[go: up one dir, main page]

CN116938471A - A POS machine security authorization deployment method, device and storage medium - Google Patents

A POS machine security authorization deployment method, device and storage medium Download PDF

Info

Publication number
CN116938471A
CN116938471A CN202310868972.1A CN202310868972A CN116938471A CN 116938471 A CN116938471 A CN 116938471A CN 202310868972 A CN202310868972 A CN 202310868972A CN 116938471 A CN116938471 A CN 116938471A
Authority
CN
China
Prior art keywords
preset
information
server
serial number
verification result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310868972.1A
Other languages
Chinese (zh)
Inventor
黎明
魏鸣飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PAX Computer Technology Shenzhen Co Ltd
Original Assignee
PAX Computer Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PAX Computer Technology Shenzhen Co Ltd filed Critical PAX Computer Technology Shenzhen Co Ltd
Priority to CN202310868972.1A priority Critical patent/CN116938471A/en
Publication of CN116938471A publication Critical patent/CN116938471A/en
Priority to PCT/CN2024/100247 priority patent/WO2025016143A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

The application is applicable to the technical field of POS machines, and provides a POS machine security authorization deployment method, a POS machine security authorization deployment device and a storage medium, wherein the POS machine security authorization deployment method is applied to a server and comprises the following steps: obtaining a server serial number hash value, preset server information and preset terminal white list information; determining a first verification result of the server based on the server serial number hash value and preset server information; if the first verification result meets the first preset condition, determining a second verification result of the preset terminal white list information based on the preset server information and the preset terminal white list information; if the second verification result meets a second preset condition, receiving a terminal serial number transmitted by the client; and if the terminal serial number and the preset terminal white list information meet a third preset condition, granting the security authority to the client. The application can ensure that the authorization system can only be deployed on a correct server, can also avoid illegal authorization of the authorization system, and improves the authorization security of the POS machine.

Description

一种POS机安全授权部署方法、装置及存储介质A POS machine security authorization deployment method, device and storage medium

技术领域Technical field

本申请属于POS机技术领域,尤其涉及一种POS机安全授权部署方法、装置及存储介质。The present application belongs to the technical field of POS machines, and in particular relates to a POS machine security authorization deployment method, device and storage medium.

背景技术Background technique

目前,随着POS机的广泛使用,社会消费结算电子化日益成熟,激烈的市场竞争也带来了众多的金融风险。客户的POS机在做一些拆机维修、系统设置、以及涉及安全的改动的时候,必须通过授权系统授予安全权限后,才能进行操作。授权系统可以由客户独立部署在服务器上,但是一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性。At present, with the widespread use of POS machines, electronic social consumption settlement is becoming increasingly mature, and fierce market competition has also brought numerous financial risks. When the customer's POS machine is undergoing some disassembly and maintenance, system settings, and security-related changes, it must be granted security permissions through the authorization system before it can be operated. The authorization system can be independently deployed on the server by the customer, but some customers may deploy the authorization system at will, or use the authorization system to authorize POS machines that cannot be authorized originally, resulting in illegal authorization by the authorization system and affecting the security of POS machine authorization.

发明内容Contents of the invention

本申请实施例提供了一种POS机安全授权部署方法、装置及存储介质,可以解决现有技术存在的一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性的问题。The embodiments of this application provide a POS machine security authorization deployment method, device and storage medium, which can solve the problem in the existing technology that some customers may deploy the authorization system at will, or authorize POS machines that are originally unable to authorize through the authorization system. , leading to illegal authorization by the authorization system and affecting the security of POS machine authorization.

本申请实施例的第一方面提供一种POS机安全授权部署方法,应用于服务器端,包括:The first aspect of the embodiment of this application provides a POS machine security authorization deployment method, which is applied to the server side and includes:

获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Obtain the server serial number hash value, preset server information and preset terminal whitelist information;

基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;Determine the first verification result of the server based on the server serial number hash value and preset server information;

若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;If the first verification result meets the first preset condition, determine the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information;

若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;If the second verification result meets the second preset condition, receive the terminal serial number sent by the client;

若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。If the terminal serial number and the preset terminal whitelist information meet the third preset condition, the client is granted security permission.

在其中一个实施例中,预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,第一签名信息为基于私钥对第一预设客户信息和预设服务器序列号哈希值分别进行签名后的信息;In one embodiment, the preset server information includes first preset client information, a hash value of the preset server serial number, and first signature information. The first signature information is a pair of the first preset client information and the preset server information based on a private key. Suppose the server serial number hash value is used to sign the information respectively;

基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,包括:Based on the server serial number hash value and preset server information, determine the first verification result of the server, including:

基于公钥和第一签名信息,确定第一验签结果;Based on the public key and the first signature information, determine the first signature verification result;

基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果;Determine the first comparison result of the server based on the server serial number hash value and the preset server serial number hash value;

基于第一验签结果和第一对比结果,确定服务器的第一验证结果;Based on the first signature verification result and the first comparison result, determine the first verification result of the server;

第一预设条件为第一验签结果通过且所述第一对比结果为服务器序列号哈希值和预设服务器序列号哈希值相同。The first preset condition is that the first signature verification result is passed and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value.

在其中一个实施例中,基于第一验签结果和第一对比结果,确定服务器的第一验证结果之后,还包括:In one embodiment, after determining the first verification result of the server based on the first signature verification result and the first comparison result, the method further includes:

若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。If the first verification result satisfies the first preset condition, the first preset customer information is stored in the server.

在其中一个实施例中,预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,第二签名信息为基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名后的信息;In one embodiment, the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list, and second signature information. The second signature information is a pair of the second preset customer information and the preset terminal information based on a private key. Assume that the terminal serial number list is signed separately;

若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,包括:If the first verification result satisfies the first preset condition, determine the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information, including:

若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information;

基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;Determine a second comparison result of the customer information based on the first preset customer information and the second preset customer information;

基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果;Based on the second signature verification result and the second comparison result, determine the second verification result of the preset terminal whitelist information;

第二预设条件为第二验签结果通过且所述第二对比结果为第一预设客户信息和第二预设客户信息相同。The second preset condition is that the second signature verification result is passed and the second comparison result is that the first preset customer information and the second preset customer information are the same.

在其中一个实施例中,基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果之后,还包括:In one embodiment, after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, the method further includes:

若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。If the second verification result satisfies the second preset condition, the preset terminal serial number list is stored in the server.

在其中一个实施例中,若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限,包括:In one embodiment, if the terminal serial number and the preset terminal whitelist information meet the third preset condition, the client is granted security permissions, including:

基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;Determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information;

若第三验证结果满足所述第三预设条件,授予客户端安全权限。If the third verification result meets the third preset condition, the client is granted security permission.

在其中一个实施例中,基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,包括:In one embodiment, the third verification result of the terminal serial number is determined based on the third comparison result of the terminal serial number and the preset terminal whitelist information, including:

基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果;Determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal serial number list;

第三预设条件为终端序列号包含在预设终端序列号列表内。The third preset condition is that the terminal serial number is included in the preset terminal serial number list.

本申请实施例的第二方面提供一种POS机安全授权部署方法,应用于客户端,包括:The second aspect of the embodiment of this application provides a POS machine security authorization deployment method, which is applied to the client and includes:

发送终端序列号至服务器端;Send the terminal serial number to the server;

若终端序列号和预设终端白名单信息满足第三预设条件,获取服务器端授予的安全权限。If the terminal serial number and the preset terminal whitelist information meet the third preset condition, the security permission granted by the server is obtained.

本申请实施例的第三方面提供一种POS机安全授权部署装置,应用于服务器端,包括:The third aspect of the embodiment of the present application provides a POS machine security authorization deployment device, which is applied to the server side and includes:

信息获取模块,用于获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;Information acquisition module, used to obtain server serial number hash value, preset server information and preset terminal whitelist information;

第一验证模块,用于基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;The first verification module is used to determine the first verification result of the server based on the hash value of the server serial number and the preset server information;

第二验证模块,用于若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;A second verification module, configured to determine the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result satisfies the first preset condition;

序列接收模块,用于若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;A sequence receiving module, configured to receive the terminal serial number transmitted by the client if the second verification result meets the second preset condition;

第三验证模块,用于若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。The third verification module is used to grant the client security permission if the terminal serial number and the preset terminal whitelist information meet the third preset condition.

在其中一个实施例中,第一验证模块,包括:In one embodiment, the first verification module includes:

第一验签单元,用于基于公钥和第一签名信息,确定第一验签结果;The first signature verification unit is used to determine the first signature verification result based on the public key and the first signature information;

第一对比单元,用于基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果;The first comparison unit is used to determine the first comparison result of the server based on the server serial number hash value and the preset server serial number hash value;

第一验证单元,用于基于第一验签结果和第一对比结果,确定服务器的第一验证结果。The first verification unit is used to determine the first verification result of the server based on the first signature verification result and the first comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS machine security authorization deployment device also includes:

第一存储模块,用于若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。The first storage module is used to store the first preset customer information to the server if the first verification result satisfies the first preset condition.

在其中一个实施例中,第二验证模块,包括:In one embodiment, the second verification module includes:

第二验签单元,用于若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;The second signature verification unit is used to determine the second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition;

第二对比单元,用于基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;a second comparison unit configured to determine a second comparison result of customer information based on the first preset customer information and the second preset customer information;

第二验证单元,用于基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。The second verification unit is configured to determine the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS machine security authorization deployment device also includes:

第二存储模块,用于若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。The second storage module is used to store the preset terminal serial number list to the server if the second verification result satisfies the second preset condition.

在其中一个实施例中,第三验证模块,包括:In one embodiment, the third verification module includes:

第三对比单元,用于基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;The third comparison unit is configured to determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information;

权限授予单元,用于若第三验证结果满足第三预设条件,授予客户端安全权限。The permission granting unit is used to grant security permission to the client if the third verification result meets the third preset condition.

在其中一个实施例中,第三对比单元,具体用于基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果。In one embodiment, the third comparison unit is specifically configured to determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal serial number list.

本申请实施例的第四方面提供一种计算机可读存储介质,计算机可读存储介质存储有计算机程序,计算机程序被处理器执行时实现第一方面所述的POS机安全授权部署方法。A fourth aspect of the embodiments of the present application provides a computer-readable storage medium. The computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the POS machine security authorization deployment method described in the first aspect is implemented.

本申请实施例的第一方面提供的POS机安全授权部署方法,通过在授权系统部署在客户的服务器上时,获取服务器的序列号哈希值,并基于预设服务器信息对服务器序列号哈希值进行验证,能够验证授权系统所部署的服务器是否为正确的服务器,使得授权系统只能部署在正确的服务器上。若服务器验证通过,再基于验证通过的预设终端白名单信息对客户端接入授权系统的POS机的终端序列号进行验证,若终端序列号验证通过则授予POS机安全权限,能够确保授权系统只对可以进行授权的POS机授权,从而严格把控POS机授权的安全性,防止授权系统非法授权。The POS security authorization deployment method provided by the first aspect of the embodiment of the present application obtains the hash value of the serial number of the server when the authorization system is deployed on the client's server, and hashes the serial number of the server based on the preset server information. Value verification can verify whether the server deployed by the authorization system is the correct server, so that the authorization system can only be deployed on the correct server. If the server passes the verification, it will then verify the terminal serial number of the POS machine that the client accesses the authorization system based on the preset terminal whitelist information that passes the verification. If the terminal serial number passes the verification, the POS machine will be granted security permissions, which can ensure the authorization system. Only authorize POS machines that can be authorized, thereby strictly controlling the security of POS machine authorization and preventing illegal authorization by the authorization system.

可以理解的是,上述第二方面、第三方面和第四方面的有益效果可以参见上述第一方面中的相关描述,在此不再赘述。It can be understood that the beneficial effects of the above-mentioned second aspect, third aspect and fourth aspect can be referred to the relevant description in the above-mentioned first aspect, and will not be described again here.

附图说明Description of the drawings

为了更清楚地说明本申请具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain the specific embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the specific embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description The drawings illustrate some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts.

图1为本申请实施例提供的POS机安全授权部署方法的第一种流程示意图;Figure 1 is a schematic flowchart of the first POS machine security authorization deployment method provided by the embodiment of the present application;

图2为本申请实施例提供的POS机安全授权部署方法的第二种流程示意图;Figure 2 is a second flow schematic diagram of the POS machine security authorization deployment method provided by the embodiment of the present application;

图3为本申请实施例提供的POS机安全授权部署方法的第三种流程示意图;Figure 3 is a third flow diagram of the POS machine security authorization deployment method provided by the embodiment of the present application;

图4为本申请实施例提供的POS机安全授权部署方法的第四种流程示意图;Figure 4 is a schematic flow diagram of the fourth POS machine security authorization deployment method provided by the embodiment of the present application;

图5为本申请实施例提供的POS机安全授权部署装置的结构示意图。Figure 5 is a schematic structural diagram of a POS machine security authorization deployment device provided by an embodiment of the present application.

具体实施方式Detailed ways

以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、设备、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of explanation rather than limitation, specific details such as specific system structures and technologies are provided to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to those skilled in the art that the present application may be practiced in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the application with unnecessary detail.

应当理解,当在本申请说明书和所附权利要求书中使用时,术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It will be understood that, when used in this specification and the appended claims, the term "comprising" indicates the presence of the described features, integers, steps, operations, elements and/or components but does not exclude one or more other The presence or addition of features, integers, steps, operations, elements, components and/or collections thereof.

还应当理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It will also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.

如在本申请说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in this specification and the appended claims, the term "if" may be interpreted as "when" or "once" or "in response to determining" or "in response to detecting" depending on the context. ". Similarly, the phrase "if determined" or "if [the described condition or event] is detected" may be interpreted, depending on the context, to mean "once determined" or "in response to a determination" or "once the [described condition or event] is detected ]" or "in response to detection of [the described condition or event]".

在本申请说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在其中一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。“多个”表示“两个或两个以上”。Reference in this specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Therefore, the statements "in one of the embodiments", "in some embodiments", "in some other embodiments", "in some other embodiments", etc. appearing in different places in this specification are not Reference is necessarily to the same embodiment, but rather to "one or more but not all embodiments" unless otherwise specifically emphasized. The terms “including,” “includes,” “having,” and variations thereof all mean “including but not limited to,” unless otherwise specifically emphasized. "Multiple" means "two or more".

目前,随着POS机的广泛使用,社会消费结算电子化日益成熟,激烈的市场竞争也带来了众多的金融风险。客户的POS机在做一些拆机维修、系统设置、以及涉及安全的改动的时候,必须通过授权系统授予安全权限后,才能进行操作。授权系统可以由客户独立部署在服务器上,但是一些客户可能会将授权系统随意部署,或者通过授权系统对原本不能进行授权的POS机授权,导致授权系统非法授权,影响POS机授权的安全性。At present, with the widespread use of POS machines, electronic social consumption settlement is becoming increasingly mature, and fierce market competition has also brought numerous financial risks. When the customer's POS machine is undergoing some disassembly and maintenance, system settings, and security-related changes, it must be granted security permissions through the authorization system before it can be operated. The authorization system can be independently deployed on the server by the customer, but some customers may deploy the authorization system at will, or use the authorization system to authorize POS machines that cannot be authorized originally, resulting in illegal authorization by the authorization system and affecting the security of POS machine authorization.

针对上述问题,本申请实施例提供了一种POS机安全授权部署方法,应用于服务器端,该方法通过获取服务器序列号哈希值、预设服务器信息以及预设终端信息,基于服务器序列号哈希值和预设服务器信息确定服务器的第一验证结果,若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端信息确定预设终端信息的第二验证结果,若第二验证结果满足第二预设条件,接收客户端传送的终端序列号,若终端序列号和预设终端信息满足第三预设条件,授予客户端安全权限,能够使得授权系统只能部署在正确的服务器上,还能够确保授权系统只对可以进行授权的POS机授权,避免授权系统非法授权,提高了POS机授权的安全性。In response to the above problems, embodiments of the present application provide a POS machine security authorization deployment method, which is applied to the server side. This method obtains the server serial number hash value, preset server information and preset terminal information, based on the server serial number hash value. The Greek value and the preset server information determine the first verification result of the server. If the first verification result meets the first preset condition, the second verification result of the preset terminal information is determined based on the preset server information and the preset terminal information. If the first verification result satisfies the first preset condition, the second verification result of the preset terminal information is determined. The second verification result meets the second preset condition, and the terminal serial number transmitted by the client is received. If the terminal serial number and the preset terminal information meet the third preset condition, the client is granted security permissions, which enables the authorization system to be deployed only in the correct location. On the server, it can also ensure that the authorization system only authorizes POS machines that can be authorized, avoiding illegal authorization by the authorization system and improving the security of POS machine authorization.

下面结合具体实施例对本申请提供的POS机安全授权部署方法进行示例性的说明。The following is an exemplary description of the POS machine security authorization deployment method provided by this application in conjunction with specific embodiments.

如图1所示,本实施例提供的POS机安全授权部署方法,应用于服务器端,包括:As shown in Figure 1, the POS machine security authorization deployment method provided by this embodiment is applied to the server side and includes:

S100、获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息。S100: Obtain the server serial number hash value, preset server information and preset terminal whitelist information.

在应用中,当客户的POS机需要授权来做拆机维修、系统设置、以及涉及安全的改动操作时,首先可以由POS机的生产公司将加密机又称授权机连接至客户的服务器,以便于将授权系统部署至客户的服务器上,上述服务器可以是基于windows环境的服务器。接着由客户将需要授权的POS机连接到自己的终端设备例如电脑上,使用终端设备中的授权工具通过互联网对上述服务器中的授权系统进行访问,授权工具是一个桌面工具,解压后双击对应的exe文件即可运行。服务器和加密机构成了服务器端,POS机和终端设备构成了客户端。In applications, when the customer's POS machine needs authorization for disassembly and maintenance, system settings, and security-related modification operations, the POS machine production company can first connect the encryption machine, also known as the authorization machine, to the customer's server so that When deploying the authorization system to the customer's server, the server may be a server based on a Windows environment. Then the customer connects the POS machine that needs authorization to his own terminal device such as a computer, and uses the authorization tool in the terminal device to access the authorization system in the above server through the Internet. The authorization tool is a desktop tool. After unzipping, double-click the corresponding exe file can be run. The server and encryption machine constitute the server side, and the POS machine and terminal equipment constitute the client side.

在应用中,为确保授权系统部署在正确的服务器,以及授权系统接入的是可以进行授权的POS机,可以进行服务器验证和POS机的终端序列号验证。在授权系统启动的时候,获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息,上述服务器序列号哈希值可以是授权系统所部署的服务器的CPU序列号进行哈希处理后的哈希值,上述预设服务器信息可以是授权系统可以部署的服务器即正确的服务器有关的信息,上述预设终端白名单信息可以是授权系统可以进行授权的POS机有关的信息。In the application, in order to ensure that the authorization system is deployed on the correct server and that the authorization system is connected to a POS machine that can be authorized, server verification and terminal serial number verification of the POS machine can be performed. When the authorization system is started, the server serial number hash value, preset server information and preset terminal whitelist information are obtained. The above server serial number hash value can be the CPU serial number of the server deployed by the authorization system for hash processing. After the hash value, the above-mentioned preset server information can be information about the server that the authorization system can deploy, that is, the correct server. The above-mentioned preset terminal whitelist information can be information about the POS machines that the authorization system can authorize.

在应用中,在部署授权系统时,可以将上述预设服务器信息和上述预设终端白名单信息以文件形式跟随授权系统部署至服务器上,具体存放至授权系统部署文件中的一个指定目录,以便于后续进行服务器和终端序列号的验证。In the application, when deploying the authorization system, the above-mentioned preset server information and the above-mentioned preset terminal whitelist information can be deployed to the server in the form of files following the authorization system, and specifically stored in a designated directory in the authorization system deployment file, so that The server and terminal serial numbers will be verified later.

S200、基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果。S200. Determine the first verification result of the server based on the server serial number hash value and preset server information.

在应用中,为确保授权系统部署在正确的服务器,可以对授权系统所部署的服务器进行验证。上述基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,可以是通过上述预设服务器信息对上述服务器序列号哈希值进行验证,从而确定服务器的第一验证结果。In the application, to ensure that the authorization system is deployed on the correct server, the server where the authorization system is deployed can be verified. Determining the first verification result of the server based on the hash value of the server serial number and the preset server information may include verifying the hash value of the server serial number through the preset server information, thereby determining the first verification result of the server.

在其中一个实施例中,预设服务器信息包括第一预设客户信息、预设服务器序列号哈希值以及第一签名信息,第一签名信息为基于私钥对第一预设客户信息和预设服务器序列号哈希值分别进行签名后的信息。In one embodiment, the preset server information includes first preset client information, a hash value of the preset server serial number, and first signature information. The first signature information is a pair of the first preset client information and the preset server information based on a private key. Let the server serial number hash value be used to sign the information respectively.

在应用中,上述预设服务器序列号哈希值可以是授权系统可以部署的服务器的CPU序列号进行哈希处理后的哈希值,为了避免攻击者轻易的推算出相关的信息,可以对服务器CPU序列号进行哈希处理,上述第一预设客户信息可以是上述预设服务器序列号哈希值对应的服务器所属客户信息,即该授权系统可以进行授权的正确客户信息,上述第一签名信息可以是使用POS机生产公司的私钥对上述第一预设客户信息以及上述预设服务器序列号哈希值进行签名得到的签名信息,具体签名过程为首先将第一预设客户信息和预设服务器序列号哈希值发送至POS机生产公司的终端,待操作人员使用POS机生产公司加密机中的私钥进行签名后,将签名信息发送至服务器端进行授权部署。In the application, the above-mentioned preset server serial number hash value can be the hash value of the CPU serial number of the server that can be deployed by the authorized system. In order to prevent the attacker from easily deducing the relevant information, the server can be The CPU serial number is hashed. The above-mentioned first preset client information can be the client information of the server corresponding to the hash value of the above-mentioned preset server serial number, that is, the correct client information that the authorization system can authorize. The above-mentioned first signature information It can be the signature information obtained by using the private key of the POS machine production company to sign the above-mentioned first preset customer information and the above-mentioned preset server serial number hash value. The specific signing process is to first combine the first preset customer information and the preset server serial number hash value. The hash value of the server serial number is sent to the terminal of the POS machine production company. After the operator uses the private key in the encryption machine of the POS machine production company to sign, the signature information is sent to the server for authorization deployment.

如图2所示,基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果,包括:As shown in Figure 2, based on the server serial number hash value and preset server information, the first verification result of the server is determined, including:

S210、基于公钥和第一签名信息,确定第一验签结果。S210. Determine the first signature verification result based on the public key and the first signature information.

在应用中,为防止上述预设服务器信息被篡改,在授权系统启动时,可以对上述第一签名信息进行验签。上述基于公钥和第一签名信息,确定第一验签结果,可以是调用授权系统中存放的公钥对上述预设服务器信息中的第一签名信息进行验签,从而确定上述第一验签结果。若上述预设服务器信息被篡改,则上述第一验签结果就会不通过,若上述预设服务器信息未被篡改,则上述第一验签结果通过。In an application, in order to prevent the above-mentioned preset server information from being tampered with, the above-mentioned first signature information can be verified when the authorization system is started. The above-mentioned determination of the first signature verification result based on the public key and the first signature information may be to call the public key stored in the authorization system to verify the first signature information in the above-mentioned preset server information, thereby determining the above-mentioned first signature verification result. If the above-mentioned preset server information is tampered with, the above-mentioned first signature verification result will fail. If the above-mentioned preset server information is not tampered with, the above-mentioned first signature verification result will pass.

S220、基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果。S220. Determine the first comparison result of the server based on the server serial number hash value and the preset server serial number hash value.

在应用中,在授权系统启动的时候,为了验证授权系统所部署的服务器是否为正确的服务器,可以在获取了上述服务器序列号哈希值后,通过上述预设服务器信息对上述服务器序列号哈希值进行验证。上述基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果,可以是将上述服务器序列号哈希值和上述预设服务器序列号哈希值进行对比,从而确定上述第一对比结果。若上述服务器序列号哈希值和上述预设服务器序列号哈希值相同,则上述第一对比结果通过,若上述服务器序列号哈希值和上述预设服务器序列号哈希值不相同,则上述第一对比结果不通过。In the application, when the authorization system is started, in order to verify whether the server deployed by the authorization system is the correct server, after obtaining the hash value of the above-mentioned server serial number, the above-mentioned server serial number can be hashed through the above-mentioned preset server information. The expected value is verified. Determining the first comparison result of the server based on the hash value of the server serial number and the hash value of the preset server serial number may be to compare the hash value of the server serial number with the hash value of the preset server serial number, thereby Determine the first comparison result above. If the hash value of the above-mentioned server serial number and the hash value of the above-mentioned preset server serial number are the same, then the above-mentioned first comparison result passes. If the hash value of the above-mentioned server serial number and the hash value of the above-mentioned preset server serial number are not the same, then The above first comparison result failed.

S230、基于第一验签结果和第一对比结果,确定服务器的第一验证结果。S230. Based on the first signature verification result and the first comparison result, determine the first verification result of the server.

在应用中,上述基于第一验签结果和第一对比结果,确定服务器的第一验证结果,可以是基于上述第一签名信息的第一验签结果,以及上述服务器序列号哈希值和上述预设服务器序列号哈希值的第一对比结果确定服务器的第一验证结果。In the application, the above-mentioned first verification result of the server is determined based on the first signature verification result and the first comparison result, which may be the first signature verification result based on the above-mentioned first signature information, and the above-mentioned server serial number hash value and the above-mentioned The first comparison result of the preset server serial number hash value determines the first verification result of the server.

在其中一个实施例中,上述第一预设条件为上述第一验签结果和上述第一对比结果均通过,即上述预设服务器信息未被篡改,且上述服务器序列号哈希值和上述预设服务器序列号哈希值相同。In one embodiment, the first preset condition is that both the first verification result and the first comparison result pass, that is, the preset server information has not been tampered with, and the hash value of the server serial number and the preset Assume that the server serial number hash values are the same.

在其中一个实施例中,基于第一验签结果和第一对比结果,确定服务器的第一验证结果之后,还包括:若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。In one embodiment, after determining the first verification result of the server based on the first signature verification result and the first comparison result, the method further includes: if the first verification result satisfies the first preset condition, converting the first preset customer information to Stored to the server.

在应用中,若上述第一验证结果满足上述第一预设条件,则说明授权系统所部署的服务器为正确的服务器,服务器验证通过。上述若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端,可以是在服务器验证通过之后,将上述第一预设客户信息写入服务器的内存中,以此配置在服务器中,表明上述第一预设客户信息为正确客户的信息。In the application, if the above-mentioned first verification result satisfies the above-mentioned first preset condition, it means that the server deployed by the authorization system is the correct server and the server verification passes. If the first verification result satisfies the first preset condition, the first preset client information is stored in the server. After the server passes the verification, the first preset client information is written into the memory of the server. Configured in the server, it indicates that the above-mentioned first preset customer information is the information of the correct customer.

S300、若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果。S300. If the first verification result satisfies the first preset condition, determine the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information.

在应用中,若上述第一验证结果满足上述第一预设条件,则说明授权系统所部署的服务器为正确的服务器,服务器验证通过,可以再对接入授权系统的POS机的终端序列号进行验证。在进行终端序列号验证之前,需要验证上述预设终端白名单信息是否为正确客户自己的预设终端白名单信息。上述基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,可以是通过上述预设服务器信息中的第一预设客户信息对上述预设终端白名单信息进行验证,从而确定上述预设终端白名单信息的第二验证结果。In the application, if the above-mentioned first verification result satisfies the above-mentioned first preset condition, it means that the server deployed by the authorization system is the correct server and the server has passed the verification. Then the terminal serial number of the POS machine connected to the authorization system can be verified. verify. Before verifying the terminal serial number, it is necessary to verify whether the above preset terminal whitelist information is the correct customer's own preset terminal whitelist information. The second verification result for determining the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information may be to verify the preset terminal whitelist through the first preset client information in the preset server information. The information is verified to determine the second verification result of the above-mentioned preset terminal whitelist information.

在其中一个实施例中,预设终端白名单信息包括第二预设客户信息、预设终端序列号列表以及第二签名信息,第二签名信息为基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名后的信息。In one embodiment, the preset terminal whitelist information includes second preset customer information, a preset terminal serial number list, and second signature information. The second signature information is a pair of the second preset customer information and the preset terminal information based on a private key. Assume that the terminal serial number list is the signed information respectively.

在应用中,上述预设终端序列号列表可以是授权系统可以进行授权的POS机的终端序列号组成的列表,上述第二预设客户信息可以是上述预设终端序列号列表对应的POS机所属客户的信息。上述基于私钥对第二预设客户信息和预设终端序列号列表分别进行签名,可以是使用POS机生产公司的私钥对上述第二预设客户信息以及上述预设终端序列号列表进行哈希处理后的哈希值分别进行签名,具体签名过程为首先将第二预设客户信息和预设终端序列号列表发送至POS机生产公司的终端,待操作人员使用POS机生产公司加密机中的私钥进行签名后,将签名信息发送至服务器端进行授权部署。上述预设终端白名单信息可以在授权系统启动的时候直接读取到服务器的内存中,防止其他客户恶意篡改上述预设终端白名单信息。In an application, the above-mentioned preset terminal serial number list may be a list of terminal serial numbers of POS machines that can be authorized by the authorization system, and the above-mentioned second preset customer information may be a list of POS machines corresponding to the above-mentioned preset terminal serial number list. Customer information. The above-mentioned signing of the second preset customer information and the preset terminal serial number list based on the private key may be done by using the private key of the POS machine production company to haw the second preset customer information and the preset terminal serial number list. The processed hash values are signed separately. The specific signing process is to first send the second preset customer information and the preset terminal serial number list to the terminal of the POS machine production company, and wait for the operator to use the encryption machine of the POS machine production company. After signing with the private key, the signature information is sent to the server for authorization deployment. The above-mentioned preset terminal whitelist information can be directly read into the memory of the server when the authorization system is started, preventing other customers from maliciously tampering with the above-mentioned preset terminal whitelist information.

如图3所示,若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果,包括:As shown in Figure 3, if the first verification result meets the first preset condition, the second verification result of the preset terminal whitelist information is determined based on the preset server information and the preset terminal whitelist information, including:

S310、若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果。S310. If the first verification result meets the first preset condition, determine the second signature verification result based on the public key and the second signature information.

在应用中,为防止上述预设终端白名单信息被篡改,在授权系统启动时,可以对上述第二签名信息进行验签。上述基于公钥和第二签名信息,确定第二验签结果,可以是调用授权系统中存放的公钥对上述预设终端白名单信息中的第二签名信息进行验签,从而确定上述第二验签结果。若上述预设终端白名单信息被篡改,则上述第二验签结果就会不通过,若上述预设终端白名单信息未被篡改,则上述第二验签结果通过。In an application, in order to prevent the above-mentioned preset terminal whitelist information from being tampered with, the above-mentioned second signature information can be verified when the authorization system is started. Determining the second signature verification result based on the public key and the second signature information may involve calling the public key stored in the authorization system to verify the second signature information in the preset terminal whitelist information, thereby determining the second signature verification result. Verification results. If the above-mentioned preset terminal whitelist information is tampered with, the above-mentioned second signature verification result will fail. If the above-mentioned preset terminal whitelist information has not been tampered with, the above-mentioned second signature verification result will pass.

S320、基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果。S320. Based on the first preset customer information and the second preset customer information, determine the second comparison result of the customer information.

在应用中,在进行终端序列号验证之前,为了验证上述预设终端白名单信息是否为正确客户自己的预设终端白名单信息,可以通过上述预设服务器信息中的第一预设客户信息对上述预设终端白名单信息中的第二预设客户信息进行验证。上述基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果,可以是将上述第一预设客户信息和上述第二预设客户信息进行对比,从而确定客户信息的第二对比结果。若上述第一预设客户信息和上述第二预设客户信息相同,则上述第二对比结果通过,若上述第一预设客户信息和上述第二预设客户信息不相同,则上述第二对比结果不通过。In the application, before performing terminal serial number verification, in order to verify whether the above-mentioned preset terminal whitelist information is the correct customer's own preset terminal whitelist information, the first preset customer information in the above-mentioned preset server information can be used to verify The second preset customer information in the above preset terminal whitelist information is verified. The above-mentioned second comparison result of determining the customer information based on the first preset customer information and the second preset customer information may be to compare the above-mentioned first preset customer information and the above-mentioned second preset customer information to determine the customer information. The second comparison result. If the first preset customer information and the second preset customer information are the same, the second comparison result is passed. If the first preset customer information and the second preset customer information are not the same, the second comparison result is passed. The result is not passed.

S330、基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。S330. Based on the second signature verification result and the second comparison result, determine the second verification result of the preset terminal whitelist information.

在应用中,上述基于第二验签结果和第二对比结果,确定预设终端信息的第二验证结果,可以是基于上述第二签名信息的第二验签结果,以及上述第一预设客户信息和上述第二预设客户信息的第二对比结果确定预设终端白名单信息的第二验证结果。In an application, the above-mentioned second verification result for determining the preset terminal information based on the second signature verification result and the second comparison result may be the second signature verification result based on the above-mentioned second signature information, and the above-mentioned first preset customer The second comparison result between the information and the above-mentioned second preset customer information determines the second verification result of the preset terminal whitelist information.

在其中一个实施例中,上述第二预设条件为上述第二验签结果和上述第二对比结果均通过,即上述预设终端白名单信息未被篡改,且上述第一预设客户信息和上述第二预设客户信息相同。In one embodiment, the above-mentioned second preset condition is that the above-mentioned second signature verification result and the above-mentioned second comparison result both pass, that is, the above-mentioned preset terminal whitelist information has not been tampered with, and the above-mentioned first preset customer information and The above second preset customer information is the same.

在其中一个实施例中,基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果之后,还包括:若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。In one embodiment, after determining the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result, the method further includes: if the second verification result satisfies the second preset condition, the preset terminal whitelist information is determined. Assume that the terminal serial number list is stored in the server.

在应用中,由于上述第一预设客户信息已经被确定为正确客户的信息,因此若上述第二验证结果满足上述第二预设条件,则说明上述预设终端白名单信息也就是正确客户自己的预设终端白名单信息,上述预设终端白名单信息验证通过。上述若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端,可以是在预设终端白名单信息验证通过后,将上述预设终端白名单信息中的预设终端序列号列表写入服务器的内存中,以便后续进行终端序列号的验证。通过进行预设终端白名单信息的验证,能够使得客户只能使用自己的预设终端序列号列表进行终端序列号验证,避免客户恶意的使用其他客户的预设终端序列号列表。In the application, since the above-mentioned first preset customer information has been determined to be the information of the correct customer, if the above-mentioned second verification result satisfies the above-mentioned second preset condition, it means that the above-mentioned preset terminal whitelist information is the correct customer himself. The preset terminal whitelist information of the above preset terminal whitelist information is verified and passed. If the second verification result satisfies the second preset condition, storing the preset terminal serial number list on the server side may include, after the preset terminal whitelist information is verified, passing the preset terminal whitelist information. The terminal serial number list is written into the server's memory for subsequent verification of the terminal serial number. By verifying the preset terminal whitelist information, customers can only use their own preset terminal serial number list for terminal serial number verification, preventing customers from maliciously using other customers' preset terminal serial number lists.

S400、若第二验证结果满足第二预设条件,接收客户端传送的终端序列号。S400. If the second verification result meets the second preset condition, receive the terminal serial number sent by the client.

在应用中,若上述第二验证结果满足上述第二预设条件,则说明上述预设终端白名单信息为正确客户自己的预设终端信息,上述预设终端白名单信息验证通过,此时可以利用上述预设终端白名单信息中的预设终端序列号列表对客户端接入授权系统的POS机进行终端序列号验证。上述终端序列号可以是POS机的SN(Serial Number)号。In the application, if the above-mentioned second verification result satisfies the above-mentioned second preset condition, it means that the above-mentioned preset terminal whitelist information is the correct customer's own preset terminal information, and the above-mentioned preset terminal whitelist information passes the verification. At this time, you can Use the preset terminal serial number list in the above preset terminal whitelist information to verify the terminal serial number of the POS machine where the client accesses the authorization system. The above terminal serial number may be the SN (Serial Number) number of the POS machine.

S500、若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。S500. If the terminal serial number and the preset terminal whitelist information meet the third preset condition, grant the client security permission.

在应用中,为了使授权系统只对可以进行授权的POS机进行授权,可以通过上述预设终端白名单信息对客户端接入授权系统的POS机的终端序列号进行验证,判断上述终端序列号与上述预设终端白名单信息是否满足第三预设条件,若满足则授予客户端接入授权系统的POS机安全权限。In the application, in order for the authorization system to authorize only POS machines that can be authorized, the terminal serial number of the POS machine that the client accesses the authorization system can be verified through the above-mentioned preset terminal whitelist information, and the above-mentioned terminal serial number can be determined. Whether the above-mentioned preset terminal whitelist information satisfies the third preset condition, and if so, the client is granted POS machine security permission to access the authorization system.

如图4所示,上述若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限,包括:As shown in Figure 4, if the terminal serial number and the preset terminal whitelist information meet the third preset condition, the client is granted security permissions, including:

S510、基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果。S510. Based on the third comparison result of the terminal serial number and the preset terminal whitelist information, determine the third verification result of the terminal serial number.

在应用中,上述基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,可以是将客户端接入授权系统的POS机的终端序列号与上述预设终端白名单信息进行对比得到上述第三对比结果,并根据上述第三对比结果确定终端序列号的第三验证结果。In the application, the above-mentioned third verification result for determining the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information may be the terminal serial number of the POS machine that the client accesses the authorization system and the above-mentioned The preset terminal whitelist information is compared to obtain the above third comparison result, and the third verification result of the terminal serial number is determined based on the above third comparison result.

在一个实施例中,上述基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果,包括:基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果;上述第三预设条件为上述终端序列号包含在上述预设终端序列号列表内。In one embodiment, the above-mentioned third verification result of determining the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information includes: a third verification result based on the terminal serial number and the preset terminal serial number list. Compare the results to determine the third verification result of the terminal serial number; the third preset condition is that the terminal serial number is included in the preset terminal serial number list.

在应用中,上述基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果,可以是将客户端接入授权系统的POS机的终端序列号与上述预设终端白名单信息中的预设终端序列号列表进行对比,得到上述第三对比结果,并根据上述第三对比结果确定终端序列号的第三验证结果。In the application, the above-mentioned third verification result for determining the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal serial number list may be the terminal serial number of the POS machine that the client accesses the authorization system and the above-mentioned The preset terminal serial number list in the preset terminal whitelist information is compared to obtain the above third comparison result, and the third verification result of the terminal serial number is determined based on the above third comparison result.

S520、若第三验证结果满足第三预设条件,授予客户端安全权限。S520. If the third verification result meets the third preset condition, grant the client security permission.

在应用中,若上述第三验证结果满足上述第三预设条件,则说明客户端接入授权系统的POS机的终端序列号包含在上述预设终端序列号列表内,客户端接入授权系统的POS机是可以进行授权的POS机,授权系统可以授权POS机安全权限。若上述终端序列号和上述预设终端白名单信息不满足第三预设条件,则说明客户端接入授权系统的POS机的终端序列号不包含在上述预设终端序列号列表内,客户端接入授权系统的POS机是不可以进行授权的POS机,授权系统不授予POS机安全权限。In the application, if the above-mentioned third verification result meets the above-mentioned third preset condition, it means that the terminal serial number of the POS machine of the client accessing the authorization system is included in the above-mentioned preset terminal serial number list, and the client accesses the authorization system. The POS machine is a POS machine that can be authorized, and the authorization system can authorize the security permissions of the POS machine. If the above-mentioned terminal serial number and the above-mentioned preset terminal whitelist information do not meet the third preset condition, it means that the terminal serial number of the POS machine of the client accessing the authorization system is not included in the above-mentioned preset terminal serial number list, and the client POS machines connected to the authorization system are POS machines that cannot be authorized, and the authorization system does not grant security permissions to POS machines.

具体地,在对POS授权使用场景中,授权系统可以是运行在windows服务器上的一个web系统,管理员可以将授权系统部署至客户的服务器上,并通过浏览器对授权系统进行操作。在客户的POS机需要进行安全权限的授权时,客户可以将POS机接入自己的终端设备例如电脑,再使用终端设备中的授权工具通过互联网对授权系统进行访问。授权系统部署在客户的服务器上时,通过获取服务器的序列号哈希值,并基于预设服务器信息对服务器序列号哈希值进行验证,能够验证授权系统所部署的服务器是否为正确的服务器,使得授权系统只能部署在正确的服务器上。若服务器验证通过,再基于验证通过的预设终端白名单信息对客户接入授权系统的POS机的终端序列号进行验证,若终端序列号验证通过则授予POS机安全权限,能够确保授权系统只对可以进行授权的POS机授权,从而严格把控POS机授权的安全性,防止授权系统非法授权。Specifically, in the POS authorization usage scenario, the authorization system can be a web system running on a Windows server. The administrator can deploy the authorization system to the customer's server and operate the authorization system through the browser. When the customer's POS machine needs to be authorized for security permissions, the customer can connect the POS machine to his own terminal device such as a computer, and then use the authorization tool in the terminal device to access the authorization system through the Internet. When the authorization system is deployed on the customer's server, it can verify whether the server deployed by the authorization system is the correct server by obtaining the server's serial number hash value and verifying the server serial number hash value based on the preset server information. This allows the authorization system to be deployed only on the correct server. If the server passes the verification, it will then verify the terminal serial number of the POS machine that the customer accesses the authorization system based on the preset terminal whitelist information that passes the verification. If the terminal serial number passes the verification, the POS machine will be granted security permissions, which can ensure that the authorization system only Authorize POS machines that can be authorized to strictly control the security of POS machine authorization and prevent illegal authorization by the authorization system.

本申请实施例还提供了一种POS机安全授权部署方法,应用于客户端,包括:发送终端序列号至服务器端;若终端序列号和预设终端白名单信息满足第三预设条件,获取服务器端授予的安全权限。The embodiment of the present application also provides a POS machine security authorization deployment method, which is applied to the client, including: sending the terminal serial number to the server; if the terminal serial number and the preset terminal whitelist information meet the third preset condition, obtain Security permissions granted by the server.

需要说明的是,上述应用于客户端的POS机安全授权部署方法,由于与上述应用于服务器端的POS机安全授权部署方法基于同一构思,其具体功能及带来的技术效果,具体可参见上述应用于服务器端的POS机安全授权部署方法实施例部分,此处不再赘述。It should be noted that the above-mentioned POS machine security authorization deployment method applied to the client is based on the same concept as the above-mentioned POS machine security authorization deployment method applied to the server side. For details of its specific functions and technical effects, please refer to the above-mentioned application. The server-side POS machine security authorization deployment method embodiment part will not be described again here.

下面结合附图对本申请提供的POS机安全授权部署装置进行示例性的说明。The following is an exemplary description of the POS machine security authorization deployment device provided by this application in conjunction with the accompanying drawings.

对应于上文实施例所述的POS机安全授权部署方法,如图5所示,本实施例提供了一种POS机安全授权部署装置,应用于服务器端,该POS机安全授权部署装置500包括:Corresponding to the POS machine security authorization deployment method described in the above embodiment, as shown in Figure 5, this embodiment provides a POS machine security authorization deployment device, which is applied to the server side. The POS machine security authorization deployment device 500 includes :

信息获取模块510,用于获取服务器序列号哈希值、预设服务器信息以及预设终端白名单信息;The information acquisition module 510 is used to obtain the server serial number hash value, preset server information and preset terminal whitelist information;

第一验证模块520,用于基于服务器序列号哈希值和预设服务器信息,确定服务器的第一验证结果;The first verification module 520 is used to determine the first verification result of the server based on the server serial number hash value and preset server information;

第二验证模块530,用于若第一验证结果满足第一预设条件,基于预设服务器信息和预设终端白名单信息,确定预设终端白名单信息的第二验证结果;The second verification module 530 is configured to determine the second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information if the first verification result satisfies the first preset condition;

序列接收模块540,用于若第二验证结果满足第二预设条件,接收客户端传送的终端序列号;The sequence receiving module 540 is configured to receive the terminal serial number transmitted by the client if the second verification result meets the second preset condition;

第三验证模块550,用于若终端序列号和预设终端白名单信息满足第三预设条件,授予客户端安全权限。The third verification module 550 is used to grant security permission to the client if the terminal serial number and the preset terminal whitelist information meet the third preset condition.

在其中一个实施例中,第一验证模块,包括:In one embodiment, the first verification module includes:

第一验签单元,用于基于公钥和第一签名信息,确定第一验签结果;The first signature verification unit is used to determine the first signature verification result based on the public key and the first signature information;

第一对比单元,用于基于服务器序列号哈希值和预设服务器序列号哈希值,确定服务器的第一对比结果;The first comparison unit is used to determine the first comparison result of the server based on the server serial number hash value and the preset server serial number hash value;

第一验证单元,用于基于第一验签结果和第一对比结果,确定服务器的第一验证结果。The first verification unit is used to determine the first verification result of the server based on the first signature verification result and the first comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS machine security authorization deployment device also includes:

第一存储模块,用于若第一验证结果满足第一预设条件,将第一预设客户信息存储至服务器端。The first storage module is used to store the first preset customer information to the server if the first verification result satisfies the first preset condition.

在其中一个实施例中,第二验证模块,包括:In one embodiment, the second verification module includes:

第二验签单元,用于若第一验证结果满足第一预设条件,基于公钥和第二签名信息,确定第二验签结果;The second signature verification unit is used to determine the second signature verification result based on the public key and the second signature information if the first verification result meets the first preset condition;

第二对比单元,用于基于第一预设客户信息和第二预设客户信息,确定客户信息的第二对比结果;a second comparison unit configured to determine a second comparison result of customer information based on the first preset customer information and the second preset customer information;

第二验证单元,用于基于第二验签结果和第二对比结果,确定预设终端白名单信息的第二验证结果。The second verification unit is configured to determine the second verification result of the preset terminal whitelist information based on the second signature verification result and the second comparison result.

在其中一个实施例中,POS机安全授权部署装置,还包括:In one embodiment, the POS machine security authorization deployment device also includes:

第二存储模块,用于若第二验证结果满足第二预设条件,将预设终端序列号列表存储至服务器端。The second storage module is used to store the preset terminal serial number list to the server if the second verification result satisfies the second preset condition.

在其中一个实施例中,第三验证模块,包括:In one embodiment, the third verification module includes:

第三对比单元,用于基于终端序列号和预设终端白名单信息的第三对比结果,确定终端序列号的第三验证结果;The third comparison unit is configured to determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal whitelist information;

权限授予单元,用于若第三验证结果满足第三预设条件,授予客户端安全权限。The permission granting unit is used to grant security permission to the client if the third verification result meets the third preset condition.

在其中一个实施例中,第三对比单元,具体用于基于终端序列号和预设终端序列号列表的第三对比结果,确定终端序列号的第三验证结果。In one embodiment, the third comparison unit is specifically configured to determine the third verification result of the terminal serial number based on the third comparison result of the terminal serial number and the preset terminal serial number list.

需要说明的是,上述模块/单元之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其具体功能及带来的技术效果,具体可参见方法实施例部分,此处不再赘述。It should be noted that the information interaction, execution process, etc. between the above-mentioned modules/units are based on the same concept as the method embodiments of this application, and their specific functions and technical effects can be found in the method embodiments section. No further details will be given.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and simplicity of description, only the division of the above functional units and modules is used as an example. In actual applications, the above functions can be allocated to different functional units and modules according to needs. Module completion means dividing the internal structure of the device into different functional units or modules to complete all or part of the functions described above. Each functional unit and module in the embodiment can be integrated into one processing unit, or each unit can exist physically alone, or two or more units can be integrated into one unit. The above-mentioned integrated unit can be hardware-based. It can also be implemented in the form of software functional units. In addition, the specific names of each functional unit and module are only for the convenience of distinguishing each other and are not used to limit the scope of protection of the present application. For the specific working processes of the units and modules in the above system, please refer to the corresponding processes in the foregoing method embodiments, and will not be described again here.

本申请实施例还提供了一种计算机可读存储介质,计算机可读存储介质存储有计算机程序,计算机程序被处理器执行时可实现上述各个方法实施例中的步骤。Embodiments of the present application also provide a computer-readable storage medium. The computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the steps in each of the above method embodiments can be implemented.

本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到终端设备的任何实体或设备、记录介质、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质。例如U盘、移动硬盘、磁碟或者光盘等。This application implements all or part of the processes in the above embodiment method, which can be completed by instructing relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When executed by the processor, the computer program can Implement the steps of each of the above method embodiments. Wherein, the computer program includes computer program code, which may be in the form of source code, object code, executable file or some intermediate form. The computer-readable medium may at least include: any entity or device capable of carrying computer program code to a terminal device, a recording medium, a computer memory, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. For example, U disk, mobile hard disk, magnetic disk or CD, etc.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the above embodiments, each embodiment is described with its own emphasis. For parts that are not detailed or documented in a certain embodiment, please refer to the relevant descriptions of other embodiments.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的设备及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the devices and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each specific application, but such implementations should not be considered beyond the scope of this application.

在本申请所提供的实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。例如,以上所描述的设备实施例仅仅是示意性的,另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,设备间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. On the other hand, the coupling or direct coupling or communication connection between the devices shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the device may be electrical. sexual, mechanical or other form.

以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-described embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that they can still implement the above-mentioned implementations. The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions in the embodiments of this application, and should be included in within the protection scope of this application.

Claims (10)

1. The POS machine safety authorization deployment method is characterized by being applied to a server side and comprising the following steps:
obtaining a server serial number hash value, preset server information and preset terminal white list information;
determining a first verification result of the server based on the server serial number hash value and the preset server information;
if the first verification result meets a first preset condition, determining a second verification result of the preset terminal white list information based on the preset server information and the preset terminal white list information;
if the second verification result meets a second preset condition, receiving a terminal serial number transmitted by the client;
And if the terminal serial number and the preset terminal white list information meet a third preset condition, granting the security authority to the client.
2. The POS machine security authorization deployment method of claim 1, wherein the preset server information includes first preset client information, a preset server serial number hash value, and first signature information, the first signature information being information obtained by respectively signing the first preset client information and the preset server serial number hash value based on a private key;
the determining a first verification result of the server based on the server serial number hash value and the preset server information includes:
determining a first signature verification result based on the public key and the first signature information;
determining a first comparison result of the server based on the server serial number hash value and the preset server serial number hash value;
determining a first verification result of the server based on the first verification result and the first comparison result;
the first preset condition is that the first signature verification result passes, and the first comparison result is that the server serial number hash value is the same as the preset server serial number hash value.
3. The authorization verification method according to claim 2, wherein after determining the first verification result of the server based on the first verification result and the first comparison result, further comprising:
and if the first verification result meets the first preset condition, storing the first preset client information to the server side.
4. The POS machine security authorization deployment method according to claim 2, wherein the preset terminal whitelist information includes second preset client information, a preset terminal serial number list, and second signature information, the second signature information being information obtained by respectively signing the second preset client information and the preset terminal serial number list based on a private key;
if the first verification result meets a first preset condition, determining a second verification result of the preset terminal whitelist information based on the preset server information and the preset terminal whitelist information, including:
if the first verification result meets a first preset condition, determining a second signature verification result based on a public key and the second signature information;
determining a second comparison result of the client information based on the first preset client information and the second preset client information;
Determining a second verification result of the preset terminal white list information based on the second signature verification result and the second comparison result;
the second preset condition is that the second signature verification result passes and the second comparison result is that the first preset client information and the second preset client information are the same.
5. The authorization verification method according to claim 4, wherein after determining the second verification result of the preset terminal whitelist information based on the second verification result and the second comparison result, further comprising:
and if the second verification result meets the second preset condition, storing the preset terminal serial number list to the server side.
6. The POS security authorization deployment method of claim 4, wherein granting the client security rights if the terminal serial number and the preset terminal whitelist information satisfy a third preset condition comprises:
determining a third verification result of the terminal serial number based on a third comparison result of the terminal serial number and the preset terminal white list information;
and if the third verification result meets the third preset condition, granting the client security authority.
7. The POS security authorization deployment method of claim 6, wherein determining a third verification result of the terminal serial number based on a third comparison result of the terminal serial number and the preset terminal whitelist information comprises:
determining a third verification result of the terminal serial number based on a third comparison result of the terminal serial number and the preset terminal serial number list;
the third preset condition is that the terminal serial number is contained in the preset terminal serial number list.
8. The POS machine safety authorization deployment method is characterized by being applied to a client and comprising the following steps:
transmitting the terminal serial number to a server side;
and if the terminal serial number and the preset terminal white list information meet a third preset condition, acquiring the security authority granted by the server side.
9. The POS machine safety authorization deployment device is characterized by being applied to a server side and comprising:
the information acquisition module is used for acquiring a server serial number hash value, preset server information and preset terminal white list information;
the first verification module is used for determining a first verification result of the server based on the server serial number hash value and the preset server information;
The second verification module is used for determining a second verification result of the preset terminal white list information based on the preset server information and the preset terminal white list information if the first verification result meets a first preset condition;
the sequence receiving module is used for receiving the terminal serial number transmitted by the client if the second verification result meets a second preset condition;
and the third verification module is used for granting the client security authority if the terminal serial number and the preset terminal white list information meet a third preset condition.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the POS security authorization deployment method of any one of claims 1 to 7.
CN202310868972.1A 2023-07-14 2023-07-14 A POS machine security authorization deployment method, device and storage medium Pending CN116938471A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202310868972.1A CN116938471A (en) 2023-07-14 2023-07-14 A POS machine security authorization deployment method, device and storage medium
PCT/CN2024/100247 WO2025016143A1 (en) 2023-07-14 2024-06-20 Deployment method and device for security authorization of pos machine, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310868972.1A CN116938471A (en) 2023-07-14 2023-07-14 A POS machine security authorization deployment method, device and storage medium

Publications (1)

Publication Number Publication Date
CN116938471A true CN116938471A (en) 2023-10-24

Family

ID=88388940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310868972.1A Pending CN116938471A (en) 2023-07-14 2023-07-14 A POS machine security authorization deployment method, device and storage medium

Country Status (2)

Country Link
CN (1) CN116938471A (en)
WO (1) WO2025016143A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025016143A1 (en) * 2023-07-14 2025-01-23 百富计算机技术(深圳)有限公司 Deployment method and device for security authorization of pos machine, and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3019357B1 (en) * 2014-03-31 2020-09-04 Compagnie Ind Et Financiere Dingenierie Ingenico METHOD OF VERIFYING THE AUTHENTICITY OF A TERMINAL, DEVICE AND CORRESPONDING PROGRAM
CN107133512B (en) * 2017-03-14 2020-07-28 万达百汇科技(深圳)有限公司 POS terminal control method and device
CN108496194A (en) * 2018-03-21 2018-09-04 福建联迪商用设备有限公司 A method, server and system for verifying terminal legitimacy
CN111556024B (en) * 2020-03-31 2022-07-05 中国航天系统科学与工程研究院 Reverse access control system and method
CN116938471A (en) * 2023-07-14 2023-10-24 百富计算机技术(深圳)有限公司 A POS machine security authorization deployment method, device and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2025016143A1 (en) * 2023-07-14 2025-01-23 百富计算机技术(深圳)有限公司 Deployment method and device for security authorization of pos machine, and storage medium

Also Published As

Publication number Publication date
WO2025016143A1 (en) 2025-01-23

Similar Documents

Publication Publication Date Title
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
CN110414268B (en) Access control method, device, equipment and storage medium
US10432609B2 (en) Device-bound certificate authentication
JP4524288B2 (en) Quarantine system
US20080133937A1 (en) Remote access system, gateway, client device, program, and storage medium
US8090946B2 (en) Inter-system binding method and application based on hardware security unit
US20180232266A1 (en) Kernel program including relational database, and method and apparatus for executing said program
US20050235150A1 (en) Bi-directionally verifying measurable aspects associated with modules, pre-computing solutions to configuration challenges, and using configuration challenges along with other authentication mechanisms
CN111586021B (en) Remote office business authorization method, terminal and system
US20210334380A1 (en) Trusted firmware verification
CN102156826A (en) Provider management method and provider management system
WO2025016143A1 (en) Deployment method and device for security authorization of pos machine, and storage medium
CN110717770B (en) Anti-counterfeiting detection method, device, equipment and storage medium for vehicle parts
WO2023216813A1 (en) Security authentication method, apparatus and system, and electronic device and storage medium
US8250263B2 (en) Apparatus and method for securing data of USB devices
CN115329315A (en) Service authentication method, device, storage medium and electronic device
CN102842000A (en) Method for realizing common software registration system
CN110430213A (en) Service request processing method, apparatus and system
CN114861160A (en) Method and device, device, and storage medium for enhancing authority of non-administrator account
US20040177249A1 (en) Method and apparatus for authorizing execution for applications in a data processing system
US7743145B2 (en) Verifying measurable aspects associated with a module
US20120174206A1 (en) Secure computing environment
CN118094510A (en) System for centralized management of identity authentication and security enhancement of U shield and implementation method
CN118312946A (en) Host authentication method, host authentication device and related equipment thereof
WO2024187871A1 (en) Account data exchange method based on trusted execution environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination