WO2014135017A1

WO2014135017A1 - Method and system for transactions using smart card having electronic signature function

Info

Publication number: WO2014135017A1
Application number: PCT/CN2014/072527
Authority: WO
Inventors: 李东声
Original assignee: 天地融科技股份有限公司
Priority date: 2013-03-06
Filing date: 2014-02-25
Publication date: 2014-09-12

Abstract

A method and system for transactions using a smart card having an electronic signature function are disclosed. The method comprises: a smart card having an electronic signature function accesses a terminal and receives a transaction message; the smart card generates a joint password; the smart card generates a signature message on the basis of the transaction message and the joint password; the smart card at least sends the signature message to the terminal; the terminal obtains an authentication password, authenticates the signature message and the authentication password, and, upon authentication, sends a transaction command to a background system server, wherein the authentication password is a joint password entered by means of push-keys on the terminal, or is a joint password obtained by means of the terminal scanning information displayed by the smart card, or is a joint password obtained from the smart card by means of the terminal using a non-contact communication mode; and, the background system server executes a transaction operation in accordance with the transaction command.

Description

Smart card transaction method and system with electronic signature function

The present invention relates to the field of electronic technologies, and in particular, to a smart card transaction method and system having an electronic signature function. Background technique

Today, credit card spending has become mainstream. The following process is used to implement electronic signature transactions:

Step S101, the user holds the card to access the POS device in a non-contact manner; wherein the non-contact mode can be radio frequency, Bluetooth,

Any non-contact method such as NFC.

Step S102: The POS machine sends the transaction information to the smart card accessed by the user. The transaction information may include at least an account number and an amount, and may further include transaction detail information.

Step S103, the smart card receives the transaction information, displays the transaction information, and after the user confirms that the transaction information is correct, receives the confirmation password input by the user, and signs the transaction information;

Step S104, the smart card accesses the POS machine again in a non-contact manner, and sends the signature information to the POS machine. Step S105: The POS machine uploads the transaction information and the signature information to the bank server, so that the bank server executes the transaction according to the transaction information.

It can be seen that the existing smart card needs to perform at least two accesses with the POS device in a non-contact manner in the process of signing the transaction information, so that the transaction information and/or the signature information are hijacked during the access process. The problem is that the user is lost and the security is not high. Summary of the invention

The invention aims to solve the problem that the security of the existing smart card is not high due to the hijacking of transaction information and/or signature information in the multiple access process.

It is an object of the present invention to provide a smart card transaction method having an electronic signature function.

Another object of the present invention is to provide a smart card transaction system having an electronic signature function.

In order to achieve the above object, the technical solution of the present invention is specifically implemented as follows:

An aspect of the present invention provides a smart card transaction method with an electronic signature function, the method comprising: A. A smart card access terminal having an electronic signature function, receiving a transaction message; B. The smart card generates a joint password; The smart card generates a signature message according to the transaction message and the joint password; D. The smart card sends at least the signature message to the terminal; E. The terminal acquires a verification password, and verifies the signature. The message and the verification password, And after the verification is passed, sending the transaction instruction to the background system server; wherein the verification password is a joint password input through a button of the terminal, or a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a contactless communication manner; F. The background system server performs a transaction operation according to the transaction instruction.

In addition, the step C includes: the smart card calculates summary information of the transaction message; the smart card encrypts the joint password to obtain an encrypted joint password; and the summary information and the smart card of the transaction message The encrypted joint password is signed to generate a signature message.

In addition, the step C includes: the smart card calculates summary information of the transaction message; the smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; the smart card pairs the transaction message The summary information is signed with the encrypted joint password to generate a signature message.

In addition, in the step D, the smart card further sends the encrypted joint password and the signed message to the terminal.

In addition, the step C includes: the smart card calculates summary information of the transaction message; the smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password; the smart card Signing the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.

In addition, in the step D, the smart card further sends the summary information of the encrypted joint password and the signed message to the terminal.

In addition, between the step D and the step E, the method further includes: the smart card disconnects from the terminal; the smart card displays the transaction message; the smart card receives input through a button Confirmation password and/or confirmation instruction; the smart card displays the joint password or barcode or picture.

An aspect of the present invention provides a smart card transaction method with an electronic signature function, the method comprising: A. A smart card access terminal having an electronic signature function, receiving a transaction message; B. The smart card generates a joint password, and Generating an encrypted joint password according to the joint password; C. The smart card generates a signature message according to the transaction message; D. The smart card sends the encrypted joint password and the signature message to the terminal; E. The terminal obtains a verification password, respectively verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is a key input through the terminal a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a contactless communication manner; F. the background system server according to the The trading order performs a trading operation.

In addition, between the step D and the step E, the method further includes: the smart card disconnects from the terminal; the smart card displays the transaction message; the smart card receives input through a button Confirmation password and/or confirmation instruction; the smart card displays the joint password or barcode or picture. In addition, the encrypting the joint password in the step B to obtain the encrypted joint password may adopt a symmetric encryption or an asymmetric encryption manner.

Another aspect of the present invention provides a smart card transaction system with an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function; the smart card access terminal having an electronic signature function, receiving a transaction Generating a combined password, generating a signature message according to the transaction message and the joint password, and transmitting the signature message to the terminal at least; the terminal acquires a verification password, and verifies the signature message and The verification password is sent, and after the verification is passed, the transaction instruction is sent to the background system server; wherein the verification password is a joint password input through a button of the terminal, or the information displayed by the smart card is scanned by the terminal. a joint password, or a joint password obtained from the smart card by the terminal in a contactless communication manner; the background system server performs a transaction operation according to the transaction instruction.

In addition, the smart card includes: a transceiver module, a password generation module, a signature module, and a display module; the transceiver module is configured to access the terminal, receive a transaction message, and send the message to the signature module; the password generation module is configured to generate Sending a password to the signature module and the display module; the signature module generates a signature message according to the transaction message and the joint password, and sends at least the signature message by using the transceiver module To the terminal.

In addition, the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.

In addition, the smart card further includes: a button module; the button module triggers the display module to display the joint password or a barcode or a picture according to the received confirmation password and/or confirmation command.

In addition, the transceiver module is further configured to send the combined password obtained from the password generating module to the terminal in a contactless communication manner.

In addition, the smart card further includes: a graphics generating module; the graphics generating module converts the joint password obtained by the password generating module to generate a barcode or a picture, and outputs the barcode to the display module.

In addition, the terminal acquires the verification password from the smart card in a contactless communication manner.

In addition, the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.

Another aspect of the present invention provides a smart card transaction system with an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function; the smart card access terminal having an electronic signature function, receiving Transmitting a message, generating a joint password, and generating an encrypted joint password according to the joint password, generating a signature message according to the transaction message, and sending the encrypted joint password and the signature message to the terminal; The terminal obtains the verification password, respectively verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is a joint password input through a button of the terminal. , Or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner; and the background system server performs a transaction operation according to the transaction instruction.

In addition, the smart card includes: a transceiver module, a password generation module, an encryption module, a signature module, and a display module; the transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module; And the cryptographic module is configured to encrypt the joint password to obtain an encrypted joint password, and send the encrypted joint password by using the transceiver module. And the signing module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module.

Another aspect of the present invention provides a smart card transaction system with an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;

The smart card access terminal having the electronic signature function receives the transaction message, generates a joint password, generates a signature message according to the transaction message and the joint password, and sends the signature message to the terminal at least;

The terminal obtains a verification password, verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is a joint password input through a button of the terminal. Or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner;

The backend system server performs a transaction operation in accordance with the transaction instruction.

In addition, the smart card includes: a transceiver module, a password generation module, and a signature module;

The transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module; The password generating module is configured to generate a joint password and send the code to the signature module;

And the signature module generates a signature message according to the transaction message and the joint password, and sends the signature message to the terminal by using the transceiver module.

In addition, the smart card further includes: a display module; the display module is configured to display the joint password.

In addition, the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or the confirmation command.

In addition, the smart card further includes: a display module and a graphic generating module; the graphic generating module is configured to generate a barcode or a picture according to the joint password acquired from the password generating module; the display module is configured to display the barcode Or picture.

Another aspect of the present invention provides a smart card transaction system with an electronic signature function, characterized in that the system comprises: a terminal, a background system server, and a smart card having an electronic signature function;

The smart card access terminal having the electronic signature function receives the transaction message, generates a joint password, generates an encrypted joint password according to the joint password, generates a signature message according to the transaction message, and generates the encrypted joint password. And sending the signature message to the terminal;

And obtaining, by the terminal, the verification password, respectively verifying the signature message and the verification password, and sending the transaction instruction to the background system server after the verification is passed; wherein the verification password is a combination of key input through the terminal a password, or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner;

In addition, the smart card includes: a transceiver module, a password generation module, an encryption module, and a signature module; the transceiver module is configured to access the terminal, receive the transaction message, and send the message to the signature module;

The password generating module is configured to generate a joint password and send the password to the encryption module;

The encryption module is configured to encrypt the joint password to obtain an encrypted joint password, and send the encrypted joint password to the terminal by using the transceiver module; The signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module.

In addition, the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card. It can be seen from the technical solution provided by the present invention that the present invention provides a smart card transaction method with an electronic signature function and a smart card transaction system with an electronic signature function, and completes the data required for the transaction through one access of the smart card and the terminal ( For example, the interaction of signature data) reduces the risk of intercepting important information caused by multiple accesses and improves security. The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, which is different from the existing transaction password and OTP, and the terminal of the present invention may be different. The method obtains the joint password. In the process of obtaining, the joint password (authentication password) can be transmitted in clear text without reducing the security of the account during the transaction; the invention generates the joint password by the smart card and performs the joint password Encrypting or signing, ensuring the security of the joint password transmission to the terminal and the accuracy of the terminal verifying the joint password; the terminal of the present invention verifies the signature message according to the joint password after inputting the joint password, and is sent by the terminal after the verification is passed The transaction command is sent to the back-end system server to prevent important data such as signature data from being transmitted through the network, resulting in unsafe hidden dangers and ensuring the security of the transaction. DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without any creative work. 1 is a flow chart of a method for an existing electronic signature transaction;

2 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention;

3 is another schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention;

4 is a flowchart of Embodiment 1 of a smart card transaction method with an electronic signature function according to the present invention;

FIG. 5 is a flowchart of Embodiment 2 of a smart card transaction method with an electronic signature function according to the present invention; FIG.

6 is another schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention;

7 is a schematic structural diagram of still another smart card transaction system with an electronic signature function according to the present invention;

FIG. 8 is a flowchart of Embodiment 3 of a smart card transaction method with an electronic signature function according to the present invention; FIG. 9 is a flowchart of Embodiment 4 of a smart card transaction method with an electronic signature function according to the present invention. detailed description

The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.

In the description of the present invention, it is to be understood that the terms "center", "vertical", "transverse", "upper", "lower", "previous", "rear", "left", "right", " The orientation or positional relationship of the indications of "", "horizon", "top", "bottom", "inside", "outside", etc. is based on the orientation or positional relationship shown in the drawings, only for the convenience of describing the present invention and The simplification of the description is not intended to limit or imply that the device or elements referred to have a particular orientation, construction and operation in a particular orientation. Moreover, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.

In the description of the present invention, it should be noted that the terms "installation", "connected", and "connected" are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or connected integrally; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components. The specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art.

The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. FIG. 2 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention. The structure of the smart card transaction system with electronic signature function of the present invention will now be described with reference to FIG. 2, which is as follows:

The smart card transaction system with electronic signature function of the invention comprises: terminal 100, background system server 200 And a smart card 300 with an electronic signature function. The smart card 300 is a device having an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed using a key, or an integrated chip having the above two chip functions. among them,

The smart card 300 with the electronic signature function access terminal 100, receives the transaction message, generates a joint password, generates a signature message according to the transaction message, and sends the joint password and the signature message to the terminal 100;

The terminal 100 obtains the verification password, verifies the verification password, and sends the transaction message and the signature message to the background system server 200 after the verification is passed; wherein the verification password is a joint password input through the button of the terminal 100, or through the terminal 100. a joint password obtained by scanning the information displayed by the smart card 30, or a joint password acquired from the smart card 300 by the terminal 100 in a contactless communication manner;

The background system server 200 verifies the signature message, and after the verification is passed, performs a transaction operation according to the transaction message. Meanwhile, based on the above system, the smart card 30 includes: a transceiver module 3001, a password generation module 3002, and a signature module 3003; in other words, the above-described modules included in the smart card 300 having an electronic signature function may be integrated on one chip or according to the smart card 300. The number and function of the chips used are integrated on multiple chips, and will not be exemplified here.

The transceiver module 3001 is configured to access the terminal 100, receive the transaction message and send it to the signature module 3003;

The password generating module 3002 is configured to generate a joint password, and send the joint password to the terminal through the transceiver module 3001.

10;

The signature module 3003 generates a signature message according to the transaction message, and sends the signature message to the terminal 100 through the transceiver module 3001.

In addition, the smart card 300 can further include a display module 3004 for displaying the joint password, so that the terminal 100 scans the displayed joint password to obtain the verification password. Of course, by displaying the joint password, the joint password input terminal 100 can also be used as the verification password through the button of the terminal 100.

Of course, on the basis of the above structure, the transceiver module 3001 of the smart card 300 of the present invention disconnects the terminal 100 after transmitting the signature message to the terminal 100, so that the display module 3004 displays the transaction message. Therefore, it is ensured that the smart card 300 of the present invention completes the data (signature data) required for transaction only by contacting the terminal 100 once, and reduces the risk of interception of data due to the secondary contact, thereby improving the security of the transaction.

Of course, the terminal 100 can notify the background system server 20 to lock the account corresponding to the smart card to protect the security of the user account after verifying that the joint password fails a preset number of times (for example, three times).

In addition, the smart card 300 may further include: a button module 3005. The button module 3005 triggers the display module 3004 to display the joint password based on the received confirmation password and/or confirmation command.

In addition, the smart card 300 may further include: a graphics generation module 3006. The graphics generation module 3006 will generate passwords The joint password obtained by the module 3002 is converted to generate a barcode or a picture. Graphic generation module is adopted in the smart card 300

When the barcode or picture is generated by the 3006, the display module 3004 can be triggered by the button module 3005 to display the barcode or the picture.

Specifically, for example, the user may trigger the display module 3004 to display a joint password or display a barcode or a picture by:

(1) Entering the confirmation password, after the smart card 300 verifies that the confirmation password is correct, the display module 304 displays the joint password, or displays the barcode or picture; or

(2) Press the confirmation button to trigger the display module 3004 to display the joint password, or display the barcode or picture; or

(3) Enter the confirmation password and press the confirm button. After the smart card 300 verifies that the confirmation password is correct, the display module 304 displays the joint password, or displays the barcode or picture.

Of course, the conditions for triggering the display module 3004 to display the joint password or the barcode or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.

In addition, the transceiver module 3001 of the smart card 300 can also be used to send the joint password acquired from the password generating module 3002 to the terminal 100 in a contactless communication manner, because the manner in which the terminal 100 obtains the verification password is different. In the above two manners, the terminal 300 can be conveniently obtained to obtain the verification password, and the problem of locking the smart card due to the error of the verification password input is prevented.

In addition, in order to match the smart card 300 to receive the verification password, the terminal 100 may acquire the verification password from the smart card 30 in a contactless communication manner or acquire the verification password by scanning the barcode or picture displayed by the display module 3004 of the smart card 300.

It can be seen that the smart card transaction system with electronic signature function of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. Sex. FIG. 3 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention. The structure of the smart card transaction system with electronic signature function of the present invention will now be described with reference to FIG. 3, which is as follows:

The smart card transaction system with electronic signature function of the present invention comprises: a terminal 10, a background system server 20, and a smart card 30 having an electronic signature function. The smart card 30 is a device having an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions. among them,

The smart card 30 with the electronic signature function accesses the terminal, receives the transaction message, generates a joint password, generates a signature message according to the transaction message and the joint password, and sends at least the signature message to the terminal 10; The terminal 10 obtains the verification password, verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server; wherein, the verification password is a joint password input through the button of the terminal 10, or the smart card is scanned through the terminal 10 a joint password obtained by the information, or a joint password obtained from the smart card by the terminal 10 in a contactless communication manner;

The backend system server 20 performs a transaction operation in accordance with the transaction instruction.

Meanwhile, based on the above system, the smart card 30 includes: a transceiver module 301, a password generation module 302, a signature module 303, and a display module 304; in other words, the above-described modules included in the smart card 30 having an electronic signature function can be integrated on one chip, It can be integrated on multiple chips according to the number and functions of the chips used by the smart card 30, and will not be exemplified herein.

The transceiver module 301 is used to access the terminal 10, receive the transaction message and send it to the signature module 303;

The password generating module 302 is configured to generate a joint password, and sent to the signature module 303 and the display module 304;

The signature module 303 generates a signature message according to the transaction message and the joint password, and sends the signature message to the terminal 10 through the transceiver module 301.

Of course, on the basis of the above structure, the transceiver module 301 of the smart card 30 of the present invention disconnects the terminal 10 after transmitting the signature message to the terminal 10, so that the display module 304 displays the transaction message. Therefore, it is ensured that the smart card 30 of the present invention completes the data (signature data) interaction required for the transaction only by contacting the terminal 10 once, and reduces the risk of interception of data due to the second contact, thereby improving the security of the transaction.

Of course, the terminal 10 can notify the background system server 20 to lock the account corresponding to the smart card to protect the security of the user account after verifying that the joint password fails a preset number of times (for example, three times).

In addition, the smart card 30 may further include: a button module 305. The button module 305 is based on the received confirmation password and

/ or confirm the command, the trigger display module 304 displays the joint password.

In addition, the smart card 30 can also include: a graphics generation module 306. The graphics generation module 306 converts the joint password obtained from the password generation module 302 into a barcode or picture. When the smart card 30 generates a barcode or a picture using the graphic generation module 306, the display module 304 can be triggered by the button module 305 to display the barcode or picture.

Specifically, for example, the user may trigger the display module 304 to display a joint password or display a barcode or a picture by:

(1) Enter the confirmation password. After the smart card 30 verifies that the confirmation password is correct, the display module 304 displays the joint password, or displays the barcode or picture; or

(2) Press the confirmation button, the trigger display module 304 displays the joint password, or displays the barcode or picture; or (3) enter the confirmation password and press the confirm button, after the smart card 30 verifies that the password is correct, the display module

304 displays the joint password, or displays a barcode or picture. Of course, the conditions for triggering the display module 304 to display the joint password or the barcode or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.

In addition, the transceiver module 301 of the smart card 30 can also be configured to send the joint password acquired from the password generating module 302 to the terminal 10 in a contactless communication manner, because the manner in which the terminal 10 obtains the verification password is different. By adopting the above two methods, the terminal 30 can be conveniently obtained to obtain the verification password, and the problem of locking the smart card due to the error of the verification password input is prevented.

In addition, in order to match the smart card 30 to receive the verification password, the terminal 10 can acquire the verification password from the smart card 30 in a contactless communication manner or acquire the verification password by scanning the barcode or picture displayed by the display module 304 of the smart card 30.

It can be seen that the smart card transaction system with electronic signature function of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. Sex. Example 1

Based on the structure of the smart card transaction system with electronic signature function shown in FIG. 2 or 3, FIG. 4 is a flowchart of Embodiment 1 of the smart card transaction method with electronic signature function according to the present invention. Of course, the smart card transaction method with the electronic signature function in this embodiment can be arbitrarily divided according to the structure shown in FIG. 2 or 3, and the method of the present embodiment is all within the scope of the present invention. .

The smart card transaction method with the electronic signature function of the present invention will be described below with reference to FIG. 4, which is as follows: The smart card transaction method with the electronic signature function of the present invention includes:

Step S301: A smart card access terminal having an electronic signature function, receiving a transaction message;

Specifically, before the smart card access terminal having the electronic signature function, the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the commodity information, and the like.

The smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal. The transaction message includes at least an account and an amount, and may also include transaction details.

Of course, the smart card can also access the terminal through contact.

The smart card of the present invention adopts a non-contact mode access terminal and has higher security than a contact mode access terminal, and prevents information from being acquired.

Further, the smart card is a device having an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed with a key, or an integrated chip having the above two chip functions.

Step S302: The smart card generates a joint password.

Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one of numbers, letters, and symbols or Multiple combinations generate a joint password, which can guarantee the uniqueness and randomness of the joint password and improve the security of the joint password. Of course, the smart card can also convert the joint password into a barcode or a two-dimensional code or picture to facilitate subsequent acquisition. Step S303: The smart card generates a signature message according to the transaction message and the joint password.

Specifically, the smart card can directly sign the transaction message and the joint password to generate a signature message; or the smart card calculates the summary information of the transaction message, calculates the summary information of the joint password, and summarizes the summary information of the transaction message and the combined password. The information is signed to generate a signature message; or

The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and signs the summary information of the transaction message and the encrypted joint password to generate a signature message;

The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password, and signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.

The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.

In addition, the encryption operation can be symmetric encryption or asymmetric encryption. In order to further improve the security of the joint password transmission, the smart card can also generate a random number, combine the joint password and the random number according to a preset format, and encrypt the combined data to obtain an encrypted joint password. Combining the joint password with the random number at this time can prevent replay attacks.

The invention can adopt the method of performing summary calculation on the joint password, encrypting the joint password or performing digest calculation on the encrypted joint password, thereby ensuring the security of the joint password transmission; the summary information of the joint password, the encrypted joint password or the encrypted joint password. The summary information is signed to improve the security of the transaction.

Step S304: The smart card sends at least the signature message to the terminal.

Specifically, in step S303, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.

In step S303, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.

Of course, no matter what kind of information is calculated by the smart card in step S303, the smart card can send the calculated information to the terminal, so that the terminal subsequently verifies the verification password.

Step S305: The terminal obtains the verification password, verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server; wherein, the verification password is a joint password input through a button of the terminal, or is displayed by scanning the smart card through the terminal. a joint password for obtaining information, or a joint password obtained from a smart card by a terminal in a contactless communication manner; Specifically, in step S303, if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, the verification is determined. Both the password and the signed message are verified.

In step S303, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signature message according to the transaction message and the verification password.

In step S303, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature report according to the transaction message and the verification password. The correctness of the text.

Of course, in the foregoing process, the terminal may further verify the correctness of the signed message according to the transaction message and the encrypted joint password or the summary information of the encrypted joint password.

Of course, no matter what information the smart card is based on when calculating the signature message in step S303, the terminal can verify the correctness of the verification password and the signature message according to the information or the verification password.

In addition, the terminal may obtain the verification password in the following manner: The terminal receives the information input by the key to obtain the joint password, for example, by inputting the verification password from the keyboard of the terminal to obtain the joint password; or the terminal acquires the joint password by scanning the information displayed by the smart card, for example, the terminal. Scan the QR code displayed by the smart card or barcode to obtain the joint password; or the terminal obtains the joint password from the smart card through contactless communication, for example, by placing the smart card in the scanning range of the terminal, with NFC, optical communication, Bluetooth, infrared Wait for the joint password.

Of course, when the user performs the operation as a proxy, the joint password can be notified to the third person so that the third party can input the joint password to the terminal.

Step S306: The background system server performs a transaction operation according to the transaction instruction.

Specifically, the background system server may be a bank server or a third-party server, and the third-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.

After obtaining the verification password, the terminal of the invention verifies the verification password and the signature message, and after the verification is passed, sends the transaction instruction to the background system server to trigger the background system server to complete the transaction, thereby preventing the signature data from being deleted. The important data is transmitted through the network, resulting in unsafe hidden dangers, ensuring the security of the transaction. In addition, the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, which is different from the existing transaction password and OTP, and must be transmitted in ciphertext. The joint password can be obtained in different ways. In the process of obtaining, the joint password (authentication password) can be transmitted in clear text without reducing the security of the account during the transaction; the invention generates a joint password and signs by the smart card. To ensure the security of the joint password transmission to the terminal and the accuracy of the terminal to verify the joint password.

Thus, the smart card transaction method of the present invention is completed, and the transaction is completed by one access of the smart card and the terminal. The interaction of data (such as signature data) reduces the risk of intercepting important information caused by multiple accesses and improves security. Example 2

Based on the structure of the smart card transaction system with electronic signature function shown in FIG. 2 or 3, FIG. 5 is a flowchart of Embodiment 2 of the smart card transaction method with electronic signature function according to the present invention. Of course, the smart card transaction method with the electronic signature function in this embodiment can be arbitrarily divided according to the structure shown in FIG. 2 or 3, and the method of the present embodiment is all within the scope of the present invention. .

The smart card transaction method with the electronic signature function of the present invention will be described below with reference to FIG. 5, which is as follows: The smart card transaction method with the electronic signature function of the present invention includes:

Step S401: A smart card access terminal having an electronic signature function, receiving a transaction message;

Of course, the smart card can also access the terminal through contact.

Step S402: The smart card generates a joint password.

Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password, which can ensure non-uniqueness of the joint password, randomness, and improve the security of the joint password. Sex.

Of course, the smart card can also convert the joint password into a barcode or a two-dimensional code or picture to facilitate subsequent acquisition. Step S403: The smart card generates a signature message according to the transaction packet and the joint password.

The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates plus The summary information of the secret combination password, the summary information of the transaction message and the summary information of the encrypted joint password are signed to generate a signature message.

Step S404: The smart card sends at least the signature message to the terminal.

Specifically, in step S403, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.

In step S403, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.

Of course, no matter what kind of information is calculated by the smart card in step S403, the smart card can send the calculated information to the terminal, so that the terminal subsequently verifies the verification password.

Step S405: The smart card disconnects from the terminal.

Specifically, in the case of non-contact mode access, the user can leave the sensing range of the smart card to leave the terminal; in the case of contact mode access, the user can pull out the smart card from the terminal. Disconnecting from the terminal ensures a single contact between the smart card and the terminal, which reduces the risk of intercepting multiple contact information and improves the security of data transmission.

Step S406: The smart card displays the transaction message;

Specifically, the smart card displays the received transaction message on the display screen, so that the user can confirm the authenticity of the transaction and ensure the security of the transaction. At the same time, the user can also select the transaction message of the transaction according to the multiple transactions displayed by the smart card on the display screen to ensure that the joint password displayed subsequently is the joint password of the transaction.

Step S407: The smart card receives the confirmation password and/or the confirmation command input through the button;

Specifically, after confirming the authenticity of the transaction information or selecting the transaction information of the transaction, the user may trigger the smart card to display the generated joint password or barcode or picture by inputting the confirmation password and/or the operation of the confirmation instruction. By entering a confirmation password to trigger the smart card to display a joint password or barcode or picture, the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved. For example, after the user confirms the transaction or selects the transaction information of the transaction, the user enters the confirmation password on the smart card, and presses the confirmation button, and the smart card's display screen displays the joint password corresponding to the transaction information confirmed by the user.

Step S408: The smart card displays a joint password or a barcode or a picture.

Specifically, the smart card displays the joint password or the barcode or the picture, so that the user can know the joint password, so that the user can input the joint password to the terminal through the button of the terminal, or the terminal scans the barcode or the picture to obtain the verification password to complete the transaction. The password entered by the user and the password scanned by the terminal may be referred to as a verification password, and the user inputs the verification password to the terminal to ensure that the subsequent terminal verifies the correctness of the verification password.

Of course, the smart card can also convert the joint password into a barcode or a two-dimensional code or picture for subsequent terminal access.

In order to further improve the security of the joint password, and prevent others from obtaining the plaintext information of the joint password, in step S402, the joint password plaintext may be encrypted by using a preset symmetric encryption algorithm, and the encrypted joint password is stored in the smart card. After the smart card receives the confirmation password and/or confirmation command input by the user through the button, the combined password clear text is decrypted by the preset symmetric encryption algorithm for display.

Step S409: The terminal acquires the verification password, verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server; wherein, the verification password is a joint password input through a button of the terminal, or is displayed by scanning the smart card through the terminal. a joint password for obtaining information, or a joint password obtained from a smart card by a terminal in a contactless communication manner;

Specifically, in step S403, if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, the verification is determined. Both the password and the signed message are verified.

In step S403, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signed message according to the transaction message and the verification password.

In step S403, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature report according to the transaction message and the verification password. The correctness of the text.

Of course, regardless of the information according to the smart card in calculating the signature message in step S403, the terminal can verify the correctness of the verification password and the signature message according to the information of the smart card or the verification password.

In addition, the terminal may obtain the verification password in the following manner: The terminal receives the information input by the key to obtain the joint password, for example, by inputting the verification password from the keyboard of the terminal to obtain the joint password; or the terminal scanning the smart card The displayed information obtains the joint password, for example, the terminal scans the QR code displayed by the smart card or the barcode to obtain the joint password; or the terminal obtains the joint password from the smart card through contactless communication, for example, by placing the smart card in the scanning range of the terminal, Get the joint password in NFC, optical communication, Bluetooth, infrared, etc.

Step S410: The background system server performs a transaction operation according to the transaction instruction.

It can be seen that the smart card transaction method of the present invention completes the interaction of data required for transaction (such as signature data) through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses, and improving the risk. safety. FIG. 6 is still another schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention. Referring now to FIG. 6, the structure of the smart card transaction system with electronic signature function of the present invention will be described as follows:

The smart card transaction system with electronic signature function of the present invention comprises: a terminal 400, a background system server 500, and a smart card 600 having an electronic signature function. The smart card 600 is a device having an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions. among them,

The smart card 600 with the electronic signature function accesses the terminal 400, receives the transaction message, generates a joint password, encrypts the joint password to obtain an encrypted joint password, generates a signature message according to the transaction message, and sends the encrypted joint password and the signed message. To the terminal 400;

The terminal 400 obtains the verification password, verifies the verification password, and sends the transaction message and the signature message to the background system server 500 after the verification is passed; wherein the verification password is a joint password input through the button of the terminal 400, or The joint password obtained by the terminal 400 scanning the information displayed by the smart card 600, or the joint password acquired from the smart card 600 by the terminal 400 in a contactless communication manner;

The background system server 500 verifies the signature message, and after the verification is passed, performs a transaction operation according to the transaction message. Based on the above system, the smart card 600 includes: a transceiver module 6001, a password generation module 6002, an encryption module 6003, and a signature module 6004;

The transceiver module 6001 is configured to access the terminal 400, and receive the transaction message and send it to the signature module 6004.

The password generating module 6002 is configured to generate a joint password, and sent to the encryption module 6003;

The encryption module 6003 is configured to encrypt the joint password to obtain the encrypted joint password, and send the encrypted joint password to the terminal 400 through the transceiver module 6001;

The signature module 6004 generates a signature message according to the transaction message, and sends the signature message to the terminal through the transceiver module 6001.

In addition, the smart card 600 may further include a display module 6005 for displaying the joint password, so that the terminal 400 scans the displayed joint password to obtain the verification password. Of course, by displaying the joint password, the joint password input terminal 400 can also be used as the verification password by the button of the terminal 400.

Of course, on the basis of the above structure, the transceiver module 6001 of the smart card 600 of the present invention disconnects the terminal 400 after transmitting the signature message to the terminal 400, so that the display module 6005 displays the transaction message. Therefore, it is ensured that the smart card 600 of the present invention completes the data (signature data) interaction required for the transaction only by contacting the terminal 400 once, thereby reducing the risk of data being intercepted due to the secondary contact, thereby improving the security of the transaction.

Of course, the terminal 400 can notify the background system server 500 to lock the account corresponding to the smart card to protect the security of the user account after verifying that the joint password fails a preset number of times (for example, three times).

In addition, the smart card 600 may further include: a button module 6006. The button module 6006 triggers the display module 6005 to display the joint password based on the received confirmation password and/or confirmation command.

In addition, the smart card 600 may further include: a graphic generating module 6007 that converts the joint password acquired from the password generating module 6002 into a barcode or a picture. When the smart card 600 generates a barcode or a picture by using the graphic generation module 6007, the display module 6005 can be triggered by the button module 6006 to display the barcode or the picture.

Specifically, for example, the user may trigger the display module 605 to display the joint password or display a barcode or a picture by:

(1) Enter the confirmation password. After the smart card 600 verifies that the confirmation password is correct, the display module 605 displays the joint password or displays the barcode or picture; or

(2) Press the confirmation button, trigger the display module 6005 to display the joint password, or display the barcode or picture; or By

(3) Enter the confirmation password and press the confirmation button. After the smart card 600 verifies that the confirmation password is correct, the display module 605 displays the joint password, or the barcode or picture.

Of course, the conditions for triggering the display module 6005 to display the joint password or the barcode or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.

In addition, because the manner in which the terminal 400 obtains the verification password is different, the transceiver module 6001 of the smart card 600 can also be used to send the joint password acquired from the password generation module 6002 to the terminal 400 in a contactless communication manner. In the above two manners, the terminal 600 can be conveniently obtained to obtain the verification password, and the problem of locking the smart card due to the error of the verification password input is prevented.

In addition, in order to match the smart card 600 to receive the verification password, the terminal 400 may acquire the verification password from the smart card 600 in a contactless communication manner or acquire the verification password by scanning the barcode or picture displayed by the display module 6005 of the smart card 600.

It can be seen that the smart card transaction system with electronic signature function of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. Sex. FIG. 7 is still another schematic structural diagram of a smart card transaction system with an electronic signature function according to the present invention. Referring now to Figure 7, the structure of the smart card transaction system with electronic signature function of the present invention will be described as follows:

The smart card transaction system with electronic signature function of the present invention comprises: a terminal 40, a background system server 50, and a smart card 60 having an electronic signature function. The smart card 60 is a device having an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions. among them,

The smart card 60 with the electronic signature function accesses the terminal 40, receives the transaction message, generates a joint password, and generates an encrypted joint password according to at least the joint password, generates a signature message according to the transaction message, and sends the encrypted joint password and the signature message to the Terminal 40;

The terminal 40 obtains the verification password, respectively verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server 50; wherein, the verification password is a joint password input through the button of the terminal 40, or is scanned by the terminal 40. a joint password obtained by the smart card to display the information, or a joint password obtained by the terminal 40 from the smart card in a contactless communication manner;

The backend system server 50 performs the transaction operation in accordance with the transaction instruction.

Based on the above system, the smart card 60 includes: a transceiver module 601, a password generation module 602, and an encryption module 603. Signing module 604 and display module 605;

The transceiver module 601 is used for the access terminal 40, receives the transaction message and sends it to the signature module 604;

The password generating module 602 is configured to generate a joint password, and sent to the display module 605 and the encryption module 603;

The encryption module 603 is configured to encrypt the joint password to obtain the encrypted joint password, and send the encrypted joint password to the terminal 40 through the transceiver module 601;

The signature module 604 generates a signature message according to the transaction message, and sends the signature message to the terminal 40 through the transceiver module 601.

Of course, on the basis of the above structure, the transceiver module 601 of the smart card 60 of the present invention disconnects the terminal 40 after transmitting the signature message to the terminal 40, so that the display module 605 displays the transaction message. Therefore, it is ensured that the smart card 60 of the present invention completes the data (signature data) interaction required for the transaction only by contacting the terminal 40 once, thereby reducing the risk of interception of data due to the second contact, thereby improving the security of the transaction.

Of course, the terminal 40 can notify the background system server 50 to lock the account corresponding to the smart card to protect the security of the user account after verifying that the joint password fails a preset number of times (for example, three times).

In addition, the smart card 60 can also include: a button module 606. The button module 606 triggers the display module 605 to display the joint password based on the received confirmation password and/or confirmation command.

Further, the smart card 60 further includes: a graphic generation module 607; the graphic generation module 607 generates a barcode or a picture based on the joint password acquired from the password generation module 602. When the smart card 60 generates a barcode or a picture using the graphic generation module 607, the display module 605 can be triggered by the button module 606 to display the barcode or picture.

(1) Enter the confirmation password. After the smart card 60 verifies that the confirmation password is correct, the display module 605 displays the joint password, or displays the barcode or picture; or

(2) Pressing the confirmation button, the trigger display module 605 displays the joint password, or displays the barcode or picture; or

(3) Enter the confirmation password and press the confirmation button. After the smart card 60 verifies that the confirmation password is correct, the display module 605 displays the joint password or displays the barcode or picture.

Of course, the conditions for triggering the display module 605 to display the joint password or the barcode or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.

In addition, the transceiver module 601 of the smart card 60 can also be used to send the joint password acquired from the password generating module 602 to the terminal 40 in a contactless communication manner, because the manner in which the terminal 40 obtains the verification password is different. In the above two manners, the terminal 60 can be conveniently obtained to obtain the verification password, and the problem of locking the smart card due to the error of the verification password input is prevented.

In addition, in order to match the smart card 60 to receive the verification password, the terminal 40 can receive the smart card in a contactless communication manner. 60 Acquire a verification password or obtain a verification password by scanning a barcode or a picture displayed by the display module 605 of the smart card 60.

It can be seen that the smart card transaction system with electronic signature function of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. Sex. Example 3

Based on the structure of the smart card transaction system with electronic signature function shown in FIG. 6 or FIG. 8, FIG. 8 is a flowchart of Embodiment 3 of the smart card transaction method with electronic signature function according to the present invention. Of course, in addition to adopting the structure shown in FIG. 6 or 7, the smart card transaction method with the electronic signature function in this embodiment can also arbitrarily divide the structure thereof, as long as the method of the present embodiment belongs to the scope claimed by the present invention. .

Referring to FIG. 8, the smart card transaction method with the electronic signature function of the present invention will be described as follows: The smart card transaction method with the electronic signature function of the present invention includes:

Step S601: A smart card access terminal having an electronic signature function, receiving a transaction message;

Of course, the smart card can also access the terminal through contact.

Step S602: The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.

Of course, the smart card can also convert the joint password into a barcode or a two-dimensional code or picture to facilitate subsequent acquisition. In addition, the encryption operation can be symmetric encryption or asymmetric encryption. among them:

The smart card can directly encrypt the joint password to generate an encrypted joint password; or

The smart card calculates the summary information of the joint password, and uses the summary information as the encrypted joint password; or

The smart card calculates summary information of the joint password, encrypts the summary information of the joint password, and generates an encrypted joint secret. Code; or

The smart card can also generate a random number, combine the joint password and the random number according to a preset format, and encrypt the combined data to obtain an encrypted joint password. In this case, the combination of the joint password and the random number can prevent the replay attack and further improve the security of the joint password transmission.

When symmetric encryption is used, the smart card and the terminal use the same encryption key, which facilitates the terminal to verify the joint password. When asymmetric encryption is used, the smart card can be encrypted using the public key of the terminal or encrypted with the private key of the smart card.

Step S603: The smart card generates a signature message according to the transaction packet.

Specifically, the smart card can directly sign the transaction message to generate a signature message; or

The smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message. The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.

By generating a signature message for the transaction message and sending it to the terminal for verification, it is possible to ensure that the transaction is a real transaction and the non-repudiation of the transaction.

Step S604: The smart card sends the encrypted joint password and the signed message to the terminal.

Specifically, the smart card may send the encrypted joint password and the signed message to the terminal, so that the terminal subsequently verifies the verification password.

Step S605: The terminal obtains the verification password, respectively verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server; wherein, the verification password is a joint password input through a button of the terminal, or the smart card is scanned through the terminal. a joint password obtained by the displayed information, or a joint password obtained from the smart card by the terminal in a contactless communication manner;

Specifically, the terminal can verify the correctness of the signature message according to the transaction message and the verification password. If the signature is correct, it is determined that the verification password and the signature message are verified.

The terminal can also verify the correctness of the password according to the encrypted joint password verification, and verify the correctness of the signed message according to the transaction message and the verification password.

The terminal may also verify the correctness of the verification password according to the summary information of the encrypted joint password, and verify the correctness of the signature message according to the transaction message and the verification password.

Of course, in the foregoing process, the terminal may further verify the correctness of the signed message according to the transaction message and the encrypted joint password or the summary information of the encrypted joint password. Of course, regardless of the information in the steps S602 and S603, the smart card obtains the encrypted joint password and the calculated signature message, and the terminal can verify the correctness of the verification password and the signature message according to the information or the verification password.

Step S606: The background system server performs a transaction operation according to the transaction instruction.

After obtaining the verification password, the terminal of the invention verifies the verification password and the signature message, and after the verification is passed, sends the transaction instruction to the background system server to trigger the background system server to complete the transaction, thereby preventing the signature data from being deleted. The important data is transmitted through the network, resulting in unsafe hidden dangers, ensuring the security of the transaction. In addition, the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, which is different from the existing transaction password and OTP, and must be transmitted in ciphertext. The joint password can be obtained in different ways. In the process of obtaining, the joint password (authentication password) can be transmitted in clear text without reducing the security of the account during the transaction; the invention generates a joint password by the smart card, and The joint password is encrypted to ensure the security of the joint password transmission to the terminal and the accuracy of the terminal verification joint password.

It can be seen that the smart card transaction method of the present invention completes the interaction of data required for transaction (such as signature data) through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses, and improving the risk. safety. Example 4

Based on the structure of the smart card transaction system with electronic signature function shown in FIG. 6 or FIG. 9, FIG. 9 is a flowchart of Embodiment 4 of the smart card transaction method with electronic signature function according to the present invention. Of course, in addition to adopting the structure shown in FIG. 6 or 7, the smart card transaction method with the electronic signature function in this embodiment can also arbitrarily divide the structure thereof, as long as the method of the present embodiment belongs to the scope claimed by the present invention. .

The smart card transaction method with the electronic signature function of the present invention will be described below with reference to FIG. 9, which is as follows: The smart card transaction method with the electronic signature function of the present invention includes: Step S701: A smart card access terminal having an electronic signature function, receiving a transaction message;

Of course, the smart card can also access the terminal through contact.

Step S702: The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.

The smart card calculates summary information of the joint password, encrypts the summary information of the joint password, and generates an encrypted joint password; or

Step S703: The smart card generates a signature message according to the transaction packet.

The smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message. The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, and a MAC address. The MAC value calculated by the algorithm, the ciphertext obtained by symmetric encryption.

Step S704: The smart card sends the encrypted joint password and the signed message to the terminal.

Step S705: The smart card disconnects from the terminal;

Step S706: The smart card displays the transaction message;

Step S707: The smart card receives the confirmation password and/or the confirmation command input through the button;

Specifically, after confirming the authenticity of the transaction information or selecting the transaction information of the transaction, the user may trigger the smart card to display the generated joint password by inputting the confirmation password and/or the operation of the confirmation instruction. By entering a confirmation password to trigger the smart card to display a joint password or barcode or picture, the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved.

For example, after the user confirms the transaction or selects the transaction information of the transaction, the user enters the confirmation password on the smart card, presses the confirmation button, and the smart card's display screen displays the joint password corresponding to the transaction information confirmed by the user.

Step S708: The smart card displays a joint password or a barcode or a picture;

In order to further improve the security of the joint password, and prevent others from obtaining the plaintext information of the joint password, in step S402, the joint password plaintext may be encrypted by using a preset symmetric encryption algorithm, and the encrypted joint password is stored in the smart card. After the smart card receives the confirmation password and/or confirmation command input by the user through the button, the preset pair is It is said that the encryption algorithm decrypts the joint password plaintext for display.

Step S709: The terminal obtains the verification password, respectively verifies the signature message and the verification password, and after the verification is passed, sends the transaction instruction to the background system server; wherein, the verification password is a joint password input through a button of the terminal, or the smart card is scanned through the terminal. a joint password obtained by the displayed information, or a joint password obtained from the smart card by the terminal in a contactless communication manner;

Of course, regardless of the information obtained by the smart card in obtaining the encrypted joint password and the calculated signature message in steps S702 and S703, the terminal can verify the correctness of the verification password and the signature message according to the information or the verification password.

Step S710: The background system server performs a transaction operation according to the transaction instruction.

After obtaining the verification password, the terminal of the invention verifies the verification password and the signature message, and after the verification is passed, sends the transaction instruction to the background system server to trigger the background system server to complete the transaction, thereby preventing the signature data from being deleted. The important data is transmitted through the network, resulting in unsafe hidden dangers, ensuring the security of the transaction. In addition, the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, which is different from the existing transaction password and OTP, and must be transmitted in ciphertext. The joint password can be obtained in different ways. In the process of obtaining, the joint password (authentication password) can be transmitted in clear text, and will not The security of the account during the transaction process is reduced. The invention generates a joint password by the smart card, and encrypts the joint password, thereby ensuring the security of the joint password transmission to the terminal and the accuracy of the terminal verifying the joint password.

It can be seen that the smart card transaction method of the present invention completes the interaction of data required for transaction (such as signature data) through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses, and improving the risk. safety. Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process. And the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.

It should be understood that portions of the invention may be implemented in hardware, software, firmware or a combination thereof. In the above-described embodiments, multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented with any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.

One of ordinary skill in the art can understand that all or part of the steps carried by the method of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, one or a combination of the steps of the method embodiments is included.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. The integrated modules, if implemented in the form of software functional modules and sold or used as separate products, may also be stored in a computer readable storage medium.

The above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

In the description of the present specification, the description of the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples. Although the embodiments of the present invention have been shown and described, it is understood that the foregoing embodiments are illustrative and not restrictive Variations, modifications, alterations and variations of the above-described embodiments are possible within the scope of the invention. The scope of the invention is defined by the appended claims and their equivalents.

Claims

Claim

A smart card transaction method with an electronic signature function, the method comprising:

A. A smart card access terminal having an electronic signature function, receiving a transaction message;

B. The smart card generates a joint password;

C. The smart card generates a signature message according to the transaction packet and the joint password.

D. The smart card sends at least the signature message to the terminal;

E. The terminal obtains a verification password, verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is input through a button of the terminal. a joint password, or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner;

F. The background system server performs a transaction operation according to the transaction instruction.

2. The method according to claim 1, wherein the step C comprises:

The smart card calculates summary information of the transaction message;

The smart card encrypts the joint password to obtain an encrypted joint password;

The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message.

3. The method according to claim 1, wherein the step C comprises:

The smart card calculates summary information of the transaction message;

The smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; the smart card signs the summary information of the transaction packet and the encrypted joint password to generate a signature message.

4. A method according to claim 2 or 3, characterized in that

In the step D, the smart card further sends the encrypted joint password and the signed message to the terminal.

5. The method according to claim 1, wherein the step C comprises:

The smart card calculates summary information of the transaction message;

The smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password;

The smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.

6. The method of claim 5, wherein

In the step D, the smart card further sends the summary information of the encrypted joint password and the signature message to The terminal.

The method according to claim 1, wherein between the step D and the step E, the method further comprises:

The smart card disconnects from the terminal;

The smart card displays the transaction message;

The smart card receives a confirmation password and/or a confirmation command input through a button;

The smart card displays the joint password or barcode or picture.

8. A smart card transaction method with an electronic signature function, wherein the method comprises:

B. The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password.

C. The smart card generates a signature message according to the transaction packet;

D. The smart card sends the encrypted joint password and the signed message to the terminal;

E. The terminal obtains a verification password, respectively verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is a key input through the terminal. a joint password, or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner;

The method according to claim 8, wherein between the step D and the step E, the method further comprises:

The smart card disconnects from the terminal;

The smart card displays the transaction message;

The smart card displays the joint password or barcode or picture.

The method according to claim 8, wherein the encrypting the joint password in the step B to obtain the encrypted joint password may adopt a symmetric encryption or an asymmetric encryption.

11. A smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;

The terminal obtains a verification password, verifies the signature message and the verification password, and sends a transaction instruction to the background system server after the verification is passed; wherein the verification password is a joint password input through a button of the terminal. , Or a joint password obtained by scanning the information displayed by the smart card by the terminal, or a joint password obtained by the terminal from the smart card in a contactless communication manner;

The system according to claim 11, wherein the smart card comprises: a transceiver module, a password generation module and a signature module;

The transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;

The password generating module is configured to generate a joint password and send the code to the signature module;

The system of claim 12, wherein the smart card further comprises: a display module; the display module is configured to display the joint password.

The system according to claim 13, wherein the smart card further comprises: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command .

The system of claim 12, wherein the smart card further comprises: a display module and a graphics generation module;

The graphics generating module is configured to generate a barcode or a picture according to the joint password obtained from the password generating module;

The display module is configured to display the barcode or a picture.

The system according to claim 15, wherein the smart card further comprises: a button module; the button module triggers the display module to display the barcode or according to the received confirmation password and/or confirmation command image.

The system according to any one of claims 13 to 16, wherein the transceiver module disconnects the terminal after transmitting the signature message to the terminal;

The display module further displays the transaction message after the transceiver module disconnects from the terminal.

The system according to any one of claims 12 to 17, wherein the transceiver module is further configured to send the joint password acquired from the password generating module to the terminal in a contactless communication manner.

The system according to claim 18, wherein the terminal acquires the verification password from the smart card in a contactless communication manner.

The system according to claim 15 or 16, wherein the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.

21. A smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;

The system according to claim 21, wherein the smart card comprises: a transceiver module, a password generation module, an encryption module, and a signature module;

The encryption module is configured to encrypt the joint password to obtain an encrypted joint password, and send the encrypted joint password to the terminal by using the transceiver module;

The signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module.

The system of claim 22, wherein the smart card further comprises: a display module; the display module is configured to display the joint password.

The system according to claim 23, wherein the smart card further comprises: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command .

The system of claim 22, wherein the smart card further comprises: a display module and a graphics generation module;

The display module is configured to display the barcode or a picture.

The system of claim 25, wherein the smart card further comprises: a button module; the button module is configured to trigger the display module to display the according to the received confirmation password and/or confirmation command Bar code or picture.

The system according to any one of claims 23 to 26, wherein the transceiver module disconnects the terminal after transmitting the signature message to the terminal;

The system according to any one of claims 21 to 27, wherein the transceiver module is further configured to send the joint password acquired from the password generation module to the terminal in a contactless communication manner.

The system according to claim 28, wherein the terminal acquires the verification password from the smart card in a contactless communication manner.

The system according to claim 25 or 26, wherein the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.