| 摘要 |
The present invention relates to the method and the system for initializing secure network access for POS terminals. Said system comprises a terminal backend system and a POS terminal. The POS terminal is provided with: a security module, which was preloaded with a terminal default public key certificate, a private key file, and a CA public key certificate of the terminal backend system in the setting of leaving the factory; a transaction module, which is used for performing the acquiring operation with the following core trading module; and a parameter initializing module, which is used for implementing network access. The terminal backend system is provided with: a core trading module, which determines whether an acquiring transaction is able to be executed based on the transaction unique identifier sent from the POS terminal, and completes the acquiring operation with the above transaction module in the case that the acquiring transaction is able to be executed; and a terminal certificate issuing module, which is used for generating a terminal transaction certificate and returning said terminal transaction certificate to said POS terminal. According to the present invention, remotely and securely initializing network access for POS terminals can be achieved. |
| 主权项 |
1. A method for initializing secure network access for POS terminals, which is used to connect the POS terminal to the backend system of the terminal, the method comprising:
step of setting when leaving the factory, where a terminal default public key certificate, a default private key file, and a CA public key certificate of the terminal backend system are loaded into the POS terminal, wherein said terminal default public key certificate comprises a terminal transaction unique identifier; step of establishing a terminal transaction certificate secure downloading channel, where said terminal default public key certificate, said default private key file, and said CA public key certificate of the terminal backend system are adopted to establish the terminal transaction certificate secure downloading channel, which is used for downloading the terminal transaction certificate, between the POS terminal and the terminal backend system; step of generating a public/private key pair, where the POS terminal generates the terminal transaction public/private key pair; step of uploading information, where the POS terminal send at least said terminal transaction public key and said terminal transaction unique identifier to the terminal backend system; step of issuing a terminal transaction certificate, where the terminal backend system generates the terminal transaction certificate based on the information uploaded from the POS terminal, and returns the generated terminal transaction certificate to the POS terminal through said secure channel for downloading the terminal transaction certificate; step of establishing a secure channel for transaction, where the terminal transaction certificate, the private key file of said terminal transaction public/private key pair, and the CA public key certificate of the terminal backend system are adopted to establish a secure channel for transaction for executing transactions between the POS terminal and the terminal backend system. |
