CN106228349A - The method of commerce of a kind of electronic signature equipment and electronic signature equipment - Google Patents
The method of commerce of a kind of electronic signature equipment and electronic signature equipment Download PDFInfo
- Publication number
- CN106228349A CN106228349A CN201610584717.4A CN201610584717A CN106228349A CN 106228349 A CN106228349 A CN 106228349A CN 201610584717 A CN201610584717 A CN 201610584717A CN 106228349 A CN106228349 A CN 106228349A
- Authority
- CN
- China
- Prior art keywords
- unit data
- data bag
- electronic signature
- signature equipment
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Abstract
The invention provides method of commerce and the electronic signature equipment of a kind of electronic signature equipment, the method includes: electronic signature equipment obtains M the first unit data bag from the safety chip of electronic signature equipment, M the first unit data bag and transaction request are sent to server, transaction request at least includes: dealing money, wherein, each first unit data bag represents a kind of currency denomination in multiple currency denomination, and the summation of M the currency denomination representated by the first unit data bag is equal to dealing money;Electronic signature equipment receive server send N number of first unit data bag, wherein, 0 < N < M, M, N be integer;In the case of the summation of the currency denomination representated by N number of first unit data bag is equal to dealing money, electronic signature equipment deletes M the first unit data bag in safety chip, and is stored in by the N number of first unit data bag received in the memory space of safety chip distribution of electronic signature equipment.
Description
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to method of commerce and the electronics label of a kind of electronic signature equipment
Name equipment.
Background technology
In existing electronic transaction, the fund of user is deposited in the account in digital form, such as: user holds 100 yuan
Fund, this fund is stored in the user account of bank server in digital form, after 10 yuan when customer consumption, silver
Row server needs the fund 100 in user account to be rewritten as 90, to complete the clearance of account.In order to ensure fund numerical value
Safety, after bank server rewrites numerical value, will sign to revised fund numerical value 90.Because user hands over every time
After easily, the amount of money numerical value in account all can change, thus bank server will be for the numerical value after variation every time at
Reason.It is to say, existing electronic transaction bank server to be relied on, electronic transaction needs that user is carried out and bank service
Device carries out real-time synchronization, it is impossible to realize many off-line transactions of complete independently in the case of not networking.
Summary of the invention
It is contemplated that at least solve one of the problems referred to above.
Present invention is primarily targeted at the method for commerce that a kind of electronic signature equipment is provided.
Another object of the present invention is to provide a kind of electronic signature equipment.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
One aspect of the present invention provides the method for commerce of a kind of electronic signature equipment, including: electronic signature equipment is from electronics
The safety chip of signature device obtains M the first unit data bag, M the first unit data bag and transaction request are sent
To server, transaction request at least includes: dealing money, and wherein, each first unit data bag represents in multiple currency denomination
A kind of currency denomination, the summation of M currency denomination representated by the first unit data bag is equal to dealing money;Electronic signature sets
Standby receive N number of first unit data bag that server sends, wherein, 0 < N < M, M, N be integer;At N number of first unit data
The summation of the currency denomination representated by bag is equal in the case of dealing money, and electronic signature equipment deletes M in safety chip
First unit data bag, and the N number of first unit data bag received is stored in the safety chip distribution of electronic signature equipment
Memory space in.
Additionally, electronic signature equipment obtain from the safety chip of electronic signature equipment M the first unit data bag it
Before, method also includes: electronic signature equipment receives the triggering command of the memory space of release safety chip, or, electronics label
Name equipment Inspection reaches default value to total number of the first unit data bag currently stored in safety chip.
Additionally, M the first unit data bag is sent to server by electronic signature equipment, including: electronic signature equipment is to M
Individual first unit data bag is encrypted, and obtains M the second unit data bag, and is coated with lid safety with M the second unit data
M the first unit data bag of storage in chip, sends M the second unit data bag to server;Electronic signature equipment is deleted
Except the first unit data bag of the M in safety chip, including: electronic signature equipment deletes M the second unit in safety chip
Packet.
Additionally, the first unit data bag at least includes: the first unit data, the first unit data at least includes: currency face
Value Data, or, currency sequence number and currency denomination data;First unit data bag the most also includes one below: the bank of issue
Mark and bank certificate sequence number.
Additionally, M the first unit data bag is encrypted by electronic signature equipment, including: electronic signature equipment utilizes clothes
The first unit data in each first unit data bag in M the first unit data bag is at least added by the PKI of business device
Close.
Additionally, M the first unit data bag is encrypted by electronic signature equipment, including: electronic signature equipment utilizes right
Key is claimed at least the first unit data in each first unit data bag in M the first unit data bag to be encrypted;
After M the first unit data bag is encrypted by electronic signature equipment, method also includes: delete symmetric key.
Another aspect of the present invention provides a kind of electronic signature equipment, including: security module, for obtaining self storage
M the first unit data bag;Communication module, for sending M the first unit data bag and transaction request to server, hands over
Easily request includes: dealing money, wherein, each first unit data bag represents a kind of currency denomination in multiple currency denomination, M
The summation of the currency denomination representated by individual first unit data bag is equal to dealing money;Acquisition module, is used for receiving server and sends out
The N number of first unit data bag sent, wherein, 0 < N < M, M, N be integer;Security module, is additionally operable at N number of first unit data
The summation of the currency denomination representated by bag, equal in the case of dealing money, deletes M the first unit data bag of self storage,
And the N number of first unit data bag received is stored in the memory space of security module distribution.
Additionally, security module, it is additionally operable to, before obtaining M the first unit data bag of self storage, receive release
The triggering command of its memory space;Or, it is additionally operable to, before obtaining M the first unit data bag of self storage, detect
Total number of the first unit data bag that self is currently stored reaches default value.
Additionally, security module, it is additionally operable to M the first unit data bag is encrypted, obtains M the second unit data
Bag, and M the first unit data bag self stored with M the second unit data cladding lid;Communication module, is additionally operable to M
Second unit data bag sends to server;Security module, is additionally operable to delete M the first unit data bag of self storage, bag
Include: security module, be additionally operable to delete M the second unit data bag.
Additionally, the first unit data includes at least including: the first unit data, the first unit data at least includes: currency
Identification information, or, currency sequence number and currency denomination data;First unit data bag the most also includes one below: distribution is silver-colored
Line identifier and bank certificate sequence number.
Additionally, security module, it is additionally operable to M the first unit data bag is encrypted, including: security module, it is additionally operable to
Utilize the PKI of server at least to the first unit data in each first unit data bag in M the first unit data bag
It is encrypted.
Additionally, security module, it is additionally operable to M the first unit data bag is encrypted, including: security module utilizes symmetry
The first unit data in each first unit data bag in M the first unit data bag is at least encrypted by key;Peace
Full module, is additionally operable to, after being encrypted M the first unit data bag, delete symmetric key.
As seen from the above technical solution provided by the invention, the invention provides the transaction of a kind of electronic signature equipment
Method and electronic signature equipment.When electronic signature equipment uses the first unit data bag to be traded, owing to each first is single
Bit data bag all can take the certain memory space in the safety chip of electronic signature equipment, the therefore memory space of safety chip
May be occupied full, so that electronic signature equipment can not carry out follow-up transaction.Use the technical scheme that the present embodiment provides,
Total number of the first unit data bag currently stored in the triggering command receiving release memory space or safety chip
When reaching default value, the first unit data bag of M the little face amount that self stores can be sent to clothes by electronic signature equipment
Business device, to the first unit data bag of the identical N number of big face amount of server currency exchange face amount summation, thus, it is possible to make safety
Chip discharges M-N the memory space shared by the first unit data bag, thus ensures that electronic signature equipment has enough depositing
Storage space is to support that follow-up transaction can sequentially be carried out.Additionally, in use, electronic signature equipment can by by these
One unit data bag transmission to opposite end electronic signature equipment completes payment operation, and could be complete without being networked to background server
Become payment, so that electronic signature equipment has the function of off-line trading.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, required use in embodiment being described below
Accompanying drawing be briefly described, it should be apparent that, below describe in accompanying drawing be only some embodiments of the present invention, for this
From the point of view of the those of ordinary skill in field, on the premise of not paying creative work, it is also possible to obtain other according to these accompanying drawings
Accompanying drawing.
The flow chart of the method for commerce of the electronic signature equipment that Fig. 1 provides for the embodiment of the present invention 1;
The structural representation of the electronic signature equipment that Fig. 2 provides for the embodiment of the present invention 2.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on this
Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under not making creative work premise
Example, broadly falls into protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score,
Orientation or the position relationship of the instruction such as "front", "rear", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are
Based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or dark
The device or the element that show indication must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that right
The restriction of the present invention.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relatively
Importance or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " is installed ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be fixing connection, it is also possible to be to removably connect, or be integrally connected;Can
To be mechanical connection, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, Ke Yishi
The connection of two element internals.For the ordinary skill in the art, can understand that above-mentioned term is at this with concrete condition
Concrete meaning in invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
The flow chart of the method for commerce of a kind of electronic signature equipment that Fig. 1 provides for the present embodiment, the method shown in Fig. 1 is real
Execute example, comprise the following steps S11 to S13:
Step S11, electronic signature equipment obtains M the first unit data bag from its safety chip, by M the first unit
Packet and transaction request send to server, and transaction request at least includes: dealing money.
Wherein, each first unit data bag represents a kind of currency denomination in multiple currency denomination, M the first units
It is equal to dealing money according to the summation of the currency denomination representated by bag;
In the present embodiment, electronic signature equipment is to have the electronic equipment of signature function, such as, has signature function
Smart card (mass transit card, bank card, purchase card etc.), the U-shield etc. of industrial and commercial bank.At a kind of optional embodiment of the present embodiment
In, electronic signature equipment is provided with safety chip, has independent processor and memory element inside this safety chip, can deposit
Data are carried out encryption and decryption computing, provide the user data encryption by storage PKI digital certificate and key, and other characteristics
With identification safety authentication service, in the present embodiment, electronic signature equipment can by from server (as bank server or market are purchased
Thing supplements the third-party server such as server with money) or the first unit data bag of receiving from other electronic signature equipment be stored in
In safety chip, owing to the data in the memory element of safety chip can not illegally be read, thus can ensure that memory element
The safety of middle storage data.
In the present embodiment, each first unit data bag represents a kind of currency denomination in multiple currency denomination, such as,
Currency denomination representated by one unit data bag includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, certainly, if
Following country has issued new currency denomination or other regional, the national currency denominations in addition to making by RMB also
Belong to protection scope of the present invention, the present embodiment is only illustrated with RMB face amount.Currency denomination has multiple, when
When electronic signature equipment obtains multiple first unit data bag from its safety chip (during M > 1), multiple first unit datas
Bag can represent multiple different currency denomination, such as, as M=3, the number of the first unit data bag is 3,3 first
Unit data bag respectively representative money face amount 1 yuan, 2 yuan and 5 yuan;Or, multiple first unit data bags can represent identical
Currency denomination, such as, as M=3,3 the first unit data bag equal representative money face amounts 1 yuan;Again or, multiple first single
Currency denomination representated by bit data bag had both included the identical currency denomination also including differing, such as, as M=3,3
Individual first unit data bag respectively representative money face amount 1 yuan, 1 yuan and 2 yuan.Thus, electronic signature equipment is from its safety chip
The M of middle acquisition the currency denomination representated by the first unit data bag has compound mode flexibly.
In a kind of optional embodiment of the present embodiment, the first unit data bag at least includes the first unit data,
This first unit data at least includes: currency denomination data, or, currency sequence number and currency denomination data.Wherein, currency denomination
Data are the currency denomination representated by the first unit data bag, identify the currency face representated by the first unit data bag with this
Value, the unique serial number of each first unit data bag of currency serial number, the most different currency sequence numbers in the first unit data bag
It is different.Thereby, it is possible to ensure the uniqueness of each first unit data bag, in order to recognize the true of the first unit data bag
Pseudo-.As the optional embodiment of one, the first unit data bag the most also includes one below: the bank of issue identifies and bank
Certificate serial number.Wherein, the bank of issue is designated the identification information of the bank issuing this first unit data bag, thus can basis
This mark inquires the relevant information of the bank of issue of correspondence, and, electronic signature equipment can according to bank of issue's mark and
Bank certificate sequence number obtains the bank certificate of the corresponding bank of issue, includes the PKI of the bank of issue in bank certificate, in order to
In subsequent step, electronic signature equipment utilizes the PKI of the bank of issue that the signature of the first unit data completes checking.
In a kind of optional embodiment of the present embodiment, the first unit data bag of electronic signature equipment self storage is extremely
Also include less: the first signed data that the first unit data signature is obtained by the first unit data and server.As one
Optional embodiment, server (as bank server or market shopping supplement the third-party server such as server with money) utilizes self
Private key respectively the first unit data in each first unit data bag is signed, obtain and each first unit data
The first signed data that bag is corresponding.At least one is carried the first unit data bag of the first signed data and sends extremely by server
Electronic signature equipment, in the present embodiment, multiple first lists that the safety chip of electronic signature equipment sends at storage server
Before bit data bag, it is possible to use the verity of public key verifications the first unit data bag of server, after being verified, just deposit
Storage, therefore, in safety chip, the first unit data bag of storage is all true and safety.
In the another kind of optional embodiment of the present embodiment, electronic signature equipment is sent in the transaction request of server
Also include: the device identification of electronic signature equipment;First unit data bag of electronic signature equipment self storage at least includes: the
The second number of signature that the device identification signature of the first unit data and electronic signature equipment is obtained by one unit data, server
According to.As the optional embodiment of one, the private key of server by utilizing self is to the first unit data and electronic signature equipment
Device identification is signed, and obtains second signed data corresponding with the first unit data bag.At least one is carried by server
First unit data bag of two signed datas sends to electronic signature equipment, in order to electronic signature equipment is sent out receiving server
After the first unit data bag sent, to the second signed data sign test in the first unit data bag, if sign test is passed through, then this
One unit data bag is real, and this first unit data bag is destined to this electronic signature equipment.
Owing to the first unit data bag is stored in the safety chip of electronic signature equipment, and each first unit data bag
It is required for taking certain memory space, therefore, during the remaining memory space inadequate of safety chip, then cannot store new again
One unit data bag, so that electronic signature equipment cannot carry out follow-up transaction again.Therefore, in the present embodiment, in step S11
Before, the method can also include: electronic signature equipment receives the triggering command of the memory space discharging described safety chip,
Or, electronic signature equipment detects that total number of the first unit data bag currently stored in safety chip reaches present count
Value.As the optional embodiment of one, receive the storage sky of the release safety chip of user's input in electronic signature equipment
Between triggering command after, electronic signature equipment perform step S11.Wherein, user can input tactile by the mode such as keyboard, voice
Sending instructions, the triggering command of user's input can include dealing money, electronic signature equipment can random according to dealing money or
Person obtains M the first unit data bag according to default rule from its safety chip, representated by this M the first unit data bag
Currency denomination summation equal to dealing money, in this optional mode, the numerical value of M determines at random, but in order to discharge maximum
Space, electronic signature equipment can select M to be the representative currency denomination summation maximum equal to dealing money, such as, deposit
When 10 1 metadata bags and 25 metadata bags, electronic signature equipment selects 10 1 metadata bags, and M is equal to 10, needs
Bright, in this optional embodiment, no matter the currency denomination representated by the first unit data bag is the most identical, and each first
The size of the memory space shared by unit data bag is identical.As the optional embodiment of another kind, set in electronic signature
After the standby total number currently stored the first unit data bag of safety chip being detected reaches default value M, electronic signature equipment
Perform step S11.Wherein, this default value M can be that user sets, it is also possible to be when electronic signature equipment is dispatched from the factory in advance
Setting, electronic signature equipment obtains M the first unit data bag from its safety chip, and calculates M the first unit data
Currency denomination summation representated by bag, using this currency denomination summation as dealing money, electronic signature equipment is by M the first unit
Packet and dealing money send to server.Alternatively, the first unit data bag reaching default value takies safety chip
Half memory space, say, that when the half of the memory space of safety chip is occupied, step S11 will be triggered.
Thus, electronic signature equipment can when memory space inadequate, trigger release memory space step (S11-S13), by with
The packet-switching that server is carried out, reaches to discharge the purpose of memory space, thus ensures the safe core of electronic signature equipment
Sheet maintains enough memory spaces.
In a kind of optional embodiment of the present embodiment, electronic signature equipment can be with external equipment (such as PC or movement
Terminal etc.) set up connection, by this external equipment, M the first unit data bag and transaction request are sent to server.Or
Person, electronic signature equipment has wireline interface or wave point, sets up wired connection or wireless connections with server, directly by M
Individual first unit data bag and transaction request send to server.Wherein, radio connection can include bluetooth, NFC near field
The mode such as communication and WIFI.Thus, in the present embodiment, transaction request can be sent by electronic signature equipment in several ways
To server.As the optional embodiment of one, server includes bank server or third-party server, such as, the 3rd
Side's server can be the purchase card stored value server in certain market.
Step S12, electronic signature equipment receives N number of first unit data bag that server sends, wherein, 0 < N < M, M, N
It is integer.
In this step, same, each first unit data bag in N number of first unit data bag represents multiple currency
A kind of currency denomination in face amount, wherein, at least includes the first unit data in the first unit data bag, this first unit data
At least include: currency denomination data, or, currency sequence number and currency denomination data.Description for this first unit data has
Body is referred to the description in step S11, and here is omitted.As the optional embodiment of one, in N number of first packet
Each first unit data bag the most also include: the first unit data is signed the first signed data of obtaining by server.By
This, whether N number of first unit data bag that electronic signature equipment can receive by verifying the first signed data to determine is
Really, concrete verification mode may refer to electronic signature equipment in following steps S13 and verifies the first signed data
Mode.As the optional embodiment of another kind, each first unit data bag in N number of first unit data bag at least wraps
Include: the second signed data that the device identification signature of the first unit data and electronic signature equipment is obtained by server.Thus, electricity
Sub-signature device can determine by verifying the second signed data whether the N number of first unit data bag received is true
, and whether it being intended for this electronic signature equipment, concrete verification mode may refer to sign electronically in following steps S13
The mode that second signed data is verified by equipment.
In the present embodiment, each first unit data bag can take identical memory space (such as, each first unit
Packet takies the memory space of 1M).Electronic signature equipment sends number M of the first unit data bag to server more than clothes
Number N of the first unit data bag that business device receives, such as, electronic signature equipment obtains 100 currency faces from safety chip
Value is the first unit data bag of 2 yuan, and the currency denomination summation representated by these 100 the first unit data bags is 200 yuan, i.e. hands over
Easily the amount of money is 200 yuan, takies memory space 100M.Server is receiving the first unit data bag that electronic signature equipment sends
And after dealing money, according to dealing money, issue the first units of 2 representative money face amounts 100 to electronic signature equipment
According to bag (currency denomination summation is still 200, and take up room 2M).Thus, electronic signature equipment is keeping the feelings that currency denomination is constant
Under condition, 100 the first unit data bags are exchanged into 2 the first unit data bags, thus, the safety chip of electronic signature equipment
98M memory space, the memory space shared by i.e. 98 the first unit data bags can be discharged.
Step S13, the summation at the currency denomination representated by N number of first unit data bag is equal to the situation of dealing money
Under, electronic signature equipment deletes M the first unit data bag in safety chip, and N number of first unit data that will receive
Bag is stored in the memory space of safety chip distribution of electronic signature equipment.
In the present embodiment, the summation at the currency denomination representated by N number of first unit data bag is equal to the feelings of dealing money
Under condition, the first per-unit electronics monetary data that i.e. server sends wraps in the case of not losing in transmitting procedure, electronics label
Name equipment deletes M the first unit data bag in safety chip, and the N number of first unit data bag received is stored in electricity
In the memory space of the safety chip distribution of sub-signature device.Thus, electronic signature equipment can will complete releasing of memory space
Put.
In the present embodiment, in order to be further ensured that the first unit data bag of electronic signature equipment storage in step S13
Verity, as the optional embodiment of the one in the present embodiment, the N that the electronic signature equipment in step S13 will receive
Individual first unit data bag is stored in the memory space of safety chip distribution of electronic signature equipment, specifically includes: electronics label
First signed data is verified by name equipment, after being verified, and N number of first units that electronic signature equipment will receive
It is stored in the memory space of safety chip distribution of electronic signature equipment according to bag.Wherein, the first signed data is server pair
First unit data carries out signing and obtains, and accordingly, as the optional embodiment of one, server sends to electronic signature and sets
The first standby unit data bag the most also includes: the first signed data that the first unit data signature is obtained by server, thus
Make electronic signature equipment can verify the verity of the first unit data bag.As the optional embodiment of one, first signs
Name data are that the first unit data is signed the signed data obtained by the private key of server by utilizing self.Accordingly, electronics
Signature device carries out checking to the first signed data and specifically includes: electronic signature equipment utilizes the PKI of this server to sign first
Name data carry out sign test.As a example by server is as bank server, bank server carries out HASH computing to the first unit data
Obtain the summary message A1 of the first unit data, and utilize the private key of bank server self that this summary message A1 is signed
Computing obtains the first signed data, and carries and be issued to electronic signature equipment in the first unit data bag.Electronic signature equipment
The PKI that can utilize this bank server carries out sign test to the first signed data, and specifically, electronic signature equipment utilizes bank
The PKI of server carries out computing and obtains operation result A2 the first electronic signature data, and to the first unit data received
The first unit data in bag carries out HASH computing and obtains the summary message A3 of the first unit data, by operation result A2 and summary
Message A3 compares, if comparison result is consistent, then the first electronic signature data sign test is passed through by electronic signature equipment.Its
In, electronic signature equipment can identify according to the bank certificate sequence number in the first unit data bag and/or the bank of issue and obtain silver
The PKI of row, such as, electronic signature equipment can identify according to the bank of issue in the first unit data bag, from to be verified
Bank of issue's server that first signed data is corresponding obtains the bank certificate of this bank, and obtains this bank from bank certificate
PKI;The most such as, electronic signature equipment can prestore the bank certificate of each bank, according to the silver in the first unit data bag
Row certificate serial number obtains the bank certificate corresponding with the first signed data to be verified from each bank certificate prestored, and from
Corresponding bank certificate obtains the PKI of bank.Thus, electronic signature equipment utilizes the PKI of bank to the first unit data
The first signed data carried in bag carries out sign test, can verify the verity of the first unit data bag.Foregoing description is only with clothes
Business device is to illustrate as a example by bank server, but the present embodiment is not limited to bank server, and other third-party server are such as
Within the detailed description of the invention of supermarket shopping card stored value server etc. belongs to protection scope of the present invention.
Further, electronic signature equipment, on the premise of the first unit data bag guaranteeing to receive is true, still wants to again
The object that confirmed service device sends is this electronic signature equipment the most really, to avoid storing the packet that server is sent out, step by mistake
The N number of first unit data bag received is stored in the safety chip of electronic signature equipment by the electronic signature equipment in rapid S13
In the memory space of distribution, specifically include: the second signed data is verified by electronic signature equipment, after being verified, electricity
The storage of the safety chip distribution that the N number of first unit data bag received is stored in electronic signature equipment by sub-signature device is empty
In between.Wherein, the second signed data is that the device identification signature of the first unit data and electronic signature equipment is obtained by server
, therefore, in a kind of optional embodiment of the present embodiment, electronic signature equipment is sent in the transaction request of server also
Including: the device identification of electronic signature equipment;Each first unit data in N number of first unit data bag that server returns
Bag the most also includes: the second number of signature that the device identification signature of the first unit data and electronic signature equipment is obtained by server
According to, so that electronic signature equipment can verify verity and the correctness of the first unit data bag.Optional as one
Embodiment, the second signed data is that the private key of server by utilizing server self is to the first unit data and electronic signature equipment
Device identification carry out the signed data obtained of signing, say, that the signature object of each second signed data is each
The combination of the device identification of one unit data and electronic signature equipment.Accordingly, the second signed data is entered by electronic signature equipment
Row checking specifically includes: electronic signature equipment utilizes the PKI of server respectively each second signed data to be carried out sign test.With
As a example by server is bank server, bank server utilizes self private key to the first unit data and electronic signature equipment
Device identification carries out signature and obtains the second signed data, and carries and be issued to electronic signature equipment in the first unit data bag.
Electronic signature equipment can utilize the PKI of this bank server that the second signed data is carried out sign test.Wherein, electronic signature sets
The standby bank's card that can identify this bank of acquisition according to the bank certificate sequence number in the first unit data bag and/or the bank of issue
Book, and from bank certificate, obtain the PKI of this bank, such as, electronic signature equipment can be according to sending out in the first unit data
Row bank identifier, obtains the PKI of this bank from bank of issue's server corresponding with the second signed data to be verified;Example again
As, electronic signature equipment can prestore the bank certificate of each bank, according to the bank certificate sequence number in the first unit data bag
The bank certificate corresponding with the second signed data to be verified is obtained from each bank certificate prestored, and from corresponding bank
Certificate obtains the PKI of bank.Thus, electronic signature equipment utilizes the PKI of bank to carrying in the first unit data bag
Second signed data carries out sign test, is possible not only to verify the verity of the first unit data bag, it is also possible to prove the first units
It is strictly bank server according to bag and is handed down to this electronic signature equipment, i.e. verify the correctness of the first unit data bag.Above-mentioned
Describing and only illustrate as a example by server is as bank server, but the present embodiment is not limited to bank server, other are the 3rd years old
Within the detailed description of the invention of side's server such as supermarket shopping card stored value server etc. belongs to protection scope of the present invention.
During data are transmitted, it is possible that the situation of the first unit data packet loss, when the first unit data
Wrap in transmitting procedure and lose, then the currency denomination representated by N number of first unit data bag that electronic signature equipment receives
Summation less than described dealing money.In a kind of optional embodiment of the present embodiment, representated by N number of first unit data bag
The summation of currency denomination be not equal to dealing money (i.e. more than or less than dealing money) in the case of, the method can also be wrapped
Include: electronic signature equipment deletes M the first unit data bag in safety chip, and N number of first unit data that will receive
Bag is stored in the memory space of safety chip distribution of electronic signature equipment;Electronic signature equipment sends to retransmit to server and asks
Ask;Electronic signature equipment receives the retransmission of information that server sends according to the request of repeating transmission, and retransmission of information includes: the X of repeating transmission the
One unit data bag, wherein, the summation of X the currency denomination representated by the first unit data bag is equal to dealing money, or, X
The summation of the currency denomination representated by individual first unit data bag is plus the currency denomination representated by N number of first unit data bag
Summation is equal to dealing money;The X received a first unit data bag is stored in electronic signature equipment by electronic signature equipment
In the memory space of safety chip distribution.Specifically, in electronic signature equipment after server sends the request of repeating transmission, electronic signature
Equipment can receive the retransmission of information that server returns, and the content according to the request of retransmitting is different, the retransmission of information that server returns
Also can be different, such as, retransmit in request and can carry the device identification of electronic signature equipment, transaction record (such as every transaction
Numbering, accounts information, timestamp, dealing money and the number of the first unit data bag received and representative currency
Face amount etc., these server sides also can corresponding record), in order to corresponding a certain of server lookup to this electronic signature equipment
Transaction, the first unit data bag that all this transaction of repeating transmission is corresponding, to electronic signature equipment, the most such as, is retransmitted in request and is gone back
The package identification that can carry the first unit data bag received (can uniquely identify the mark of a first unit data bag
Know, if server is that each first the unique of unit data bag configuration identifies, or currency sequence number), server receives these
After package identification, can inquire and Lou send out or transmitting procedure lost which the first unit data bag, these leakages are sent out
Or the first unit data bag lost in transmitting procedure sends to electronic signature equipment.Below the first unit electricity is retransmitted with regard to server
Subdata bag is illustrative:
Such as, as the optional embodiment of one, electronic signature equipment receives what server sent according to the request of repeating transmission
Retransmission of information, wherein, at least includes in this repeating transmission request: the device identification of electronic signature equipment and transaction record, retransmits letter
Breath includes X the first unit data bag, and the summation of X the currency denomination representated by the first unit data bag is equal to dealing money,
I.e. in this optional embodiment, server has retransmitted, to electronic signature equipment, whole first unitss that a transaction is corresponding
According to bag, in the present embodiment, server, when being traded with per-unit electronics signature device, also can store each transaction corresponding
Transaction record (the first unit data bag such as numbering, accounts information, timestamp, dealing money and the transmission of every transaction
Number and representative currency denomination etc.) and the device identification of electronic signature equipment, according to device identification and friendship
Easily record can inquire a certain transaction that this electronic signature equipment is corresponding, and in this optional embodiment, server can be by
First unit data bag of this transaction of the electronic signature equipment request repeat inquired all is retransmitted to electronic signature equipment,
To ensure that electronic signature equipment receives the first complete unit data bag, server is errorless (i.e. with the transaction of electronic signature equipment
Space release operation is errorless).In this optional embodiment, electronic signature equipment receives X first that server is retransmitted
After unit data bag, it is judged that whether each first unit data bag in this X the first unit data bag exists and store before
Identical the first unit data bag of N number of first unit data bag, specifically, electronic signature equipment is by X the first unit data
Each first unit data bag that first the first unit data bag a in bag stores with self successively compares, if from
There is the first unit data bag identical for unit data bag a with first in the first unit data bag of body storage, then skip this
One unit data bag a, or the first unit data bag identical for unit data bag a with first stored before is deleted, again
Store this first unit data bag a;After completing the judgement to first the first unit data bag a, electronic signature equipment continues
It is continuous one by one to second the first unit data bag b, the 3rd the first unit data bag c in X the first unit data bag ...
Last first unit data bag x judges.Thus, X first list that server can be retransmitted by electronic signature equipment
Bit data bag is stored in the memory space of its safety chip distribution.
For example, for the transaction of a numbered 1*******, the transaction in the transaction request of electronic signature equipment
The amount of money is 10 yuan, and electronic signature equipment receives 2 the first unit data bags representing 5 yuan of currency denominations respectively that server sends
(2 the first unit data bags are respectively packet a and packet b), but due to loss of data in transmitting procedure, electronic signature sets
Standby only receive 1 the first unit data bag representing 5 yuan of currency denominations (receiving only packet a), currency denomination summation is 5
Unit, unequal with dealing money 10 yuan.For this transaction, packet a is stored by electronic signature equipment, and sends to server
Retransmitting request, and receive the retransmission of information that server sends according to the request of repeating transmission, this repeating transmission request includes: electronic signature equipment
Device identification and transaction record, server receive this repeating transmission request after, can according to device identification and transaction note
Record inquires this transaction that this electronic signature equipment is corresponding, and server can be by the electronic signature equipment request repeat that inquires
First unit data bag of this transaction is all retransmitted and is sent to being somebody's turn to do of electronic signature equipment to electronic signature equipment, i.e. server
Retransmission of information includes packet a and packet b.Electronic signature equipment judges the packet a in the first unit data bag retransmitted
Identical with the packet a stored before, then skip packet a, the packet b that only storage is retransmitted, or, the number that will store before
Delete according to bag a, again storage packet a and packet b.Thus, needed for electronic signature equipment is not received by a transaction
Whole first unit data bag time, server can be by the whole first unit data packet retransmissions needed for this transaction to electronics
Signature device, so that transaction can smoothly complete.
The most such as, as the optional embodiment of one, electronic signature equipment is after sending, to server, the request of repeating transmission, electric
Sub-signature device receives the retransmission of information that server sends according to the request of repeating transmission, wherein, at least includes: electronics in this repeating transmission request
The device identification of signature device, transaction record and the package identification of each the first unit data bag received, retransmit letter
Breath includes X the first unit data bag, and the summation of this X the currency denomination representated by the first unit data bag is plus connecing before
The summation of the currency denomination representated by N number of first unit data bag received is equal to dealing money, i.e. this X the first unit data
The first unit data bag that bag does not receives for electronic signature equipment, in this optional embodiment, server is to electronics label
Name equipment has retransmitted in a transaction the first unit data bag that is that leakage is sent out or that lose in transmitting procedure, according to device identification and
Transaction record can inquire a certain transaction that this electronic signature equipment is corresponding, this electronic signature that server can will inquire
Those first unit data packet retransmissions that in this transaction that device request is retransmitted, the package identification that do not inquires is corresponding to
Electronic signature equipment, to ensure that electronic signature equipment receives the first complete unit data bag, server and electronic signature equipment
Transaction errorless (i.e. space release operation errorless).Compared with the optional embodiment in a upper example, this optional embodiment can
To reduce the volume of transmitted data of server, it is substantially reduced the workload of server, improves the work efficiency that server is retransmitted.
For example, for the transaction of a numbered 1*******, the transaction in the transaction request of electronic signature equipment
The amount of money is 15 yuan, and electronic signature equipment receives 1 the first unit data bag (number representing 5 yuan of currency denominations that server sends
According to bag c), and 1 the first unit data bag representing 10 yuan of currency denominations (packet d), but due to data in transmitting procedure
Losing, electronic signature equipment only receives packet c, and currency denomination summation is 5 yuan, unequal with dealing money 15 yuan.For
This transaction, electronic signature equipment sends, to server, the request of repeating transmission, and receives the repeating transmission that server sends according to the request of repeating transmission
Information, also carries the package identification of packet c in the request of retransmitting, after server receives this repeating transmission request, for this
This transaction of electronic signature equipment can inquire all first unit data bags of its correspondence, just it appeared that retransmit request
In there is no the package identification of packet d, packet d can be retransmitted to electronic signature equipment by server.Electronic signature equipment
The packet d that server is retransmitted is stored in safety chip.In the present embodiment, the weight that electronic signature equipment sends to server
Sending out the package identification of part the first unit data bag that can include being received in request, server can be according to weight
The package identification sent out in request determines the first unit data bag needing in retransmission of information to carry.Thus, electronic signature is worked as
When equipment is not received by the whole first unit data bag needed for a transaction, server can be by unreceived part first
Unit data packet retransmission, to electronic signature equipment, not only reduces the transmission quantity of retransmission data, also ensure that transaction can be smooth
Complete.
Below it is all to illustrate as a example by the embodiment of a transaction, in the present embodiment, for many transactions
In every transaction can realize in the manner described above.
In the present embodiment, in order to prevent electronic signature equipment from illegally re-using same first unit data bag, cause
The confusion of electronic banking circulation, it is ensured that same first unit data wraps in the uniqueness in process of exchange, electronics in step S11
M the first unit data bag is sent to server by signature device, specifically includes: electronic signature equipment is to M the first units
It is encrypted according to bag, obtains M the second unit data bag, and be coated with the M of storage in lid safety chip with M the second unit data
Individual first unit data bag, sends M the second unit data bag to server;In step S13, electronic signature equipment deletes peace
M the first unit data bag in full chip, specifically includes: electronic signature equipment deletes M the second unit in safety chip
Packet.In the present embodiment, the cryptographic operation that M the first unit data bag is carried out by electronic signature equipment is irreversible operation,
That is, electronic signature equipment can be encrypted the first unit data bag and obtained the second unit data bag, but can not be from the second unit data
Bag deciphering obtains the first unit data bag, therefore, when the M obtained a second unit data bag covers M first list of correspondence
During bit data bag, electronic signature equipment only stores the second unit data bag of encryption, owing to it can not be to the second unit
Packet is deciphered, so the first unit data bag cannot be recovered, also cannot repeat these the first unit data bags of use,
Thus prevent the user holding electronic signature equipment from reusing these the first unit data bags and consume, cause the first unit
Packet circulation confusion.
Specifically, as the optional embodiment of one, M the first unit data bag is added by electronic signature equipment
Close, specifically include: electronic signature equipment utilizes the PKI of server at least to each first list in M the first unit data bag
The first unit data in bit data bag is encrypted.As the optional embodiment of another kind, electronic signature equipment is to M the
One unit data bag is encrypted, and specifically includes: electronic signature equipment utilizes symmetric key at least to M the first unit data bag
In each first unit data bag in the first unit data be encrypted;In electronic signature equipment to M the first units
After being encrypted according to bag, the method also includes: delete this symmetric key.
Embodiment optional for latter, symmetric key can be consulted to obtain by electronic signature equipment and server.
Alternatively, symmetric key can be the XOR factor associated with server.Electronic signature equipment utilizes symmetric key at least to M
The first unit data in each first unit data bag in first unit data bag is encrypted, and specifically includes: electronics label
The name equipment utilization XOR factor is at least to the first units in each first unit data bag in M the first unit data bag
According to carrying out XOR.XOR falls within a kind of symmetric encryption operation mode, but compares the side of other symmetric encryption operation
Formula, the speed of XOR, thus, it is possible to improve electronic signature equipment the first unit data bag is encrypted generation the
The efficiency of two unit data bags.
In a kind of optional embodiment of the present embodiment, after step s 11, before step S12, the method can also be wrapped
Include: electronic signature equipment receives the repeating transmission request that server sends;M the second unit data bag is sent out by electronic signature equipment again
Deliver to server, or, the second list that server is not received by the request of retransmitting that electronic signature equipment sends according to server
Bit data bag sends to server.Specifically, server receive electronic signature equipment send the second unit data bag and
After transaction request, calculate the currency denomination summation representated by the second unit data bag that receives whether with the friendship in transaction request
Easily the amount of money is equal, if this currency denomination summation is less than dealing money, then illustrates there is the second unit data bag in transmitting procedure
Losing, now, repeating transmission request is sent to electronic signature equipment by server.Thus, electronic signature equipment can be by retransmitting the
Two unit data bags ensure that server receives whole second packets sent.
In the present embodiment, at least by using the PKI of symmetric key or server, the first unit data bag can be entered
The mode of row encryption, prevents electronic signature equipment from illegally re-using same first unit data bag, causes the first unit
The confusion of packet circulation, it is ensured that same first unit data wraps in the uniqueness in process of exchange.Certainly the present embodiment is also
It is not excluded for other embodiments, as long as identical technique effect can be reached.In use, electronic signature equipment can be led to
Cross and these the first unit data bags are sent to opposite end electronic signature equipment to complete payment operation, and without being networked to backstage clothes
Business device just can complete payment, so that electronic signature equipment has the function of off-line trading.Furthermore, it is necessary to explanation, this reality
Execute the first unit data bag in example to can be understood as including: clear-text way and two kinds of packets of encrypted test mode, the second units
Can be understood as the one of the first unit data bag, the packet after the i.e. first unit data packet encryption according to bag, be i.e. the first list
The ciphertext form of bit data bag.Additionally, the second unit data bag is ciphertext, it is ensured that the safety of transmission data, even and if quilt
Other equipment is intercepted and captured, it is also difficult to crack, and further increases the safety that the first unit data packet stream is logical.
When electronic signature equipment uses the first unit data bag to be traded, owing to each first unit data bag can
Taking the certain memory space in the safety chip of electronic signature equipment, therefore the memory space of safety chip may be occupied
It is full, so that electronic signature equipment can not carry out follow-up transaction.The technical scheme using the present embodiment to provide, releases receiving
The total number putting the first unit data bag currently stored in the triggering command of memory space or safety chip reaches present count
During value, the first unit data bag of M the little face amount that self stores can be sent to server, to service by electronic signature equipment
First unit data bag of the N number of big face amount that device currency exchange face amount summation is identical, thus, it is possible to make safety chip discharge M-
Memory space shared by N number of first unit data bag, thus ensure that electronic signature equipment has enough memory spaces to support
Follow-up transaction can sequentially be carried out.
Embodiment 2
The structural representation of a kind of electronic signature equipment that Fig. 2 provides for the present embodiment, carries the present embodiment in conjunction with Fig. 2
The structure of the electronic signature equipment of confession is described in detail.
Present embodiments providing a kind of electronic signature equipment 2, this electronic signature equipment 2 includes: security module 21, is used for obtaining
Take from M the first unit data bag of body storage;Communication module 22, for by M the first unit data bag and transaction request
Sending to server, transaction request includes: dealing money, and wherein, each first unit data bag represents in multiple currency denomination
A kind of currency denomination, the summation of M currency denomination representated by the first unit data bag is equal to dealing money;Acquisition module
23, for receive server send N number of first unit data bag, wherein, 0 < N < M, M, N be integer;Security module 21, also
In the case of the summation at the currency denomination representated by N number of first unit data bag is equal to dealing money, deletes self and deposit
M the first unit data bag of storage, and the N number of first unit data bag received is stored in the storage of this security module distribution
In space.
In the present embodiment, when electronic signature equipment 2 uses the first unit data bag to be traded, owing to each first is single
Bit data bag all can take the certain memory space in the security module 21 of electronic signature equipment 2, therefore the depositing of security module 21
Storage space may be occupied full, so that electronic signature equipment 2 can not carry out follow-up transaction.Use the electricity that the present embodiment provides
Sub-signature device 2, this electronic signature equipment 2 is currently deposited in the triggering command receiving release memory space or safety chip
When total number of the first unit data bag of storage reaches default value, can be by the first unit of M little face amount of self storage
Packet is sent to server, to the first unit data bag of the identical N number of big face amount of server currency exchange face amount summation, by
This, can make safety chip discharge M-N the memory space shared by the first unit data bag.
In the present embodiment, security module 21, for obtaining M the first unit data bag of self storage, wherein, Mei Ge
One unit data bag represents a kind of currency denomination in multiple currency denomination, M the currency face representated by the first unit data bag
Equal to dealing money wherein, each first unit data bag represents a kind of currency denomination in multiple currency denomination, M to the summation of value
The summation of the currency denomination representated by individual first unit data bag is equal to dealing money.
In the present embodiment, electronic signature equipment 2 is the electronic equipment with signature function, such as, has signature function
Smart card (mass transit card, bank card, purchase card etc.), the U-shield etc. of industrial and commercial bank.At a kind of optional embodiment of the present embodiment
In, security module 21 can use safety chip, has independent processor and memory element, can store inside this safety chip
Data are carried out encryption and decryption computing by PKI digital certificate and key, and other characteristics, provide the user data encryption and
Identification safety authentication service, in the present embodiment, electronic signature equipment 2 can by from server (as bank server or market are purchased
Thing supplements the third-party server such as server with money) or from other electronic signature equipment 2 receive first unit data bag storage
In safety chip, owing to the data in the memory element of safety chip can not illegally be read, thus can ensure that storage is single
Unit stores the safety of data.
In the present embodiment, each first unit data bag represents a kind of currency denomination in multiple currency denomination, such as,
Currency denomination representated by one unit data bag includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, certainly, if
Following country has issued new currency denomination or other regional, the national currency denominations in addition to making by RMB also
Belong to protection scope of the present invention, the present embodiment is only illustrated with RMB face amount.It is to say, currency denomination is altogether
Have multiple, when security module 21 obtains multiple first unit data bag from the memory space of self (during M > 1), Duo Ge
One unit data bag can represent multiple different currency denomination, such as, as M=3, the number of the first unit data bag is 3
Individual, 3 the first unit data bag respectively representative money face amounts 1 yuan, 2 yuan and 5 yuan;Or, multiple first unit data bags can
To represent identical currency denomination, such as, as M=3,3 the first unit data bag equal representative money face amounts 1 yuan;Again or,
Currency denomination representated by multiple first unit data bags both included the identical currency denomination also including differing, such as,
As M=3,3 the first unit data bag respectively representative money face amounts 1 yuan, 1 yuan and 2 yuan.Thus, electronic signature equipment 2 from
M the currency denomination representated by the first unit data bag obtained in its safety chip has compound mode flexibly.
In a kind of optional embodiment of the present embodiment, the first unit data bag at least includes the first unit data,
This first unit data at least includes: currency denomination data, or, currency sequence number and currency denomination data.Wherein, currency denomination
Data are the currency denomination representated by the first unit data bag, identify the currency face representated by the first unit data bag with this
Value, the unique serial number of each first unit data bag of currency serial number, the most different currency sequence numbers in the first unit data bag
It is different.Thereby, it is possible to ensure the uniqueness of each first unit data bag, in order to recognize the true of the first unit data bag
Pseudo-.As the optional embodiment of one, the first unit data bag the most also includes one below: the bank of issue identifies and bank
Certificate serial number.Wherein, the bank of issue is designated the identification information of the bank issuing this first unit data bag, thus can basis
This mark inquires the relevant information of the bank of issue of correspondence, and, electronic signature equipment 2 can according to bank of issue's mark and
Bank certificate sequence number obtains the bank certificate of the corresponding bank of issue, includes the PKI of the bank of issue in bank certificate, in order to
In subsequent step, the security module 21 in electronic signature equipment 2 utilizes the PKI of the bank of issue signature to the first unit data
Complete checking.
In a kind of optional embodiment of the present embodiment, the first unit data bag of security module 21 self storage is at least
Also include: the first signed data that the first unit data signature is obtained by the first unit data and server.Can as one
The embodiment of choosing, server (as bank server or market shopping supplement the third-party server such as server with money) utilizes self
The first unit data in each first unit data bag is signed by private key respectively, obtains and each first unit data bag
The first corresponding signed data.At least one is carried the first unit data bag of the first signed data and sends to electricity by server
Sub-signature device 2, in the present embodiment, security module 21, can before multiple first unit data bags that storage server sends
To utilize the verity of public key verifications the first unit data bag of server, after being verified, just storage, therefore, safe mould
In block 21, the first unit data bag of storage is true and safety.
In the another kind of optional embodiment of the present embodiment, communication module 22 is sent in the transaction request of server also
Including: the device identification of electronic signature equipment 2;Each first unit data bag of security module 21 self storage at least includes:
The second signature that the device identification signature of the first unit data and electronic signature equipment 2 is obtained by the first unit data, server
Data.As the optional embodiment of one, the private key of server by utilizing self is to the first unit data and electronic signature equipment 2
Device identification signature, obtain second signed data corresponding with each first unit data bag.At least one is taken by server
The first unit data bag with the second signed data sends to electronic signature equipment 2, in order to receiving what server sent
After first unit data bag, security module 21 can to the second signed data sign test in the first unit data bag, if sign test
Pass through, then this first unit data bag is real, and this first unit data bag is destined to this electronic signature equipment.
Owing to the first unit data bag is stored in the memory space of security module 21, and each first unit data bag
Need to take certain memory space, therefore, during security module 21 remaining memory space inadequate, then cannot store new again
One unit data bag, so that electronic signature equipment 2 cannot carry out follow-up transaction again.Therefore, in the present embodiment, security module
21, it is additionally operable to, before obtaining M the first unit data bag of self storage, receive the memory space of release security module 21
Triggering command;Or, it is additionally operable to, before obtaining M the first unit data bag of self storage, detect and self currently deposit
Total number of the first unit data bag of storage reaches default value.As the optional embodiment of one, electronic signature equipment 2 is also
Including interactive module 24, interactive module 24 is for receiving the triggering command of the release memory space of user's input.Wherein, Yong Huke
To input triggering command by the mode such as keyboard, language, the triggering command of user's input can include dealing money, security module
21 M the first unit data bags that at random or can store by the Rule self preset according to dealing money, this M individual first
Currency denomination summation representated by unit data bag is equal to dealing money, and in this optional mode, the numerical value of M determines at random,
But in order to discharge the space of maximum, security module 21 can select M to be that representative currency denomination summation is equal to dealing money
Maximum, such as, when there is 10 1 metadata bags and 25 metadata bags, security module 21 selects 10 1 metadata bags, M etc.
In 10, it should be noted that in this optional embodiment, the no matter whether phase of the currency denomination representated by the first unit data bag
With, the size of the memory space shared by each first unit data bag is identical.As the optional embodiment of another kind, peace
After full module 21 detects that total number of self the first currently stored unit data bag reaches default value M, perform to obtain M
The operation of the first unit data bag.Wherein, this default value M can be that user sets, it is also possible to is in electronic signature equipment 2
When dispatching from the factory set in advance, security module 21 obtains M the first unit data bag, and calculates this M the first unit data bag institute
The currency denomination summation represented, using this currency denomination summation as dealing money, by communication module 22 by M the first unit data
Bag and dealing money send to server.Alternatively, the first unit data bag reaching default value takies security module 21
Half memory space, say, that when the half of the memory space of security module 21 is occupied, electronic signature will be triggered
Equipment 2 discharges the operation of memory space.Thus, electronic signature equipment 2 can be when memory space inadequate, by entering with server
The packet-switching of row, reaches to discharge the purpose of memory space, thus it is empty to ensure that security module 21 maintains enough storages
Between.
Communication module 22, for sending M the first unit data bag and transaction request to server, transaction request bag
Include: dealing money.
In the present embodiment, same, each first unit data bag in N number of first unit data bag represents multiple currency
A kind of currency denomination in face amount, wherein, at least includes the first unit data in the first unit data bag, this first unit data
At least include: currency denomination data, or, currency sequence number and currency denomination data.Description for this first unit data has
Body may refer to mentioned above, does not repeats them here.As the optional embodiment of one, each in N number of first packet
First unit data bag the most also includes: the first signed data that the first unit data signature is obtained by server.Thus, safety
Module 21 can determine by verifying the first signed data whether the N number of first unit data bag received is real, tool
The verification mode of body may refer to the mode hereinafter verified the first signed data.As the optional embodiment party of another kind
Formula, each first unit data bag in N number of first unit data bag at least includes: server is to the first unit data and electronics
The second signed data that the device identification signature of signature device obtains.Thus, security module 21 can be by checking the second signature
Data determine whether the N number of first unit data bag received is real, and whether are intended for this electronic signature equipment
, concrete verification mode may refer to the mode hereinafter verified the second signed data.
In a kind of optional embodiment of the present embodiment, communication module 22 can with external equipment (such as PC or mobile eventually
End etc.) set up connection, by this external equipment, M the first unit data bag and transaction request are sent to server.Or,
Communication module 22 has wireline interface or wave point, sets up wired connection or wireless connections with server, directly by M first
Unit data bag and transaction request send to server.Wherein, radio connection can include bluetooth, NFC with
And the mode such as WIFI.Thus, in the present embodiment, transaction request can be sent to server by communication module 22 in several ways.
As the optional embodiment of one, server includes bank server or third-party server, and such as, third-party server can
To be the purchase card stored value server in certain market.
Acquisition module 23, for receive server send N number of first unit data bag, wherein, 0 < N < M, M, N be whole
Number.
In the present embodiment, each first unit data bag can take identical memory space (such as, each first unit
Packet takies the memory space of 1M).Communication module 22 sends number M of the first unit data bag to server more than obtaining
Number N of the first unit data bag that module 23 receives from server, such as, security module 21 obtains from self memory space
100 currency denominations are the first unit data bag of 2 yuan, the currency denomination summation representated by these 100 the first unit data bags
Be 200 yuan, i.e. dealing money is 200 yuan, takies memory space 100M.Server is receiving the first of communication module 22 transmission
After unit data bag and dealing money, according to dealing money, issue 2 representative money face amounts 100 to electronic signature equipment 2
First unit data bag (currency denomination summation is still 200, and take up room 2M).Thus, electronic signature equipment 2 is keeping currency face
Be worth constant in the case of, 100 the first unit data bags are exchanged into 2 the first unit data bags, thus, security module 21 can
Memory space to discharge 98M memory space, shared by i.e. 98 the first unit data bags.
Security module 21, is additionally operable to the summation at the currency denomination representated by N number of first unit data bag and is equal to described friendship
Easily in the case of the amount of money, delete M the first unit data bag of self storage, and the N number of first unit data bag that will receive
It is stored in its memory space.
In the present embodiment, the summation at the currency denomination representated by N number of first unit data bag is equal to the feelings of dealing money
Under condition, the first per-unit electronics monetary data that i.e. server sends wraps in the case of not losing in transmitting procedure, safe mould
Block 21 deletes M the first unit data bag of self storage, and is stored in by the N number of first unit data bag received and deposits at it
In storage space.Thus, electronic signature equipment 2 can complete the release of memory space.
In the present embodiment, in order to be further ensured that the verity of the first unit data bag that security module 21 stores, make
For the optional embodiment of the one in the present embodiment, security module 21, for the N number of first unit data bag storage that will receive
In its memory space, specifically include: security module 21, for the first signed data is verified, and after being verified,
The N number of first unit data bag received is stored in its memory space.Wherein, the first signed data is that server is to first
Unit data carries out signing and obtains, and accordingly, as the optional embodiment of one, server sends to electronic signature equipment
First unit data bag the most also includes: the first signed data that the first unit data signature is obtained by server, so that
Security module 21 can verify the verity of the first unit data bag.As the optional embodiment of one, the first signed data
First unit data signed the signed data obtained for the private key of server by utilizing self.Accordingly, security module 21,
For the first signed data is verified, specifically include: security module 21, for utilizing the PKI of this server to sign first
Name data carry out sign test.As a example by server is as bank server, bank server carries out HASH computing to the first unit data
Obtain the summary message A1 of the first unit data, and utilize the private key of bank server self that this summary message A1 is signed
Computing obtains the first signed data, and carries and be issued to electronic signature equipment 2 in the first unit data bag.Security module 21 can
To utilize the PKI of this bank server that the first signed data is carried out sign test, specifically, security module 21 utilizes bank service
The PKI of device carries out computing and obtains operation result A2 the first electronic signature data, and in the first unit data bag received
The first unit data carry out HASH computing and obtain the summary message A3 of the first unit data, by operation result A2 and summary message
A3 compares, if comparison result is consistent, then the first electronic signature data sign test is passed through by security module 21.Wherein, safety
Module 21 can identify the PKI obtaining bank according to the bank certificate sequence number in the first unit data bag and/or the bank of issue,
Such as, security module 21 can according in the first unit data bag the bank of issue identify, from the first number of signature to be verified
Obtain the bank certificate of this bank according to corresponding bank of issue's server, and from bank certificate, obtain the PKI of this bank;Again
Such as, security module 21 can prestore the bank certificate of each bank, according to the bank certificate sequence number in the first unit data bag
The bank certificate corresponding with the first signed data to be verified is obtained from each bank certificate prestored, and from corresponding bank
Certificate obtains the PKI of bank.Thus, security module 21 utilizes the PKI of bank to carrying in the first unit data bag
One signed data carries out sign test, can verify the verity of the first unit data bag.Foregoing description only takes with server for bank
Illustrating as a example by business device, but the present embodiment is not limited to bank server, other third-party server such as supermarket shopping card stores up
Within the detailed description of the invention of value server etc. belongs to protection scope of the present invention.
Further, electronic signature equipment 2, on the premise of the first unit data bag guaranteeing to receive is true, still wants to again
The object that confirmed service device sends is this electronic signature equipment 2 the most really, to avoid storing the packet that server is sent out, peace by mistake
Full module 21, for being stored in its memory space by the N number of first unit data bag received, specifically includes: security module
21, for the second signed data is verified, after being verified, the N number of first unit data bag received is stored in
In its memory space.Wherein, the second signed data is that server is to the first unit data and the device identification of electronic signature equipment 2
Signature obtains, and therefore, in a kind of optional embodiment of the present embodiment, electronic signature equipment 2 is by communication module 22
Give in the transaction request of server and also include: the device identification of electronic signature equipment 2;N number of first unit that server returns
Each first unit data bag in packet the most also includes: the first unit data, server are to the first unit data and electricity
The second signed data that the device identification signature of sub-signature device 2 obtains, so that security module 21 can verify that first is single
The verity of bit data bag and correctness.As the optional embodiment of one, the second signed data is server by utilizing service
The device identification of the first unit data and electronic signature equipment 2 is signed the signed data obtained by the private key of device self, also
That is, the signature object of each second signed data is each first unit data and the device identification of electronic signature equipment 2
Combination.Accordingly, security module 21, for the second signed data is verified, specifically include: security module 21, be used for
The PKI utilizing server carries out sign test to each second signed data respectively.As a example by server is as bank server, bank
The private key of server by utilizing self carries out signature to the device identification of the first unit data and electronic signature equipment 2 and obtains the second label
Name data, and carry and be issued to electronic signature equipment 2 in the first unit data bag.Security module 21 can utilize this bank to take
The PKI of business device carries out sign test to the second signed data.Wherein, security module 21 can be according to the silver in the first unit data bag
Row certificate serial number and/or bank of issue's mark obtain the bank certificate of this bank, and obtain the public affairs of this bank from bank certificate
Key, such as, security module 21 can identify according to the bank of issue in the first unit data, by acquisition module 23 from to be tested
Bank of issue's server corresponding to the second signed data of card obtains the PKI of this bank;The most such as, security module 21 can be pre-
Deposit the bank certificate of each bank, according to the bank certificate sequence number in the first unit data bag from each bank certificate prestored
Obtain the bank certificate corresponding with the second signed data to be verified, and from corresponding bank certificate, obtain the PKI of bank.
Thus, security module 21 utilizes the PKI of bank the second signed data carried in the first unit data bag to be carried out sign test, no
Only can verify the verity of the first unit data bag, it is also possible to prove that the first unit data bag strictly bank server issues
To this electronic signature equipment 2, i.e. verify the correctness of the first unit data bag.Foregoing description is only with server as bank service
Illustrate as a example by device, but the present embodiment is not limited to bank server, other third-party server such as supermarket shopping card Stored Value
Within the detailed description of the invention of server etc. belongs to protection scope of the present invention.
During data are transmitted, it is possible that the situation of the first unit data packet loss, when the first unit data
Wrap in transmitting procedure and lose, then the currency denomination representated by N number of first unit data bag that acquisition module 23 receives
Summation is less than described dealing money.In a kind of optional embodiment of the present embodiment, security module 21, it is additionally operable to N number of first
In the case of the summation of the currency denomination representated by unit data bag is not equal to dealing money (i.e. more than or less than dealing money),
Delete M the first unit data bag of self storage, and the N number of first unit data bag received is stored in its memory space
In;Communication module 22, is additionally operable to send, to server, the request of repeating transmission;Acquisition module 23, is additionally operable to receive server according to repeating transmission
The retransmission of information that request sends, retransmission of information includes: the X of repeating transmission the first unit data bag, wherein, X the first unit data
The summation of the currency denomination representated by bag is equal to dealing money, or, X the currency denomination representated by the first unit data bag
Summation is equal to dealing money plus the summation of the currency denomination representated by N number of first unit data bag;Security module 21, is additionally operable to
The X received a first unit data bag is stored in its memory space.Specifically, send to server in communication module 22
After retransmitting request, acquisition module 23 can receive the retransmission of information that server returns, and the content according to the request of retransmitting is different, service
The retransmission of information that device returns also can be different, such as, retransmit in request and can carry the device identification of electronic signature equipment 2, transaction
Record (as the numbering of every transaction, accounts information, timestamp, dealing money and the first unit data bag of receiving
Several and representative currency denomination etc., these server sides also can corresponding record), in order to server lookup is to this electronics
The a certain transaction of signature device 2 correspondence, all retransmits the first unit data bag corresponding to this transaction to electronic signature equipment
2, the most such as, the package identification that can also carry the first unit data bag received in repeating transmission request (can uniquely identify
The mark of one the first unit data bag, if server is that each first the unique of unit data bag configuration identifies, or currency
Sequence number), after server receives these package identifications, can inquire and Lou send out or transmitting procedure lost which the first list
Bit data bag, the first unit data bag that is that these leakages sent out or that lose in transmitting procedure sends to electronic signature equipment 2.Below
First per-unit electronics packet is retransmitted with regard to server illustrative:
Such as, as the optional embodiment of one, acquisition module 23, it is additionally operable to receive server and sends out according to the request of repeating transmission
The retransmission of information sent, wherein, at least includes in this repeating transmission request: the device identification of electronic signature equipment 2 and transaction record, weight
Photos and sending messages includes X the first unit data bag, and the summation of X the currency denomination representated by the first unit data bag is equal to trade gold
Volume, i.e. in this optional embodiment, server has retransmitted, to electronic signature equipment 2, whole first lists that a transaction is corresponding
Bit data bag, in the present embodiment, server, when being traded with per-unit electronics signature device 2, also can store each friendship
The most corresponding transaction record (the first unit such as numbering, accounts information, timestamp, dealing money and the transmission of every transaction
The number of packet and representative currency denomination etc.) and the device identification of electronic signature equipment 2, according to device identification
And transaction record can inquire a certain transaction of this electronic signature equipment 2 correspondence, in this optional embodiment, service
First unit data bag of this transaction of electronic signature equipment 2 request repeat inquired can all be retransmitted to electronics label by device
Name equipment 2, to ensure that electronic signature equipment 2 receives the friendship of the first complete unit data bag, server and electronic signature equipment 2
The most errorless (i.e. space release operation is errorless).In this optional embodiment, acquisition module 23, it is additionally operable to receive server
After X the first unit data bag retransmitted, security module 21, each the be additionally operable to judge in this X the first unit data bag
Whether one unit data bag exists the first unit data bag identical with the N number of first unit data bag stored before, specifically,
Security module 21 by first the first unit data bag a in X the first unit data bag successively with each the of self storage
One unit data bag compares, if existing identical with the first unit data bag a in the first unit data bag of self storage
The first unit data bag, then skip this first unit data bag a, or by store before with the first unit data bag a phase
The first same unit data bag is deleted, and again stores this first unit data bag a;Complete first the first unit data bag
After the judgement of a, security module 21 continue one by one to second the first unit data bag b in X the first unit data bag, the
Three the first unit data bag c ... last first unit data bag x judges.Thus, security module 21 can be by
X the first unit data bag that server is retransmitted is stored in its memory space.
For example, for the transaction of a numbered 1*******, the friendship in the transaction request that communication module 22 sends
Easily the amount of money is 10 yuan, and acquisition module 23 receives 2 the first unit data bags representing 5 yuan of currency denominations respectively that server sends
(2 the first unit data bags are respectively packet a and packet b), but due to loss of data in transmitting procedure, acquisition module 23
(receiving only packet a), currency denomination summation is 5 only to receive 1 the first unit data bag representing 5 yuan of currency denominations
Unit, unequal with dealing money 10 yuan.For this transaction, packet a is stored by security module 21, and by communication module 22 to
Server sends the request of repeating transmission, and is received the retransmission of information that server sends, this repeating transmission according to the request of repeating transmission by acquisition module 23
Request includes: the device identification of electronic signature equipment 2 and transaction record, and server, can after receiving this repeating transmission request
To inquire this transaction of this electronic signature equipment 2 correspondence according to device identification and transaction record, server can will be inquired about
To the first unit data bag of this transaction of electronic signature equipment 2 request repeat all retransmit to electronic signature equipment 2, i.e.
Server is sent to this retransmission of information of electronic signature equipment 2 and includes packet a and packet b.Security module 21 judges to retransmit
The first unit data bag in packet a identical with the packet a stored before, then skip packet a, only storage is retransmitted
Packet b, or, the packet a stored before is deleted, again storage packet a and packet b.Thus, electronic signature is worked as
When equipment 2 is not received by the whole first unit data bag needed for a transaction, server can be by needed for this transaction
Whole first unit data packet retransmissions are to electronic signature equipment 2, so that transaction can smoothly complete.
The most such as, as the optional embodiment of one, electronic signature equipment 2 after sending, to server, the request of repeating transmission,
Electronic signature equipment 2 receives the retransmission of information that server sends according to the request of repeating transmission, wherein, at least includes in this repeating transmission request:
The device identification of electronic signature equipment 2, transaction record and the package identification of each the first unit data bag received, weight
Photos and sending messages includes X the first unit data bag, and the summation of this X the currency denomination representated by the first unit data bag is plus it
Before the summation of the currency denomination representated by N number of first unit data bag that receives equal to dealing money, i.e. this X the first unit
Packet is the first unit data bag that electronic signature equipment 2 does not receives, and in this optional embodiment, server is to electricity
Sub-signature device 2 has retransmitted the first unit data bag that is that leakage in a transaction is sent out or that lose in transmitting procedure, according to equipment mark
Knowledge and transaction record can inquire a certain transaction of this electronic signature equipment 2 correspondence, and server can be by being somebody's turn to do of inquiring
Those first unit datas that the package identification that do not inquires in this transaction of electronic signature equipment 2 request repeat is corresponding
Packet retransmission is to electronic signature equipment 2, to ensure that electronic signature equipment 2 receives the first complete unit data bag, server and electricity
The transaction of sub-signature device 2 is errorless (i.e. space release operation is errorless).Compared with the optional embodiment in a upper example, this is optional
Embodiment can reduce the volume of transmitted data of server, is substantially reduced the workload of server, improves what server was retransmitted
Work efficiency.
For example, for the transaction of a numbered 1*******, the friendship in the transaction request that communication module 22 sends
Easily the amount of money is 15 yuan, and acquisition module 23 receives 1 the first unit data bag (number representing 5 yuan of currency denominations that server sends
According to bag c), and 1 the first unit data bag representing 10 yuan of currency denominations (packet d), but due to data in transmitting procedure
Losing, acquisition module 23 only receives packet c, and currency denomination summation is 5 yuan, unequal with dealing money 15 yuan.For this
Transaction, communication module 22 sends, to server, the request of repeating transmission, and receives the retransmission of information that server sends according to the request of repeating transmission,
The package identification of packet c is also carried, after server receives this repeating transmission request, for these electronics label in the request of retransmitting
This transaction of name equipment 2 can inquire all first unit data bags of its correspondence, just it appeared that retransmit in request and do not have
Having the package identification of packet d, packet d can be retransmitted to electronic signature equipment 2 by server.Security module 21 will service
Think highly of the packet d sent out to be stored in its memory space.In the present embodiment, the repeating transmission request that communication module 22 sends to server
In can include the package identification of part the first unit data bag that has been received, server can be according to the request of retransmitting
In package identification determine the first unit data bag needing in retransmission of information to carry.Thus, do not have when electronic signature equipment 2
When having the whole first unit data bag received needed for a transaction, server can be by unreceived part the first units
According to packet retransmission to electronic signature equipment 2, not only reduce the transmission quantity of retransmission data, also ensure that transaction can smoothly complete.
Below it is all to illustrate as a example by the embodiment of a transaction, in the present embodiment, for many transactions
In every transaction can realize in the manner described above.
In the present embodiment, in order to prevent electronic signature equipment 2 from illegally re-using same first unit data bag, cause
The confusion of electronic banking circulation, it is ensured that same first unit data wraps in the uniqueness in process of exchange, security module 21, goes back
For M the first unit data bag is encrypted, obtains M the second unit data bag, and be coated with M the second unit data
M the first unit data bag of storage in lid safety chip;Communication module 22, is additionally operable to send M the second unit data bag
To server;Security module 21, is additionally operable to delete M the first unit data bag, specifically includes: security module 21, be additionally operable to delete
Except M the second unit data bag.In the present embodiment, the cryptographic operation that M the first unit data bag is carried out by security module 21 is
Irreversible operation, i.e. security module 21 can be encrypted the first unit data bag and be obtained the second unit data bag, but can not be from second
The deciphering of unit data bag obtains the first unit data bag, therefore, when the M obtained a second unit data bag covers the M of correspondence
During individual first unit data bag, security module 21 only stores the second unit data bag of encryption, owing to it can not be to
Two unit data bag deciphering, so the first unit data bag cannot be recovered, also cannot repeat these first units of use
Packet, thus prevent the user holding electronic signature equipment from reusing these the first unit data bags and consume, cause
The logical confusion of first unit data packet stream.
Specifically, as the optional embodiment of one, security module 21, for carrying out M the first unit data bag
Encryption, specifically includes: security module 21, for utilizing the PKI of server at least each in M the first unit data bag
The first unit data in first unit data bag is encrypted.As the optional embodiment of another kind, security module 21, use
In M the first unit data bag is encrypted, specifically include: security module 21, be used for utilizing symmetric key at least to M the
The first unit data in each first unit data bag in one unit data bag is encrypted;And to M the first unit
After packet is encrypted, delete this symmetric key.
Embodiment optional for latter, symmetric key can be consulted to obtain by electronic signature equipment 2 and server.
Alternatively, symmetric key can be the XOR factor associated with server.Security module 21, is used for utilizing symmetric key the most right
The first unit data in each first unit data bag in M the first unit data bag is encrypted, and specifically includes: safety
Module 21, for utilizing the XOR factor at least to first in each first unit data bag in M the first unit data bag
Unit data carries out XOR.XOR falls within a kind of symmetric encryption operation mode, but compares other symmetric cryptographies fortune
The mode calculated, the speed of XOR, thus, it is possible to improve security module 21 first unit data bag is encrypted life
Become the efficiency of the second unit data bag.
In a kind of optional embodiment of the present embodiment, acquisition module 23, the repeating transmission being additionally operable to receive server transmission please
Ask;Communication module 22, is additionally operable to M the second unit data bag is re-transmitted to server, or, send according to server
The second unit data bag that server is not received by the request of repeating transmission sends to server.Specifically, server is receiving electricity
After second unit data bag of sub-signature device transmission and transaction request, calculate representated by the second unit data bag received
Currency denomination summation is the most equal with the dealing money in transaction request, if this currency denomination summation is less than dealing money, then
Illustrating have the second unit data bag to lose in transmitting procedure, now, repeating transmission request is sent to electronic signature equipment by server.
Thus, electronic signature equipment can ensure that by retransmitting the second unit data bag server receives whole second sent
Packet.
In the present embodiment, at least by using the PKI of symmetric key or server, the first unit data bag can be entered
The mode of row encryption, prevents electronic signature equipment 2 from illegally re-using same first unit data bag, causes the first unit
The confusion of packet circulation, it is ensured that same first unit data wraps in the uniqueness in process of exchange.Certainly the present embodiment is also
It is not excluded for other embodiments, as long as identical technique effect can be reached.In use, electronic signature equipment can be led to
Cross and these the first unit data bags are sent to opposite end electronic signature equipment to complete payment operation, and without being networked to backstage clothes
Business device just can complete payment, so that electronic signature equipment has the function of off-line trading.Furthermore, it is necessary to explanation, this reality
Execute the first unit data bag in example to can be understood as including: clear-text way and two kinds of packets of encrypted test mode, the second units
Can be understood as the one of the first unit data bag, the packet after the i.e. first unit data packet encryption according to bag, be i.e. the first list
The ciphertext form of bit data bag.Additionally, the second unit data bag is ciphertext, it is ensured that the safety of transmission data, even and if quilt
Other equipment is intercepted and captured, it is also difficult to crack, and further increases the safety that the first unit data packet stream is logical.
Using the electronic signature equipment 2 that the present embodiment provides, this electronic signature equipment 2 is receiving release memory space
When total number of the first unit data bag currently stored in triggering command or safety chip reaches default value, can be by certainly
First unit data bag of M little face amount of body storage is sent to server, to the N that server currency exchange face amount summation is identical
First unit data bag of individual big face amount, thus, it is possible to make safety chip discharge shared by M-N the first unit data bag
Memory space, thus ensure that electronic signature equipment has enough memory spaces to support that follow-up transaction can sequentially be carried out.
In flow chart or at this, any process described otherwise above or method description are construed as, and expression includes
One or more is for realizing the module of code, fragment or the portion of the executable instruction of the step of specific logical function or process
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not by shown or discuss suitable
Sequence, including according to involved function by basic mode simultaneously or in the opposite order, performs function, and this should be by the present invention
Embodiment person of ordinary skill in the field understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method in memory and can be performed by suitable instruction execution system with storage
Or firmware realizes.Such as, if realized with hardware, with the most the same, available well known in the art under
Any one or their combination in row technology realize: have the logic gates for data signal realizes logic function
Discrete logic, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), on-the-spot
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that and realize all or part of step that above-described embodiment method is carried
Suddenly the program that can be by completes to instruct relevant hardware, and described program can be stored in a kind of computer-readable storage medium
In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated mould
Block both can realize to use the form of hardware, it would however also be possible to employ the form of software function module realizes.Described integrated module is such as
When fruit is using the form realization of software function module and as independent production marketing or use, it is also possible to be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
Example " or the description of " some examples " etc. means to combine this embodiment or example describes specific features, structure, material or spy
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is example
Property, it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is without departing from the principle of the present invention and objective
In the case of above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention
Limited by claims and equivalent thereof.
Claims (12)
1. the method for commerce of an electronic signature equipment, it is characterised in that including:
Electronic signature equipment obtains M the first unit data bag from the safety chip of described electronic signature equipment, by described M
First unit data bag and transaction request send to server, and described transaction request at least includes: dealing money, wherein, often
Individual described first unit data bag represents a kind of currency denomination in multiple currency denomination, described M the first unit data bag institute
The summation of the currency denomination represented is equal to described dealing money;
Described electronic signature equipment receives N number of first unit data bag that described server sends, wherein, and 0 < N < M, M, N is
Integer;
In the case of the summation of the currency denomination representated by described N number of first unit data bag is equal to described dealing money, institute
State described M the first unit data bag that electronic signature equipment is deleted in described safety chip, and described N number of the will received
One unit data bag is stored in the memory space of safety chip distribution of described electronic signature equipment.
Method of commerce the most according to claim 1, it is characterised in that
Described electronic signature equipment obtain from the safety chip of described electronic signature equipment M the first unit data bag it
Before, described method also includes:
Described electronic signature equipment receives the triggering command of the memory space discharging described safety chip, or, described electronics
Signature device detects that total number of the first unit data bag currently stored in described safety chip reaches default value.
3. according to the method for commerce described in any one of claim 1 or 2, it is characterised in that
Described M the first unit data bag is sent extremely described server by described electronic signature equipment, including:
Described M the first unit data bag is encrypted by described electronic signature equipment, obtains M the second unit data bag, and
Described M the first unit data bag of storage in described safety chip is covered, by described M by described M the second unit data cladding
Individual second unit data bag sends to server;
Described electronic signature equipment deletes described M the first unit data bag in described safety chip, including:
Described electronic signature equipment deletes described M the second unit data bag in described safety chip.
4. according to the method for commerce described in any one of claims 1 to 3, it is characterised in that
Described first unit data bag at least includes: the first unit data, and described first unit data at least includes: currency denomination
Data, or, currency sequence number and currency denomination data;
Described first unit data bag the most also includes one below: the bank of issue identifies and bank certificate sequence number.
Method of commerce the most according to claim 4, it is characterised in that
Described M the first unit data bag is encrypted by described electronic signature equipment, including:
Described electronic signature equipment utilizes the PKI of described server at least to each the in described M the first unit data bag
Described first unit data in one unit data bag is encrypted.
Method of commerce the most according to claim 4, it is characterised in that
Described M the first unit data bag is encrypted by described electronic signature equipment, including:
Described electronic signature equipment utilizes symmetric key at least to each first units in described M the first unit data bag
It is encrypted according to described first unit data in bag;
After described M the first unit data bag is encrypted by described electronic signature equipment, described method also includes:
Delete described symmetric key.
7. an electronic signature equipment, it is characterised in that described electronic signature equipment includes:
Security module, for obtaining M the first unit data bag of self storage;
Communication module, for described M the first unit data bag and transaction request are sent to server, described transaction request
Including: dealing money, wherein, each first unit data bag represents a kind of currency denomination in multiple currency denomination, described M
The summation of the currency denomination representated by the first unit data bag is equal to described dealing money;
Acquisition module, for receive described server send N number of first unit data bag, wherein, 0 < N < M, M, N be whole
Number;
Described security module, is additionally operable to the summation at the currency denomination representated by described N number of first unit data bag and is equal to described
In the case of dealing money, delete M the first unit data bag of self storage described, and described N number of first will received
Unit data bag is stored in the memory space of described security module distribution.
Electronic signature equipment the most according to claim 7, it is characterised in that
Described security module, is additionally operable to, before obtaining M the first unit data bag of self storage, receive its storage of release
The triggering command in space;Or, it is additionally operable to, before obtaining M the first unit data bag of self storage, detect and self work as
Total number of the first unit data bag of front storage reaches default value.
9. according to the electronic signature equipment described in claim 7 or 8, it is characterised in that
Described security module, is additionally operable to be encrypted described M the first unit data bag, obtains M the second unit data bag,
And described M the first unit data bag of self storage is covered by described M the second unit data cladding;
Described communication module, is additionally operable to send to described server described M the second unit data bag;
Described security module, is additionally operable to delete M the first unit data bag of self storage described, including:
Described security module, is additionally operable to delete described M the second unit data bag.
10. according to the electronic signature equipment described in any one of claim 7 to 9, it is characterised in that
Described first unit data includes at least including: the first unit data, and described first unit data at least includes: currency face
Value Data, or, currency sequence number and currency denomination data;
Described first unit data bag the most also includes one below: the bank of issue identifies and bank certificate sequence number.
11. electronic signature equipment according to claim 10, it is characterised in that
Described security module, is additionally operable to be encrypted described M the first unit data bag, including:
Described security module, is additionally operable to utilize the PKI of described server at least every in described M the first unit data bag
Described first unit data in individual first unit data bag is encrypted.
12. electronic signature equipment according to claim 10, it is characterised in that
Described security module, is additionally operable to be encrypted described M the first unit data bag, including: described security module utilizes
Symmetric key is at least to described first unit data in each first unit data bag in described M the first unit data bag
It is encrypted;
Described security module, is additionally operable to, after being encrypted described M the first unit data bag, delete described symmetry close
Key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584717.4A CN106228349B (en) | 2016-07-22 | 2016-07-22 | Transaction method of electronic signature device and electronic signature device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610584717.4A CN106228349B (en) | 2016-07-22 | 2016-07-22 | Transaction method of electronic signature device and electronic signature device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106228349A true CN106228349A (en) | 2016-12-14 |
CN106228349B CN106228349B (en) | 2021-01-15 |
Family
ID=57532458
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610584717.4A Active CN106228349B (en) | 2016-07-22 | 2016-07-22 | Transaction method of electronic signature device and electronic signature device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106228349B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111915283A (en) * | 2019-05-09 | 2020-11-10 | 天地融科技股份有限公司 | Off-line electronic money payment method and device |
CN111915431A (en) * | 2019-05-09 | 2020-11-10 | 天地融科技股份有限公司 | Off-line electronic money transaction method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1259215A (en) * | 1997-04-01 | 2000-07-05 | 卡迪斯企业国际公司 | Countable electronic monetary system and method |
CN1756150A (en) * | 2004-09-30 | 2006-04-05 | 飞力凯网路股份有限公司 | Information management apparatus, information management method, and program |
AU2009240780A1 (en) * | 2008-04-21 | 2009-10-29 | Kamalini Malhotra | Apparatus, method and system for facilitating payment of monetary transactions |
CN102468960A (en) * | 2010-11-16 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Off-line mode identity and transaction authentication method and terminal |
CN104981826A (en) * | 2012-03-27 | 2015-10-14 | 捷付宝私人有限公司 | Digital emulation of cash-based transactions |
CN105913255A (en) * | 2016-01-22 | 2016-08-31 | 天地融科技股份有限公司 | Trade method and trade system of electronic signature device, and electronic signature device |
-
2016
- 2016-07-22 CN CN201610584717.4A patent/CN106228349B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1259215A (en) * | 1997-04-01 | 2000-07-05 | 卡迪斯企业国际公司 | Countable electronic monetary system and method |
CN1756150A (en) * | 2004-09-30 | 2006-04-05 | 飞力凯网路股份有限公司 | Information management apparatus, information management method, and program |
AU2009240780A1 (en) * | 2008-04-21 | 2009-10-29 | Kamalini Malhotra | Apparatus, method and system for facilitating payment of monetary transactions |
CN102468960A (en) * | 2010-11-16 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Off-line mode identity and transaction authentication method and terminal |
CN104981826A (en) * | 2012-03-27 | 2015-10-14 | 捷付宝私人有限公司 | Digital emulation of cash-based transactions |
CN105913255A (en) * | 2016-01-22 | 2016-08-31 | 天地融科技股份有限公司 | Trade method and trade system of electronic signature device, and electronic signature device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111915283A (en) * | 2019-05-09 | 2020-11-10 | 天地融科技股份有限公司 | Off-line electronic money payment method and device |
CN111915431A (en) * | 2019-05-09 | 2020-11-10 | 天地融科技股份有限公司 | Off-line electronic money transaction method and system |
Also Published As
Publication number | Publication date |
---|---|
CN106228349B (en) | 2021-01-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106651331B (en) | A kind of electronic trade method and system based on digital cash | |
CN104951937B (en) | Method for authenticating and right discriminating system between a kind of mobile equipment | |
CN103746800B (en) | TMK (terminal master key) safe downloading method and system | |
CN109493016A (en) | Offline electronic payment method, terminal based on digital cash and act on behalf of dispensing device | |
US20120239566A1 (en) | Asset storage and transfer system for electronic purses | |
CN104794613B (en) | A kind of mobile device authentication method based on point-of-sale terminal | |
CN111738725B (en) | Cross-border resource transfer authenticity auditing method and device and electronic equipment | |
CN105931049A (en) | Electronic signature device, and trading method and trading system thereof | |
CN104504565A (en) | Mobile payment system and method based on bank virtual card number | |
CN103903141A (en) | O2O safety payment method, system and POS terminal | |
TW201626286A (en) | System, method and apparatus for updating a stored value card | |
AU2011235531B2 (en) | Message storage and transfer system | |
CN106157013A (en) | Payment terminal, facility, server, system and payment processing method | |
WO2010109271A1 (en) | Systems, methods, apparatuses, and computer program products for generation and exchange of digital currency | |
CN108305071A (en) | A kind of method and apparatus of enquiring digital currency managing detailed catalogue | |
CN106228349A (en) | The method of commerce of a kind of electronic signature equipment and electronic signature equipment | |
CN105913259A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
JP2007310562A (en) | Settlement method using electronic money | |
CN105976179A (en) | Transaction method and transaction system of electronic signature equipment and electronic signature equipment | |
CN201210325Y (en) | Mobile storage device | |
Park et al. | OPERA: A Complete Offline and Anonymous Digital Cash Transaction System with a One-Time Readable Memory | |
CN105913253A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
CN103839330B (en) | Smart card and operation requests output intent, operation requests response method and system | |
CN105913258A (en) | Trade method and trade system of electronic signature device | |
US20240144232A1 (en) | Systems and methods for terminal device attestation for contactless payments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |