CN105913254A - Trade method and trade system of electronic signature device, and electronic signature device - Google Patents
Trade method and trade system of electronic signature device, and electronic signature device Download PDFInfo
- Publication number
- CN105913254A CN105913254A CN201610178222.1A CN201610178222A CN105913254A CN 105913254 A CN105913254 A CN 105913254A CN 201610178222 A CN201610178222 A CN 201610178222A CN 105913254 A CN105913254 A CN 105913254A
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- unit data
- signature equipment
- data bag
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Abstract
The invention provides a trade method and trade system of an electronic signature device, and an electronic signature device. The trade method comprises the following steps: a first electronic signature device receiving a trade request sent by a second electronic signature device, wherein the trade request at least comprises a trade sum; the first electronic signature device obtaining at least one second unit data packet from a security chip, wherein each second unit data packet represents one currency face value among multiple currency face values, the total of the currency face values represented by the at least one second unit data packet is equal to the trade sum, and the second unit data packet comprises second unit data and data obtained by a server through signing the second unit data; and the first electronic signature device sending the at least one second unit data packet to the second electronic signature device. By use of the technical scheme provided by the invention, secure offline electronic trade can be realized.
Description
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to the method for commerce of a kind of electronic signature equipment, transaction system and electricity
Sub-signature device.
Background technology
In existing electronic transaction, the fund of user is deposited in the account in digital form, such as: user holds the money of 100 yuan
Gold, this fund is stored in the user account of bank server in digital form, and after 10 yuan when customer consumption, bank takes
Business device needs the fund 100 in user account to be rewritten as 90, to complete the clearance of account.In order to ensure the safety of fund numerical value,
After bank server rewrites numerical value, revised fund numerical value 90 be signed.Because user is traded rear account every time
Amount of money numerical value in family all can change, so bank server to process for the numerical value after variation every time.Namely
Saying, existing electronic transaction bank server to be relied on, the electronic transaction needs that user is carried out and bank server are carried out in real time
Synchronize, it is impossible to realize many off-line transactions of complete independently in the case of not networking.
Summary of the invention
It is contemplated that at least solve one of the problems referred to above.
Present invention is primarily targeted at the method for commerce that a kind of electronic signature equipment is provided.
Another object of the present invention is to provide a kind of electronic signature equipment.
A further object of the present invention is to provide a kind of transaction system.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
Scheme 1, the method for commerce of a kind of electronic signature equipment, including: the first electronic signature equipment receives the second electronic signature
The transaction request that equipment sends, wherein, described transaction request at least includes: dealing money;Described first electronic signature equipment from
The safety chip of described first electronic signature equipment obtains at least one second unit data bag, wherein, each second units
Representing a kind of currency denomination in multiple currency denomination according to bag, described each second unit data bag at least includes: the second units
Described second unit data signed the 3rd signed data obtained according to, server;At least one second unit data bag institute described
The summation of the currency denomination represented is equal to described dealing money;Described first electronic signature equipment is by least one second unit described
Packet sends to described second electronic signature equipment.
Scheme 2, according to the method for commerce described in scheme 1, described first electronic signature equipment is by least one second unit described
Packet sends after described second electronic signature equipment, and described method also includes: described first electronic signature equipment is deleted and obtained
At least one the second unit data bag described taken.
Scheme 3, according to the method for commerce described in scheme 1, described first electronic signature equipment is by least one second unit described
Packet sends extremely described second electronic signature equipment, including: described first electronic signature equipment is at least one second list described
Bit data bag is encrypted, and obtains at least one the 3rd unit data bag, and is sent by least one the 3rd unit data bag described
To described second electronic signature equipment.
Scheme 4, according to the method for commerce described in scheme 3, described first electronic signature equipment is at least one second unit described
Packet is encrypted, including: described first electronic signature equipment utilizes the PKI of described second electronic signature equipment at least to often
The second unit data in individual second unit data bag is encrypted.
Scheme 5, according to the method for commerce described in scheme 4, in described first electronic signature equipment, at least one is second single to described
After bit data bag is encrypted, described method also includes: described first electronic signature equipment is coated with each 3rd unit data
Cover described each second unit data bag of storage in described safety chip.
Scheme 6, according to the method for commerce described in scheme 3, described first electronic signature equipment is at least one second unit described
Packet is encrypted, including: described first electronic signature equipment utilizes close with the symmetry that described second electronic signature equipment associates
The second unit data in described each second unit data bag is at least encrypted by key.
Scheme 7, according to the method for commerce described in scheme 6, in described first electronic signature equipment, at least one is second single to described
After bit data bag is encrypted, described method also includes: described first electronic signature equipment is coated with each 3rd unit data
Cover described each second unit data bag of storage in described safety chip, and delete described symmetric key.
Scheme 8, according to the method for commerce described in scheme 6 or 7, described symmetric key be and described second electronic signature equipment close
The XOR factor of connection;It is the most right with the symmetric key that described second electronic signature equipment associates that described first electronic signature equipment utilizes
The second unit data in described each second unit data bag is encrypted, including: described first electronic signature equipment utilizes institute
State the XOR factor and at least the second unit data in described each second unit data bag is carried out XOR.
Scheme 9, according to the method for commerce described in any one of scheme 1 to 8, described transaction request at least includes: described second electricity
The device identification of sub-signature device.
Scheme 10, according to the method for commerce described in scheme 9, described first electronic signature equipment is from described first electronic signature equipment
Safety chip in obtain at least one second unit data bag before, described method also includes: described first electronic signature equipment
Point out described dealing money and the device identification of described second electronic signature equipment to holding user, and hold user described in receiving
Confirmation.
Scheme 11, according to the method for commerce described in scheme 9, each described 3rd unit data bag also includes: described second electronics
The device identification of signature device.
Scheme 12, according to the method for commerce described in scheme 11, described in obtain at least one the 3rd unit data bag, including institute
State the first electronic signature equipment the device identification of described second electronic signature equipment to be added in each described 3rd unit data bag.
Scheme 13, according to the method for commerce described in any one of scheme 1 to 12, described second unit data bag includes: packet
Mark.
Scheme 14, according to the method for commerce described in scheme 13, described package identification is that described first electronic signature equipment is from institute
State the package identification that described each second unit data bag of the second electronic signature equipment acquisition is corresponding;Or, described packet
It is designated described first electronic signature equipment and obtains package identification initial value, based on described number from described second electronic signature equipment
According to bag mark initial value, and calculate according to total number of the second unit data bag being sent to described second electronic signature equipment
The package identification that described each second unit data bag of arriving is corresponding.
Scheme 15, according to the method for commerce described in scheme 13 or 14, described first electronic signature equipment by described at least one
Second unit data bag sends after described second electronic signature equipment, and described method also includes: described first electronic signature sets
The standby repeating transmission request receiving described second electronic signature equipment, and retransmit request retransmission of information is sent to the most described the according to described
Two electronic signature equipment, wherein, at least include device identification and/or the institute of described second electronic signature equipment in described repeating transmission request
State the package identification that each second unit data bag is corresponding.
Scheme 16, according to the method for commerce described in scheme 15, described retransmission of information includes at least one second unit data described
Bag.
Scheme 17, according to the method for commerce described in scheme 15, described retransmission of information includes that described second electronic signature equipment is not received
The the second unit data bag arrived.
Scheme 18, according to the method for commerce described in any one of scheme 4 to 17, described second unit data at least includes: currency
Identification information, or, currency sequence number and currency denomination data;Described second unit data bag includes at least one of: distribution
Bank identifier and bank certificate sequence number.
Scheme 19, according to the method for commerce described in any one of scheme 1 to 18, described first electronic signature equipment by described extremely
A few second unit data bag sends after described second electronic signature equipment, and described method also includes: described first electronics
Its account amount of money is deducted described dealing money and obtains current account balance by signature device, shows described dealing money to holding user
And/or current account balance.
Scheme 20, according to the method for commerce described in any one of scheme 15 to 19, the safety chip of described first electronic signature equipment
At least one the 3rd unit data bag described, for storing the memory space of at least one the 3rd unit data bag described, is deposited by distribution
It is stored in the described memory space of correspondence;Request is retransmitted by retransmission of information transmission extremely according to described in described first electronic signature equipment
After described second electronic signature equipment, described method also includes: described first electronic signature equipment receives described second electronics
The successful confirmation of reception that signature device returns, described first electronic signature equipment will store before described at least one the 3rd
The status word of the memory space of unit data bag is revised as transaction and completes, or is emptied by described memory space.
Scheme 21, a kind of electronic signature equipment, described electronic signature equipment includes: acquisition module, is used for receiving opposite end electronics label
The transaction request that name equipment sends, wherein, described transaction request at least includes: dealing money;Security module, is used for being obtained from
At least one second unit data bag that body stores, wherein, each second unit data bag represents the one in multiple currency denomination
Currency denomination, described each second unit data bag at least includes: the second unit data, server are to described second unit data
The 3rd signed data that signature obtains;The summation of at least one currency denomination representated by the second unit data bag described is equal to described
Dealing money;Communication module, for sending at least one second unit data bag described to described opposite end electronic signature equipment.
Scheme 22, according to the electronic signature equipment described in scheme 21, described security module, be additionally operable to described communication module will
At least one second unit data bag described sends to after the electronic signature equipment of described opposite end, delete obtain described at least one
Second unit data bag.
23, according to the electronic signature equipment described in scheme 21, described communication module, for by least one second units described
Extremely described opposite end electronic signature equipment is sent according to bag, including: described communication module, at least one second units described
It is encrypted according to bag, obtains at least one the 3rd unit data bag, at least one the 3rd unit data bag described is sent to described
Opposite end electronic signature equipment.
Scheme 24, according to the electronic signature equipment described in scheme 23, described communication module, for described at least one second
Unit data bag is encrypted, including: described communication module is the most right for the PKI utilizing described opposite end electronic signature equipment
The second unit data in each second unit data bag is encrypted.
Scheme 25, according to the electronic signature equipment described in scheme 24, described security module, be additionally operable in described communication module pair
After at least one second unit data bag described is encrypted, with each 3rd unit data cladding lid self storage described often
Individual second unit data bag.
26, according to the electronic signature equipment described in scheme 23, described communication module, at least one second units described
It is encrypted according to bag, including: described communication module, for utilizing the symmetric key associated with described opposite end electronic signature equipment extremely
Less the second unit data in described each second unit data bag is encrypted.
Scheme 27, according to the electronic signature equipment described in scheme 26, described security module, be additionally operable in described communication module pair
After at least one second unit data bag described is encrypted, with each 3rd unit data cladding lid self storage described often
Individual second unit data bag, and delete described symmetric key.
Scheme 28, according to the electronic signature equipment described in scheme 26 or 27, described symmetric key is for sign electronically with described opposite end
The XOR factor of equipment association;Described communication module, for utilizing the symmetric key associated with described opposite end electronic signature equipment extremely
Less the second unit data in described each second unit data bag is encrypted, including: described communication module, it is used for utilizing
The described XOR factor at least carries out XOR to the second unit data in described each second unit data bag.
Scheme 29, according to the electronic signature equipment described in any one of scheme 21 to 28, described transaction request at least includes: described
The device identification of opposite end electronic signature equipment.
Scheme 30, according to the electronic signature equipment described in scheme 29, described electronic signature equipment also includes: interactive module, use
In pointing out described dealing money and the device identification of described opposite end electronic signature equipment to holding user, and hold use described in receiving
The confirmation at family.
Scheme 31, according to the electronic signature equipment described in scheme 29, each described 3rd unit data bag also includes: described right
The device identification of end electronic signature equipment.
Scheme 32, to go the electronic signature equipment described in 31, described security module according to power, be additionally operable to described opposite end electricity
The device identification of sub-signature device is added in each described 3rd unit data bag.
Scheme 33, according to the electronic signature equipment described in any one of scheme 21 to 32, described second unit data bag includes: number
According to bag mark.
Scheme 34, according to the electronic signature equipment described in scheme 33, described package identification is that described electronic signature equipment is from institute
State the package identification that described each second unit data bag of opposite end electronic signature equipment acquisition is corresponding;Or, described packet
It is designated described electronic signature equipment and obtains package identification initial value from described opposite end electronic signature equipment, based on described packet
Mark initial value, and the total number according to the second unit data bag being sent to described opposite end electronic signature equipment is calculated
The package identification that described each second unit data bag is corresponding.
Scheme 35, according to the electronic signature equipment described in scheme 33 or 34, described acquisition module, be additionally operable to receive described opposite end
The repeating transmission request of electronic signature equipment;Described communication module, is additionally operable to retransmit request by retransmission of information transmission to the most described according to described
Opposite end electronic signature equipment, wherein, described retransmit request at least include described opposite end electronic signature equipment device identification and/
Or the package identification that described each second unit data bag is corresponding.
Scheme 36, according to the electronic signature equipment described in scheme 35, described retransmission of information includes at least one second unit described
Packet.
Scheme 37, according to the electronic signature equipment described in scheme 35, described retransmission of information includes described opposite end electronic signature equipment
Unreceived second unit data bag.
Scheme 38, according to the electronic signature equipment described in any one of scheme 24 to 37, described second unit data at least includes:
Currency denomination data, or, currency sequence number and currency denomination data;Described second unit data bag includes at least one of:
Bank of issue's mark and bank certificate sequence number.
Scheme 39, according to the electronic signature equipment described in any one of scheme 30 to 38, described security module, be additionally operable to described
The account amount of money of electronic signature equipment deducts described dealing money and obtains current account balance;Described interactive module, is additionally operable to holding
User is had to show described dealing money and/or current account balance.
Scheme 40, according to the electronic signature equipment described in any one of scheme 35 to 39, described security module, be used for distributing storage
The memory space of at least one the 3rd unit data bag described, is stored in the institute of correspondence by least one the 3rd unit data bag described
State in memory space;Described acquisition module, is additionally operable to retransmit request by retransmission of information transmission extremely in described communication module according to described
After the electronic signature equipment of described opposite end, receive the successful confirmation of reception that described opposite end electronic signature equipment returns;Institute
Stating security module, the status word being additionally operable to the memory space by storing at least one the 3rd unit data bag described before is revised as handing over
It is readily accomplished, or described memory space is emptied.
Scheme 41, a kind of transaction system, including the first electronic signature equipment and the second electronic signature equipment, wherein: described the
One electronic signature equipment uses the electronic signature equipment as described in any one of scheme 21 to 40;Described second electronic signature equipment,
For to described first electronic signature equipment send described transaction request, and from described first electronic signature equipment receive described at least
One the second unit data bag, is stored at least one second unit data bag described in safety chip.
As seen from the above technical solution provided by the invention, the invention provides a kind of electronic signature equipment method of commerce,
Transaction system and a kind of electronic signature equipment.Use the present invention provide technical scheme, the fund of user with at least one second
The form of unit data bag is stored in the electronic signature equipment of user.User is when consumption, because fund is no longer with numerical value
Form is stored in electronic signature equipment, so electronic signature equipment need not by the remaining sum numerical value in server change account,
Only need the one or more second unit data bags meeting spending amount are sent to beneficiary, thus, electronic signature equipment
When carrying out electronic transaction with other electronic signature equipment, it is no longer necessary to relying on server to carry out networking and pay, server no longer needs
Electronic signature equipment supervised, thus to realize off line electronic transaction veritably.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing used in embodiment being described below
It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The flow chart of the method for commerce of the electronic signature equipment that Fig. 1 provides for the embodiment of the present invention 1;
The structural representation of the transaction system that Fig. 2 provides for the embodiment of the present invention 2.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,
Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention
Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into
Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",
Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base
In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute
The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention
Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ",
" connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible
It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two
The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition
In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
The flow chart of the method for commerce of a kind of electronic signature equipment that Fig. 1 provides for the present embodiment.As it is shown in figure 1, this counterparty
Method comprises the following steps S11~S13:
Step S11, the first electronic signature equipment receives the transaction request that the second electronic signature equipment sends, and wherein, transaction please
Ask and at least include: dealing money;
In the present embodiment, the first electronic signature equipment and the second electronic signature equipment can carry out off-line transaction (i.e. without with clothes
Business device has been networked transaction), both of which can be the electronic equipment with signature function, such as, has the smart card of signature function
U-shield of (mass transit card, bank card, purchase card etc.), industrial and commercial bank etc..In a kind of optional embodiment of the present embodiment,
First electronic signature equipment and the second electronic signature equipment all can be provided with wireline interface or wave point, and the first electronic signature equipment can
With by wired or wireless connected mode with second electronic signature equipment set up communication connection, wherein, radio connection include but
It is not limited to: bluetooth, NFC or WIFI.Certainly, the first electronic signature equipment can also be by wired or wireless connection
Mode is set up with external equipment and is connected, and receives transaction request, the second electronic signature by external equipment from the second electronic signature equipment
Equipment can also be connected with external equipment foundation by wired or wireless connected mode, transaction request is sent extremely by external equipment
First electronic signature equipment, wherein, external equipment includes but not limited to: mobile phone, PC or panel computer etc. can carry out communication
Electronic equipment.Thus, the transaction request of the other side can be directly received between two electronic signature equipment, and then perform follow-up friendship
Easily flow process, it is not necessary to obtain the transaction request of the other side with background server networking again, perform follow-up transaction flow, it is possible to realize true
Off-line transaction in positive meaning.
Such as, user is at market shopping, and when needs pay, the second electronic signature equipment of market cashier can be to the of user
One electronic signature equipment sends and carries the transaction request of dealing money, and this dealing money is that user does shopping the amount of money needing to pay,
So that the first electronic signature equipment sends the second unit data bag (i.e. first corresponding with dealing money to the second electronic signature equipment
The summation of the currency denomination of the second unit data bag that electronic signature equipment sends is equal to dealing money), two electronic signature equipment are all
Can be completely independent, without networking equipment, such as just can realize above-mentioned transaction between two cards, it is achieved off-line transaction,
Conclude the business simple and efficient.
In order to improve the security of data transmission between two electronic signature equipment further, before step S11, in this enforcement
In a kind of optional embodiment of example, the first electronic signature equipment can set up escape way with the second electronic signature equipment, at this
In the method flow that embodiment provides, it is possible to use escape way carries out data transmission.Such as, the second electronic signature equipment is permissible
Transaction request is encrypted and obtains transaction request ciphertext M1 by the PKI utilizing the first electronic signature equipment, the first electronic signature equipment
Receive transaction request ciphertext M1 that the second electronic signature equipment sends, and utilize own private key that transaction request ciphertext M1 is solved
Close obtain transaction request in plain text;The most such as, the second electronic signature equipment can also utilize and consult to obtain with the first electronic signature equipment
Arranging key transaction request be encrypted obtain ciphertext M2, the first electronic signature equipment receives the second electronic signature equipment and sends
Transaction request ciphertext M2, and utilize the arranging key of correspondence that transaction request ciphertext M2 is decrypted to obtain transaction request in plain text.
Certainly, the first electronic signature equipment and the second electronic signature equipment can set up the peace for transmitting data in the way of using other
Full tunnel, thus can improve the security of data transmission between the first electronic signature equipment and the second electronic signature equipment.
Step S12, the first electronic signature equipment obtains at least one second unit from the safety chip of the first electronic signature equipment
Packet;
Wherein, each second unit data bag represents a kind of currency denomination in multiple currency denomination, each second unit data bag
At least include: the 3rd signed data that the second unit data signature is obtained by the second unit data, server;This at least one
The summation of the currency denomination representated by two unit data bags is equal to dealing money.
In the present embodiment, each second unit data bag represents a kind of currency denomination in multiple currency denomination, say, that goods
Coin face amount has multiple, and when the first electronic signature equipment only obtains a second unit data bag from its safety chip, this is the years old
Two unit data bags only represent a kind of currency denomination therein.When the first electronic signature equipment obtains multiple from its safety chip
During two unit data bags, multiple second unit data bags can represent multiple different currency denomination, such as, the second unit data
The number of bag is 3, each second unit data bag respectively representative money face amount 1 yuan, 2 yuan and 5 yuan;Or, multiple
Second unit data bag can represent identical currency denomination, and such as, the number of the second unit data bag is 3, and each second
Unit data bag equal representative money face amount 1 yuan;Again or, the currency denomination representated by multiple second unit data bags both included
The identical currency denomination also including differing, such as, the number of the second unit data bag is 3, each second unit data
Bag respectively representative money face amount 1 yuan, 1 yuan and 2 yuan.Thus, the first electronic signature equipment obtains from its safety chip
At least one currency denomination representated by the second unit data bag has combination flexibly.
In a kind of optional embodiment of the present embodiment, the first electronic signature equipment is provided with safety chip, this safety chip
Inside has independent processor and memory cell, can store PKI digital certificate and key, and other characteristics, logarithm
According to carrying out encryption and decryption computing, provide the user data encryption and identification safety authentication service, in the present embodiment, the first electronic signature
Equipment can be by from background server (as bank server or market shopping supplement the third-party server such as server with money) or from it
The second unit data bag that his electronic signature equipment receives is stored in safety chip, due in the memory cell of safety chip
Data can not illegally be read, and thus can ensure that the security storing data in memory cell.
In a kind of optional embodiment of the present embodiment, each second unit data bag at least includes: the second unit data, clothes
The 3rd signed data that described second unit data signature is obtained by business device.As the optional embodiment of one, server includes
Bank server or third-party server, such as, third-party server can be the purchase card stored value server in certain market.Service
Device can utilize the private key of self to sign the second unit data in each second unit data bag respectively, obtains with each
The 3rd signed data that second unit data bag is corresponding.At least one is carried the second units of the 3rd signed data by server
Sending to the first electronic signature equipment according to bag, thus, the first electronic signature equipment or other electronic signature equipment can utilize service
3rd signed data is verified by the PKI of device, thus verifies the authenticity of the second unit data bag.
In a kind of optional embodiment of the present embodiment, the second unit data in the second unit data bag at least includes: currency
Identification information, or, currency sequence number and currency denomination data.Wherein, currency denomination data are representated by the second unit data bag
Currency denomination, identify the currency denomination representated by the second unit data bag with this, each second unit data of currency serial number
The unique serial number of bag, the most different currency sequence numbers in the second unit data bag is different.Thereby, it is possible to ensure each second
The uniqueness of unit data bag, in order to recognize the true and false of the second unit data bag.As the optional embodiment of one, second
Unit data bag the most also includes one below: the bank of issue identifies and bank certificate sequence number.Wherein, the bank of issue is designated and sends out
The identification information of the bank of this second unit data bag of row, as a example by server is as bank server, bank server utilizes self
Private key carry out signing and refer to that bank server obtains corresponding private key according to bank of issue's mark and bank certificate sequence number, utilization this
Private key is signed.Thus, the first electronic signature equipment can inquire the relevant information of the bank of issue of correspondence according to this mark,
And, the first electronic signature equipment can obtain the bank of the corresponding bank of issue according to bank of issue's mark with bank certificate sequence number
Certificate, includes the PKI of the bank of issue in bank certificate, in order to follow-up first electronic signature equipment or the second electronic signature set
For utilizing the PKI of the bank of issue, the signature of the second unit data is completed checking.
In the present embodiment, the first electronic signature equipment, can be from certainly after receiving the transaction request that the second electronic signature equipment sends
The account balance of body is deducted the dealing money of the second electronic signature equipment request, and is that the second electronic signature equipment issues currency face
The summation of value, equal at least one second unit data bag of dealing money, receives these the second lists in the second electronic signature equipment
Bit data bag, after transferring accounts successfully, just completes off-line transaction, and the first electronic signature equipment need not network just with server again
Transfer accounts (will the second unit data bag be transmitted to the second electronic signature equipment) can to the second electronic signature equipment.Each second is single
Currency denomination representated by bit data bag can be the same or different, and the first electronic signature equipment is sent to the second electronic signature and sets
The number of the second standby unit data bag and each currency denomination representated by the second unit data bag can be by the first electronic signatures
Equipment determines according to dealing money, it is also possible to inform the first electronic signature by the second electronic signature equipment after being determined according to dealing money
Equipment, such as, as the optional embodiment of the one in the present embodiment, in the transaction request that the second electronic signature equipment sends also
Kind and the number of required second unit data bag can be carried.It is single that the former the first electronic signature equipment can realize second flexibly
Issuing of bit data bag, the latter can meet the user of the second electronic signature equipment to the number of the second unit data bag and face amount
Demand.In a kind of optional embodiment of the present embodiment, each second unit data bag represents in multiple currency denomination
Kind of currency denomination, such as, the currency denomination representated by the second unit data bag includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20
Unit, 50 yuan and 100 yuan, certainly, if following country has issued new currency denomination or in addition to making by RMB
Other regional, national currency denominations fall within protection scope of the present invention, only illustrate with RMB face amount in the present embodiment
Explanation.Such as, the first electronic signature equipment receives the transaction request that the second electronic signature equipment sends, wherein, transaction request bag
The dealing money included is 10 yuan, the first electronic signature equipment to second electronic signature equipment send 5 the second unit data bags, 5
Currency denomination representated by individual second unit data bag is respectively 1 yuan, 1 yuan, 1 yuan, 2 yuan and 5 yuan, 5 the second units
Summation according to the currency denomination representated by bag is 10 yuan, equal with dealing money.Certainly, when the dealing money that transaction request includes
When being 10 yuan, the first electronic signature equipment can also send 10 to the second electronic signature equipment and represent the of 1 yuan of currency denomination
Two unit data bags, or, 2 the second unit data bags representing 5 yuan of currency denominations, or, 1 represents 10 yuan of currency
Second unit data bag of face amount.It is to say, the currency denomination representated by the second electron unit monetary data bag is permissible with number
Flexible combination, it is only necessary to the summation making at least one currency denomination representated by the second unit data bag of transmission equal to dealing money is
Can, the most only as a example by dealing money is 10 yuan, identical for other amount of money Numerical Principles, the most no longer illustrate.Thus,
The number of the second unit data bag is determined according to dealing money in the first electronic signature equipment, and each the second unit data bag institute
In the case of the amount of money represented, the first electronic signature equipment can realize issuing of the second unit data bag flexibly, can have various
Combination;The number of the second unit data bag, and each second units is determined according to dealing money in the second electronic signature equipment
In the case of the currency denomination representated by bag, can be by the goods representated by the second unit data bag of the number of request and correspondence
Coin face amount sends to the first electronic signature equipment, thus can meet the user of the second electronic signature equipment to the second unit data bag
Number and the demand of currency denomination.
Second electronic signature equipment is determined to the number of the second unit data bag, and each second units according to dealing money
According to the situation of the currency denomination representated by bag, the safety chip of the first electronic signature equipment does not probably store the second electronics
The second unit data bag corresponding to currency denomination of signature device request or the number of the number deficiency request of storage, as this reality
Executing the optional embodiment of the one in example, the first electronic signature equipment can send information to the second electronic signature equipment, should
Information may include that the information that the second unit data bag does not exists or number is not enough of corresponding currency denomination, the second electronics
Signature device can change the combination plan of the currency denomination representated by the second electron unit monetary data bag and number according to dealing money
Slightly, or, the first electronic signature equipment change the currency face representated by the second electron unit monetary data bag according to dealing money
Value and the combined strategy of number.Such as, the first electronic signature equipment receives the second electronic signature equipment and transfers accounts the transaction request of 10 yuan,
And ask to send 5 the second unit data bags (calling 2 metadata bags in the following text) representing 2 yuan, but the first electronic signature equipment only has 4
Individual 2 metadata bags, then send only 42 metadata bags, not enough the proposing of 2 metadata bag numbers to the second electronic signature equipment
Showing information, now, the second electronic signature equipment can change combined strategy, such as, returns request to the first electronic signature equipment
Send 42 metadata bags, the response of 21 metadata bags, or, the first electronic signature equipment is to the second electronic signature
After equipment sends information, receive the confirmation response of the second electronic signature equipment, then the first electronic signature equipment can be the most true
Fixed a kind of combined strategy, such as, sends 42 metadata bags, 21 metadata bags to the second electronic signature equipment, by
This, the number of the second unit data bag solving in the safety chip of the first electronic signature equipment storage is not enough or non-existent problem.
Additionally, in the specific implementation, there is also the second unit data bag institute of storage in the safety chip of the first electronic signature equipment
The currency denomination represented cannot piece together out the problem of above-mentioned at least one the second unit data bag equal with dealing money, for understanding
Certainly this problem, in a kind of optional embodiment of the present embodiment, the first electronic signature equipment after receiving transaction request,
Before step S12, the method that the present embodiment provides also includes: the first electronic signature equipment sends to the second electronic signature equipment and treats
Small change information, wherein, treat small change information by the first electronic signature equipment according in dealing money and inherently safe chip storage
Currency denomination representated by second unit data bag determines, such as, treats that small change information can include needing the second electronic signature equipment
The currency denomination giving change for change returned.If the second electronic signature equipment storage has and represents this and give the second of change currency denomination for change
Unit data bag, or, storage has the summation of currency denomination to be equal to this second unit data bag, then the second electronics giving change for change
Signature device can return to the first electronic signature equipment and confirm response, i.e. informs that the first electronic signature equipment oneself has small change and uses
The second unit data bag, the first electronic signature equipment after receiving the small change information that the second electronic signature equipment sends, the
One electronic signature equipment obtains at least one second unit data bag, wherein, at least one second unit above-mentioned from safety chip
The summation of the currency denomination representated by packet should be equal to dealing money plus the currency denomination giving change for change.
Such as, dealing money is 7 yuan, and in the safety chip of the first electronic signature equipment, storage has 5 to represent 2 yuan of currency respectively
The second unit data bag (calling 2 metadata bags in the following text) of face amount, then the first electronic signature equipment cannot utilize these 52 metadata bags
Piecing together out 7 yuan of currency denominations, the first electronic signature equipment is pieced together out only with 52 metadata bags of storage in safety chip
With dealing money 7 yuan closest to and more than the currency denomination of dealing money, the i.e. first electronic signature equipment can utilize 42 yuan
Packet pieces together out 8 yuan of currency denominations, in addition it is also necessary to the second electronic signature equipment gives 1 yuan of change for change, i.e. sets in the first electronic signature
After 42 metadata bags are sent to the second electronic signature equipment, the second electronic signature equipment needs to set to the first electronic signature
11 metadata bag (representing the second unit data bag of 1 yuan of currency denomination) of standby return.First electronic signature equipment is to the second electricity
Sub-signature device sends and carries the small change information for the treatment of that change is 1 yuan of giving for change, wherein, treats that small change information is for inquiring the second electronics
Whether signature device can give representative the second unit data bag that currency denomination summation is 1 yuan for change.If the second electronic signature
In the safety chip of equipment, storage has representative the second unit data bag that currency denomination summation is 1 yuan, then to the first electronics label
Name equipment sends small change information, i.e. represents 1 yuan with the return of purpose the first electronic signature equipment or currency denomination summation is 1 yuan
Second unit data bag.First electronic signature equipment, after receiving small change information, obtains 42 yuan of numbers from safety chip
Sending to the second electronic signature equipment according to bag, the second electronic signature equipment can return again to 11 yuan of number of the first electronic signature equipment
According to bag (representing the second unit data bag of 1 yuan of currency denomination).Thus, when cannot piece together out representative currency denomination summation with
During equal the second unit data bag of dealing money, electronic transaction can be completed by small change mechanism so that electronic transaction is more square
Just.
Step S13, at least one second unit data bag above-mentioned is sent to the second electronic signature equipment by the first electronic signature equipment.
In the present embodiment, in order to prevent electronic signature equipment from illegally re-using same second unit data bag, cause the second list
The confusion that bit data packet stream is logical, it is ensured that same second unit data wraps in the uniqueness in payment process, present embodiments provides
One of following at least two mode:
Mode one:
After step s 13, at least one second unit data bag above-mentioned is sent to the second electronics label by the i.e. first electronic signature equipment
After name equipment, the first electronic signature equipment deletes at least one the second unit data bag obtained, owing to the first electronic signature sets
For getting this at least one second unit data bag according to dealing money and sending after the second electronic signature equipment, local
The most also maintain these the second unit data bags sent, can't automatically perform the action deleted, therefore, in the manner,
In order to ensure that the first electronic signature equipment cannot repeat these second unit datas of use, in the first electronic signature equipment by above-mentioned
At least one second unit data bag sends after the second electronic signature equipment, these second lists that meeting Force Deletion has been transmitted across
Bit data bag, and the status word of corresponding memory space is set to vacant.Thus, the first electronic signature equipment can pay
After second unit data bag, the prepaid second unit data bag self stored is deleted, it is ensured that the first electronic signature sets
Standby can not reusing also cannot recover the second unit data bag being transmitted across, and i.e. ensure that same second unit data bag
Uniqueness in payment process.
Mode two:
In step s 13, at least one second unit data bag above-mentioned is sent to the second electronic signature by the first electronic signature equipment
Equipment, including: at least one second unit data bag above-mentioned is encrypted by the first electronic signature equipment, obtain at least one
Three unit data bags, and at least one the 3rd unit data bag above-mentioned is sent to the second electronic signature equipment.Such as, the first electricity
Sub-signature device gets 5 the second unit data bags representing 2 yuan, to each the second unit data packet encryption representing 2 yuan
Obtain 5 the 3rd unit data bags representing 2 yuan.In the present embodiment, the first electronic signature equipment is at least one the second unit
The cryptographic operation that packet is carried out is irreversible operation, i.e. the first electronic signature equipment can be encrypted and be obtained the 3rd unit data bag,
But the second unit data bag can not be obtained, therefore, when at least one obtained the 3rd unit data from the 3rd unit data bag deciphering
When bag covers at least one second unit data bag of correspondence, the first electronic signature equipment only stores the 3rd list of encryption
Bit data bag, owing to the 3rd unit data bag deciphering can not so the second unit data bag cannot be recovered, also cannot by it
Repeat these the second unit data bags of use.
Specifically, as the optional embodiment of one, the first electronic signature equipment is at least one second unit data bag above-mentioned
It is encrypted, including: the first electronic signature equipment utilizes the PKI of the second electronic signature equipment at least to each second unit data
The second unit data in bag is encrypted.As the optional embodiment of another kind, the first electronic signature equipment to above-mentioned at least
One the second unit data bag is encrypted, including: it is right with what the second electronic signature equipment associated that the first electronic signature equipment utilizes
Key is claimed at least the second unit data in each second unit data bag to be encrypted.
Embodiment optional for former, the second electronic signature equipment can be asked in the transaction being sent to the first electronic signature equipment
Also include the PKI of the second electronic signature equipment in asking, or the first electronic signature equipment can obtain the to Third Party Authentication platform
The digital certificate of two electronic signature equipment, preserves the PKI of the second electronic signature equipment in this digital certificate.Thus, the first electricity
Sub-signature device can get the PKI of the second electronic signature equipment.
After at least one second unit data bag above-mentioned is encrypted by the first electronic signature equipment, the first electronic signature equipment
With each second unit data bag of storage in each 3rd unit data cladding lid safety chip.In the present embodiment, with each
In three unit data cladding lid safety chips, each second unit data bag of storage refers to, the first electronic signature equipment is by generation
The memory space of the former second unit data bag that each 3rd unit data bag write is corresponding, replaces the second original unit data
Bag.Such as, the second unit data packet encryption that package identification is 1*** is generated the 3rd unit data bag, and writes this 1***
In corresponding memory space.Thus, the first electronic signature equipment is after carrying out the second unit data bag and paying, for sending
To the second unit data bag of the second electronic signature equipment, the safety chip of the first electronic signature equipment only stores by the second electronics label
The 3rd corresponding unit data bag that name equipment PKI obtains after being encrypted, and the first electronic signature equipment can not have the second electricity
The private key of sub-signature device, therefore the 3rd unit data bag cannot be decrypted by the first electronic signature equipment, it is impossible to recovers
Second unit data bag, also cannot repeat these the second unit data bags of use, it is ensured that same second unit data bag
Uniqueness, and the 3rd unit data bag is the public key encryption utilizing the second electronic signature equipment, so the 3rd unit
Packet only can be decrypted by the second electronic signature equipment (private key that the only second electronic signature equipment has oneself), thus only
There is beneficiary (the i.e. second electronic signature equipment) can have and unencrypted the second unit data bag, other electronics can be used
Even if signature device illegally gets the 3rd unit data bag, also cannot solve because there is no the private key of the second electronic signature equipment
Close the second unit data bag got that can not use, thus ensure that the security that the second unit data packet stream is logical.
Embodiment optional for latter, the symmetric key associated with the second electronic signature equipment by the first electronic signature equipment with
Second electronic signature equipment is held consultation and is obtained.In the first electronic signature equipment, at least one second unit data bag above-mentioned is carried out
After encryption, the first electronic signature equipment each second units of storage in each 3rd unit data cladding lid safety chip
According to bag, and delete this symmetric key.In the present embodiment, each with what each 3rd unit data cladding lid safety chip stored
Second unit data bag refers to, it is single that each 3rd unit data bag generated is write corresponding former second by the first electronic signature equipment
The memory space of bit data bag, replaces the second original unit data bag.Such as, by that package identification is 1*** is second single
Bit data packet encryption generates the 3rd unit data bag, and writes in memory space corresponding to this 1***.Symmetric key is utilized to add at this
In the mode of deciphering, if the first electronic signature equipment also has symmetric key, it is possible to extensive to the 3rd unit data bag deciphering
Appear again the second unit data bag, therefore, in the present embodiment, in the first electronic signature equipment by least one second units above-mentioned
Send after the second electronic signature equipment according to bag, it is necessary to Force Deletion symmetric key, thus, the first electronic signature equipment is being entered
After row the second unit data bag pays, for having been issued to the second unit data bag of the second electronic signature equipment, the first electronics
The safety chip of signature device only stores the 3rd corresponding unit obtained after being utilized symmetric key encryption by the second electronic signature equipment
Packet, and the symmetric key being encrypted use has been deleted due to the first electronic signature equipment, so, the first electronic signature
3rd unit data bag cannot be decrypted by equipment again, it is impossible to recovers the second unit data bag, also cannot repeat and make
With these the second unit data bags, it is ensured that the uniqueness of same second unit data bag, and, this symmetric key only has
One electronic signature equipment and the second electronic signature equipment are known, therefore, the 3rd unit data bag only can be set by the second electronic signature
For being decrypted, thus only beneficiary (the i.e. second electronic signature equipment) can have and unencrypted second can be used single
Bit data bag, even if other electronic signature equipment illegally get the 3rd unit data bag, also because of not this symmetric key
The second unit data bag cannot be got by deciphering, thus ensure that the security that the second unit data packet stream is logical.
In this optional embodiment, as the optional mode of one, symmetric key can be to associate with the second electronic signature equipment
The XOR factor, this XOR factor can be one group of character that the first electronic signature equipment and the second electronic signature equipment consult to obtain
Or the sequence of numeral, it is used for carrying out XOR;Specifically, the first electronic signature equipment utilizes and closes with the second electronic signature equipment
The second unit data in each second unit data bag is at least encrypted by the symmetric key of connection, including: the first electronic signature
The equipment utilization XOR factor at least carries out XOR to the second unit data in each second unit data bag.XOR is also
Belong to a kind of symmetric encryption operation mode, but compare the mode of other symmetric encryption operation, the speed of XOR, thus,
The first electronic signature equipment can be improved the second unit data bag is encrypted the efficiency generating the 3rd unit data bag.
In the present embodiment, the most at least can prevent electronic signature equipment from illegally repeating to make by above several ways
With same second unit data bag, cause the confusion that the second unit data packet stream is logical, it is ensured that same second unit data wraps in
Uniqueness in payment process.Certainly the present embodiment is not precluded from other embodiments, as long as identical technique effect can be reached
?.Furthermore, it is necessary to explanation, in the present embodiment, the second unit data bag can be understood as including: clear-text way and ciphertext
Two kinds of packets of mode, in mode one, the second unit data bag can be understood as the packet do not encrypted, the i.e. second unit
The clear-text way of packet, in mode two, the 3rd unit data bag can be understood as the one of the second unit data bag, and i.e. second
Packet after unit data packet encryption, is i.e. the ciphertext form of the second unit data bag.
Additionally, in mode two, the 3rd unit data bag is ciphertext, it is ensured that the security of transmission data, even and if by other
Equipment is intercepted and captured, it is also difficult to crack, and further increases the security that the second unit data packet stream is logical.Additionally, at the first electronics label
After name equipment receives transaction request, in order to ensure the safety of transaction, in addition it is also necessary to obtain the confirmation of user, follow-up friendship could be performed
Easily operation (step S12-S13), in a kind of optional embodiment of the present embodiment, the friendship that the first electronic signature equipment receives
Easily request at least includes: the device identification of the second electronic signature equipment.Before step S12, the counterparty that the present embodiment provides
Method also includes: the first electronic signature equipment points out dealing money and the device identification of the second electronic signature equipment to holding user, and
Receive the confirmation holding user.In a kind of optional embodiment of the present embodiment, the first electronic signature equipment is from second
The transaction request that electronic signature equipment receives at least includes: the device identification of the second electronic signature equipment.Specifically, second
The device identification of electronic signature equipment can be the sequence number that dispatches from the factory of the second electronic signature equipment, it is also possible to be that the second electronic signature sets
Standby device name, it is also possible to be the second electronic signature equipment name of holding user.By this device identification, user can be true
Whether be trading object that user agree to, dealing money and trading object are all approved by only user if recognizing this second electronic signature equipment
After, user just can select to confirm this transaction, and the confirmation of transaction ensures the safety of this transaction from there through user.
As the optional embodiment of one, the first electronic signature equipment is provided with display screen or loudspeaker, is arranged by self
Display screen shows or reports dealing money and the device identification of the second electronic signature equipment by the speaker sound self arranged;
Or, the first electronic signature equipment is set up with external equipment and is connected, and display screen or loudspeaker by external equipment are to holding user
Prompting dealing money and the device identification of the second electronic signature equipment.Thus, it is possible to facilitate user to confirm Payment Amount and gathering
Side is the most correct.As the optional embodiment of one, the first electronic signature equipment can be provided with confirmation button, Yong Hutong
Cross this confirmation button to confirm.Certainly, the first electronic signature equipment can also arrange confirmation input module, this confirmation
Information entry component specifically may include that PIN code input keyboard or fingerprint input module.Thus, user can be by input PIN
Code or the mode input validation information of fingerprint, while the relevant information of electronic transaction is confirmed, the first electronic signature
The identity holding user can also be verified by equipment, improves the security of electronic transaction further.
In the present embodiment, after step s 13, the second electronic signature equipment is receive that the first electronic signature equipment sends the
After three unit data bags, the 3rd unit data bag deciphering can be obtained the second unit data bag, and calculate the second unit data bag
Whether total amount is equal to the dealing money asked, if less than dealing money, then and can be to the first electronic signature equipment request repeat
Second unit data bag, the first electronic signature equipment can be from the threeth unit data bag corresponding with this second electronic signature equipment
Select partly or entirely to retransmit.After there is many transactions and/or being traded with multiple second electronic signature equipment, first
Electronic signature equipment also needs to add the second electronic signature equipment in the 3rd unit data bag (or second unit data bag)
Device identification associates, and identifies which the 3rd unit data bag belongs to the second electronic signature equipment that this device identification is pointed to this,
To the second corresponding electronic signature equipment retransmission data bag.Therefore, in a kind of optional embodiment of the present embodiment, Mei Ge
Three unit data bags also include: the device identification of the second electronic signature equipment.Specifically, for the mode two in step S13,
At least one second unit data bag above-mentioned is encrypted by the first electronic signature equipment, obtains at least one the 3rd unit data bag,
Including: at least one second unit data bag above-mentioned is encrypted by the first electronic signature equipment, obtains at least one the 3rd unit
After packet, the device identification of the second electronic signature equipment is added in each 3rd unit data bag, such as, the first electronics
Signature device, in the transaction with the second electronic signature equipment that device identification is A**, is generating at least one the 3rd unit
After packet, the device identification of the second electronic signature equipment can be added in each 3rd unit data bag of this transaction
A**, identifies the 3rd unit data bag being sent to the second electronic signature equipment with this.Accordingly, because the first electronic signature equipment
Safety chip in storage each 3rd unit data bag in include the identification information of the second electronic signature equipment, so the
One electronic signature equipment can know the beneficiary (the i.e. second electronic signature equipment) corresponding to each 3rd unit data bag, in order to
In time asking the first electronic signature equipment to be retransmitted in the second electronic signature equipment, the first electronic signature equipment can be according to device identification
The 3rd unit data bag finding this second electronic signature equipment corresponding performs the corresponding operating retransmitted.
Additionally, in the present embodiment, the first electronic signature equipment does not receives receiving the second electronic signature equipment request repeat part
The second unit data bag time, the first electronic signature equipment is sending before retransmission of information to the second electronic signature equipment, in addition it is also necessary to
Determine and specifically need to retransmit which the second unit data bag, therefore, in the present embodiment, the second unit data bag can also include:
Package identification, can uniquely identify a second unit data bag by this package identification.Additionally, in the present embodiment, the
The 3rd unit data bag that the second unit data encryption in second unit data bag is obtained by one electronic signature equipment also can include
This package identification, thus can uniquely identify a 3rd unit data bag.In the present embodiment, the second electronic signature electronics sets
Second unit data bag of standby middle storage and the first electronic signature equipment cover the 3rd unit data bag of the second unit data bag
Package identification is consistent, and therefore the first electronic signature equipment can be by the packet mark of the second electronic signature equipment request repeat
Know the 3rd corresponding unit data bag to retransmit.Wherein, the acquisition mode of this package identification includes multiple, and the present embodiment is only
Citing illustrates, and is specifically including but not limited in the following manner:
Mode one: this package identification is each second units that the first electronic signature equipment obtains from the second electronic signature equipment
According to the package identification that bag is corresponding.
Wherein, package identification includes but not limited to: the second electronic signature equipment utilize count value that its rolling counters forward obtains or
The random number that second electronic signature equipment generates, this package identification can be not only used for the first electronic signature equipment and finds data
The second unit data bag or the 3rd unit data packet retransmission that bag mark is corresponding give the second electronic signature equipment, due also to this packet
Mark is determined by the second electronic signature equipment, is also prevented from Replay Attack by this package identification.
Specifically, the first electronic signature equipment can often send a second unit data bag or the forward direction of the 3rd unit data bag
Second electronic signature equipment obtains a corresponding package identification, it is also possible to sending all second units that dealing money is corresponding
Before packet or the 3rd unit data bag, obtain many numbers of corresponding each second unit data bag from the second electronic signature equipment
According to bag mark, after corresponding package identification is added to this second unit data bag, then by this second unit data bag or will
The 3rd unit data bag that this second unit data bag generates is sent to the second electronic signature equipment.Thus, sign electronically second
The package identification that equipment generates adds to the second unit data bag to be sent, can facilitate the second electronic signature equipment docking
Whether the second unit data bag (deciphering the second unit data bag obtained after i.e. receiving the 3rd unit data bag) received attaches most importance to
Put data to test, and owing to package identification is distributed by the second electronic signature equipment, so the second electronic signature equipment energy
Enough judging whether has been received by the second unit data bag that entire packet mark is corresponding, to judge whether to need to initiate the request of retransmitting.
To prevent Replay Attack for example, when package identification is the random number R 1 that the second electronic signature equipment generates, the first electronics label
Name equipment, before sending a second unit data bag, obtains package identification, i.e. random number R 1 from the second electronic signature equipment,
And the second unit data bag including random number R 1 is sent to the second electronic signature equipment.Second electronic signature equipment can be examined
Test whether the package identification carried in the second unit data bag received is random number R 1, if it is, think and receive
Second unit data bag is legal;Otherwise it is assumed that the second unit data bag received is replay data, then abandon these data.
Thus, it is possible to avoid the second electronic signature equipment to be played out attacking.
Mode two: package identification can also be that the first electronic signature equipment is from the second electronic signature equipment acquisition package identification
Initial value, based on package identification initial value, and according to total of the second unit data bag being sent to the second electronic signature equipment
The package identification that the calculated each second unit data bag of number is corresponding.
In this approach, by the first electronic signature equipment according to package identification initial value and packet number to be sent, really
The package identification of fixed each second unit data bag to be sent, specifically, package identification initial value can be the second electronics
Signature device utilizes the count value that its rolling counters forward obtains.For example, when dealing money is 8 yuan, the first electronic signature
Equipment needs to be sent to three the second unit data bags of the second electronic signature equipment, three the second unit data bag representative moneys respectively
Face amount 1 yuan, 2 yuan and 5 yuan.The package identification initial value that first electronic signature equipment obtains from the second electronic signature equipment is
30, this package identification initial value can be the current data packet that is accumulated by of the rolling counters forward of the second electronic signature equipment
Number adds 1, and such as, before initiating this transaction, the second electronic signature equipment has stored 29 the second unit data bags altogether,
The package identification of these 29 the second unit data bags can be from 1 to 29, then, the next packet received is the most permissible
Start mark from 30, then the first electronic signature equipment is calculated based on package identification initial value 30: represent 1 yuan of currency
The second unit data bag that the package identification corresponding to second unit data bag of face amount is 30, represent 2 yuan of currency denominations is right
The package identification answered is 31 and represents the package identification corresponding to the second unit data bag of 3 yuan of currency denominations is 32,
In the present embodiment, the second electronic signature equipment is after receiving these 3 the second unit data bags, also according to corresponding packet mark
Know and be associated storage.Thus, the first electronic signature equipment only need to be from second electronic signature equipment one package identification of acquisition
Initial value, can calculate each second single flexibly according to the number of the second unit data bag being sent to the second electronic signature equipment
The package identification that bit data bag is corresponding.Thus, the first electronic signature equipment can realize part the second list according to package identification
Bit data bag or the repeating transmission of the 3rd unit data bag, and the second electronic signature equipment can judge receive according to package identification
Whether the second unit data bag is replay data, thus avoids the second electronic signature equipment to be played out attacking.
After step s 13, if the second electronic signature equipment does not receive whole second units that the dealing money of request is corresponding
During packet, in a kind of optional embodiment of the present embodiment, the method that the present embodiment provides also includes: the first electronic signature
Equipment receives the repeating transmission request of the second electronic signature equipment, and sends retransmission of information to the second electronic signature according to the request of retransmitting
Equipment, wherein, retransmits in request and at least includes the device identification of the second electronic signature equipment and/or each second unit data bag pair
The package identification answered, so that the first electronic signature equipment can determine retransmission of information according to this repeating transmission request, retransmission of information is i.e.
Be the first electronic signature equipment select from the 3rd unit data bag that the transaction giving this second electronic signature equipment is corresponding complete
Portion or part packet, to ensure that the second electronic signature equipment obtains whole second unit data bags of a transaction.Need explanation
, as described in the mode two of the uniqueness of packet guaranteed payment, the first electronic signature equipment by above-mentioned at least one
Two unit data packet encryptions obtain at least one the 3rd unit data bag of correspondence, and the first electronic signature equipment is by above-mentioned at least one
Individual 3rd unit data bag sends to the second electronic signature equipment, covers with at least one the 3rd unit data bag above-mentioned
The second corresponding unit data bag, in the present embodiment, can be interpreted as the second units of ciphertext form by the 3rd unit data bag
According to bag.Such as, repeating transmission request includes: the device identification of the second electronic signature equipment and package identification 30, then the first electronics label
The retransmission of information that name equipment sends needs to include by device identification and the package identification 30 including the second electronic signature equipment
The second unit data bag in the second unit data encrypt the 3rd unit data bag that obtains.Thus, the first electronic signature equipment
May determine that the second unit data bag needing to retransmit.
In the present embodiment, as the optional embodiment of one, the second electronic signature equipment can be to the first electronic signature equipment
Whole second unit data bags of request repeat one transaction, as the optional embodiment of another kind, the second electronic signature equipment
Can also the second unit data bag that only request repeat does not receives.For the former, in the repeating transmission request of the second electronic signature equipment
At least include that the device identification of the second electronic signature equipment, the retransmission of information of the first electronic signature equipment include at least one second list
Bit data bag, i.e. retransmits whole second unit data bags that the dealing money of a transaction is corresponding, as the optional mode of one,
This can be sent to the second electronic signature equipment by least one second unit data bag by the first electronic signature equipment with ciphertext form,
Will send to the second electronic signature equipment by least one the 3rd unit data bag, it is possible to understand that retransmission of information herein includes at least
One the 3rd unit data bag;For the latter, the repeating transmission request of the second electronic signature equipment at least includes: unreceived second
The package identification of unit data bag, it is also possible to including: the device identification of the second electronic signature equipment, the first electronic signature equipment
Retransmission of information include the second unit data bag that the second electronic signature equipment does not receives, i.e. retransmit package identification in request and refer to
The the second unit data bag shown, as the optional mode of one, this package identification can be indicated by the first electronic signature equipment
Second unit data bag sends to the second electronic signature equipment with ciphertext form, will the 3rd units of this package identification instruction
Send to the second electronic signature equipment according to bag, it is possible to understand that retransmission of information herein includes the 3rd unit that this package identification indicates
Packet.
For the former, for example, for the transaction of a numbered 1*******, the transaction request of the second electronic signature equipment
In dealing money be 10 yuan, the first electronic signature equipment to second electronic signature equipment send 5 represent 2 yuan of currency faces respectively
Second unit data bag of value, but due to loss of data in transmitting procedure, the second electronic signature equipment only receives 4 generations respectively
Second unit data bag of 2 yuan of currency denominations of table, currency denomination summation is 8 yuan, unequal with dealing money 10 yuan.For this
Transaction, the second electronic signature equipment sends, to the first electronic signature equipment, the request of repeating transmission, at least carries the in this repeating transmission request
The device identification of two electronic signature equipment, after the first electronic signature equipment receives the repeating transmission request that the second electronic signature equipment sends,
This transaction for this second electronic signature equipment can inquire whole 3rd unit data bags of its correspondence, by 5 the 3rd
Unit data bag carries and sends in retransmission of information to the second electronic signature equipment, will 5 represent 2 yuan of currency denominations respectively
Second unit data bag carries with the form of ciphertext and sends to the second electronic signature equipment in retransmission of information.Thus, the first electronics label
Name equipment has the function that response the second electronic signature equipment is retransmitted, to ensure that the second electronic signature equipment can receive electronics and hand over
The most required whole second unit data bags, it is ensured that transaction can smoothly complete.
For the latter, for example, for the transaction of a numbered 1*******, the transaction request of the second electronic signature equipment
In dealing money be 5 yuan, the second electronic signature equipment receive first electronic signature equipment send 2 represent 2 yuan of goods respectively
The second unit data bag (being called for short 2 metadata bags) of coin face amount, and 1 the second unit data bag representing 1 yuan of currency denomination
(being called for short 1 metadata bag), but due to loss of data in transmitting procedure, the second electronic signature equipment only receives 22 metadata
Bag, currency denomination summation is 4 yuan, unequal with dealing money 5 yuan.For this transaction, the second electronic signature equipment is to
One electronic signature equipment send retransmit request, this repeating transmission request at least carry the second electronic signature equipment device identification and
The package identification (package identification of i.e. 1 metadata bag) of unreceived packet or the number of paid-in 2 metadata bags
According to bag mark, after the first electronic signature equipment receives the repeating transmission request that the second electronic signature equipment sends, for these the second electronics label
This transaction of name equipment can inquire the 3rd unit data bag of correspondence, or root according to the package identification of 1 metadata bag
Determine according to the package identification of 42 metadata bags and do not send the 3rd unit that the package identification of successful 1 metadata bag is corresponding
Packet, carries the 3rd corresponding for 1 metadata bag mark unit data bag and sends to the second electronic signature equipment in retransmission of information,
Will carry to send to the second electronic signature in retransmission of information with the form of ciphertext and set by second unit data bag corresponding to package identification
Standby.Thus, unreceived for the second electronic signature equipment the second unit data bag can be resend by the first electronic signature equipment,
Decrease the transmission quantity of retransmission data, it is ensured that the second electronic signature equipment can receive whole second lists needed for electronic transaction
Bit data bag.
In a kind of optional embodiment of the present embodiment, the safety chip distribution of the first electronic signature equipment is for storage at least
The memory space of individual 3rd unit data bag (or second unit data bag), these memory spaces of safety chip can store to
A few second unit data bag, in order to the first electronic signature equipment after the transaction request receiving the second electronic signature equipment from
Safety chip obtains the second unit data bag needed for dealing money, additionally, at least one second unit data bag above-mentioned
After encryption obtains at least one the 3rd unit data bag, at least one the 3rd unit data cladding above-mentioned covers at least one second unit
After data, this at least one the 3rd unit data bag is stored in the memory space of correspondence.In the first electronic signature equipment according to weight
Retransmission of information is sent after the second electronic signature equipment by request of sending out, and the first electronic signature equipment receives the second electronic signature and sets
The standby successful confirmation of reception returned, the first electronic signature equipment will store depositing of at least one the 3rd unit data bag before
The status word in storage space is revised as transaction and completes, or is emptied by memory space, and by the status word amendment of corresponding memory space
For vacant.Wherein, status word is the memory space concluded the business, can be by new data cover.Thus, the first electronics label
Name equipment, after confirming that the second electronic signature equipment receives the whole second unit data bags needed for electronic transaction, can be cleared up
The memory space of safety chip, in order to discharge more memory space, it is ensured that follow-up transaction is smoothed out.
In a kind of optional embodiment of the present embodiment, after step s 13, the first electronic signature equipment is by its account amount of money
Deduct dealing money and obtain current account balance, show dealing money and/or current account balance to holding user.Thus, hold
The user of electronic signature equipment can inquire about dealing money and current account balance on the equipment of oneself.
Using the method for commerce of the electronic signature equipment of the present embodiment offer, the fund of user is with at least one the second unit data bag
Form be stored in first electronic signature equipment of user.User is when consumption, because fund is no longer to deposit with the form of numerical value
It is stored in the first electronic signature equipment, so the first electronic signature equipment need not by the remaining sum numerical value in server change account,
Only need the one or more second unit data bags meeting spending amount are sent to beneficiary, thus, the first electronic signature
Equipment is no longer necessary to rely on server to carry out networking and pays when carrying out electronic transaction with the second electronic signature equipment, and server is no longer
Need electronic signature equipment is supervised, thus realize off line electronic transaction veritably;Additionally, the first electronic signature equipment is sent out
The 3rd unit data bag giving the second electronic signature equipment is ciphertext, further increases the security of electronic transaction;Additionally,
In the second unit data bag, add package identification and the device identification of the second electronic signature equipment, can effectively prevent the
Two electronic signature equipment are played out attacking, and the first electronic signature equipment can be facilitated to determine retransmission of information simultaneously.
Embodiment 2
The structural representation of a kind of transaction system that Fig. 2 provides for the present embodiment.As in figure 2 it is shown, this transaction system includes first
Electronic signature equipment 20 and the second electronic signature equipment 30, wherein, (in the present embodiment, electronic signature sets electronic signature equipment
For being the first electronic signature equipment 20) include acquisition module 201, security module 202 and communication module 203.
Acquisition module 201, (in the present embodiment, opposite end electronic signature equipment is the second electricity to be used for receiving opposite end electronic signature equipment
Sub-signature device 30) transaction request that sends, wherein, described transaction request at least includes: dealing money.Security module 202,
For obtaining at least one second unit data bag that self stores, wherein, each second unit data bag represents multiple currency face
A kind of currency denomination in value, each second unit data bag at least includes: the second unit data, server are to the second units
The 3rd signed data obtained according to signature;The summation of at least one currency denomination representated by the second unit data bag above-mentioned is equal to handing over
The easily amount of money.Communication module 203, for sending at least one second unit data bag above-mentioned to described opposite end electronic signature equipment.
In the present embodiment, the first electronic signature equipment 20 and the second electronic signature equipment 30 can carry out off-line transaction (i.e. without
Need to network transaction with server), both of which can be the electronic equipment with signature function, such as, has signature function
Smart card (mass transit card, bank card, purchase card etc.), the U-shield etc. of industrial and commercial bank.A kind of optional embodiment party of the present embodiment
In formula, acquisition module 201 can include line interface or wave point, and acquisition module 201 can be by wired or wireless connection
Mode sets up communication connection with opposite end electronic signature equipment 30, and wherein, radio connection includes but not limited to: bluetooth, NFC
March into the arena communication or WIFI.Certainly, acquisition module 201 can also be connected with external equipment foundation by wired or wireless connected mode,
Receiving transaction request by external equipment from the second electronic signature equipment 30, the second electronic signature equipment 30 can also be by wired
Or the mode of wireless connection is connected with external equipment foundation, by external equipment, transaction request is sent to the first electronic signature equipment
20, wherein, external equipment includes but not limited to: mobile phone, PC or panel computer etc. can carry out the electronic equipment of communication.Thus,
The transaction request of the other side can be directly received between two electronic signature equipment, and then perform follow-up transaction flow, it is not necessary to again with
Background server networking obtains the transaction request of the other side, performs follow-up transaction flow, it is possible to realize handing under line truly
Easily.
Such as, user is at market shopping, and when needs pay, the second electronic signature equipment 30 of market cashier can be to user's
First electronic signature equipment 20 sends and carries the transaction request of dealing money, and this dealing money is that user's needs of doing shopping pay
The amount of money, in order to the first electronic signature equipment 20 sends second units corresponding with dealing money to the second electronic signature equipment 30
According to wrapping (summation of the currency denomination of the second unit data bag that the i.e. first electronic signature equipment 20 sends is equal to dealing money), two
Individual electronic signature equipment can be completely independent, without networking equipment, such as just can realize above-mentioned friendship between two cards
Easily, it is achieved off-line transaction, conclude the business simple and efficient.
In order to improve the security of data transmission between two electronic signature equipment further, in a kind of optional enforcement of the present embodiment
In mode, the first electronic signature equipment 20 can set up escape way with the second electronic signature equipment 30, and utilizes escape way
Carry out data transmission.Such as, the second electronic signature equipment 30 can utilize the PKI of the first electronic signature equipment 20 to ask transaction
Asking to be encrypted and obtain transaction request ciphertext M1, acquisition module 201 receives the transaction request that the second electronic signature equipment 30 sends
Ciphertext M1, and utilized own private key that transaction request ciphertext M1 is decrypted by security module 202 to obtain transaction request in plain text;
The most such as, the second electronic signature equipment 30 can also utilize the arranging key consulting to obtain with the first electronic signature equipment 20 to friendship
Easily request is encrypted and obtains ciphertext M2, and acquisition module 201 receives the transaction request ciphertext that the second electronic signature equipment 30 sends
M2, and utilize the arranging key of correspondence that transaction request ciphertext M2 is decrypted to obtain transaction request in plain text.Certainly, the first electricity
Sub-signature device 20 and the second electronic signature equipment 30 can set up the escape way for transmitting data in the way of using other,
Thus can improve the security of data transmission between the first electronic signature equipment 20 and the second electronic signature equipment 30.
Security module 202, for obtaining at least one second unit data bag that self stores, wherein, each second units
Representing a kind of currency denomination in multiple currency denomination according to bag, each second unit data bag at least includes: the second unit data,
The 3rd signed data that second unit data signature is obtained by server;At least one goods representated by the second unit data bag above-mentioned
The summation of coin face amount is equal to dealing money.
In the present embodiment, each second unit data bag represents a kind of currency denomination in multiple currency denomination, say, that goods
Coin face amount has multiple, when security module 202 only obtains the second unit data bag self stored, and this second units
A kind of currency denomination therein is only represented according to bag.When security module 202 obtains multiple second unit data bag of self storage,
Multiple second unit data bags can represent multiple different currency denomination, and such as, the number of the second unit data bag is 3,
Each second unit data bag respectively representative money face amount 1 yuan, 2 yuan and 5 yuan;Or, multiple second unit data bags can
To represent identical currency denomination, such as, the number of the second unit data bag is 3, and each second unit data Bao Jun represents
Currency denomination 1 yuan;Again or, the currency denomination representated by multiple second unit data bags had both included identical also include not phase
Same currency denomination, such as, the number of the second unit data bag is 3, each second unit data bag representative money face respectively
It is worth 1 yuan, 1 yuan and 2 yuan.Thus, security module 202 obtains at least one second unit data Bao Suodai of self storage
The currency denomination of table has combination flexibly.
In a kind of optional embodiment of the present embodiment, security module 202 is integrated in safety chip, gathers around inside this safety chip
There are independent processor and memory cell, PKI digital certificate and key, and other characteristics can be stored, data are carried out
Encryption and decryption computing, provides the user data encryption and identification safety authentication service, and in the present embodiment, safety chip can be by from rear
Station server (as bank server or market shopping supplement the third-party server such as server with money) or from other electronic signature equipment
The the second unit data bag storage received, owing to the data in the memory cell of safety chip can not illegally be read, thus may be used
To ensure memory cell stores the security of data.
In a kind of optional embodiment of the present embodiment, each second unit data bag at least includes: the second unit data, clothes
The 3rd signed data that described second unit data signature is obtained by business device.As the optional embodiment of one, server includes
Bank server or third-party server, such as, third-party server can be the purchase card stored value server in certain market.Service
Device can utilize the private key of self to sign the second unit data in each second unit data bag respectively, obtains with each
The 3rd signed data that second unit data bag is corresponding.At least one is carried the second units of the 3rd signed data by server
Sending to the first electronic signature equipment according to bag, thus, the first electronic signature equipment or other electronic signature equipment can utilize service
3rd signed data is verified by the PKI of device, thus verifies the authenticity of the second unit data bag.
In a kind of optional embodiment of the present embodiment, the second unit data in the second unit data bag at least includes: currency
Identification information, or, currency sequence number and currency denomination data.Wherein, currency denomination data are representated by the second unit data bag
Currency denomination, identify the currency denomination representated by the second unit data bag with this, each second unit data of currency serial number
The unique serial number of bag, the most different currency sequence numbers in the second unit data bag is different.Thereby, it is possible to ensure each second
The uniqueness of unit data bag, in order to recognize the true and false of the second unit data bag.As the optional embodiment of one, second
Unit data bag the most also includes one below: the bank of issue identifies and bank certificate sequence number.Wherein, the bank of issue is designated and sends out
The identification information of the bank of this second unit data bag of row, as a example by server is as bank server, bank server utilizes self
Private key carry out signing and refer to that bank server obtains corresponding private key according to bank of issue's mark and bank certificate sequence number, utilization this
Private key is signed.Thus, security module 202 can inquire the relevant information of the bank of issue of correspondence according to this mark, and
And, security module 202 can obtain the bank certificate of the corresponding bank of issue according to bank of issue's mark with bank certificate sequence number,
Bank certificate includes the PKI of the bank of issue, in order to follow-up first electronic signature equipment 20 or the second electronic signature equipment
30 utilize the PKI of the bank of issue that the signature of the second unit data completes checking.
In the present embodiment, after acquisition module 201 receives the transaction request that the second electronic signature equipment 30 sends, security module
202 dealing money that can deduct the second electronic signature equipment 30 request from the account balance of self, and be that the second electronic signature sets
Standby 30 summation at least one second unit data bag equal to dealing money issuing currency denomination, connect in the second electronic signature equipment
Receiving these the second unit data bags, after transferring accounts successfully, just complete off-line transaction, the first electronic signature equipment 20 need not
Transfer accounts just can to server networking again the second electronic signature equipment 30 and (the second electronics label will be transmitted to by the second unit data bag
Name equipment 30).Currency denomination representated by each second unit data bag can be the same or different, communication module 203
Give number and each currency representated by the second unit data bag of the second unit data bag of the second electronic signature equipment 30
Face amount can be determined according to dealing money by the first electronic signature equipment 20, it is also possible to by the second electronic signature equipment 30 according to friendship
Easily the amount of money informs the first electronic signature equipment 20 after determining, such as, as the optional embodiment of the one in the present embodiment, and second
The transaction request that electronic signature equipment 30 sends can also be carried kind and the number of required second unit data bag.The former is years old
One electronic signature equipment 20 can realize issuing of the second unit data bag flexibly, and the latter can meet the second electronic signature equipment
The user of 30 is to the number of the second unit data bag and the demand of face amount.In a kind of optional embodiment of the present embodiment, often
Individual second unit data bag represents a kind of currency denomination in multiple currency denomination, such as, the goods representated by the second unit data bag
Coin face amount includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, certainly, if following country hair style
New currency denomination or other regional, the national currency denominations in addition to making by RMB fall within the protection of the present invention
Scope, is only illustrated with RMB face amount in the present embodiment.Such as, the first electronic signature equipment 20 receives the second electronics
The transaction request that signature device 30 sends, wherein, the dealing money that transaction request includes is 10 yuan, the first electronic signature equipment
20 send 5 the second unit data bags, 5 the second unit data bags by communication module 203 to the second electronic signature equipment 30
Representative currency denomination is respectively 1 yuan, 1 yuan, 1 yuan, 2 yuan and 5 yuan, the currency representated by 5 the second unit data bags
The summation of face amount is 10 yuan, equal with dealing money.Certainly, when the dealing money that transaction request includes is 10 yuan, first
Electronic signature equipment 20 can also send 10 by communication module 203 to the second electronic signature equipment 30 and represent 1 yuan of currency face
Second unit data bag of value, or, 2 the second unit data bags representing 5 yuan of currency denominations, or, 1 represents 10
Second unit data bag of unit's currency denomination.It is to say, the currency denomination representated by the second electron unit monetary data bag is with individual
Number can be with flexible combination, it is only necessary to make the summation of at least one currency denomination representated by the second unit data bag of transmission equal to transaction
The amount of money, the most only as a example by dealing money is 10 yuan, identical for other amount of money Numerical Principles, the most no longer illustrate.
Thus, the number of the second unit data bag, and each the second unit data bag are determined in security module 202 according to dealing money
In the case of the representative amount of money, the first electronic signature equipment 20 can realize issuing of the second unit data bag, Ke Yiyou flexibly
Various combinations;Determine the number of the second unit data bag in the second electronic signature equipment 30 according to dealing money, and each second
In the case of currency denomination representated by unit data bag, can be by the number of request and the second unit data Bao Suodai of correspondence
The currency denomination of table sends to the first electronic signature equipment 20, thus can meet the user of the second electronic signature equipment 30 to the
The number of two unit data bags and the demand of currency denomination.
Second electronic signature equipment 30 is determined to the number of the second unit data bag, and each second unit according to dealing money
The situation of the currency denomination representated by packet, does not probably store in the security module 202 of the first electronic signature equipment 20
The second unit data bag corresponding to currency denomination of the second electronic signature equipment request or the number of the number deficiency request of storage,
As the optional embodiment of the one in the present embodiment, communication module 203 can send prompting letter to the second electronic signature equipment 30
Breath, this information may include that the information that the second unit data bag does not exists or number is not enough of corresponding currency denomination, the
Two electronic signature equipment 30 can change the currency denomination representated by the second electron unit monetary data bag with individual according to dealing money
The combined strategy of number, or, the security module 202 of the first electronic signature equipment 20 change the second electronics list according to dealing money
The combined strategy of position currency denomination representated by monetary data bag and number.Such as, acquisition module 201 receives the second electronic signature
Equipment 30 is transferred accounts the transaction request of 10 yuan, and asks to send 5 the second unit data bags representing 2 yuan and (call 2 metadata in the following text
Bag), but only 42 metadata bags in security module 202, then communication module 203 sends to the second electronic signature equipment 30
Only 42 metadata bags, the information that 2 metadata bag numbers are not enough, now, the second electronic signature equipment 30 can be more
Change combined strategy, such as, return request to the first electronic signature equipment 20 and send 42 metadata bags, 21 metadata bags
Response, or, the communication module 203 of the first electronic signature equipment 20 to second electronic signature equipment 30 send prompting letter
After breath, receive the confirmation response of the second electronic signature equipment 30, then security module 202 can determine a kind of combined strategy at random,
Such as, 42 metadata bags, 21 metadata bags are sent to the second electronic signature equipment 30, thus, solves the first electricity
The number of the second unit data bag stored in the security module 202 of sub-signature device 20 is not enough or non-existent problem.
Additionally, in the specific implementation, there is also the currency denomination representated by the second unit data bag of security module 202 storage without
Method pieces together out the problem of above-mentioned at least one the second unit data bag equal with dealing money, in order to solve this problem, in this reality
Execute in a kind of optional embodiment of example, after acquisition module 201 receives transaction request, be obtained from security module 202
Before at least one second unit data bag that body stores, the first electronic signature equipment 20 passes through communication module 203 to the second electronics
Signature device 30 sends small change information for the treatment of, wherein, treats that small change information and self is stored according to dealing money by security module 202
The currency denomination representated by the second unit data bag determine, such as, treat that small change information can include needing the second electronic signature to set
Standby 30 currency denominations giving change for change returned.If the second electronic signature equipment 30 storage represents this and gives change currency face for change
Second unit data bag of value, or, storage has the summation of currency denomination to be equal to this second unit data bag giving change for change, then
Second electronic signature equipment 30 can return to the first electronic signature equipment 20 and confirm response, i.e. informs the first electronic signature equipment
20 the second unit data bags oneself having small change.Acquisition module 201, for receiving what the second electronic signature equipment 30 sent
Small change information, security module 202, for after acquisition module 201 receives small change information, obtain self storage at least
One the second unit data bag, wherein, the summation of at least one currency denomination representated by the second unit data bag above-mentioned should be equal to
Dealing money is plus the currency denomination giving change for change.
Such as, dealing money is 7 yuan, and in security module 202, storage has 5 the second units representing 2 yuan of currency denominations respectively
Packet (calls 2 metadata bags in the following text), then security module 202 cannot utilize these 5 to represent 2 metadata bags respectively and piece together out 7
Unit's currency denomination, store only with self 5 of security module 202 represent 2 metadata bags respectively and piece together out and dealing money
7 yuan closest to and more than the currency denomination of dealing money, i.e. security module 202 can utilize 4 to represent 2 metadata bags respectively
Piece together out 8 yuan of currency denominations, in addition it is also necessary to the second electronic signature equipment 30 gives 1 yuan of change for change, i.e. in communication module 203 by 4
After individual 2 metadata bags are sent to the second electronic signature equipment 30, the second electronic signature equipment 30 needs to set to the first electronic signature
Standby 20 return 11 metadata bag (representing the second unit data bag of 1 yuan of currency denomination).Communication module 203 is to the second electricity
Sub-signature device 30 sends the small change information for the treatment of that change is 1 yuan of giving for change that carries, and wherein, treats that small change information is for inquiry the second electricity
Whether sub-signature device 30 can give representative the second unit data bag that currency denomination summation is 1 yuan for change.If the second electronics
In the safety chip of signature device 30, storage has representative the second unit data bag that currency denomination summation is 1 yuan, then to first
Electronic signature equipment 20 sends small change information, i.e. returns with purpose the first electronic signature equipment 20 and represents 1 yuan or currency denomination
Summation is the second unit data bag of 1 yuan.After acquisition module 201 receives small change information, security module 202 obtains 4
Individual 2 metadata bags send to the second electronic signature equipment 30, and the second electronic signature equipment 30 can return again to the first electronic signature
20 11 metadata bags of equipment (represent the second unit data bag of 1 yuan of currency denomination).Thus, the generation when piecing together out
During the currency denomination summation of the table second unit data bag equal with dealing money, electronic transaction can be completed by small change mechanism,
Make electronic transaction convenient.
Communication module 203, for sending at least one second unit data bag above-mentioned to described opposite end electronic signature equipment.
In the present embodiment, in order to prevent electronic signature equipment from illegally re-using same second unit data bag, cause the second list
The confusion that bit data packet stream is logical, it is ensured that same second unit data wraps in the uniqueness in payment process, present embodiments provides
One of following at least two mode:
Mode one:
Security module 202, is additionally operable to send at least one second unit data bag above-mentioned to the second electronics in communication module 203
After signature device 30, delete at least one the second unit data bag obtained, owing to security module 202 is according to dealing money
Get this at least one second unit data bag and by communication module 203, at least one this second unit data bag above-mentioned sent out
After delivering to the second electronic signature equipment, security module 202 the most also maintains these the second unit data bags sent,
Can't automatically perform the action deleted, therefore, in the manner, make to ensure that the first electronic signature equipment 20 cannot repeat
With these the second unit datas, in communication module 203, at least one second unit data bag above-mentioned is sent to the second electronic signature
After equipment 30, these the second unit data bags that security module 202 meeting Force Deletion has been transmitted across, and corresponding storage is empty
Between status word be set to vacant.Thus, self can be stored after paying the second unit data bag by security module 202
Prepaid second unit data bag delete, it is ensured that the first electronic signature equipment 20 can not be reused and also cannot recover
The the second unit data bag being transmitted across, i.e. ensure that the uniqueness that same second unit data wraps in payment process.
Mode two:
Communication module 203, for will at least one second unit data bag transmission above-mentioned to opposite end electronic signature equipment, including:
Communication module 203, for being encrypted at least one second unit data bag above-mentioned, obtains at least one the 3rd unit data
Bag, sends at least one the 3rd unit data bag above-mentioned to the second electronic signature equipment 30.Such as, security module 202 obtains
To 5 the second unit data bags representing 2 yuan, each the second unit data packet encryption representing 2 yuan is obtained by communication module 203
To 5 the 3rd unit data bags representing 2 yuan.In the present embodiment, communication module 203 is at least one second units above-mentioned
The cryptographic operation carried out according to bag is irreversible operation, i.e. communication module 203 can be encrypted and be obtained the 3rd unit data bag, the most not
The second unit data bag can be obtained, therefore, when at least one obtained the 3rd unit data is coated with from the 3rd unit data bag deciphering
When having covered at least one second unit data bag of correspondence, security module 202 only stores the 3rd unit data bag of encryption,
Owing to it so the second unit data bag cannot be recovered, also can not cannot repeat use to the 3rd unit data bag deciphering
These the second unit data bags.In the present embodiment, communication module 203 and security module 202 can be integrated in safety chip.
Specifically, as the optional embodiment of one, communication module 203 is additionally operable at least one second unit data above-mentioned
Bag is encrypted, including: communication module 203 is for utilizing the PKI of the second electronic signature equipment 30 at least to each second unit
The second unit data in packet is encrypted.As the optional embodiment of another kind, communication module 203 is additionally operable to upper
State at least one second unit data bag to be encrypted, including: communication module 203 utilizes and associates with the second electronic signature equipment 30
Symmetric key at least the second unit data in each second unit data bag is encrypted.
Embodiment optional for former, the second electronic signature equipment 30 can be sent to the first electronic signature equipment 20
Transaction request include the PKI of the second electronic signature equipment 30, or, communication module 203 can pass through acquisition module 201
The digital certificate of the second electronic signature equipment can be obtained to Third Party Authentication platform, this digital certificate is preserved the second electronics label
The PKI of name equipment 30.Thus, communication module 203 can get the PKI of the second electronic signature equipment 30.
Security module 202, is additionally operable to after at least one second unit data bag above-mentioned is encrypted by communication module 203,
Each second unit data bag with each 3rd unit data self storage of cladding lid.In the present embodiment, by each 3rd unit
Packet covers each second unit data bag of storage in security module 202 and refers to, security module 202 is by communication module 203
The memory space of the former second unit data bag of each 3rd unit data bag write correspondence generated, replaces original second single
Bit data bag.Such as, the second unit data packet encryption that package identification is 1*** is generated the 3rd unit data bag, and writes
In the memory space that this 1*** is corresponding.Thus, after carrying out the second unit data bag and paying, for having been issued to the second electronics
Second unit data bag of signature device 30, security module 202 only stores and is encrypted by the second electronic signature equipment 30 PKI
After the 3rd corresponding unit data bag that obtains, and the safety chip being integrated with communication module 203 can not have the second electronic signature
The private key of equipment 30, the 3rd unit data bag cannot be decrypted by the safety chip being therefore integrated with communication module 203, nothing
Method recovers the second unit data bag, also cannot repeat these the second unit data bags of use, it is ensured that same second is single
The uniqueness of bit data bag, and the 3rd unit data bag is the public key encryption utilizing the second electronic signature equipment 30, so
3rd unit data bag only can be decrypted by the second electronic signature equipment 30 (the only second electronic signature equipment 30 have from
Oneself private key), thus only beneficiary (the i.e. second electronic signature equipment 30) can have and can use unencrypted second
Unit data bag, even if other electronic signature equipment illegally get the 3rd unit data bag, also because not having the second electronics label
The name private key of equipment 30 and cannot decipher and can not use the second unit data bag got, thus ensure that the second unit data bag
The security of circulation.
Embodiment optional for latter, the symmetric key associated with the second electronic signature equipment 30 is set by the first electronic signature
Standby 20 hold consultation with the second electronic signature equipment 30 obtains.Security module 202, is additionally operable in communication module 203 above-mentioned
After at least one second unit data bag is encrypted, each second with each 3rd unit data self storage of cladding lid is single
Bit data bag, and delete symmetric key.In the present embodiment, store with in each 3rd unit data cladding lid security module 202
Each second unit data bag refer to, security module 202 is by corresponding for each 3rd unit data bag write of generating former second
The memory space of unit data bag, replaces the second original unit data bag.Such as, it is the second of 1*** by package identification
Unit data packet encryption generates the 3rd unit data bag, and writes in memory space corresponding to this 1***.Symmetric key is utilized at this
In the mode of encryption and decryption, if communication module 203 also has symmetric key, it is possible to the 3rd unit data bag decryption restoration is gone out
Second unit data bag, therefore, in the present embodiment, sends at least one second unit data bag above-mentioned in communication module 203
After the second electronic signature equipment, it is necessary to the symmetric key in Force Deletion communication module 203, thus, the second list is being carried out
After bit data bag pays, for having been issued to the second unit data bag of the second electronic signature equipment 30, security module 202
Only store the 3rd corresponding unit data bag being utilized symmetric key to obtain after being encrypted by communication module 203, and due to communication
The symmetric key being encrypted use is deleted by module 203, so, communication module 203 cannot be again to the 3rd unit data
Bag is decrypted, it is impossible to recover the second unit data bag, also cannot repeat these the second unit data bags of use, it is ensured that
The uniqueness of same second unit data bag, and, this symmetric key only has the first electronic signature equipment 20 and the second electronics
Signature device 30 is known, therefore, the 3rd unit data bag only can be decrypted by the second electronic signature equipment 30, thus only
There is beneficiary (the i.e. second electronic signature equipment 30) can have and unencrypted the second unit data bag can be used, other electricity
Even if sub-signature device illegally gets the 3rd unit data bag, also cannot decipher can not use because of not this symmetric key
The the second unit data bag got, thus ensure that the security that the second unit data packet stream is logical.
In this optional embodiment, as the optional mode of one, symmetric key can be and the second electronic signature equipment 30
The XOR factor of association, this XOR factor can be that the first electronic signature equipment 20 and the second electronic signature equipment 30 consult to obtain
One group of character or the sequence of numeral, be used for carrying out XOR;Specifically, communication module 203, for utilizing and the second electricity
The second unit data in each second unit data bag is at least encrypted by the symmetric key of sub-signature device 30 association, including:
Communication module 203, for utilizing the XOR factor at least the second unit data in each second unit data bag to be carried out XOR fortune
Calculate.XOR belongs to a kind of symmetric encryption operation mode, but compares the mode of other symmetric encryption operation, the speed of XOR
Degree is very fast, thus, it is possible to improve communication module 203 second unit data bag is encrypted the effect generating the 3rd unit data bag
Rate.
In the present embodiment, communication module 203 at least can prevent electronic signature equipment from illegally repeating to make by above several ways
With same second unit data bag, cause the confusion that the second unit data packet stream is logical, it is ensured that same second unit data wraps in
Uniqueness in payment process.Certainly the present embodiment is not precluded from other embodiments, as long as identical technique effect can be reached
?.Furthermore, it is necessary to explanation, in the present embodiment, the second unit data bag can be understood as including: clear-text way and ciphertext
Two kinds of packets of mode, in mode one, the second unit data bag can be understood as the packet do not encrypted, the i.e. second unit
The clear-text way of packet, in mode two, the 3rd unit data bag can be understood as the one of the second unit data bag, and i.e. second
Packet after unit data packet encryption, is i.e. the ciphertext form of the second unit data bag.
Additionally, in mode two, the 3rd unit data bag is ciphertext, it is ensured that the security of transmission data, even and if by other
Equipment is intercepted and captured, it is also difficult to crack, and further increases the security that the second unit data packet stream is logical.
Additionally, after the acquisition module 201 of the first electronic signature equipment 20 receives transaction request, in order to ensure the safety of transaction,
Also need to obtain the confirmation of user, follow-up transactional operation could be performed, in the present embodiment, the friendship that acquisition module 201 receives
Easily request at least includes: the device identification of the second electronic signature equipment 30, the first electronic signature equipment 20 is additionally provided with mutual mould
Block 204, as in figure 2 it is shown, interactive module 204, for pointing out dealing money and the second electronic signature equipment 30 to holding user
Device identification, and receive the confirmation holding user.In a kind of optional embodiment of the present embodiment, acquisition module
201 at least include from the transaction request that the second electronic signature equipment 30 receives: the equipment mark of the second electronic signature equipment 30
Know.Specifically, the device identification of the second electronic signature equipment 30 can be the sequence number that dispatches from the factory of the second electronic signature equipment 30,
Can also be the device name of the second electronic signature equipment 30, it is also possible to be the second electronic signature equipment 30 name of holding user.
By this device identification, user can confirm that whether this second electronic signature equipment 30 is the trading object that user agrees to, only uses
After dealing money and trading object are all approved by family, user just can select to confirm this transaction, from there through user to transaction really
Recognize to ensure the safety of this transaction.
As the optional embodiment of one, interactive module 204 includes display screen or loudspeaker, is shown by display screen or logical
Cross the speaker sound self arranged and report dealing money and the device identification of the second electronic signature equipment 30;Or, the first electronics
Signature device 20 can also be connected, by display screen or the loudspeaker of external equipment with external equipment foundation by interactive module 204
Dealing money and the device identification of the second electronic signature equipment 30 is pointed out to holding user.Thus, it is possible to facilitate user to confirm payment
The amount of money and beneficiary are the most correct.As the optional embodiment of one, interactive module 204 includes validating that button, Yong Hutong
Cross this confirmation button to confirm.Certainly, interactive module 204 can also include validating that information entry component, and this confirmation is defeated
Enter assembly and specifically may include that PIN code input keyboard or fingerprint input module.Thus, user can by input PIN code or
The mode input validation information of fingerprint, while confirming the relevant information of electronic transaction, the first electronic signature equipment is also
The identity holding user can be verified, improve the security of electronic transaction further.
In the present embodiment, the second electronic signature equipment 30 sends in the communication module 203 receiving the first electronic signature equipment 20
The 3rd unit data bag after, the 3rd unit data bag deciphering can be obtained the second unit data bag, and calculate the second unit data
Whether the total amount of bag is equal to the dealing money asked, and if less than dealing money, then can ask to the first electronic signature equipment 20
Ask repeating transmission the second unit data bag, the security module 202 of the first electronic signature equipment 20 can from this second electronic signature equipment
3rd unit data bag of 30 correspondences selects partly or entirely to retransmit.When exist many transactions and/or with multiple second electronics
After signature device 30 is traded, communication module 203 also needs in the 3rd unit data bag (or second unit data bag)
Add the device identification association of the second electronic signature equipment 30, identify which the 3rd unit data bag belongs to this device identification with this
The second electronic signature equipment 30 pointed to, to the second corresponding electronic signature equipment 30 retransmission data bag.Therefore, each 3rd
Unit data bag also includes: the device identification of the second electronic signature equipment 30.Specifically, for the reality of above-mentioned communication module 203
Execute mode two, communication module 203, at least one second unit data bag above-mentioned is encrypted, obtain at least one the
Three unit data bags, including: communication module 203, at least one second unit data bag above-mentioned is encrypted, obtain
After at least one the 3rd unit data bag, the device identification of the second electronic signature equipment 30 is added on each described 3rd units
According in bag, such as, the first electronic signature equipment 20 is in a friendship with the second electronic signature equipment 30 that device identification is A**
Yi Zhong, after generating at least one the 3rd unit data bag, can add in each 3rd unit data bag of this transaction
The device identification A** of the second electronic signature equipment 30, identifies the 3rd unit being sent to the second electronic signature equipment 30 with this
Packet.Accordingly, because each 3rd unit data bag of security module 202 storage includes the second electronic signature equipment
The identification information of 30, so the first electronic signature equipment 20 can know the beneficiary corresponding to each 3rd unit data bag (i.e.
Second electronic signature equipment 30), in order to when the second electronic signature equipment 30 asks the first electronic signature equipment 20 to be retransmitted,
Security module 202 in first electronic signature equipment 20 can find this second electronic signature equipment 30 corresponding according to device identification
The 3rd unit data bag perform retransmit corresponding operating.
Additionally, in the present embodiment, the second electronic signature equipment 30 request repeat part is received at acquisition module 201 unreceived
After second unit data bag, before communication module 203 sends retransmission of information to the second electronic signature equipment 30, security module
202, in addition it is also necessary to determine and specifically need to retransmit which the second unit data bag, therefore, in the present embodiment, the second unit data bag
Can also include: package identification, can uniquely identify a second unit data bag by this package identification.Additionally, this
In embodiment, in the 3rd unit data bag that the second unit data encryption in the second unit data bag is obtained by communication module 203
Also can include this package identification, thus can uniquely identify a 3rd unit data bag.In the present embodiment, the second electronics label
Security module 202 in the second unit data bag stored in name electronic equipment 30 and the first electronic signature equipment 20 covers second
The package identification of the 3rd unit data bag of unit data bag is consistent, and therefore security module 202 can be by the second electronics label
The 3rd unit data bag that the package identification of name device request repeating transmission is corresponding is retransmitted by communication module 203.Wherein, should
The acquisition mode of package identification includes multiple, and the present embodiment is only illustrated and illustrated, and is specifically including but not limited in the following manner:
Mode one: this package identification is each second unit data that acquisition module 201 obtains from the second electronic signature equipment 30
The package identification that report is corresponding.
Wherein, package identification includes but not limited to: the second electronic signature equipment 30 utilizes the count value that its rolling counters forward obtains
Or second electronic signature equipment 30 generate random number, this package identification can be not only used for security module 202 and finds data
The second unit data bag or the 3rd unit data packet retransmission that bag mark is corresponding give the second electronic signature equipment 30, due also to these data
Bag mark is determined by the second electronic signature equipment 30, is also prevented from Replay Attack by this package identification.
Specifically, acquisition module 201, for often sending a second unit data bag or the 3rd units in communication module 203
Obtain a corresponding package identification according to forward direction second electronic signature equipment 30 of bag, be also used for sending in communication module 203 handing over
Before all second unit data bags that easily amount of money is corresponding or the 3rd unit data bag, obtain correspondence to the second electronic signature equipment 30
Multiple package identifications of each second unit data bag, by security module 202 corresponding package identification added to this second
After in unit data bag, then by communication module 203, the 3rd unit data bag that this second unit data bag generates is sent to second
Electronic signature equipment 30.Thus, the package identification the second electronic signature equipment 30 generated adds to the second list to be sent
In bit data bag, (the 3rd i.e. received is single to the second unit data bag received can to facilitate the second electronic signature equipment 30
The second unit data bag of obtaining deciphered by bit data bag) whether it is that replay data is tested, and owing to package identification is by the
Two electronic signature equipment 30 are distributed, thus the second electronic signature equipment 30 to be capable of deciding whether to have been received by entire packet mark right
The the second unit data bag answered, to judge whether to need to initiate the request of retransmitting.To prevent Replay Attack for example, packet mark
Knowledge be second electronic signature equipment 30 generate random number R 1 time, communication module 203 send a second unit data bag it
Before, acquisition module 201 obtains package identification from the second electronic signature equipment 30, i.e. random number R 1, and passes through communication module
The the second unit data bag including random number R 1 is sent to the second electronic signature equipment 30 by 203.Second electronic signature equipment
30 can check whether the package identification carried in the second unit data bag received is random number R 1, if it is, think
The the second unit data bag received is legal;Otherwise it is assumed that the second unit data bag received is replay data, then abandon
These data.Thus, it is possible to avoid the second electronic signature equipment 30 to be played out attacking.
Mode two: package identification can also be that security module 202 passes through acquisition module 201 from the second electronic signature equipment 30
Obtain package identification initial value, based on package identification initial value, and according to being sent to the of the second electronic signature equipment 30
The package identification that the calculated each second unit data bag of total number of two unit data bags is corresponding.
In this approach, by security module 202 according to package identification initial value and packet number to be sent, determine every
The package identification of individual second unit data bag to be sent, specifically, package identification initial value can be the second electronic signature
Equipment 30 utilizes the count value that its rolling counters forward obtains.For example, when dealing money is 8 yuan, communication module 203
Need to be sent to 30 3 the second unit data bags of the second electronic signature equipment, three the second unit data bag representative money faces respectively
It is worth 1 yuan, 2 yuan and 5 yuan.Acquisition module 201 is 30 from the package identification initial value that the second electronic signature equipment 30 obtains,
This package identification initial value can be the current data packet that is accumulated by of the rolling counters forward of the second electronic signature equipment 30
Number adds 1, and such as, before initiating this transaction, the second electronic signature equipment 30 stores altogether 29 the second unit datas
Bag, the package identification of these 29 the second unit data bags can be from 1 to 29, then, the next packet received is just
Can start mark from 30, then security module 202 is calculated based on package identification initial value 30: represent 1 yuan of currency
The second unit data bag that the package identification corresponding to second unit data bag of face amount is 30, represent 2 yuan of currency denominations is right
The package identification answered is 31 and represents the package identification corresponding to the second unit data bag of 3 yuan of currency denominations is 32,
In the present embodiment, the second electronic signature equipment 30 is after receiving these 3 the second unit data bags, also according to corresponding packet
Mark is associated storage.Thus, the first electronic signature equipment 20 only need to obtain data from the second electronic signature equipment 30
Bag mark initial value, can calculate flexibly according to the number of the second unit data bag being sent to the second electronic signature equipment 30
The package identification that each second unit data bag is corresponding.Thus, the first electronic signature equipment 20 can be real according to package identification
Now part the second unit data bag or the repeating transmission of the 3rd unit data bag, and the second electronic signature equipment 30 can be according to packet mark
Know whether the second unit data bag judging to receive is replay data, thus avoid the second electronic signature equipment 30 to be played out attacking.
In a kind of optional embodiment of the present embodiment, do not receive the dealing money pair of request in the second electronic signature equipment 30
During the whole second unit data bag answered, acquisition module 201, it is additionally operable to receive the repeating transmission request of the second electronic signature equipment 30;
Communication module 203, is additionally operable to send retransmission of information to the second electronic signature equipment 30 according to the request of retransmitting, and wherein, retransmitting please
The device identification of the second electronic signature equipment 30 and/or the package identification that each second unit data bag is corresponding is at least included in asking,
So that according to this repeating transmission request, security module 202 can determine that retransmission of information, retransmission of information are security module 202 to being somebody's turn to do
The all or part of packet selected in the 3rd unit data bag that one transaction of the second electronic signature equipment is corresponding, to ensure
Two electronic signature equipment 30 obtain whole second unit data bags of a transaction.It should be noted that the data such as guaranteed payment
Described in the mode two of the uniqueness of bag, communication module 203, at least one second unit data packet encryption above-mentioned is obtained correspondence
At least one the 3rd unit data bag, communication module 203 by above-mentioned at least one the 3rd unit data bag send to second electricity
After sub-signature device 30, cover the second unit data bag of correspondence, the present embodiment with at least one the 3rd unit data bag
In, the 3rd unit data bag can be interpreted as the second unit data bag of ciphertext form.Such as, repeating transmission request includes: second
The device identification of electronic signature equipment 30 and package identification 30, then need to include in the retransmission of information that communication module 203 sends
By in the second unit data bag comprising the device identification carrying the second electronic signature equipment 30 and package identification 30
Two unit datas encrypt the 3rd unit data bag obtained.Thus, the first electronic signature equipment 20 may determine that need to retransmit the
Two unit data bags.
In the present embodiment, as the optional embodiment of one, the second electronic signature equipment 30 can be to the first electronic signature
20 device request retransmit whole second unit data bags of a transaction, as the optional embodiment of another kind, the second electronics label
Name equipment 30 can also the second unit data bag that only request repeat does not receives.For the former, the second electronic signature equipment 30
Retransmit request at least include the device identification of the second electronic signature equipment 20, the first electronic signature equipment 20 is by communication mould
The retransmission of information that block 203 sends includes at least one second unit data bag, i.e. retransmits corresponding complete of the dealing money of a transaction
Portion's the second unit data bag, as the optional mode of one, communication module 203 can by this at least one second unit data bag
Send to the second electronic signature equipment 30 with ciphertext form, will send to the second electronic signature by least one the 3rd unit data bag
Equipment 30, it is possible to understand that retransmission of information herein includes at least one the 3rd unit data bag;For the latter, the second electronic signature
The repeating transmission request of equipment at least includes: the package identification of unreceived second unit data bag, it is also possible to including: the second electricity
The device identification of sub-signature device 30, the retransmission of information that communication module 203 in the first electronic signature equipment 20 sends includes the
The second unit data bag that two electronic signature equipment 30 do not receive, i.e. retransmits the second units of package identification instruction in request
According to bag, as the optional mode of one, this package identification can be referred to by the communication module 203 in the first electronic signature equipment 20
The the second unit data bag shown sends to the second electronic signature equipment 30 with ciphertext form, will the instruction of this package identification the 3rd
Unit data bag sends to the second electronic signature equipment 30, it is possible to understand that retransmission of information herein includes what this package identification indicated
3rd unit data bag.
For the former, for example, for the transaction of a numbered 1*******, the transaction of the second electronic signature equipment 30
Dealing money in request is 10 yuan, and communication module 203 sends 5 to the second electronic signature equipment 30 and represents 2 yuan of goods respectively
Second unit data bag of coin face amount, but due to loss of data in transmitting procedure, the second electronic signature equipment 30 only receives 4
Representing the second unit data bag of 2 yuan of currency denominations respectively, currency denomination summation is 8 yuan, unequal with dealing money 10 yuan.
For this transaction, the second electronic signature equipment 30 sends, to the first electronic signature equipment, the request of repeating transmission, in this repeating transmission request at least
Carrying the device identification of the second electronic signature equipment 30, acquisition module 201 sends for receiving the second electronic signature equipment 30
Repeating transmission request after, whole 3rd units of its correspondence can be inquired for this transaction of this second electronic signature equipment 30
According to bag, 5 the 3rd unit data bags are carried and sends in retransmission of information to the second electronic signature equipment 30, will 5 difference
The the second unit data bag representing 2 yuan of currency denominations carries in retransmission of information transmission to the second electronic signature equipment with the form of ciphertext
30.Thus, the first electronic signature equipment 20 has the function that response the second electronic signature equipment 30 is retransmitted, to ensure the second electricity
Sub-signature device 30 can receive the whole second unit data bags needed for electronic transaction, it is ensured that transaction can smoothly complete.
For the latter, for example, for the transaction of a numbered 1*******, the transaction of the second electronic signature equipment 30
Dealing money in request is 5 yuan, the second electronic signature equipment 30 receive first electronic signature equipment send 2 represent respectively
The second unit data bag (being called for short 2 metadata bags) of 2 yuan of currency denominations, and 1 the second unit representing 1 yuan of currency denomination
Packet (is called for short 1 metadata bag), but due to loss of data in transmitting procedure, the second electronic signature equipment 30 only receives 2
Individual 2 metadata bags, currency denomination summation is 4 yuan, unequal with dealing money 5 yuan.For this transaction, the second electronics label
Name equipment 30 sends, to the first electronic signature equipment 20, the request of repeating transmission, at least carries the second electronic signature and set in this repeating transmission request
Device identification and the package identification (package identification of i.e. 1 metadata bag) of unreceived packet of standby 30 or received
The package identification of the 2 metadata bags arrived, acquisition module 201 receive second electronic signature equipment 30 send repeating transmission request after,
This transaction for this second electronic signature equipment 30 can inquire the 3rd of correspondence according to the package identification of 1 metadata bag
Unit data bag, or the packet not sending successful 1 metadata bag is determined according to the package identification of 42 metadata bags
The 3rd unit data bag that mark is corresponding, the 3rd corresponding for 1 metadata bag mark unit data bag is carried by communication module 203
Retransmission of information send to the second electronic signature equipment, i.e. communication module 203 by the second corresponding for package identification unit data bag with
The form of ciphertext is carried and is sent to the second electronic signature equipment 30 in retransmission of information.Thus, communication module 203 can be by the second electricity
The unreceived second unit data bag of sub-signature device 30 resends, and decreases the transmission quantity of retransmission data, it is ensured that the second electricity
Sub-signature device 30 can receive the whole second unit data bags needed for electronic transaction.
In a kind of optional embodiment of the present embodiment, security module 202, it is used for distributing storage at least one the 3rd units
According to the memory space of bag (or second unit data bag), these memory spaces of security module 202 can store at least one the
Two unit data bags, in order to acquisition module 203 after the transaction request receiving the second electronic signature equipment 30, security module
202 obtain the second unit data bag needed for dealing money from the memory space of self, additionally, at least one the second unit
After Data Packet Encryption obtains at least one the 3rd unit data bag, at least one the 3rd at least one second list of unit data cladding lid
After bit data, this at least one the 3rd unit data bag is stored in the memory space of correspondence.Acquisition module 201, is additionally operable to
Retransmission of information is sent after the second electronic signature equipment 30 by communication module 203 according to the request of retransmitting, and receives the second electronics label
The successful confirmation of reception that name equipment 30 returns;Security module 202, is additionally operable to will store at least one the 3rd unit before
The status word of the memory space of packet is revised as transaction and completes, or is emptied by memory space, and by corresponding memory space
Status word is revised as vacant.Wherein, status word is the memory space concluded the business, can be by new data cover.Thus,
Security module 202 after confirming that the second electronic signature equipment 30 receives the whole second unit data bags needed for electronic transaction,
The memory space of safety chip can be cleared up, in order to discharge more memory space, it is ensured that follow-up transaction is smoothed out.
In a kind of optional embodiment of the present embodiment, security module 202, it is additionally operable to the account amount of money of electronic signature equipment
Deduct dealing money and obtain current account balance;Interactive module 204, is additionally operable to show dealing money and/or current to holding user
Account balance.Thus, the user holding electronic signature equipment can inquire about dealing money and current account on the equipment of oneself
Remaining sum.
In the present embodiment, the second electronic signature equipment 30, for sending transaction request to the first electronic signature equipment 20, and from
First electronic signature equipment 20 receives at least one second unit data bag above-mentioned, is deposited by least one second unit data bag above-mentioned
It is stored in safety chip.Thus, the second electronic signature equipment 30 can coordinate with the first electronic signature equipment, completes off line electronics
Transaction.
Using the first electronic signature equipment 20 that the present embodiment provides, the fund of user is with the shape of at least one the second unit data bag
Formula is stored in first electronic signature equipment 20 of user.User is when consumption, because fund is no longer to store with the form of numerical value
In the first electronic signature equipment 20, so the first electronic signature equipment 20 need not by the remaining sum in server change account
Numerical value, it is only necessary to the one or more second unit data bags meeting spending amount are sent to beneficiary, thus, the first electricity
Sub-signature device 20 is no longer necessary to rely on server to carry out networking and pays when carrying out electronic transaction with the second electronic signature equipment 30,
Server is no longer necessary to supervise electronic signature equipment, thus realizes off line electronic transaction veritably;Additionally, the first electronics
It is ciphertext that signature device 20 is sent to the 3rd unit data bag of the second electronic signature equipment 30, further increases electronic transaction
Security;Additionally, add package identification and the device identification of the second electronic signature equipment 30 in the second unit data bag,
Can effectively prevent the second electronic signature equipment 30 to be played out attacking, the first electronic signature equipment 20 can be facilitated to determine simultaneously
Retransmission of information.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or
The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and
The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root
According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute
Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement
In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system
Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art
In any one or their combination realize: have and patrol for the discrete of logic gates that data-signal is realized logic function
Collect circuit, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate
Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries
Instructing relevant hardware by program to complete, described program can be stored in a kind of computer-readable recording medium, this journey
Sequence upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each
Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible
The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If described integrated module is with software merit
Can the form of module realize and as independent production marketing or when using, it is also possible to be stored in the storage of embodied on computer readable and be situated between
In matter.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ",
Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises
In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to
It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or
Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary,
Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective
Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power
Profit requires and equivalent limits.
Claims (10)
1. the method for commerce of an electronic signature equipment, it is characterised in that including:
First electronic signature equipment receives the transaction request that the second electronic signature equipment sends, and wherein, described transaction request is at least
Including: dealing money;
Described first electronic signature equipment obtains at least one second units from the safety chip of described first electronic signature equipment
According to bag, wherein, each second unit data bag represents a kind of currency denomination in multiple currency denomination, described each second unit
Packet at least includes: the 3rd signed data that described second unit data signature is obtained by the second unit data, server;Institute
State the summation of at least one currency denomination representated by the second unit data bag equal to described dealing money;
At least one second unit data bag described is sent to described second electronic signature equipment by described first electronic signature equipment.
Method of commerce the most according to claim 1, it is characterised in that
Described first electronic signature equipment by described at least one second unit data bag send to described second electronic signature equipment it
After, described method also includes: described first electronic signature equipment deletes at least one the second unit data bag described obtained.
Method of commerce the most according to claim 1, it is characterised in that
At least one second unit data bag described is sent to described second electronic signature equipment by described first electronic signature equipment,
Including:
At least one second unit data bag described is encrypted by described first electronic signature equipment, obtains at least one the 3rd list
Bit data bag, and at least one the 3rd unit data bag described is sent to described second electronic signature equipment.
Method of commerce the most according to claim 3, it is characterised in that
At least one second unit data bag described is encrypted by described first electronic signature equipment, including:
Described first electronic signature equipment utilizes the PKI of described second electronic signature equipment at least in each second unit data bag
The second unit data be encrypted.
Method of commerce the most according to claim 4, it is characterised in that
After at least one second unit data bag described is encrypted by described first electronic signature equipment, described method is also wrapped
Include:
Described first electronic signature equipment covers, by each 3rd unit data cladding, described each second stored in described safety chip
Unit data bag.
6. an electronic signature equipment, it is characterised in that described electronic signature equipment includes:
Acquisition module, for receiving the transaction request that opposite end electronic signature equipment sends, wherein, described transaction request at least includes:
Dealing money;
Security module, for obtaining at least one second unit data bag that self stores, wherein, each second unit data bag
Representing a kind of currency denomination in multiple currency denomination, described each second unit data bag at least includes: the second unit data,
The 3rd signed data that described second unit data signature is obtained by server;Representated by least one second unit data bag described
The summation of currency denomination equal to described dealing money;
Communication module, for sending at least one second unit data bag described to described opposite end electronic signature equipment.
Electronic signature equipment the most according to claim 6, it is characterised in that
Described security module, is additionally operable to send at least one second unit data bag described to described opposite end in described communication module
After electronic signature equipment, delete at least one the second unit data bag described obtained.
Electronic signature equipment the most according to claim 6, it is characterised in that
Described communication module, for sending at least one second unit data bag described to described opposite end electronic signature equipment, bag
Include:
Described communication module, for being encrypted at least one second unit data bag described, obtains at least one the 3rd unit
Packet, sends at least one the 3rd unit data bag described to described opposite end electronic signature equipment.
Electronic signature equipment the most according to claim 8, it is characterised in that
Described communication module, at least one second unit data bag described is encrypted, including:
Described communication module, for utilizing the PKI of described opposite end electronic signature equipment at least in each second unit data bag
Second unit data is encrypted.
10. a transaction system, it is characterised in that including: the first electronic signature equipment and the second electronic signature equipment, wherein:
Described first electronic signature equipment uses the electronic signature equipment as described in any one of claim 6 to 9;
Described second electronic signature equipment, for sending described transaction request to described first electronic signature equipment, and from described the
One electronic signature equipment receives at least one second unit data bag described, is stored in by least one second unit data bag described
In safety chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610178222.1A CN105913254A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610178222.1A CN105913254A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105913254A true CN105913254A (en) | 2016-08-31 |
Family
ID=56744588
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610178222.1A Pending CN105913254A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105913254A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1756150A (en) * | 2004-09-30 | 2006-04-05 | 飞力凯网路股份有限公司 | Information management apparatus, information management method, and program |
CN101448255A (en) * | 2007-11-27 | 2009-06-03 | 飞力凯网路股份有限公司 | Service provision system, service provision server as well as information terminal equipment |
CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
CN104463001A (en) * | 2014-12-19 | 2015-03-25 | 比特卡国际有限公司 | Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key |
CN104881781A (en) * | 2015-05-11 | 2015-09-02 | 福建联迪商用设备有限公司 | Method, system, and client based on secure transaction |
-
2016
- 2016-03-25 CN CN201610178222.1A patent/CN105913254A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1756150A (en) * | 2004-09-30 | 2006-04-05 | 飞力凯网路股份有限公司 | Information management apparatus, information management method, and program |
CN101448255A (en) * | 2007-11-27 | 2009-06-03 | 飞力凯网路股份有限公司 | Service provision system, service provision server as well as information terminal equipment |
CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
CN104463001A (en) * | 2014-12-19 | 2015-03-25 | 比特卡国际有限公司 | Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key |
CN104881781A (en) * | 2015-05-11 | 2015-09-02 | 福建联迪商用设备有限公司 | Method, system, and client based on secure transaction |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106651331B (en) | A kind of electronic trade method and system based on digital cash | |
CN103975352B (en) | The stored value card that can be supplemented with money safely | |
CN105684346B (en) | Ensure the method for air communication safety between mobile application and gateway | |
CN108564353A (en) | Payment system based on block chain and method | |
AU2010295188B2 (en) | Asset storage and transfer system for electronic purses | |
CN107993149A (en) | Account information management method, system and readable storage medium storing program for executing | |
CN105931048A (en) | Electronic signature devices, and trading method and trading system thereof | |
CN104794613B (en) | A kind of mobile device authentication method based on point-of-sale terminal | |
CN108234385A (en) | A kind of method for authenticating user identity and device | |
CN108122112A (en) | Electronic ID card based on authentication device signs and issues certification and safety payment system | |
CN107111815A (en) | System, method and device for updating stored value card | |
AU2011235531B2 (en) | Message storage and transfer system | |
CN111062717A (en) | Data transfer processing method and device and computer readable storage medium | |
CN108492071A (en) | A kind of express delivery information processing method and device based on block chain | |
CN105913259A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
CN112308546A (en) | Offline digital currency acquiring system and method | |
CN105913253A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
CN106228349A (en) | The method of commerce of a kind of electronic signature equipment and electronic signature equipment | |
CN105913254A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
CN114677128A (en) | Block chain-based public purse cubing method and device | |
JP2002123772A (en) | Payment roaming by various network organizations irrespective of time and place of payment device | |
CN107491954A (en) | Information interacting method, authentication and electronic fare payment system and method | |
CN116802661A (en) | Token-based out-of-chain interaction authorization | |
CN105913258A (en) | Trade method and trade system of electronic signature device | |
CN105976179A (en) | Transaction method and transaction system of electronic signature equipment and electronic signature equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160831 |