POS机的终端序列号进行验证,若终端序列号验证通过则授予POS机安全权限,能够确保授权系统只对可以进行授权的POS机授权,从而严格把控POS机授权的安全性,防止授权系统非法授权。Specifically, in the POS authorization usage scenario, the authorization system can be a web system running on a Windows server. The administrator can deploy the authorization system on the customer's server and operate the authorization system through a browser. When the customer's POS machine needs to be authorized for security permissions, the customer can connect the POS machine to his terminal device, such as a computer, and then use the authorization tool in the terminal device to access the authorization system through the Internet. When the authorization system is deployed on the customer's server, by obtaining the server's serial number hash value and verifying the server serial number hash value based on the preset server information, it can be verified whether the server deployed by the authorization system is the correct server, so that the authorization system can only be deployed on the correct server. If the server verification passes, the terminal serial number of the customer's POS machine accessing the authorization system is verified based on the preset terminal whitelist information that has passed the verification. If the terminal serial number verification passes, the POS machine security permissions are granted, which can ensure that the authorization system only authorizes POS machines that can be authorized, thereby strictly controlling the security of POS machine authorization and preventing the authorization system from illegally authorizing.

本申请实施例还提供了一种POS机安全授权部署方法,应用于客户端,包括:发送终端序列号至服务器端;若终端序列号和预设终端白名单信息满足第三预设条件,获取服务器端授予的安全权限。The embodiment of the present application also provides a POS machine security authorization deployment method, which is applied to the client, including: sending the terminal serial number to the server; if the terminal serial number and the preset terminal whitelist information meet the third preset condition, obtaining the security authority granted by the server.

需要说明的是,上述应用于客户端的POS机安全授权部署方法,由于与上述应用于服务器端的POS机安全授权部署方法基于同一构思,其具体功能及带来的技术效果,具体可参见上述应用于服务器端的POS机安全授权部署方法实施例部分,此处不再赘述。It should be noted that the above-mentioned POS machine security authorization deployment method applied to the client is based on the same concept as the above-mentioned POS machine security authorization deployment method applied to the server. Its specific functions and technical effects can be found in the embodiment of the above-mentioned POS machine security authorization deployment method applied to the server, and will not be repeated here.

下面结合附图对本申请提供的POS机安全授权部署装置进行示例性的说明。The following is an exemplary description of the POS terminal security authorization deployment device provided in this application in conjunction with the accompanying drawings.

对应于上文实施例所述的POS机安全授权部署方法,如图5所示,本实施例提供了一种POS机安全授权部署装置,应用于服务器端,该POS机安全授权部署装置500包括:Corresponding to the POS machine security authorization deployment method described in the above embodiment, as shown in FIG5 , this embodiment provides a POS machine security authorization deployment device, which is applied to the server side. The POS machine security authorization deployment device 500 includes:

信息获取模块510,用于获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;The information acquisition module 510 is used to obtain the server serial number hash value, preset server information and preset terminal whitelist information;

第一验证模块520,用于基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;A first verification module 520, configured to determine a first verification result of the server based on a hash value of the server serial number and preset server information;

第二验证模块530,用于若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;The second verification module 530 is used to determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result meets the first preset condition;

序列接收模块540,用于若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;The sequence receiving module 540 is used to receive the terminal sequence number transmitted by the client if the second verification result meets the second preset condition;

第三验证模块550,用于若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。The third verification module 550 is used to grant the client security authority if the terminal serial number and the preset terminal whitelist information meet the third preset condition.

在其中一个实施例中,第一验证模块,包括:In one embodiment, the first verification module includes:

第一验签单元,用于基于公钥和第一签名信息,确定第一验签结果; A first signature verification unit, used to determine a first signature verification result based on the public key and the first signature information;

第一对比单元,用于基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果;A first comparison unit, configured to determine a first comparison result of the server based on a hash value of the server serial number and a preset hash value of the server serial number;

第一验证单元,用于基于第一验签结果和第一对比结果,确定服务器的第一验证结果。The first verification unit is used to determine a first verification result of the server based on the first signature verification result and the first comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS terminal security authorization deployment device further includes:

第一存储模块,用于若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。The first storage module is used to store the first preset customer information to the server side if the first verification result meets the first preset condition.

在其中一个实施例中,第二验证模块,包括:In one embodiment, the second verification module includes:

第二验签单元,用于若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;A second signature verification unit, configured to determine a second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition;

第二对比单元,用于基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;A second comparison unit, configured to determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information;

第二验证单元,用于基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。The second verification unit is used to determine a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS terminal security authorization deployment device further includes:

第二存储模块,用于若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。The second storage module is used to store the preset terminal serial number list in the server side if the second verification result meets the second preset condition.

在其中一个实施例中,第三验证模块,包括:In one embodiment, the third verification module includes:

第三对比单元,用于基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;A third comparison unit, configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal whitelist information;

权限授予单元,用于若第三验证结果满足第三预设条件,授予客户端安全权限。The permission granting unit is used to grant the client security permission if the third verification result meets the third preset condition.

在其中一个实施例中,第三对比单元,具体用于基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果。In one of the embodiments, the third comparison unit is specifically configured to determine a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and a preset terminal serial number list.

需要说明的是,上述模块/单元之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其具体功能及带来的技术效果,具体可参见方法实施例部分,此处不再赘述。It should be noted that the information interaction, execution process, etc. between the above-mentioned modules/units are based on the same concept as the method embodiment of the present application. Their specific functions and technical effects can be found in the method embodiment part and will not be repeated here.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。The technicians in the relevant field can clearly understand that for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example for illustration. In practical applications, the above-mentioned function allocation can be completed by different functional units and modules as needed, that is, the internal structure of the device can be divided into different functional units or modules to complete all or part of the functions described above. The functional units and modules in the embodiment can be integrated in a processing unit, or each unit can exist physically separately, or two or more units can be integrated in one unit. The above-mentioned integrated unit can be implemented in the form of hardware or in the form of software functional units. In addition, the specific names of the functional units and modules are only for the convenience of distinguishing each other, and are not used to limit the scope of protection of this application. The specific working process of the units and modules in the above-mentioned system can refer to the corresponding process in the aforementioned method embodiment, which will not be repeated here.

本申请实施例还提供了一种计算机可读存储介质,计算机可读存储介质存储有计算机程序,计算机程序被处理器执行时可实现上述各个方法实施例中的步骤。The embodiment of the present application further provides a computer-readable storage medium, which stores a computer program. When the computer program is executed by a processor, the steps in the above-mentioned method embodiments can be implemented.

本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到终端设备的任何实体或设备、记录介质、计算机存储器、只读存储器(ROM,Read-OnlyThe present application implements all or part of the processes in the above-mentioned embodiment method, which can be completed by instructing the relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When the computer program is executed by a processor, it can implement the steps of each of the above-mentioned method embodiments. Among them, the computer program includes computer program code, and the computer program code can be in source code form, object code form, executable file or some intermediate form. The computer-readable medium may at least include: any entity or device that can carry the computer program code to a terminal device, a recording medium, a computer memory, a read-only memory (ROM, Read-Only

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。 In the above embodiments, the description of each embodiment has its own emphasis. For parts that are not described or recorded in detail in a certain embodiment, reference can be made to the relevant descriptions of other embodiments.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的设备及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the devices and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of this application.

在本申请所提供的实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。例如,以上所描述的设备实施例仅仅是示意性的,另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,设备间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided in the present application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interface, indirect coupling or communication connection of devices, which can be electrical, mechanical or other forms.

以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。 The embodiments described above are only used to illustrate the technical solutions of the present application, rather than to limit them. Although the present application has been described in detail with reference to the aforementioned embodiments, a person skilled in the art should understand that the technical solutions described in the aforementioned embodiments may still be modified, or some of the technical features may be replaced by equivalents. Such modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the present application, and should all be included in the protection scope of the present application.

Claims (17)

一种POS机安全授权部署方法,其中,应用于服务器端,包括:A method for deploying secure authorization of a POS machine, which is applied to a server and includes: 获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Obtain the server serial number hash value, preset server information, and preset terminal whitelist information; 基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果;Determine a first verification result of the server based on the server serial number hash value and the preset server information; 若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果;If the first verification result satisfies a first preset condition, determining a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information; 若所述第二验证结果满足第二预设条件,接收客户端传送的终端序列号;If the second verification result satisfies the second preset condition, receiving the terminal serial number transmitted by the client; 若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限。If the terminal serial number and the preset terminal whitelist information meet a third preset condition, the client security authority is granted. 如权利要求1所述的POS机安全授权部署方法,其中,所述预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,所述第一签名信息为基于私钥对所述第一预设客户信息和所述预设服务器序列号哈希值分别进行签名后的信息;The POS machine security authorization deployment method according to claim 1, wherein the preset server information includes first preset customer information, a preset server serial number hash value and first signature information, and the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key; 所述基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果,包括:The determining a first verification result of the server based on the server serial number hash value and the preset server information includes: 基于公钥和所述第一签名信息,确定第一验签结果;Determine a first signature verification result based on the public key and the first signature information; 基于所述服务器序列号哈希值和所述预设服务器序列号哈希值,确定服务器的第一对比结果;Determine a first comparison result of the server based on the server serial number hash value and the preset server serial number hash value; 基于所述第一验签结果和所述第一对比结果,确定服务器的第一验证结果;Determining a first verification result of the server based on the first signature verification result and the first comparison result; 所述第一预设条件为所述第一验签结果通过且所述第一对比结果为所述服务器序列号哈希值和所述预设服务器序列号哈希值相同。The first preset condition is that the first signature verification result passes and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value. 如权利要求2所述的POS机安全授权部署方法,其中,所述基于所述第一验签结果和所述第一对比结果,确定服务器的第一验证结果之后,还包括:The POS machine security authorization deployment method according to claim 2, wherein after determining the first verification result of the server based on the first signature verification result and the first comparison result, the method further comprises: 若所述第一验证结果满足所述第一预设条件,将所述第一预设客户信息存储至所述服务器端。If the first verification result meets the first preset condition, the first preset customer information is stored in the server. 如权利要求2所述的POS机安全授权部署方法,其中,所述预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,所述第二签名信息为基于私钥对所述第二预设客户信息和所述预设终端序列号列表分别进行签名后的信息;所述若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果,包括:The POS machine security authorization deployment method according to claim 2, wherein the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list and second signature information, and the second signature information is information after the second preset customer information and the preset terminal serial number list are signed respectively based on a private key; if the first verification result satisfies the first preset condition, based on the preset server information and the preset terminal whitelist information, determining the second verification result of the preset terminal whitelist information comprises: 若所述第一验证结果满足第一预设条件,基于公钥和所述第二签名信息,确定第二验签结果;If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information; 基于所述第一预设客户信息和所述第二预设客户信息,确定客户信息的第二对比结果;Determining a second comparison result of the customer information based on the first preset customer information and the second preset customer information; 基于所述第二验签结果和所述第二对比结果,确定所述预设终端白名单信息的第二验证结果; Determining a second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result; 所述第二预设条件为所述第二验签结果通过且所述第二对比结果为所述第一预设客户信息和所述第二预设客户信息相同。The second preset condition is that the second signature verification result passes and the second comparison result is that the first preset customer information and the second preset customer information are the same. 如权利要求4所述的POS机安全授权部署方法,其中,所述基于所述第二验签结果和所述第二对比结果,确定所述预设终端白名单信息的第二验证结果之后,还包括:The POS machine security authorization deployment method according to claim 4, wherein after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, it also includes: 若所述第二验证结果满足所述第二预设条件,将所述预设终端序列号列表存储至所述服务器端。If the second verification result meets the second preset condition, the preset terminal serial number list is stored in the server. 如权利要求4所述的POS机安全授权部署方法,其中,所述若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限,包括:The POS machine security authorization deployment method according to claim 4, wherein if the terminal serial number and the preset terminal whitelist information meet a third preset condition, granting the client security authority comprises: 基于所述终端序列号和所述预设终端白名单信息的第三对比结果,确定所述终端序列号的第三验证结果;若所述第三验证结果满足所述第三预设条件,授予所述客户端安全权限。Based on a third comparison result between the terminal serial number and the preset terminal whitelist information, a third verification result of the terminal serial number is determined; if the third verification result meets the third preset condition, the client security authority is granted. 如权利要求6所述的POS机安全授权部署方法,其中,所述基于所述终端序列号和所述预设终端白名单信息的第三对比结果,确定所述终端序列号的第三验证结果,包括:The POS machine security authorization deployment method according to claim 6, wherein the determining the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information comprises: 基于所述终端序列号和所述预设终端序列号列表的第三对比结果,确定所述终端序列号的第三验证结果;Determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal serial number list; 所述第三预设条件为所述终端序列号包含在所述预设终端序列号列表内。The third preset condition is that the terminal serial number is included in the preset terminal serial number list. 一种POS机安全授权部署方法,其中,应用于客户端,包括:A method for deploying secure authorization of a POS machine, which is applied to a client and includes: 发送终端序列号至服务器端;Send the terminal serial number to the server; 若所述终端序列号和预设终端白名单信息满足第三预设条件,获取所述服务器端授予的安全权限。If the terminal serial number and the preset terminal whitelist information meet the third preset condition, the security authority granted by the server is obtained. 一种POS机安全授权部署装置,其中,应用于服务器端,包括:A POS machine security authorization deployment device, which is applied to a server side and includes: 信息获取模块,用于获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;An information acquisition module is used to obtain a server serial number hash value, preset server information, and preset terminal whitelist information; 第一验证模块,用于基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果;A first verification module, used to determine a first verification result of the server based on the server serial number hash value and the preset server information; 第二验证模块,用于若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果;A second verification module, configured to determine a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result satisfies a first preset condition; 序列接收模块,用于若所述第二验证结果满足第二预设条件,接收客户端传送的终端序列号;A sequence receiving module, configured to receive a terminal sequence number transmitted by the client if the second verification result satisfies a second preset condition; 第三验证模块,用于若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限。The third verification module is used to grant the client security authority if the terminal serial number and the preset terminal whitelist information meet a third preset condition. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其中,所述计算机程序被处理器执行时实现:A computer-readable storage medium stores a computer program, wherein when the computer program is executed by a processor, the computer program implements: 获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Obtain the server serial number hash value, preset server information, and preset terminal whitelist information; 基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果;Determine a first verification result of the server based on the server serial number hash value and the preset server information; 若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果; If the first verification result satisfies a first preset condition, determining a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information; 若所述第二验证结果满足第二预设条件,接收客户端传送的终端序列号;If the second verification result satisfies the second preset condition, receiving the terminal serial number transmitted by the client; 若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限。If the terminal serial number and the preset terminal whitelist information meet a third preset condition, the client security authority is granted. 一种服务器,所述服务器包括存储器及处理器,其中,所述存储器用于存储计算机程序,所述处理器用于执行所述计算机程序以实现:A server, comprising a memory and a processor, wherein the memory is used to store a computer program, and the processor is used to execute the computer program to implement: 获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Obtain the server serial number hash value, preset server information, and preset terminal whitelist information; 基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果;Determine a first verification result of the server based on the server serial number hash value and the preset server information; 若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果;If the first verification result satisfies a first preset condition, determining a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information; 若所述第二验证结果满足第二预设条件,接收客户端传送的终端序列号;If the second verification result satisfies the second preset condition, receiving the terminal serial number transmitted by the client; 若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限。If the terminal serial number and the preset terminal whitelist information meet a third preset condition, the client security authority is granted. 如权利要求11所述的服务器,其中,所述预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,所述第一签名信息为基于私钥对所述第一预设客户信息和所述预设服务器序列号哈希值分别进行签名后的信息;The server according to claim 11, wherein the preset server information includes first preset customer information, a preset server serial number hash value, and first signature information, and the first signature information is information signed by the first preset customer information and the preset server serial number hash value based on a private key; 所述基于所述服务器序列号哈希值和所述预设服务器信息,确定服务器的第一验证结果,包括:The determining a first verification result of the server based on the server serial number hash value and the preset server information includes: 基于公钥和所述第一签名信息,确定第一验签结果;Determine a first signature verification result based on the public key and the first signature information; 基于所述服务器序列号哈希值和所述预设服务器序列号哈希值,确定服务器的第一对比结果;Determine a first comparison result of the server based on the server serial number hash value and the preset server serial number hash value; 基于所述第一验签结果和所述第一对比结果,确定服务器的第一验证结果;Determining a first verification result of the server based on the first signature verification result and the first comparison result; 所述第一预设条件为所述第一验签结果通过且所述第一对比结果为所述服务器序列号哈希值和所述预设服务器序列号哈希值相同。The first preset condition is that the first signature verification result passes and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value. 如权利要求12所述的服务器,其中,所述基于所述第一验签结果和所述第一对比结果,确定服务器的第一验证结果之后,所述处理器用于执行所述计算机程序还用以实现:The server according to claim 12, wherein after determining the first verification result of the server based on the first signature verification result and the first comparison result, the processor is used to execute the computer program to further implement: 若所述第一验证结果满足所述第一预设条件,将所述第一预设客户信息存储至所述服务器端。If the first verification result meets the first preset condition, the first preset customer information is stored in the server. 如权利要求12所述的服务器,其中,所述预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,所述第二签名信息为基于私钥对所述第二预设客户信息和所述预设终端序列号列表分别进行签名后的信息;所述若所述第一验证结果满足第一预设条件,基于所述预设服务器信息和所述预设终端白名单信息,确定所述预设终端白名单信息的第二验证结果,包括:The server according to claim 12, wherein the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list, and second signature information, and the second signature information is information after the second preset customer information and the preset terminal serial number list are signed based on a private key; if the first verification result satisfies the first preset condition, determining the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information, comprises: 若所述第一验证结果满足第一预设条件,基于公钥和所述第二签名信息,确定第二验签结果;If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information; 基于所述第一预设客户信息和所述第二预设客户信息,确定客户信息的第二对比结果;Determining a second comparison result of the customer information based on the first preset customer information and the second preset customer information; 基于所述第二验签结果和所述第二对比结果,确定所述预设终端白名单信息的第二 验证结果;Based on the second signature verification result and the second comparison result, determining the second Verify the results; 所述第二预设条件为所述第二验签结果通过且所述第二对比结果为所述第一预设客户信息和所述第二预设客户信息相同。The second preset condition is that the second signature verification result passes and the second comparison result is that the first preset customer information and the second preset customer information are the same. 如权利要求14所述的服务器,其中,所述基于所述第二验签结果和所述第二对比结果,确定所述预设终端白名单信息的第二验证结果之后,所述处理器用于执行所述计算机程序还用以实现:The server according to claim 14, wherein after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, the processor is used to execute the computer program to further implement: 若所述第二验证结果满足所述第二预设条件,将所述预设终端序列号列表存储至所述服务器端。If the second verification result meets the second preset condition, the preset terminal serial number list is stored in the server. 如权利要求14所述的服务器,其中,所述若所述终端序列号和所述预设终端白名单信息满足第三预设条件,授予所述客户端安全权限,包括:The server according to claim 14, wherein if the terminal serial number and the preset terminal whitelist information meet a third preset condition, granting the client security permission comprises: 基于所述终端序列号和所述预设终端白名单信息的第三对比结果,确定所述终端序列号的第三验证结果;若所述第三验证结果满足所述第三预设条件,授予所述客户端安全权限。Based on a third comparison result between the terminal serial number and the preset terminal whitelist information, a third verification result of the terminal serial number is determined; if the third verification result meets the third preset condition, the client security authority is granted. 如权利要求16所述的服务器,其中,所述基于所述终端序列号和所述预设终端白名单信息的第三对比结果,确定所述终端序列号的第三验证结果,包括:The server according to claim 16, wherein the determining the third verification result of the terminal serial number based on the third comparison result between the terminal serial number and the preset terminal whitelist information comprises: 基于所述终端序列号和所述预设终端序列号列表的第三对比结果,确定所述终端序列号的第三验证结果;Determining a third verification result of the terminal serial number based on a third comparison result between the terminal serial number and the preset terminal serial number list; 所述第三预设条件为所述终端序列号包含在所述预设终端序列号列表内。 The third preset condition is that the terminal serial number is included in the preset terminal serial number list.
PCT/CN2024/100247 2023-07-14 2024-06-20 Deployment method and device for security authorization of pos machine, and storage medium Pending WO2025016143A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310868972.1 2023-07-14
CN202310868972.1A CN116938471A (en) 2023-07-14 2023-07-14 A POS machine security authorization deployment method, device and storage medium

Publications (1)

Publication Number Publication Date
WO2025016143A1 true WO2025016143A1 (en) 2025-01-23

Family

ID=88388940

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/100247 Pending WO2025016143A1 (en) 2023-07-14 2024-06-20 Deployment method and device for security authorization of pos machine, and storage medium

Country Status (2)

Country Link
CN (1) CN116938471A (en)
WO (1) WO2025016143A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938471A (en) * 2023-07-14 2023-10-24 百富计算机技术(深圳)有限公司 A POS machine security authorization deployment method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278792A1 (en) * 2014-03-31 2015-10-01 Compagnie Industrielle Et Financiere D'ingenierie "Ingenico" Method for verifying the authenticity of a terminal, corresponding device and program
CN107133512A (en) * 2017-03-14 2017-09-05 万达百汇科技(深圳)有限公司 POS terminal control method and device
CN108496194A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A method, server and system for verifying terminal legitimacy
CN111556024A (en) * 2020-03-31 2020-08-18 中国航天系统科学与工程研究院 Reverse access control system and method
CN116938471A (en) * 2023-07-14 2023-10-24 百富计算机技术(深圳)有限公司 A POS machine security authorization deployment method, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278792A1 (en) * 2014-03-31 2015-10-01 Compagnie Industrielle Et Financiere D'ingenierie "Ingenico" Method for verifying the authenticity of a terminal, corresponding device and program
CN107133512A (en) * 2017-03-14 2017-09-05 万达百汇科技(深圳)有限公司 POS terminal control method and device
CN108496194A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A method, server and system for verifying terminal legitimacy
CN111556024A (en) * 2020-03-31 2020-08-18 中国航天系统科学与工程研究院 Reverse access control system and method
CN116938471A (en) * 2023-07-14 2023-10-24 百富计算机技术(深圳)有限公司 A POS machine security authorization deployment method, device and storage medium

Also Published As

Publication number Publication date
CN116938471A (en) 2023-10-24

Similar Documents

Publication Publication Date Title
JP4278327B2 (en) Computer platform and operation method thereof
US9424431B2 (en) Protecting operating system configuration values using a policy identifying operating system configuration settings
CN100568212C (en) Isolation system and isolation method
US8015417B2 (en) Remote access system, gateway, client device, program, and storage medium
JP5030626B2 (en) Scoped permissions for software application distribution
JP4219561B2 (en) Smart card user interface for trusted computing platforms
JP2686218B2 (en) Alias detection method on computer system, distributed computer system and method of operating the same, and distributed computer system performing alias detection
CN105122260A (en) Context-based switching to a secure operating system environment
JP2008146479A (en) Software component, software component management method, and software component management system
JP2003507784A (en) Mandatory restrictions on the use of stored data
US12086257B2 (en) Trusted firmware verification
US9021253B2 (en) Quarantine method and system
CN111881424A (en) A kind of license authorization method and device based on machine identification code
WO2018166163A1 (en) Pos terminal control method, pos terminal, server and storage medium
WO2025016143A1 (en) Deployment method and device for security authorization of pos machine, and storage medium
US20170093844A1 (en) Data Theft Deterrence
US20250272366A1 (en) Systems and methods for authentication of physical access tokens at access terminals
CN113806716B (en) Intelligent security authentication method, device and storage medium
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
US12443767B2 (en) Systems and methods for identifying peripheral devices and logging operations performed thereon
CN120658454A (en) Method and system for implementing anti-cracking authorization authentication using firmware multi-factor authentication technology
CN110149261A (en) Detection job network framework and the information management-control method being applied thereon

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24842142

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载