CN114186994A - Method, terminal and system for using digital currency wallet application - Google Patents

Method, terminal and system for using digital currency wallet application Download PDF

Info

Publication number
CN114186994A
CN114186994A CN202111177783.7A CN202111177783A CN114186994A CN 114186994 A CN114186994 A CN 114186994A CN 202111177783 A CN202111177783 A CN 202111177783A CN 114186994 A CN114186994 A CN 114186994A
Authority
CN
China
Prior art keywords
terminal
authentication data
wallet application
data
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111177783.7A
Other languages
Chinese (zh)
Inventor
穆长春
狄刚
赵新宇
张红学
崔沛东
邹晶丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Digital Currency Institute of the Peoples Bank of China
Original Assignee
Digital Currency Institute of the Peoples Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Currency Institute of the Peoples Bank of China filed Critical Digital Currency Institute of the Peoples Bank of China
Priority to CN202111177783.7A priority Critical patent/CN114186994A/en
Publication of CN114186994A publication Critical patent/CN114186994A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention discloses a using method, a terminal and a system of digital currency wallet application, and relates to the technical field of digital currency. One embodiment of the method comprises: the method comprises the steps that the method is applied to a first terminal, and a data generation request is sent to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application; receiving target authentication data returned by the management platform according to the data generation request, wherein the target authentication data is generated according to the public key and the identification information; responding to a transaction request of the second terminal, sending the target authentication data to the second terminal, so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms; in case the authentication is passed, a transaction is made with the second terminal in accordance with the digital currency in the wallet application. The implementation method expands the use scene of the digital currency wallet application, improves the credibility of the wallet application cross-mechanism transaction, and improves the safety of the digital currency transaction.

Description

Method, terminal and system for using digital currency wallet application
Technical Field
The invention relates to the technical field of digital currency, in particular to a using method, a terminal and a system of digital currency wallet application.
Background
Management of wallet applications has a significant impact on secure transactions of digital currency.
Currently, wallet applications of digital currency are managed separately by their respective operators.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
because each operating organization provides management service of wallet application through respective system, the wallet applications provided by different operating organizations cannot mutually verify the legality of the application under the condition of cross-organization transaction, thereby limiting the use scene of hardware wallets and reducing the security of digital currency transaction.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, a terminal, and a system for using a digital money wallet application, where authentication data of the digital money wallet application can be generated through a trusted service management platform, and a management platform corresponding to the digital money wallet application can return target authentication data to a first terminal where the wallet application is located according to the authentication data, and further write the target authentication data into the wallet application through the first terminal. When cross-organization transaction is carried out, namely, when the transaction is carried out between terminals corresponding to different management platforms, the terminal of the transaction can use the preset public key to check the authentication data in the wallet application, so that the legality of the wallet application is verified, the credibility of the cross-organization transaction of the digital currency wallet application is improved, the use scene of the digital currency wallet application is expanded, and the safety of the digital currency transaction is further improved.
Furthermore, the generation parameters of the authentication data comprise identification information and public key information of the wallet application, so that the uniqueness and the non-reusability of the generated authentication data can be ensured. Meanwhile, the number of digital currency purses issued by each operator can be counted through the number of the generation requests of the authentication data, so that unified management is realized.
To achieve the above object, according to a first aspect of embodiments of the present invention, there is provided a method of using a digital money wallet application applied to a first terminal, including:
sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application;
receiving target authentication data returned by the management platform according to the data generation request, wherein the target authentication data is generated according to the public key and the identification information;
responding to a transaction request of a second terminal, and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms;
and in case of passing the verification, performing a transaction with the second terminal according to the digital currency in the wallet application.
Optionally, after the receiving the target authentication data returned by the management platform according to the data generation request, the method further includes:
writing the target authentication data into the wallet application.
Optionally, the target authentication data includes: authentication data provided by the trusted platform, and any one or both of: generating an authentication certificate of the management platform or data corresponding to the authentication certificate through the public key; the authentication data is obtained by signing the public key of the wallet application and the identification information through the private key of the trusted platform.
To achieve the above object, according to a second aspect of embodiments of the present invention, there is provided a method of using a digital money wallet application applied to a second terminal, including:
sending a transaction request to the first terminal in response to a user trigger;
receiving target authentication data sent by the first terminal according to the transaction request, wherein the target authentication data is generated according to a public key and identification information of wallet application in the first terminal;
verifying the target authentication data;
and in case of passing the verification, performing a transaction with the first terminal according to the digital currency in the wallet application of the first terminal.
Optionally, the verifying the target authentication data includes:
analyzing an authentication certificate of a management platform of the first terminal and authentication data provided by a trusted platform from the target authentication data;
verifying the authentication certificate through a public key of the management platform;
verifying the authentication data through a public key of the trusted platform;
and determining that the target authentication data passes the verification under the condition that the authentication certificate and the authentication data pass the verification.
Optionally, the public key of the management platform corresponding to the first terminal and/or the public key of the trusted platform are written into the wallet application of the second terminal in advance.
Optionally, in a case where it is determined that the authentication certificate and the authentication data are not included in the target authentication data, it is determined that the target authentication data is not verified.
According to a third aspect of the embodiments of the present invention, there is provided a first terminal, including: the system comprises a request sending module, a first receiving module, a data sending module and a first transaction module; wherein the content of the first and second substances,
the request sending module is used for sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application;
the first receiving module is configured to receive target authentication data returned by the management platform according to the data generation request, where the target authentication data is generated according to the public key and the identification information;
the data sending module is used for responding to a transaction request of a second terminal and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms;
and the first transaction module is used for performing transaction with the second terminal according to the digital currency in the wallet application under the condition of passing the verification.
According to a fourth aspect of the embodiments of the present invention, there is provided a second terminal, including: the transaction request sending module, the second receiving module, the verification module and the second transaction module; wherein the content of the first and second substances,
the transaction request sending module is used for responding to user trigger and sending a transaction request to the first terminal;
the second receiving module is used for receiving target authentication data sent by the first terminal according to the transaction request, wherein the target authentication data is generated according to a public key and identification information of wallet application in the first terminal;
the verification module is used for verifying the target authentication data;
and the second transaction module is used for performing transaction with the first terminal according to the digital currency in the wallet application of the first terminal under the condition of passing the verification.
According to a fifth aspect of an embodiment of the present invention, there is provided a management system of a digital money wallet application, including: the first terminal provided in the third aspect, the second terminal provided in the fourth aspect, the management platform of the first terminal, and the trusted platform; wherein the content of the first and second substances,
the management platform is used for receiving a data generation request sent by the first terminal and forwarding the data generation request to the trusted platform; the data generation request includes: a public key and identification information of a wallet application in the first terminal; after receiving authentication data sent by the trusted platform, generating target authentication data according to the authentication data and data corresponding to the authentication certificate of the target authentication data, and sending the target authentication data to the first terminal;
and the trusted platform is used for generating authentication data according to the data generation request and sending the authentication data to the management platform.
Optionally, the management platform is configured to use data corresponding to an authentication certificate of the management platform and the authentication data as input parameters of the target authentication data to generate the target authentication data.
Optionally, the trusted platform is configured to sign the public key and the identification information of the wallet application in the first terminal by using a private key of the trusted platform, so as to generate the authentication data.
Optionally, the trusted platform is configured to determine, according to the number of the received data generation requests, the number of wallet applications corresponding to the management platform, and manage generation of the target authentication data according to the number of wallet applications.
According to a sixth aspect of the embodiments of the present invention, there is provided an electronic apparatus including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method as in any one of the methods of use of a digital money wallet application as provided in the first or second aspects above.
According to a seventh aspect of embodiments of the present invention there is provided a computer readable medium having stored thereon a computer program which when executed by a processor implements a method of using a digital money wallet application as defined in any one of the first or second aspects above.
One embodiment of the above invention has the following advantages or benefits: the authentication data of the digital money wallet application can be generated through the trusted service management platform, the management platform corresponding to the digital money wallet application can return target authentication data to the first terminal where the wallet application is located according to the authentication data, and then the target authentication data is written into the wallet application through the first terminal. When cross-organization transaction is carried out, namely, when the transaction is carried out between terminals corresponding to different management platforms, the terminal of the transaction can use the preset public key to check the authentication data in the wallet application, so that the legality of the wallet application is verified, the credibility of the cross-organization transaction of the digital currency wallet application is improved, the use scene of the digital currency wallet application is expanded, and the safety of the digital currency transaction is further improved.
Furthermore, the generation parameters of the authentication data comprise identification information and public key information of the wallet application, so that the uniqueness and the non-reusability of the generated authentication data can be ensured. Meanwhile, the number of digital currency purses issued by each operator can be counted through the number of the generation requests of the authentication data, so that unified management is realized.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a flow chart illustrating a method for using a digital money wallet application applied to a first terminal according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method of using a digital money wallet application applied to a second terminal according to an embodiment of the present invention;
FIG. 3 is a flow diagram of target authentication data generation provided by one embodiment of the present invention;
FIG. 4 is a flow diagram of another target authentication data generation provided by one embodiment of the present invention;
FIG. 5 is a flow diagram of target authentication data verification provided by one embodiment of the present invention;
fig. 6 is a schematic structural diagram of a first terminal corresponding to a digital money wallet application according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second terminal corresponding to a digital money wallet application according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a management system of a digital money wallet application according to an embodiment of the present invention;
FIG. 9 is a flow diagram illustrating another method of using a digital money wallet application according to one embodiment of the invention;
FIG. 10 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 11 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
It should be noted that the embodiments of the present invention and the technical features of the embodiments may be combined with each other without conflict.
As shown in fig. 1, an embodiment of the present invention provides a method for using a digital money wallet application applied to a first terminal, which may include the following steps S101 to S104:
step S101: and sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application.
Step S102: and receiving target authentication data returned by the management platform according to the data generation request, wherein the target authentication data is generated according to the public key and the identification information.
Step S103: responding to a transaction request of a second terminal, and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms.
Step S104: and in case of passing the verification, performing a transaction with the second terminal according to the digital currency in the wallet application.
The digital money wallet in the embodiment of the invention is arranged in the security chip, namely the digital money wallet is a hardware wallet, and the security chip can be an SE, IC or SIM chip. The digital currency hardware wallet may be configured with the card writing device via corresponding instructions prior to use of the digital currency wallet. For example, the card writing device authorizes the security chip through the Apdu instruction, applies for an application for the hardware wallet, loads the application, authorizes the application, and writes personalized data.
One application scenario of the present invention may be a scenario in which the wallet application of the first terminal a and the wallet application of the second terminal B perform a digital money transaction. Here, the second terminal B may correspond to the same management platform as the first terminal a, or may correspond to a different management platform from the first terminal a. For example, the wallet application of the first terminal corresponding to the bank 1 and the wallet application of the second terminal corresponding to the bank 1 perform transaction; or the wallet application of the first terminal corresponding to the bank 1 and the wallet application of the second terminal corresponding to the bank 2 perform transaction.
In one embodiment of the present invention, it is exemplified that the first terminal and the second terminal correspond to different management platforms. For example, the wallet application a of the first terminal a is issued by the bank 1, and the wallet application B of the second terminal B is issued by the bank 2. In one payment process, the first terminal a needs to pay a certain amount of digital money in the wallet application a to the wallet application B of the second terminal B. Before conducting the transaction, the second terminal B must verify the target authentication data in the wallet application a of the first terminal a to ensure the validity and security of the wallet application a of the first terminal a. Wherein the target authentication data is generated from the public key of the wallet application a of the first terminal a and the identification information. The generation process is that the first terminal A sends a data generation request to a management platform corresponding to the wallet application a, and the management platform returns target authentication data to the first terminal A according to the data generation request, wherein the target authentication data is generated according to a public key of the wallet application of the first terminal A and identification information corresponding to the first terminal A. After receiving the transaction request of the second terminal B, the first terminal a transmits the target authentication data to the second terminal B for verification, and in case the verification passes, the first terminal a pays the corresponding amount of digital money in the wallet application a to the wallet application B of the second terminal B, thereby completing the payment process.
It can be understood that when the transaction is performed between terminals of different management platforms, the target authentication data can be used for verification, so that the reliability of the cross-platform transaction of the digital currency wallet application can be improved, the use scene of the wallet application is expanded, and the transaction safety of the wallet application is improved.
The public key of the wallet application is a public key in a group of public and private key pairs generated by the wallet application when the wallet application is applied. The private key of the wallet application is stored in a corresponding security chip of the wallet application to ensure the security of the wallet application. And the public key and the corresponding identification information are used as a data generation request of the wallet application and are sent to a management platform corresponding to the wallet application. And the identification information may be an identification of the wallet application, an identification of the corresponding security chip of the first terminal, and an identification of the corresponding management platform.
During a digital money transaction, the security requirements for the digital money wallet application are high, and therefore before the digital money wallet application is enabled, i.e. when the digital money wallet application is open, the wallet application needs to be applied for target authentication data. The target authentication data obtained by the application can be written into a security chip of the first terminal, and can also be written into a wallet application of the first terminal. In order to receive target authentication data of a counterpart quickly and conveniently to complete a transaction in a digital currency transaction process by a wallet application of a different terminal, in an embodiment of the present invention, after receiving the target authentication data returned by the management platform according to the data generation request, the following method may be further included: writing the target authentication data into the wallet application.
It will be appreciated that to ensure the security of wallet application transactions for different management platforms, multiple encrypted data may be used to generate target authentication data, thereby enabling the transaction process to use multiple verifications to ensure the security of the transaction. Thus, in one embodiment of the invention, the target authentication data comprises: authentication data provided by the trusted platform, and any one or both of: generating an authentication certificate of the management platform or data corresponding to the authentication certificate through the public key; the authentication data is obtained by signing the public key of the wallet application and the identification information through the private key of the trusted platform.
The Certificate of the management platform, that is, the management platform applies for the issued Certificate to its CA (Certificate Authority) system according to the public key of the wallet application. For example, in a wallet application issued by bank 1, the authentication certificate is issued by the CA system of bank 1; in the wallet application issued by the bank 2, the authentication certificate is issued by the CA system of the bank 2.
And the data corresponding to the authentication certificate, namely the data corresponding to the authentication certificate is generated by the CA system of the management platform.
The authentication data provided by the trusted platform is generated in the same way for wallet applications of different management platforms. For example, the trusted platform may be a trusted service management platform, and the private key and the algorithm used for generating the authentication data for the wallet application issued by different banks (bank 1, bank 2, bank 3, bank 4, etc.) are the same, wherein the signature private key of the authentication data is the private key held by the trusted service management platform, and the signature algorithm is a uniform algorithm. However, the signature parameters used when the authentication data is generated are different, and the signature parameters are the public key of the wallet application and the corresponding identification information thereof, in other words, the generated authentication data contains the public key of the wallet application and the signature information of the identification information, so that the uniqueness and the irreversibility of the authentication data are ensured. For example, when generating authentication data for a hardware wallet application issued by the bank 1, the parameters used for signing are the public key of the wallet application of the bank 1, the identifier of the wallet application, the identifier of the security chip of the first terminal corresponding to the wallet application, and the identifier of the bank 1.
After the target authentication data is written to the wallet application of the first terminal, the wallet application is in a usable state, and the wallet application can be charged with digital money for transaction. After the first terminal receives the transaction request sent by the second terminal, the target authentication data is sent to the second terminal, so that the second terminal verifies the target authentication data, and the verification process may be as shown in fig. 2. If the verification passes, the transaction continues.
Fig. 2 is a diagram illustrating a method for using a digital money wallet application applied to a second terminal according to an embodiment of the present invention, where the method may include the following steps S201 to S204:
step S201: in response to a user trigger, sending a transaction request to the first terminal.
Step S202: and receiving target authentication data sent by the first terminal according to the transaction request, wherein the target authentication data is generated according to a public key and identification information of the wallet application in the first terminal.
Step S203: and verifying the target authentication data.
Step S204: and in case of passing the verification, performing a transaction with the first terminal according to the digital currency in the wallet application of the first terminal.
Taking a scenario that the wallet application a of the first terminal a pays a certain amount of digital money to the wallet application B of the second terminal B as an example, the second terminal B sends a transaction request to the first terminal a in response to a trigger of a user, receives target authentication data in the wallet application a sent by the first terminal a, verifies the target authentication data, and if the verification is passed, receives the digital money paid by the wallet application a of the first terminal a to complete the transaction.
In step S203, when verifying the target authentication data, a method provided by an embodiment of the present invention may be adopted, including: analyzing an authentication certificate corresponding to a management platform of the first terminal and authentication data provided by a trusted platform from the target authentication data; verifying the authentication certificate through a public key of the management platform; verifying the authentication data through a public key of the trusted platform; and determining that the target authentication data passes the verification under the condition that the authentication certificate and the authentication data pass the verification. And writing a public key of a management platform corresponding to the first terminal and/or a public key of the trusted platform into the wallet application of the second terminal in advance.
For example, the second terminal B corresponds to bank 2 with its wallet application B, and the first terminal a corresponds to bank 1 with its wallet application a. The wallet application b analyzes the authentication certificate of the wallet application a issued by the CA system of the bank 1 and the authentication data provided by the trusted service management platform from the received target authentication data in the wallet application a sent by the first terminal A; and then, verifying the authentication certificate of the wallet application a by the public key of the CA system of the bank 1, and verifying the authentication data by the public key of the trusted service management platform after the verification is passed, wherein the transaction can be continued after the verification of both the authentication certificate and the authentication data is passed. Wherein any verification fails, the transaction is terminated.
In order to speed and facilitate the verification process, when each wallet application is started, the public key of the management platform corresponding to one or more wallet applications and the public key of the trusted service management platform can be written into the wallet application in advance. For example, the second terminal B corresponds to the bank 2, and when the wallet application B is opened, the public key of the CA system of the bank 2 may be written into the wallet application B, and then the public keys of one or more different management platforms (e.g., the bank 1, the bank 2, the bank 3, the bank 4, and the like) supporting the digital currency wallet application are all written into the wallet application B, so that the authentication certificate issued by the other management platform corresponding to the wallet application is verified when a transaction is performed with the wallet application of the different management platform. And simultaneously writing the public key of the trusted service management platform into the wallet application b.
In the verification process, the wallet application b uses the public key of the CA system of the bank 1 and the public key of the trusted service management platform stored by the wallet application b to verify the authentication certificate issued by the CA system of the bank 1 and the authentication data provided by the trusted service management platform, which are sent by the wallet application a. The public key of the CA system of the bank 1 and the public key of the trusted service management platform are written into the wallet application B of the second terminal B when the wallet application B is opened.
After the authentication certificate and the authentication data are verified, before continuing the transaction, the wallet application a of the first terminal A can encrypt the transaction data by using a private key of the wallet application stored in the security chip, and send the encrypted transaction data to the second terminal B, and the wallet application B of the second terminal B decrypts the transaction data according to a public key of the wallet application in the verified authentication certificate, so as to determine the authenticity of the transaction data, and thus determine to collect the corresponding amount of digital currency paid by the wallet application a.
In an embodiment of the present invention, there may be a case where the authentication certificate and the authentication data cannot be parsed from target authentication data, or the target authentication data does not include the authentication certificate or the authentication data after parsing, and at this time, it may be determined that the target authentication data does not pass verification in a case where it is determined that the authentication certificate and the authentication data are not included in the target authentication data.
According to the method for using the digital money wallet application, the authentication data of the digital money wallet application can be generated through the trusted service management platform, the management platform corresponding to the digital money wallet application can return target authentication data to the first terminal where the wallet application is located according to the authentication data, and then the target authentication data is written into the wallet application through the first terminal. When cross-organization transaction is carried out, namely, when the transaction is carried out between terminals corresponding to different management platforms, the terminal of the transaction can use the preset public key to check the authentication data in the wallet application, so that the legality of the wallet application is verified, the credibility of the cross-organization transaction of the digital currency wallet application is improved, the use scene of the digital currency wallet application is expanded, and the safety of the digital currency transaction is further improved.
Furthermore, the generation parameters of the authentication data comprise identification information and public key information of the wallet application, so that the uniqueness and the non-reusability of the generated authentication data can be ensured. Meanwhile, the number of digital currency purses issued by each operator can be counted through the number of the generation requests of the authentication data, so that unified management is realized.
The following describes in detail the flow of generating target authentication data in the method for using a digital money wallet application according to the embodiments of the present invention, with reference to the above embodiments and the use of a hardware wallet application as an example. In one embodiment of the present invention, the generation flow of the target authentication data may have both fig. 3 and fig. 4.
The flow of fig. 3 is to use the authentication data of the trusted platform and the data used by the management platform to generate the authentication certificate as input parameters of the final target authentication data to generate the final target authentication data.
As shown in fig. 3, the present embodiment may include the following steps:
step S301: and the security chip is provided with hardware wallet application, generates a public and private key pair and calculates a certificate application file.
After the wallet application is installed, the public key of the CA system of the management platform and the public key of the trusted platform can be written into the wallet application for use in a subsequent verification process. Wherein the public key of the CA system of the management platform may be the public key of one or more different management platforms supporting the digital money wallet application.
In the generated public and private key pair of the wallet application, the private key of the wallet application is stored in the security chip, and the public key of the wallet application is forwarded to the trusted platform through the management platform of the wallet application.
The certificate application file, that is, the wallet application applies for application data of the authentication certificate to the CA system of the management platform, that is, data used by the management platform to generate the authentication certificate.
Step S302: the first terminal initiates an opening request of the hardware wallet application.
Wherein the issuance request indicates a data generation request for generating the target authentication data. The data generation request includes: a public key and identification information of the wallet application in the first terminal.
Step S303: the wallet management platform receives the opening request and applies for authentication data from the trusted platform.
And after receiving the opening request, the management platform sends the public key and the identification information of the wallet application to the trusted platform and applies for authentication data from the trusted platform.
Step S304: the trusted platform generates authentication data.
After receiving the public key and the identification information of the wallet application sent by the management platform, the trusted platform can use a private key of the trusted platform and a uniform signature algorithm to sign the public key and the identification information of the wallet application, and send signed data serving as authentication data to the management platform. The signature algorithm may be SM2 algorithm (elliptic curve public key cryptography algorithm).
Step S305: the wallet management platform applies for target authentication data for the wallet application to the CA system using the authentication data and the certificate application file.
The management platform applies for target authentication data of the wallet application to its CA system using the authentication data sent by the trusted platform and the certificate application file generated in step S301 as parameters. And sending the generated target authentication data to the first terminal. At this time, the target authentication data includes authentication data provided by the trusted platform. The target authentication data is in the form of a CA certificate.
Step S306: the first terminal receives the target authentication data with the authentication data, and writes the target authentication data into the hardware wallet application for subsequent transaction verification.
The flow of fig. 3 is to use the authentication data of the trusted platform and the data used by the management platform to generate the authentication certificate as the input parameters of the final target authentication data to generate the final target authentication data, where the final generated target authentication data may be in the form of a CA certificate. It can be understood that, although the authentication certificate of the management platform may be in the form of a CA certificate, and the finally generated target authentication data may also be in the form of a CA certificate, the data corresponding to the two CA certificates are different, where the CA certificate corresponding to the management platform does not include the authentication data sent by the trusted platform, and the CA certificate corresponding to the finally generated target authentication data is generated by combining the authentication data sent by the trusted platform and the data used by the management platform to generate the authentication certificate, that is, the CA certificate corresponding to the finally generated target authentication data is signed by the trusted platform and the management platform in a double-layer manner, so as to better ensure the security of the authentication data.
In addition to the above manner of generating the target authentication data, an embodiment of the present invention provides another target authentication data generation flow, as shown in fig. 4, in the target authentication data generation flow, an authentication certificate generated by a management platform CA system corresponding to a wallet application and authentication data provided by a trusted platform are respectively sent to the first terminal, that is, the management platform sends the authentication data and the authentication certificate to the first terminal as independent data.
The above process may include the following steps:
step S401: and the security chip is provided with hardware wallet application, generates a public and private key pair and calculates a certificate application file.
After the wallet application is installed, the public key of the CA system of the management platform and the public key of the trusted platform can be written into the wallet application for use in a subsequent verification process. Wherein the public key of the CA system of the management platform may be the public key of one or more management platforms supporting the digital money wallet application.
In the generated public and private key pair of the wallet application, the private key of the wallet application is stored in the security chip, the public key of the wallet application is forwarded to the trusted platform through the management platform of the wallet application, and the trusted platform can use the public key as one of the parameters for generating the authentication data.
The certificate application file is also the application data of the wallet application for applying the certification certificate to the CA system of the management platform.
Step S402: the first terminal initiates an opening request of the hardware wallet application.
Wherein the issuance request indicates a data generation request for generating the target authentication data. The data generation request includes: a public key and identification information of the wallet application in the first terminal.
Step S403: the wallet management platform receives the opening request, applies for authentication data from the trusted platform, and applies for an authentication certificate from the CA system.
Step S404: the trusted platform generates authentication data.
After receiving the public key and the identification information of the wallet application sent by the management platform, the trusted platform can use a private key of the trusted platform and a uniform signature algorithm to sign the public key and the identification information of the wallet application, and send signed data serving as authentication data to the management platform. Wherein the signature algorithm may be the SM2 algorithm.
Step S405: the CA system generates an authentication certificate.
The CA system of the management platform generates an authentication certificate of the wallet application according to the certificate application file of step S401, and the management platform sends the authentication certificate to the first terminal.
In the embodiment of the present invention, step S404 and step S405 are not consecutive, that is, step S404 may be executed first, and then step S405 may be executed; step S405 may be executed first, step S404 may be executed later, or step S404 and step S405 may be executed simultaneously.
Step S406: and the first terminal receives the authentication data and the authentication certificate, and writes the authentication data and the authentication certificate into the hardware wallet application for subsequent transaction verification.
And after the first terminal receives the authentication data provided by the trusted platform and transmitted by the management platform and the authentication certificate transmitted by the management platform, the authentication data and the authentication certificate are respectively written into the wallet application.
Through the generation process of the target authentication data in fig. 4, the management platform can send the authentication certificate of the management platform and the authentication data of the trusted platform to the first terminal, and the first terminal can write the authentication data of the trusted platform into the wallet application quickly and conveniently, so that the purpose of cross-platform verification of the authentication data is achieved, and the security of digital currency transaction is improved.
In addition, in the process of generating the authentication data, the trusted platform can respectively determine the number of the digital currency purses issued by each management platform by counting the number of authentication data generation requests sent by different management platforms. The trusted platform can refuse to provide authentication data for the wallet application with the excessive number when determining that the total number of the digital money wallets issued by one management platform exceeds the specified number, so that the number of the digital money wallets issued by each management platform is managed, and the purpose of unified management is achieved. For example, the trusted service management platform counts the number of purses issued by the bank 1 according to the number of received authentication data generation requests sent by the bank 1, and after the total number of purses reaches a specified number, the trusted service management platform does not process the authentication data generation requests received subsequently and feeds back information which is not processed, so as to limit the total number of the purses issued by the bank and achieve the purpose of unified management.
Fig. 5 is a flowchart of the verification of the target authentication data according to an embodiment of the present invention, which includes the following steps:
step S501: the payee wallet application initiates a collect request.
Step S502: the payer wallet application receives the payment request and returns target authentication data including the wallet application's authentication credentials and authentication data.
Wherein the authentication certificate of the wallet application is issued by a CA system of a management platform corresponding to the wallet application of the payer. The authentication data is provided by the trusted platform.
Step S503: the payee wallet application receives the target authentication data.
After the target authentication data is received by the payee wallet application, the authentication certificate and the authentication data of the wallet application are analyzed from the target authentication data.
Step S504: and judging whether the authentication certificate of the wallet application passes verification.
And the payee wallet application verifies the authentication certificate according to the public key of the management platform CA system corresponding to the payer, which is stored by the payee wallet application. If the verification passes, step S505 is continued. If not, the transaction flow is terminated.
Step S505: and judging whether the authentication data passes the verification.
And the payee wallet application verifies the authentication data according to the public key of the trusted platform stored by the payee wallet application. If the verification passes, step S506 is continued. If not, the transaction flow is terminated.
Step S506: the transaction flow continues.
And under the condition that the authentication certificate and the authentication data are verified, continuing the transaction process.
Step S507: the transaction flow is terminated.
And in the case that any one of the authentication certificate or the authentication data is not verified, terminating the transaction flow.
Of course, it will be understood that there may be situations where the target authentication data does not include the authentication certificate and the authentication data, and it may be determined that the target authentication data is not verified, thereby terminating the transaction flow.
As shown in fig. 6, an embodiment of the present invention provides a first terminal 600, including: a request sending module 601, a first receiving module 602, a data sending module 603 and a first transaction module 604; wherein the content of the first and second substances,
the request sending module 601 is configured to send a data generation request to a management platform corresponding to the wallet application, where the data generation request includes a public key and identification information of the wallet application;
the first receiving module 602 is configured to receive target authentication data returned by the management platform according to the data generation request, where the target authentication data is generated according to the public key and the identification information;
the data sending module 603 is configured to send the target authentication data to a second terminal in response to a transaction request of the second terminal, so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms;
the first transaction module 604 is configured to perform a transaction with the second terminal according to the digital currency in the wallet application if the authentication is passed.
In an embodiment of the present invention, the first receiving module 602, after the receiving target authentication data returned by the management platform according to the data generation request, further includes: writing the target authentication data into the wallet application.
In an embodiment of the present invention, the first receiving module 602, configured to determine that the received target authentication data includes: authentication data provided by the trusted platform, and any one or both of: generating an authentication certificate of the management platform or data corresponding to the authentication certificate through the public key; the authentication data is obtained by signing the public key of the wallet application and the identification information through the private key of the trusted platform.
As shown in fig. 7, an embodiment of the present invention provides a second terminal 700, including: a transaction request sending module 701, a second receiving module 702, a verification module 703 and a second transaction module 704; wherein the content of the first and second substances,
the transaction request sending module 701 is configured to send a transaction request to the first terminal in response to a user trigger;
the second receiving module 702 is configured to receive target authentication data sent by the first terminal according to the transaction request, where the target authentication data is generated according to a public key and identification information of a wallet application in the first terminal;
the verification module 703 is configured to verify the target authentication data;
the second transaction module 704 is configured to perform a transaction with the first terminal according to the digital currency in the wallet application of the first terminal if the authentication is passed.
In an embodiment of the present invention, the verification module 703 is configured to parse, from the target authentication data, an authentication certificate corresponding to a management platform of the first terminal and authentication data provided by a trusted platform; verifying the authentication certificate through a public key of the management platform; verifying the authentication data through a public key of the trusted platform; and determining that the target authentication data passes the verification under the condition that the authentication certificate and the authentication data pass the verification.
In an embodiment of the present invention, the verification module 703 is configured to determine that the public key of the management platform corresponding to the first terminal and/or the public key of the trusted platform are written into the wallet application of the second terminal in advance.
In an embodiment of the present invention, the verification module 703 is configured to determine that the target authentication data fails to be verified if it is determined that the authentication certificate and the authentication data are not included in the target authentication data.
As shown in fig. 8, an embodiment of the present invention provides a management system 800 for a digital money wallet application, including: the first terminal 600 provided in any of the above embodiments, the second terminal 700 provided in any of the above embodiments, the management platform 801 and the trusted platform 802 of the first terminal; wherein the content of the first and second substances,
the management platform 801 is configured to receive a data generation request sent by the first terminal, and forward the data generation request to the trusted platform; the data generation request includes: a public key and identification information of a wallet application in the first terminal; after receiving authentication data sent by the trusted platform, generating target authentication data according to the authentication data and data corresponding to the authentication certificate of the target authentication data, and sending the target authentication data to the first terminal;
the trusted platform 802 is configured to generate authentication data according to the data generation request, and send the authentication data to the management platform.
In an embodiment of the present invention, the management platform 801 is configured to use data corresponding to its own authentication certificate and the authentication data as input parameters of the target authentication data to generate the target authentication data.
In an embodiment of the present invention, the trusted platform 802 is configured to sign a public key and identification information of a wallet application in the first terminal by using its own private key, so as to generate the authentication data.
In an embodiment of the present invention, the trusted platform 802 is configured to determine, according to the number of the received data generation requests, the number of wallet applications corresponding to the management platform, and manage generation of the target authentication data according to the number of wallet applications.
The method for using the digital money wallet application provided by the embodiment of the present invention is further described below by taking a method for using a management system of the digital money wallet application as an example. As shown in fig. 9, the method mainly includes the following steps:
step S901: and the first terminal sends a data generation request to a corresponding management platform.
Wherein the data generation request comprises a public key of the wallet application of the first terminal and the identification information.
Step S902: the management platform forwards the data generation request to the trusted platform.
Step S903: the trusted platform generates authentication data and sends the authentication data to the management platform.
The trusted platform uses a private key of the trusted platform to sign the public key and the identification information of the wallet application sent by the management platform to generate authentication data, and sends the authentication data to the management platform.
Step S904: the management platform generates target authentication data and sends the target authentication data to the first terminal.
The target authentication data may be a CA certificate generated according to the authentication data of the trusted platform and the data used by the management platform to generate the authentication certificate, or may be target authentication data including two independent data, that is, the authentication data and the authentication certificate of the management platform.
Step S905: the first terminal writes the target authentication data into the wallet application.
Step S906: the second terminal sends a transaction request to the first terminal.
Step S907: in response to a transaction request by the second terminal, the first terminal sends target authentication data to the second terminal.
Step S908: the second terminal verifies whether the target authentication data passes, and if so, transmits a request for continuing the transaction.
The second terminal verifies whether the authentication certificate of the management platform in the target authentication data passes by using the public key of the management platform corresponding to the first terminal stored by the second terminal, if so, the second terminal continuously verifies whether the authentication data provided by the trusted platform passes by, and if so, the second terminal sends a request for continuous transaction to the first terminal.
Step S909: the first terminal sends the transaction data to the second terminal, and the second terminal conducts transaction with the first terminal according to the transaction data.
The first terminal can encrypt the transaction data by using a private key in the security chip and send the encrypted transaction data to the second terminal. The second terminal may decrypt the transaction data using the public key of the wallet application contained in the target authentication data and then conduct the transaction.
According to the management system of the digital money wallet application provided by the embodiment of the invention, the authentication data of the digital money wallet application can be generated through the trusted service management platform, the management platform corresponding to the digital money wallet application can return target authentication data to the first terminal where the wallet application is located according to the authentication data, and then the target authentication data is written into the wallet application through the first terminal. When cross-organization transaction is carried out, namely, when the transaction is carried out between terminals corresponding to different management platforms, the terminal of the transaction can use the preset public key to check the authentication data in the wallet application, so that the legality of the wallet application is verified, the credibility of the cross-organization transaction of the digital currency wallet application is improved, the use scene of the digital currency wallet application is expanded, and the safety of the digital currency transaction is further improved.
Furthermore, the generation parameters of the authentication data comprise identification information and public key information of the wallet application, so that the uniqueness and the non-reusability of the generated authentication data can be ensured. Meanwhile, the number of digital currency purses issued by each operator can be counted through the number of the generation requests of the authentication data, so that unified management is realized.
Fig. 10 shows an exemplary system architecture 1000 of a method of using a digital money wallet application or a device using a digital money wallet application to which an embodiment of the present invention can be applied.
As shown in fig. 10, the system architecture 1000 may include terminal devices 1001, 1002, 1003, a network 1004, and servers 1005, 1006. The network 904 is the medium used to provide communications links between the terminal devices 1001, 1002, 1003 and the servers 1005, 1006. Network 1004 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 1001, 1002, 1003 to interact with the server 1005 via the network 1004 to receive or transmit messages and the like, and the server 1005 and the server 1006 may also interact via the network 1004, for example, the server 1005 may forward a data generation request to the server 1006 via the network 1004.
The terminal devices 1001, 1002, 1003 may be various electronic devices having a display screen and supporting information browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 1005 may be a server that provides various services, such as a background management server that provides support for a data generation request made by a user using the terminal devices 1001, 1002, and 1003. Server 1006 may be a trusted management server that provides authentication data. The background management server can analyze and process the received data such as the data generation request and feed back the processing result to the terminal equipment.
It should be noted that the method for using the digital money wallet application provided by the embodiment of the present invention is generally executed by the terminals 1001, 1002, and 1003, and accordingly, the device for using the digital money wallet application is generally provided in the terminals 1001, 1002, and 1003. Accordingly, the management platform and trusted platform are generally disposed in servers 1005, 1006.
It should be understood that the number of terminal devices, networks, and servers in fig. 10 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 11, shown is a block diagram of a computer system 1100 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 11 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 11, the computer system 1100 includes a Central Processing Unit (CPU)1101, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. In the RAM 1103, various programs and data necessary for the operation of the system 1100 are also stored. The CPU 1101, ROM 1102, and RAM 1103 are connected to each other by a bus 1104. An input/output (I/O) interface 1105 is also connected to bus 1104.
The following components are connected to the I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The above-described functions defined in the system of the present invention are executed when the computer program is executed by a Central Processing Unit (CPU) 1101.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a sending module, a receiving module and a transaction module. The names of these modules do not in some cases constitute a limitation on the module itself, and for example, a sending module may also be described as a "module requesting sending".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application; receiving target authentication data returned by the management platform according to the data generation request, wherein the target authentication data is generated according to the public key and the identification information; responding to a transaction request of a second terminal, and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms; and in case of passing the verification, performing a transaction with the second terminal according to the digital currency in the wallet application.
According to the technical scheme of the embodiment of the invention, the authentication data of the digital money wallet application can be generated through the trusted service management platform, the management platform corresponding to the digital money wallet application can return the target authentication data to the first terminal where the wallet application is located according to the authentication data, and then the target authentication data is written into the wallet application through the first terminal. When cross-organization transaction is carried out, namely, when the transaction is carried out between terminals corresponding to different management platforms, the terminal of the transaction can use the preset public key to check the authentication data in the wallet application, so that the legality of the wallet application is verified, the credibility of the cross-organization transaction of the digital currency wallet application is improved, the use scene of the digital currency wallet application is expanded, and the safety of the digital currency transaction is further improved.
Furthermore, the generation parameters of the authentication data comprise identification information and public key information of the wallet application, so that the uniqueness and the non-reusability of the generated authentication data can be ensured. Meanwhile, the number of digital currency purses issued by each operator can be counted through the number of the generation requests of the authentication data, so that unified management is realized.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (15)

1. A method for using a digital currency wallet application, applied to a first terminal, comprises the following steps:
sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application;
receiving target authentication data returned by the management platform according to the data generation request, wherein the target authentication data is generated according to the public key and the identification information;
responding to a transaction request of a second terminal, and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms;
and in case of passing the verification, performing a transaction with the second terminal according to the digital currency in the wallet application.
2. The method according to claim 1, further comprising, after the receiving target authentication data returned by the management platform according to the data generation request:
writing the target authentication data into the wallet application.
3. The method of claim 1,
the target authentication data includes: authentication data provided by the trusted platform, and any one or both of: generating an authentication certificate of the management platform or data corresponding to the authentication certificate through the public key; the authentication data is obtained by signing the public key of the wallet application and the identification information through the private key of the trusted platform.
4. A method for using a digital money wallet application, applied to a second terminal, comprising:
sending a transaction request to the first terminal in response to a user trigger;
receiving target authentication data sent by the first terminal according to the transaction request, wherein the target authentication data is generated according to a public key and identification information of wallet application in the first terminal;
verifying the target authentication data;
and in case of passing the verification, performing a transaction with the first terminal according to the digital currency in the wallet application of the first terminal.
5. The method of claim 4, wherein the verifying the target authentication data comprises:
analyzing an authentication certificate of a management platform of the first terminal and authentication data provided by a trusted platform from the target authentication data;
verifying the authentication certificate through a public key of the management platform;
verifying the authentication data through a public key of the trusted platform;
and determining that the target authentication data passes the verification under the condition that the authentication certificate and the authentication data pass the verification.
6. The method of claim 5,
and the public key of the management platform corresponding to the first terminal and/or the public key of the trusted platform are/is written into the wallet application of the second terminal in advance.
7. The method of claim 5,
determining that the target authentication data is not verified if it is determined that the authentication certificate and the authentication data are not included in the target authentication data.
8. A first terminal, comprising: the system comprises a request sending module, a first receiving module, a data sending module and a first transaction module; wherein the content of the first and second substances,
the request sending module is used for sending a data generation request to a management platform corresponding to the wallet application, wherein the data generation request comprises a public key and identification information of the wallet application;
the first receiving module is configured to receive target authentication data returned by the management platform according to the data generation request, where the target authentication data is generated according to the public key and the identification information;
the data sending module is used for responding to a transaction request of a second terminal and sending the target authentication data to the second terminal so that the second terminal verifies the target authentication data; the second terminal and the first terminal correspond to different management platforms;
and the first transaction module is used for performing transaction with the second terminal according to the digital currency in the wallet application under the condition of passing the verification.
9. A second terminal, comprising: the transaction request sending module, the second receiving module, the verification module and the second transaction module; wherein the content of the first and second substances,
the transaction request sending module is used for responding to user trigger and sending a transaction request to the first terminal;
the second receiving module is used for receiving target authentication data sent by the first terminal according to the transaction request, wherein the target authentication data is generated according to a public key and identification information of wallet application in the first terminal;
the verification module is used for verifying the target authentication data;
and the second transaction module is used for performing transaction with the first terminal according to the digital currency in the wallet application of the first terminal under the condition of passing the verification.
10. A system for managing a digital money wallet application, comprising: the first terminal of claim 8, the second terminal of claim 9, a management platform and a trusted platform of the first terminal; wherein the content of the first and second substances,
the management platform is used for receiving a data generation request sent by the first terminal and forwarding the data generation request to the trusted platform; the data generation request includes: a public key and identification information of a wallet application in the first terminal; after receiving authentication data sent by the trusted platform, generating target authentication data according to the authentication data and data corresponding to the authentication certificate of the target authentication data, and sending the target authentication data to the first terminal;
and the trusted platform is used for generating authentication data according to the data generation request and sending the authentication data to the management platform.
11. The system of claim 10,
the management platform is used for taking data corresponding to the authentication certificate of the management platform and the authentication data as input parameters of the target authentication data so as to generate the target authentication data.
12. The system of claim 10,
the trusted platform is used for signing the public key and the identification information of the wallet application in the first terminal by using a private key of the trusted platform to generate the authentication data.
13. The system of claim 10,
the trusted platform is used for determining the number of wallet applications corresponding to the management platform according to the number of the received data generation requests, and managing the generation of the target authentication data according to the number of the wallet applications.
14. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3 or 4-7.
15. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-3 or 4-7.
CN202111177783.7A 2021-10-09 2021-10-09 Method, terminal and system for using digital currency wallet application Pending CN114186994A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111177783.7A CN114186994A (en) 2021-10-09 2021-10-09 Method, terminal and system for using digital currency wallet application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111177783.7A CN114186994A (en) 2021-10-09 2021-10-09 Method, terminal and system for using digital currency wallet application

Publications (1)

Publication Number Publication Date
CN114186994A true CN114186994A (en) 2022-03-15

Family

ID=80601085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111177783.7A Pending CN114186994A (en) 2021-10-09 2021-10-09 Method, terminal and system for using digital currency wallet application

Country Status (1)

Country Link
CN (1) CN114186994A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116151827A (en) * 2023-04-04 2023-05-23 北京银联金卡科技有限公司 Digital wallet safety frame and double off-line transaction method based on safety frame

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116151827A (en) * 2023-04-04 2023-05-23 北京银联金卡科技有限公司 Digital wallet safety frame and double off-line transaction method based on safety frame
CN116151827B (en) * 2023-04-04 2023-07-14 北京银联金卡科技有限公司 Digital wallet security system and double off-line transaction method based on security system

Similar Documents

Publication Publication Date Title
CN107493291A (en) A kind of identity identifying method and device based on safety element SE
CN111199037B (en) Login method, system and device
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN111784887A (en) Authorization releasing method, device and system for user access
EP4318355A1 (en) Methods and apparatuses for generating, verifying and storing transaction voucher, device, and system
CN108305071B (en) Method and device for inquiring digital currency detail information
CN110599140B (en) Digital currency verification method and system
CN114049122A (en) Service processing method and system
CN112308236A (en) Method, device, electronic equipment and storage medium for processing user request
EP3788535B1 (en) Techniques for performing secure operations
CN114462989A (en) Method, device and system for starting digital currency hardware wallet application
CN114186994A (en) Method, terminal and system for using digital currency wallet application
CN110751467B (en) Digital currency generation method and system
CN112053159A (en) Transaction data verification method and device, risk control server and business server
CN114037446A (en) Transaction method, transaction management method, device and system for digital currency
CN116975810A (en) Identity verification method, device, electronic equipment and computer readable storage medium
CN114462991A (en) Method and apparatus for conditional transactions based on digital currency
CN114584355A (en) Security authentication method, device and system for digital currency transaction
CN111127006A (en) Transaction processing method and system based on block chain
CN111415148A (en) Method and device for non-inductive payment, electronic equipment and storage medium
CN112767142A (en) Processing method, device, computing equipment and medium for transaction file
CN114785560B (en) Information processing method, device, equipment and medium
CN110634062B (en) Digital currency quota putting method and system
CN115222528A (en) Method, terminal and system for splitting digital currency in transaction process
CN115222391A (en) Method and terminal for verifying digital currency in transaction process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination