公开(公告)号：US20240427867A1

公开(公告)日：2024-12-26

申请号：US18705116

申请日：2022-10-13

Applicant: CHINA UNIONPAY CO., LTD.

Inventor： Qi Wang ,  Yongkai Zhou

IPC: G06F21/32

Abstract: A biometric feature extraction method for a secure multi-party computation system. The method comprises: acquiring preprocessed fragments of a biometric feature; and performing feature extraction on the preprocessed fragments using a neural network, wherein in the first N convolutional and pooling layers, performing data computation on the preprocessed fragments by means of secure multi-party computation respectively to obtain intermediate data; and in the convolutional and pooling layers subsequent to the Nth layer, aggregating the intermediate data to a single-party server platform for subsequent computation, and inputting the same to a fully connected layer for completing feature extraction. There also relates to a biometric feature extraction device for a secure multi-party computation system, a computer storage medium and a computer program product.

公开(公告)号：US20160321638A1

公开(公告)日：2016-11-03

申请号：US15038164

申请日：2014-11-20

Applicant: CHINA UNIONPAY CO., LTD.

Inventor： Zhiqiang Cheng ,  Hua Cai ,  Qi Wang ,  Zhou He

IPC: G06Q20/20 ,  G06Q20/38 ,  H04L9/32

CPC classification number: G06Q20/206 ,  G06Q20/20 ,  G06Q20/38215 ,  G06Q20/3829 ,  H04L9/3263

Abstract: The present invention relates to the method and the system for initializing secure network access for POS terminals. Said system comprises a terminal backend system and a POS terminal. The POS terminal is provided with: a security module, which was preloaded with a terminal default public key certificate, a private key file, and a CA public key certificate of the terminal backend system in the setting of leaving the factory; a transaction module, which is used for performing the acquiring operation with the following core trading module; and a parameter initializing module, which is used for implementing network access. The terminal backend system is provided with: a core trading module, which determines whether an acquiring transaction is able to be executed based on the transaction unique identifier sent from the POS terminal, and completes the acquiring operation with the above transaction module in the case that the acquiring transaction is able to be executed; and a terminal certificate issuing module, which is used for generating a terminal transaction certificate and returning said terminal transaction certificate to said POS terminal. According to the present invention, remotely and securely initializing network access for POS terminals can be achieved.

Abstract translation: 本发明涉及用于初始化POS终端的安全网络访问的方法和系统。 所述系统包括终端后端系统和POS终端。 POS终端设置有：在出厂设置中预装有终端默认公钥证书，私钥文件和终端后端系统的CA公钥证书的安全模块; 交易模块，用于使用以下核心交易模块执行获取操作; 以及用于实现网络访问的参数初始化模块。 终端后端系统具有：核心交易模块，其基于从POS终端发送的交易唯一标识符确定是否能够执行获取交易，并且在以下情况下完成与上述交易模块的获取操作： 收购交易能够执行; 以及用于生成终端交易证书并将所述终端交易证书返回到所述POS终端的终端证书发行模块。 根据本发明，可以实现对POS终端的网络访问的远程可靠的初始化。

公开(公告)号：US20160189126A1

公开(公告)日：2016-06-30

申请号：US14907036

申请日：2014-07-25

Applicant: CHINA UNIONPAY CO., LTD.

Inventor： Zhiqiang Cheng ,  Zhou He ,  Qi Wang ,  Shou He

IPC: G06Q20/20 ,  G06Q20/40

CPC classification number: G06Q20/206 ,  G06Q20/202 ,  G06Q20/204 ,  G06Q20/3823 ,  G06Q20/401 ,  G06Q2220/00 ,  H04L9/0618 ,  H04L2209/56

Abstract: The present application discloses a secure transfer method for cloud-based POS transaction sensitive data, comprising steps of: (a) exchanging a transaction process key with the cloud POS terminal; (b) receiving, from the cloud POS terminal, the transaction request packet encrypted by using the transaction process key; and (c) obtaining the transaction sensitive data from the transaction request packet, and using the transaction process key to operate on the transaction sensitive data so as to upload to the financial acquiring platform. The present invention also discloses a secure transfer system for cloud-based POS transaction sensitive data.

Abstract translation: 本申请公开了一种用于基于云的POS交易敏感数据的安全转移方法，包括以下步骤：（a）与云POS终端交换交易处理密钥; （b）从云POS终端接收通过使用事务处理密钥加密的交易请求包; 以及（c）从交易请求包获取交易敏感数据，并使用交易过程密钥对交易敏感数据进行操作，以便上传到金融收购平台。 本发明还公开了一种用于基于云的POS交易敏感数据的安全传送系统。

公开(公告)号：US11443293B2

公开(公告)日：2022-09-13

申请号：US15038164

申请日：2014-11-20

Applicant: CHINA UNIONPAY CO., LTD.

Inventor： Zhiqiang Cheng ,  Hua Cai ,  Qi Wang ,  Zhou He

IPC: G06Q20/20 ,  G06Q20/38 ,  H04L9/32

Abstract: The present invention relates to the method and the system for initializing secure network access for POS terminals. Said system comprises a terminal backend system and a POS terminal. The POS terminal is provided with: a security module, which was preloaded with a terminal default public key certificate, a private key file, and a CA public key certificate of the terminal backend system in the setting of leaving the factory; a transaction module, which is used for performing the acquiring operation with the following core trading module; and a parameter initializing module, which is used for implementing network access. The terminal backend system is provided with: a core trading module, which determines whether an acquiring transaction is able to be executed based on the transaction unique identifier sent from the POS terminal, and completes the acquiring operation with the above transaction module in the case that the acquiring transaction is able to be executed; and a terminal certificate issuing module, which is used for generating a terminal transaction certificate and returning said terminal transaction certificate to said POS terminal. According to the present invention, remotely and securely initializing network access for POS terminals can be achieved.

公开(公告)号：US11374878B2

公开(公告)日：2022-06-28

申请号：US17279413

申请日：2019-10-22

Applicant: CHINA UNIONPAY CO., LTD.

Inventor： Yongkai Zhou ,  Danni Jiang ,  Qi Wang ,  Dongjie He

IPC: H04L49/20 ,  H04L69/16 ,  H04L69/22

Abstract: The present disclosure provides a method and a device for data processing. The method includes acquiring at least two pathways of communication messages, where the at least two pathways of communication messages are messages intercepted in a bypass manner from messages transmitted by a service processing system to an external system; and the service processing system does not execute logic of record storage; processing the at least two pathways of communication messages, and determining communication messages to-be-stored from the at least two pathways of communication messages processed; and according to the at least two pathways of communication messages, storing the communication messages to-be-stored in a database.