Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with drawings and the specific embodiments.
The present invention proposes a kind of one-card multi-transit service system.Fig. 2 is the basic block diagram of one-card multi-transit service system among the present invention.Referring to Fig. 2, comprise in the basic structure of system of the present invention: the Bus Card card, the POS machine, PC, business platform, third party system and all-purpose card server,
The POS machine is used for the Bus Card card is authenticated, and after authentication is passed through, Bus Card card identity information is sent to PC, and the service order according to PC is sent carries out corresponding read-write operation to the Bus Card card;
PC is used for sending the service request of carrying Bus Card card identity information to business platform, and the service order that business platform is sent sends to the POS machine;
Business platform, be used for system interaction with the third party, after the interaction success, the service request of sending according to PC sends the key application request of carrying Bus Card card identity information to the all-purpose card server, and the service order that the all-purpose card server is sent sends to PC;
The all-purpose card server to the authentication of Bus Card card, after authentication is passed through, returns service order according to key request to business platform according to the identifying information of the Bus Card card in the key application request.
Correspondingly, the invention allows for a kind of service implementation method of utilizing one-card multi-transit service system, the core concept of this method is: the POS machine is after authentication is passed through to the Bus Card card, Bus Card card identity information is sent to PC, and PC sends the service request of carrying Bus Card card identity information to business platform; Business platform and third party's system interaction, after the interaction success, the service request of sending according to PC sends the key application request of carrying Bus Card card identity information to the all-purpose card server; The all-purpose card server authenticates the Bus Card card according to the identifying information of the Bus Card card in the key application request, after authentication is passed through, returns service order according to key request to business platform; Business platform sends to the POS machine by PC with service order; The service order that the POS machine is sent according to PC carries out corresponding read-write operation to the Bus Card card.
As seen, in the present invention, one-card multi-transit service system with respect to prior art has increased PC, business platform and third party system, the POS machine no longer carries out direct communication with the all-purpose card server, but land business platform by PC, thereby finish and the communicating by letter of third party system and all-purpose card server, particularly, the user can pass through PC, trigger business platform and third party system and carry out information interaction, thereby obtain more service application from the third party system, expanded the application of Bus Card business, for user's use brings convenience.
In the present invention, (Certificate Authority, CA) certificate comes the transaction data that transmits between POS machine and the all-purpose card server is carried out encryption and decryption, thereby further promotes the security of transaction can further to utilize e-business certification authorized organization.And, can also utilize CA certificate to come the transaction data that transmits between POS machine and the all-purpose card server is signed, thereby guarantee the non repudiation of transaction.For this reason, in one embodiment of the invention, at first, can make CA certificate respectively for POS machine, business platform and all-purpose card server in advance by the CA center of third party authoritative institution, such as, for the POS machine, can be to generate a pair of public private key pair by the POS machine, by business platform PKI is delivered to the CA center, the CA center utilizes PKI to make the CA certificate of POS machine.The PKI and the certificate information that all comprise use equipment in each CA certificate.Such as, comprise the PKI and the certificate information of all-purpose card server in the CA certificate of all-purpose card server.Secondly, the CA center with the CA certificate of the CA certificate of the CA certificate of POS machine, business platform and all-purpose card server respectively correspondence be distributed to POS machine, business platform and all-purpose card server, and the CA certificate of each POS machine copied to all-purpose card server and business platform, and business platform and all-purpose card server also can obtain the other side's CA certificate mutually.After this, just can utilize CA certificate to realize the encryption and decryption of transaction data and the signature of transaction data.
In specific implementation of the present invention, can utilize one-card multi-transit service system shown in Figure 2 to realize the multiple business application, such as, the noncash at any time of Bus Card card is supplemented with money; Utilize the Bus Card card to carry out shopping online; Utilize the Bus Card card to carry out supermarket bankcard consumption or the like.
Lifting two specific embodiments below describes in detail the Bus Card card noncash specific implementation process of supplementing with money and utilize the Bus Card card to carry out the specific implementation process of shopping online at any time.
Embodiment 1:
Present embodiment describes in detail the Bus Card card noncash specific implementation process of supplementing with money at any time.
Fig. 3 is first kind of specific implementation structural drawing of one-card multi-transit service system in the present invention; Fig. 4 is the process flow diagram of the embodiment of the invention 1.Referring to Fig. 3, when the present invention realized that noncash is supplemented with money at any time to the Bus Card card, the third party system in the system of the present invention was Net silver or third party's payment system (such as Alipay etc.), and at this moment, referring to Fig. 4, this implementation procedure specifically may further comprise the steps:
Step 401: be each professional page binding client install software (OCX) control of business platform.
In this step, the OCX control is to be used for carrying out information interaction with the POS machine, finishes the software of business operation with indication POS machine.Because follow-up POS machine is to be directly connected to PC, therefore, in order to make business platform can control the operation of POS machine, professional page binding O CX control for business platform, be connected to any professional page of business platform by PC when the POS machine after, PC can access the OCX control of page binding, thereby mutual with the POS machine, and indication POS machine is finished business operation.
Step 402: the Bus Card card user is put into the POS machine with card and the POS machine is connected on the PC, and the recharging service page that logs on business platform by PC selects to supplement with money function.
In this step, the POS machine can be connected on the PC by USB interface.
Step 403:PC machine is downloaded the OCX control of binding with the recharging service page from business platform, and the OCX control in this PC activates the POS machine, and detects the POS machine.
The POS machine can send to the all-purpose card server by PC and business platform with the Card Reader request after activating, and the all-purpose card server is carried at the PKI in the own CA certificate in the Card Reader indication and sends to the POS machine by business platform and PC.
Step 404:POS machine is sought card and is handled, and reads the identity information of Bus Card card, according to the identity information that reads the Bus Card card is authenticated, and after authentication is passed through, Bus Card card identity information is sent to PC.
Further, for the non-repudiation that guarantees to conclude the business, may further include following processing in the step 404: the private key of POS machine utilization oneself is signed to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, and send to business platform by PC, business platform utilizes the PKI in the CA certificate of POS machine that authentication request is tested label, test sign successfully after, the private key of business platform utilization oneself is signed to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, and send to the all-purpose card server, PKI in the CA certificate of all-purpose card server by utilizing business platform is tested label to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, test and sign successfully the back identity information of Bus Card card identity information and POS machine is authenticated return authentication success message behind the authentication success.
Step 405:PC machine receives the recharge amount and the accounts information of user's input, sends the charging request of carrying Bus Card card identity information, recharge amount and accounts information to business platform.
Step 406: business platform sends to corresponding Net silver or third party's payment system according to the accounts information in the charging request with the request of withholing.
Step 407: corresponding Net silver or third party's payment system are deducted corresponding recharge amount according to the request of withholing that receives from the account of correspondence, the success message of will withholing returns to business platform.
Step 408: after business platform receives the success message of withholing, send the key application request of supplementing with money of carrying Bus Card card identity information and recharge amount information to the all-purpose card server.
Step 409: the all-purpose card server authenticates this card according to Bus Card card identity information, after authentication is passed through, generates and supplements order with money, utilizes the key of preserving in advance to encrypt supplementing order with money, sends to business platform then.
In the step 408, business platform can further utilize self private key to sign to supplementing key application request with money, and then sends to the all-purpose card server; In the step 409, the all-purpose card server can further utilize the PKI in the CA certificate of business platform to test label to supplementing key application request with money, test sign successfully after, regeneration is supplemented order with money.In the step 409, the all-purpose card server can be to utilize the PKI in the CA certificate of POS machine to encrypt supplementing order with money, and utilizes the private key in the CA certificate of all-purpose card server oneself to sign and send to business platform then supplementing order with money.
Step 410: business platform is supplemented this with money order and is sent to PC, and the OCX control in the PC is supplemented this with money order and sent to the POS machine.
Here, after business platform receives and supplements order with money, at first utilize the PKI in the CA certificate of all-purpose card server to test label to supplementing order with money, test sign successfully after, just will supplement order with money and send to PC.
Step 411:POS machine is supplemented with money for the Bus Card card according to supplementing order with money, promptly revises the balance amount information in the Bus Card card.
Here, the POS machine receive after the encryption supplement order with money after, at first utilize the private key of oneself to be decrypted to supplementing order with money, supplement order with money thereby obtain.
So far, then finished and utilized the POS machine easily the Bus Card card to be supplemented with money at any time, and what use when supplementing with money is Net silver or third party's payment system, make in cash and supplement with money to the site of supplementing with money of appointment and need not the user.
Accurate for the information that further guarantees the Bus Card card that Tong Ka company place's all-purpose card server is safeguarded, the present invention can further include following steps 412-413.
The key that the utilization of step 412:POS machine is preserved is in advance encrypted the current balance amount information of Bus Card card, sends to the all-purpose card server by PC and business platform.
This step specific implementation can be: the POS machine can be to utilize the PKI in the CA certificate of all-purpose card server that the current balance amount information of Bus Card card is encrypted, and can further utilize the private key of POS self that the current balance amount information of Bus Card card is signed, send to business platform by PC then, business platform utilizes the PKI in the CA certificate of POS machine that the current balance amount information of Bus Card card is tested label, test sign successfully after, at first utilize the private key of business platform self that the current balance amount information of Bus Card card is signed, send to the all-purpose card server then.
Step 413: the key that the all-purpose card server further utilizes preservation is decrypted the balance amount information of the Bus Card card that receives, the balance amount information of the Bus Card card of preserving according to the information updating self after the deciphering.
Correspondingly, a kind of specific implementation of this step comprises: the PKI in the CA certificate of all-purpose card server by utilizing business platform is tested label to the current balance amount information of Bus Card card, test sign successfully after, utilize the private key of self that the current balance amount information of Bus Card card is decrypted, the balance amount information of the Bus Card card of preserving according to the information updating self after the deciphering.
Embodiment 2:
Present embodiment describes in detail and utilizes the Bus Card card to carry out the specific implementation process of shopping online.
Fig. 5 is second kind of specific implementation structural drawing of one-card multi-transit service system in the present invention; Fig. 6 is the process flow diagram of the embodiment of the invention 2.Referring to Fig. 5, when the present invention utilized the Bus Card card to carry out shopping online at any time, the third party system in the system of the present invention was and the signatory commerce system of business platform that at this moment, referring to Fig. 6, this implementation procedure specifically may further comprise the steps:
Step 601: be each professional page binding client install software (OCX) control of business platform.
In this step, the OCX control is to be used for carrying out information interaction with the POS machine, finishes the software of business operation with indication POS machine.Because follow-up POS machine is to be directly connected to PC, therefore, in order to make business platform can control the operation of POS machine, professional page binding O CX control for business platform, be connected to any professional page of business platform by PC when the POS machine after, PC can access the OCX control of page binding, thereby mutual with the POS machine, and indication POS machine is finished business operation.
Step 602: the Bus Card card user logs on commerce system by PC, selects the commodity of required purchase, and selects to use the payment of Bus Card card.
Step 603: commerce system generates corresponding goods orders and sends to business platform according to user's selection.
The amount of money that comprises the commodity of required purchase in this goods orders, i.e. payment information.
Step 604: business platform is opened the consumption service page after receiving goods orders.
Step 605: the user puts into the POS machine with the Bus Card card and the POS machine is connected on the PC, logs on the consumption service page of business platform by PC.
In this step, the POS machine can be connected on the PC by USB interface.
Step 606:PC machine is downloaded the OCX control of binding with the consumption service page from business platform, and the OCX control in this PC activates the POS machine, and detects the POS machine.
The POS machine can send to the all-purpose card server by PC and business platform with the Card Reader request after activating, and the all-purpose card server is carried at the PKI in the own CA certificate in the Card Reader indication and sends to the POS machine by business platform and PC.
Step 607:POS machine is sought card and is handled, and reads the identity information of Bus Card card, according to the identity information that reads the Bus Card card is authenticated, and after authentication is passed through, Bus Card card identity information is sent to PC.
Further, for the non-repudiation that guarantees to conclude the business, may further include following processing in the step 607: the private key of POS machine utilization oneself is signed to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, and send to business platform by PC, business platform utilizes the PKI in the CA certificate of POS machine that the authentication request of the identity information that carries Bus Card card identity information and POS machine self is tested label, test sign successfully after, the private key of business platform utilization oneself is signed to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, and send to the all-purpose card server, PKI in the CA certificate of all-purpose card server by utilizing business platform is tested label to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, test and sign successfully, the return authentication success message.
Step 608:PC machine sends the Payment Request of carrying Bus Card card identity information to business platform.
Step 609: after business platform receives Payment Request, send the payment key application request of carrying Bus Card card identity information, payment information to the all-purpose card server.
Step 610: the all-purpose card server authenticates this mass transit card according to Bus Card card identity information, after authentication is passed through, utilizes the key of preserving in advance that the order of withholing is encrypted, and sends to business platform then.
In the step 609, business platform can further utilize self private key that payment key application request is signed, and then sends to the all-purpose card server; In the step 610, the all-purpose card server can further utilize the PKI in the CA certificate of business platform that label are tested in payment key application request, test sign successfully after, the regeneration order of withholing.Here, the all-purpose card server can be to utilize the PKI in the CA certificate of POS machine that the order of withholing is encrypted, and utilizes private key in the CA certificate of all-purpose card server oneself that the order of withholing is signed to send to business platform then.
Step 611: business platform sends to PC with this order of withholing, and the OCX control in the PC sends to the POS machine with this order of withholing.Here, after business platform receives the order of withholing, can at first utilize the PKI in the CA certificate of all-purpose card server that label are tested in the order of withholing, test sign successfully after, the order of just will withholing sends to PC.
Step 612:POS machine is according to withholing order, and the corresponding amount of money of deduction is promptly revised the balance amount information in the Bus Card card from the Bus Card card.Here, after the POS machine receives the order of withholing after the encryption, at first utilize the private key of oneself that the order of withholing is decrypted, thereby obtain the order of withholing.
So far, then finished and utilize the POS machine to carry out shopping online at any time easily.
Accurate for the information that further guarantees the Bus Card card that Tong Ka company place's all-purpose card server is safeguarded, the present invention can further include following steps 613-614.
The key that the utilization of step 613:POS machine is preserved is in advance encrypted the current balance amount information of Bus Card card, sends to the all-purpose card server by PC and business platform.
This step specific implementation can be: the POS machine can be to utilize the PKI in the CA certificate of all-purpose card server that the current balance amount information of Bus Card card is encrypted, and can further utilize the private key of POS self that the current balance amount information of Bus Card card is signed, send to business platform by PC then, business platform utilizes the PKI in the CA certificate of POS machine that the current balance amount information of Bus Card card is tested label, test sign successfully after, at first utilize the private key of business platform self that the current balance amount information of Bus Card card is signed, send to the all-purpose card server then.
Step 614: the key that the all-purpose card server further utilizes preservation is decrypted the balance amount information of the Bus Card card that receives, the balance amount information of the Bus Card card of preserving according to the information updating self after the deciphering.
Correspondingly, a kind of specific implementation of this step comprises: the PKI in the CA certificate of all-purpose card server by utilizing business platform is tested label to the current balance amount information of Bus Card card, test sign successfully after, utilize the private key of self that the current balance amount information of Bus Card card is decrypted, the balance amount information of the Bus Card card of preserving according to the information updating self after the deciphering.
Need to prove, in order to realize this ca authentication, the present invention need carry out following processing in advance: with the POS machine is example, submit to the registration of POS machine to set up request to authentication center (CA), CA sets up the log-on message of this POS machine, registering result is comprised that reference number and authorization code return to the POS machine, at last to POS machine distribution CA certificate, the distribution approach of this CA certificate has multiple, such as, a kind of is the outer distribution of band, i.e. offline mode, the CA certificate of distributing to the POS machine is stored in the storage medium, and the POS machine obtains corresponding C A certificate from this storage medium; Another kind is distribution in the band, and the POS machine is connected to CA, provides reference number and authorization code to CA, and CA sends to the POS machine with CA certificate after verifying that this reference number and authorization code are correctly, and like this, the POS machine has then obtained CA certificate.
Also need to prove, in order further to increase the security of system of the present invention, guarantee the interests of business platform and POS machine, can not be by imitated, in a preferred embodiment of the present invention, can also increase the mutual authentication process between business platform and the POS machine, the POS machine be connected to business platform prepare the Bus Card card supplemented with money with shopping online before, must carry out the authentication between platform and the POS earlier, the key of business platform is placed in the encryption equipment, and the key of POS machine is placed in the main control MCU; The POS machine is issued the business platform authenticating identity with the secret key encryption authentication information, and business platform is confirmed identity with secret key decryption; Vice versa, and business platform is issued POS machine authenticating identity with the secret key encryption authentication information, POS machine secret key decryption authenticating identity.After both sides' authentication, supplement with money again or shopping online operation, if a side is arranged not by authenticating then forbid carrying out other operations.The method of concrete two-way authentication can comprise following two kinds of methods:
Method one, when the POS machine is connected to business platform by PC, the POS machine send to be differentiated instruction by PC to business platform; After business platform receives and differentiates instruction, produce random number R B (random number length can be half of cryptographic algorithm block length), send to the POS machine by PC; The POS machine produces random number RA (random number length can be half of cryptographic algorithm block length), with the PKI K1 of business platform to RA and RB encrypt obtain Token1=Enc (RA||RB, K1), the POS machine sends to business platform with Token1 by PC; Business platform obtains RA ' and RB ' with the private key K2 deciphering Token1 of self, compares RB ' and RB, and as the authentification failure of inconsistent then business platform to the POS machine, end is mutual with this POS machine; As unanimity, then business platform produces random number R C, with the PKI K3 of POS machine to RA ' and RC encrypt obtain Token2=Enc (RA ' || RC K1), sends to the POS machine with Token2 by PC; The POS machine with self private key K4 deciphering Token2 after, relatively whether RA ' consistent with RA, as the authentification failure of inconsistent then POS to business platform, finish and business platform alternately; Then POS is to the authentication success of business platform machine as unanimity, and then two-way discriminating is passed through, otherwise two-way discriminating is not passed through.
When method two, business platform initialization or distribution, the certificate CER_T that sign and issue at the private key Tv of storage service platform oneself and CA center.The certificate CER_R that sign and issue at the private key Rv of POS machine storage POS machine oneself and CA center.The POS machine sends to business platform by PC and differentiates request instruction; Business platform produces random number R B, sends to the POS machine by PC; The POS machine produces random number RA, and the private key Rv of usefulness oneself signs to RA||RB||UID and obtains SgnData1, and wherein, UID is ID number of POS machine, and data block Token1=RA||RB||UID||SgnData1||CER_R is sent to business platform by PC; Business platform is used to CA center requests authentication certificate CER_R, pass through as checking, public key verifications digital signature SgnData1 with POS machine in this certificate, then finish authentication if the verification passes to the POS machine, carry out next step operation, otherwise the POS identity differentiates and does not pass through that this discrimination process is ended;
Business platform is used the private key Tv of oneself that RA||UID is signed and is obtained SgnData2, and RA||UID||SgnData2||CER_T is sent to the POS machine by PC; The POS machine is by the certificate CER_T of PC to CA center requests checking business platform, if the verification passes, public key verifications digital signature SgnData2 with business platform in this certificate, then finish authentication if the verification passes to business platform, otherwise the business platform authentication is not passed through, and this discrimination process is ended.
Mutual authentication process between above-mentioned business platform and the POS machine is for flow process shown in Figure 4, can occur in the step 402, promptly when the POS machine logs on the recharging service page of business platform by PC, carry out above-mentioned mutual authentication process, carry out subsequent step behind the authentication success.For flow process shown in Figure 6, can occur in the step 605, promptly when the POS machine logs on the consumption service page of business platform by PC, carry out above-mentioned mutual authentication process, behind the authentication success, carry out subsequent step.
The idiographic flow of the inventive method when realizing that recharging service and shopping online are professional more than described.
In the business realizing of reality, the present invention comprises any one or multiple combination in the following concrete system implementation at least for the specific implementation details of one-card multi-transit service system:
A, non repudiation and security in order to realize concluding the business, the POS machine was further used for before the Bus Card card being carried out corresponding read-write operation, the private key that utilizes oneself is signed to the authentication request of the identity information that carries Bus Card card identity information and POS machine self, and sends to business platform by PC;
Described business platform further utilizes the PKI in the CA certificate of POS machine that authentication request is tested label, test sign successfully after, the private key of business platform utilization oneself is signed to the authentication request of carrying Bus Card card identity information and POS identity information, and sends to the all-purpose card server;
Described all-purpose card server further utilizes the PKI in the CA certificate of business platform that the authentication request of the identity information that carries Bus Card card identity information and POS machine is tested label, tests to sign successful back the identity information of Bus Card card identity information and POS machine is authenticated.
B, the non repudiation in order to realize concluding the business, described business platform send to the all-purpose card server after further utilizing self private key that key application request is signed again; Correspondingly, described all-purpose card server further utilizes the PKI in the CA certificate of business platform that label are tested in key application request, test sign successfully after, carry out again and describedly return service order to business platform;
C, the non repudiation in order to realize concluding the business return to business platform after the private key in the described all-purpose card server by utilizing all-purpose card server CA certificate is signed to service order; Correspondingly, described business platform utilizes the PKI in the CA certificate of all-purpose card server that service order is tested label, test sign successfully after, just service order is sent to PC.
One, in order to guarantee the security of information between POS machine and the all-purpose card server, in the specific implementation of system of the present invention, can carry out encryption to transmitted information, concrete system's implementation comprises:
The all-purpose card server further before returning service order to business platform, utilizes the PKI in the CA certificate of POS machine that this service order is encrypted; At this moment, correspondingly, POS machine inside can comprise: antenna, module for reading and writing, security module and processing module, and preferably, module for reading and writing, security module and processing module can be integrated in the chip; Wherein,
Module for reading and writing is used to read the identity information of Bus Card card, is transmitted to security module by processing module;
Security module, according to Bus Card card identity information, the Bus Card card is authenticated, after authentication is passed through, by processing module Bus Card card identity information is sent to PC, and the private key of preserving the POS machine in the key district of inaccessible, the service order that utilizes this private key that processing module is sent is decrypted, and the data after the deciphering are returned to processing module;
Processing module, the service order that PC is sent is transmitted to security module, and according to the service order that security module is returned, the control module for reading and writing carries out corresponding read-write operation to the Bus Card card.
Two, in the specific implementation of system of the present invention, can utilize system of the present invention to realize easily mass transit card all-purpose card card being supplemented with money at any time, and need not the user supplement the site with money and make and supplement with money in cash to specifying, at this moment, third party system in the system of the present invention is Net silver or third party's payment system, comprising:
Net silver or third party's payment system specifically are according to the request of withholing that receives, the corresponding recharge amount of deduction from the account of correspondence, and the success message of will withholing returns to business platform;
PC, specifically be used to be linked to the recharging service page of described business platform, from this page, download the OCX control, recharge amount and accounts information according to user's input, generation is as the charging request of described service request and send to business platform, utilize the OCX control, the order of supplementing with money as service order that the all-purpose card server is sent by business platform sends to the POS machine;
Business platform, after receiving charging request, the request of will withholing sends to described Net silver or third party's payment system, after receiving the success message of withholing, carries out to the all-purpose card server and sends the key application request of supplementing with money of carrying Bus Card card identity information;
Described POS machine, supplement order with money according to what PC was sent, revise the balance amount information in the Bus Card card, revise successfully after, utilize the key of preserving that the current balance amount information of Bus Card card is encrypted, send to the all-purpose card server by PC and business platform;
The all-purpose card server further utilizes the key preserved that the balance amount information of the Bus Card card that receives is decrypted, the balance amount information of the Bus Card card of preserving according to the information correction self after the deciphering.
Three, in the specific implementation of system of the present invention, can utilize mass transit card all-purpose card card to carry out shopping online, at this moment, the third party system in the system of the present invention is a commerce system, concrete system's implementation comprises:
Commerce system specifically after detecting user commodity of selecting by PC and the information of using the payment of Bus Card card, generates corresponding goods orders and sends to business platform;
Business platform is further used for after receiving goods orders, opens the consumption service page, after receiving the Payment Request that PC sends, carries out to the all-purpose card server and sends the payment key application request of carrying Bus Card card identity information;
Described PC, be used to be linked to the consumption service page of business platform, from the consumption service page, download the OCX control, Payment Request is sent to business platform as described service request, according to the instruction of OCX control, the order of withholing as service order that business platform is sent sends to the POS machine;
Described POS machine, the balance amount information in the Bus Card card is revised in the order of withholing of sending according to PC, revise successfully after, utilize the key of preserving that the current balance amount information of Bus Card card is encrypted, send to the all-purpose card server by PC and business platform;
The all-purpose card server further utilizes the key preserved that the balance amount information of the Bus Card card that receives is decrypted, the balance amount information of the Bus Card card of preserving according to the information correction self after the deciphering.
In mode two, three, preferably, described POS machine utilizes the PKI in the CA certificate of all-purpose card server that the current balance amount information of Bus Card card is encrypted; Described all-purpose card server, self the private key of utilize preserving is decrypted the balance amount information of the Bus Card card that receives.
Four, can not can be carried out two-way authentication between system business platform of the present invention and the POS machine by imitated for the interests that guarantee business platform and POS machine, concrete system's implementation comprises:
Described POS machine, further when being connected to business platform by PC, utilize secret key encryption self identity information of preserving and send to PC, utilize the key preserved in advance that the identity information of the business platform that receives is decrypted, according to the information after the deciphering business platform is authenticated, after the two-way authentication of POS machine and business platform success, carry out described Bus Card card identity information is sent to PC;
PC, further the identity information with the POS machine that receives sends to business platform, and the identity information of the business platform that receives is sent to the POS machine;
Described business platform, further utilize the key preserved in advance that the identity information of the POS machine that receives is decrypted, according to the information after the deciphering POS machine is authenticated, utilize the identity information of the secret key encryption self of preserving in advance and send to PC, after the two-way authentication success of POS machine and business platform, carry out described to all-purpose card server transmission key application processing of request; Wherein,
Described POS machine is encrypted the key that self identity information uses and is the PKI in the CA certificate of business platform or other predefined keys, and the key that the identity information of business platform is decrypted is private key or other predefined keys of POS machine; Described business platform is decrypted use to the identity information of POS machine key is self private key or other predefined keys, encrypts the key that self identity information uses and is the PKI in the CA certificate of POS or other predefined keys.
The invention allows for a kind of business platform, referring to Fig. 7, this business platform comprises: first processing module 701 is used for the system interaction with the third party; Second processing module 702 is used for after the first processing module interaction success, and the service request of sending according to PC sends the key application request of carrying Bus Card card identity information to the all-purpose card server; The 3rd processing module 703 is used for the service order that the all-purpose card server is sent is sent to PC.
Among the present invention, for the non repudiation that guarantees to conclude the business, information transmitted can sign and test to sign and handle between business platform and the POS machine, and is same, information transmitted also can sign and test to sign and handle between business platform and the all-purpose card server, and concrete a kind of realization can comprise:
Described second processing module 702 comprises that first tests the bamboo slips used for divination or drawing lots module, and the authentication request of carrying Bus Card card identity information and POS identity information that is used for utilizing the PKI of the CA certificate of POS machine that PC is sent is tested label; And/or, be used for send described key application request to the all-purpose card server before, utilize the private key of business platform that key application request is signed;
Described the 3rd processing module 703 comprises that second tests the bamboo slips used for divination or drawing lots module, be used for described first test the bamboo slips used for divination or drawing lots module test sign successfully after, utilize the private key of business platform that the authentication request of carrying Bus Card card identity information and POS identity information is signed, and send to the all-purpose card server; And/or, be used for utilizing the PKI of the CA certificate of all-purpose card server that service order is tested label, test and service order is sent to PC after signing successfully.
Utilize business platform of the present invention, can realize the Bus Card card is supplemented with money, and realize utilizing the Bus Card card to carry out shopping online, a kind of concrete realization can comprise:
Described first processing module comprises: supplement processing sub with money, after receiving charging request, the request of will withholing sends to described Net silver or third party's payment system, determines after receiving the success message of withholing and described third party's system interaction success; And/or the transaction processing submodule is determined after receiving the goods orders that commerce system sends and described third party's system interaction success.
The invention allows for a kind of POS machine, it is characterized in that, comprising: antenna, and
Module for reading and writing is used to read the identity information of Bus Card card, is transmitted to security module by processing module; Security module, according to Bus Card card identity information, the Bus Card card is authenticated, after authentication is passed through, by processing module Bus Card card identity information is sent to PC, and the service order that utilizes key that processing module is sent is decrypted, and the data after the deciphering are returned to processing module; Processing module is issued security module with the service order that PC is sent, and the service order control module for reading and writing after the deciphering of returning according to security module carries out corresponding read-write operation to the Bus Card card.
Described security module is used for preserving in the key district of inaccessible the private key of POS machine, and this private key is corresponding to the PKI of the CA certificate of POS machine, and utilizes this private key to carry out the described service order that processing module is sent to be decrypted; And/or described security module is further used for utilizing the private key of POS machine that the authentication request of carrying Bus Card card identity information and POS identity information is signed, and sends to PC by processing module; And/or described security module is further used for utilizing the PKI in the CA certificate of all-purpose card server that the current balance amount information of Bus Card card is encrypted, and sends to PC by processing module.
In the present invention, can be connected or the internet carries out above-mentioned information interaction by TCP/IP between business platform and the PC; Can carry out information interaction by internet or special line between business platform and the third party system (such as Net silver, third party's payment system or commerce system).
In a word, the above only is preferred embodiment of the present invention, and non-limiting protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.All should be included within protection scope of the present invention.