CN103136664B - There is smart card transaction system and the method for electronic signature functionality - Google Patents
There is smart card transaction system and the method for electronic signature functionality Download PDFInfo
- Publication number
- CN103136664B CN103136664B CN201310070783.6A CN201310070783A CN103136664B CN 103136664 B CN103136664 B CN 103136664B CN 201310070783 A CN201310070783 A CN 201310070783A CN 103136664 B CN103136664 B CN 103136664B
- Authority
- CN
- China
- Prior art keywords
- password
- smart card
- message
- terminal
- combined password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of smart card transaction system and smart card method of commerce with electronic signature functionality, wherein method comprises: A, smart card access terminal, and receives transaction message; B, smart card generate combined password; C, smart card generate signature message according to transaction message and combined password; D, smart card are sent to terminal to major general's message of signing; E, terminal are obtained authentication password, are sent to background system server to major general's transaction message, signature message and authentication password; Authentication password is the combined password of the acquisition of information that shows by terminal scanning smart card, or the combined password obtaining from smart card in non-contact communication mode by terminal; F, background system server authentication signature message and authentication password, and after being verified, carry out transaction operation according to transaction message. By smart card and terminal once accessed the mutual of transaction desired data, reduced the risk that the important information that repeatedly access causes is intercepted and captured, improved security.
Description
Technical field
The present invention relates to a kind of electronic technology field, relate in particular to a kind of smart card transaction system and tool with electronic signature functionalityThere is the smart card method of commerce of electronic signature functionality.
Background technology
Now, bankcard consumption has become main flow. Adopt following flow process to realize electronic signature transaction:
Step S101, user holds and accesses terminal with cordless; Wherein, cordless can be radio frequency, bluetooth, NFCEtc. any cordless.
Step S102, terminal is sent to Transaction Information the smart card of user's access; Wherein, Transaction Information can at least comprise accountNumber and the amount of money, certainly can also comprise transaction details information.
Step S103, smart card receives Transaction Information, shows Transaction Information, after user confirms that Transaction Information is errorless, receives and usesThe confirmation password of family input, signs to Transaction Information;
Step S104, smart card accesses terminal with cordless again, and signing messages is sent to terminal;
Step S105, Transaction Information and signing messages are uploaded to bank server by terminal, so that bank server is according to transaction letterBreath is carried out transaction.
As can be seen here, existing smart card is complete need to be with cordless and terminal in the process that Transaction Information is signedCarry out at least twice access, thereby the problem that can exist Transaction Information in access procedure and/or signing messages to be held as a hostage causes userLoss, security is not high.
Summary of the invention
The present invention is intended to solve existing smart card Transaction Information and/or signing messages in access procedure repeatedly and is held as a hostage and causesThe problem that security is not high.
One object of the present invention is to provide a kind of smart card method of commerce with electronic signature functionality.
Another object of the present invention is to provide a kind of smart card transaction system with electronic signature functionality.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
The invention provides a kind of smart card method of commerce with electronic signature functionality, described method comprises:
A, the smart card with electronic signature functionality access terminal, and receive transaction message;
B, described smart card generate combined password;
C, described smart card generate signature message according to described transaction message and described combined password;
D, described smart card to the message of signing described in major general are sent to described terminal;
E, described terminal are obtained authentication password, are sent to transaction message, described signature message and described authentication password described in major generalBackground system server; Described authentication password is by the combined password of the acquisition of information of smart card demonstration described in described terminal scanning,Or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described in F, described background system server authentication, sign message and described authentication password, and after being verified, according to describedTransaction message is carried out transaction operation.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to described combined password encrypts combined password;
Summary info and the described encryption combined password of described smart card to described transaction message signed, and generates signature message.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to the combination of described combined password and random number encrypts combined password;
Summary info and the described encryption combined password of described smart card to described transaction message signed, and generates signature message.
In addition,, in described step D, described smart card is also sent to described end by described encryption combined password and described signature messageEnd;
In described step e, described terminal also by described encryption combined password, described transaction message, described signature message and described inCombined password is sent to background system server.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to described combined password encrypts combined password, and calculates plucking of described encryption combined passwordWant information;
The summary info of described smart card to described transaction message and the summary info of described encryption combined password are signed, and generateSignature message.
In addition,, in described step D, described smart card is also sent out the summary info of described encryption combined password and described signature messageDeliver to described terminal;
In described step e, described terminal is also by the summary info of described combined password, described transaction message, described signature messageBe sent to background system server with described combined password.
In addition,, between described step D and described step e, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password.
The present invention provides a kind of smart card transaction system with electronic signature functionality on the other hand, and described system comprises: terminal,Background system server and there is the smart card of electronic signature functionality;
Described smart card accesses described terminal, receives transaction message, generates combined password, according to described transaction message and describedClose password and generate signature message, to signing described in major general, message is sent to described terminal;
Described terminal is obtained authentication password, is sent to institute to transaction message, described signature message and described authentication password described in major generalState background system server; Described authentication password is close by the associating of the acquisition of information of smart card demonstration described in described terminal scanningCode, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described in described background system server authentication, sign message and described authentication password, and after being verified, according to described friendshipEasily message is carried out transaction operation.
In addition, described smart card comprises: transceiver module, password generation module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module is with non-Contact communication modes sends the combined password obtaining from described password generation module to described terminal;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates signature message according to described transaction message and described combined password, and by described transceiver module extremelyThe message of signing described in major general is sent to described terminal.
In addition, described smart card comprises: transceiver module, and password generation module, signature blocks, display module and figure generate mouldPiece;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates signature message according to described transaction message and described combined password, and by described transceiver module extremelyThe message of signing described in major general is sent to described terminal;
Described figure generation module generates bar code or picture according to the described combined password obtaining from described password generation module, andExporting described display module to shows.
In addition, described terminal is obtained described authentication password in non-contact communication mode from described smart card.
In addition, described terminal is obtained described checking by the bar code or the picture that scan the described display module of described smart card and showPassword.
In addition, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password receiving and/or confirm instruction, triggers described display module and shows that described associating is closeCode.
In addition, described transceiver module is sending described signature message to after described terminal, also disconnects and being connected of described terminal;
Described display module disconnects with after being connected of described terminal at described transceiver module, also shows described transaction message.
Another aspect of the invention provides a kind of smart card method of commerce with electronic signature functionality, and described method comprises:
A ', the smart card with electronic signature functionality access terminal, and receive transaction message;
B ', described smart card generate combined password, and at least generate and encrypt combined password according to described combined password;
C ', described smart card generate signature message according to described transaction message;
Described signature message and described encryption combined password are sent to described terminal by D ', described smart card;
E ', described terminal are obtained authentication password, to transaction message, described signature message, described authentication password and institute described in major generalState encryption combined password and be sent to background system server; Described authentication password is for showing by smart card described in described terminal scanningThe combined password of acquisition of information, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
F ', described background system server are verified respectively described signature message and described authentication password, and after being verified, rootCarry out transaction operation according to described transaction message.
In addition, described in step B ', at least generating encryption combined password according to combined password comprises:
Described smart card is encrypted to obtain to the combination of described combined password and random number encrypts combined password; Or
Described smart card adopts symmetric cryptography or asymmetric encryption mode to be encrypted to obtain to combined password and encrypts combined password.
In addition, described step C ' comprising:
Described smart card calculates the summary info of described transaction message, and the summary info of described transaction message is signed, and generatesSignature message.
In addition, in described step D ' and described step e ' between, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password.
Further aspect of the present invention provides a kind of smart card transaction system with electronic signature functionality, and described system comprises: terminal,Background system server and there is the smart card of electronic signature functionality;
Described smart card accesses described terminal, receives transaction message, generates combined password, at least generates according to described combined passwordEncrypt combined password, generate signature message according to described transaction message code, described signature message and described encryption combined password are sent outDeliver to described terminal;
Described terminal is obtained authentication password, to transaction message described in major general, described signature message, described authentication password and described in addClose combined password is sent to described background system server; Described authentication password is for showing by smart card described in described terminal scanningThe combined password of acquisition of information, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described background system server is verified respectively described signature message and described authentication password, and after being verified, according to instituteState transaction message and carry out transaction operation.
In addition, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module is with non-Contact communication modes sends the combined password obtaining from described password generation module to described terminal;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described demonstration mouldPiece;
Described encrypting module at least generates and encrypts combined password according to described combined password, and adds described in inciting somebody to action by described transceiver moduleClose combined password is sent to described terminal;
Described signature blocks generates signature message according to described transaction message, and by described transceiver module, described signature message is sent outDeliver to described terminal.
In addition, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks, display module andFigure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described demonstration mouldPiece;
Described encrypting module at least generates and encrypts combined password according to described combined password, and adds described in inciting somebody to action by described transceiver moduleClose combined password is sent to described terminal;
Described signature blocks generates signature message according to described transaction message, and by described transceiver module, described signature message is sent outDeliver to described terminal;
Described figure generation module generates bar code or picture according to the described combined password obtaining from described password generation module, andExporting described display module to shows.
In addition, it is characterized in that, described terminal is obtained described authentication password in non-contact communication mode from described smart card.
In addition, described terminal is obtained described checking by the bar code or the picture that scan the described display module of described smart card and showPassword.
In addition, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password receiving and/or confirm instruction, triggers described display module and shows that described associating is closeCode.
In addition, described transceiver module is sending described signature message to after described terminal, also disconnects and being connected of described terminal;
Described display module disconnects with after being connected of described terminal at described transceiver module, also shows described transaction message.
As seen from the above technical solution provided by the invention, the invention provides a kind of smart card with electronic signature functionalityTransaction system and the smart card method of commerce with electronic signature functionality, complete exchange by the once access of smart card and terminalNeed the mutual of data, reduced the risk that the important information that repeatedly access causes is intercepted and captured, improved security. Of the present inventionOne or more the combination of closing password and can be in the time of each transaction random numeral, letter and the character generating, is different from existingTrading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and notCan reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to background system at smart card one adnationServer, be also different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation associating of the present inventionPassword is also signed or one-sided generation combined password being encrypted, to ensure security and the combined password of combined password transmissionThe accuracy of checking; Terminal of the present invention is that after having obtained combined password, to have sent related data (can be transaction message, labelName message and combined password) to background system server, what make to be sent to background system server by terminal need to be by backstageThe data that system server is processed are through authorizing and active data, have ensured security, have improved operating efficiency.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below by the accompanying drawing of required use during embodiment is describedBe briefly described, apparently, the accompanying drawing in the following describes is only some embodiments of the present invention, for this areaThose of ordinary skill, is not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the method flow diagram of existing electronic signature transaction;
Fig. 2 is the flow chart that the present invention has the smart card method of commerce embodiment 1 of electronic signature functionality;
Fig. 3 is the flow chart that the present invention has the smart card method of commerce embodiment 2 of electronic signature functionality;
Fig. 4 is the flow chart that the present invention has the smart card method of commerce embodiment 3 of electronic signature functionality;
Fig. 5 is the flow chart that the present invention has the smart card method of commerce embodiment 4 of electronic signature functionality;
Fig. 6 is the structural representation that the present invention has the smart card transaction system embodiment 5 of electronic signature functionality;
Fig. 7 is the structural representation that the present invention has the smart card transaction system embodiment 6 of electronic signature functionality.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment. Based on reality of the present inventionExecute example, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong toProtection scope of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",Orientation or the position relationship of the instructions such as " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", " outward " are baseIn orientation shown in the drawings or position relationship, be only the present invention for convenience of description and simplified characterization, instead of instruction or hint instituteThe device referring to or element must have specific orientation, construct and operation with specific orientation, therefore can not be interpreted as the present inventionRestriction. In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importanceOr quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected "," connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connects integratedly; CanBeing mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be twoThe connection of individual element internal. For the ordinary skill in the art, can concrete condition understand above-mentioned term in the present inventionIn concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Fig. 2 is the flow chart that the present invention has the smart card method of commerce embodiment 1 of electronic signature functionality. Now in conjunction with Fig. 2, rightThe smart card method of commerce that the present invention has electronic signature functionality describes, specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S201: the smart card with electronic signature functionality accesses terminal, receives transaction message;
Concrete, before the smart card with electronic signature functionality accesses terminal, terminal can be by manual input, network, sweepRetouch the modes such as merchandise news and obtain transaction message.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends. Wherein, transaction message is at least wrappedDraw together account and the amount of money, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal of the present invention can be mobile phone, notebook, panel computer, PC, POS machine etc. can be by wired or wirelessMode and background system server carry out mutual device.
Smart card of the present invention adopts cordless to access terminal and accesses terminal and have higher security compared with the way of contact, preventsInformation is acquired.
Step S202: smart card generates combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects a kind of or many from numeral, letter and symbolPlant combination producing combined password, can ensure the nonuniqueness of combined password, randomness, the security that improves combined password.
Step S203: smart card generates signature message according to transaction message and combined password;
Concrete, smart card can directly be signed to transaction message and combined password, generates signature message; Or
Smart card calculates the summary info of transaction message, calculates the summary info of combined password, to the summary info of transaction message andThe summary info of combined password is signed, and generates signature message; Or
Smart card calculates the summary info of transaction message, combined password is encrypted to obtain and encrypts combined password, to transaction messageSummary info and encrypt combined password sign, generate signature message; Or
Smart card calculates the summary info of transaction message, combined password is encrypted to obtain and encrypts combined password, and calculate and encryptThe summary info of combined password, signs to the summary info of the summary info of transaction message and encryption combined password, generates and signsName message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic Hash calculated by hash algorithm, pass through MACThe MAC value that algorithm calculates, the ciphertext obtaining by symmetric cryptography itself.
In addition, cryptographic calculation can (for example be undertaken by the PKI of background system server for symmetric cryptography or asymmetric encryptionEncrypt). In order further to improve the security of combined password transmission, smart card can also generate a random number, by combined passwordCombine according to default form with this random number, and the data after combination are encrypted and obtain encryption combined password. NowCombined password and random number are combined, thereby prevent Replay Attack.
The present invention can adopt by combined password is carried out digest calculations, to combined password be encrypted or to encrypt combined passwordCarry out digest calculations, ensured the security of combined password transmission; Can be to the summary info of combined password, encryption combined passwordOr encrypt the summary info of combined password and sign, improve the security of transaction.
Step S204: smart card to major general's message of signing is sent to terminal;
Concrete, in step S203, if while adopting smart card to calculate the scheme of encrypting combined password, in this step, intelligenceCard is also sent to terminal by encryption combined password and signature message.
In step S203, if while adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, intelligenceCan also summary info and the signature message of encrypting combined password be sent to terminal by card.
Certainly, no matter, in step S203, which kind of information what smart card calculated is, smart card can be sent to the information of calculatingTerminal.
Step S205: terminal is obtained authentication password, is sent to background system to major general's transaction message, signature message and authentication passwordServer;
Wherein, authentication password is the combined password of the acquisition of information that shows by terminal scanning smart card, or connects with non-by terminalTouch the combined password that communication modes obtains from smart card. Non-contact communication mode can be that bluetooth, optical communication, NFC are infrared etc. logicalNews mode.
Concrete, in step S203, if while adopting smart card to calculate the scheme of encrypting combined password, in this step, terminalAlso encryption combined password, transaction message, signature message and authentication password are sent to background system server.
In step S203, if while adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, eventuallyEnd is also sent to background system server by summary info, transaction message, signature message and the authentication password of encrypting combined password.
Certainly, no matter, in step S203, which kind of information what smart card calculated is, the information that terminal all can be calculated smart card be sent outDeliver to background system server.
Terminal of the present invention is only being obtained after authentication password, after just transaction message, signature message and authentication password can being sent toPlatform system server, so that background system server authenticates user identity according to combined password and signature message, and then touchesSend out background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more group of random numeral, letter and the character generating in the time of each transactionClose, be different from existing trading password and OTP and must adopt ciphertext to transmit, combined password of the present invention can enter by plaintextRow transmits, and can not reduce the security of account in process of exchange; Combined password of the present invention is to become also at smart card one adnationBe uploaded to background system server, be also different from existing OTP needs background system server and terminal to generate simultaneously, the present inventionOne-sided generation combined password and sign, to ensure the accuracy of security and combined password checking of combined password transmission;Terminal of the present invention be after having obtained authentication password, sent related data (can be transaction message, the message and verify close of signingCode) to background system server, what make to be sent to background system server by terminal need to be by background system server placeThe data of reason are the data through authorizing, and have ensured security, have improved operating efficiency.
Step S206: background system server authentication signature message and authentication password, and after being verified, according to transaction messageCarry out transaction operation.
Smart card method of commerce of the present invention as can be seen here, has once accessed transaction desired data by smart card and terminalAlternately, reduce the risk that the important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 2
Fig. 3 is the flow chart that the present invention has the smart card method of commerce embodiment 2 of electronic signature functionality. Now in conjunction with Fig. 3, rightThe smart card method of commerce that the present invention has electronic signature functionality describes, specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S301: the smart card with electronic signature functionality accesses terminal, receives transaction message;
Concrete, before the smart card with electronic signature functionality accesses terminal, terminal can be by manual input, network, sweepRetouch the modes such as merchandise news and obtain transaction message.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends. Wherein, transaction message is at least wrappedDraw together account and the amount of money, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal of the present invention can be mobile phone, notebook, panel computer, PC, POS machine etc. can be by wired or wirelessMode and background system server carry out mutual device.
Smart card of the present invention adopts cordless to access terminal and accesses terminal and have higher security compared with the way of contact, preventsInformation is acquired.
Step S302: smart card generates combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects a kind of or many from numeral, letter and symbolPlant combination producing combined password, can ensure the nonuniqueness of combined password, randomness, the security that improves combined password.
Step S303: smart card generates signature message according to transaction message and combined password;
Concrete, smart card can directly be signed to transaction message and combined password, generates signature message; Or
Smart card calculates the summary info of transaction message, calculates the summary info of combined password, to the summary info of transaction message andThe summary info of combined password is signed, and generates signature message; Or
Smart card calculates the summary info of transaction message, combined password is encrypted to obtain and encrypts combined password, to transaction messageSummary info and encrypt combined password sign, generate signature message; Or
Smart card calculates the summary info of transaction message, combined password is encrypted to obtain and encrypts combined password, and calculate and encryptThe summary info of combined password, signs to the summary info of the summary info of transaction message and encryption combined password, generates and signsName message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic Hash calculated by hash algorithm, pass through MACThe MAC value that algorithm calculates, the ciphertext obtaining by symmetric cryptography itself.
In addition, cryptographic calculation can (for example be undertaken by the PKI of background system server for symmetric cryptography or asymmetric encryptionEncrypt). In order further to improve the security of combined password transmission, smart card can also generate a random number, by combined passwordCombine according to default form with this random number, and the data after combination are encrypted and obtain encryption combined password. NowCombined password and random number are combined, thereby prevent Replay Attack.
The present invention can adopt by combined password is carried out digest calculations, to combined password be encrypted or to encrypt combined passwordCarry out digest calculations, ensured the security of combined password transmission; Can be to the summary info of combined password, encryption combined passwordOr encrypt the summary info of combined password and sign, improve the security of transaction.
Step S304: smart card to major general's message of signing is sent to terminal;
Concrete, in step S303, if while adopting smart card to calculate the scheme of encrypting combined password, in this step, intelligenceCard is also sent to terminal by encryption combined password and signature message.
In step S303, if while adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, intelligenceCan also summary info and the signature message of encrypting combined password be sent to terminal by card.
Certainly, no matter, in step S303, which kind of information what smart card calculated is, smart card can be sent to the information of calculatingTerminal.
Step S305: smart card disconnection is connected with terminal;
Concrete, in the situation that contactless mode accesses, user holds smart card and leaves the induction range of terminal; ConnecingIn the situation that touch mode accesses, user extracts smart card from terminal. Disconnect with ensured being connected of terminal smart card andThe once contact of terminal, has reduced the risk that multiple-contact information is intercepted and captured, the security that has improved transfer of data.
Step S306: smart card shows transaction message;
Concrete, smart card, in the transaction message that shows that screen display receives, so that user confirms the authenticity of this transaction, is protectedThe safety of card transaction.
Step S307: smart card receives by the confirmation password of key-press input and/or confirms instruction;
Concrete, user, after having confirmed the authenticity of Transaction Information, can and/or confirm instruction by input validation passwordOperation, triggers smart card and shows the combined password generating. Trigger smart card by input validation password and show combined password, bar shapedCode or picture can prevent that combined password from being known by other people, improve the confidentiality of combined password.
Step S308: smart card shows combined password, bar code or picture;
Concrete, smart card shows combined password, bar code or picture, is convenient to terminal and obtains identifying code, and then complete transaction.
In order further to improve the security of combined password, prevent that other people from obtaining the cleartext information of combined password, at step S302Time, combined password expressly can also be encrypted with the symmetric encipherment algorithm of presetting and the combined password after encrypting is stored in to intelligenceIn blocking, receive user by the confirmation password of key-press input and/or confirm after instruction at smart card, then adding with this default symmetryClose algorithm decrypts combined password and expressly shows.
Step S309: terminal is obtained authentication password, is sent to background system to major general's transaction message, signature message and authentication passwordServer;
Wherein, authentication password is the combined password of the acquisition of information that shows by terminal scanning smart card, or connects with non-by terminalTouch the combined password that communication modes obtains from smart card. Non-contact communication mode can be that bluetooth, optical communication, NFC are infrared etc. logicalNews mode.
Concrete, in step S303, if while adopting smart card to calculate the scheme of encrypting combined password, in this step, terminalAlso encryption combined password, transaction message, signature message and combined password are sent to background system server.
In step S303, if while adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, eventuallyEnd is also sent to background system server by summary info, transaction message, signature message and the combined password of encrypting combined password.
Certainly, no matter, in step S303, which kind of information what smart card calculated is, the information that terminal all can be calculated smart card be sent outDeliver to background system server.
Terminal of the present invention is only being obtained after authentication password, after just transaction message, signature message and authentication password can being sent toPlatform system server, so that background system server authenticates user identity according to authentication password and signature message, and then touchesSend out background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more group of random numeral, letter and the character generating in the time of each transactionClose, be different from existing trading password and OTP and must adopt ciphertext to transmit, combined password of the present invention can enter by plaintextRow transmits, and can not reduce the security of account in process of exchange; Combined password of the present invention is to become also at smart card one adnationBe uploaded to background system server, be also different from existing OTP needs background system server and terminal to generate simultaneously, the present inventionOne-sided generation combined password and sign, to ensure the accuracy of security and combined password checking of combined password transmission;Terminal of the present invention be after having obtained authentication password, sent related data (can be transaction message, the message and verify close of signingCode) to background system server, what make to be sent to background system server by terminal need to be by background system server placeThe data of reason are the data through authorizing, and have ensured security, have improved operating efficiency.
Step S310: background system server authentication signature message and authentication password, and after being verified, according to transaction messageCarry out transaction operation.
Concrete, in step S303, if smart card sign according to combined password and transaction message, in this step,Terminal according to and the correctness of transaction message and authentication password certifying signature message, if signature is correct, is determined authentication passwordWith signature message all by verify.
In step S303, if while adopting smart card to calculate the scheme of encrypting combined password, in this step, terminal is according to addingThe correctness of close combined password authentication password, and according to the correctness of transaction message and authentication password certifying signature message.
In step S303, if while adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, eventuallyEnd is according to the correctness of summary info authentication password of encrypting combined password, and according to transaction message and authentication password checkingThe correctness of signature message.
Certainly,, in said process, terminal can also and be encrypted combined password or the summary letter of encryption combined password according to transaction messageThe correctness of breath certifying signature message.
Certainly, no matter, in step S303, smart card is according to which kind of information in the time of compute signature message, and terminal all can basisThis information of smart card or authentication password are carried out the correctness of authentication password and signature message.
The smart card method of commerce with electronic signature functionality of the present invention as can be seen here, by the once access of smart card and terminalComplete the mutual of transaction desired data, reduced the risk that the important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 3
Fig. 4 is the flow chart that the present invention has the smart card method of commerce embodiment 3 of electronic signature functionality. Now in conjunction with Fig. 4, rightThe smart card method of commerce that the present invention has electronic signature functionality describes, specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S401: the smart card with electronic signature functionality accesses terminal, receives transaction message;
Concrete, before the smart card with electronic signature functionality accesses terminal, terminal can be by manual input, network, sweepRetouch the modes such as merchandise news and obtain transaction message.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends. Wherein, transaction message is at least wrappedDraw together account and the amount of money, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal can be mobile phone, notebook, panel computer, PC etc. can be by wired or wireless mode and background system clothesBusiness device carries out mutual device.
Smart card of the present invention adopts cordless to access terminal and accesses terminal and have higher security compared with the way of contact, preventsInformation is acquired.
Step S402: smart card generates combined password, and at least generate and encrypt combined password according to combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects a kind of or many from numeral, letter and symbolPlant combination producing combined password, can ensure the nonuniqueness of combined password, randomness, the security that improves combined password.
Concrete, smart card can adopt the method that the combination of combined password and random number is encrypted to obtain and encrypt combined password,Or adopt symmetric cryptography or asymmetric encryption mode to be encrypted and to obtain encryption combined password combined password.
The present invention encrypts combined password by transmission, has further ensured the security of combined password transmission; By combined password and withMachine number combines, thereby prevents Replay Attack.
Step S403: smart card generates signature message according to transaction message;
Concrete, smart card can directly be signed to transaction message, generates signature message; Or
Smart card calculates the summary info of transaction message, and the summary info of transaction message is signed, and generates signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic Hash calculated by hash algorithm, pass through MACThe MAC value that algorithm calculates, the ciphertext obtaining by symmetric cryptography itself.
Step S404: signature message and encryption combined password are sent to terminal by smart card;
Step S405: terminal is obtained authentication password, to major general's transaction message, signature message, encryption combined password and authentication passwordBe sent to background system server;
Wherein, authentication password is the combined password of the acquisition of information that shows by terminal scanning smart card, or connects with non-by terminalTouch the combined password that communication modes obtains from smart card. Non-contact communication mode can be that bluetooth, optical communication, NFC are infrared etc. logicalNews mode.
Background system server can be bank server or third-party server, and third-party server is that non-banking system adoptsServer, such as public transit system adopt to the mass transit card server etc. of controlling of supplementing with money and withhold.
Terminal of the present invention is only being obtained after authentication password, just can and test transaction message, signature message, encryption combined passwordCard password is sent to background system server, so that background system server enters user identity according to authentication password and signature messageRow certification, and then triggering background system server completes transaction, the security of raising transaction.
Combined password of the present invention can be one or more group of random numeral, letter and the character generating in the time of each transactionClose, be different from existing trading password and OTP and must adopt ciphertext to transmit, combined password of the present invention can enter by plaintextRow transmits, and can not reduce the security of account in process of exchange; Combined password of the present invention is to become also at smart card one adnationBe uploaded to background system server, be also different from existing OTP needs background system server and terminal to generate simultaneously, the present inventionOne-sided generation combined password and be encrypted, to ensure the accuracy of security and combined password checking of combined password transmission;Terminal of the present invention be after having obtained authentication password, sent related data (can be transaction message, the message and verify close of signingCode) to background system server, what make to be sent to background system server by terminal need to be by background system server placeThe data of reason are the data through authorizing, and have ensured security, have improved operating efficiency.
Step S406: background system server is certifying signature message and authentication password respectively, and after being verified, according to transactionMessage is carried out transaction operation.
Concrete, background system server is verified the correctness of authentication password according to encrypting combined password; Background system clothesBusiness device verifies the correctness of signature message according to encrypting combined password and transaction message, or according to authentication password and transactionMessage is verified the correctness of signature message. Background system server after having verified that the correct and authentication password of signature is correct,Carry out transaction operation according to transaction message.
The smart card method of commerce with electronic signature functionality of the present invention as can be seen here, by the once access of smart card and terminalComplete the mutual of transaction desired data, reduced the risk that the important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 4
Fig. 5 is the flow chart that the present invention has the smart card method of commerce embodiment 4 of electronic signature functionality. Now in conjunction with Fig. 5, rightThe smart card method of commerce that the present invention has electronic signature functionality describes, specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S501: the smart card with electronic signature functionality accesses terminal, receives transaction message;
Concrete, before the smart card with electronic signature functionality accesses terminal, terminal can be by manual input, network, sweepRetouch the modes such as merchandise news and obtain transaction message.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends. Wherein, transaction message is at least wrappedDraw together account and the amount of money, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal can be mobile phone, notebook, panel computer, PC etc. can be by wired or wireless mode and background system clothesBusiness device carries out mutual device.
Smart card of the present invention adopts cordless to access terminal and accesses terminal and have higher security compared with the way of contact, preventsInformation is acquired.
Step S502: smart card generates combined password, and at least generate and encrypt combined password according to combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects a kind of or many from numeral, letter and symbolPlant combination producing combined password, can ensure the nonuniqueness of combined password, randomness, the security that improves combined password.
Concrete, smart card can adopt the method that the combination of combined password and random number is encrypted to obtain and encrypt combined password,Or adopt symmetric cryptography or asymmetric encryption mode to be encrypted and to obtain encryption combined password combined password.
The present invention encrypts combined password by transmission, has further ensured the security of combined password transmission; By combined password and withMachine number combines, thereby prevents Replay Attack.
Step S503: smart card generates signature message according to transaction message;
Concrete, smart card can directly be signed to transaction message, generates signature message; Or
Smart card calculates the summary info of transaction message, and the summary info of transaction message is signed, and generates signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic Hash calculated by hash algorithm, pass through MACThe MAC value that algorithm calculates, the ciphertext obtaining by symmetric cryptography itself.
Step S504: signature message and encryption combined password are sent to terminal by smart card;
Step S505: smart card disconnection is connected with terminal;
Concrete, in the situation that contactless mode accesses, user holds smart card and leaves the induction range of terminal; ConnecingIn the situation that touch mode accesses, user extracts smart card from terminal. Disconnect with ensured being connected of terminal smart card andThe once contact of terminal, has reduced the risk that multiple-contact information is intercepted and captured, the security that has improved transfer of data.
Step S506: smart card shows transaction message;
Concrete, smart card, in the transaction message that shows that screen display receives, so that user confirms the authenticity of this transaction, is protectedThe safety of card transaction.
Step S507: smart card receives by the confirmation password of key-press input and/or confirms instruction;
Concrete, user, after having confirmed the authenticity of Transaction Information, can and/or confirm instruction by input validation passwordOperation, triggers smart card and shows the combined password generating. Trigger smart card by input validation password and show combined password, bar shapedCode or picture can prevent that combined password from being known by other people, improve the confidentiality of combined password.
Step S508: smart card shows combined password, bar code or picture;
Concrete, smart card shows combined password, bar code or picture, so that terminal is obtained authentication password, and then completes transaction.
In order further to improve the security of combined password, prevent that other people from obtaining the cleartext information of combined password, at step S502Time, combined password expressly can also be encrypted with the symmetric encipherment algorithm of presetting and the combined password after encrypting is stored in to intelligenceIn blocking, receive user by the confirmation password of key-press input and/or confirm after instruction at smart card, then adding with this default symmetryClose algorithm decrypts combined password and expressly shows.
Step S509: terminal is obtained authentication password, sends transaction message, signature message, encryption combined password and authentication passwordTo background system server;
Wherein, authentication password is the combined password of the acquisition of information that shows by terminal scanning smart card, or connects with non-by terminalTouch the combined password that communication modes obtains from smart card. Non-contact communication mode can be that bluetooth, optical communication, NFC are infrared etc. logicalNews mode.
Background system server can be bank server or third-party server, and third-party server is that non-banking system adoptsServer, such as public transit system adopt to the mass transit card server etc. of controlling of supplementing with money and withhold.
Terminal of the present invention is only being obtained after authentication password, just can and test transaction message, signature message, encryption combined passwordCard password is sent to background system server, so that background system server enters user identity according to authentication password and signature messageRow certification, and then triggering background system server completes transaction, the security of raising transaction.
Combined password of the present invention can be one or more group of random numeral, letter and the character generating in the time of each transactionClose, be different from existing trading password and OTP and must adopt ciphertext to transmit, combined password of the present invention can enter by plaintextRow transmits, and can not reduce the security of account in process of exchange; Combined password of the present invention is to become also at smart card one adnationBe uploaded to background system server, be also different from existing OTP needs background system server and terminal to generate simultaneously, the present inventionOne-sided generation combined password and be encrypted, to ensure the accuracy of security and combined password checking of combined password transmission;Terminal of the present invention be after having obtained authentication password, sent related data (can be transaction message, the message and verify close of signingCode) to background system server, what make to be sent to background system server by terminal need to be by background system server placeThe data of reason are the data through authorizing, and have ensured security, have improved operating efficiency.
Step S510: background system server is certifying signature message and authentication password respectively, and after being verified, according to transactionMessage is carried out transaction operation.
Concrete, background system server is verified the correctness of authentication password according to encrypting combined password; Background system clothesBusiness device verifies the correctness of signature message according to encrypting combined password and transaction message, or according to authentication password and transactionMessage is verified the correctness of signature message. Background system server after having verified that the correct and authentication password of signature is correct,Carry out transaction operation according to transaction message.
The smart card method of commerce with electronic signature functionality of the present invention as can be seen here, by the once access of smart card and terminalComplete the mutual of transaction desired data, reduced the risk that the important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 5
Fig. 6 is the structural representation that the present invention has the smart card transaction system embodiment 5 of electronic signature functionality. It is first in conjunction with Fig. 6,Structure the present invention to the smart card transaction system of electronic signature functionality describes, specific as follows:
The smart card transaction system with electronic signature functionality of the present invention comprises: terminal 10, background system server 20 andThere is the smart card 30 of electronic signature functionality. Wherein, smart card 30, for having the equipment of electronic signature functionality, can comprise and containingThere is the core of the card sheet of user account information and utilize key to carry out the safety chip of digital signature, or comprising thering are above-mentioned two chipsThe integrated chip of function; Terminal 10 can be mobile phone, notebook, panel computer, PC, POS machine etc. can be by wired or nothingLine mode and background system server carry out mutual device. Background system server 20 can be bank server or third party's clothesBusiness device, third-party server is the server that non-banking system adopts, such as public transit system adopts mass transit card is supplemented with moneyWith the server etc. of withholing and controlling.
Wherein, the smart card 30 that has an electronic signature functionality comprises: transceiver module 301, password generation module 302, signature mouldPiece 303 and display module 304; In other words, having the above-mentioned module that the smart card 30 of electronic signature functionality comprises can be integrated inOn a chip, quantity and the function of the chip that also can adopt according to smart card 30, be integrated on multiple chips, at this just notIllustrating one by one.
Transceiver module 301, for accessing terminal 10, receives transaction message and is sent to signature blocks 303; Transceiver module 301 withNon-contact communication mode sends the combined password obtaining from password generation module 302 to terminal 10.
Password generation module 302 is for generating combined password, and is sent to signature blocks 303 and display module 304. Concrete,Password generation module 302 can receive after transaction message at transceiver module 301, generates combined password.
Signature blocks 303 generates signature message according to transaction message and combined password, and signs to major general by transceiver module 301Message is sent to terminal 10.
Terminal 10 receives obtains authentication password, is sent to background system service to major general's transaction message, signature message and authentication passwordDevice 20. Wherein, authentication password is the combined password that scans the acquisition of information that smart card 30 shows by terminal 10, or by eventuallyEnd 10 combined passwords that obtain from smart card 30 in non-contact communication mode.
Background system server 20 certifying signature message and authentication passwords, and after being verified, carry out transaction according to transaction messageOperation.
Certainly,, on the basis of said structure, the transceiver module 301 of smart card 30 of the present invention is sending signature message to terminalAfter 10, also disconnect and being connected of terminal 10, so that display module 304 shows transaction message. Thereby ensure intelligence of the present inventionCan block 30 and only contact with terminal 10 and once just completed exchange and need data interaction, reduce because secondary contact produces data and cutThe risk obtaining, has improved the security of concluding the business.
Certainly, background system server 20 can be in the time verifying authentication password, and the number of times of authentication failed reaches preset timesFor example, after (3 times), lock account that this smart card the is corresponding safety with protection user account.
In addition, smart card 30 can also comprise: key-press module 305. Key-press module 305 according to the confirmation password receiving and/Or confirmation instruction, trigger display module 304 and show combined password, bar code or picture.
In addition, smart card 30 also comprises: figure generation module 306; Figure generation module 306 bases are from password generation module 302The combined password that obtains generates bar code or picture, and exports display module 304 to and show.
Concrete, for example user can trigger in the following way display module 304 and show combined password, bar code or picture:
(1) input validation password, after smart card 30 demonstration validation passwords are correct, display module 304 show combined password,Bar code or picture; Or
(2) press confirmation button, trigger display module 304 and show combined password, bar code or picture; Or
(3) input validation password, and press confirmation button, after smart card 30 demonstration validation passwords are correct, display module 304Show combined password, bar code or picture.
Certainly, can arrange and trigger display module 304 and show combined password, bar code or picture for the different consumption amount of moneyCondition, for example, small amount consumption only needs user to press confirmation button, wholesale consumer need user input validation password etc.
The smart card transaction system that there is the smart card of electronic signature functionality and there is electronic signature functionality of the present invention as can be seen here,By smart card and terminal once accessed the mutual of transaction desired data, reduced the important information quilt that repeatedly access causesThe risk of intercepting and capturing, has improved security.
Embodiment 6
Fig. 7 is the structural representation that the present invention has the smart card transaction system embodiment 6 of electronic signature functionality. It is first in conjunction with Fig. 7,Structure the present invention to the smart card transaction system of electronic signature functionality describes, specific as follows:
The smart card transaction system with electronic signature functionality of the present invention comprises: terminal 40, background system server 50 andThere is the smart card 60 of electronic signature functionality. Wherein, terminal 40 can be mobile phone, notebook, panel computer, PC etc. and can lead toCross wired or wireless mode and background system server carries out mutual device; Smart card 60 is for having establishing of electronic signature functionalityStandby, can comprise the core of the card sheet that contains user account information and utilize key to carry out the safety chip of digital signature, or comprising toolThere is the integrated chip of above-mentioned two chip functions; Background system server 50 can be bank server or third-party server, theTripartite's server is the server that non-banking system adopts, such as public transit system adopt to the mass transit card control of supplementing with money and withholdThe server of system etc.
Wherein, the smart card 60 that has an electronic signature functionality comprises: transceiver module 601, password generation module 602, signature mouldPiece 603, display module 604 and encrypting module 605; In other words, there is upper that the smart card 60 of electronic signature functionality comprisesState module and can be integrated on a chip, quantity and the function of the chip that also can adopt according to smart card 60, be integrated in multiple coresOn sheet, just do not illustrating one by one at this.
Transceiver module 601, for accessing terminal 40, receives transaction message and is sent to signature blocks 603; Transceiver module 601 withNon-contact communication mode sends the combined password obtaining from crypto module 602 to terminal 40.
Password generation module 602 is for generating combined password, and is sent to signature blocks 603 and display module 604. Concrete,Password generation module 602 can receive after transaction message at transceiver module 601, generates combined password.
Encrypting module 605 at least according to combined password generate encrypt combined password, and by transceiver module 601 will encrypt combine closeCode is sent to terminal 40.
Signature blocks 603 generates signature message according to transaction message, and is sent to by transceiver module 601 to major general's message of signingTerminal 40.
Terminal 40 is obtained authentication password, after being sent to major general's transaction message, signature message, encryption combined password and authentication passwordPlatform system server 50. Wherein, authentication password is the combined password that scans the acquisition of information that smart card 60 shows by terminal 40,Or the combined password obtaining from smart card 60 in non-contact communication mode by terminal 40.
Background system server 50 certifying signature message and authentication password respectively, and after being verified, carry out according to transaction messageTransaction operation.
Certainly,, on the basis of said structure, the transceiver module 601 of smart card 60 of the present invention is sending signature message to terminalAfter 40, also disconnect and being connected of terminal 40, so that display module 604 shows transaction message. Thereby ensure intelligence of the present inventionCan block 60 and only contact with terminal 40 and once just completed exchange and need data interaction, reduce because secondary contact produces data and cutThe risk obtaining, has improved the security of concluding the business.
Certainly, background system server 50 can be in the time verifying authentication password, and the number of times of authentication failed reaches preset timesFor example, after (3 times), lock account that this smart card the is corresponding safety with protection user account.
In addition, smart card 60 can also comprise: key-press module 606. Key-press module 606 according to the confirmation password receiving and/Or confirmation instruction, trigger display module 604 and show combined password.
In addition, smart card 60 also comprises: figure generation module 607; Figure generation module 607 bases are from password generation module 602The combined password that obtains generates bar code or picture, and exports display module 604 to and show.
Concrete, for example user can trigger in the following way display module 604 and show combined password, bar code or picture:
(1) input validation password, after smart card 60 demonstration validation passwords are correct, display module 604 show combined password,Bar code or picture; Or
(2) press confirmation button, trigger display module 604 and show combined password, bar code or picture; Or
(3) input validation password, and press confirmation button, after smart card 60 demonstration validation passwords are correct, display module 604Show combined password, bar code or picture.
Certainly, can triggering display module 604 be set for the different consumption amount of money and show combined password condition, bar code or figureSheet, for example, small amount consumption only needs user to press confirmation button, wholesale consumer need user input validation password etc.
The smart card transaction system that there is the smart card of electronic signature functionality and there is electronic signature functionality of the present invention as can be seen here,By smart card and terminal once accessed the mutual of transaction desired data, reduced the important information quilt that repeatedly access causesThe risk of intercepting and capturing, has improved security.
Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise one orMore for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, andThe scope of the preferred embodiment of the present invention comprises other realization, wherein can, not according to order shown or that discuss, comprise rootBy the mode of basic while or by contrary order, carry out function according to related function, this should be by embodiments of the invention instituteBelonging to those skilled in the art understands.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination. In above-mentioned enforcementIn mode, multiple steps or method can be with being stored in software or the firmware carried out in memory and by suitable instruction execution systemRealize. For example, if realized with hardware, with the same in another embodiment, available following technology well known in the artIn any one or their combination realize: the discrete of logic gates having for data-signal being realized to logic function patrolledCollect circuit, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gateArray (FPGA) etc.
Those skilled in the art are appreciated that it is passable realizing all or part of step that above-described embodiment method carriesCarry out by program the hardware that instruction is relevant and complete, described program can be stored in a kind of computer-readable recording medium, this journeyOrder, in the time carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also eachThe independent physics in unit exists, and also can be integrated in a module two or more unit. Above-mentioned integrated module is both passableAdopt the form of hardware to realize, also can adopt the form of software function module to realize. If described integrated module is with software meritForm that can module realizes and as production marketing independently or while using, also can be stored in embodied on computer readable storage JieIn matter.
The above-mentioned storage medium of mentioning can be read-only storage, disk or CD etc.
In the description of this description, reference term " embodiment ", " some embodiment ", " example ", " concrete example ",Or specific features, structure, material or feature that the description of " some examples " etc. means to describe in conjunction with this embodiment or example compriseIn at least one embodiment of the present invention or example. In this manual, to the schematic statement of the above-mentioned term definiteness that differsIdentical embodiment or example. And, specific features, structure, material or the feature of description can any one orIn multiple embodiment or example with suitable mode combination.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary,Can not be interpreted as limitation of the present invention, those of ordinary skill in the art is not in the situation that departing from principle of the present invention and aimCan change above-described embodiment within the scope of the invention, amendment, replacement and modification. Scope of the present invention is by appended powerProfit requires and is equal to restriction.
Claims (23)
1. a smart card method of commerce with electronic signature functionality, is characterized in that, described method comprises:
A, the smart card with electronic signature functionality access terminal, and receive transaction message;
B, described smart card generate combined password;
C, described smart card generate signature message according to described transaction message and described combined password;
D, described smart card to the message of signing described in major general are sent to described terminal; Described smart card disconnects the company with described terminalConnect, show described transaction message; Described smart card receives by the confirmation password of key-press input and/or confirms instruction, described in demonstrationCombined password, bar code or picture;
E, described terminal are obtained authentication password, are sent to transaction message, described signature message and described authentication password described in major generalBackground system server; Described authentication password is by the combined password of the acquisition of information of smart card demonstration described in described terminal scanning,Or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described in F, described background system server authentication, sign message and described authentication password, and after being verified, according to describedTransaction message is carried out transaction operation.
2. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to described combined password encrypts combined password;
Summary info and the described encryption combined password of described smart card to described transaction message signed, and generates signature message.
3. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to the combination of described combined password and random number encrypts combined password;
Summary info and the described encryption combined password of described smart card to described transaction message signed, and generates signature message.
4. according to the method in claim 2 or 3, it is characterized in that,
In described step D, described smart card is also sent to described terminal by described encryption combined password and described signature message;
In described step e, described terminal also by described encryption combined password, described transaction message, described signature message and described inCombined password is sent to background system server.
5. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted to obtain to described combined password encrypts combined password, and calculates plucking of described encryption combined passwordWant information;
The summary info of described smart card to described transaction message and the summary info of described encryption combined password are signed, and generateSignature message.
6. method according to claim 5, is characterized in that,
In described step D, described smart card is also sent to institute by the summary info of described encryption combined password and described signature messageState terminal;
In described step e, described terminal is also by the summary info of described combined password, described transaction message, described signature messageBe sent to background system server with described combined password.
7. a smart card transaction system with electronic signature functionality, is characterized in that, described system comprises: terminal, backstageSystem server and there is the smart card of electronic signature functionality;
Described smart card accesses described terminal, receives transaction message, generates combined password, according to described transaction message and describedClose password and generate signature message, be sent to described terminal to the message of signing described in major general, disconnect and being connected of described terminal demonstrationDescribed transaction message; Receive the confirmation password by key-press input and/or confirm instruction, show described combined password, bar code orPicture;
Described terminal is obtained authentication password, is sent to institute to transaction message, described signature message and described authentication password described in major generalState background system server; Described authentication password is close by the associating of the acquisition of information of smart card demonstration described in described terminal scanningCode, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described in described background system server authentication, sign message and described authentication password, and after being verified, according to described friendshipEasily message is carried out transaction operation.
8. system according to claim 7, is characterized in that, described smart card comprises: transceiver module, password generates mouldPiece, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module is with non-Contact communication modes sends the combined password obtaining from described password generation module to described terminal;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates signature message according to described transaction message and described combined password, and by described transceiver module extremelyThe message of signing described in major general is sent to described terminal.
9. system according to claim 7, is characterized in that, described smart card comprises: transceiver module, password generates mouldPiece, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates signature message according to described transaction message and described combined password, and by described transceiver module extremelyThe message of signing described in major general is sent to described terminal;
Described figure generation module generates bar code or picture according to the described combined password obtaining from described password generation module, andExporting described display module to shows.
10. system according to claim 8, is characterized in that, described terminal in non-contact communication mode from described intelligenceCard obtains described authentication password.
11. systems according to claim 9, is characterized in that, described terminal is described aobvious by the described smart card of scanningShow that bar code or picture that module shows obtain described authentication password.
12. systems according to claim 8 or claim 9, is characterized in that, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password receiving and/or confirm instruction, triggers described display module and shows that described associating is closeCode, bar code or picture.
13. systems according to claim 8 or claim 9, is characterized in that, described transceiver module is sending described signature messageTo after described terminal, also disconnect and being connected of described terminal;
Described display module disconnects with after being connected of described terminal at described transceiver module, also shows described transaction message.
14. 1 kinds have the smart card method of commerce of electronic signature functionality, it is characterized in that, described method comprises:
A ', the smart card with electronic signature functionality access terminal, and receive transaction message;
B ', described smart card generate combined password, and at least generate and encrypt combined password according to described combined password;
C ', described smart card generate signature message according to described transaction message;
Described signature message and described encryption combined password are sent to described terminal by D ', described smart card; Described smart card disconnectsWith being connected of described terminal, show described transaction message; Receive confirmation password and/or confirmation instruction by key-press input, showDescribed combined password, bar code or picture;
E ', described terminal are obtained authentication password, to transaction message, described signature message, described authentication password and institute described in major generalState encryption combined password and be sent to background system server; Described authentication password is for showing by smart card described in described terminal scanningThe combined password of acquisition of information, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
F ', described background system server are verified respectively described signature message and described authentication password, and after being verified, rootCarry out transaction operation according to described transaction message.
15. methods according to claim 14, is characterized in that, at least generate and add according to combined password described in step B 'Close combined password comprises:
Described smart card is encrypted to obtain to the combination of described combined password and random number encrypts combined password; Or
Described smart card adopts symmetric cryptography or asymmetric encryption mode to be encrypted to obtain to combined password and encrypts combined password.
16. methods according to claim 14, is characterized in that, described step C ' comprising:
Described smart card calculates the summary info of described transaction message, and the summary info of described transaction message is signed, and generatesSignature message.
17. 1 kinds have the smart card transaction system of electronic signature functionality, it is characterized in that, described system comprises: terminal, afterPlatform system server and there is the smart card of electronic signature functionality;
Described smart card accesses described terminal, receives transaction message, generates combined password, at least generates according to described combined passwordEncrypt combined password, generate signature message according to described transaction message code, described signature message and described encryption combined password are sent outDeliver to described terminal;
Described terminal is obtained authentication password, to transaction message described in major general, described signature message, described authentication password and described in addClose combined password is sent to described background system server; Described authentication password is for showing by smart card described in described terminal scanningThe combined password of acquisition of information, or the combined password obtaining from described smart card in non-contact communication mode by described terminal;
Described background system server is verified respectively described signature message and described authentication password, and after being verified, according to instituteState transaction message and carry out transaction operation.
18. systems according to claim 17, is characterized in that, described smart card comprises: transceiver module, password generatesModule, encrypting module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module is with non-Contact communication modes sends the combined password obtaining from described password generation module to described terminal;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described demonstration mouldPiece;
Described encrypting module at least generates and encrypts combined password according to described combined password, and adds described in inciting somebody to action by described transceiver moduleClose combined password is sent to described terminal;
Described signature blocks generates signature message according to described transaction message, and by described transceiver module, described signature message is sent outDeliver to described terminal.
19. systems according to claim 17, is characterized in that, described smart card comprises: transceiver module, password generateModule, encrypting module, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described demonstration mouldPiece;
Described encrypting module at least generates and encrypts combined password according to described combined password, and adds described in inciting somebody to action by described transceiver moduleClose combined password is sent to described terminal;
Described signature blocks generates signature message according to described transaction message, and by described transceiver module, described signature message is sent outDeliver to described terminal;
Described figure generation module generates bar code or picture according to the described combined password obtaining from described password generation module, andExporting described display module to shows.
20. systems according to claim 18, is characterized in that, described terminal in non-contact communication mode from described intelligenceCard obtains described authentication password.
21. systems according to claim 19, is characterized in that, described terminal is described aobvious by the described smart card of scanningShow that bar code or picture that module shows obtain described authentication password.
22. according to the system described in claim 18 or 19, it is characterized in that, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password receiving and/or confirm instruction, triggers described display module and shows that described associating is closeCode, bar code or picture.
23. according to the system described in claim 18 or 19, it is characterized in that, described transceiver module is sending described signature reportLiterary composition is to after described terminal, also disconnects and being connected of described terminal;
Described display module disconnects with after being connected of described terminal at described transceiver module, also shows described transaction message.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310070783.6A CN103136664B (en) | 2013-03-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
| PCT/CN2014/071657 WO2014121721A1 (en) | 2013-02-06 | 2014-01-28 | Smart card with electronic signature function, and smart card transaction system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310070783.6A CN103136664B (en) | 2013-03-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103136664A CN103136664A (en) | 2013-06-05 |
| CN103136664B true CN103136664B (en) | 2016-05-18 |
Family
ID=48496467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310070783.6A Active CN103136664B (en) | 2013-02-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103136664B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014121721A1 (en) * | 2013-02-06 | 2014-08-14 | 天地融科技股份有限公司 | Smart card with electronic signature function, and smart card transaction system and method |
| EP2827291A1 (en) * | 2013-07-19 | 2015-01-21 | Gemalto SA | Method for securing a validation step of an online transaction |
| CN103973455B (en) * | 2014-05-28 | 2018-09-18 | 天地融科技股份有限公司 | A kind of information interacting method |
| CN103986581B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of information interaction system |
| CN103984906B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of electronic key equipment of no button |
| CN105471580B (en) * | 2014-09-11 | 2021-12-24 | 苏州海博智能系统有限公司 | Signature rechecking method and device |
| CN105488674A (en) * | 2014-09-26 | 2016-04-13 | 苏州海博智能系统有限公司 | Method and system for carrying out secure transaction by using wireless security device, and server |
| CN104268780A (en) * | 2014-10-21 | 2015-01-07 | 中国建设银行股份有限公司 | Trade order confirmation method and device and server |
| CN104318440A (en) * | 2014-11-06 | 2015-01-28 | 苏州海博智能系统有限公司 | IC card |
| CN105654294A (en) * | 2015-06-19 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Safety authentication method, apparatus and mobile terminal thereof |
| CN105069620B (en) * | 2015-07-23 | 2018-08-07 | 黄秀开 | A kind of transaction privacy system of smart mobile phone |
| CN105117906B (en) * | 2015-07-23 | 2018-10-09 | 黄秀开 | A kind of smart mobile phone on-line payment security system that can be confirmed from outside |
| CN105139195B (en) * | 2015-07-23 | 2018-09-25 | 黄秀开 | A kind of security system of smart mobile phone |
| CN105069613B (en) * | 2015-07-23 | 2018-09-25 | 黄秀开 | A kind of on-line payment security system of smart mobile phone |
| CN105653925B (en) * | 2016-02-04 | 2019-04-26 | 操明立 | Network trading authentication method, system and smart card |
| CN106100850B (en) * | 2016-06-17 | 2019-07-05 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method and system based on two dimensional code |
| CN106131037A (en) * | 2016-07-25 | 2016-11-16 | 四川易想电子商务有限公司 | A kind of internet trade method |
| CN107346383B (en) * | 2016-09-09 | 2019-12-10 | 天地融科技股份有限公司 | authorization method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856970B1 (en) * | 2000-09-26 | 2005-02-15 | Bottomline Technologies | Electronic financial transaction system |
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN201757903U (en) * | 2010-06-25 | 2011-03-09 | 北京天地融科技有限公司 | Usb key device |
| CN102609750A (en) * | 2012-02-15 | 2012-07-25 | 东信和平智能卡股份有限公司 | Intelligent card provided with input device and output device |
-
2013
- 2013-03-06 CN CN201310070783.6A patent/CN103136664B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856970B1 (en) * | 2000-09-26 | 2005-02-15 | Bottomline Technologies | Electronic financial transaction system |
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN201757903U (en) * | 2010-06-25 | 2011-03-09 | 北京天地融科技有限公司 | Usb key device |
| CN102609750A (en) * | 2012-02-15 | 2012-07-25 | 东信和平智能卡股份有限公司 | Intelligent card provided with input device and output device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103136664A (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103136664B (en) | There is smart card transaction system and the method for electronic signature functionality | |
| CN203242029U (en) | An intelligent card containing an electronic signature function and an intelligent card transaction system | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN101828357B (en) | Credential provisioning method and device | |
| CN106656510B (en) | A kind of encryption key acquisition methods and system | |
| CN107896147B (en) | Method and system for negotiating temporary session key based on national cryptographic algorithm | |
| CN103220148B (en) | The method of electronic signature token operation response request, system and electronic signature token | |
| CN104243451B (en) | A kind of information interacting method, system and intelligent cipher key equipment | |
| CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
| CN103208151B (en) | Process the method and system of operation requests | |
| CN106162537B (en) | A kind of method, wireless telecom equipment and the terminal of safety certification connection | |
| CN103401844A (en) | Operation request processing method and system | |
| CN103516525A (en) | Dynamic password generation method and system | |
| CN103198401B (en) | There is smart card method of commerce and the system of electronic signature functionality | |
| CN104243162A (en) | Information interaction method and system and smart key equipment | |
| CN103996117A (en) | Safety mobile phone | |
| CN106027250A (en) | Identity card information safety transmission method and system | |
| CN103366278A (en) | Method and system for processing operation request | |
| CN103136665A (en) | Method and system of network transaction | |
| CN103136667B (en) | There is the smart card of electronic signature functionality, smart card transaction system and method | |
| CN103813333A (en) | Data processing method based on negotiation keys | |
| EP3113407B1 (en) | Client device with certificate and related method | |
| CN103973455A (en) | Information interaction method | |
| CN203338403U (en) | Intelligent card transaction system with an electronic signature function | |
| CN103716328A (en) | Operation request processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |