CN107730253B - Offline transaction aging management method and device - Google Patents

Offline transaction aging management method and device Download PDF

Info

Publication number
CN107730253B
CN107730253B CN201710830874.3A CN201710830874A CN107730253B CN 107730253 B CN107730253 B CN 107730253B CN 201710830874 A CN201710830874 A CN 201710830874A CN 107730253 B CN107730253 B CN 107730253B
Authority
CN
China
Prior art keywords
module
transaction
application
consumption
issuer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710830874.3A
Other languages
Chinese (zh)
Other versions
CN107730253A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201710830874.3A priority Critical patent/CN107730253B/en
Publication of CN107730253A publication Critical patent/CN107730253A/en
Application granted granted Critical
Publication of CN107730253B publication Critical patent/CN107730253B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The invention relates to the field of information security, in particular to an offline transaction aging management method and device, wherein the aging management method specifically comprises the following steps: when the terminal device obtains the application serial number of the intelligent card, whether the application serial number is listed in a special blacklist stored in the terminal device is judged, if not, the last online transaction time is obtained from the intelligent card, whether the time difference between the current consumption time and the last online transaction time is larger than a preset value is judged, and if not, the initialized consumption response sent by the intelligent card is received, so that the offline transaction is continuously executed.

Description

Offline transaction aging management method and device
Technical Field
The invention relates to the field of information security, in particular to an offline transaction aging management method and device.
Background
The smart card has an information processing function; smart cards are increasingly used in the fields of identity authentication, banking, telecommunications, public transportation, yard management and the like due to the advantages of inherent information security, portability, relatively perfect standardization and the like.
Currently, when the smart card performs off-line transaction, the terminal needs to perform smart card validity check, and the smart card validity check includes judging whether the smart card is in a blacklist, wherein the blacklist is used for storing a smart card identifier which fails due to loss report and other reasons; as time goes on, the number of loss reports of the smart card gradually increases, which causes the number of the blacklists stored in the terminal to gradually increase, the time for retrieving the blacklists during off-line transaction also increases, and the off-line transaction efficiency is reduced.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an offline transaction aging management method, which specifically comprises the following steps:
step S1, when the terminal device obtains the application serial number of the smart card, judging whether the application serial number is listed in a special blacklist stored in the terminal device, if so, performing error processing; otherwise, executing step S2;
step S2, the terminal device obtains the last online transaction time from the smart card, and judges whether the time difference between the current consumption time and the last online transaction time is larger than a preset value, if so, error processing is carried out; otherwise, sending an initial consumption command to the smart card, and executing the step S3;
step S3, the terminal equipment receives the initialized consumption response sent by the intelligent card, generates a first process key according to the pseudo random number and the off-line transaction serial number in the initialized consumption response, encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code, and sends a consumption command containing the terminal transaction serial number, the transaction time and the first message authentication code to the intelligent card;
step S4, the terminal equipment receives the consumption command response sent by the intelligent card, judges whether the second message authentication code in the consumption command response is valid, if yes, the off-line transaction is successful, and generates a transaction record; otherwise, the off-line transaction fails, and a transaction record is generated.
The invention also provides a device for managing the aging of the off-line transaction, which comprises the following components:
an acquisition module: the system is used for acquiring an application serial number of the smart card and acquiring last online transaction time from the smart card;
the storage module is used for storing the special blacklist;
the first judging module is used for judging whether the application serial number is listed in a special blacklist stored in the storage module when the acquisition module acquires the application serial number of the smart card;
the second judging module is used for judging whether the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value or not when the first judging module judges that the application serial number is not in the special blacklist;
the error processing module is used for carrying out error processing when the first judging module judges that the application serial number is in the special blacklist; the second judging module is used for judging whether the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value or not;
the sending module is used for sending an initial consumption command to the intelligent card when the second judging module judges that the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is not greater than a preset value; the intelligent card is also used for sending a consumption command containing the terminal transaction serial number, the current transaction time and the first message authentication code generated by the first message authentication code generation module to the intelligent card;
the receiving module is used for receiving an initial consumption command response sent by the intelligent card; the intelligent card is also used for receiving a consumption command response sent by the intelligent card;
the first message authentication code generation module is used for generating a first process key according to the pseudo-random number and the offline transaction serial number in the initialization consumption response when the receiving module receives the initialization consumption response, and encrypting the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code;
the third judging module is used for judging whether the second message authentication code in the consumption command response is valid or not when the receiving module receives the consumption command response;
the transaction record generating module is used for generating a transaction record when the third judging module judges that the second message authentication code in the consumption command response is valid and the off-line transaction is successful; and the third judging module is also used for failing the off-line transaction and generating a transaction record when the third judging module judges that the second message authentication code in the consumption command response is invalid.
The invention has the beneficial effects that: by adopting the technical scheme provided by the invention, the control of the intelligent card on the number of the blacklist in the off-line transaction process is realized, the off-line transaction time can be effectively shortened, and the off-line transaction efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an offline transaction aging management method according to embodiment 1 of the present invention;
fig. 2 and fig. 3 are flowcharts of an offline transaction aging management method according to embodiment 2 of the present invention;
fig. 4 and 5 are flowcharts of an offline transaction aging management method according to embodiment 3 of the present invention;
fig. 6 is a block diagram of an offline transaction aging management apparatus according to embodiment 4 of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention; it is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment provides an offline transaction aging management method, referring to fig. 1, including:
step S1, when the terminal device obtains the application serial number of the smart card, judging whether the application serial number is listed in a special blacklist stored in the terminal device, if so, performing error processing; otherwise, executing step S2;
step S2, the terminal device obtains the last online transaction time from the smart card, and judges whether the time difference between the current consumption time and the last online transaction time is larger than a preset value, if so, error processing is carried out; otherwise, sending an initial consumption command to the smart card, and executing the step S3;
it should be noted that the last online transaction time is specifically the latest online transaction time of the smart card; in this embodiment, when the smart card performs online transaction, the current transaction time is acquired to update the last connection transaction time stored in the smart card.
The error processing specifically includes: the terminal equipment reports the error display or reports the error and generates a prompt tone.
Preferably, after the terminal device determines that the time difference between the current consumption time and the last online transaction time is greater than the preset value, the method further includes: the terminal device determines whether the application serial number is in a complete blacklist stored in the terminal device, if so, error processing is performed, otherwise, step S3 is executed.
It should be noted that the special blacklist is used for storing the application serial number of the complete blacklist, the loss report time of which is within the preset time period; the duration of the preset time period is a preset value.
Step S3, the terminal equipment receives the initialized consumption response sent by the intelligent card, generates a first process key according to the pseudo random number and the off-line transaction serial number in the initialized consumption response, encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code, and sends a consumption command containing the terminal transaction serial number, the transaction time and the first message authentication code to the intelligent card;
specifically, step S3 specifically includes: the terminal equipment receives an initialized consumption response sent by the intelligent card, generates a first process key according to a pseudo random number and an offline transaction serial number in the initialized consumption response, sequentially splices the transaction amount, the transaction type identifier, the terminal machine number and the transaction time, encrypts spliced data by using the first process key to obtain encrypted data, and takes the first four bytes of the encrypted data as a first message authentication code.
Step S4, the terminal equipment receives the consumption command response sent by the intelligent card, judges whether the second message authentication code in the consumption command response is valid, if yes, the off-line transaction is successful, and generates a transaction record; otherwise, the off-line transaction fails, and a transaction record is generated.
Specifically, step S4 includes:
step 201, the terminal equipment receives a consumption command response sent by the intelligent card, acquires a second message authentication code from the consumption command response, and encrypts the transaction amount by using a first process key to generate a third message authentication code;
step 202, the terminal equipment judges whether the third message authentication code is consistent with the second message authentication code, if so, the off-line transaction is successful, and a transaction record is generated; otherwise, the off-line transaction fails, and a transaction record is generated.
Preferably, the terminal device acquires and stores the special blacklist from the management system periodically or acquires and stores the special blacklist and the complete blacklist from the management system periodically;
further, the private blacklist and the full blacklist are downloaded from the management system or the private blacklist is downloaded from the management system when the terminal device has an online condition.
Alternatively, step S2 may be replaced with: the terminal equipment sends an initial consumption command to the intelligent card;
correspondingly, after the step S3, before the step S4, the method further includes: the intelligent card judges whether the time difference between the consumption time in the consumption command and the last online transaction time is greater than a preset time period, if so, error processing is carried out, and the operation is finished; otherwise, returning a consumption command response to the terminal device, and executing step S4.
Preferably, step S1 is preceded by: the terminal equipment sends an application selection request containing an application identifier to the smart card; and waiting for receiving issuer-specific data returned by the intelligent card, wherein the issuer-specific data comprises the application serial number of the intelligent card. The card issuer proprietary data specifically includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
Preferably, step S1 is preceded by:
step 101, the terminal equipment judges whether card issuer identifiers in card issuer proprietary data are supported or not; if yes, executing step 102, otherwise, performing error processing;
step 102, the terminal equipment judges whether the application on the intelligent card is supported or not according to the application type identification in the special data of the card issuer, if so, step 103 is executed, otherwise, error processing is carried out;
103, the terminal equipment judges whether the application version represented by the application version number in the card issuer special data is supported, if so, the step 104 is executed, otherwise, error processing is carried out;
and step 104, the terminal equipment judges whether the application validity period in the card issuer proprietary data is in the validity period, if so, step 1 is executed, otherwise, error processing is performed.
Example 2
The method for maintaining the blacklist in the management system specifically comprises the following steps of:
step A1, when the management system receives the loss report application, the application serial number is obtained from the loss report application; writing the application serial number into a complete blacklist;
step A2, the management system inquires the transaction record corresponding to the obtained application serial number, and obtains the last online transaction time from the transaction record;
step A3, the management system obtains the current server time, judges whether the time difference between the last online transaction time and the current server time is less than the preset time period, if yes, the application serial number is written into a special blacklist; otherwise, ending.
For example, the preset time period is 12 months, and the last online transaction time recorded in the transaction record corresponding to the application serial number in the loss report application is 2015, 1 month and 1 day; and when the current server time is 2015, 5, month and 1 day, the time difference between the last online transaction time and the current server time is smaller than a preset time period, writing the application serial number into a special blacklist, when the current server time is 2016, 1, month and 2 days, the time difference between the last online transaction time and the current server time is not smaller than the preset time, and ending.
Step a3 is followed by: the method comprises the steps that a management system regularly updates a special blacklist, and specifically comprises the steps that a card issuing server regularly obtains an application serial number in a preset time period before the loss reporting time is the current server time from the special blacklist, and an updated special blacklist is generated according to the obtained application serial number.
The embodiment provides an offline transaction aging management method, wherein terminal equipment downloads a special blacklist from a management system periodically; referring to fig. 2 and 3, the method specifically includes:
step 101, the terminal equipment checks whether the smart card is inserted into the card reader, if so, step 102 is executed, otherwise, step 101 is returned to;
102, the terminal equipment sends an application selection request containing an application identifier to the smart card;
specifically, the format of a command message of an application selection request sent by the terminal equipment is C L A + INS + P1+ P2+ L C + Data + L e, wherein C L A is a command type, INS is a command code, and P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
in this embodiment, the terminal device calculates the length of the command data field 3F01, specifically 02; sequentially splicing the command type 00, the command code A4, the command parameter 0000, the length 02 of the command data field, the command data field 3F01 and the maximum byte number 00 of the expected response data to obtain an application selection request, wherein the application selection request specifically comprises the following steps: 00A 40000023F 0100.
Step 103, the smart card judges whether the application corresponding to the application identifier is supported, if so, the smart card sends issuer-specific data to the terminal equipment; otherwise, sending application selection failure response to the terminal equipment, and ending;
specifically, the issuer-specific data includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
In this embodiment, the issuer-specific data received by the terminal device is: CFC3C 5D2D7CDA 802010011223344556678992016111820261118 FFFF, reading the first byte to the eighth byte to obtain an issuer identifier CFC3C 5D2D7CDA8, reading the ninth byte to obtain an application type identifier 02, reading the tenth byte to obtain an issuer application version number 01, reading the eleventh byte to the twentieth byte to obtain an application serial number 00112233445566778899, reading the twenty-first byte to the twenty-fourth byte to obtain an application enabling date 20161118, namely 2016, 18 months; reading the twenty-fifth to twenty-eighth bytes results in application activation date 20261118, i.e., 11/18/2026; and reading twenty-ninth byte to thirty byte to obtain the card issuer self-defined data FFFF.
Step 104, the terminal equipment judges whether the smart card is in a special blacklist stored in the terminal equipment or not according to the card issuer identifier and the application serial number contained in the card issuer special data, if so, error processing is carried out, and the operation is finished; otherwise, executing step 105;
step 105, the terminal equipment judges whether card issuer identifiers in card issuer proprietary data are supported; if yes, go to step 106, otherwise, error processing is performed, and the process is ended
Step 106, the terminal equipment judges whether the application on the intelligent card is supported or not according to the application type identification in the special data of the card issuer, if so, step 107 is executed, otherwise, error processing is carried out, and the process is finished;
step 107, the terminal equipment judges whether the application version represented by the application version number in the card issuer special data is supported, if so, step 108 is executed, otherwise, error processing is performed, and the process is ended;
step 108, the terminal equipment judges whether the application validity period in the special data of the card issuer is in the validity period, if so, the terminal equipment sends an initialized consumption command to the intelligent card, otherwise, the terminal equipment performs error processing and finishes;
specifically, an initialization consumption command INITIA L IZE FOR PURCHASE is used FOR initializing consumption transaction, wherein the format of an INITIA L IZE FOR PURCHASE command message is specifically C L A + INS + P1+ P2+ L C + Data + L e, C L A is a command type, INS is a command code, P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
in this embodiment, initializing the command Data field Data of the consumption command specifically includes: key index number, transaction amount, and terminal number.
More specifically, the step of sending the initial consumption command to the smart card by the terminal device is specifically as follows: the terminal equipment sequentially splices the key index number 01, the transaction amount 00000064 and the terminal machine number 000000000000 to obtain a command data field, calculates the length 0B of the command data field, sequentially splices the command type 80, the command code 50, the command parameter 0102, the length 0B of the command data field, the command data field 0100000064000000000000 and the maximum byte number 00 of the expected response data to obtain an initialized consumption command, and sends the obtained initialized consumption command to the smart card.
Step 109, the smart card judges whether the key index number provided in the initialization consumption command is supported, if yes, step 110 is executed; otherwise, sending a response of key index not supported, and ending;
after the smart card judges that the key index number provided in the initialization consumption command is not supported, the key index state word 9403 which is not supported is sent back to the terminal equipment, and offline consumption is terminated;
step 110, the smart card judges whether the card balance is greater than or equal to the transaction amount provided in the initial consumption command, if so, step 111 is executed, otherwise, a card balance insufficiency response is sent, and the operation is finished;
when the intelligent card judges that the balance of the card is less than the transaction amount provided in the initial consumption instruction, the intelligent card returns a card balance insufficiency status word 9401 to the terminal equipment, and offline consumption is terminated;
step 111, the intelligent card generates a pseudo-random number, acquires a current offline transaction serial number, and sends an initialization consumption response containing the offline transaction serial number and the pseudo-random number to the terminal equipment;
the initialization response data received by the terminal device in this embodiment is specifically: 00003a 9800000000000100 CD701726, reading the first to fourth bytes to get the e-wallet balance 00003a 98; reading the fifth byte to the sixth byte to obtain an offline transaction serial number 0000; reading the seventh byte to the ninth byte to obtain the overdraft limit of 000000; reading the tenth byte to obtain a key version number 01; reading the eleventh byte to obtain an algorithm identifier 00; reading the twelfth byte to the fifteenth byte obtains the pseudo-random number CD701726 generated by the smart card.
Step 112, the terminal equipment acquires a terminal transaction serial number, and generates a first process key according to the pseudo-random number, the offline transaction serial number and the terminal transaction serial number;
the method for generating the first process key specifically comprises the following steps: the terminal equipment sequentially splices the last two bytes of the pseudo-random number, the offline transaction serial number and the terminal serial number; dispersing the spliced data by using the consumption sub-key DPK to obtain a first process key;
step 113, the terminal equipment encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using a first process key to generate a first message authentication code;
specifically, the terminal equipment splices the transaction amount, the transaction type identifier, the terminal machine number and the transaction time sequence, encrypts spliced data by using a first process key to obtain encrypted data, wherein the first four bytes of the encrypted data are first message authentication codes;
step 114, the terminal equipment sends a consumption command containing a terminal transaction serial number, transaction time and a first message authentication code to the intelligent card;
the method comprises the steps of obtaining a consumption command DEBIT FOR PURCHASE, wherein the consumption command DEBIT FOR PURCHASE is used FOR consumption transaction, the format of a DEBIT FOR PURCHASE command message is specifically C L A + INS + P1+ P2+ L C + Data + L e, C L A is a command type, INS is a command code, P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
the command data field of the consumption command specifically includes: the terminal transaction serial number, the transaction time and the first message authentication code MAC 1.
Specifically, in this embodiment, the terminal device sequentially splices the terminal transaction serial number 00000001, the transaction time 20161216160012, that is, 2016, 12, 16, 00, minutes and 12 seconds, and the first message authentication code E599F35208 to obtain a command data field, and calculates the length of the command data field to be 0F; sequentially splicing the command type 80, the command code 54, the command parameter 0100, the command data field length 0F, the command data field 0000000120161216160012E 599F35208 and the maximum byte number 00 of the expected response data to obtain a consumption command, wherein the consumption command specifically comprises the following steps: 805401000F 0000000120161216160012E 599F 3520800.
Step 115, the smart card acquires the last online transaction time, judges whether the time difference between the transaction time in the consumption command and the last online transaction time is greater than a preset time period, if so, sends a consumption refusing response to the terminal equipment, and ends; otherwise, go to step 116;
in this embodiment, the preset time period is 12 months;
for example, the last transaction time acquired by the smart card is 2015, 10, 16, 15, 00, min and 50 seconds, and the transaction time in the consumption command is 2016, 12, 16, 00, min and 12 seconds; if the time difference between the transaction time in the consumption command and the last online transaction time is greater than 12 months, returning a consumption rejection instruction to the terminal equipment, otherwise, executing step 112;
it should be noted that the preset time in step 115 is the same as the preset time in step a 3;
it should be noted that the last online transaction time is specifically the last online transaction time of the smart card, and in this embodiment, when the smart card performs online transaction, the current transaction time needs to be obtained to update the last online transaction time stored in the smart card.
Step 116, the intelligent card acquires an offline transaction serial number, generates a second process key according to the pseudo random number, the offline transaction serial number and the terminal transaction serial number, and encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the second process key to generate a second message authentication code;
step 117, the smart card judges whether the first message authentication code and the second message authentication code in the consumption command are consistent, if so, step 114 is executed, otherwise, a consumption refusal response is returned to the terminal equipment, and the process is finished;
step 118, the smart card obtains the transaction amount from the consumption command, deducts the consumption amount from the card balance, and adds 1 to the off-line transaction serial number;
step 119, the smart card encrypts the transaction amount by using the second process key to generate a third message authentication code; encrypting the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number and the transaction time to generate a transaction verification code;
specifically, the smart card encrypts the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number and the transaction time by using a TAC word key pair to generate a transaction verification code;
step 120, the smart card updates the transaction details according to the off-line transaction serial number, the transaction amount, the transaction type identifier, the terminal machine number and the transaction time; sending a consumption command response containing the third message authentication code and the transaction verification code to the terminal equipment;
in this embodiment, the data field in the consumption command response is specifically B0A7E9B 5C 09A9a59, where B0A7E9B5 is the transaction verification code, and C09A9a59 is the third message authentication code;
step 121, the terminal device obtains a third message authentication code from the consumption command response, and encrypts the transaction amount by using the first process key to generate a fourth message authentication code;
step 122, the terminal device judges whether the fourth message authentication code is consistent with the third message authentication code, if so, step 123 is executed; otherwise, the off-line transaction fails and is finished.
And step 123, the terminal equipment generates and stores a transaction record according to the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number, the transaction time and the transaction verification code in the consumption command response, and the off-line transaction is successful and finished.
Example 3
The embodiment provides an offline transaction aging management method, wherein terminal equipment downloads a special blacklist from a background server periodically; referring to fig. 4 and 5, the method specifically includes:
step 201, the terminal device checks whether the smart card is inserted into the card reader, if yes, step 202 is executed, otherwise, step 201 is returned;
step 202, the terminal device sends an application selection request containing an application identifier to the smart card;
specifically, the format of a command message of an application selection request sent by the terminal equipment is C L A + INS + P1+ P2+ L C + Data + L e, wherein C L A is a command type, INS is a command code, and P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
in this embodiment, the terminal device calculates the length of the command data field 3F01, specifically 02; sequentially splicing the command type 00, the command code A4, the command parameter 0000, the length 02 of the command data field, the command data field 3F01 and the maximum byte number 00 of the expected response data to obtain an application selection request, wherein the application selection request specifically comprises the following steps: 00A 40000023F 0100.
Step 203, the smart card judges whether the application corresponding to the application identifier is supported, if so, the smart card sends issuer-specific data to the terminal equipment; otherwise, sending an application selection failure response to the terminal equipment and ending;
specifically, the issuer-specific data includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
In this embodiment, the issuer-specific data received by the terminal device is: CFC3C 5D2D7CDA 80201001122334455667788992016111820261118 FFFF, read the first to eighth bytes to get the issuer identifier CFC3C 5D2D7CDA8, read the ninth byte to get the application type identifier 02, read the tenth byte to get the issuer application version number 01, read the eleventh to twentieth bytes to get the application serial number 00112233445566778899, read the twenty-fourth to twenty-fourth bytes to get the application enable date 20161118, i.e., 18/11/2016; reading the twenty-fifth to twenty-eighth bytes results in application activation date 20261118, i.e., 11/18/2026; and reading twenty-ninth byte to thirty byte to obtain the card issuer self-defined data FFFF.
Step 204, the terminal equipment sends a request for acquiring the last online transaction time to the smart card;
step 205, the smart card sends the last online time to the terminal equipment;
it should be noted that the last online transaction time is specifically the last online transaction time of the smart card, and in this embodiment, when the smart card performs online transaction, the current transaction time needs to be obtained to update the last online transaction time stored in the smart card.
Step 206, the terminal device judges whether the time difference between the current transaction time and the last online transaction time is greater than a preset time period, if so, error processing is performed, and if not, step 207 is executed;
in this embodiment, the preset time period is 12 months;
for example, the last transaction time acquired by the smart card is 2015, 10, 16, 15, 00, min and 50 seconds, and the current consumption time is 2016, 12, 16, 00, min and 12 seconds; if the time difference between the current transaction time and the last online transaction time is greater than 12 months, performing error processing, and if not, executing step 207;
it should be noted that the preset time period in step 206 is consistent with the preset time period in step a 3;
preferably, the terminal device downloads the special blacklist and the complete blacklist from the management system periodically;
correspondingly, when the terminal device stores the private blacklist and the complete blacklist, and it is determined in step 206 that the time difference between the current consumption time and the last online transaction time is greater than the preset time period, the method further includes: the terminal equipment acquires the card issuer identifier and the application serial number contained in the card issuer special data to judge whether the intelligent card is in a complete blacklist stored in the terminal equipment, if so, error processing is carried out, otherwise, step 208 is executed;
step 207, the terminal equipment judges whether the smart card is in a special blacklist stored in the terminal equipment according to the card issuer identifier and the application serial number contained in the card issuer special data, if so, error processing is performed, and if not, step 208 is executed;
it should be noted that, when only the proprietary black list is stored in the terminal device, that is, only the proprietary black list is checked, the sequence of step 206 and step 207 may be interchanged.
Step 208, the terminal equipment judges whether the card issuer identifier in the card issuer special data is supported or not; if yes, go to step 209, otherwise, error handling, end
Step 209, the terminal equipment judges whether the application on the intelligent card is supported or not according to the application type identifier in the card issuer special data, if so, step 210 is executed, otherwise, error processing is performed, and the process is ended;
step 210, the terminal equipment judges whether the application version represented by the application version number in the card issuer special data is supported, if so, step 211 is executed, otherwise, error processing is performed, and the process is ended;
step 211, the terminal equipment judges whether the application validity period in the special data of the card issuer is in the validity period, if so, the terminal equipment sends an initialized consumption command to the smart card, otherwise, the terminal equipment performs error processing, and the process is finished;
specifically, an initialization consumption command INITIA L IZE FOR PURCHASE is used FOR initializing consumption transaction, wherein the format of an INITIA L IZE FOR PURCHASE command message is specifically C L A + INS + P1+ P2+ L C + Data + L e, C L A is a command type, INS is a command code, P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
in this embodiment, initializing the command Data field Data of the consumption command specifically includes: key index number, transaction amount, and terminal number.
More specifically, the step of sending the initial consumption command to the smart card by the terminal device is specifically as follows: the terminal equipment sequentially splices the key index number 01, the transaction amount 00000064 and the terminal machine number 000000000000 to obtain a command data field, calculates the length 0B of the command data field, sequentially splices the command type 80, the command code 50, the command parameter 0102, the length 0B of the command data field, the command data field 0100000064000000000000 and the maximum byte number 00 of the expected response data to obtain an initialized consumption command, and sends the obtained initialized consumption command to the smart card.
Step 212, the smart card judges whether the key index number provided in the initialization consumption command is supported, if so, step 213 is executed; otherwise, sending a response of key index not supported, and ending;
when the intelligent card judges that the key index number provided in the initialized consumption command is not supported, the intelligent card returns a key index state word 0X 9403 which is not supported to the terminal equipment, and the offline consumption is terminated;
step 213, the smart card judges whether the card balance is greater than or equal to the transaction amount provided in the initial consumption command, if so, step 214 is executed, otherwise, a card balance insufficiency response is sent, and the operation is finished;
when the intelligent card judges that the balance of the card is less than the transaction amount provided in the initial consumption instruction, the intelligent card returns a card balance insufficiency status word 0X 9401 to the terminal equipment, and offline consumption is terminated;
step 214, the smart card generates a pseudo random number, acquires a current offline transaction serial number, and sends an initialization consumption response containing the offline transaction serial number and the pseudo random number to the terminal device;
the initialization response data received by the terminal device in this embodiment is specifically: 00003a 9800000000000100 CD701726, reading the first to fourth bytes to get the e-wallet balance 00003a 98; reading the fifth byte to the sixth byte to obtain an offline transaction serial number 0000; reading the seventh byte to the ninth byte to obtain the overdraft limit of 000000; reading the tenth byte to obtain a key version number 01; reading the eleventh byte to obtain an algorithm identifier 00; reading the twelfth byte to the fifteenth byte obtains the pseudo-random number CD701726 generated by the smart card.
Step 215, the terminal device obtains a terminal transaction serial number, and generates a first process key according to the pseudo random number, the offline transaction serial number and the terminal transaction serial number;
the method for generating the first process key specifically comprises the following steps: the terminal equipment sequentially splices the last two bytes of the pseudo-random number, the offline transaction serial number and the terminal serial number; dispersing the spliced data by using the consumption sub-key DPK to obtain a first process key;
step 216, the terminal device encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code;
specifically, the terminal equipment splices the transaction amount, the transaction type identifier, the terminal machine number and the transaction time sequence, encrypts spliced data by using a first process key to obtain encrypted data, wherein the first four bytes of the encrypted data are first message authentication codes;
step 217, the terminal equipment sends a consumption command containing a terminal transaction serial number, transaction time and a first message authentication code to the intelligent card;
the method comprises the steps of obtaining a consumption command DEBIT FOR PURCHASE, wherein the consumption command DEBIT FOR PURCHASE is used FOR consumption transaction, the format of a DEBIT FOR PURCHASE command message is specifically C L A + INS + P1+ P2+ L C + Data + L e, C L A is a command type, INS is a command code, P1 and P2 are command parameters, Data is a command Data field, L C is the length of the command Data field, and L e is the maximum byte number of expected response Data;
the command data field of the consumption command specifically includes: the terminal transaction serial number, the transaction time and the first message authentication code MAC 1.
Specifically, in this embodiment, the terminal device sequentially splices the terminal transaction serial number 00000001, the transaction time 20161216160012, that is, 2016, 12, 16, 00, minutes and 12 seconds, and the first message authentication code E599F35208 to obtain a command data field, and calculates the length of the command data field to be 0F; sequentially splicing the command type 80, the command code 54, the command parameter 0100, the command data field length 0F, the command data field 0000000120161216160012E 599F35208 and the maximum byte number 00 of the expected response data to obtain a consumption command, wherein the consumption command specifically comprises the following steps: 805401000F 0000000120161216160012E 599F 3520800.
Step 218, the smart card acquires an offline transaction serial number, generates a second process key according to the pseudo random number, the offline transaction serial number and the terminal transaction serial number, and encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the second process key to generate a second message authentication code;
step 219, the smart card judges whether the first message authentication code and the second message authentication code in the consumption command are consistent, if so, step 214 is executed, otherwise, a consumption refusal response is returned to the terminal device, and the process is finished;
step 220, the smart card acquires the transaction amount from the consumption command, deducts the consumption amount from the card balance, and adds 1 to the off-line transaction serial number;
step 221, the smart card encrypts the transaction amount by using the second process key to generate a third message authentication code; encrypting the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number and the transaction time to generate a transaction verification code;
specifically, the smart card encrypts the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number and the transaction time by using a TAC word key pair to generate a transaction verification code;
step 222, the smart card updates the transaction details according to the offline transaction serial number, the transaction amount, the transaction type identifier, the terminal machine number and the transaction time; sending a consumption command response containing the third message authentication code and the transaction verification code to the terminal equipment;
in this embodiment, the data field in the consumption command response is specifically B0A7E9B 5C 09A9a59, where B0A7E9B5 is the transaction verification code, and C09A9a59 is the third message authentication code;
step 223, the terminal device obtains the third message authentication code from the consumption command response, and encrypts the transaction amount by using the first process key to generate a fourth message authentication code;
step 224, the terminal device determines whether the fourth message authentication code is consistent with the third message authentication code, if so, step 225 is executed; otherwise, the off-line transaction fails and is finished.
And step 225, the terminal equipment generates and stores a transaction record according to the transaction amount, the transaction type identifier, the terminal machine number, the terminal transaction serial number, the transaction time and the transaction verification code in the consumption command response, the off-line transaction is successful, and the off-line transaction is finished.
Example 4
The embodiment provides an apparatus for managing the aging of an offline transaction, referring to fig. 6, including:
the acquisition module 11: the system is used for acquiring an application serial number of the smart card and acquiring last online transaction time from the smart card;
it should be noted that the last online transaction time acquired by the acquisition module is specifically the latest online transaction time of the smart card.
The storage module 12 is used for storing the special blacklist;
the first judging module 13 is configured to, when the obtaining module 11 obtains the application serial number of the smart card, judge whether the application serial number is listed in a special blacklist stored in the storage module 12;
the second judging module 14 is configured to, when the first judging module 13 judges that the application serial number is not in the private blacklist, judge whether a time difference between the current consumption time and the last online transaction time acquired by the acquiring module 11 is greater than a preset value;
an error processing module 15, configured to perform error processing when the first determining module 13 determines that the application serial number is in the private blacklist; the second judging module 14 is further configured to perform error processing when the second judging module 14 judges that the time difference between the current consumption time and the last online transaction time acquired by the acquiring module 11 is greater than a preset value;
the sending module 16 is configured to send an initial consumption command to the smart card when the second determining module 14 determines that the time difference between the current consumption time and the last online transaction time obtained by the obtaining module is not greater than the preset value; the intelligent card is also used for sending a consumption command containing the terminal transaction serial number, the current transaction time and the first message authentication code generated by the first message authentication code generation module 18 to the intelligent card;
a receiving module 17, configured to receive an initial consumption command response sent by the smart card; the intelligent card is also used for receiving a consumption command response sent by the intelligent card;
the first message authentication code generation module 18 is configured to generate a first process key according to the pseudo-random number and the offline transaction serial number in the initial consumption response when the receiving module 17 receives the initial consumption response, and encrypt the transaction amount, the transaction type identifier, the terminal machine number, and the transaction time by using the first process key to generate a first message authentication code;
specifically, the first message authentication module 18 is specifically configured to, when the receiving module receives an initialization consumption response sent by the smart card, generate a first process key according to a pseudo-random number and an offline transaction serial number in the initialization consumption response, sequentially splice the transaction amount, the transaction type identifier, the terminal machine number, and the transaction time, encrypt the spliced data by using the first process key to obtain encrypted data, and use the first four bytes of the encrypted data as a first message authentication code.
A third judging module 19, configured to judge whether the second message authentication code in the consumption command response is valid when the receiving module 17 receives the consumption command response;
the transaction record generating module 20 is configured to generate a transaction record when the third determining module 19 determines that the second message authentication code in the consumption command response is valid, and the offline transaction is successful; and when the third judging module 19 judges that the second message authentication code in the consumption command response is invalid, the offline transaction fails, and a transaction record is generated.
Specifically, the third determining module 19 specifically includes:
the message authentication code generation submodule is used for acquiring a second message authentication code from the consumption command response when the receiving module 17 receives the consumption command response, and encrypting the transaction amount by using the first process key to generate a third message authentication code;
the judging submodule is used for judging whether the second message authentication code in the consumption command response is consistent with the third message authentication code generated by the message authentication code generating submodule;
correspondingly, the transaction record generating module 20 is configured to, when the determining sub-module determines that the second message authentication code in the consumption command response is consistent with the third message authentication code generated by the message authentication code generating sub-module, successfully perform offline transaction, and generate a transaction record; and the judging submodule is also used for failing the off-line transaction and generating a transaction record when the judging submodule judges that the second message authentication code in the consumption command response is not consistent with the third message authentication code generated by the message authentication code generating submodule.
Preferably, the storage module 12 is further configured to store the complete blacklist;
correspondingly, the device also comprises: a fourth judging module, configured to, when the first judging module 13 judges that the application serial number is not in the list of the dedicated blacklist, judge whether the application serial number is in the list of the complete blacklist stored in the storage module 12;
the second judging module 14 is configured to, when the fourth judging module judges that the application serial number is not in the complete blacklist stored in the storage module 12, judge whether a time difference between the current consumption time and the last online transaction time acquired by the acquiring module 11 is greater than a preset value;
and an error processing module 15, configured to perform error processing when the fourth determining module determines that the application serial number is in the complete blacklist stored in the storage module 12.
It should be noted that the special blacklist stored in the storage module 12 is used to store the application serial number of the complete blacklist whose loss reporting time is within the preset time period; the duration of the preset time period is a preset value.
Preferably, the apparatus comprises: and the downloading module is used for acquiring and storing the special blacklist from the management system regularly or acquiring and storing the special blacklist and the complete blacklist from the management system regularly.
In more detail, the downloading module is used for acquiring a proprietary blacklist from the management system and storing the proprietary blacklist to the storage module 12 when the device has an online condition; or for obtaining the private blacklist and the full blacklist from the management system and saving the private blacklist and the full blacklist in the storage module 12 when the device has an online condition.
Optionally, when the apparatus does not include the second determining module, the sending module is specifically configured to send an initialization consumption command to the smart card when the first determining module 13 determines that the application serial number is not listed in the special blacklist; the intelligent card is also used for sending a consumption command containing the terminal transaction serial number, the current transaction time and the first message authentication code generated by the first message authentication code generation module 18 to the intelligent card;
when the smart card receives a consumption command sent by the device, judging whether the time difference between the consumption time in the consumption command and the last online transaction time is greater than a preset time period, if so, performing error processing, and ending; otherwise, a consume command response is returned to the device.
The error processing module is used for reporting an error to display or report an error and generating a prompt tone when the first judging module judges that the application serial number is listed in the special blacklist; and the second judging module is also used for displaying an error or reporting an error and generating a prompt tone when the second judging module judges that the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value.
Preferably, the sending module 16 is further configured to send an application selection request containing the application identifier to the smart card;
the receiving module 17 is further configured to receive issuer-specific data sent by the smart card, where the issuer-specific data includes an application serial number of the smart card;
the acquisition module 11: in particular, to obtain the application serial number of the smart card from the issuer-specific data received by the receiving module 17.
More specifically, the issuer-specific data received by the receiving module 17 specifically includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
Preferably, the apparatus comprises: a fifth judging module, configured to judge whether the card issuer identifier in the card issuer-specific data received by the receiving module 17 is supported;
a sixth judging module, configured to, when the fifth judging module judges that the receiving module 17 is supported to support the issuer identifier in the issuer-specific data received, judge whether the receiving module is supported to receive the application type identifier in the issuer-specific data to judge whether the application on the smart card is supported;
a seventh judging module, configured to, when the sixth judging module judges that the application on the smart card is supported according to the application type identifier in the card issuer-specific data received by the receiving module 17, judge whether the application version represented by the application version number in the card issuer-specific data received by the receiving module is supported;
an eighth judging module, configured to, when the seventh judging module judges that the issuer received by the receiving module 17 is supported to be equipped with the application version represented by the application version number in the data, judge whether the issuer application data received by the receiving module is within the validity period according to the application validity period;
the obtaining module 11 is specifically configured to, when the eighth determining module is within the validity period according to the application validity period in the issuer application data received by the receiving module 17, obtain an application serial number from the issuer application data received by the receiving module;
an error processing module 15, configured to perform error processing when the fifth determining module determines that the card issuer identifier in the card issuer-specific data received by the receiving module 17 is not supported; the sixth judging module is further configured to perform error processing when the sixth judging module judges that the application on the smart card is not supported according to the application type identifier in the card issuer-specific data received by the receiving module 17; the seventh judging module is further configured to perform error processing when the seventh judging module determines that the card issuer received by the receiving module 17 is not supported to install the application version represented by the application version number in the data; and is further configured to perform error processing when the eighth determining module does not perform error processing according to the validity period of the application in the issuer application data received by the receiving module 17.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (24)

1. An offline transaction aging management method is characterized by comprising the following steps:
step S1, when the terminal device obtains the application serial number of the smart card, judging whether the application serial number is listed in a special blacklist stored in the terminal device, if so, performing error processing; otherwise, executing step S2;
step S2, the terminal device obtains the last online transaction time from the smart card, and judges whether the time difference between the current consumption time and the last online transaction time is larger than a preset value, if so, error processing is carried out; otherwise, sending an initial consumption command to the smart card, and executing step S3;
step S3, the terminal equipment receives the initialized consumption response sent by the intelligent card, generates a first process key according to the pseudo random number and the off-line transaction serial number in the initialized consumption response, encrypts the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code, and sends a consumption command containing the terminal transaction serial number, the transaction time and the first message authentication code to the intelligent card;
step S4, the terminal equipment receives the consumption command response sent by the intelligent card, judges whether the second message authentication code in the consumption command response is valid, if yes, the off-line transaction is successful, and generates a transaction record; otherwise, the off-line transaction fails, and a transaction record is generated;
the special blacklist is used for storing application serial numbers of which the loss report time is in a preset time period in the complete blacklist; the duration of the preset time period is the preset value.
2. The method of claim 1, wherein when the terminal device determines that the time difference between the current consumption time and the last online transaction time is greater than a predetermined value, further comprising: the terminal device determines whether the application serial number is in a complete blacklist stored in the terminal device, if so, error processing is performed, otherwise, step S3 is executed.
3. The method of claim 1, wherein the method further comprises: the terminal equipment acquires and stores a special blacklist from a management system regularly or acquires and stores the special blacklist and a complete blacklist from the management system regularly.
4. The method of claim 1, wherein the method further comprises: and when the terminal equipment has the online condition, downloading the special blacklist and the complete blacklist from the management system or downloading the special blacklist from the management system.
5. The method of claim 1, wherein said step S2 is replaced with: the terminal equipment sends an initialization consumption command to the smart card;
after the step S3, before S4, the method further includes: the intelligent card judges whether the time difference between the consumption time in the consumption command and the last online transaction time is greater than a preset time period, if so, error processing is carried out, and the operation is finished; otherwise, returning a consumption command response to the terminal device, and executing step S4.
6. The method of claim 1, wherein the last online transaction time is specifically a last online transaction time of the smart card.
7. The method of claim 1, wherein the error handling specifically comprises: the terminal equipment reports the error display or reports the error and generates a prompt tone.
8. The method of claim 1, wherein the step S1 is preceded by: the terminal equipment sends an application selection request containing an application identifier to the smart card; and waiting for receiving card issuer specific data returned by the intelligent card, wherein the card issuer specific data comprises an application serial number of the intelligent card.
9. The method of claim 8, wherein the issuer-specific data specifically includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
10. The method of claim 9, wherein the step S1 is preceded by:
step 101, the terminal equipment judges whether the card issuer identifier in the card issuer specific data is supported or not; if yes, executing step 102, otherwise, performing error processing;
102, the terminal equipment judges whether the application on the intelligent card is supported or not according to the application type identification in the card issuer special data, if so, the step 103 is executed, otherwise, error processing is carried out;
103, the terminal equipment judges whether the application version represented by the application version number in the card issuer dedicated data is supported, if so, step 104 is executed, otherwise, error processing is performed;
and step 104, the terminal equipment judges whether the application validity date in the card issuer proprietary data is in the validity period, if so, step 1 is executed, otherwise, error processing is performed.
11. The method according to claim 1, wherein the step S3 is specifically: the terminal equipment receives an initialized consumption response sent by the intelligent card, generates a first process key according to a pseudo-random number and an offline transaction serial number in the initialized consumption response, sequentially splices the transaction amount, the transaction type identifier, the terminal machine number and the transaction time, encrypts spliced data by using the first process key to obtain encrypted data, and takes the first four bytes of the encrypted data as a first message authentication code.
12. The method according to claim 1, wherein the step S4 specifically includes:
step 201, the terminal device receives a consumption command response sent by an intelligent card, acquires a second message authentication code from the consumption command response, and encrypts a transaction amount by using the first process key to generate a third message authentication code;
step 202, the terminal equipment judges whether the third message authentication code is consistent with the second message authentication code, if so, the off-line transaction is successful, and a transaction record is generated; otherwise, the off-line transaction fails, and a transaction record is generated.
13. An apparatus for managing aging of an offline transaction, comprising:
an acquisition module: the system is used for acquiring an application serial number of the smart card and acquiring last online transaction time from the smart card;
the storage module is used for storing the special blacklist;
the first judging module is used for judging whether the application serial number is listed in a special blacklist stored in the storage module or not when the acquisition module acquires the application serial number of the smart card;
the second judging module is used for judging whether the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value or not when the first judging module judges that the application serial number is not in the special blacklist;
the error processing module is used for carrying out error processing when the first judging module judges that the application serial number is in the special blacklist; the second judging module is used for judging whether the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value or not;
the sending module is used for sending an initial consumption command to the smart card when the second judging module judges that the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is not greater than a preset value; the intelligent card is also used for sending a consumption command containing a terminal transaction serial number, the current transaction time and the first message authentication code generated by the first message authentication code generation module to the intelligent card;
the receiving module is used for receiving an initial consumption command response sent by the intelligent card; the intelligent card is also used for receiving a consumption command response sent by the intelligent card;
the first message authentication code generation module is used for generating a first process key according to the pseudo-random number and the offline transaction serial number in the initialization consumption response when the receiving module receives the initialization consumption response, and encrypting the transaction amount, the transaction type identifier, the terminal machine number and the transaction time by using the first process key to generate a first message authentication code;
the third judging module is used for judging whether the second message authentication code in the consumption command response is valid or not when the receiving module receives the consumption command response;
the transaction record generating module is used for generating a transaction record when the third judging module judges that the second message authentication code in the consumption command response is valid and the off-line transaction is successful; the third judging module is also used for generating a transaction record when the off-line transaction fails when the second message authentication code in the consumption command response is judged to be invalid by the third judging module;
the special blacklist stored by the storage module is used for storing an application serial number of which the complete blacklist loss reporting time is in a preset time period; the duration of the preset time period is the preset value.
14. The apparatus of claim 13,
the storage module is also used for storing a complete blacklist;
the device further comprises: a fourth judging module, configured to, when the first judging module judges that the application serial number is not in the list of the dedicated blacklist, judge whether the application serial number is in the list of the complete blacklist stored in the storage module;
the second judging module is configured to, when the fourth judging module judges that the application serial number is not in the complete blacklist stored in the storage module, judge whether a time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value;
the error processing module is configured to perform error processing when the fourth determining module determines that the application serial number is in the complete blacklist stored in the storage module.
15. The apparatus of claim 13, further comprising: and the downloading module is used for regularly acquiring the special blacklist from the management system and storing the special blacklist in the storage module, or is used for regularly acquiring the special blacklist and the complete blacklist from the management system and storing the special blacklist and the complete blacklist in the storage module.
16. The apparatus of claim 13, further comprising: the download module is used for acquiring and storing a special blacklist from a management system when the device has an online condition; or for obtaining and saving a proprietary blacklist and a full blacklist from the management system when the device has an online condition.
17. The apparatus of claim 13, wherein when the apparatus does not include a second determination module, the sending module is specifically configured to send an initiate consume command to the smart card when the first determination module determines that the application serial number is not listed in the proprietary blacklist; the intelligent card is also used for sending a consumption command containing a terminal transaction serial number, the current transaction time and the first message authentication code generated by the first message authentication code generation module to the intelligent card;
when the smart card receives the consumption command sent by the device, judging whether the time difference between the consumption time in the consumption command and the last online transaction time is greater than a preset time period, if so, performing error processing, and ending; otherwise, returning a consumption command response to the device.
18. The apparatus according to claim 13, wherein the last online transaction time obtained by the obtaining module is specifically the last online transaction time of the smart card.
19. The apparatus of claim 13, wherein the error handling module is configured to display an error or report an error and generate an alert tone when the first determining module determines that the application serial number is listed in the proprietary blacklist; and the second judging module is also used for displaying an error or reporting an error and generating a prompt tone when the second judging module judges that the time difference between the current consumption time and the last online transaction time acquired by the acquiring module is greater than a preset value.
20. The apparatus of claim 13, wherein the sending module is further configured to send an application-on-demand request including an application identifier to the smart card;
the receiving module is further configured to receive issuer-specific data sent by the smart card, where the issuer-specific data includes an application serial number of the smart card;
the acquisition module: the method is specifically used for obtaining the application serial number of the smart card from the issuer-specific data received by the receiving module.
21. The apparatus of claim 20, wherein the issuer-specific data received by the receiving module specifically includes: an issuer identifier, an application type identification, an issuer application version number, an application serial number, an application launch date, an application expiration date, and issuer customization data.
22. The apparatus of claim 21, further comprising:
a fifth judging module, configured to judge whether the card issuer identifier in the card issuer-specific data received by the receiving module is supported;
a sixth determining module, configured to determine whether to support the application type identifier in the issuer-specific data received by the receiving module and determine whether to support an application on a smart card when the fifth determining module determines to support the issuer identifier in the issuer-specific data received by the receiving module;
a seventh judging module, configured to, when the sixth judging module judges, according to the application type identifier in the card issuer-specific data received by the receiving module, that an application on a smart card is supported, judge whether an application version represented by the application version number in the card issuer-specific data received by the receiving module is supported;
an eighth determining module, configured to determine, when the seventh determining module determines that the application version represented by the application version number in the card-issuer-specific data received by the receiving module is supported, whether the application version is within a validity period according to the application validity date in the card-issuer-specific data received by the receiving module;
the obtaining module is specifically configured to obtain an application serial number from the card issuer-specific data received by the receiving module when the eighth determining module determines that the application validity period in the card issuer-specific data received by the receiving module is within a validity date;
the error processing module is configured to perform error processing when the fifth determining module determines that the issuer identifier in the issuer-specific data received by the receiving module is not supported; the sixth judging module is further configured to perform error processing when the sixth judging module determines that the application on the smart card is not supported according to the application type identifier in the issuer-specific data received by the receiving module; the seventh judging module is further configured to perform error processing when the seventh judging module determines that the application version represented by the application version number in the data received by the receiving module is not supported; and the eighth judging module is further configured to perform error processing when the application validity period in the issuer application data received by the receiving module is not within the validity period.
23. The apparatus according to claim 13, wherein the first packet authentication module is specifically configured to, when the receiving module receives an initialization consumption response sent by the smart card, generate a first process key according to a pseudo-random number and an offline transaction serial number in the initialization consumption response, sequentially concatenate a transaction amount, a transaction type identifier, a terminal number, and a transaction time, encrypt the concatenated data using the first process key to obtain encrypted data, and use first four bytes of the encrypted data as the first packet authentication code.
24. The apparatus according to claim 13, wherein the third determining module specifically includes:
the message authentication code generation submodule is used for acquiring a second message authentication code from the consumption command response when the receiving module receives the consumption command response, and encrypting the transaction amount by using the first process key to generate a third message authentication code;
the judging submodule is used for judging whether the second message authentication code in the consumption command response is consistent with the third message authentication code generated by the message authentication code generating submodule;
the transaction record generating module is used for generating a transaction record after the offline transaction is successful when the judging submodule judges that the second message authentication code in the consumption command response is consistent with the third message authentication code generated by the message authentication code generating submodule; and the judging submodule is also used for failing the off-line transaction and generating a transaction record when the judging submodule judges that the second message authentication code in the consumption command response is not consistent with the third message authentication code generated by the message authentication code generating submodule.
CN201710830874.3A 2017-09-15 2017-09-15 Offline transaction aging management method and device Active CN107730253B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710830874.3A CN107730253B (en) 2017-09-15 2017-09-15 Offline transaction aging management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710830874.3A CN107730253B (en) 2017-09-15 2017-09-15 Offline transaction aging management method and device

Publications (2)

Publication Number Publication Date
CN107730253A CN107730253A (en) 2018-02-23
CN107730253B true CN107730253B (en) 2020-08-07

Family

ID=61206350

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710830874.3A Active CN107730253B (en) 2017-09-15 2017-09-15 Offline transaction aging management method and device

Country Status (1)

Country Link
CN (1) CN107730253B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110020864A (en) * 2018-12-20 2019-07-16 阿里巴巴集团控股有限公司 Recognition methods, device and the equipment traded extremely under weak net environment
CN112241881A (en) * 2019-07-17 2021-01-19 天地融科技股份有限公司 Off-line transaction method and system based on electronic cash
CN112241879A (en) * 2019-07-17 2021-01-19 天地融科技股份有限公司 Off-line transaction method and system based on electronic cash
CN113837735B (en) * 2021-08-20 2023-11-07 中国人民银行数字货币研究所 Transaction method and device for digital currency chip card

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110066512A1 (en) * 2009-04-21 2011-03-17 Kanngard Lars O Applications of Stored Value Card
CN102073958A (en) * 2009-11-25 2011-05-25 天津中兴软件有限责任公司 System and method for implementing mobile payment
US8407082B2 (en) * 2007-01-30 2013-03-26 Visa U.S.A. Inc. Aggregation of validated transactions for settlement
CN103823761A (en) * 2014-03-09 2014-05-28 林虎 Method for increasing blacklist terminal capacity and retrieval speed
CN104978659A (en) * 2015-07-02 2015-10-14 兰州兰大小精灵新技术有限责任公司 Mobile phone consumption terminal
CN106339874A (en) * 2016-08-11 2017-01-18 飞天诚信科技股份有限公司 Online transaction method, visual financial IC card, client and server
CN106355404A (en) * 2016-08-26 2017-01-25 武汉天喻信息产业股份有限公司 Debit credit transaction system with security loophole protection mechanism and method thereof
CN106412797A (en) * 2015-07-31 2017-02-15 中国移动通信集团公司 Service processing method and apparatus based on near field communication (NFC)

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407082B2 (en) * 2007-01-30 2013-03-26 Visa U.S.A. Inc. Aggregation of validated transactions for settlement
US20110066512A1 (en) * 2009-04-21 2011-03-17 Kanngard Lars O Applications of Stored Value Card
CN102073958A (en) * 2009-11-25 2011-05-25 天津中兴软件有限责任公司 System and method for implementing mobile payment
CN103823761A (en) * 2014-03-09 2014-05-28 林虎 Method for increasing blacklist terminal capacity and retrieval speed
CN104978659A (en) * 2015-07-02 2015-10-14 兰州兰大小精灵新技术有限责任公司 Mobile phone consumption terminal
CN106412797A (en) * 2015-07-31 2017-02-15 中国移动通信集团公司 Service processing method and apparatus based on near field communication (NFC)
CN106339874A (en) * 2016-08-11 2017-01-18 飞天诚信科技股份有限公司 Online transaction method, visual financial IC card, client and server
CN106355404A (en) * 2016-08-26 2017-01-25 武汉天喻信息产业股份有限公司 Debit credit transaction system with security loophole protection mechanism and method thereof

Also Published As

Publication number Publication date
CN107730253A (en) 2018-02-23

Similar Documents

Publication Publication Date Title
CN107730253B (en) Offline transaction aging management method and device
US20220044237A1 (en) Systems and methods for initialization and activation of secure elements
US9332060B2 (en) Methods, secure element, server, computer programs and computer program products for improved application management
JP4251667B2 (en) Integrated circuit card with application history list
WO2020215909A1 (en) Method, client device and pos terminal for offline transaction
US9734091B2 (en) Remote load and update card emulation support
CN111488166B (en) Method and device for upgrading software of management unit of double-core intelligent ammeter and storage medium
CN105099688A (en) Operation method for electronic account, display method and apparatus for payment page
CN104520870A (en) Method and system for updating firmware of security module
CN108196863A (en) A kind of upgrade method of firmware, device, terminal and storage medium
US10397200B2 (en) Card-based dynamic password generation method and device
CN103684782A (en) Method for activating token equipment in token authentication system
CN104038924A (en) Method and system for achieving resource exchange information processing
US20170286873A1 (en) Electronic ticket management
TW201721417A (en) Method and apparatus for upgrading transaction terminal
CN111325586B (en) Bill generation method, device, server and medium based on block chain network
US10956620B2 (en) Method of managing a secure element
US11640597B2 (en) Method of managing an emergency mode transaction procedure, and an associated device
KR100901297B1 (en) System for Virtual Mechant Network Application
EP2985724B1 (en) Remote load and update card emulation support
CN112307443B (en) Product activation method, device, system, storage medium and computing equipment
CN113536279B (en) User authority management method and device, electronic equipment and storage medium
CN105468408A (en) Method for downloading cryptographic algorithm by intelligent card
CN113934738A (en) Data verification method and device
CN115879933A (en) Authorization method, authorization device, computer equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant