TW202014931A - Two-dimensional code anti-counterfeiting method, device and system based on security application - Google Patents

Two-dimensional code anti-counterfeiting method, device and system based on security application Download PDF

Info

Publication number
TW202014931A
TW202014931A TW108125966A TW108125966A TW202014931A TW 202014931 A TW202014931 A TW 202014931A TW 108125966 A TW108125966 A TW 108125966A TW 108125966 A TW108125966 A TW 108125966A TW 202014931 A TW202014931 A TW 202014931A
Authority
TW
Taiwan
Prior art keywords
code
security application
management server
key
business information
Prior art date
Application number
TW108125966A
Other languages
Chinese (zh)
Other versions
TWI748209B (en
Inventor
孫曦
落紅衛
Original Assignee
香港商阿里巴巴集團服務有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商阿里巴巴集團服務有限公司 filed Critical 香港商阿里巴巴集團服務有限公司
Publication of TW202014931A publication Critical patent/TW202014931A/en
Application granted granted Critical
Publication of TWI748209B publication Critical patent/TWI748209B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a two-dimensional code anti-counterfeiting method, device and system based on a security application. The method comprises: a two-dimensional code security application receiving a request for generating two-dimensional code information data; the two-dimensional code security application signing two-dimensional code service information according to a private key of the two-dimensional code security application; and the two-dimensional code security application sending the two-dimensional information data, wherein the two-dimensional code security application has asymmetrical secret keys composed of a public key of the two-dimensional code security application and the private key of the two-dimensional code security application, and the two-dimensional code information data includes the two-dimensional code service information and a signature of the two-dimensional code service information by the two-dimensional code security application.

Description

基於安全應用的二維碼防偽方法、設備及系統Two-dimensional code anti-counterfeiting method, equipment and system based on security application

本申請係關於安全領域,尤其關於基於安全應用的二維碼防偽方法、設備及系統。This application relates to the field of security, and in particular to a method, equipment and system for anti-counterfeiting of a QR code based on security applications.

隨著移動互聯網的發展,二維碼得到了廣泛的應用,例如掃碼打開共用單車、掃描支付等等。為了提高二維碼的安全性,也有些企業提供動態的二維碼,動態二維碼中的數據隨著時間會進行更新,展示變化的二維碼。但是,目前市場上的二維碼驗證解決方案,二維碼資訊本身沒有防偽能力,即透過解碼設備解析二維碼以後,直接得到明文的二維碼數據,該二維碼數據和業務資訊數據一致,掃碼設備無法在本地驗證二維碼資訊的合法性。為了驗證二維碼資訊的合法性,需要將二維碼資訊發送到後台伺服器,依賴於後台伺服器的風險控制能力進行安全防護。但在此過程中,有可能因為無法識別二維碼中資訊的合法性,導致訪問惡意網站或者執行了惡意程式,進而對用戶造成損害。With the development of mobile Internet, QR codes have been widely used, such as scanning codes to open shared bicycles, scanning payments, etc. In order to improve the security of two-dimensional codes, some enterprises provide dynamic two-dimensional codes. The data in the dynamic two-dimensional codes will be updated over time to show the changed two-dimensional codes. However, the current two-dimensional code verification solutions on the market, the two-dimensional code information itself does not have anti-counterfeiting capabilities, that is, after parsing the two-dimensional code through the decoding device, directly obtain the two-dimensional code data in plain text, the two-dimensional code data and business information data Consistent, the barcode scanning device cannot verify the legality of the QR code information locally. In order to verify the legality of the QR code information, it is necessary to send the QR code information to the background server, relying on the background server's risk control capabilities for security protection. However, in this process, it is possible to visit the malicious website or execute a malicious program because of the inability to recognize the legality of the information in the QR code, thereby causing damage to the user.

本申請實施例提供一種基於安全應用的二維碼防偽方法、設備及系統,用於解決二維碼安全性低的問題。 本申請實施例採用下述技術方案: 本申請實施例提供了一種基於安全應用的二維碼防偽方法,所述方法包括: 二維碼安全應用接收產生二維碼資訊數據的請求; 二維碼安全應用根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼安全應用發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。 本申請實施例提供了一種二維碼讀取方法,所述方法包括: 掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名; 驗證所述二維碼業務資訊的簽名,確認所述二維碼業務資訊。 本申請提供了一種基於安全應用的二維碼防偽方法,所述方法包括: 二維碼展示模組發送產生二維碼資訊數據的請求; 二維碼安全應用接收產生二維碼資訊數據的請求; 二維碼安全應用根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼安全應用向所述二維碼展示模組發送二維碼資訊數據; 所述二維碼展示模組以二維碼的方式展示所述二維碼資訊數據; 二維碼讀取設備掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名; 二維碼讀取設備驗證所述二維碼業務資訊的簽名,確認所述二維碼業務資訊; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。 本申請提供了一種二維碼防偽設備,該設備包括二維碼安全模組; 二維碼安全模組,還用於接收產生二維碼資訊數據的請求;根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名;發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。 本申請實施例提供了一種二維碼防偽設備,該設備包括安全晶片和記憶體,所述記憶體上儲存有二維碼安全程式; 所述安全晶片,用於執行所述二維碼安全程式以實現根據申請專利範圍第1項所述的方法。 本申請實施例提供了一種二維碼防偽設備,該設備包括處理器和記憶體,所述記憶體儲存有二維碼安全程式; 所述處理器,用於執行所述二維碼安全程式以實現所述的方法。 本申請實施例提供了一種二維碼防偽設備,所述設備包括: 請求接收模組,用於接收產生二維碼資訊數據的請求; 二維碼業務資訊簽名模組,用於根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼資訊數據發送模組,用於發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。 本申請實施例提供了一種二維碼讀取設備,該二維碼讀取設備包括: 掃描模組,用於掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名; 驗證模組,用於驗證所述二維碼業務資訊的簽名,確認所述二維碼業務資訊。 本申請實施例提供了一種二維碼讀取設備,其特徵在於,所述設備包括處理器和記憶體,所述記憶體上儲存有程式; 所述處理器,用於執行所述程式以實現所述的方法。 本申請實施例提供了一種二維碼防偽系統,該系統包括所述的設備以及所述的二維碼讀取設備。 本申請實施例採用的上述至少一個技術方案能夠達到以下有益效果: 本申請實施例透過安全晶片或者可信執行環境對二維碼的業務數據進行簽名,提高了二維碼的安全性,並透過憑證的使用可以使得二維碼讀取設備可以在在本地對二維碼的合法性進行驗證,降低了風險發生的機率。Embodiments of the present application provide a security application-based QR code anti-counterfeiting method, device, and system, which are used to solve the problem of low security of a QR code. The embodiments of the present application adopt the following technical solutions: An embodiment of the present application provides a security application-based two-dimensional code anti-counterfeiting method. The method includes: The QR code security application receives a request to generate QR code information data; The QR code security application signs the QR code business information according to the private key of the QR code security application; QR code security application sends QR code information data; The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security Apply the signature to the QR code business information. An embodiment of the present application provides a two-dimensional code reading method. The method includes: Scanning the QR code to obtain the QR code business information and the signature of the QR code security application on the QR code business information; Verify the signature of the QR code business information and confirm the QR code business information. This application provides a two-dimensional code anti-counterfeiting method based on security applications. The method includes: The QR code display module sends a request to generate QR code information data; The QR code security application receives a request to generate QR code information data; The QR code security application signs the QR code business information according to the private key of the QR code security application; The QR code security application sends QR code information data to the QR code display module; The two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code; The QR code reading device scans the QR code to obtain the QR code business information and the signature of the QR code security application on the QR code business information; The QR code reading device verifies the signature of the QR code business information, and confirms the QR code business information; The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security Apply the signature to the QR code business information. This application provides a two-dimensional code anti-counterfeiting device, which includes a two-dimensional code security module; The QR code security module is also used to receive requests for generating QR code information data; sign QR code business information according to the private key of the QR code security application; send QR code information data; The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security Apply the signature to the QR code business information. An embodiment of the present application provides a two-dimensional code anti-counterfeiting device, which includes a security chip and a memory, and a two-dimensional code security program is stored on the memory; The security chip is used to execute the two-dimensional code security program to implement the method described in item 1 of the patent application scope. An embodiment of the present application provides a two-dimensional code anti-counterfeiting device, which includes a processor and a memory, and the memory stores a two-dimensional code security program; The processor is used to execute the two-dimensional code security program to implement the method. An embodiment of the present application provides a two-dimensional code anti-counterfeiting device, and the device includes: Request receiving module, used to receive requests for generating QR code information data; QR code business information signature module, used to sign QR code business information according to the private key of the QR code security application; QR code information data sending module, used to send QR code information data; The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security Apply the signature to the QR code business information. An embodiment of the present application provides a two-dimensional code reading device. The two-dimensional code reading device includes: A scanning module for scanning a two-dimensional code to obtain two-dimensional code business information and a signature of the two-dimensional code business information by the two-dimensional code security application; A verification module is used to verify the signature of the QR code business information and confirm the QR code business information. An embodiment of the present application provides a two-dimensional code reading device, characterized in that the device includes a processor and a memory, and the memory stores a program; The processor is configured to execute the program to implement the method. An embodiment of the present application provides a two-dimensional code anti-counterfeiting system. The system includes the device and the two-dimensional code reading device. The at least one technical solution adopted in the embodiments of the present application can achieve the following beneficial effects: The embodiments of the present application sign the business data of the two-dimensional code through a secure chip or a trusted execution environment, thereby improving the security of the two-dimensional code, and through the use of the certificate, the two-dimensional code reading device can be used locally Verification of the legality of the dimension code reduces the probability of risk.

為使本申請的目的、技術方案和優點更加清楚,下面將結合本申請具體實施例及相應的圖式對本申請技術方案進行清楚、完整地描述。顯然,所描述的實施例僅是本申請一部分實施例,而不是全部的實施例。基於本申請中的實施例,本領域普通技術人員在沒有做出創造性勞動前提下所獲得的所有其他實施例,都屬於本申請保護的範圍。 以下結合圖式,詳細說明本申請實施例提供的技術方案。 第一實施例 如圖1所示,本申請實施公開了一種用於二維碼的憑證分發方法,具體包括: 步驟S11,二維碼管理伺服器產生非對稱密鑰,包括二維碼管理伺服器公鑰Public_Key_Server和二維碼管理伺服器私鑰Private_Key_Server;在實際應用的過程中,如果使用RSA演算法來產生密鑰,其一般由公鑰和模值,以及私鑰和模值組成,模值一般選擇1024位元或者2048位元。 步驟S12,二維碼管理伺服器將二維碼管理伺服器公鑰分發至若干終端設備,例如智慧型手機、平板電腦、電腦等,終端設備可以使用接收的二維碼管理伺服器公鑰Public_Key_Server來加密數據或者驗證簽名;二維碼管理伺服器公鑰Public_Key_Server的發送可以在沒有建立二維碼管理伺服器和終端設備安全通道的情況下進行傳輸,例如二維碼管理伺服器直接根據終端設備的請求將二維碼管理伺服器公鑰Public_Key_Server返回至終端設備,也可以在向終端設備返回二維碼管理伺服器公鑰Public_Key_Server之前建立安全通道,例如採用安全通訊協定(Secure Sockets Layer,SSL)協議建立安全通道,然後再將二維碼管理伺服器公鑰Public_Key_Server返回至終端設備。對於非對稱密鑰,公鑰用來加密數據和驗證簽名,私鑰用來解密和簽名。 步驟S13,終端設備中的二維碼安全應用產生非對稱密鑰,包括,二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client;二維碼安全應用產生的二維碼安全應用公鑰Public_Key_Client可以用於供二維碼管理伺服器產生憑證,二維碼安全應用私鑰Private_Key_Client可以用於產生簽名;憑證可以基於 X.509v3 憑證標準,憑證包含的資訊一般包括:公鑰值,公鑰所有者的標識符資訊,有效期,憑證頒發者的標識符資訊,憑證頒發者的數位簽章等。 步驟S14,二維碼安全應用將二維碼安全應用的公鑰Public_Key_Client發送到二維碼管理伺服器;同樣地,二維碼安全應用的公鑰Public_Key_Client的發送可以在沒有建立終端設備和二維碼管理伺服器之間的安全通道的情況下進行傳輸,例如終端設備直接將二維碼安全應用的公鑰Public_Key_Client發送至二維碼管理伺服器,也可以在向二維碼管理伺服器發送二維碼安全應用的公鑰Public_Key_Client之前建立安全通道,例如採用SSL協議建立安全通道,然後再將二維碼安全應用的公鑰Public_Key_Client發送至二維碼管理伺服器。 步驟S15,二維碼管理伺服器使用二維碼管理伺服器的私鑰Private_Key_Server對二維碼的安全應用公鑰Public_Key_Client進行簽名產生憑證;在產生憑證的過程中,可以直接對二維碼安全應用公鑰Public_Key_Client進行簽名產生憑證(public key certificate,PKC),也可以對二維碼安全應用公鑰Public_Key_Client進行雜湊計算得到雜湊值,再使用二維碼管理伺服器的私鑰Private_Key_Server將該雜湊值簽名產生憑證PKC;作為示例,憑證包括:二維碼的安全應用公鑰(m,d),安全應用的標識1001,有效期2019年1月1日,二維碼管理伺服器標識0001,二維碼的安全應用公鑰的簽名(m’,d’)。(m,d)是透過密鑰演算法得到,(m’,d’)是透過二維碼管理伺服器的私鑰對二維碼的安全應用公鑰(m,d)進行運算得到,例如對(m,d)進行雜湊運算之後再使用二維碼管理伺服器的私鑰對其進行冪指數運算和模運算,將模運算的結果作為簽名。 步驟S16,二維碼管理伺服器將憑證發送到二維碼安全應用;同樣地,二維碼管理伺服器可以在沒有建立二維碼管理伺服器和終端設備安全通道的情況下進行傳輸,例如二維碼管理伺服器直接將憑證PKC返回至終端設備,也可以在向終端設備返回憑證PKC之前建立安全通道,例如採用安全通訊協定(Secure Sockets Layer,SSL)協議建立安全通道,然後再將憑證PKC返回至終端設備。 透過上述的步驟,二維碼管理伺服器可以將憑證分發至需要該憑證的終端設備,從而為終端設備產生具有安全性的二維碼時附上該憑證完成了準備工作。終端設備可以使用憑證作為二維碼安全應用公鑰Public_Key_Client的載體,在終端設備使用二維碼安全應用私鑰Private_Key_Client簽名數據時,二維碼讀取設備可以透過對憑證驗證獲得二維碼安全應用公鑰Public_Key_Client,從而可以對使用二維碼安全應用私鑰Private_Key_Client所做的簽名進行進一步的驗證。需要說明的是,二維碼讀取設備保存有二維碼管理伺服器分發的二維碼管理伺服器的公鑰。 對於非對稱密鑰而言,用私鑰可以用來解密或者簽名,公鑰可以用來加密或者驗證簽名。非對稱密鑰的演算法可以包括RSA、Elgamal、背包演算法、Rabin、D-H、ECC中的任一種。下面以RSA演算法為例,分別說明公鑰、私鑰、簽章憑證以及簽名產生的過程。 二維碼管理伺服器產生二維碼管理伺服器公鑰Public_Key_Server和二維碼管理伺服器私鑰Private_Key_Server的過程,具體包括: 步驟(1),令素數p=3,素數q=11,得到n=p×q=33,f(n)=(p-1)×(q-1)=20; 步驟(2),令e=3,e與d互質; 步驟(3),令e×d≡1mod f(n),即3×d≡1mod20,透過下表來選擇d:

Figure 02_image001
因此,可以選擇d=7,滿足3×d≡1mod20。 步驟(4),因此,二維碼管理伺服器公鑰Public_Key_Server可以為(3,33),二維碼管理伺服器私鑰Private_Key_Server可以為(7,33)。 在獲得上述的二維碼管理伺服器公鑰Public_Key_Server和二維碼管理伺服器私鑰Private_Key_Server之後,可以將二維碼管理伺服器公鑰Public_Key_Server發送到終端設備,二維碼管理伺服器保留二維碼管理伺服器私鑰Private_Key_Server。 二維碼安全應用產生安全二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client的過程,具體包括: 步驟(A),令素數p=13,素數q=7,得到n=p×q=91,f(n)=(p-1)×(q-1)=72; 步驟(B),令e=7,e與d互質; 步驟(C),令e×d≡1mod f(n),即7×d≡1mod72,7×d可以是73,145,217等。 因此,為了滿足上述恆等式,可以選擇d=31,滿足7×d≡1mod72。 步驟(D),因此,二維碼安全應用公鑰Public_Key_Client可以為(7,72),二維碼安全應用私鑰Private_Key_Client可以為(31,72)。 在二維碼安全應用在產生二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client以後,可以將二維碼安全應用公鑰Public_Key_Client發送至二維碼管理伺服器,由二維碼管理伺服器產生憑證PKC,並發送至安裝有二維碼安全應用的終端設備。 二維碼管理伺服器產生憑證的過程可以如下: 步驟(I),二維碼安全應用將二維碼安全應用公鑰Public_Key_Client發送至二維碼管理伺服器,例如二維碼安全應用公鑰Public_Key_Client為(7,72); 步驟(II),二維碼管理伺服器收到二維碼安全應用公鑰Public_Key_Client(7,72)以後,使用二維碼管理伺服器的Private_Key_Server(7,33)來產生憑證。 例如,透過計算7^7 mod 33=28以及72^7 mod 33=30得到憑證中包含的憑證內容為(7,72,1001,20190101,0001, 28,30)。二維碼讀取設備在收到該憑證以後,可以確認公鑰為(7,72),二維碼安全應用的標識為1001,公鑰的有效期為2019年1月1日,二維碼管理伺服器的標識為0001,公鑰的簽名為(28,30)。 可選地,還可以對二維碼安全應用公鑰Public_Key_Client(7,72)進行散列,例如將公鑰中的7和72組合為772,然後模16後,得到4。此後,可以使用二維碼管理伺服器的Private_Key_Server(7,33)來對4進行運算,4^7 mod 33=16,得到陣列(7,72, 1001,20190101,0001,16),作為憑證的內容。 步驟(III),二維碼管理伺服器將包含陣列的憑證發送至終端設備的安全應用,例如憑證的內容為陣列(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101, 0001,16)。 可選地,在安裝有二維碼安全應用的終端設備保存有二維碼管理伺服器公鑰Public_Key_Server的情況下,二維碼管理伺服器還可以使用二維碼管理伺服器私鑰Private_Key_Server對憑證進一步簽名,將憑證以及對憑證的簽名發送到安全應用,安全應用可以進一步使用二維碼管理伺服器公鑰Public_Key_Server驗證憑證的真實性。 透過上述的步驟,可以完成憑證的分發。 需要說明的是,對於終端設備而言,均可以接收並保存二維碼管理伺服器公鑰Public_Key_Server。如果終端設備安裝有二維碼安全應用,則其既可以用來產生二維碼,也可以用來讀取二維碼。如果終端設備未安裝有二維碼安全應用,則其用來來讀取二維碼,但不能用來按照本申請實施例提供的技術方案產生二維碼,在其需要產生二維碼時,其可以採用傳統的方式來產生和展示二維碼,例如可以透過應用程式本身內置的二維碼產生和展示模組來產生和展示二維碼。需要說明的是,應用程式內置二維碼產生和展示模組來產生和展示二維碼是現有技術,在此不再贅述。 第二實施例 在現實生活中,二維碼可以應用於很多的場景,例如支付場景或者即時通信場景。下面以支付場景為例對二維碼產生流程進行說明。 隨著社會的進步,便利店越來越多,方便了人們的生活。便利店的掃碼機可以透過掃描客戶購買的商品上的條碼來為客戶結算,結算之後可以透過二維碼展示,用戶可以掃描該二維碼進行支付。 商家在收費的終端設備上確認結算之後,該終端設備中的二維碼展示模組會向二維碼安全應用發送二維碼資訊數據產生請求,該請求中會包括結算的有關資訊,例如收款方帳號,金額等資訊,二維碼安全應用可以使用二維碼安全應用私鑰Private_Key_Client對該資訊進行簽名,並附上公約憑證發送到二維碼展示模組,供二維碼展示模組按照二維碼展示的規則展示包含二維碼安全應用所發送資訊的二維碼。可選地,結算資訊中可以包含日期資訊,二維碼安全應用還可以增加一些動態資訊,例如隨機數之類的資訊。 圖2示出了本申請實施例提供的二維碼產生流程,具體包括: 步驟S21,二維碼安全應用接收產生二維碼資訊數據的請求;該請求可以來自於二維碼展示模組;該二維碼展示模組可以為商家計費系統內置的模組,也可以是針對二維碼的應用外置的模組,主要是在用戶確認結算金額之後,獲取與結算有關的資訊(例如可以稱為二維碼業務資訊),例如訂單資訊,並發送到二維碼安全應用;與結算有關的資訊包括但不限於金額、商家帳戶標識等,甚至還可以包括用戶購買商品的明細,購買日期等等; 步驟S22,二維碼安全應用根據二維碼安全應用的私鑰對訂單資訊進行簽名;其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;二維碼安全應用在收到二維碼展示模組發送的二維碼資訊數據產生請求之後,可以使用二維碼安全應用私鑰Private_Key_Client簽名訂單資訊。二維碼業務資訊以及二維碼安全應用的簽章憑證可以合稱為二維碼資訊數據。可選地,二維碼資訊數據還可以包含憑證。二維碼安全應用使用私鑰Private_Key_Client簽名訂單資訊時,可以將訂單資訊進行雜湊運算,然後對雜湊運算得到的結果進行冪指數運算和取模運算,將取模的結果作為簽名。 步驟S23,二維碼安全應用發送二維碼資訊數據;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述訂單資訊的簽名;可選地,該二維碼資訊數據中還包含憑證。憑證可以是由二維碼管理伺服器提供的憑證,是二維碼管理伺服器對二維碼安全應用發送的公鑰的簽章憑證。 為了便於說明,本申請實施例將二維碼展示模組發送的二維碼業務資訊簡化為僅包括金額數據,例如2。 在二維碼安全應用收到二維碼業務資訊之後,需要使用二維碼安全應用私鑰Private_Key_Client(31,72)對二維碼業務資訊進行簽名,例如透過計算2^31 mod 72=56。 如上所述,憑證的內容為陣列可以為(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101, 0001,16),因此安全應用可以產生如下的二維碼資訊數據: (2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72, 1001,20190101,0001,16)。 二維碼安全應用可以將上述的二維碼資訊數據發送到二維碼展示模組,二維碼展示模組按照編碼規則,將二維碼資訊數據展示為二維碼,例如QR碼。 上述的流程可以實現支付場景下的二維碼產生,該二維碼中包含了二維碼業務資訊、安全應用簽名以及憑證。 二維碼讀取設備可以讀取二維碼,獲取二維碼資訊數據,並可以透過對簽名進行驗證,從而確認二維碼業務數據是否真實。 第三實施例 在現實生活中,二維碼可以應用於很多的場景,例如支付場景或者即時通信場景。下面以即時通信場景為例對二維碼產生流程進行說明。 隨著移動互聯網的發展,基於無線互聯網技術的即時通信軟體層出不窮,例如微信,釘釘等。即時通信軟體一般都會提供透過掃描二維碼來添加好友或者透過掃描二維碼來加入群的功能。 現有技術中,二維碼讀取設備在掃描二維碼獲得相關數據時,不對其真實性進行驗證,存在安全隱患。 本申請中,用戶在同意另一用戶透過掃描自身的二維碼來加為好友時,該另一用戶所使用的終端設備中的二維碼展示模組會向二維碼安全應用發送二維碼資訊數據產生請求,該請求可以僅僅是一個展示二維碼的請求,可以不包含任何資訊,也可以包含用戶的標識;如果該請求僅僅是一個展示二維碼的請求,則二維碼安全應用可以之前預先與即時通信軟體進行交互獲得用戶的標識,在收到該請求之後,二維碼安全應用可以使用二維碼安全應用私鑰Private_Key_Client對該用戶的標識來進行簽名;如果請求中包含有用戶的標識(可以稱為二維碼業務資訊),二維碼安全應用可以使用二維碼安全應用私鑰Private_Key_Client對該資訊進行簽名;二維碼安全應用在簽名之後,可以將二維碼業務資訊、簽名以及公約憑證發送到二維碼展示模組,供二維碼展示模組按照二維碼展示的規則展示包含二維碼安全應用所發送資訊的二維碼。 圖3示出了本申請實施例提供的二維碼產生流程,具體包括: 步驟S31,二維碼安全應用接收產生二維碼資訊數據的請求;該請求可以來自於二維碼展示模組;該二維碼展示模組可以為即時通信軟體中的二維碼展示模組,例如二維碼名片模組,主要是在用戶點擊之後獲取用戶的標識(例如可以稱為二維碼業務資訊),並發送到二維碼安全應用;當然,也可以僅發送空的請求,用戶的標識預先保存在二維碼安全應用中; 步驟S32,二維碼安全應用根據二維碼安全應用的私鑰對用戶標識進行簽名;其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰; 步驟S33,二維碼安全應用發送二維碼資訊數據;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述用戶標識的簽名;可選地,該二維碼資訊數據中還包含憑證。憑證可以是由二維碼管理伺服器提供的憑證,是二維碼管理伺服器對二維碼安全應用發送的公鑰的簽章憑證。 為了便於說明,本申請實施例將用戶的標識設為2。 在二維碼安全應用收到二維碼資訊數據產生請求之後,需要使用二維碼安全應用私鑰Private_Key_Client(31,72)對二維碼業務資訊(即用戶的標識)進行簽名,例如透過計算2^31 mod 72=56。 如上所述,憑證的內容為陣列可以為(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101, 0001,16),因此安全應用可以產生如下的二維碼資訊數據: (2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72, 1001,20190101,0001,16)。 二維碼安全應用可以將上述的二維碼資訊數據發送到二維碼展示模組,二維碼展示模組按照編碼規則,將二維碼資訊數據展示為二維碼,例如QR碼。 上述的流程可以實現即時通信場景下的二維碼產生,該二維碼中包含了用戶的標識。 二維碼讀取設備可以讀取二維碼,獲取二維碼資訊數據,並可以透過對簽名進行驗證,從而確認二維碼業務數據是否真實。 第四實施例 相對於條碼,二維碼能包含更多的資訊,隨著智慧型手機的普及,二維碼得到了廣泛的應用。 比較常用的二維碼是快速回應(quick response,QR)。二維碼中一般包含:碼定位圖案、功能性數據、數據碼和錯誤校正碼等幾個部分。 碼定位圖案的功能主要用於矯正二維碼的位置。用戶使用智慧型手機在掃描二維碼時,可能無法對準,可以透過碼定位圖案將二維碼矯正,從而便於解析出二維碼中的各個像素。 功能性數據主要包括存放一些格式化數據,以及二維碼版本的資訊。 數據碼主要用於存放二維碼資訊數據。 錯誤校正碼主要用於存放對於二維碼資訊數據的前向錯誤校正碼。 圖4示出了本申請實施例提供的二維碼展示流程,具體包括: 步驟S41,二維碼展示模組向安全應用發送二維碼資訊數據產生請求; 該二維碼展示模組可以為即時通信軟體中的二維碼展示模組,例如二維碼名片模組,主要是在用戶點擊之後獲取用戶的標識(例如可以稱為二維碼業務資訊),並發送到二維碼安全應用;當然,也可以僅發送空的請求,用戶的標識預先保存在二維碼安全應用中;或者 該二維碼展示模組可以為商家計費系統內置的模組,也可以是針對二維碼的應用外置的模組,主要是在用戶確認結算金額之後,獲取與結算有關的資訊(例如可以稱為二維碼業務資訊),並發送到二維碼安全應用;與結算有關的資訊包括但不限於金額、商家帳戶標識等,甚至還可以包括用戶購買商品的明細,購買日期等等; 步驟S42,二維碼展示模組接收二維碼安全應用發送的二維碼資訊數據,並根據二維碼編碼規則展示二維碼資訊數據對應的二維碼。 二維碼安全應用在收到二維碼展示模組發送的請求之後,可以使用二維碼安全應用私鑰Private_Key_Client對二維碼業務資訊進行簽名,並附上憑證發送至二維碼展示模組。二維碼業務資訊,二維碼安全應用的簽名以及憑證可以合稱為二維碼資訊數據。 為了便於說明,本申請實施例將二維碼業務資訊設為2。 在二維碼安全應用收到二維碼資訊數據產生請求之後,需要使用二維碼安全應用私鑰Private_Key_Client(31,72)對二維碼業務資訊(用戶的標識或商家的結算資訊)進行簽名,例如透過計算2^31 mod 72=56。 如上所述,憑證的內容為陣列可以為(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101, 0001,16),因此安全應用可以產生如下的二維碼資訊數據: (2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72, 1001,20190101,0001,16)。 二維碼安全應用可以將上述的二維碼資訊數據發送到二維碼展示模組,二維碼展示模組按照編碼規則,將二維碼資訊數據展示為二維碼,例如QR碼。 二維碼讀取設備可以讀取二維碼,獲取二維碼資訊數據,並可以透過對簽名進行驗證,從而確認二維碼業務數據是否真實。 第五實施例 在終端設備展示二維碼之後,二維碼讀取設備需要對二維碼進行掃描,並驗證二維碼中的二維碼業務資訊是否真實。 圖5示出了本申請實施例提供的二維碼讀取流程,具體包括: 步驟S51,二維碼讀取設備掃描二維碼,獲取二維碼資訊數據。具體而言,二維碼讀取設備可以透過對二維碼進行圖像分析,解析出二維碼中包含的二維碼資訊數據,例如(2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72, 1001,20190101,0001,16)。 步驟S52,二維碼讀取設備使用其儲存的二維碼管理伺服器公鑰Public_Key_Server(3,33)來驗證憑證,例如透過計算28^3 mod 33=7,30^3 mod 33=72,從而驗證二維碼安全應用公鑰Public_Key_Client可以為(7,72),與憑證中的二維碼安全應用公鑰Public_Key_Client相同,從而驗證二維碼安全應用的公鑰為(7,72);或者透過計算16^3 mod 33=4,772 mod 16=4,從而驗證二維碼安全應用的公鑰為(7,72)。 進一步地,二維碼讀取設備使用二維碼安全應用公鑰Public_Key_Client驗證簽名,例如透過計算2^7 mod 72=56,從而驗證了二維碼業務資訊2的真實性。 步驟S53,在對二維碼業務資訊驗證通過以後,可以根據二維碼業務資訊完成後續業務流程。 例如,在支付場景下,可以向帳務系統發起扣款請求,帳務系統扣款後通知用戶,並將所扣款項打入商家的帳戶; 又如,在即時通信場景下,可以向即時通信伺服器發送好友添加請求,即時通信伺服器將該好友添加請求發送到用戶,用戶同意該請求後,雙方成為好友。 第六實施例 本申請提供的基於安全應用的二維碼防偽方法如圖6所示,具體包括: 步驟S61,二維碼展示模組發送產生二維碼資訊數據的請求;該請求中可以包括例如訂單資訊之類的二維碼業務資訊,也可以為空請求,例如二維碼可以預先儲存有例如用戶標識之類的二維碼業務資訊; 步驟S62,二維碼安全應用接收產生二維碼資訊數據的請求; 步驟S63,二維碼安全應用根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 步驟S64,二維碼安全應用向所述二維碼展示模組發送二維碼資訊數據; 步驟S65,二維碼展示模組以二維碼的方式展示所述二維碼資訊數據; 步驟S66,二維碼讀取設備掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名; 步驟S67,二維碼讀取設備驗證所述二維碼業務資訊的簽名,確認所述二維碼業務資訊; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。 需要說明的是,安全應用還可以保存有二維碼管理伺服器發送的憑證,該憑證是二維碼管理伺服器針對安全應用的公鑰產生的簽章憑證。在安全應用發送二維碼資訊數據的時候,可以將該憑證一併發送至二維碼展示模組。相應地,二維碼讀取設備可以預先儲存有二維碼管理伺服器發送的公鑰,可以用來驗證憑證的真實性;在二維碼讀取設備驗證二維碼真實性以後,可以利用憑證中的二維碼安全應用的公鑰來驗證二維碼業務資訊簽名的真實性,通過雙重驗證以後,可以對二維碼業務資訊進行處理,進行後續流程。可選地,也可以透過其他方式將安全應用的公鑰發送到二維碼讀取設備,用來二維碼業務資訊簽名的真實性。 第七實施例 本申請實施例提供了一種二維碼資訊數據產生設備,如圖7所示,其可以為獨立的實體,例如位於安全晶片中的二維碼安全模組,或者為能夠產生二維碼資訊數據的晶片。優選地,還包括二維碼展示模組。 二維碼安全模組可以利用位於安全晶片中的二維碼安全應用來實現,二維碼安全應用可以產生安全二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client,具體產生的過程在此不再贅述。 在二維碼安全應用在產生二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client以後,可以將二維碼安全應用公鑰Public_Key_Client發送至二維碼管理伺服器,由二維碼管理伺服器產生憑證PKC,並發送至安裝有二維碼安全應用的終端設備。 二維碼安全應用在收到二維碼展示模組發送的二維碼資訊數據產生請求之後,可以使用二維碼安全應用私鑰Private_Key_Client進行簽名二維碼業務資訊,優選地,可以附上憑證發送至二維碼展示模組。二維碼業務資訊,以及二維碼安全應用的簽名可以合稱為二維碼資訊數據。二維碼資訊數據還可以包括憑證。二維碼安全應用可以將二維碼資訊數據發送至二維碼展示模組。 第八實施例 本申請實施例提供了一種二維碼資訊數據產生設備,如圖8所示,其可以為獨立的實體,例如二維碼安全模組。優選地,還包括二維碼展示模組。 二維碼安全模組可以利用位於可信執行環境中的二維碼安全應用來實現,二維碼安全應用可以產生安全二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client,具體產生的過程在此不再贅述。 在二維碼安全應用在產生二維碼安全應用公鑰Public_Key_Client和二維碼安全應用私鑰Private_Key_Client以後,可以將二維碼安全應用公鑰Public_Key_Client發送至二維碼管理伺服器,由二維碼管理伺服器產生憑證PKC,並發送至安裝有二維碼安全應用的終端設備。 二維碼安全應用在收到二維碼展示模組發送的二維碼業務資訊之後,可以使用二維碼安全應用私鑰Private_Key_Client進行簽名,優選地,可以附上憑證發送至二維碼展示模組。二維碼業務資訊,以及二維碼安全應用的簽名可以合稱為二維碼資訊數據。二維碼資訊數據還可以包括憑證。二維碼安全應用可以將二維碼資訊數據發送至二維碼展示模組。 二維碼展示模組可以透過二維碼展示應用程式實現,例如可以是帳務系統或即時通信軟體中的模組,或者是獨立於帳務系統或即時通信軟體的模組。 第九實施例 本申請實施例提供的資訊數據產生設備,如圖9所示,該設備包括:請求接收模組,二維碼業務資訊簽名模組,二維碼資訊數據發送模組。優選地,該設備還可以包括公鑰發送模組和憑證接收模組;優選地,還可以包括二維碼展示模組。請求接收模組,用於接收產生二維碼資訊數據的請求;二維碼業務資訊簽名模組,用於根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名;二維碼資訊數據發送模組,用於發送二維碼資訊數據;其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;所述二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名。公鑰發送模組,用於將二維碼安全應用的公鑰發送至二維碼管理伺服器;憑證接收模組,用於接收二維碼安全應用的憑證;其中,所述二維碼資訊數據還包含所述二維碼安全應用的憑證。二維碼資訊數據發送模組,用於將所述二維碼資訊數據發送至所述二維碼展示模組;所述二維碼展示模組,用於以二維碼的方式展示所述二維碼資訊數據。 第十實施例 本申請公開的二維碼資訊數據產生設備,其可以為獨立的物理實體,如圖10所示,該設備包括處理器和記憶體,記憶體可以分為兩部分,例如第一記憶體和第二記憶體,優選地,第一記憶體上儲存有二維碼安全程式,例如二維碼安全應用,第二記憶體儲存有二維碼展示應用程式。 處理器,可以執行第一記憶體上的二維碼安全程式,實現本申請實施例提供的基於安全應用的二維碼防偽方法。 第十一實施例 本申請公開的二維碼資訊數據產生設備,其可以為獨立的物理實體,如圖1所示,該設備包括安全晶片和第一記憶體,第一記憶體上儲存有二維碼安全程式,例如二維碼安全應用;優選地,該設備還包括處理器和第二記憶體,第二記憶體上儲存有二維碼展示程式。 安全晶片,可以執行第一記憶體上的二維碼安全程式,實現本申請實施例提供的基於安全應用的二維碼防偽方法。 第十二實施例 本申請實施例提供的二維碼讀取設備示意圖,如圖12所示,該設備包括:掃描模組以及驗證模組。掃描模組,用於掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對所述二維碼業務資訊的簽名;驗證模組,用於驗證所述二維碼業務資訊的簽名,確認所述二維碼業務資訊。 優選地,本申請實施例還提供了另一種二維碼讀取設備示意圖,如圖10所示,包括處理器和記憶體,所述記憶體上儲存有程式,例如二維碼讀取應用程式;處理器,用於執行二維碼讀取應用程式實現本申請實施例提供的二維碼讀取方法。 優選地,上述二維碼讀取設備為移動智慧型終端或者電腦。 第十三實施例 本申請實施例提供的二維碼系統,如圖12所示,該系統包括二維碼防偽設備和二維碼讀取設備;優選地,該系統還包括二維碼管理伺服器;該二維碼防偽設備可以是本申請實施例提供的任何一種二維碼防偽設備,二維讀取設備可以是本申請示例提供的任何一種二維碼讀取設備。 本申請實施例可以透過二維碼管理伺服器分發二維碼管理伺服器的公鑰,並使用二維碼管理伺服器的私鑰簽名二維碼安全應用的公鑰,以及使用安全晶片或可信執行環境對二維碼安全應用的私鑰進行保護的方案,可以讓二維碼讀取設備在本地就可以有效的對二維碼安全應用的合法性進行驗證,降低了風險發生的機率。 本領域內的技術人員應明白,本發明的實施例可提供為方法、系統、或電腦程式產品。因此,本發明可採用完全硬體實施例、完全軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本發明可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。 本發明是參照根據本發明實施例的方法、設備(系統)、和電腦程式產品的流程圖和/或方框圖來描述的。應理解可由電腦程式指令實現流程圖和/或方框圖中的每一流程和/或方框、以及流程圖和/或方框圖中的流程和/或方框的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可編程數據處理設備的處理器以產生一個機器,使得透過電腦或其他可編程數據處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的裝置。 這些電腦程式指令也可儲存在能引導電腦或其他可編程數據處理設備以特定方式工作的電腦可讀記憶體中,使得儲存在該電腦可讀記憶體中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能。 這些電腦程式指令也可裝載到電腦或其他可編程數據處理設備上,使得在電腦或其他可編程設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可編程設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的步驟。 在一個典型的配置中,計算設備包括一個或多個處理器(CPU)、輸入/輸出介面、網路介面和記憶體。 記憶體可能包括電腦可讀媒體中的非永久性記憶體,隨機存取記憶體(RAM)和/或非易失性記憶體等形式,如唯讀記憶體(ROM)或快閃記憶體(flash RAM)。記憶體是電腦可讀媒體的示例。 電腦可讀媒體包括永久性和非永久性、可移動和非可移動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、數據結構、程式的模組或其他數據。電腦的儲存媒體的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、其他類型的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、電可擦除可編程唯讀記憶體(EEPROM)、快閃記憶體或其他記憶體技術、唯讀光碟唯讀記憶體 (CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁盒式磁帶,磁帶磁磁片儲存或其他磁性儲存設備或任何其他非傳輸媒體,可用於儲存可以被計算設備訪問的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調變的數據信號和載波。 還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制的情況下,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。 本領域技術人員應明白,本申請的實施例可提供為方法、系統或電腦程式產品。因此,本申請可採用完全硬體實施例、完全軟體實施例或結合軟體和硬體方面的實施例的形式。而且,本申請可採用在一個或多個其中包含有電腦可用程式碼的電腦可用儲存媒體(包括但不限於磁碟記憶體、CD-ROM、光學記憶體等)上實施的電腦程式產品的形式。 以上所述僅為本申請的實施例而已,並不用於限制本申請。對於本領域技術人員來說,本申請可以有各種更改和變化。凡在本申請的精神和原理之內所作的任何修改、等同替換、改進等,均應包含在本申請的申請專利範圍之內。In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely in conjunction with specific embodiments of the present application and corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the scope of protection of the present application. The technical solutions provided by the embodiments of the present application will be described in detail below with reference to the drawings. The first embodiment is shown in FIG. 1, the application of the present application discloses a certificate distribution method for a two-dimensional code, which specifically includes: Step S11, the two-dimensional code management server generates an asymmetric key, including the two-dimensional code management server Public key Public_Key_Server and QR code management server private key Private_Key_Server; in the actual application process, if the RSA algorithm is used to generate the key, it is generally composed of the public key and the modulus, and the private key and the modulus, the modulus Generally choose 1024 bit or 2048 bit. Step S12, the QR code management server distributes the QR code management server public key to several terminal devices, such as smartphones, tablets, computers, etc. The terminal device can use the received QR code management server public key Public_Key_Server To encrypt data or verify the signature; the public key of the QR code management server Public_Key_Server can be transmitted without establishing a QR code management server and a secure channel of the terminal device, such as the QR code management server directly according to the terminal device Request to return the QR code management server public key Public_Key_Server to the terminal device, or you can establish a secure channel before returning the QR code management server public key Public_Key_Server to the terminal device, for example, using a secure communication protocol (Secure Sockets Layer, SSL) The protocol establishes a secure channel, and then returns the public key Public_Key_Server of the QR code management server to the terminal device. For asymmetric keys, the public key is used to encrypt data and verify the signature, and the private key is used to decrypt and sign. Step S13, the two-dimensional code security application in the terminal device generates an asymmetric key, including the two-dimensional code security application public key Public_Key_Client and the two-dimensional code security application private key Private_Key_Client; the two-dimensional code security application generated two-dimensional code security application The public key Public_Key_Client can be used for the QR code management server to generate a certificate, the QR code security application private key Private_Key_Client can be used to generate a signature; the certificate can be based on the X.509v3 certificate standard, and the information contained in the certificate generally includes: the public key value, Public key owner’s identifier information, validity period, certificate issuer’s identifier information, certificate issuer’s digital signature, etc. Step S14, the QR code security application sends the public key Public_Key_Client of the QR code security application to the QR code management server; similarly, the public key Public_Key_Client of the QR code security application can be sent without establishing the terminal device and the two-dimensional code In the case of a secure channel between the code management servers, for example, the terminal device directly sends the public key of the QR code security application Public_Key_Client to the QR code management server, or can send two to the QR code management server. The public key of the QR code security application Public_Key_Client establishes a secure channel before, for example, using the SSL protocol to establish a secure channel, and then sends the public key Public_Key_Client of the QR code security application to the QR code management server. Step S15, the QR code management server uses the private key Private_Key_Server of the QR code management server to sign the security application public key Public_Key_Client of the QR code to generate a certificate; in the process of generating the certificate, the QR code security application can be directly applied The public key Public_Key_Client is signed to generate a certificate (public key certificate, PKC). You can also use the public key Public_Key_Client to perform a hash calculation on the QR code security to obtain the hash value, and then use the QR code to manage the server's private key Private_Key_Server to sign the hash value. Generate a certificate PKC; as an example, the certificate includes: the security application public key (m,d) of the QR code, the security application ID 1001, valid for January 1, 2019, the QR code management server ID 0001, QR code The signature of the secure application public key (m', d'). (m,d) is obtained through the key algorithm, (m',d') is obtained by computing the security application public key (m,d) of the QR code through the private key of the QR code management server, for example After performing hash operation on (m,d), use the private key of the two-dimensional code management server to perform power exponential operation and modulo operation on it, and use the result of the modulo operation as the signature. Step S16, the QR code management server sends the certificate to the QR code security application; similarly, the QR code management server can transmit without establishing the QR code management server and the terminal device secure channel, for example The QR code management server directly returns the certificate PKC to the terminal device. You can also establish a secure channel before returning the certificate PKC to the terminal device. For example, a secure channel (Secure Sockets Layer, SSL) protocol is used to establish a secure channel, and then the certificate The PKC is returned to the terminal device. Through the above steps, the QR code management server can distribute the certificate to the terminal device that needs the certificate, thereby completing the preparation work by attaching the certificate when generating a secure QR code for the terminal device. The terminal device can use the certificate as the carrier of the public key of the QR code security application Public_Key_Client. When the terminal device uses the QR code security application private key Private_Key_Client to sign the data, the QR code reading device can obtain the QR code security application by verifying the certificate The public key Public_Key_Client, so that the signature made by using the QR code security application private key Private_Key_Client can be further verified. It should be noted that the QR code reading device stores the public key of the QR code management server distributed by the QR code management server. For asymmetric keys, the private key can be used to decrypt or sign, and the public key can be used to encrypt or verify the signature. The asymmetric key algorithm may include any one of RSA, Elgamal, knapsack algorithm, Rabin, DH, ECC. The following uses RSA algorithm as an example to explain the process of public key, private key, signature certificate and signature generation. The process of the QR code management server generating the QR code management server public key Public_Key_Server and the QR code management server private key Private_Key_Server includes the following steps: (1), let the prime number p=3, prime number q=11, Obtain n=p×q=33, f(n)=(p-1)×(q-1)=20; Step (2), let e=3, e and d are relatively prime; Step (3), let e×d≡1mod f(n), that is 3×d≡1mod20, select d through the following table:
Figure 02_image001
Therefore, d=7 can be selected to satisfy 3×d≡1mod20. Step (4), therefore, the public key Public_Key_Server of the QR code management server can be (3,33), and the private key Private_Key_Server of the QR code management server can be (7,33). After obtaining the above-mentioned QR code management server public key Public_Key_Server and QR code management server private key Private_Key_Server, you can send the QR code management server public key Public_Key_Server to the terminal device, and the QR code management server reserves the two-dimensional Private key management server Private_Key_Server. The process of generating the QR code security application public key Public_Key_Client and QR code security application private key Private_Key_Client by the QR code security application includes: Step (A), let the prime number p=13, the prime number q=7, get n =p×q=91, f(n)=(p-1)×(q-1)=72; Step (B), let e=7, e and d are relatively prime; Step (C), let e× d≡1mod f(n), that is 7×d≡1mod72, 7×d can be 73,145,217, etc. Therefore, in order to satisfy the above identities, d=31 can be selected to satisfy 7×d≡1mod72. Step (D), therefore, the public key of the QR code security application Public_Key_Client can be (7,72), and the private key of the QR code security application Private_Key_Client can be (31,72). After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server by the QR code The management server generates the certificate PKC and sends it to the terminal device with the QR code security application installed. The process of generating the certificate by the QR code management server can be as follows: Step (I), the QR code security application sends the QR code security application public key Public_Key_Client to the QR code management server, for example, the QR code security application public key Public_Key_Client Is (7,72); Step (II), after the QR code management server receives the QR code security application public key Public_Key_Client(7,72), use the QR code management server's Private_Key_Server(7,33) to Generate a certificate. For example, by calculating 7^7 mod 33=28 and 72^7 mod 33=30, the content of the certificate contained in the certificate is (7,72,1001,20190101,0001, 28,30). After receiving the certificate, the QR code reading device can confirm that the public key is (7,72), the ID of the QR code security application is 1001, and the validity period of the public key is January 1, 2019. QR code management The server's logo is 0001, and the public key's signature is (28,30). Optionally, you can also hash the public key Public_Key_Client(7,72) of the QR code security application, for example, combine 7 and 72 in the public key to 772, and then modulo 16, get 4. After that, you can use the Private_Key_Server(7,33) of the QR code management server to calculate 4 and 4^7 mod 33=16 to get the array (7,72, 1001,20190101,0001,16) as the certificate content. Step (III), the QR code management server sends the certificate containing the array to the security application of the terminal device, for example, the content of the certificate is the array (7,72,1001,20190101,0001,28,30) or (7,72 ,1001,20190101, 0001,16). Optionally, when the terminal device installed with the QR code security application stores the public key of the QR code management server Public_Key_Server, the QR code management server can also use the QR code to manage the server private key Private_Key_Server Further signing, sending the certificate and the signature to the security application, the security application can further use the QR code management server public key Public_Key_Server to verify the authenticity of the certificate. Through the above steps, the distribution of the certificate can be completed. It should be noted that all terminal devices can receive and store the public key Public_Key_Server of the QR code management server. If the terminal device is installed with a QR code security application, it can be used to generate a QR code or read a QR code. If the terminal device is not installed with a QR code security application, it is used to read the QR code, but it cannot be used to generate the QR code according to the technical solution provided by the embodiments of the present application. The QR code can be generated and displayed in a traditional way, for example, the QR code can be generated and displayed through the QR code generation and display module built in the application itself. It should be noted that the application built-in two-dimensional code generation and display module to generate and display the two-dimensional code is an existing technology, and will not be repeated here. Second Embodiment In real life, two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios. The following uses a payment scenario as an example to describe the QR code generation process. With the progress of society, more and more convenience stores have facilitated people's lives. The barcode scanner of the convenience store can settle the customer by scanning the barcode on the product purchased by the customer. After the settlement, it can be displayed through a QR code, and the user can scan the QR code to pay. After the merchant confirms the settlement on the charging terminal device, the QR code display module in the terminal device will send a QR code information data generation request to the QR code security application. The request will include relevant information about settlement, such as the receipt The account number, amount and other information of the payment party, the QR code security application can use the QR code security application private key Private_Key_Client to sign the information, and attach the convention certificate to the QR code display module for the QR code display module Display the QR code containing the information sent by the QR code security application according to the rules for displaying the QR code. Optionally, the settlement information can include date information, and the QR code security application can also add some dynamic information, such as random number information. 2 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes: Step S21, a two-dimensional code security application receives a request to generate two-dimensional code information data; the request may come from a two-dimensional code display module; The QR code display module can be a built-in module of the merchant billing system, or an external module for the application of the QR code, mainly after the user confirms the settlement amount, to obtain information related to settlement (such as (Can be called QR code business information), such as order information, and sent to the QR code security application; information related to settlement includes but not limited to the amount, merchant account identification, etc., and can even include the details of the user’s purchase of goods, purchase Date, etc.; Step S22, the QR code security application signs the order information according to the private key of the QR code security application; wherein, the QR code security application has the public key of the QR code security application and the QR code security application's An asymmetric key composed of a private key; after receiving the QR code information data request sent by the QR code display module, the QR code security application can use the QR code security application private key Private_Key_Client to sign the order information. The QR code business information and the signature certificate of the QR code security application can be collectively referred to as QR code information data. Optionally, the QR code information data may also contain a certificate. When the QR code security application uses the private key Private_Key_Client to sign the order information, the order information can be hashed, and then the result of the hash operation can be exponentiated and modulo, and the modulo result is used as the signature. Step S23, the QR code security application sends QR code information data; the QR code information data includes QR code business information and the QR code security application's signature on the order information; optionally, the QR code The information data also includes a certificate. The certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application. For ease of description, the embodiment of the present application simplifies the QR code business information sent by the QR code display module to include only amount data, for example, 2. After the QR code security application receives the QR code service information, it needs to use the QR code security application private key Private_Key_Client(31,72) to sign the QR code service information, for example, by calculating 2^31 mod 72=56. As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101, 0001,16), so the security application can generate the following two-dimensional Code information data: (2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16). The QR code security application can send the above QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules. The above process can realize the generation of a two-dimensional code in a payment scenario. The two-dimensional code includes two-dimensional code business information, a secure application signature, and a certificate. The QR code reading device can read the QR code, obtain the QR code information data, and verify the signature to confirm whether the QR code business data is authentic. Third Embodiment In real life, two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios. The following takes an instant communication scenario as an example to describe the two-dimensional code generation process. With the development of mobile Internet, instant messaging software based on wireless Internet technology is emerging, such as WeChat and Dingding. Instant messaging software generally provides the function of adding friends by scanning QR codes or joining groups by scanning QR codes. In the prior art, when a two-dimensional code reading device scans a two-dimensional code to obtain relevant data, it does not verify its authenticity, and there are hidden safety risks. In this application, when the user agrees to add another user as a friend by scanning their own QR code, the QR code display module in the terminal device used by the other user will send the QR code to the QR code security application. Code information data generation request, the request may be only a request to display a two-dimensional code, may not contain any information, or may include a user's logo; if the request is only a request to display a two-dimensional code, the two-dimensional code is safe The application can interact with the instant messaging software in advance to obtain the user's identification. After receiving the request, the QR code security application can use the QR code security application private key Private_Key_Client to sign the user's identification; if the request contains There is a user's identification (can be called QR code business information). The QR code security application can use the QR code security application private key Private_Key_Client to sign the information; the QR code security application can sign the QR code after signing Business information, signatures and convention certificates are sent to the QR code display module for the QR code display module to display the QR code containing the information sent by the QR code security application according to the rules for QR code display. FIG. 3 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes: Step S31, a two-dimensional code security application receives a request to generate two-dimensional code information data; the request may come from a two-dimensional code display module; The two-dimensional code display module can be a two-dimensional code display module in instant messaging software, such as a two-dimensional code business card module, which mainly obtains the user's logo after the user clicks (for example, it can be called two-dimensional code business information) , And send to the QR code security application; of course, you can also just send an empty request, the user's logo is pre-stored in the QR code security application; Step S32, the QR code security application according to the QR code security application's private key Sign the user ID; where the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; Step S33, the QR code security application sends the QR code Information data; the two-dimensional code information data includes two-dimensional code business information and a signature of the two-dimensional code security application on the user identification; optionally, the two-dimensional code information data further includes a certificate. The certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application. For ease of description, the embodiment of the present application sets the user's identifier to 2. After the QR code security application receives the QR code information data generation request, it is necessary to use the QR code security application private key Private_Key_Client(31,72) to sign the QR code business information (that is, the user's logo), for example, through calculation 2^31 mod 72=56. As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101, 0001,16), so the security application can generate the following two-dimensional Code information data: (2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16). The QR code security application can send the above QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules. The above process can realize the generation of a two-dimensional code in an instant communication scenario, where the two-dimensional code contains the user's logo. The QR code reading device can read the QR code, obtain the QR code information data, and verify the signature to confirm whether the QR code business data is authentic. In the fourth embodiment, the two-dimensional code can contain more information than the bar code. With the popularity of smart phones, the two-dimensional code has been widely used. The more commonly used QR code is quick response (QR). The two-dimensional code generally includes: code positioning patterns, functional data, data codes and error correction codes. The function of the code positioning pattern is mainly used to correct the position of the two-dimensional code. When using a smart phone to scan a QR code, the user may not be able to align it, and the QR positioning pattern can be used to correct the QR code, which facilitates the analysis of the pixels in the QR code. The functional data mainly includes storing some formatted data and the information of the QR code version. Data codes are mainly used to store QR code information data. The error correction code is mainly used to store the forward error correction code for the two-dimensional code information data. 4 shows a two-dimensional code display process provided by an embodiment of the present application, which specifically includes: Step S41, the two-dimensional code display module sends a two-dimensional code information data generation request to a security application; the two-dimensional code display module may be The QR code display module in the instant messaging software, such as the QR code business card module, mainly obtains the user's logo (for example, it can be called QR code business information) after the user clicks and sends it to the QR code security application ; Of course, you can also just send an empty request, the user's logo is pre-stored in the QR code security application; or the QR code display module can be a built-in module of the merchant billing system, or it can be a QR code The external module of the application is mainly to obtain information related to settlement (such as QR code business information) after the user confirms the settlement amount, and send it to the QR code security application; the information related to settlement includes However, it is not limited to the amount, merchant account identification, etc., and may even include the details of the user’s purchase of goods, the date of purchase, etc. Step S42, the QR code display module receives the QR code information data sent by the QR code security application, and according to The two-dimensional code encoding rule displays the two-dimensional code corresponding to the two-dimensional code information data. After receiving the request sent by the QR code display module, the QR code security application can use the QR code security application Private_Key_Client to sign the QR code business information, and attach the certificate to the QR code display module . The QR code business information, the signature and certificate of the QR code security application can be collectively called QR code information data. For ease of description, the embodiment of the present application sets the QR code business information to 2. After the QR code security application receives the QR code information data generation request, you need to use the QR code security application private key Private_Key_Client(31,72) to sign the QR code business information (user's logo or merchant's settlement information) , For example, by calculating 2^31 mod 72=56. As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101, 0001,16), so the security application can generate the following two-dimensional Code information data: (2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16). The QR code security application can send the above QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules. The QR code reading device can read the QR code, obtain the QR code information data, and verify the signature to confirm whether the QR code business data is authentic. In the fifth embodiment, after the terminal device displays the two-dimensional code, the two-dimensional code reading device needs to scan the two-dimensional code and verify whether the two-dimensional code business information in the two-dimensional code is true. FIG. 5 shows a two-dimensional code reading process provided by an embodiment of the present application, which specifically includes: Step S51, a two-dimensional code reading device scans a two-dimensional code to obtain two-dimensional code information data. Specifically, the QR code reading device can analyze the QR code to analyze the QR code information data contained in the QR code, for example (2,56,7,72,1001,20190101,0001 ,28,30) or (2,56,7,72, 1001,20190101,0001,16). Step S52, the QR code reading device uses its stored QR code management server public key Public_Key_Server(3,33) to verify the certificate, for example, by calculating 28^3 mod 33=7, 30^3 mod 33=72, Therefore, the public key of the QR code security application Public_Key_Client can be (7,72), which is the same as the public key of the QR code security application Public_Key_Client in the certificate, so that the public key of the QR code security application is (7,72); or By calculating 16^3 mod 33=4 and 772 mod 16=4, the public key of the QR code security application is (7,72). Further, the QR code reading device uses the QR code security application public key Public_Key_Client to verify the signature, for example, by calculating 2^7 mod 72=56, thereby verifying the authenticity of the QR code business information 2. Step S53, after the verification of the QR code business information, the subsequent business process can be completed according to the QR code business information. For example, in the payment scenario, you can initiate a deduction request to the accounting system, notify the user after the accounting system deducts the money, and charge the deducted money to the merchant's account; for another example, in the instant messaging scenario, you can send an instant The communication server sends a friend addition request, and the instant communication server sends the friend addition request to the user. After the user agrees to the request, both parties become friends. Sixth Embodiment The security application-based two-dimensional code anti-counterfeiting method provided in this application is shown in FIG. 6 and specifically includes: Step S61, the two-dimensional code display module sends a request to generate two-dimensional code information data; the request may include The QR code business information, such as order information, can also be a blank request. For example, the QR code can pre-store the QR code business information, such as the user ID; Step S62, the QR code security application receives the generated QR code. Code information data request; Step S63, the QR code security application signs the QR code business information according to the private key of the QR code security application; Step S64, the QR code security application sends to the QR code display module QR code information data; Step S65, the QR code display module displays the QR code information data in the form of a QR code; Step S66, the QR code reading device scans the QR code to obtain the QR code business information And the signature of the QR code business information by the QR code security application; Step S67, the QR code reading device verifies the signature of the QR code business information, and confirms the QR code business information; The code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and the QR code security application The signature of QR code business information. It should be noted that the security application may also store a certificate sent by the QR code management server, and the certificate is a signature certificate generated by the QR code management server for the public key of the security application. When the security application sends QR code information data, the certificate can be sent to the QR code display module. Correspondingly, the QR code reading device can pre-store the public key sent by the QR code management server, which can be used to verify the authenticity of the certificate; after the QR code reading device verifies the authenticity of the QR code, it can be used The public key of the QR code security application in the certificate verifies the authenticity of the QR code business information signature. After double verification, the QR code business information can be processed and the subsequent process can be performed. Optionally, the public key of the security application can also be sent to the QR code reading device through other methods for the authenticity of the QR code business information signature. Seventh Embodiment An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 7, it may be an independent entity, such as a two-dimensional code security module located in a security chip, or may be capable of generating two. Dimension code information data chip. Preferably, it also includes a two-dimensional code display module. The QR code security module can be implemented using the QR code security application located in the security chip. The QR code security application can generate the security QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client. The process will not be repeated here. After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server by the QR code The management server generates the certificate PKC and sends it to the terminal device with the QR code security application installed. After receiving the QR code information data generation request sent by the QR code display module, the QR code security application can use the QR code security application Private_Key_Client to sign the QR code business information. Preferably, a certificate can be attached Send to QR code display module. The QR code business information and the signature of the QR code security application can be collectively called QR code information data. The QR code information data can also include a certificate. The QR code security application can send QR code information data to the QR code display module. Eighth Embodiment An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 8, it may be an independent entity, such as a two-dimensional code security module. Preferably, it also includes a two-dimensional code display module. The QR code security module can be implemented using a QR code security application located in a trusted execution environment. The QR code security application can generate a secure QR code security application public key Public_Key_Client and a QR code security application private key Private_Key_Client, specific The production process will not be repeated here. After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server by the QR code The management server generates the certificate PKC and sends it to the terminal device with the QR code security application installed. After receiving the QR code business information sent by the QR code display module, the QR code security application can use the private key of the QR code security application Private_Key_Client to sign, preferably, you can attach the certificate and send it to the QR code display module group. The QR code business information and the signature of the QR code security application can be collectively called QR code information data. The QR code information data can also include a certificate. The QR code security application can send QR code information data to the QR code display module. The two-dimensional code display module can be realized by a two-dimensional code display application, for example, it can be a module in an accounting system or instant messaging software, or a module independent of an accounting system or instant messaging software. Ninth Embodiment As shown in FIG. 9, the information data generating device provided by the embodiment of the present application includes: a request receiving module, a QR code business information signature module, and a QR code information data sending module. Preferably, the device may further include a public key sending module and a credential receiving module; preferably, it may also include a two-dimensional code display module. Request receiving module, used to receive the request to generate QR code information data; QR code business information signature module, used to sign QR code business information according to the private key of the QR code security application; QR code information A data sending module, used to send QR code information data; wherein, the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; The code information data includes two-dimensional code business information and a signature of the two-dimensional code security application on the two-dimensional code business information. The public key sending module is used to send the public key of the QR code security application to the QR code management server; the certificate receiving module is used to receive the certificate of the QR code security application; wherein, the QR code information The data also contains the credentials of the QR code security application. A two-dimensional code information data sending module, used to send the two-dimensional code information data to the two-dimensional code display module; the two-dimensional code display module, used to display the two-dimensional code QR code information data. Tenth Embodiment The two-dimensional code information data generation device disclosed in this application may be an independent physical entity. As shown in FIG. 10, the device includes a processor and a memory, and the memory may be divided into two parts, such as the first For the memory and the second memory, preferably, the first memory stores a QR code security program, such as a QR code security application, and the second memory stores a QR code display application. The processor can execute the two-dimensional code security program on the first memory to implement the anti-counterfeiting method of the two-dimensional code based on the security application provided by the embodiments of the present application. Eleventh Embodiment The two-dimensional code information data generating device disclosed in this application may be an independent physical entity. As shown in FIG. 1, the device includes a security chip and a first memory, and the first memory stores two Dimension code security program, such as a two-dimensional code security application; preferably, the device further includes a processor and a second memory, and a two-dimensional code display program is stored on the second memory. The security chip can execute the two-dimensional code security program on the first memory to implement the anti-counterfeiting method of the two-dimensional code based on security applications provided by the embodiments of the present application. Twelfth Embodiment A schematic diagram of a two-dimensional code reading device provided by an embodiment of the present application. As shown in FIG. 12, the device includes a scanning module and a verification module. A scanning module is used to scan the QR code to obtain the QR code business information and a signature of the QR code security application on the QR code business information; a verification module is used to verify the signature of the QR code business information To confirm the QR code business information. Preferably, the embodiment of the present application also provides another schematic diagram of a two-dimensional code reading device, as shown in FIG. 10, which includes a processor and a memory, and the memory stores a program, such as a two-dimensional code reading application The processor is used to execute a two-dimensional code reading application program to implement the two-dimensional code reading method provided by the embodiment of the present application. Preferably, the above two-dimensional code reading device is a mobile smart terminal or a computer. Thirteenth Embodiment As shown in FIG. 12, the two-dimensional code system provided by the embodiment of the present application includes a two-dimensional code anti-counterfeiting device and a two-dimensional code reading device; preferably, the system further includes a two-dimensional code management servo The two-dimensional code anti-counterfeiting device may be any two-dimensional code anti-counterfeiting device provided by the embodiments of the present application, and the two-dimensional reading device may be any two-dimensional code reading device provided by the examples of the present application. In the embodiments of the present application, the public key of the QR code management server can be distributed through the QR code management server, and the private key of the QR code security application can be signed using the private key of the QR code management server, and the security chip or The scheme of protecting the private key of the QR code security application by the letter execution environment allows the QR code reading device to effectively verify the legality of the QR code security application locally, reducing the probability of risk occurrence. Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention can take the form of computer program products implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable program code . The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each flow and/or block in the flowchart and/or block diagram and a combination of the flow and/or block in the flowchart and/or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processor or other programmable data processing equipment to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing equipment An apparatus for realizing the functions specified in one block or multiple blocks of one flow or multiple flows of a flowchart and/or one block or multiple blocks of a block diagram. These computer program instructions can also be stored in a computer-readable memory that can guide the computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device, The instruction device implements the functions specified in one block or multiple blocks in one flow or multiple flows in the flowchart and/or one block in the block diagram. These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operating steps are performed on the computer or other programmable equipment to generate computer-implemented processing, which can be executed on the computer or other programmable equipment The instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and/or block diagrams. In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. Memory may include non-permanent memory, random access memory (RAM) and/or non-volatile memory in computer-readable media, such as read-only memory (ROM) or flash memory ( flash RAM). Memory is an example of computer-readable media. Computer-readable media, including permanent and non-permanent, removable and non-removable media, can be stored by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, read-only disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassette tape, magnetic tape magnetic tape storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves. It should also be noted that the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device that includes a series of elements includes not only those elements, but also includes Other elements not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. Without more restrictions, the element defined by the sentence "include one..." does not exclude that there are other identical elements in the process, method, commodity, or equipment that includes the element. Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may take the form of computer program products implemented on one or more computer usable storage media (including but not limited to disk memory, CD-ROM, optical memory, etc.) containing computer usable program code . The above are only examples of the present application, and are not intended to limit the present application. For those skilled in the art, this application may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the patent application of this application.

S11~S16:方法步驟 S21~S23:方法步驟 S31~S33:方法步驟 S41~S42:方法步驟 S51~S53:方法步驟 S61~S67:方法步驟S11~S16: Method steps S21~S23: Method steps S31~S33: Method steps S41~S42: Method steps S51~S53: Method steps S61~S67: Method steps

此處所說明的圖式用來提供對本申請的進一步理解,構成本申請的一部分,本申請的示意性實施例及其說明用於解釋本申請,並不構成對本申請的不當限定。在圖式中: 圖1為本申請第一實施例提供的憑證分發流程圖; 圖2為本申請第二實施例的二維碼防偽方法示意圖; 圖3為本申請第三實施例的二維碼防偽方法示意圖; 圖4為本申請第四實施例的二維碼展示流程示意圖; 圖5為本申請第五實施例的二維碼讀取流程示意圖; 圖6為本申請第六實施例的二維碼防偽方法示意圖; 圖7為本申請第七實施例的二維碼防偽設備示意圖; 圖8為本申請第八實施例的二維碼防偽設備示意圖; 圖9為本申請第九實施例的二維碼防偽設備示意圖; 圖10為本申請第十實施例的二維碼防偽設備示意圖; 圖11為本申請第十一實施例的二維碼防偽設備示意圖; 圖12為本申請第十二實施例的二維碼產生和展示系統示意圖; 圖13為本申請第十三實施例的二維碼防偽系統示意圖。The drawings described here are used to provide a further understanding of the present application and form a part of the present application. The schematic embodiments and descriptions of the present application are used to explain the present application and do not constitute an undue limitation on the present application. In the diagram: 1 is a flow chart of voucher distribution provided by the first embodiment of this application; 2 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a second embodiment of this application; 3 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a third embodiment of this application; 4 is a schematic diagram of a two-dimensional code display process according to a fourth embodiment of the application; 5 is a schematic diagram of a two-dimensional code reading process according to a fifth embodiment of the present application; 6 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a sixth embodiment of this application; 7 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a seventh embodiment of this application; 8 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eighth embodiment of this application; 9 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a ninth embodiment of this application; 10 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a tenth embodiment of this application; 11 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eleventh embodiment of this application; 12 is a schematic diagram of a two-dimensional code generation and display system according to a twelfth embodiment of this application; 13 is a schematic diagram of a two-dimensional code anti-counterfeiting system according to a thirteenth embodiment of the present application.

Claims (40)

一種基於安全應用的二維碼防偽方法,其特徵在於,該方法包括: 二維碼安全應用接收產生二維碼資訊數據的請求; 二維碼安全應用根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼安全應用發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;該二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名。A security application-based two-dimensional code anti-counterfeiting method, characterized in that the method includes: The QR code security application receives a request to generate QR code information data; The QR code security application signs the QR code business information according to the private key of the QR code security application; QR code security application sends QR code information data; Among them, the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security application Sign the business information of the QR code. 如請求項1所述的方法,其中,該方法還包括: 二維碼安全應用將二維碼安全應用的公鑰發送至二維碼管理伺服器; 二維碼安全應用接收二維碼安全應用的憑證; 其中,該二維碼資訊數據還包含該二維碼安全應用的憑證。The method according to claim 1, wherein the method further comprises: The QR code security application sends the public key of the QR code security application to the QR code management server; The QR code security application receives the credentials of the QR code security application; Wherein, the QR code information data also includes the certificate of the QR code security application. 如請求項1所述的方法,其中,該產生二維碼資訊數據的請求包含該二維碼業務資訊;或者在該二維碼安全應用具有該二維碼業務資訊的情況下,該產生二維碼資訊數據的請求為空請求。The method according to claim 1, wherein the request for generating QR code information data includes the QR code business information; or in the case where the QR code security application has the QR code business information, the generating two The request for dimension code information data is an empty request. 如請求項1-3任意一項所述的方法,其中,所述發送二維碼資訊數據包括: 將該二維碼資訊數據發送至該二維碼展示模組; 該方法還包括: 該二維碼展示模組以二維碼的方式展示該二維碼資訊數據。The method according to any one of claims 1 to 3, wherein the sending QR code information data includes: Send the QR code information data to the QR code display module; The method also includes: The two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code. 如請求項2所述的方法,其中,該方法還包括: 該二維碼管理伺服器產生二維碼管理伺服器使用的非對稱密鑰,包括二維碼管理伺服器的公鑰和二維碼管理伺服器的私鑰;和/或 該二維碼管理伺服器產生二維碼管理伺服器使用的對稱密鑰。The method according to claim 2, wherein the method further comprises: The QR code management server generates an asymmetric key used by the QR code management server, including the public key of the QR code management server and the private key of the QR code management server; and/or The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server. 如請求項5所述的方法,其中,該方法還包括: 該二維碼管理伺服器將二維碼管理伺服器的公鑰分發至二維碼讀取設備和/或二維碼安全應用。The method according to claim 5, wherein the method further comprises: The QR code management server distributes the public key of the QR code management server to the QR code reading device and/or the QR code security application. 如請求項1所述的方法,其中,所述二維碼安全應用根據二維碼安全應用的私鑰簽名二維碼業務資訊包括: 該二維碼安全應用結合動態資訊和該業務資訊得到更新後的業務資訊; 該二維碼安全應用根據二維碼安全應用的私鑰簽名該更新的二維碼業務資訊。The method according to claim 1, wherein the QR code security application signs the QR code service information according to the private key of the QR code security application, including: The QR code security application combines dynamic information and the business information to obtain updated business information; The QR code security application signs the updated QR code business information according to the private key of the QR code security application. 一種二維碼讀取方法,其特徵在於,該方法包括: 掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名; 驗證該二維碼業務資訊的簽名,確認該二維碼業務資訊。A two-dimensional code reading method, characterized in that the method includes: Scan the QR code to obtain the QR code business information and the QR code security application's signature on the QR code business information; Verify the signature of the QR code business information and confirm the QR code business information. 如請求項8所述的方法,其中,所述驗證該二維碼業務資訊的簽名包括: 利用二維碼安全應用的公鑰驗證該二維碼業務資訊的簽名。The method according to claim 8, wherein the signature for verifying the service information of the two-dimensional code includes: Use the public key of the QR code security application to verify the signature of the QR code business information. 如請求項8所述的方法,其中,該方法還包括: 掃描二維碼以獲得二維碼安全應用的憑證; 利用二維碼管理伺服器產生的密鑰驗證該憑證,確認該憑證包含的二維碼安全應用的公鑰; 所述驗證該簽名,確認該二維碼業務資訊包括: 利用憑證包含的二維碼安全應用的公鑰驗證該二維碼業務資訊的簽名,確認該二維碼業務資訊。The method according to claim 8, wherein the method further comprises: Scan the QR code to obtain the certificate of the QR code security application; Use the key generated by the QR code management server to verify the certificate and confirm the public key of the QR code security application contained in the certificate; The verification of the signature and confirmation of the QR code business information includes: Use the public key of the QR code security application contained in the certificate to verify the signature of the QR code business information, and confirm the QR code business information. 如請求項8所述的方法,其中,該方法還包括: 二維碼安全應用將二維碼安全應用的公鑰發送至二維碼讀取設備;或者 二維碼管理伺服器將二維碼安全應用的公鑰發送至二維碼讀取設備;或者二維碼管理伺服器將二維碼管理伺服器產生的密鑰發送至二維碼讀取設備,其中二維碼管理伺服器產生的密鑰為非對稱密鑰或對稱密鑰。The method according to claim 8, wherein the method further comprises: The QR code security application sends the public key of the QR code security application to the QR code reading device; or The QR code management server sends the public key of the QR code security application to the QR code reading device; or the QR code management server sends the key generated by the QR code management server to the QR code reading device , Where the key generated by the two-dimensional code management server is an asymmetric key or a symmetric key. 一種基於安全應用的二維碼防偽方法,其特徵在於,該方法包括: 二維碼展示模組發送產生二維碼資訊數據的請求; 二維碼安全應用接收產生二維碼資訊數據的請求; 二維碼安全應用根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼安全應用向該二維碼展示模組發送二維碼資訊數據; 該二維碼展示模組以二維碼的方式展示該二維碼資訊數據; 二維碼讀取設備掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名; 二維碼讀取設備驗證該二維碼業務資訊的簽名,確認該二維碼業務資訊; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;該二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名。A security application-based two-dimensional code anti-counterfeiting method, characterized in that the method includes: The QR code display module sends a request to generate QR code information data; The QR code security application receives a request to generate QR code information data; The QR code security application signs the QR code business information according to the private key of the QR code security application; The QR code security application sends QR code information data to the QR code display module; The QR code display module displays the QR code information data in the form of a QR code; The QR code reading device scans the QR code to obtain the QR code business information and the QR code security application's signature on the QR code business information; The QR code reading device verifies the signature of the QR code business information and confirms the QR code business information; Among them, the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security application Sign the business information of the QR code. 如請求項12所述的方法,其中,該方法還包括: 二維碼安全應用將二維碼安全應用的公鑰發送至二維碼管理伺服器; 二維碼安全應用接收二維碼安全應用的憑證; 其中,該二維碼資訊數據還包含該二維碼安全應用的憑證。The method according to claim 12, wherein the method further comprises: The QR code security application sends the public key of the QR code security application to the QR code management server; The QR code security application receives the credentials of the QR code security application; Wherein, the QR code information data also includes the certificate of the QR code security application. 如請求項12所述的方法,其中,該產生二維碼資訊數據的請求包含該二維碼業務資訊;或者在該二維碼安全應用具有該二維碼業務資訊的情況下,該產生二維碼資訊數據的請求為空請求。The method according to claim 12, wherein the request for generating QR code information data includes the QR code business information; or in the case where the QR code security application has the QR code business information, the generating two The request for dimension code information data is an empty request. 如請求項12所述的方法,其中,該方法還包括: 該二維碼管理伺服器產生二維碼管理伺服器使用的非對稱密鑰,包括二維碼管理伺服器的公鑰和二維碼管理伺服器的私鑰;和/或 該二維碼管理伺服器產生二維碼管理伺服器使用的對稱密鑰。The method according to claim 12, wherein the method further comprises: The QR code management server generates an asymmetric key used by the QR code management server, including the public key of the QR code management server and the private key of the QR code management server; and/or The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server. 如請求項15所述的方法,其中,該方法還包括: 該二維碼管理伺服器將二維碼管理伺服器的公鑰分發至二維碼讀取設備和/或二維碼安全應用。The method according to claim 15, wherein the method further comprises: The QR code management server distributes the public key of the QR code management server to the QR code reading device and/or the QR code security application. 如請求項12所述的方法,其中,所述二維碼安全應用根據二維碼安全應用的私鑰簽名二維碼業務資訊包括: 該二維碼安全應用結合動態資訊和該業務資訊得到更新後的業務資訊; 該二維碼安全應用根據二維碼安全應用的私鑰簽名該更新的二維碼業務資訊。The method according to claim 12, wherein the QR code security application signs the QR code service information according to the private key of the QR code security application, including: The QR code security application combines dynamic information and the business information to obtain updated business information; The QR code security application signs the updated QR code business information according to the private key of the QR code security application. 如請求項12或13所述的方法,其中,該二維碼讀取設備驗證該二維碼業務資訊的簽名包括: 二維碼讀取設備利用二維碼安全應用的公鑰驗證該二維碼業務資訊的簽名。The method according to claim 12 or 13, wherein the verification of the signature of the QR code service information by the QR code reading device includes: The QR code reading device uses the public key of the QR code security application to verify the signature of the QR code business information. 如請求項18所述的方法,其中,該方法還包括: 掃描二維碼以獲得二維碼安全應用的憑證; 利用二維碼管理伺服器產生的密鑰驗證該憑證,確認該憑證包含的二維碼安全應用的公鑰。The method according to claim 18, wherein the method further comprises: Scan the QR code to obtain the certificate of the QR code security application; Use the key generated by the QR code management server to verify the certificate and confirm the public key of the QR code security application contained in the certificate. 如請求項12所述的方法,其中,該方法還包括: 二維碼安全應用將二維碼安全應用的公鑰發送至二維碼讀取設備;或者 二維碼管理伺服器將二維碼安全應用的公鑰發送至二維碼讀取設備;或者二維碼管理伺服器將二維碼管理伺服器產生的密鑰發送至二維碼讀取設備,其中二維碼管理伺服器產生的密鑰為非對稱密鑰或對稱密鑰。The method according to claim 12, wherein the method further comprises: The QR code security application sends the public key of the QR code security application to the QR code reading device; or The QR code management server sends the public key of the QR code security application to the QR code reading device; or the QR code management server sends the key generated by the QR code management server to the QR code reading device , Where the key generated by the two-dimensional code management server is an asymmetric key or a symmetric key. 一種二維碼防偽設備,其特徵在於,該設備包括二維碼安全模組; 二維碼安全模組,還用於接收產生二維碼資訊數據的請求;根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名;發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;該二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名。A two-dimensional code anti-counterfeiting device, characterized in that the device includes a two-dimensional code security module; The QR code security module is also used to receive requests for generating QR code information data; sign QR code business information according to the private key of the QR code security application; send QR code information data; Among them, the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security application Sign the business information of the QR code. 如請求項21所述的設備,其中,二維碼安全模組,還用於將二維碼安全模組的公鑰發送至二維碼管理伺服器;接收二維碼安全模組的憑證; 其中,該二維碼資訊數據還包含該二維碼安全模組的憑證。The device according to claim 21, wherein the QR code security module is also used to send the public key of the QR code security module to the QR code management server; to receive the certificate of the QR code security module; Wherein, the QR code information data also includes the certificate of the QR code security module. 如請求項21所述的設備,其中,該產生二維碼資訊數據的請求包含該二維碼業務資訊;或者在該二維碼安全應用具有該二維碼業務資訊的情況下,該產生二維碼資訊數據的請求為空請求。The device according to claim 21, wherein the request for generating QR code information data includes the QR code business information; or in the case where the QR code security application has the QR code business information, the generating two The request for dimension code information data is an empty request. 如請求項21-23任意一項所述的設備,其中,二維碼安全模組,還用於將該二維碼資訊數據發送至該二維碼展示模組;以二維碼的方式展示該二維碼資訊數據。The device according to any one of claims 21 to 23, wherein the QR code security module is also used to send the QR code information data to the QR code display module; display in the form of a QR code The QR code information data. 如請求項22所述的設備,其中,該二維碼管理伺服器,用於產生二維碼管理伺服器使用的非對稱密鑰,包括二維碼管理伺服器的公鑰和二維碼管理伺服器的私鑰;和/或 該二維碼管理伺服器,用於產生二維碼管理伺服器使用的對稱密鑰。The device according to claim 22, wherein the two-dimensional code management server is used to generate an asymmetric key used by the two-dimensional code management server, including the public key and the two-dimensional code management of the two-dimensional code management server The server's private key; and/or The two-dimensional code management server is used to generate a symmetric key used by the two-dimensional code management server. 如請求項25所述的設備,其中,該二維碼管理伺服器,還用於將二維碼管理伺服器的公鑰分發至二維碼讀取設備和/或二維碼安全模組。The device according to claim 25, wherein the QR code management server is further used to distribute the public key of the QR code management server to the QR code reading device and/or the QR code security module. 如請求項21所述的設備,其中,該二維碼安全模組,還用於結合動態資訊和該業務資訊得到更新後的業務資訊;根據二維碼安全模組的私鑰簽名該更新的二維碼業務資訊。The device according to claim 21, wherein the QR code security module is also used to combine the dynamic information and the business information to obtain updated business information; and sign the updated according to the private key of the QR code security module QR code business information. 一種二維碼防偽設備,其特徵在於,該設備包括安全晶片和記憶體,該記憶體上儲存有二維碼安全程式; 該安全晶片,用於執行該二維碼安全程式以實現根據請求項1所述的方法。A two-dimensional code anti-counterfeiting device, characterized in that the device includes a security chip and a memory, and a two-dimensional code security program is stored on the memory; The security chip is used to execute the two-dimensional code security program to implement the method according to claim 1. 一種二維碼防偽設備,其特徵在於,該設備包括處理器和記憶體,該記憶體儲存有二維碼安全程式; 該處理器,用於執行該二維碼安全程式以實現根據請求項1所述的方法。A two-dimensional code anti-counterfeiting device, characterized in that the device includes a processor and a memory, and the memory stores a two-dimensional code security program; The processor is used to execute the two-dimensional code security program to implement the method according to claim 1. 一種二維碼防偽設備,其特徵在於,該設備包括: 請求接收模組,用於接收產生二維碼資訊數據的請求; 二維碼業務資訊簽名模組,用於根據二維碼安全應用的私鑰對二維碼業務資訊進行簽名; 二維碼資訊數據發送模組,用於發送二維碼資訊數據; 其中,二維碼安全應用具有二維碼安全應用的公鑰和二維碼安全應用的私鑰構成的非對稱密鑰;該二維碼資訊數據包含二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名。A two-dimensional code anti-counterfeiting device, characterized in that the device includes: Request receiving module, used to receive requests for generating QR code information data; QR code business information signature module, used to sign QR code business information according to the private key of the QR code security application; QR code information data sending module, used to send QR code information data; Among them, the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code business information and QR code security application Sign the business information of the QR code. 如請求項30所述的設備,其中,該設備還包括: 公鑰發送模組,用於將二維碼安全應用的公鑰發送至二維碼管理伺服器; 憑證接收模組,用於接收二維碼安全應用的憑證; 其中,該二維碼資訊數據還包含該二維碼安全應用的憑證。The device according to claim 30, wherein the device further comprises: Public key sending module, used to send the public key of the QR code security application to the QR code management server; The certificate receiving module is used to receive the certificate of the QR code security application; Wherein, the QR code information data also includes the certificate of the QR code security application. 如請求項30所述的設備,其中,該產生二維碼資訊數據的請求包含該二維碼業務資訊;或者在該二維碼安全應用具有該二維碼業務資訊的情況下,該產生二維碼資訊數據的請求為空請求。The device according to claim 30, wherein the request for generating QR code information data includes the QR code business information; or in the case where the QR code security application has the QR code business information, the generating two The request for dimension code information data is an empty request. 如請求項30-32任意一項所述的設備,其中,該設備還包括二維碼展示模組; 該二維碼資訊數據回應發送模組,用於將該二維碼資訊數據發送至該二維碼展示模組; 該二維碼展示模組,用於以二維碼的方式展示該二維碼資訊數據。The device according to any one of claims 30-32, wherein the device further includes a two-dimensional code display module; The QR code information data response sending module is used to send the QR code information data to the QR code display module; The two-dimensional code display module is used to display the two-dimensional code information data in the form of a two-dimensional code. 如請求項31所述的設備,其中,該二維碼管理伺服器產生二維碼管理伺服器使用的非對稱密鑰,包括二維碼管理伺服器的公鑰和二維碼管理伺服器的私鑰;和/或 該二維碼管理伺服器產生二維碼管理伺服器使用的對稱密鑰。The device according to claim 31, wherein the two-dimensional code management server generates an asymmetric key used by the two-dimensional code management server, including the public key of the two-dimensional code management server and the Private key; and/or The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server. 如請求項34所述的設備,其中,該二維碼管理伺服器將二維碼管理伺服器的公鑰分發至二維碼讀取設備和/或二維碼安全應用。The device according to claim 34, wherein the QR code management server distributes the public key of the QR code management server to the QR code reading device and/or the QR code security application. 如請求項30所述的設備,其中,二維碼業務資訊簽名模組,還用於結合動態資訊和該業務資訊得到更新後的業務資訊;根據二維碼安全應用的私鑰簽名該更新的二維碼業務資訊。The device according to claim 30, wherein the QR code business information signature module is also used to combine the dynamic information and the business information to obtain the updated business information; and sign the updated according to the private key of the QR code security application QR code business information. 一種二維碼讀取設備,其特徵在於,該二維碼讀取設備包括: 掃描模組,用於掃描二維碼以獲得二維碼業務資訊以及二維碼安全應用對該二維碼業務資訊的簽名; 驗證模組,用於驗證該二維碼業務資訊的簽名,確認該二維碼業務資訊。A two-dimensional code reading device, characterized in that the two-dimensional code reading device includes: The scanning module is used to scan the QR code to obtain the QR code business information and the signature of the QR code security application on the QR code business information; The verification module is used to verify the signature of the QR code business information and confirm the QR code business information. 一種二維碼讀取設備,其特徵在於,該設備包括處理器和記憶體,該記憶體上儲存有程式; 該處理器,用於執行該程式以實現根據請求項8所述的方法。A two-dimensional code reading device, characterized in that the device includes a processor and a memory, and the memory stores a program; The processor is configured to execute the program to implement the method according to claim 8. 一種二維碼防偽系統,其特徵在於,該系統包括根據請求項21-36任意一項所述的設備以及根據請求項37或38所述的二維碼讀取設備。A two-dimensional code anti-counterfeiting system, characterized in that the system includes the device according to any one of the request items 21-36 and the two-dimensional code reading device according to the request items 37 or 38. 根據請求項39所述的系統,其中,該系統還包括二維碼管理伺服器; 該二維碼管理伺服器,用於向二維碼讀取設備發送密鑰和/或產生憑證並向根據請求項21-36任意一項所述的設備發送該憑證。The system according to claim 39, wherein the system further includes a two-dimensional code management server; The two-dimensional code management server is used to send a key and/or generate a certificate to the two-dimensional code reading device and send the certificate to the device according to any one of the request items 21-36.
TW108125966A 2018-10-12 2019-07-23 Two-dimensional code anti-counterfeiting method, equipment and system based on security application TWI748209B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811187031.7 2018-10-12
CN201811187031.7A CN109615030A (en) 2018-10-12 2018-10-12 Dimension code anti-counterfeit method, equipment and system based on security application

Publications (2)

Publication Number Publication Date
TW202014931A true TW202014931A (en) 2020-04-16
TWI748209B TWI748209B (en) 2021-12-01

Family

ID=66001696

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108125966A TWI748209B (en) 2018-10-12 2019-07-23 Two-dimensional code anti-counterfeiting method, equipment and system based on security application

Country Status (3)

Country Link
CN (1) CN109615030A (en)
TW (1) TWI748209B (en)
WO (1) WO2020073715A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application
CN110677261B (en) * 2019-09-29 2023-05-12 四川虹微技术有限公司 Trusted two-dimensional code generation method and device, electronic equipment and storage medium
CN112862466A (en) * 2019-12-17 2021-05-28 中国银联股份有限公司 Resource transfer method, account settling terminal and server node
CN111709506B (en) * 2020-06-12 2023-07-11 北京思特奇信息技术股份有限公司 Custom label generation method and system
CN112612843B (en) * 2021-01-07 2023-08-04 重庆泛美新程航空服务有限公司 Query counter business data statistics and display method, system, equipment and medium
CN112862488A (en) * 2021-03-29 2021-05-28 中信银行股份有限公司 Data signature method and device, electronic equipment and computer readable storage medium
CN114897112B (en) * 2022-04-18 2023-07-18 上海美的茵信息技术有限公司 Diagnostic data transmission method based on two-dimension code, computer equipment and storage medium
CN115150126B (en) * 2022-05-24 2024-04-19 从法信息科技有限公司 Legal service remote processing method and device and electronic equipment
CN115204340A (en) * 2022-09-14 2022-10-18 北京紫光青藤微系统有限公司 Method and device for generating two-dimensional code, electronic equipment and storage medium
CN115484224B (en) * 2022-09-16 2023-09-29 北京奇艺世纪科技有限公司 Information association method, two-dimensional code generation method, device, electronic equipment and medium
CN117932573A (en) * 2022-10-17 2024-04-26 华为云计算技术有限公司 Two-dimensional code anti-counterfeiting system, method and related equipment

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102129589A (en) * 2011-02-10 2011-07-20 谢仁康 Asymmetric encryption two-dimension code anti-counterfeiting method
CN102201100B (en) * 2011-05-10 2013-04-24 朱清明 Object anti-counterfeiting method and system
CN102999770B (en) * 2011-09-14 2017-10-10 尤星 Dynamic two-dimension code system and method
KR101579603B1 (en) * 2012-06-27 2016-01-04 네이버 주식회사 System, method and computer readable recording medium for linking a television and a smart phone using an image authentication key
CN102932148B (en) * 2012-10-25 2016-05-11 成都市易恒信科技有限公司 Based on the safe two-dimension code anti-counterfeit System and method for of CPK certification
CN103824202A (en) * 2014-03-21 2014-05-28 成都市易恒信科技有限公司 CPK (Combined Public Key) identification authentication technology based RFID (Radio Frequency Identification Device) and two-dimensional code composite truth-identification and anti-fake source-tracing method
US9338164B1 (en) * 2014-04-14 2016-05-10 Symantec Corporation Two-way authentication using two-dimensional codes
CN104408502A (en) * 2014-10-22 2015-03-11 全联斯泰克科技有限公司 Two-dimension code generation method, two-dimension code generation device, two-dimension code verification method and two-dimension code verification device based on CPK (Combined Public Key)
CN105024824B (en) * 2014-11-05 2018-12-21 浙江码博士防伪科技有限公司 The generation and verification method and system of credible label based on rivest, shamir, adelman
CN105205664A (en) * 2015-09-25 2015-12-30 中城智慧科技有限公司 Novel offline payment method
CN107835079A (en) * 2017-11-02 2018-03-23 广州佳都数据服务有限公司 A kind of two-dimentional code authentication method and equipment based on digital certificate
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application

Also Published As

Publication number Publication date
WO2020073715A1 (en) 2020-04-16
CN109615030A (en) 2019-04-12
TWI748209B (en) 2021-12-01

Similar Documents

Publication Publication Date Title
TWI748209B (en) Two-dimensional code anti-counterfeiting method, equipment and system based on security application
Qin et al. A secure and privacy-preserving mobile wallet with outsourced verification in cloud computing
US11949796B1 (en) Secure digital communications
US10057061B1 (en) Secure digital communications
US20230360040A1 (en) Quantum-safe payment system
CN111047321A (en) Service processing method and device, electronic equipment and storage medium
CN111222178B (en) Data signature method and device
US11170363B1 (en) Secure processing of online purchase using a mobile wallet
CN110070357B (en) Data processing method, device and system
CN110390212B (en) Supply monitoring method based on block chain and node device
CN111178840A (en) Service processing method, device, system, electronic equipment and storage medium
US11716200B2 (en) Techniques for performing secure operations
CN111340477A (en) Service processing method and device, electronic equipment and storage medium
CN104282091A (en) Bill data generating/transmitting/storing/authenticating method
WO2020222777A1 (en) Decentralized processing of interactions on delivery
CN111784347B (en) Resource transfer method and device
CN115456613A (en) Digital collection transaction method and equipment
CN111861462B (en) Financial product transaction method and device based on blockchain
CN111881166B (en) Method, device and system for processing operation data based on block chain
US20220353058A1 (en) Conditional offline interaction system and method
KR20120087788A (en) System and method for authentication using barcodes
Chang et al. A highly efficient and secure electronic cash system based on secure sharing in cloud environment
Akande et al. ADAPTATION AND USABILITY OF QUICK RESPONSE CODES FOR SUBSCRIPTION TO MOBILE NETWORK OPERATORS’SERVICES
US12003495B2 (en) Decentralized processing of interactions on delivery
US20240127232A1 (en) Systems and methods for improved electronic transfer of resources via a blockchain