CN1307818C - Cryptographic system and method for electronic transactions - Google Patents

Abstract

An electronic transaction system, which facilitates secure electronic transactions among multiple parties including cardholders (20), merchants (70), and service providers (SP) (60). The system involves electronic cards, commonly known as smart cards, and their equivalent computer software package. The card mimics a real wallet and contains commonly seen financial or non-financial instruments such as a credit card, checkbook, or driver's license. A transaction is protected by a hybrid key cryptographic system and is normally carried out on a public network such as the Internet. Digital signatures and random numbers are used to ensure integrity and authenticity. The card utilizes secret keys such as session keys assigned by service providers (SPs) to ensure privacy for each transaction. The SP is solely responsible for validating each participant's sensitive information and assigning session keys. The only trust relationship needed in a transaction is the one that exists between individual participants and the SP.

Description

A kind of cryptographic system and method that is used for electronic transaction

Technical field

The present invention relates to be used for the cryptographic system and the method for secure electronic transaction, more particularly, relate to a kind of electronic cards, this electronic cards is taked the form of " smart card " and/or its equivalent software.

Background technology

Integrated circuit (IC) card is generally represented in common name " smart card ",, is embedded with the plastic sheet of the credit card-sized of microchip that is.IC chip on the smart card is common, but not necessarily, by microprocessor (CPU), read-only memory (ROM), random-access memory (ram), input/output device and some non-volatile storages such as EEPROM (Electrically Erasable Programmable Read Only Memo) (EEPROM) are formed.This chip can be realized algorithm calculations, logical process, data management and data communication.

Smart card mainly is divided into contact and contactless two kinds.International Standards Organization (ISO) has formulated the standard about this electronic cards under ISO series.Especially, ISO 7816 is applicable to integrated circuit card.Because it has computing capability, smart card can be supported many security features, for example authentication, safe read/write, symmetric key and asymmetry secret key encryption/deciphering.These smart card security features make smart card be very suitable for ecommerce, and in ecommerce, data security and authentication are most important.

Smart card has been applied in many specific areas, public transport for example, health insurance, parking lot, campus, gas station or the like.And its potential application in ecommerce and other financial field is so that paces are universal day by day faster.The U.S. Patent No. 5521362 of authorizing Robert S.Power on May 28th, 1996, " having a plurality of memories to prevent to swindle the stored value card and the method thereof of use " described a kind of electronic wallet application.The invention of Power has proved that smart card is used as the ability of safe financial instrument, and is not only as storage device.

Along with development of technology, make the computational speed of intelligent card chip more and more faster, memory span is increasing, and the notion of " multi-purpose intelligent card " becomes day by day from all being feasible economically and physically.Authorized the U.S. Patent No. 5530232 of Douglas C.Tarylor in June 25 in 1996, " multi-purpose data card " described a kind of multipurpose card, and this multipurpose card can replace various existing single-use cards, and can satisfy finance and non-financial requirement.This multipurpose card uses conventional data link to connect smart card and remote service provider.The multipurpose card patent of Taylor does not relate to the open network or the encryption method of any type.

Authorized the U.S. Patent No. 5544246 of Mandelhaum etc. on August 5th, 1996, " be suitable for a plurality of service providers; and be suitable for the smart card of its long-range setting " a kind of smart card has been described, this smart card allows different service providers to coexist as on the same smart card.Each service provider is counted as a user of smart card, and is arranged on this smart card by the publisher/owner of smart card.Allow each user to set up tree-like file structure, and utilize password file to protect its tree-like file structure.A kind of smart card that allows to produce and delete multiple application has been described in the invention of Mandelbaum.The smart card of Mandelbaum is by using the visit of suitable password file control to every kind of application.

Authorized the U.S. Patent No. 5671279 of Taher Elgamal on September 23rd, 1997, " ecommerce of system of couriers safe in utilization " described a kind of PKI/cipher key cryptography that utilizes, and realizes the system of ecommerce on common network.The patent of Elgamal is not mentioned the application of smart card as the instrument of implementing ecommerce, and by utilizing digital certificate to verify the ecommerce participant.Safe system of couriers need be such as the internet on the open network, the escape way between the transaction each side, and for example SSL (Secure Socket Layer) is (SSL).

Authorized the U.S. Patent No. 5790677 of Fox etc. on August 4th, 1998, " system and method that is used for the secure e-business transaction " described has the system and method that is positioned at the registration procedure before the transaction program.In registration phase, each transaction participant is by sending registration bag, the voucher restriction service device (trusted credential bindingserver) that login is trusted to server.Server produces unique voucher according to the request that receives, and sends it to the request promoter.In transactional stage, the promoter of transaction request receives and examines all expection recipients' of business document and/or contract voucher, and utilizes independent recipient's PKI that file and/or contract are encrypted.Like this, each recipient can decipher and visit the business document of only planning for its use.The patent of Fox has been described (SET) program of the theme of standard of reflection so-called " secure electronic transaction ", the secure electronic transaction standard is by the main common at present plan of supporting of financing corporation and software company of several families, so that set up digital certificate and credential management mechanism based on e-commerce system.

Authorized the U.S. Patent No. 5796840 of Derek L. Davis on August 18th, 1998, " provide the equipment and the method for secure communication " and described a kind of semiconductor device, this semiconductor device can produce the key specific to device that will use in follow-up message checking and data communication right.This semiconductor device uses public-key/cipher key cryptography, to guarantee the reliability of communicating pair.

Authorized the U.S. Patent No. 5534857 of Simon G Laing and Matthew P.Bowcock on July 9th, 1996, " realize the safety of smart card, disperse personalized method and apparatus " having described from the safety of secret data of publisher write the method and apparatus of the user smart card that is positioned at a distant place.Be stored in Public key in secure computer and the retailer's smart card by use, produce and be used for the data between secret terminal and the secure computer are transmitted the common session key of encrypting.

According to above mentioned invention, obviously the structure of secure e-business system relates to public key infrastructure and associated digital certificate management organization.

In the open network, relatively poor in flexibility aspect encryption key distribution and the key management based on the system of privacy key.On the other hand, the advantage that is better than the privacy key system is no doubt arranged, but also have the task that the people is inspired awe even from distance of controlling oneself, even transaction each side authenticates mutually based on the system of PKI/key.The present invention proposes another kind of system and method, and this system and method does not need credential management mechanism and digital certificate.The present invention is a kind of hybrid system that is used for electronic transaction.This hybrid system uses public-key in cipher key exchange phase/key, and uses session key as privacy key in transactional stage.

Summary of the invention

The present invention is cryptographic system and the method that is used to use electronic cards (EC) and the electronic transaction by the communication network contact, and this electronic cards is the form of smart card or equivalent software.

The invention provides a kind of system that is used for electronic transaction, comprise: electronic cards, it has the cryptographic service that is used for encryption and decryption, the data field of storage cardholder information, with the data field of storage service provider's information, wherein said service provider's information comprises this service provider's a public keys; Service provider's member terminal of the activation of response electronic cards; And the service provider terminal of communicating by letter with described service provider's member terminal, described service provider terminal is decrypted the communication data from service provider's member terminal, and the communication data that sends to service provider's member terminal encrypted, described service provider's member terminal is encrypted the communication data that sends to service provider terminal, and the data from service provider terminal are decrypted, the communication data through encrypting that sends to service provider terminal from service provider's member terminal comprises that the service provider's that use obtains from electronic cards public keys carries out at least a portion of encrypted secret key exchange request message, and the communication data through encrypting that sends to service provider's member terminal from service provider terminal comprises a cipher key change response message, this cipher key change response message comprises a session key, and described session key is used for finishing the transaction between service provider's member terminal and the service provider terminal.

The preferred embodiments of the present invention are used open network, for example internet.Alternative of the present invention can be used the network of other type.The smart card of one embodiment of the present of invention or use physics perhaps uses to be embodied as computer packages and the smart card that moves on the calculation element such as personal computer (PC).Equally, the businessman that relates in the transaction can use the businessman's device as point of sales terminal, perhaps uses software and EC and service provider's communicating devices on the master computer.When using smart card, need smart card reader, to allow smart card and main equipment, the ready merchant terminal of network for example, PC or can support any other electronic installation communication of smart card transaction.

In the system based on public keys and digital certificate, the transaction participant is by utilizing digital certificate or other digital certificates of being signed and issued and being proved by credential management mechanism (CA) or certificate constraints server, the exchange public information.CA or server and each communicating by letter and to maintain secrecy between participant of concluding the business.Random number and digital signature are used to guarantee the authenticity and the validity of the message that transmits between the transaction participant.

Cryptographic system of the preferred embodiments of the present invention and method are also used the public/private key cipher code method, but operational mode is slightly different.Cryptographic system of the present invention and method do not attempt to set up another kind of trusting relationship, and this trusting relationship is similar to the sort of trusting relationship that is present between digital certificate holder and the credential management mechanism.The present invention is in particular with large-scale member system financial institution, and such as large-scale credit card company and all holders thereof, perhaps main bank and its all ATM holders are as its potential user.Non-financial institution also can use this cryptographic system and method, thereby carries out ecommerce or non financial transaction by network.

The service provider (SP) provide some service to its member.Financial institution is one type service provider just.The service provider in itself can also right and wrong finance.No matter the service provider is financial institution or non-financial institution, the process of generation is basic identical.The unique difference that relates to the transaction of financial institution and relate between the transaction of non-financial institution is that message may comprise different data fields.

After one of EC holder and service provider signed the use contract of service, the service provider produced a special-purpose entry on EC.Each entry contains service provider's account information, the public keys of SP, access control information and other related data.Each EC can support this entry of predetermined number (for example 10), and each this entry is represented a service provider.

By using the public/private key cryptography, greatly simplified the encryption key distribution process.His own or third party that is commissioned arbitrarily of EC holder, for example subbranch of bank or even the post office all can carry out encryption key distribution work.The public keys of SP only is used for the initial key exchange between SP and the holder.After the initial key exchange step, SP distributes session key, between session key protection holder and the SP, and the perhaps arbitrarily further message of holder between themselves.

Thisly not only used public keys/private key cryptography but also used the hybrid system of privacy key cryptography (being session key) and the difference of other privacy key system to be: in hybrid system, privacy key (being session key) is only effective to single session, is not suitable for other session.Session, have definite time span.When exceeding time bar or when condition was satisfied, session can stop.

Relate in transaction under the situation of businessman, businessman's experience program identical with EC holder is substantially communicated by letter with SP.Businessman will at first carry out the cipher key change with SP, and receive session key.Session key will be used for subsequent communications with SP by businessman.Holder and businessman carry out digital signature to every message issuing SP, and SP gives the response message signature of holder and businessman similarly to loopback.

Transaction need with another based on being under the interactional situation of system of mechanism of exchange with the electronic certificate, based on the further information exchange after initial cipher key change, after checking holder and the businessman, SP can serve as the voucher agent of holder and businessman.Under opposite extreme situations, SP carries out this agent functionality independently, and becoming with the electronic certificate is the gateway of the system of mechanism of exchange.Such hierarchical structure is very desirable, because reduced between a plurality of systems, and the number of the trusting relationship that execution exchange needs.In addition, therefore the user needn't carry voucher.

Description of drawings

Fig. 1 is the block diagram of system between the various piece of expression system according to an embodiment of the invention.

Fig. 2 has represented the flow process through these two transactional stage of network.

Fig. 3 is that the summary of EC is represented.

Fig. 4 has represented the form of service provider data field.Each service provider's information is assigned with an entry in this table, and is subjected to the protection of access condition.

Fig. 5 has represented digital signature is how to use in an embodiment of the present invention.

Fig. 6 A-6Q has represented that for example electronic transaction, the schematic flow diagram of cryptographic system of Shi Yonging and method are in one embodiment of the invention carried out in the internet in order to pass through the open communication network.

Fig. 7-11 has described in key stage and transactional stage, the Final Format and the content of combination request and response message.

Figure 12 has represented a service provider and has been concluded the business by a plurality of transaction participants of arranged in series.

Figure 13 has represented that a service provider concludes the business with a plurality of transaction participants that are arranged to the hierarchical organization form on network.

Embodiment

The preferred embodiments of the present invention are electronic cards (EC) that a kind of utilization is smart card or equivalent form of software, and by communication, are used for the cryptographic system and the method for electronic transaction.

In the preferred embodiment of the present invention, network is the open network such as the internet.In alternative of the present invention, can use other open network and/or closed network to set up communication between service provider and its member.For example, the service provider can use its own all banking network to communicate by letter with its member.

Any Internet Protocol can be used for the internet and connects.The example of spendable agreement comprises TCP/IP, UDP, HTTP or the like.

Also can be by the communication network transport service such as the public switched telephone network (PSTN) that uses traditional analog telephone business (having another name called plain old telephone service or POTS), perhaps by using such as T-1, E1 or DS-3 data circuit, integrated services digital network (ISDN), the digital communication service of Digital Subscriber Line business and so on, perhaps even use wireless traffic or the like, realize communication.When utilizing this business realizing, can be independent of communication protocol (that is, at the electrical interface layer) and realize the present invention.

Also can be by Local Area Network or wide area network (WAN), Ethernet for example, Token Ring, FDDI, ATM or the like are realized communication.The example of spendable agreement comprises TCP/IP, IPX, OSI or the like.

Other communication link can comprise that optical fiber connects, and the wireless RF modulator-demodulator connects, and cellular modem connects, and satellite connects or the like.

As long as between service provider and its member, can set up communication path, can adopt the present invention.Top example is to be used for illustrating the several examples that can put into practice various communication environments of the present invention.Those of ordinary skill in the art is clear, those environment that the present invention is not limited to describe in detail above.

EC can take smart card or the form of the software kit that moves on computer system such as personal computer (PC).When EC was implemented as smart card, it can be used on network ready (network-ready) computer system such as PC, so that and another member and/or selected service provider's transaction.The read/write interface device that needs are communicated by letter with computer system, and some application software that connect smart card holder and network, for example explorer.If EC is the software kit that is written in the computer system, then do not need read/write interface.The present invention does the effect of stored value card (perhaps virtual wallet) about the illustration embodiment of EC, the function of this stored value card and true wallet similar.True wallet can have credit card, debit card, atm card, health card (health provider card), member card, cash or the like.EC has the digital equivalents of all above-mentioned finance and non-financial instrument, and can implement Secure Transaction by the internet.

Service provider member can be businessman and/or EC cardholder.Businessman is by the member of service provider to its payment transaction reward.The member can be businessman be again the EC cardholder.Businessman can participate in the transaction with other card holder, and consequently the service provider is to this businessman's payment transaction reward.Businessman can also be the EC cardholder, and buys supply there from for example supplier.

Cryptographic system can comprise that the service of service provider and arbitrary number provides the communication between the member.Like this, communication can be between EC and SP, can be between businessman and SP, can be at an EC, and between the 2nd EC and the SP, can be in first businessman, between second businessman and the SP, or the like.EC can directly communicate by letter with the service provider, so that the inquiry account balance.Businessman can be only with its own name, rather than communicate by letter with the service provider with the name of EC, because for example businessman wishes to understand his oneself and service provider's account balance.Communication between SP and its member can be observed any permutation and combination of SP and its member.The tissue of the communication link between SP and its member can be continuous and/or layering.Communication between SP and its member also can realize by router, router between SP and its member in accordance with regulations route send message.

Encryption method is one and is divided into two stage cipher key change-trade mode.First stage is a cipher key exchange phase.Second stage is transactional stage.In cipher key exchange phase, member and service provider's interchange key.The member sends to the service provider to their key, and the service provider uses these keys to send session key to the member.Between session key protection holder and the SP, perhaps holder's other message between themselves.In transactional stage, SP can dominate the transaction or the holder themselves can implement the transaction.

Fig. 1 is the block diagram of expression according to the relation between each component part of the system of an illustration embodiment of the present invention, and it relates to a holder, a businessman and a service provider.

EC holder 20 can implement transaction via network 50, and or be connected EC read/write device 82 on the computer 84 of making a start by utilization, perhaps communicate by letter with businessman by utilizing at the EC equivalence software 92 of computer 90 operations of making a start.

Businessman can be by utilizing the ready point of sale of network (POS) terminal 40, perhaps by utilizing the EC equivalence software of operation on businessman's device 70, through the network implementation transaction, thereby carry out electronic transaction with the service provider 60 who selectes through the network such as the internet 50.

In case the access consideration to the EC card is satisfied, then the holder can be by finance or the non financial transaction of network 50 execution with other participant of system.Three kinds of different schemes of transaction have been represented to carry out by network among Fig. 1.

(1) in the POS transaction (upper left side of Fig. 1), holder 20 brushed EC/inserted the EC read/write card device 30 of businessman in merchant store.The ready POS of the businessman terminal 40 of EC read/write card device and network links to each other.The network PSO of ready businessman terminal 40 is programmable devices that prevent to distort, and it comprises the input unit such as keyboard, display, processor and EC read/write card device 30 (EC interface arrangement).POS terminal 40 is a minicom normally, and the PC with the communication link of open network for example is housed.The POS terminal is communicated by letter with SP through network 50.

(2) (right side of Fig. 1) holder can be by inserting read/write devices 82 to EC 20, carries out the transaction with other participant of system, read/write device 82 be that make a start holder's the personal computer 84 of computer links to each other.The computer of making a start links to each other with network 50, and EC can be communicated by letter with merchant computer 70.Merchant computer 70 has makes businessman can receive the message that EC produces, and produces the EC equivalence software 72 of the message of combination EC information and Business Information.Subsequently, combined messages is sent to SP through network.

(3) (below of Fig. 1) holder can be by the equivalence of the EC on the personal computer 90 that utilizes user holder software 92, other participant's of execution and system transaction.Concluding the business starts from making a start computer 90, that is, and and holder's personal computer.The holder implements transaction by network 50, and communicates by letter with the computer 70 of businessman, and the computer 70 of businessman is communicated by letter with SP 60 through network 50 again.

In a preferred embodiment of the invention, personal computer is used to keep EC equivalence software, and in alternative of the present invention, other electronic installation can be used for keeping EC equivalence software.

In a preferred embodiment of the invention, the network that is used to EC can be communicated by letter with businessman is identical with the network that is used to businessman can be communicated by letter with SP.In another embodiment, the network that is used to EC can be communicated by letter with businessman can be different from and be used to network that businessman can be communicated by letter with SP.In another embodiment, the network that is used to a businessman can be communicated by letter with SP can be different from and be used to network that another businessman can be communicated by letter with this SP.In another embodiment, the network that is used to EC can be communicated by letter with businessman can be different from and be used to network that another EC can be communicated by letter with another businessman.An embodiment can be made up of multifarious network, and different transaction each side are by these network service.

In a preferred embodiment of the invention, transaction is divided into two stages: cipher key exchange phase and transactional stage.Fig. 2 is a special case, and Fig. 2 illustrates two stage cipher key change-trade modes of the leading transactional stage of SP.When the leading transaction of SP, there is not the direct exchange of any sensitive information between the transaction participant.

The holder between themselves, and under the situation of the leading transactional stage of SP, cipher key exchange phase all is identical in transactional stage.Under the situation of holder between themselves, the holder uses the SP session key to intercom mutually in transactional stage, and carries out transaction.

Fig. 2 has showed the financial transaction of the leading transactional stage of SP.Shown transaction relates to the three parts: EC (transaction promoter) 102, businessman 104 and service provider (SP) 106.The initiator is the EC holder as client, and by computer 102 expressions.Computer 104 is represented businessman.Computer 106 is represented the service provider.SP is selected by EC and the both sides of businessman.

Fig. 2 has represented handling process from EC to the businessman, arrives the financial transaction of SP again.The handling process of encryption method is not limited to any specific order between businessman and the EC holder.Fig. 2 only is to businessman, again to an example of service provider's particular transaction from EC.Handling process also can arrive the service provider again from businessman to EC.Fig. 2 has showed service provider member's (in this case, being EC holder and businessman) is how to produce, and is additional and send message to the service provider.

10 arrows that are numbered 1-10 among Fig. 2 have represented in these two transactional stage message is how to flow at the transaction three party.Step 1-4 belongs to cipher key exchange phase, and step 5-10 belongs to transactional stage.In Fig. 2, businessman is as the intermediary between EC and the SP.In step 1, the EC format produces the cipher key change request, and this request is sent to businessman.In step 2, the cipher key exchange message of businessman's combination oneself and the cipher key exchange message of EC, and a cipher key exchange message of combination sends to SP.In step 3, the SP format produces a cipher key change response of giving businessman, and format produces a cipher key change response of giving EC, makes up this two cipher key change responses, thereby form the cipher key change response of combination, and the response of the cipher key change of combination is sent to businessman.In step 4, businessman makes cipher key change response of issuing businessman and the cipher key change response of issuing EC separately, and the cipher key change response message of EC is transmitted back EC.Main activities in the step 4 termination cipher key exchange phase.

Transactional stage starts from step 5.In step 5, the EC format produces its transaction request message, and this message is sent to businessman.In step 6, the transaction request message of businessman's combined reception and its transaction request message, and a transaction request message of combination sends to SP.In step 7, the SP format produces a transaction response message of giving businessman, and format produces a transaction response message of giving EC, makes up these two transaction response messages, and the transaction response message of combination is sent it back businessman.In step 8, businessman makes the transaction response message of issuing businessman and the transaction response message of issuing EC separately, and the transaction response message of EC is transmitted back EC.In step 9, the EC format produces acknowledge message, and acknowledge message is sent to businessman.In step 10, the affirmation message of businessman's combined reception and its affirmation message, and an affirmation message of combination sends to SP.The transactional stage of step 10 termination transaction.

Though Fig. 2 has showed a simple transaction, some transaction may relate to a plurality of message.In some process of exchanges, in order to finish each stage, may need more than one message, even in this case, these message will be observed identical rule of combination and process mode.For example, in transactional stage, SP may require EC and businessman at first to send account information.If account information is verified as effectively, then SP sends the affirmation message of account information in response message.In case businessman and EC receive this response message, then EC sends the dealing money information relevant with transaction with other with businessman in sending next message of SP to.SP ratifies or vetos this transaction subsequently.Step among Fig. 2 both had been applicable to account's message, was applicable to transaction message again.

If the finishing of transaction requires and such as the ambient systems based on the system 108 of PKI and digital certificate reciprocation, then SP will play the procuratorial effect of voucher of EC and businessman, and come into contacts with the name and the ambient systems of EC and businessman.A desired result of the present invention is that all participants of transaction and ambient systems are completely cut off, thereby reduces the number of the trusting relationship of finishing exchange's need.If the dual membership of a participant with native system and ambient systems of transaction, then his member that can select to serve as the member of native system or serve as ambient systems.Under one situation of back, SP will utilize the regular face of ambient systems to meet this participant.For example, for come into contacts with based on the ambient systems of PKI and digital certificate or certificate, SP has whole required voucher or the certificate that satisfies the trusting relationship that ambient systems requires in its property.Finish the transaction of initiating by EC and businessman for SP and ambient systems, need such voucher.In this case, have only SP need have trusting relationship with ambient systems.Based on this trusting relationship, single EC and businessman can finish transaction with the ambient systems of supposition.

Fig. 3 has represented the preferred embodiment of EC.In a preferred embodiment of the invention, EC partly is made of the software/hardware shown in Fig. 3 in inside.EC is based on ISO 7816 standards, and the communication protocol of the same type and the order of stipulating among the support ISO 7816.

EC has the card operation system 550 of management EC internal resource.Encryption device 650 on the card can software form realize, perhaps by cryptographic coprocessor (expression among Fig. 3), perhaps other hardware solution, perhaps the software and hardware mixture is realized.

The exclusive feature of EC is the service provider data field (SPDA) in the EC memory, and service provider's account and key information contained in this data field.Many holding tanks are contained in service provider data field (SPDA) 700.In a preferred embodiment, SPDA holding tank-each holding tank of containing predetermined ascertain the number (for example 10) is used for a possible service provider.In another embodiment, the number of holding tank can dynamically change.Record about each service provider can be placed in the holding tank of a sky.Each record contains account number, PKI and other relevant information of special services provider.

According to EC design, SPDA optionally allows each SP to comprise that some manage data on its oneself the card, and the software (for example " applet " in the JAVA term) of the interface between SP card data and the primary application program is provided.In other words, SPDA not only can contain simple data; SPDA can allow each SP that own application program (for example applet) is put on the EC, so that provide its all unique services to the holder.The advantage of this design is that the type of EC self and its available service is separated.Each SP can realize the service ability of himself by this.When the SP on another SP replacement card, needn't do any change to the EC platform.Only need simply new SP applet to be written in the card, new SP applet will be carried out designed function.

In SPDA, each service provider is assigned the space of storage of public keys.In many transaction, only use pair of secret keys, but, need two pairs or how right key for some online transactions.If SP uses identical public keys/private key right for the message of input and the signature of output message, then a public keys is just enough.If SP uses different keys for signature, then in SPDA, need two SP public keys (is used to import message, and another is used for the signature of output message).

In a preferred embodiment of the invention, use two pairs of public keys/private keys, rather than a pair of public keys/private key, by network and other interapplication communications, because use two pairs of public keys/private key better than the fail safe of using a pair of public keys/private key.The a pair of message that is used to decipher input, that is, the sender utilizes recipient's public keys decrypt, and the recipient utilizes corresponding private key decrypt.Another carries out digital signature to being used for the sender to the message that he sends, and the recipient uses corresponding sender's public keys certifying digital signature.

Each service provider is assigned the space that is used for by many Public keys of service provider's use.If SP uses identical public keys/private key right for the message of input and the signature of output message, then a public keys is just enough.If for reception message with to information signature, SP uses different keys right, and then in SPDA, the public keys of two kinds of SP all needs.

In an alternative of the present invention, for higher transaction security is provided, the service provider may need and use the public keys/private key more than two pairs.

When EC holder accepts new finance or non-financial instrument, the third party of issuer or trust will be written into the information needed that comprises record in the storage availability groove.When service provider account is cancelled, can eliminate the information in this holding tank.In process of exchange, some information in the holding tank can be read and be modified, for example account balance.Some information such as account number are subjected to read protection, but can be read.Some information such as private key promptly can not be read and can not write.Access condition 600 contains such as PIN, and the security information of biometric data and so in order to open card, goes up canned data so that use or can obtain card, and EC user must submit this security information to.

Traditional Personal Identity Number (PIN) or other safety measure such as biometric data are used to protect EC.Biometry relates to holder's biological nature, for example the measurement of object features and behavioural characteristic.Biometric system can be measured individual's fingerprint, the geometry of hand, and person's handwriting, looks, voice, body action, keystroke rhythm, eye feature is breathed, body odour, any other physical attribute of DNA or holder.Only after all access conditions have been satisfied, just can start the function that EC provides.Each service provider who resides on the card can optionally realize other access condition.

Fig. 4 has represented the form of the service provider data field of the preferred embodiments of the present invention.In table, each service provider's information is assigned with an entry, and this entry can be protected by additional access condition.The instrument that PIN 712 and miscellaneous data field 714 allow the service provider to want it to support provides extra protection or data field.Name field 702 contains service provider's title, and when the beginning online transaction, the holder can use service provider's name to be called transaction and select suitable service provider.Key Tpe field 704 stipulates that the service provider selects the type of the key that uses, privacy key, public keys or the like.Key value 706 and account information field 708 contain the exclusive information of each service provider.Card Type field 710 is stipulated the type of the instrument that the service provider supports.

In a preferred embodiment of the invention, operating system (COS) provides some basic services for the holder on the card.Be the tabulation of the roughly function that can carry out by COS below:

(1) such as storage management, traditional OS function of task management and so on.

(2) PERCOM peripheral communication-read/write of user data and communication protocol are handled.

(3) loading of cardholder information and renewal on the card.

(4) user PIN changes.

(5) such as the loading of single service provider's information and the service provider's dina base administration the renewal, SPDA access control or the like.

COS also will provide support in each stage of transaction.For example, COS can select at when beginning transaction treatment S P, and when finishing when concluding the business, transaction record in log file.One embodiment of the present of invention can realize one of following two kinds of design approach about COS, perhaps the mixing of these two kinds of design approach.

(1) can put into COS to most information, COS supports most EC functions whereby.Thereby each card is gone up the transaction that the service provider zone depends on COS execution and businessman and SP.In this approach, COS can be SP on all cards and provides and extraneous unified interface, and in case selected SP, can carry out transaction effectively.

(2) or, COS can be that each card is gone up the spendable general service combination of SP.Applet can be contained in each SP data field, and these applets have the information of exchange's need of execution and businessman and SP.In this approach, when carrying out transaction, SP has more opportunity and realizes its oneself exclusive feature.

Fig. 5 has represented in a preferred embodiment of the invention how data signature is used.The sender of message at first prepares the data division 900 of message M, and makes it pass through one-way Hash algorithm H (*) 902.The output of hashing algorithm is called as the eap-message digest MD 903 of message M.The private key (Pri) that utilizes the sender is subsequently encrypted MD, i.e. digital signature, E (*) 904.The result is called as the digital signature DS of message M.In conjunction with this DS and initial message M 900, forming at any time can be by the full message 906 of network 50 transmission subsequently.

Public-key encryption/decryption function can be any encrypt/decrypt function in many encrypt/decrypt functions.Its name is taken from the RSA example of public-key encryption/decryption method just of the first letter of RSA developer (Ronald Rivest, Adi Shamir and Len Adelman) surname, and this encrypting/decrypting method can be used in one embodiment of the present of invention.

When the recipient of expection when network 50 is received message, he at first makes the data division 900 of message M and the digital signature 912 that combines is with it separated.Subsequently, the recipient makes the data division 900 of message M by identical hashing algorithm 910, and hashing algorithm 910 is used for data division 900 codings to message M, thereby obtains the eap-message digest MD^911 of message M.The recipient utilizes sender's public keys subsequently, and to digital signature 912 deciphering contained in the source beginning message, D (*) 908 recovers initial eap-message digest, and the initial message summary is represented as MD 909 here.MD 909 and the new MD^911 that calculates are compared.If both are inequality, then initial message is destroyed, and should be rejected.

Be the symbol of use among Fig. 5-11 and the tabulation of abbreviation below:

Acknowledgement Data _EC=by a part of message of EC loopback to SP.The previous message of its notice SP is successfully received and is handled.

Acknowledgement Data _M=by a part of message that SP is given in businessman's loopback, the previous message of its notice SP is successfully received and is handled.

AI _EC=EC holder's account information.

AI _MThe account information of=businessman.

The CRYPTO=password.

The D=decipher function.

D _{SP-Private-key}=utilize the private key of SP to be decrypted.

The DS=digital signature function

DS _{EC-Private-Key}=by the digital signature of EC label on message.

DS _{M-Private-Key}=by the digital signature of businessman's label on message.

DS _{SP-Private-Key}=by the digital signature of SP label on message.

The E=encryption function.

The data encryption that E (Data)=the use data encryption key carries out.

E _SP-PK, E _{SP-Public-Key}=by the data of SP public-key encryption.

E _Skey-EC, D _Skey-EC=utilize the encrypt/decrypt of the session key that SP produces for EC.

E _Skey-M, D _Skey-M=utilize the encrypt/decrypt of the session key that SP produces for businessman.

EC=electronic cards or electronic cards equivalence software

H (M)=M is used one-way Hash algorithm.It produces the eap-message digest (MD) of M.

The KE=cipher key exchange phase.

M=businessman

The MD=eap-message digest

MD^=utilizes the conduct that rigidly connects receipts to import the message of data, the eap-message digest of generation by message acceptance person

MD _EC=reach the eap-message digest of the message of SP from EC

MD _MThe eap-message digest of=handed down from the older generations of the family the message to SP of going into business.

MD _SP-M=reach the eap-message digest of the message of businessman from SP.

MD _SP-EC=reach the eap-message digest of the message of EC from SP.This eap-message digest is transmitted by businessman.

PLAIN TEXT: expressly, need not to encrypt the transaction data that to send out.Expressly can be different with transaction side because of different message.

PLAIN TEXT _EC: the part transaction data that EC provides in its output message.The clear data field is insensitive to fail safe.So, need not encrypt and can transmit.When noting in being used in different message, the content of this symbol can be different.

PLAIN TEXT _M: the part transaction data that businessman provides in its output message.The clear data field is insensitive to fail safe.So, need not encrypt and can transmit.When noting in being used in different message, the content of this symbol can be different.

PLAIN TEXT _SP-EC: SP only offers the part of the transaction data of EC in its output message.The clear data field is insensitive to fail safe.So, need not encrypt and can transmit.When noting in being used in different message, the content of this symbol can be different.

PLAIN TEXT _SP-M: SP only offers the part of the transaction data of businessman in its output message.The clear data field is insensitive to fail safe.So, need not encrypt and can transmit.When noting in being used in different message, the content of this symbol can be different.

The transaction data of STD=sensitivity needs to encrypt in transport process.

STD _EC=sensitive transactions the numerical data that provides in its output message by EC.When noting in being used in different message, the content of this symbol can be different.

STD _M=sensitive transactions the numerical data that in its output message, provides by businessman.When noting in being used in different message, the content of this symbol can be different.

The PK=public keys

EC-PK, PK _ECThe public keys of=electronic cards

M-PK, PK _MThe public keys of=businessman

SP-PK, PK _SPThe service provider's of=selection public keys

Response Data _SP-EC=SP-EC the response data of concluding the business: in the transactional stage of transaction, give a part of message of EC by the SP loopback.It can comprise approval/rejection data and/or other related data arbitrarily.

Response Data _SP-M=SP-M the response data of concluding the business: in the transactional stage of transaction, give a part of message of businessman by the SP loopback.It can comprise approval/rejection data and/or other related data arbitrarily.

The RN=random number

RN _EC=produce by EC, and be sent to the random number of SP.

RN _SP-EC=produce by SP, and be sent to the random number of EC.

RN _M=the random number that produces by businessman.

RN _SP-M=produce by SP, and be sent to the random number of M.

SP=finance or non-financial services provider.

TA=(currency) amount of money of concluding the business

Transaction identification number _SP-EC, TID _SP-EC(transaction id _SP-EC)=in the cipher key exchange phase of transaction, the data field that its value is distributed by SP.In same process of exchange, EC will use this value to communicate by letter with SP.

Transaction identification number _SP-M, TID _SP-M(transaction id _SP-M)=in the cipher key exchange phase of transaction, the data field that its value is distributed by SP.In same process of exchange, businessman will use this value to communicate by letter with SP.

^*=in encrypting E or deciphering D, the combination of data and cascade.

Fig. 6 A-6Q comprises the flow chart about the preferred embodiment of cryptographic system and method.For explanation contained among the reduced graph 6A-6Q and symbolic representation, related transaction each side all uses pair of secret keys in the flow chart supposition transaction.In another embodiment of the present invention, can use two pairs of public keys, in this case, these two pairs of public keys all need to be exchanged.

The preferred embodiments of the present invention were made up of two different stages: cipher key exchange phase and transactional stage.

Phase I: cipher key exchange phase (hand shaking stage)

EC holder inserts read/write card device to EC or starts EC equivalence software, and imports PIN code and/or satisfy access condition 110, so that use the EC card.The security information condition of input and card are gone up information 114 compare 112, whether be authorized to use this EC card with the checking user.If the security information on security information and the card does not match, then use the request of this EC card to be rejected 116.Otherwise this EC card will be unlocked 118, for use.In case card is unlocked, then the user can ask the tabulation of SP on alternative card, and makes a choice 120 by send the SP select command to EC.In case SP is selected, the cipher key change of EC and then beginning and SP (KE) then.Obtain by symbol SP-PK and PK from the SPDA of EC _SPThe public keys of the SP of the selection of representative, and be used for sending to the message encryption of SP.

The main purpose of KE is the public keys PK that sends the holder to SP safely _EC126 and EC random number R N _EC124.SP will give session key and transaction id to EC to the response of EC, and they will be used by EC, so that communicate by letter with SP in the process of exchange of remainder.In order to format KE message, EC produces random number R N _EC124, make it public keys PK with EC _EC126, and and/or SP desired EC sensitive transactions data STD relevant with transaction _EC128 cascades.EC utilizes the public keys PK of the SP that obtains from SPDA 120 _SPThey are encrypted 122.Subsequently the EC password E that obtains _ES-PK(RN _EC ^*PK _EC ^*STD _EC) and the plaintext part PLAIN TEXT of message _EC132 (if any) combine 130, form the EC combined message, PLAIN TEXT _EC ^*E _SP-PK(RN _EC ^*PK _EC ^*STD _EC).When forming the EC combined message, the public keys PK of EC _EC126 can be placed into expressly PLAINTEXT _ECIn, rather than encrypted.

Have only sensitive data just encrypted.Non-sensitive response data comprises in plaintext.Have only SP can read sensitive data.In concluding the business in many ways, SP has the complete access right to All Activity person's sensitive information.

Make the EC combined message that obtains by hashing algorithm 134 subsequently, form ashed information, this ashed information is EC eap-message digest MD _ECEC 136 utilizes 138 pairs of EC eap-message digests of EC private key MD _ECCarry out digital signature, form digital signature message DS _{EC-Private-Key}Name digital signature message DS subsequently _{EC-Private-Key}Combine 140 with the EC combined message.Plaintext PLAIN TEXT _EC, password CRYPTO _ECWith digital signature DS _{EC-Private-Key}Be the KE message that comes from EC, and be sent to businessman 158 by network.Expressly comprise all various non-sensitive transaction data fields, so can clear and legible form be transmitted; Expressly do not need to encrypt.These data fields are different because of each message, and determined by transaction each side.

In order to communicate by letter with SP, the step that the step that its KE message own and SP of businessman's format is experienced and the KE message with businessman of EC format oneself are experienced is basic identical.The holder does not communicate by letter with SP separately with businessman, but communicates by letter with SP by combined message.Thereby, between holder and businessman, needn't exchange the Financial Information of any secret.Businessman is ready to his device that is used to conclude the business 142, and among his SPDA from the device that resides in businessman, selects and same SP that EC holder has selected for this transaction.From the SPDA of SP, obtain by symbol SP-PK and PK _SPThe public keys of the SP of representative, and be used for sending to the message encryption of SP.

In order to format his KE message, businessman produces random number R N148, makes it the public keys PK with businessman _M150 and the sensitiveness transaction data STD of businessman _MCascade, this sensitiveness transaction data are relevant with transaction and/or SP 152 desired data.Businessman utilizes service provider PK _SPPublic keys, data splitting is encrypted 146.Make the password that obtains and the plaintext part PLAIN TEXT of message subsequently _M156 (if any) combination 154 forms businessman's combined message.When forming the combined message PLAIN TEXT of businessman _M ^*E _SP-PK(RN _M ^*PK _M ^*STD _M) time, the public keys PK of businessman _M150 can put into expressly PLAINTEXT _MIn, and needn't be encrypted.

Further make businessman's combined message [PLAIN TEXT _M ^*E _SP-PK(RN _M ^*PK _M ^*STD _M)] with KE message { [the PLAIN TEXT of EC _EC ^*E _SP-PK(RN _EC ^*PK _EC ^*STD _EC)] ^*DS _{EC-Private-Key}Make up 158, be formed for the data division of the KE message of businessman and EC, that is, and combined message { [the PLAIN TEXT of EC-businessman _EC ^*E _{SP- PK}(RN _EC ^*PK _EC ^*STD _EC)] ^*DS _{EC-Private-Key}} ^*[PLAIN TEXT _M ^*E _SP-PK(RN _M ^*PK _M ^*STD _M)].Make EC-businessman combined message by hashing algorithm 160, form ashed information, this ashed information is the eap-message digest MD of businessman _MBusinessman utilizes the eap-message digest MD of 164 pairs of businessmans of private key of businessman _MCarry out digital signature 162, form the digital signature message DS of businessman _{M-Private-Key}Make the digital signature message DS of businessman subsequently _{M-Private-Key}With the data division of message, i.e. EC-businessman combined message combination 166, the cipher key change request message of formation businessman and EC＜＜{ [PLAIN TEXT _EC ^*E ^SP-PK(RN _EC ^*PK _EC ^*STD _EC)] ^*DS _{EC-Private-Key}} ^*[PLAIN TEXT _M ^*E _SP-PK(RN _M ^*PK _M ^*STD _M)] ^*DS _{M-Private-Key}The message that obtains at last is sent to SP by network.Fig. 7 has represented the final format and the content of the cipher key change request message from the businessman to SP.

In a preferred embodiment of the invention, businessman does not check the MD of EC request message, i.e. MD _EC, because EC encrypts its public keys.But in alternative, if EC selects not to its public-key encryption, then businessman can optionally check the MD of EC before the MD of EC is passed to SP.To its public-key encryption or EC not under the arbitrary situation to its public-key encryption, in order to improve fail safe, and prevent the contingent processing mistake of businessman at EC, SP still can check the MD of EC.When businessman when SP receives the array response of issuing he own and EC, businessman needn't check MD for EC, because this MD is the part of the whole message that formed by single promoter-SP.Businessman only need check the MD of the whole message that he receives from SP.

When SP received the KE request message, SP at first made the data division of KE request message and DS branch open 168, and the data division of KE request message is sent into one-way Hash algorithm, so that recomputate eap-message digest, this eap-message digest becomes MD _MSP separates the plaintext PLAIN TEXT of businessman subsequently _M, password CRYPTO _M, digital signature DS _{M-Private-Key}KE request message PLAIN TEXT with EC _EC ^*CRYPTO _EC ^*DS _{EC-Private-Key}By utilizing its oneself private key, SP is to password 170 deciphering of businessman, and also recovers the random number R N of businessman except out of Memory _M148 and the public keys PK of businessman _M150.SP uses the PK that recovers subsequently _MDigital signature DS to businessman's signature _{M-Private-Key}Deciphering, and the MD of the KE message of recovery businessman _MThe new MD^ that SP obtains hash _M168 and by to DS deciphering, from the MD of original KE message recovery _M170 compare 172.If MD^ _MAnd MD _MBetween there are differences, then KE message is destroyed, so this KE message is rejected 174.If MD^ _MAnd MD _MCoupling, then SP opens the data division and the DS branch of the KE request message of EC, and the data division of the KE request message of EC is sent into one-way Hash algorithm, so that recomputate eap-message digest (MD^ _EC).Subsequently in step 176, SP separates the plaintext PLAIN TEXT of the EC in the data division of KE request message of EC _EC(if any), password CRYPTO _ECAnd digital signature DS _{EC-Private-Key}By utilizing its oneself private key, SP is to the password to decipher of EC, and also recovers the random number R N of EC except other message _ECPublic keys PK with EC _ECSP utilizes the PK that recovers subsequently _ECTo the digital signature deciphering of EC signature, and the MD of the KE message of recovery EC _ECIn step 718, the new MD^ that SP obtains hash _EC176 and by to DS deciphering, the MD that from original KE message, recovers _ECCompare.If MD^ _ECAnd MD _ECBetween there are differences, then KE message is destroyed, so KE message is rejected 180.Otherwise SP prepares to businessman and EC loopback KE response message.

In order to format the KE response message to EC, SP produces a random number R N _SP-EC184 and give the session key Skey of EC _EC186, and the random number R N that they and EC are produced _EC188, service provider's sensitive transactions data STD _SP-EC190 combinations, and utilize the public keys PK of EC _ECThey are encrypted 192.Resulting password E _EC-PK(RN _EC ^*RN _{SP- EC} ^*Skey _EC ^*STD _SP-EC) distribute to the transaction identification TID of EC with SP _SP-EC194 and PLAIN TEXT expressly _SP-EC195 (if any) combination 196, the data division of the response message of EC is issued in formation.SP makes these data by hashing algorithm, so that calculate eap-message digest MD _SP-EC198.By utilizing its oneself private key 202, SP is by to eap-message digest MD _SP-ECCarry out digital signature, for response message produces digital signature DS _{SP-Private-Key}200.At data division that makes this message and the new DS that calculates _{SP-Private-Key}After the combination 204, finish the KE response message [TID that SP issues EC _SP-EC ^*PLAIN TEXT _SP-EC ^*E _EC-PK(RN _EC ^*RN _SP-EC ^*Skey _EC ^*STD _SP-EC)] ^*DS _{SP-Private-Key}

In order to format the KE response message to businessman, SP produces random number R N _SP-M208 and give the session key Skey of businessman _M210, and the random number R N that they and businessman are produced _M212, sensitive transactions data STD _SP-EC214 combinations, and utilization is at the public keys PK of the businessman that step 170 receives _MThey are encrypted 206.Make resulting password by distributing to the transaction identification TID of businessman with SP _SP-M218 and PLAIN TEXT expressly _SP-M220 (if any) combination 216, the data division of the response message of businessman is issued in formation.Resulting combined message TID _SP-M ^*PLAIN TEXT _SP-M ^*E _M-PK(RN _SP-M ^*RN _M ^*Skey _M ^*STD _SP-M) further with the KE response message [TID that issues EC _SP-EC ^*PLAIN TEXT _SP-EC ^*E _EC-PK(RN _EC ^*RN _SP-EC ^*Skey _EC ^*STD _SP-EC)] ^*DS _{SP-Private-Key}Combination 222, the data division of the final KE response message of formation SP, [TID _SP-EC ^*PLAIN TEXT _SP-EC ^*E _EC-PK(RN _EC ^*RN _SP-EC ^*Skey _EC ^*STD _SP-EC)] ^*DS _{SP-Private-Key} ^*[TID _SP-M ^*PLAIN TEXT _SP-M ^*E _M-PK(RN _SP-M ^*RN _M ^*Skey _M ^*STD _SP-M)].SP makes this data division by hashing algorithm, so that calculate eap-message digest 224.By utilizing its oneself private key 228, SP is that response message produces digital signature DS by this eap-message digest is carried out digital signature _{SP-Private-Key}226.Make up after 230 with the new DS 226 that calculates at the data division that makes this message, finish the KE response message of issuing EC and businessman.This response message＜＜{ [TID _SP-EC ^*PLAINTEXT _SP-EC ^*(E _EC-PK ^*RN _EC ^*RN _SP-EC ^*Skey _EC ^*STD _SP-EC)] ^*DS _{SP-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _SP-M ^*E _M-PK(RN _SP-M ^*RN _M ^*Skey _M ^*STD _SP-M)] DS _{SP-Private-Key}Given businessman by network by loopback.Fig. 8 has represented the Final Format and the content of the combination KE response message from SP to the businessman.

When KE response message 232 was received by businessman, businessman at first separated the DS by the SP signature _{SP-Private-Key}, subsequently the data division of combination KE response message is sent into one-way Hash algorithm, so that recomputate eap-message digest MD^ _SP-MBusinessman separates the data division of the KE response message of SP subsequently, that is, and and TID _SP-M, PLAIN TEXT _SP-M, CRYPTO _SP-M, [(TID _SP-EC ^*PLAIN TEXT _SP-EC ^*CRYPTO _SP-EC)] ^*DS _{SP-Private-Key}Businessman uses the public keys (being selected from 144) of SP to digital signature DS _{SP-Private-Key}Deciphering recovers eap-message digest MD _SP-MThe new MD^ that businessman obtains hash _SP-MWith MD _ECCompare 234.If at MD^ _SP-MAnd MD _SP-MBetween have any difference, then the KE response message is destroyed, so be rejected 236.If MD^ _SP-MAnd MD _SP-MCoupling, then businessman identification is intended to send to his response message portion, and the private key that utilizes him is to password CRYPTO _SP-MDeciphering 238.He sends to SP in the KE request message original random number RN should be able to recover in businessman _M(seeing step 148).In step 240, businessman is the random number R N that recovers _M(step 238) and original random number R N _MCompare.If two values are unequal, then message is destroyed, in this message of step 242 refusal.Because random number R N _MHave only SP to utilize correct SP private key to recover, determine that therefore the sender of message is selected SP veritably.Businessman is KE the response message [(TID of EC subsequently _SP-EC ^*PLAINTEXT _SP-EC ^*CRYPTO _SP-EC)] ^*DS _{SP-Private-Key}Be transmitted to EC, and be that the transactional stage of concluding the business is prepared.

When EC received KE response message 260, EC at first separated the DS by the SP signature _{SP-Private-Key}, subsequently the data division of the KE response message of giving EC is sent into one-way Hash algorithm, produce MD^ _SP-ECEC separates the data division of this message subsequently, that is, and and TID _SP-EC, PLAINTEXT _SP-EC, CRYPTO _SP-EC, DS _{SP-Private-Key}EC uses the public keys (selecting in step 120) of SP to digital signature DS _{SP-Private-Key}Decrypt messages is recovered eap-message digest MD _SPThe new MD^ that EC obtains hash _SP-EC(in step 260, obtaining) with by to DS _{SP-Private-Key}Deciphering, the MD that from give the KE response message of EC, recovers _SP-ECCompare 262.If at MD^ _SP-ECAnd MD _SP-ECBetween have any difference, the KE response message of then issuing EC is destroyed, so be rejected in step 264.If MD^ _SP-MAnd MD _SP-MCoupling, then EC identification is intended to send to his response message portion, and the private key that utilizes him is to being included in the password CRYPTO in this message _SP-ECDeciphering 266.EC should be able to recover the original random number RN that sends in the KE of EC request message _EC(seeing step 124).In step 268, EC is the random number R N that recovers _EC(step 266) and original random number R N _EC(step 124) compares.If these two random numbers are unequal, then message is destroyed, in this message of step 270 refusal.Owing to have only SP to utilize correct SP private key can recover random number R N _EC, so this can guarantee that the sender of message is selected SP veritably.EC prepares for the transactional stage of transaction.

The overtime phase that in EC and businessman, will have a preliminary election to determine.In transaction, if do not receive response message in the overtime phase, then EC and businessman will think that this transaction is abandoned, and will carry out retry or start recovering process.

After successfully finishing the KE message, SP has the public keys of EC and the public keys of businessman.At this moment, EC and businessman all have the random number that comes from SP, transaction id and session key.In order to finish the cipher key exchange phase of transaction, EC and businessman must give SP these two random number loopbacks that recover from the KE response message.This can two modes realize.Can be by the affirmation message loopback random number that comes from EC and businessman.Perhaps random number can be used as from the output of EC and businessman, passes to next message of SP, and for example a transaction message part is by loopback.Second method is simpler, and describes in the Phase below.Between SP and businessman, and the correctness of cipher key change between SP and the EC, random number only is used once.In case set up session key and transaction identification number, just do not re-used random number.

Phase: transactional stage

In transactional stage, businessman and EC all send themselves the account information such as account number to SP, and other data relevant with transaction, and for example dealing money requests for permission and concludes the business or other deal with data.Equally, EC and businessman discuss with SP individually, but are that businessman is responsible for combined message, and the message after the combination is sent to SP as a message by combined message and SP discussion.

EC is at first by making the random number R N that comes from SP _SP-EC274 with the relevant EC account information of selecting of SP, AI _EC276, dealing money TA 280, and any other sensitive data 278 cascades relevant with transaction and/or that SP requires form transaction message.The session key Skey that EC utilizes SP to distribute _ECThey are encrypted.Skey _ECBe privacy key, and use the cryptographic algorithm different with the cryptographic algorithm that is used for public-key encryption.In step 282, make resulting password CRYPTO subsequently _EC, i.e. Skey _EC(RN _SP-EC ^*STD _EC ^*AI _EC ^*TA) with transaction id TID _SP-EC284 and PLAIN TEXT expressly _EC286 (if any) combination, the data division of the transaction message of formation EC, TID _SP-EC ^*PLAINTEXT _EC ^*CRYPTO _ECData division 282 is transfused to one-way Hash algorithm 288, so that calculate eap-message digest MD _EC, utilize 292 pairs of these eap-message digests of private key MD of EC subsequently _ECCarry out digital signature 290.In step 294, make data division (the coming from step 282) combination of the digital signature that obtains 290 and message, form the transaction request message [TID of EC _SP-EC ^*PLAINTEXT _EC ^*Skey _EC(RN _SP-EC ^*STD _EC ^*AI _EC ^*TA)] ^*DS _{EC-Private-Key}, send it to businessman subsequently.

Businessman experiences essentially identical step, forms his transaction message.Businessman is by making the random number R N that comes from SP _SP-M246 with the relevant merchant account information of selecting of SP, AI _M248, dealing money TA 252, and any other sensitive data STD relevant with transaction and/or that SP requires _M250 cascades form his transaction message.The session key Skey that businessman utilizes SP to distribute _MThey are encrypted 244.Session key Skey _ECBe privacy key, and by utilizing the cryptographic algorithm different with the cryptographic algorithm that is used for public-key encryption, for example DES produce.Session key Skey _MBe used for carrying out at this moment encryption, to produce password CRYPTO _MIn step 254, make resulting password CRYPTO subsequently _M, i.e. Skey _M(RN _SP-M ^*STD _M ^*AI _M ^*TA) with transaction id TID _SP-M256 and PLAIN TEXT expressly _M258 (if any) combination, the data division of the transaction message of formation businessman, TID _SP-M ^*PLAINTEXT _M ^*CRYPTO _MIn step 296, make the transaction request combination of these data and EC, form the data division of the final transaction request message of giving SP, [TID _SP-EC ^*PLAINTEXT _EC ^*Skey _EC(RN _SP-EC ^*STD _EC ^*AI _EC ^*TA)] ^*DS _{EC-Private-Key} ^*[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(RN _SP-M ^*STD _M ^*AI _M ^*TA)].As before, businessman is his data splitting input one-way Hash algorithm 298, to calculate eap-message digest MD _M, utilize 302 pairs of these eap-message digests of private key MD of businessman subsequently _MCarry out digital signature 300.In step 304, make the digital signature DS that obtains _{M-Private-Key}300 with the combination of the data division (coming from step 296) of message, form final transaction request message { [TID _SP-EC ^*PLAINTEXT _EC ^*Skey _EC(RN _SP-EC ^*STD _EC ^*AI _EC ^*TA)] ^*DS _{EC-Private-Key*}[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(RN _SP-M ^*STD _M ^*AI _M ^*TA)] } ^*DS _{M-Private-Key}, send it to SP subsequently.Fig. 9 has represented the Final Format of transaction request message.

When SP received transaction request message, SP at first checked these two transaction identification that EC and businessman send number, that is, and and TID _SP-ECAnd TID _SP-M, guarantee that they are effective.When finding or TID in step 306 _SP-M(step 210) or TID _SP-ECWhen (step 186) is invalid, then in this message of step 308 refusal.If transaction identification is number all effective, then SP sets about making DS _{M-Private-Key}Separate with the data division of message, and the data division of message, { [TID _SP-EC ^*PLAIN TEXT _EC ^*Skey _EC(RN _SP-EC ^*STD _EC ^*AI _EC ^*TA)] ^*DS _{EC-Private-Key} ^*[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(RN _SP-M ^*STD _M ^*AI _M ^*TA)] } input one-way Hash algorithm is to calculate the eap-message digest MD^ of this message _MThe data division of SP detach message, i.e. TID _SP-M, PLAIN TEXT _M, CRYPTO _M, DS _{M-Private-Key}, (TID _SP-EC ^*PLAIN TEXT _EC ^*CRYPTO _EC) ^*DS _{EC-Private-Key}SP utilizes the public keys of businessman to DS _{M-Private-Key}Encrypt 310, and the new eap-message digest MD that recovers _MEap-message digest MD^ with firm calculating _M(step 306) compares.If MD^ _MAnd MD _MNot etc., then message is destroyed, so be rejected in step 314.If MD^ _MAnd MD _MCoupling, then SP utilizes it to distribute to the session key Skey of businessman in the stage at KE _M(step 210) is to the encryption section deciphering 316 of message, and contained data field in the recovery encryption section.In step 318, SP is the random number R N of businessman's loopback in message _SP-MSend to random number R N in the message of businessman at first with SP _SP-M(seeing step 208) compares.If two random numbers are unequal, then businessman is not by mutual validation test, so in step 320, refuse this message.

In addition, SP will verify the account information AI of EC _ECWith the transaction data such as dealing money TA.If AI is no longer valid, then in this message of step 320 refusal.When from the TA of EC when TA from businessman does not conform to, this message also will be rejected.Can have other invalid condition of the message of making.If account information AI _ECWith transaction data be effectively, then SP continues the EC part of checking message.

As the situation of the message of businessman, SP at first makes DS _{EC-Private-Key}Separate 322 with the message of EC, and the data division (TID of the message of EC _SP-EC ^*PLAINTEXT _EC ^*CRYPTO _EC) the input one-way Hash algorithm, to calculate the eap-message digest MD^ of EC message _ECSP separates the data division of the transaction request of EC, TID _SP-EC, PLAINTEXT _EC, CRYPTO _EC, DS _{EC-Private-Key}SP utilizes the public keys PK of EC _ECTo DS _{EC-Private-Key}Deciphering 324, and recover MD _ECIn step 326, SP is the MD that recovers _ECAnd MD^ _ECCompare.If MD^ _ECAnd MD _ECNot etc., then message is destroyed, so in this message of step 328 refusal.If MD^ _ECAnd MD _ECConform to, then SP utilizes it to distribute to the session key Skey of EC in the stage at KE _EC(step 186) to the encryption section deciphering 330 of EC message, and recovers data field contained in this encryption section.In step 332, SP is the random number R N of EC loopback in message _SP-ECSend to the random number R N of EC at first with SP _SP-EC(step 184) compares.If random number does not wait, then EC fails by mutual validation test, so in this message of step 334 refusal.SP will verify the account information AI of businessman _MWith the transaction data such as dealing money TA,, perhaps when transaction data does not satisfy the standard of SP, will refuse this message in step 334 when account information is invalid.In case established the integrality and the authenticity of whole message, but contained data in the SP processing messages then, and back response message.Mutual checking in this message between the random number of loopback termination SP and the businessman, and the mutual checking between SP and the EC.After this message, no longer need to carry out the exchange of any random number.SP can select random number to send in all subsequent message of SP in businessman and EC as transaction identification number, and businessman and EC will use this transaction identification number.

As before, response message contains the information that replies to EC and businessman.In order to format the transaction response message that replies to EC, SP produces the response data that replies to EC, ResponseData _SP-EC338, and utilize the session key Skey that distributes to EC _ECIt is encrypted 336.Have only sensitive data just encrypted.During the non-sensibility response data is included in expressly.In step 340, make password CRYPTO _SP-EC, i.e. E _Skey-EC(Response Data _SP-EC) and SP distribute to the transaction identification TID of EC _SP-EC342 (steps 194), and SP will reply to the plaintext PLAIN TEXT of EC _SP-EC344 (if any) combination, formation will reply to the data division of the response message of EC, that is, and TID _SP-EC ^*PLAIN TEXT _SP-EC ^*ES _Key-EC(Response Data _SP-EC).The data division of this message input hashing algorithm 346, produce SP and utilize the private key 350 of SP that it is carried out the MD of digital signature 348 _SP-ECIn step 352, make DS _{SP-Private-Key}With data division (step 340) combination of response message, formation will reply to the complete response message of EC, [TID _SP-EC ^*PLAIN TEXT _SP-EC ^*E _Skey-EC(Response Data _SP-EC)] ^*DS _{SP-Private-Key}

In order to format the transaction response message that will reply to businessman, SP produces the response data that will reply to businessman, Response Data _SP-M356, and utilize the session key Skey that distributes to businessman _M(step 210) encrypts 354 to it.In step 358, make password CRYPTO _SP-MWith the transaction identification TID that distributes to businessman in step 360 _SP-M(step 218), and SP will reply to the plaintext PLAIN TEXT of businessman _SP-M(if any) 362 combinations, formation will reply to the data division of the response message of businessman, TID _SP-M ^*PLAIN TEXT _SP-M ^*CRYPTO _SP-MIn step 364 these data are combined with the complete response message that will reply to EC subsequently, formation will reply to the data division of the response message of EC and businessman, [TID _SP-EC ^*PLAIN TEXT _SP-EC ^*E _Skey-EC(Response Data _SP-EC)] ^*DS _{SP-Private-Key} ^*[TID _SP-M ^*PLAIN TEXT _SP-M ^*E _Skey-M(Response Data _SP-M)].

This data input hashing algorithm 366, produce SP and utilize the MD of the private key 370 of SP subsequently its digital signature 368 _SP-MIn step 372, make DS _{SP-Private-Key}With the data division combination of the response message that will reply to EC and businessman, formation will reply to the complete response message of EC and businessman,＜＜{ [TID _SP-EC ^*PLAIN TEXT _SP-EC ^*E _Skey-EC(Response Data _SP-EC)] ^*DS _{SP-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _SP-M ^*E _Skey-M(Response Data _SP-M)] DS _{SP-Private-Key}SP gives businessman its response message loopback subsequently.Figure 10 has represented the Final Format of transaction response message.

When this message was received by businessman, businessman is the transaction identification TID in step 374 inspection message at first _SP-M, and guarantee that this transaction identification number is effectively.If transaction identification is number invalid, then in this message of step 376 refusal.If TID _SP-MEffectively, then businessman makes the DS that is signed by SP _{SP-Private-Key}With the data division of this message separately, subsequently the data division of transaction response message＜＜{ [TID _SP-EC ^*PLAIN TEXT _SP-EC ^*E _Skey-EC(Response Data _SP-EC)] ^*DS _{SP-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _SP-M ^*E _Skey-M(Response Data _SP-M)] the input one-way Hash algorithm, produce MD _SP-MBusinessman is separated into different parts, TID to the data division of message _SP-M, PLAIN TEXT _SP-M, CRYPTO _SP-M, DS _{SP-Private-Key}(TID _SP-EC ^*PLAIN TEXT _SP-EC ^*CRYPTO _SP-EC ^*DS _{SP-Private-Key}), and prepare the transaction response message of SP biography is issued EC.In step 378, businessman utilizes at KE in the stage, by the session key Skey of SP distribution _M,, and recover wherein contained data field to the encryption section deciphering of the message of SP.Businessman uses the public keys of SP, PK subsequently _SP(step 144) is to digital signature DS _{SP-Private-Key}Deciphering is so that recover MD _SP-MIn step 380, the new MD^ that businessman obtains hash _SP-M(step 374) and the MD that recovers _SP-MCompare.If MD^ _SP-MAnd MD _SP-MBe not inconsistent, the response message of then concluding the business is destroyed, so in this message of step 382 refusal.If these two eap-message digests conform to, then businessman begins to handle this message.As usual, the EC part (TID of transaction response message _SP-EC ^*PLAINTEXT _SP-EC ^*CRYPTO _SP-EC ^*DS _{SP-Private-Key}) pass to EC.

When EC received the transaction response message, EC is the transaction identification TID in step 394 inspection message at first _SP-EC, and guarantee that this transaction identification number is effectively.If transaction identification is number invalid, then in this message of step 396 refusal.If transaction identification number effectively, then businessman makes the DS that is signed by SP _{SP-Private-Key}Separate with the data division of transaction response message, subsequently the data division TID of EC transaction response message _SP-EC ^*PLAIN TEXT _SP-EC ^*E _Skey-EC(ResponseData _SP-EC) the input one-way Hash algorithm, produce MD^ _SP-ECEC becomes different parts, TID to message separation _SP-EC, PLAIN TEXT _SP-EC, CRYPTO _SP-EC, DS _{SP-Private-Key}In step 398, EC utilized at KE in the stage, and the session key Skey that is distributed by SP to the encryption section deciphering of the message of SP, and recovers wherein contained data field.EC uses the public keys (step 120) of SP to digital signature DS _{SP-Private-Key}Deciphering is so that recover eap-message digest MD _SP-ECIn step 400, the new MD^ that businessman obtains hash _SP-EC394 and the MD that recovers _SP-ECCompare.If MD^ _SP-ECAnd MD _SP-ECBe not inconsistent, the response message of then concluding the business is destroyed, so in this message of step 402 refusal.If these two eap-message digests conform to, then EC begins to handle this message.

Last what conclude the business, if the SP requirement, EC and businessman can send acknowledge message to SP, and push-notification-answer message is correctly received and handles.If before closing the transaction, between SP and businessman and EC, will exchange a plurality of message, then these affirmation data can be used as the part of next message that will send to SP.Confirm that perhaps it is a message that data sheet alone becomes.

In order to format acknowledge message, EC utilizes session key Skey at first in step 404 _ECTo confirming data Acknowledgement Data _ECThe responsive part of 406 (if any) is encrypted, thereby produces Skey _EC(Acknowledgement Data _EC).In step 408, EC password that obtains and the transaction identification TID that distributes by SP _SP-EC410, and plaintext PLAIN TEXT _EC412 (if any) combination.Form the data division of the affirmation message of EC, TID _SP-EC ^*PLAIN TEXT _EC ^*Skey _EC(AcknowledgementData _EC).This data splitting input one-way Hash algorithm 414, produce MD subsequently _ECEC utilizes 418 couples of MD that obtain of private key of EC subsequently _ECCarry out digital signature 416, produce DS _{EC-Private-Key}In step 420, make DS _{EC-Private-Key}With data division (the coming from step 408) combination of message, form the complete affirmation message of EC, [TID _SP-EC ^*PLAINTEXT _EC ^*Skey _EC(Acknowledgement Data _EC)] ^*DS _{EC-Private-Key}Subsequently this acknowledge message is sent to businessman.

Businessman experiences identical step, forms his affirmation message.In order to format acknowledge message, businessman at first utilizes SP to distribute to the session key Skey of businessman _MTo confirming data Acknowledgement Data _MThe responsive part of 386 (if any) is encrypted, thereby produces Skey _M(RN _SP-M ^*Acknowledgement Data _M).In step 388, businessman is the transaction identification TID of password that obtains and SP distribution _SP-M390, and plaintext PLAINTEXT _M(coming from step 392) (if any) combination.Form the data division of the affirmation message of businessman, TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(RN _SP-M ^*Acknowledgement Data _M).In step 422, make this data division further and the affirmation message combination that receives from EC, formation will send to the data division of the combination acknowledge message of SP, { [TID _SP-EC ^*PLAIN TEXT _EC ^*Skey _EC(Acknowledgement Data _EC)] ^*DS _{EC-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(AcknowledgementData _M)].Businessman produces eap-message digest MD to the data division of the combination acknowledge message that will send to SP input one-way Hash algorithm _MBusinessman utilizes 428 couples of MD that obtain of private key of businessman subsequently _MCarry out digital signature, produce DS _{M-Private-Key}426.In step 430, make DS _{M-Private-Key}With data division (the coming from step 422) combination of message, formation will send to the EC of SP and the final combination acknowledge message of businessman,＜＜{ [TID _SP-EC ^*PLAINTEXT _EC ^*Skey _EC(Acknowledgement Data _EC)] ^*DS _{EC-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(Acknowledgement Data _M)] ^*DS _{M-Private-Key}Subsequently this message is sent to SP.Figure 11 has represented the Final Format of trade confirmation message.

TID _SP-MBe the transaction identification number (coming from step 218) that SP distributes to businessman, TID _SP-ECIt is the transaction identification number (coming from step 194) that SP distributes to EC.When receiving trade confirmation message, SP checks these two transaction identification TID that sent by EC and businessman in step 432 _SP-MAnd TID _SP-EC, and guarantee that they are effective.When finding TID _SP-MOr TID _SP-ECWhen invalid, then in this message of step 434 refusal.If transaction identification is number all effective, then SP sets about making DS _{M-Private-Key}Separate with the affirmation message of combination, and a data division of the affirmation message of combination＜＜{ [TID _SP-EC ^*PLAIN TEXT _EC ^*Skey _EC(AcknowledgementData _EC)] ^*DS _{EC-Private-Key}} ^*[TID _SP-M ^*PLAIN TEXT _M ^*Skey _M(Acknowledgement Data _M)] the input one-way Hash algorithm, so that calculate the eap-message digest MD^ of this message _MSP is separated into TID to the data division of message _SP-M, PLAINTEXT _M, CRYPTO _M, DS _{M-Private-Key}, (TID _SP-EC ^*PLAIN TEXT _EC ^*CRYPTO _EC) ^*DS _{EC-Private-Key}In step 436, SP utilizes the public keys PK of businessman _MTo DS _{M-Private-Key}Deciphering, and the eap-message digest MD that recovers _M432 and the eap-message digest MD^ that just calculated _M436 compare.If MD^ _MAnd MD _MConform to, then SP utilizes it in the stage, to distribute to the session key Skey of businessman at KE in step 442 _M(coming from step 210),, and recover wherein contained affirmation data to the encryption section deciphering of the affirmation message of businessman.

In step 444, SP makes DS _{EC-Private-Key}Separate with the affirmation message of EC, and the data division TID of the affirmation message of EC _SP-EC ^*PLAIN TEXT _EC ^*CRYPTO _ECThe input one-way Hash algorithm is to calculate the eap-message digest MD^ of this message _ECSP is separated into TID to the data division of the affirmation message of EC _SP-EC, PLAIN TEXT _EC, CRYPTO _EC, DS _{EC-Private-Key}In step 446, SP utilizes the public keys PK of EC _ECTo DS _{EC-Private-Key}Deciphering, and in step 448, the MD that recovers _ECEap-message digest MD^ with firm calculating _EC444 compare.If these two eap-message digests conform to, then SP utilizes it in the stage, to distribute to the session key Skey of EC at KE in step 452 _EC(coming from step 186),, and recover wherein contained affirmation data to the encryption section deciphering of this message.Subsequently in step 454, the processing of the transactional stage of closing the trade.

In whole process of exchange, in a preferred embodiment, the software that is provided by the internet browser software such as MicrosoftExplorer or Netscape Navigator is provided EC.In a typical session, the holder makes the URL of its browser sensing businessman, and from businessman's stock on order or service.When defrayment, browser will call the EC interface software, and the EC interface software can embed in the browser, but perhaps be included in wherein as plug-in type Add-ons composition, and allow transaction to proceed.The holder can point to his browser any SP member's URL.

A special case of two stage cipher key change-trade modes of the present invention is just used in the two stages transaction of describing in Fig. 6 A-6Q above.In the two stages transaction of describing in Fig. 6 A-6Q, the dealer one who participates in transaction has three: EC, businessman and SP.Two stage cipher key change-trade modes are two applicable to the number of the transaction side that relates to similarly and do not wait to multidigit.The dealer who relates to more than three transaction in, have only a side to serve as the role of SP.All other each side use the public keys of selected SP to carry out initial cipher key change, and the session key and the transaction id that use SP to distribute are concluded the business.

Two stage cipher key change-trade modes are applicable to organization scheme, and wherein (1) transaction participant can be arranged to and possible a plurality of routers and service provider's arranged in series; Perhaps (2) transaction participant can be arranged in the laminated tissue with possible router.These extra organization schemes can relate to the router of message being delivered to next level.A level in the hierarchy can be made up of the transaction participant and/or the router of arbitrary number.Next level is next transaction participant or the router in adjacency on the order or on the level.In laminated tissue's scheme, next level comprises all possible next transaction participant and router.For laminated tissue's scheme, SP sets up and is used for determining that message will be sent to its next the transaction participant or the criterion of router.

Router is gateway/pipeline, and it is collected from the message of last level, and according to the SP requirement such as combined message, message is carried out some processing, subsequently message is given to SP.Each transaction participant only need form his message (data and digital signature), and sends it to next level.The transaction participant combines all message of his reception and his message, forms combined message, and before sending it to next level, this combined message is carried out digital signature.In the simple form of laminated tissue, have only a message router, this router is collected the message that comes from all other transaction participants, and combined message is sent to SP.

In the series connection tissue, the promoter of transaction connects with router and/or transaction participant, and router and/or transaction participant connect with service provider 60 again.In a preferred embodiment of the invention, the composition of each shown in Figure 12 is a transaction participant.In alternative of the present invention, any inter-level between transaction promoter and the SP can be a router.

The transaction participant 1100,1120,1140 and 1160 of transaction promoter and arranged in series as shown in Figure 12, and the service provider carries out transaction.This is similar to the tripartite scheme of describing in Fig. 6 A-6Q, just now related transaction side is more. Note transaction participant 3,4,5,6 ... n-2 arranges with series system.Each transaction participant is ready to his message, merge his message with from the message that the participant that concludes the business the preceding (if any) receives, message additional character signature after being combined sends it to next the transaction participant on the tandem paths subsequently.Combined message finally is sent to SP, and SP forms response message in view of the above, and the same path back response message by initial request message process.

Figure 13 has represented the composition arranged in the hierarchical organization scheme, each component X here ₁, ₁To X _{1, n}(n=1,2,3 ...) 1200 are transaction participants, rather than message router, each component X _{J, k}(j=2,3,4, K=1,2,3 ..., m; M is the variable of n type; For the different levels of hierarchical structure, m can be different value) 1210 participants that can conclude the business also can be routers.Bold arrow representative upwards sends a request message 1220.Downward arrow representative sends response message 1230.

Each transaction participant collects the message come from a plurality of participants that he is responsible for, and message of collecting and the merging of his message, forms after the new message, and this new information is sent to next level.The hierarchical organization scheme can include only a transaction participant, also can comprise required transaction participant as much as possible (situation about simplifying most of level scheme is a transaction participant and a service provider).At last, the component X of last before the service provider _{σ, 1}The place, all message are combined into a message 1240, and σ is a type n, and this message 1240 is sent to SP 60 subsequently.Equally, SP forms response message, and by identical this response message of route loopback.

Under the not leading situation of concluding the business of SP, the member uses the session key that is produced by SP, concludes the business between themselves.Transaction can take place between two or more members.When the member that relates to was more than two in the transaction, message can any order reach another member from a member.The member sends transaction request message, and receives the transaction response message.The member needn't receive the transaction response message there to the same member that it sends transaction request message from him.For example, three members in the transaction can be organized into annular, and send message around this environment-development.First member can send transaction request message to the second member, and second member sends transaction request message and transaction response message to third member again.Third member sends transaction request message and transaction response message to the first member, and first member sends the transaction response message to the second member again.The member who receives transaction request message produces the transaction response message, and this transaction response message is sent to the member who sends transaction request message the most at last.

In cipher key exchange phase, SP obtains all public keys of participating in the trading member.Before transaction participation member concluded the business between them, SP participated in the public keys that member sends other member to each transaction.Transaction request message and transaction response message comprise expressly (if any), the digital signature of password and transmit leg.

Need serve as the voucher agent of EC and/or businessman as SP so that and under the situation of coming into contacts with based on the ambient systems of voucher, SP completely cuts off the operation of EC and/or businessman and extraneous interface.SP only returns the information that the exchange with EC and/or businessman needs of finishing to EC and/or businessman.

Though described preferred and illustration embodiment of the present invention here, but to those skilled in the art, other modification of the present invention will be conspicuous.So, need in accessory claim, protect all this modification and extensions of falling in the spirit and scope of the present invention.The present invention will be interpreted as comprising all embodiment of the present invention in the scope that falls into accessory claim, and the present invention only should be limited by following claim.In addition, those skilled in the art will understand under the situation that does not break away from the spirit and scope of the present invention, and other application can be used for replacing those application of stating here.

Claims (9)

1. system that is used for electronic transaction comprises:

Electronic cards, it has

The encryption apparatus that is used for encryption and decryption,

The storage cardholder information the data field and

The data field of storage service provider's information, wherein said service provider's information comprise this service provider's a public keys;

Service provider's member terminal of the activation of response electronic cards; And

The service provider terminal of communicating by letter with described service provider's member terminal, described service provider terminal is decrypted the communication data from service provider's member terminal, and the communication data that sends to service provider's member terminal encrypted, described service provider's member terminal is encrypted the communication data that sends to service provider terminal, and the data from service provider terminal are decrypted, the communication data through encrypting that sends to service provider terminal from service provider's member terminal comprises that the service provider's that use obtains from electronic cards public keys carries out at least a portion of encrypted secret key exchange request message, and the communication data through encrypting that sends to service provider's member terminal from service provider terminal comprises a cipher key change response message, this cipher key change response message comprises a session key, and described session key is used for finishing the transaction between service provider's member terminal and the service provider terminal.

2. according to the described system of claim 1, wherein electronic cards is actual card.

3. according to the described system of claim 1, wherein electronic cards also comprises the card operation system that is used to be written into and upgrade cardholder information, change access consideration and managed service provider data field.

4. according to the described system of claim 1, wherein electronic cards is carried out the PERCOM peripheral communication read/write operation by a kind of communication protocol.

5. according to the described system of claim 1, the data field that wherein is used for storage service provider's information also comprises at least one service provider's record, and wherein each service provider's record comprises:

Indication service provider's name field; With

The account information field that contains the exclusive information of each service provider.

6. according to the described system of claim 1, wherein electronic cards also comprises software.

7. according to the described system of claim 1, wherein electronic cards also comprises Java Applet.

8. according to the described system of claim 1, wherein an external system of service provider terminal and electronic trading system outside communicates.

9. according to the described system of claim 5, wherein each service provider's record also comprises the carrier type indication of the carrier kind that shows that the service provider supports.

Images