CN105913259A - Trade method and trade system of electronic signature device, and electronic signature device - Google Patents
Trade method and trade system of electronic signature device, and electronic signature device Download PDFInfo
- Publication number
- CN105913259A CN105913259A CN201610179091.9A CN201610179091A CN105913259A CN 105913259 A CN105913259 A CN 105913259A CN 201610179091 A CN201610179091 A CN 201610179091A CN 105913259 A CN105913259 A CN 105913259A
- Authority
- CN
- China
- Prior art keywords
- electronic signature
- unit data
- signature equipment
- data bag
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
Abstract
The invention provides a trade method and trade system of an electronic signature device, and an electronic signature device. The trade method comprises the following steps: a second electronic signature device sending a trade request including a trade sum to a first electronic signature device, and receiving at least one third unit data packet sent by the first electronic signature device, performing XOR operation on data ciphertexts in each received third unit data packet to obtain a second unit data packet, wherein data in the second unit data packet comprises currency face value data and currency numbers, and the numbers are unique identification of the second unit data packet, each second unit data packet represents a current face value, and the total of the currency face values represented by the at least one second unit data packet is equal to the trade sum; and the second electronic signature device storing the at least one second unit data packet in a security chip.
Description
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to the method for commerce of a kind of electronic signature equipment, transaction system and electricity
Sub-signature device.
Background technology
In existing electronic transaction, the fund of user is deposited in the account in digital form, such as: user holds the money of 100 yuan
Gold, this fund is stored in the user account of bank server in digital form, and after 10 yuan when customer consumption, bank takes
Business device needs the fund 100 in user account to be rewritten as 90, to complete the clearance of account.In order to ensure the safety of fund numerical value,
After bank server rewrites numerical value, revised fund numerical value 90 be signed.Because user is traded rear account every time
Amount of money numerical value in family all can change, so bank server to process for the numerical value after variation every time.Namely
Saying, existing electronic transaction bank server to be relied on, the electronic transaction needs that user is carried out and bank server are carried out in real time
Synchronize, it is impossible to realize many off-line transactions of complete independently in the case of not networking.
Summary of the invention
It is contemplated that at least solve one of the problems referred to above.
Present invention is primarily targeted at the method for commerce that a kind of electronic signature equipment is provided.
Another object of the present invention is to provide a kind of electronic signature equipment.
Another object of the present invention is to provide a kind of transaction system.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
Scheme 1, the method for commerce of a kind of electronic signature equipment, send transaction request to the including: the second electronic signature equipment
One electronic signature equipment, wherein, described transaction request at least includes: dealing money;Described second electronic signature equipment receives institute
State at least one the 3rd unit data bag that the first electronic signature equipment sends, utilize the XOR factor to dock each the received respectively
Data ciphertext in three unit data bags carries out XOR, obtains at least one second unit data bag, wherein, each second
The second unit data in unit data bag at least includes: currency denomination data and currency sequence number, wherein, and described currency serial number
Unique mark of described second unit data bag;Described each second unit data bag represents a kind of currency in multiple currency denomination
Face amount, the summation of at least one currency denomination representated by the second unit data bag described is equal to described dealing money;Described second
At least one second unit data bag described is stored in safety chip by electronic signature equipment.
Scheme 2, according to the method for commerce described in scheme 1, in described second electronic signature equipment, at least one is second single by described
After bit data bag is stored in safety chip, described method also includes: described second electronic signature equipment utilizes the meter of counter
Numerical value obtains total number of the second currently stored unit data bag.
Scheme 3, according to the method for commerce described in scheme 1 or 2, described each second unit data bag at least includes: second is single
The 3rd signed data that described second unit data signature is obtained by bit data, server;Will in described second electronic signature equipment
Before at least one second unit data bag described is stored in safety chip, described method also includes: described second electronic signature
Described 3rd signed data is verified by equipment, performs described second electronic signature equipment by described at least one after being verified
The step that individual second unit data bag is stored in safety chip.
Scheme 4, according to the method for commerce described in scheme 1 or 2, described transaction request also includes: described second electronic signature
The device identification of equipment;Described each second unit data bag the most also includes: the second unit data, described first electronic signature
The 4th signed data that the device identification signature of described second unit data and described second electronic signature is obtained by equipment;Described
Before at least one second unit data bag described is stored in safety chip by the second electronic signature equipment, described method also includes:
Described 4th signed data is verified by described second electronic signature equipment, performs described second electronic signature after being verified
The step that at least one second unit data bag described is stored in safety chip by equipment.
Scheme 5, according to the method for commerce described in any one of scheme 1 to 4, described second unit data bag also includes: data
Bag mark.
Scheme 6, according to the method for commerce described in scheme 5, described transaction request also includes: package identification;Described second electricity
At least one second unit data bag described is stored in safety chip by sub-signature device, including: described second electronic signature sets
Package identification in standby the second unit data bag judging to obtain is the most identical with the package identification in the transaction request sent,
If it is not the same, the second unit data bag that package identification is differed by the most described second electronic signature equipment abandons, if phase
With, the second identical for package identification unit data bag is stored in described safety chip by the most described second electronic signature equipment.
Scheme 7, according to the method for commerce described in scheme 5, described transaction request also includes: package identification initial value;Described
At least one second unit data bag described is stored in safety chip by the second electronic signature equipment, including: described second electronics
Signature device judges whether the package identification comprised in the second unit data bag obtained meets and initiates according to described package identification
The preset range that value determines, if be unsatisfactory for, package identification is unsatisfactory for described default model by the most described second electronic signature equipment
The the second unit data bag enclosed abandons, if it is satisfied, then package identification is met described presetting by described second electronic signature equipment
Second unit data bag of scope is stored in described safety chip.
Scheme 8, according to the method for commerce described in scheme 7, in the second electronic signature equipment, transaction request is sent to the first electronics
Before signature device, described method also includes: described second electronic signature equipment utilizes the count value of counter to obtain described data
Bag mark initial value;
After at least one second unit data bag described is stored in safety chip by described second electronic signature equipment, described
Method also includes:
Described package identification initial value is added described second unit data obtained by the counter of described second electronic signature equipment
Total number of bag is calculated new package identification initial value.
9, according to the method for commerce described in any one of scheme 1 to 8,
After at least one second unit data bag described is stored in safety chip by described second electronic signature equipment, described
Method also includes:
Described second electronic signature equipment is according to the number of the described second unit data bag obtained and each second unit data bag
The summation of the currency denomination representated by the second unit data bag obtained described in representative currency denomination calculating and described transaction request
In dealing money whether consistent, if it is inconsistent, send, to described first electronic signature equipment, the request of repeating transmission.
Scheme 10, according to the method for commerce described in scheme 9, described method also includes: described second electronic signature equipment receive institute
State the first electronic signature equipment according to described retransmit request send retransmission of information, wherein, described retransmission of information include described at least
One the 3rd unit data bag;Described second electronic signature equipment will be stored in before in described safety chip described at least one
Second unit data bag is deleted, and utilizes the described XOR factor respectively in each 3rd unit data bag in described retransmission of information
Data ciphertext carry out XOR, obtain correspondence at least one second unit data bag, again store described correspondence at least
One the second unit data bag.
Scheme 11, according to the method for commerce described in scheme 9, described method also includes: described second electronic signature equipment receive institute
Stating the retransmission of information that the first electronic signature equipment sends according to the described request of retransmitting, wherein, described retransmission of information includes described second
The 3rd unit data bag that electronic signature equipment does not receives;Described second electronic signature equipment utilizes the described XOR factor the most right
The data ciphertext in each 3rd unit data bag in described retransmission of information carries out XOR, obtain correspondence at least one the
Two unit data bags, are stored at least one second unit data bag of described correspondence in described safety chip.
Scheme 12, according to the method for commerce described in any one of scheme 1 to 11, described second electronic signature equipment by described extremely
Before a few second unit data bag is stored in safety chip, described method also includes: described second electronic signature equipment
Safety chip distribution is for storing the memory space of at least one the second unit data bag described;By at least one second unit described
Packet is stored in safety chip, including: at least one second unit data bag described is stored in the described storage sky of correspondence
In between, and it is set to take by the status word of the memory space of described correspondence.
Scheme 13, according to the method for commerce described in any one of scheme 1 to 12, described second electronic signature equipment by described extremely
After a few second unit data bag is stored in safety chip, described method also includes: described second electronic signature equipment will
Its current account amount of money obtains current account balance plus described dealing money, displays to the user that described dealing money and/or current account
Family remaining sum.
Scheme 14, according to the method for commerce described in any one of scheme 1 to 13, described second unit data bag the most also include with
One of lower: bank of issue's mark and bank certificate sequence number.
Scheme 15, a kind of electronic signature equipment, described electronic signature equipment includes: communication module, for transaction request being sent
To opposite end electronic signature equipment, wherein, described transaction request at least includes: dealing money;Acquisition module, is used for receiving opposite end
At least one the 3rd unit data bag that electronic signature equipment sends;Security module, is used for utilizing the XOR factor to dock respectively and receives
Each 3rd unit data bag in data ciphertext carry out XOR, obtain at least one second unit data bag, wherein,
The second unit data in each second unit data bag at least includes: currency denomination data and currency sequence number, wherein, and described goods
Unique mark of the second unit data bag described in coin serial number;Described each second unit data bag represents in multiple currency denomination
A kind of currency denomination, the summation of at least one currency denomination representated by the second unit data bag described is equal to described dealing money;
Described security module, is additionally operable to storage at least one second unit data bag described.
Scheme 16, according to the electronic signature equipment described in scheme 15, described security module, be additionally operable to storage described at least one
After individual second unit data bag, the count value of counter is utilized to obtain total number of the second currently stored unit data bag.
Scheme 17, according to the electronic signature equipment described in scheme 15 or 16, described each second unit data bag at least includes:
The 3rd signed data that described second unit data signature is obtained by the second unit data, server;Described security module, also uses
In before storage at least one second unit data bag described, described 3rd signed data is verified, after being verified
Perform the operation of storage at least one the second unit data bag described.
Scheme 18, according to the electronic signature equipment described in scheme 15 or 16, described transaction request also includes: described second electricity
The device identification of sub-signature device;Described each second unit data bag at least includes: the second unit data, described opposite end electronics
The 4th signed data that the device identification signature of described second unit data and described electronic signature is obtained by signature device;Described peace
Full module, is additionally operable to, before storage at least one second unit data bag described, verify described 4th signed data,
The operation of storage at least one the second unit data bag described is performed after being verified.
Scheme 19, according to the electronic signature equipment described in any one of scheme 15 to 18, described second unit data bag also includes:
Package identification.
Scheme 20, according to the electronic signature equipment described in scheme 19, described transaction request also includes: package identification;Described
Security module, is used for storing at least one second unit data bag described, including: described security module, obtain for judgement
Package identification in second unit data bag is the most identical with the package identification in the transaction request sent, if it is not the same,
The the second unit data bag then differed by package identification abandons, if identical, then stores the second list that package identification is identical
Bit data bag.
Scheme 21, according to the electronic signature equipment described in scheme 19, described transaction request also includes: package identification initial value;
Described security module, is used for storing at least one second unit data bag described, including: described security module, it is used for judging
To the second unit data bag in the package identification that comprises whether meet the default model determined according to described package identification initial value
Enclosing, if be unsatisfactory for, then the second unit data bag that package identification is unsatisfactory for described preset range abandons, if it is satisfied,
Then storage package identification meets the second unit data bag of described preset range.
Scheme 22, according to the electronic signature equipment described in scheme 21, described security module, be additionally operable to described communication module will
Transaction request sent before the electronic signature equipment of opposite end, utilized the count value of counter to obtain described package identification initial value;
Described security module, is additionally operable to, after storage at least one second unit data bag described, described rolling counters forward be obtained
Packet initial value is calculated new package identification initial value plus total number of the described second unit data bag obtained.
Scheme 23, according to the electronic signature equipment described in any one of scheme 15 to 22, described security module, be additionally operable to storage
After at least one second unit data bag described, number and each second according to the described second unit data bag obtained are single
The summation of the currency denomination representated by the second unit data bag obtained described in the currency denomination calculating representated by bit data bag is with described
Dealing money in transaction request is the most consistent, if it is inconsistent, to described opposite end, electronic signature sets by described communication module
Preparation send repeating transmission request.
Scheme 24, according to the electronic signature equipment described in scheme 23, described acquisition module, be used for receiving described opposite end electronics label
The retransmission of information that name equipment sends according to the described request of retransmitting, wherein, described retransmission of information includes at least one the 3rd unit described
Packet;Described security module, at least one second unit data bag is deleted described in will store before, and utilizes described
The XOR factor carries out XOR to the data ciphertext at least one the 3rd unit data bag in described retransmission of information respectively,
To at least one corresponding second unit data bag, again store at least one second unit data bag of described correspondence.
Scheme 25, according to the electronic signature equipment described in scheme 23, described acquisition module, be used for receiving described opposite end electronics label
The retransmission of information that name equipment sends according to the described request of retransmitting, wherein, described retransmission of information includes that described acquisition module does not receives
The 3rd unit data bag;Described security module, for utilizing the described XOR factor respectively at least in described retransmission of information
Data ciphertext in individual 3rd unit data bag carries out XOR, obtains at least one second unit data bag of correspondence, storage
At least one second unit data bag of described correspondence.
Scheme 26, according to the electronic signature equipment described in any one of scheme 15 to 25, described security module, be additionally operable to storage
Before at least one second unit data bag described, distribution is for storing the memory space of at least one the second unit data bag described;
Described security module, is used for storing at least one second unit data bag described, including: described security module, for by described
At least one second unit data bag is stored in the described memory space of correspondence, and the status word of the memory space by described correspondence
It is set to take.
Scheme 27, according to the electronic signature equipment described in any one of scheme 15 to 26, described electronic signature equipment also includes alternately
Module;Described security module, is additionally operable to, after storage at least one second unit data bag described, be added by the current account amount of money
Upper described dealing money obtains current account balance;Described interactive module, is used for displaying to the user that described dealing money and/or current
Account balance.
Scheme 28, according to the electronic signature equipment described in any one of scheme 16 to 27, described second unit data bag the most also wraps
Include one below: the bank of issue identifies and bank certificate sequence number.
Scheme 29, a kind of transaction system, including the first electronic signature equipment and the second electronic signature equipment, wherein: described the
One electronic signature equipment, for receiving the transaction request that described second electronic signature equipment sends, and to described second electronic signature
Equipment sends at least one the 3rd unit data bag described;Described second electronic signature equipment uses such as any one of scheme 15 to 28
Described electronic signature equipment.
As seen from the above technical solution provided by the invention, the invention provides a kind of electronic signature equipment method of commerce,
Transaction system and electronic signature equipment.Use the technical scheme that the present invention provides, the fund of paying party user with at least one the
The form of two unit data bags is stored in the electronic signature equipment of paying party user.Beneficiary user is collecting the second unit data
Bao Shi, because fund is no longer to be stored in electronic signature equipment with the form of numerical value, so electronic signature equipment need not pass through
The numerical value of server change storage, it is only necessary to acquire a number of second units from the electronic signature equipment of paying party user
According to wrapping, thus, electronic signature equipment is when carrying out electronic transaction with other electronic signature equipment, it is no longer necessary to rely on service
Device carries out networking and pays, and server need not supervise the electronic signature equipment of beneficiary user or paying party user again, from
And realize off line electronic transaction veritably.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing used in embodiment being described below
It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The flow chart of the method for commerce of the electronic signature equipment that Fig. 1 provides for the embodiment of the present invention 1;
The transaction system structural representation that Fig. 2 provides for the embodiment of the present invention 2.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,
Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention
Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into
Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",
Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base
In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute
The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention
Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ",
" connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible
It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two
The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition
In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
The flow chart of the method for commerce of a kind of electronic signature equipment that Fig. 1 provides for the present embodiment.Embodiment of the method shown in Fig. 1,
Comprise the following steps:
Step S11, transaction request is sent to the first electronic signature equipment by the second electronic signature equipment, and wherein, transaction request is extremely
Include less: dealing money.
In the present embodiment, the first electronic signature equipment and the second electronic signature equipment can carry out off-line transaction (i.e. without with clothes
Business device has been networked transaction), both of which can be the electronic equipment with signature function, such as, has the smart card of signature function
U-shield of (mass transit card, bank card, purchase card etc.), industrial and commercial bank etc..In a kind of optional embodiment of the present embodiment,
First electronic signature equipment and the second electronic signature equipment all can be provided with wireline interface or wave point, and the first electronic signature equipment can
With by wired or wireless connected mode with second electronic signature equipment set up communication connection, wherein, radio connection include but
It is not limited to: bluetooth, NFC or WIFI.Certainly, the second electronic signature equipment can also be by wired or wireless connection
Mode is set up with external equipment and is connected, and sends transaction request, the first electronic signature by external equipment to the first electronic signature equipment
Equipment can also be connected with external equipment foundation by wired or wireless connected mode, receives the second electronic signature by external equipment
The transaction request that equipment sends, wherein, external equipment includes but not limited to: mobile phone, PC or panel computer etc. can carry out communication
Electronic equipment.Thus, the transaction request of the other side can be directly received between two electronic signature equipment, and then perform follow-up
Transaction flow, it is not necessary to obtain the transaction request of the other side with background server networking again, perform follow-up transaction flow, it is possible to realize
Off-line transaction truly.
Such as, user is at market shopping, and when needs pay, the second electronic signature equipment of market cashier can be to the of user
One electronic signature equipment sends and carries the transaction request of dealing money, and this dealing money is that user does shopping the amount of money needing to pay,
So that the first electronic signature equipment sends threeth unit data corresponding with dealing money to the second electronic signature equipment in subsequent step
Bag (summation of the currency denomination of the 3rd unit data bag that the i.e. first electronic signature equipment sends is equal to dealing money), two electronics
Signature device can be completely independent, without networking equipment, such as just can realize above-mentioned transaction between two cards, reality
Existing off-line transaction, concludes the business simple and efficient.
In order to improve the security of data transmission between two electronic signature equipment further, before step S11, in this enforcement
In a kind of optional embodiment of example, the second electronic signature equipment can set up escape way, and profit with the first electronic signature equipment
Carry out data transmission with escape way.Such as, the second electronic signature equipment can utilize the PKI of the first electronic signature equipment to friendship
Easily request is encrypted and obtains transaction request ciphertext M1, and the first electronic signature equipment receives the transaction that the second electronic signature equipment sends
Request ciphertext M1, and utilize own private key that transaction request ciphertext M1 is decrypted to obtain transaction request in plain text;The most such as,
Two electronic signature equipment can also utilize the arranging key consulting to obtain with the first electronic signature equipment to be encrypted transaction request
To ciphertext M2, the first electronic signature equipment receives transaction request ciphertext M2 that the second electronic signature equipment sends, and utilizes correspondence
Arranging key transaction request ciphertext M2 be decrypted obtain transaction request in plain text.Certainly, the second electronic signature equipment and
One electronic signature equipment can set up the escape way for transmitting data in the way of using other, thus can improve the second electricity
The security of data transmission between sub-signature device and the first electronic signature equipment.
Step S12, the second electronic signature equipment receives at least one the 3rd unit data bag that the first electronic signature equipment sends,
The data ciphertext utilizing the XOR factor to dock respectively in each 3rd unit data bag received carries out XOR, obtains at least one
Individual second unit data bag;
Wherein, the second unit data in each second unit data bag at least includes: currency denomination data and currency sequence number, its
In, unique mark of currency serial number the second unit data bag;Each second unit data bag represents in multiple currency denomination
Planting currency denomination, the summation of at least one currency denomination representated by the second unit data bag above-mentioned is equal to dealing money.
In the present embodiment, the XOR factor can be one group of word that the second electronic signature equipment and the first electronic signature equipment consult to obtain
Symbol or the sequence of numeral, be used for carrying out XOR;Specifically, the second electronic signature equipment utilizes the XOR factor at least to each
Data ciphertext in 3rd unit data bag carries out XOR, and wherein, the data ciphertext in the 3rd unit data bag is first
Electronic signature equipment at least carries out what XOR obtained to the second unit data in the second unit data bag.XOR also belongs to
In a kind of symmetrical deciphering computing mode, but compare the mode of other symmetrical deciphering computings, the speed of XOR, thus,
The second electronic signature equipment can be improved the 3rd unit data bag is decrypted the efficiency generating the second unit data bag.
In the present embodiment, at least one the 3rd unit data bag be by the first electronic signature equipment utilize XOR factor pair at least one
Part or all of data in second unit data bag carry out what XOR obtained, in the first electronic signature equipment at least one
After second unit data bag carries out XOR, the first electronic signature equipment is coated with lid safety chip with each 3rd unit data
Each second unit data bag of middle storage, and delete this XOR factor.In the present embodiment, by each 3rd unit data cladding
In lid safety chip, each second unit data bag of storage refers to, each 3rd units that the first electronic signature equipment will generate
According to the memory space of the former second unit data bag of bag write correspondence, replace the second original unit data bag.Such as, by number
The the second unit data packet encryption being designated 1*** according to bag generates the 3rd unit data bag, and writes memory space corresponding to this 1***
In.The XOR factor is utilized to carry out in the mode of encryption and decryption at this, if the first electronic signature equipment also has this XOR factor,
Just the 3rd unit data bag can be carried out XOR again thus decryption restoration goes out the second unit data bag, therefore, this enforcement
In example, in the first electronic signature equipment, at least one second unit data bag above-mentioned is sent after the second electronic signature equipment,
The necessary Force Deletion XOR factor, thus, the first electronic signature equipment is after carrying out the second unit data bag and paying, for
Being sent to the second unit data bag of the second electronic signature equipment, the safety chip of the first electronic signature equipment only stores by the second electricity
Sub-signature device utilizes the 3rd corresponding unit data bag that the XOR factor obtains after carrying out XOR, and due to the first electronics label
The XOR factor carrying out XOR use is deleted by name equipment, so, the first electronic signature equipment cannot be single to the 3rd again
Bit data bag is decrypted, it is impossible to recover the second unit data bag, also cannot repeat these the second unit data bags of use,
Ensure that the uniqueness of same second unit data bag, and, this XOR factor only has the first electronic signature equipment and the second electricity
Sub-signature device is known, therefore, the 3rd unit data bag only can be carried out by XOR again by the second electronic signature equipment
Deciphering, thus only beneficiary (the i.e. second electronic signature equipment) can have and can use unencrypted the second unit data
Bag, even if other electronic signature equipment illegally get the 3rd unit data bag, also cannot lead to because of not this XOR factor
Cross deciphering and get the second unit data bag, thus ensure that the security that the second unit data packet stream is logical.
For example, the second electronic signature equipment receives 5 the 3rd unit datas representing 2 yuan from the first electronic signature equipment
Bag, utilizes the data ciphertext in each the 3rd unit data bag representing 2 yuan of XOR factor pair to carry out XOR and obtains 5 generations
Second unit data bag of 2 yuan of table.At least one the 3rd unit data bag that second electronic signature equipment receives includes data
Ciphertext, wherein, the part or all of data in each second unit data bag are carried out by data ciphertext by the first electronic signature equipment
Cryptographic operation obtains.Specifically, the second unit data bag may include that the second unit data, package identification and second
The device identification etc. of electronic signature equipment, the first electronic signature equipment utilizes the portion in each second unit data bag of XOR factor pair
Divided data carries out XOR and refers to: the first electronic signature equipment utilizes the XOR factor at least to second in the second unit data bag
Unit data carries out XOR, and such as, the first electronic signature equipment can utilize in XOR factor pair the second unit data bag
Second unit data and package identification carry out XOR.
Certainly, the present embodiment is not precluded from other embodiments to prevent electronic signature equipment from illegally re-using same second list
Bit data bag, causes the confusion that the second unit data packet stream is logical, it is ensured that same second unit data wraps in payment process only
One property.Such as, step S12 can be replaced in the following manner: the second electronic signature equipment utilizes the second electronic signature equipment
Data ciphertext in each 3rd unit data bag is decrypted by private key, obtains at least one second unit data bag.Real at this
Executing in mode, the 3rd unit data bag is to be utilized the PKI of the second electronic signature equipment to the second unit by the first electronic signature equipment
Part or all of data in packet are encrypted and obtain.Second electronic signature equipment can be sent to the first electronic signature
The transaction request of equipment also includes the PKI of the second electronic signature equipment, or the first electronic signature equipment can be recognized to third party
Card platform obtains the digital certificate of the second electronic signature equipment, preserves the PKI of the second electronic signature equipment in this digital certificate.
Thus, the first electronic signature equipment can get the PKI of the second electronic signature equipment.Is utilized in the first electronic signature equipment
After at least one second unit data bag above-mentioned is encrypted by the PKI of two electronic signature equipment, the first electronic signature equipment is used
Each second unit data bag of storage in each 3rd unit data cladding lid safety chip.In the present embodiment, with each 3rd
In unit data cladding lid safety chip, each second unit data bag of storage refers to, the first electronic signature equipment is every by generate
The memory space of the former second unit data bag that individual 3rd unit data bag write is corresponding, replaces the second original unit data bag.
Such as, the second unit data packet encryption that package identification is 1*** is generated the 3rd unit data bag, and it is corresponding to write this 1***
Memory space in.Thus, the first electronic signature equipment is after carrying out the second unit data bag and paying, for having been issued to the
Second unit data bag of two electronic signature equipment, the safety chip of the first electronic signature equipment only stores and is set by the second electronic signature
The 3rd corresponding unit data bag that standby PKI obtains after being encrypted, and the first electronic signature equipment can not have the second electronics label
The private key of name equipment, therefore the 3rd unit data bag cannot be decrypted by the first electronic signature equipment, it is impossible to recovers second
Unit data bag, also cannot repeat these the second unit data bags of use, it is ensured that same second unit data bag is only
One property, and the 3rd unit data bag is the public key encryption utilizing the second electronic signature equipment, so the 3rd unit data
Bag only can be decrypted by the second electronic signature equipment (private key that the only second electronic signature equipment has oneself), thus only have and receive
Money side's (the i.e. second electronic signature equipment) can have and can use unencrypted the second unit data bag, other electronic signatures
Even if equipment illegally gets the 3rd unit data bag, also cannot decipher not because there is no the private key of the second electronic signature equipment
The the second unit data bag got can be used, thus ensure that the security that the second unit data packet stream is logical.
Additionally, in the present embodiment, the 3rd unit data bag is ciphertext, it is ensured that the security of transmission data, even and if by other
Equipment is intercepted and captured, it is also difficult to crack, and further increases the security that the second unit data packet stream is logical.Additionally, at the first electronics label
After name equipment receives transaction request, in order to ensure the safety of transaction, in addition it is also necessary to obtain the first electronic signature equipment holds user's
Confirm, follow-up transactional operation could be performed.
In the present embodiment, each second unit data bag represents a kind of currency denomination in multiple currency denomination, say, that goods
Coin face amount has multiple, when the second electronic signature equipment only receives a second unit data bag from the first electronic signature equipment,
This second unit data bag only represents a kind of currency denomination therein.When the second electronic signature equipment connects from the first electronic signature equipment
When receiving multiple second unit data bag, multiple second unit data bags can represent multiple different currency denomination, such as, second
The number of unit data bag is 3, each second unit data bag respectively representative money face amount 1 yuan, 2 yuan and 5 yuan;Or
Person, multiple second unit data bags can represent identical currency denomination, and such as, the number of the second unit data bag is 3,
Each second unit data bag equal representative money face amount 1 yuan;Again or, the currency denomination representated by multiple second unit data bags
In both included the identical currency denomination also including differing, such as, the number of the second unit data bag is 3, each second
Unit data bag respectively representative money face amount 1 yuan, 1 yuan and 2 yuan.Thus, the second electronic signature equipment is from the first electronics label
At least one currency denomination representated by the second unit data bag that name equipment receives has combination flexibly.
In a kind of optional embodiment of the present embodiment, at least including the second unit data in the second unit data bag, this is second years old
Unit data at least includes: currency denomination data, or, currency sequence number and currency denomination data.Wherein, currency denomination data
It is the currency denomination representated by the second unit data bag, identifies the currency denomination representated by the second unit data bag, currency with this
Unique mark of serial number the second unit data bag, the most different currency sequence numbers in the second unit data bag is different.Thus,
Ensure that the uniqueness of each second unit data bag, in order to recognize the true and false of the second unit data bag.Optional as one
Embodiment, the second unit data bag the most also includes one below: bank of issue's mark and bank certificate sequence number.Wherein,
The bank of issue is designated the identification information of the bank issuing this second unit data bag, and thus, the second electronic signature equipment can root
The relevant information of the bank of issue of correspondence is inquired according to this mark, and, the second electronic signature equipment can be marked according to the bank of issue
Know the bank certificate obtaining the corresponding bank of issue with bank certificate sequence number, bank certificate includes the PKI of the bank of issue, with
Being easy to follow-up second electronic signature equipment utilizes the PKI of the bank of issue that the signature of the second unit data completes checking.
In a kind of optional embodiment of the present embodiment, each second unit data bag at least includes: the second unit data, clothes
The 3rd signed data that described second unit data signature is obtained by business device.As the optional embodiment of one, server by utilizing
The second unit data in each second unit data bag is signed by the private key of self respectively, obtains and each second units
According to the 3rd signed data that bag is corresponding.At least one is carried the second unit data bag of the 3rd signed data and sends extremely by server
First electronic signature equipment.Second electronic signature equipment is when carrying out gathering operation from the first electronic signature equipment, from the first electronics
Signature device obtains at least one second unit data bag carrying the 3rd signed data, in order to the second electronics in subsequent step
Signature device can utilize the authenticity of public key verifications the second unit data bag of server.
In the another kind of optional embodiment of the present embodiment, the second electronic signature equipment sends the friendship to the first electronic signature equipment
Easily request also includes: the device identification of the second electronic signature equipment;Each second unit data bag at least includes: the second unit
The 4th label that the device identification signature of the second unit data and the second electronic signature equipment is obtained by data, the first electronic signature equipment
Name data.As the optional embodiment of one, the first electronic signature equipment utilizes the private key of self to the second unit data and
The device identification of two electronic signature equipment is signed, and obtains fourth signed data corresponding with each second unit data bag.The
Two electronic signature equipment, when carrying out gathering operation from the first electronic signature equipment, obtain at least one from the first electronic signature equipment
Carry the second unit data bag of the 4th signed data, in order in subsequent step, the second electronic signature equipment utilizes the first electronics
The correctness of public key verifications the second unit data bag of signature device.
In the present embodiment, the first electronic signature equipment, can be from certainly after receiving the transaction request that the second electronic signature equipment sends
The account balance of body is deducted the dealing money of the second electronic signature equipment request, and is that the second electronic signature equipment issues currency face
The summation of value, equal at least one the 3rd unit data bag of dealing money, receives these the 3rd lists in the second electronic signature equipment
Bit data bag, carries out XOR and obtains at least one second unit data bag of correspondence the 3rd unit data bag received,
After transferring accounts successfully, just completing off-line transaction, the second electronic signature equipment need not just to receive the with server networking again
One electronic signature equipment is transferred accounts and (is i.e. received at least one the 3rd unit data bag that the first electronic signature equipment sends, and enter it
Row XOR obtains the second unit data bag).Currency denomination representated by each second unit data bag can identical can not also
With, the first electronic signature equipment is sent to the second unit data bag (shape with the 3rd unit data bag of the second electronic signature equipment
Formula send) number and each currency denomination representated by the second unit data bag can be by the first electronic signature equipment according to friendship
Easily the amount of money determines, it is also possible to inform the first electronic signature equipment by the second electronic signature equipment after being determined according to dealing money, such as,
As the optional embodiment of the one in the present embodiment, the transaction request that the second electronic signature equipment sends can also be carried required
The kind of the second unit data bag and number.The former can realize under the second unit data bag flexibly the first electronic signature equipment
Sending out, the latter can meet the user of the second electronic signature equipment to the number of the second unit data bag and the demand of face amount.At this
In a kind of optional embodiment of embodiment, each second unit data bag represents a kind of currency denomination in multiple currency denomination,
Such as, the currency denomination representated by the second unit data bag includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100
Unit, certainly, if following country has issued new currency denomination or other in addition to making by RMB are regional, national
Currency denomination fall within protection scope of the present invention, the present embodiment is only illustrated with RMB face amount.Such as,
Two electronic signature equipment send transaction request to the first electronic signature equipment, and wherein, the dealing money that transaction request includes is 10 yuan,
Second electronic signature equipment receives 5 the second unit data bags that the first electronic signature equipment sends, 5 the second unit data bags
Representative currency denomination is respectively 1 yuan, 1 yuan, 1 yuan, 2 yuan and 5 yuan, the currency representated by 5 the second unit data bags
The summation of face amount is 10 yuan, equal with dealing money.Certainly, when the dealing money that transaction request includes is 10 yuan, second
Electronic signature equipment can also receive 10 the second unit data bags representing 1 yuan of currency denomination that the first electronic signature equipment sends,
Or, 2 the second unit data bags representing 5 yuan of currency denominations, or, 1 the second unit representing 10 yuan of currency denominations
Packet.It is to say, the currency denomination representated by the second electron unit monetary data bag can be with flexible combination with number, it is only necessary to
Make the summation of at least one currency denomination representated by the second unit data bag of the first electronic signature equipment transmission equal to dealing money
, the most only as a example by dealing money is 10 yuan, identical for other amount of money Numerical Principles, the most no longer illustrate.By
This, determine the number of the second unit data bag, and each second unit data in the first electronic signature equipment according to dealing money
In the case of the amount of money representated by bag, the first electronic signature equipment can realize issuing of the second unit data bag, Ke Yiyou flexibly
Various combinations;The number of the second unit data bag, and each second list is determined according to dealing money in the second electronic signature equipment
In the case of currency denomination representated by bit data bag, can be by representated by the second unit data bag of the number of request and correspondence
Currency denomination send to the first electronic signature equipment, thus can meet the user of the second electronic signature equipment to the second units
Number and the demand of currency denomination according to bag.
Second electronic signature equipment is determined to the number of the second unit data bag, and each second units according to dealing money
According to the situation of the currency denomination representated by bag, the safety chip of the first electronic signature equipment does not probably store the second electronics
The second unit data bag corresponding to currency denomination of signature device request or the number of the number deficiency request of storage, as this reality
Executing the optional embodiment of the one in example, the first electronic signature equipment can send information to the second electronic signature equipment, should
Information may include that the information that the second unit data bag does not exists or number is not enough of corresponding currency denomination, the second electronics
Signature device can change the combination plan of the currency denomination representated by the second electron unit monetary data bag and number according to dealing money
Slightly, or, the first electronic signature equipment change the currency face representated by the second electron unit monetary data bag according to dealing money
Value and the combined strategy of number.Such as, the first electronic signature equipment receives the second electronic signature equipment and transfers accounts the transaction request of 10 yuan,
And ask to send 5 the second unit data bags (calling 2 metadata bags in the following text) representing 2 yuan, but the first electronic signature equipment only has 4
Individual 2 metadata bags, then send only 42 metadata bags, not enough the proposing of 2 metadata bag numbers to the second electronic signature equipment
Showing information, now, the second electronic signature equipment can change combined strategy, such as, returns request to the first electronic signature equipment
Send 42 metadata bags, the response of 21 metadata bags, or, the first electronic signature equipment is to the second electronic signature
After equipment sends information, receive the confirmation response of the second electronic signature equipment, then the first electronic signature equipment can be the most true
Fixed a kind of combined strategy, such as, sends 42 metadata bags, 21 metadata bags to the second electronic signature equipment, by
This, the number of the second unit data bag solving in the safety chip of the first electronic signature equipment storage is not enough or non-existent problem.
Additionally, in the specific implementation, there is also the second unit data bag institute of storage in the safety chip of the first electronic signature equipment
The currency denomination represented cannot piece together out the problem of above-mentioned at least one the second unit data bag equal with dealing money, for understanding
Certainly this problem, in a kind of optional embodiment of the present embodiment, after step s 11, before step S12, the present embodiment
The method provided also includes: the second electronic signature equipment receives the small change information for the treatment of that the first electronic signature equipment sends, and wherein, treats
Small change information by the first electronic signature equipment according in dealing money and inherently safe chip storage the second unit data Bao Suodai
The currency denomination of table determines, such as, treats that small change information can include the goods giving change for change needing the second electronic signature equipment to return
Coin face amount.If the second electronic signature equipment storage has represents this second unit data bag giving change currency denomination for change, or,
Storage has the second unit data bag that the summation of currency denomination gives change for change equal to this, then the second electronic signature equipment can be to first
Electronic signature equipment returns and confirms response, i.e. informs that the first electronic signature equipment oneself has the second unit data bag of small change,
First electronic signature equipment after receiving the small change information (i.e. return confirm corresponding) that the second electronic signature equipment sends, the
One electronic signature equipment obtains at least one second unit data bag from safety chip, and utilizes the XOR factor at least to this at least
The second unit data in one the second unit data bag carries out XOR, obtains at least one the 3rd unit data bag of correspondence,
By this, at least one the 3rd unit data bag sends to the second electronic signature equipment, wherein, and at least one second unit data above-mentioned
The summation of the currency denomination representated by bag should be equal to dealing money plus the currency denomination giving change for change.
Such as, dealing money is 7 yuan, and in the safety chip of the first electronic signature equipment, storage has 5 to represent 2 yuan of currency respectively
The second unit data bag (calling 2 metadata bags in the following text) of face amount, then the first electronic signature equipment cannot utilize these 52 metadata bags
Piecing together out 7 yuan of currency denominations, the first electronic signature equipment is pieced together out only with 52 metadata bags of storage in safety chip
With dealing money 7 yuan closest to and more than the currency denomination of dealing money, the i.e. first electronic signature equipment can utilize 42 yuan
Packet pieces together out 8 yuan of currency denominations, in addition it is also necessary to the second electronic signature equipment gives 1 yuan of change for change, i.e. sets in the first electronic signature
After 42 metadata bags are sent to the second electronic signature equipment, the second electronic signature equipment needs to set to the first electronic signature
11 metadata bag (representing the second unit data bag of 1 yuan of currency denomination) of standby return.First electronic signature equipment is to the second electricity
Sub-signature device sends and carries the small change information for the treatment of that change is 1 yuan of giving for change, wherein, treats that small change information is for inquiring the second electronics
Whether signature device can give representative the second unit data bag that currency denomination summation is 1 yuan for change.If the second electronic signature
In the safety chip of equipment, storage has representative the second unit data bag that currency denomination summation is 1 yuan, then to the first electronics label
Name equipment sends small change information, i.e. represents 1 yuan with the return of purpose the first electronic signature equipment or currency denomination summation is 1 yuan
Second unit data bag.First electronic signature equipment, after receiving small change information, obtains 4 from safety chip and represents 2
Second unit data bag of unit's currency denomination, utilizes 4 the second unit data bags of XOR factor pair to carry out XOR and obtains 4
Represent the 3rd unit data bag of 2 yuan of currency denominations, these 4 the 3rd unit data bags sent to the second electronic signature equipment,
Second electronic signature equipment can return again to 11 metadata bag of the first electronic signature equipment.Thus, the generation when piecing together out
During the currency denomination summation of the table second unit data bag equal with dealing money, electronic transaction can be completed by small change mechanism,
Make electronic transaction convenient.
In a kind of optional embodiment of the present embodiment, the transaction request that the second electronic signature equipment sends at least includes: second
The device identification of electronic signature equipment.Before step S12, the first electronic signature equipment to hold user point out dealing money and
The device identification of the second electronic signature equipment, and receive the confirmation holding user.In a kind of optional enforcement of the present embodiment
In mode, the device identification of the second electronic signature equipment can be the sequence number that dispatches from the factory of the second electronic signature equipment, it is also possible to be
The device name of two electronic signature equipment, it is also possible to be the second electronic signature equipment name of holding user.By this device identification,
The user that holds of the first electronic signature equipment can confirm that whether this second electronic signature equipment is the trading object that user agrees to, only
After having user all to approve dealing money and trading object, user just can select to confirm this transaction, from there through user to transaction
Confirmation ensure the safety of this transaction.
As the optional embodiment of one, the first electronic signature equipment is provided with display screen or loudspeaker, is arranged by self
Display screen shows or reports dealing money and the device identification of the second electronic signature equipment by the speaker sound self arranged;
Or, the first electronic signature equipment is set up with external equipment and is connected, and display screen or loudspeaker by external equipment are to holding user
Prompting dealing money and the device identification of the second electronic signature equipment.Thus, it is possible to facilitate user to confirm Payment Amount and gathering
Side is the most correct.As the optional embodiment of one, the first electronic signature equipment can be provided with confirmation button, Yong Hutong
Cross this confirmation button to confirm.Certainly, the first electronic signature equipment can also arrange confirmation input module, this confirmation
Information entry component specifically may include that PIN code input keyboard or fingerprint input module.Thus, user can be by input PIN
Code or the mode input validation information of fingerprint, while the relevant information of electronic transaction is confirmed, the first electronic signature
The identity holding user can also be verified by equipment, improves the security of electronic transaction further.
Step S13, at least one second unit data bag above-mentioned is stored in safety chip by the second electronic signature equipment.
In a kind of optional embodiment of the present embodiment, the second electronic signature equipment is provided with safety chip, this safety chip
Inside has independent processor and memory cell, can store PKI digital certificate and key, and other characteristics, logarithm
According to carrying out encryption and decryption computing, provide the user data encryption and identification safety authentication service, in the present embodiment, the second electronic signature
Equipment can by from the first electronic signature equipment or from other background servers (as bank server or market shopping supplement server with money
Deng third-party server) the second unit data bag of receiving is stored in safety chip, due in the memory cell of safety chip
Data can not illegally be read, thus can ensure that the security storing data in memory cell.
In a kind of optional mode of the present embodiment, in step s 13, the second electronic signature equipment is only by each second units
According to bag storage once, and after step s 13, the 3rd unit data bag received also is deleted by the second electronic signature equipment,
Thus, it is possible to prevent electronic signature equipment from having multiple the second identical unit data bag, or to same 3rd unit data bag
Carry out repeatedly XOR and obtain multiple the second identical unit data bags, it is to avoid the confusion that the second unit data packet stream is logical, it is ensured that
Same second unit data wraps in the uniqueness in payment process.
Before step S13, the method that the present embodiment provides also includes: the safety chip distribution of the second electronic signature equipment is used for
Store the memory space of at least one the second unit data bag.In the present embodiment, in step S13 by above-mentioned at least one second
Unit data bag is stored in safety chip, specifically includes: at least one second unit data bag above-mentioned is stored in depositing of correspondence
In storage space, and it is set to take by the status word of corresponding memory space.Wherein, safety chip is each second unit data
Bag one memory space of distribution, a memory space can only store a second unit data bag, and the second electronic signature equipment
Transaction record also can record depositing of each the second unit data bag storage of receiving from other electronic signature equipment in a transaction
The position in storage space.It is the most occupied that the status word of memory space is used for identifying this memory space, if the most occupied,
Then the second electronic signature equipment can not store the second unit data bag at this occupied memory space.Institute when safety chip distribution
When having memory space the most occupied, the second electronic signature equipment needs to make requests on background server more new data packets or application
The operation of new memory space, wherein, as the optional embodiment of one, the second electronic signature equipment can apply for new depositing
The second unit data bag that storage space is newly received with storage.As the optional embodiment of another kind, the second electronic signature equipment
Can also update the second locally stored unit data bag to background server request, such as, the second electronic signature equipment can be asked
The the second unit data bag asking background server that locally stored N number of (N is the positive integer more than 1) represents little face amount is replaced
It is that the second unit data bag that 1 or M individual (M < N) represents big currency denomination stores, as long as the amount of currency of storage is not
Become, the most just can discharge multiple memory space, thus save the second units that memory space is newly received with storage
According to bag.Additionally, for the security improving data storage further, in this step, the second electronic signature equipment can also be by
Each second unit data bag is encrypted the ciphertext data obtaining each second unit data bag, and each ciphertext data is stored
In corresponding memory space.Thus, it is possible to ensure that the second unit data bag being stored in the memory space of safety chip can not
By fraudulent copying or change, the security guaranteeing to store the second unit data bag with this.
In the present embodiment, in order to ensure the authenticity of the second unit data bag of the second electronic signature equipment storage in step S13,
Before performing step S13, as the optional embodiment of the one in the present embodiment, this method of commerce also includes: the second electronics
3rd signed data is verified by signature device, performs step S13 after being verified.Wherein, the 3rd signed data is clothes
Second unit data is signed and is obtained by business device, and each second unit data bag at least includes: the second unit data and clothes
The 3rd signed data that second unit data signature is obtained by business device, so that the second electronic signature equipment can verify that second is single
The authenticity of bit data bag.As the optional embodiment of one, the 3rd signed data is that the private key of server by utilizing self is to
Two unit datas carry out the signed data obtained of signing.Accordingly, the 3rd signed data is verified by the second electronic signature equipment
Specifically include: the second electronic signature equipment utilizes the PKI of this server that the 3rd signed data is carried out sign test.With server as silver
As a example by row server, bank server carries out HASH computing and obtains the summary message A1 of the second unit data the second unit data,
And utilize the computing that carries out this summary message A1 signing of the private key of bank server self to obtain the 3rd signed data, and carry the
Two unit data bags are issued to the first electronic signature equipment, when the second electronic signature equipment carries out gathering operation, the second electronics
Signature device receives at least one the second unit data bag carrying the 3rd signed data, the second electricity from the first electronic signature equipment
Sub-signature device can utilize the PKI of this bank server that the 3rd signed data is carried out sign test, specifically, and the second electronic signature
The PKI of equipment utilization bank server carries out computing and obtains operation result A2 the 3rd electronic signature data, and to received
The second unit data in two unit data bags carries out HASH computing and obtains the summary message A3 of the second unit data, computing is tied
Really A2 compares with summary message A3, if comparison result is consistent, then the second electronic signature equipment is to the 3rd electronic signature number
Pass through according to sign test.Wherein, the second electronic signature equipment can be according to the bank certificate sequence number in the second unit data bag and/or distribution
Bank identifier obtains the PKI of bank, and specifically, bank server utilizes the private key of self to carry out signature and refers to bank server root
Obtain corresponding private key according to bank of issue's mark with bank certificate sequence number, utilize this private key to sign.Such as, the second electronics label
Name equipment can identify according to the bank of issue in the second unit data bag, from the distribution corresponding with the 3rd signed data to be verified
Bank server obtains the bank certificate of this bank, and obtains the PKI of this bank from bank certificate;The most such as, the second electronics
Signature device can prestore the bank certificate of each bank, each from prestore according to the bank certificate sequence number in the second unit data bag
Individual bank certificate obtains the bank certificate corresponding with the 3rd signed data to be verified, and from corresponding bank certificate, obtains silver
The PKI of row.Thus, the second electronic signature equipment utilizes the PKI of bank the 3rd number of signature to carrying in the second unit data bag
According to carrying out sign test, the authenticity of the second unit data bag can be verified.Foregoing description only enters as a example by server is as bank server
Row explanation, but the present embodiment is not limited to bank server, other third-party server such as supermarket shopping card stored value server etc.
Within detailed description of the invention belongs to protection scope of the present invention.
Further, the second electronic signature equipment, on the premise of the second unit data bag guaranteeing to receive is true, still wants to the most true
Recognize the second unit data bag of receiving whether to be sent by real first electronic signature equipment and the first electronic signature equipment is sent out
The object sent is the second electronic signature equipment itself the most really, to avoid storing the packet that the first electronic signature equipment is sent out by mistake,
Before performing step S13, this method of commerce also includes: the 4th signed data is verified by the second electronic signature equipment,
Step S13 is performed after being verified.Wherein, the 4th signed data is that the first electronic signature equipment is to the second unit data and second
The device identification signature of electronic signature equipment obtains, therefore, in a kind of optional embodiment of the present embodiment, and the second electronics
Signature device is sent in the transaction request of the first electronic signature equipment also include: the device identification of the second electronic signature equipment;Often
Individual second unit data bag at least includes: the second unit data, the first electronic signature equipment are to the second unit data and the second electronics
The 4th signed data that the device identification signature of signature device obtains, so that the second electronic signature equipment can verify that second is single
The authenticity of bit data bag and correctness.As the optional embodiment of one, the 4th signed data is the first electronic signature equipment
The device identification of the second unit data and the second electronic signature equipment is signed the signed data obtained by the private key utilizing self,
It is to say, the equipment mark that signature object is each second unit data and the second electronic signature equipment of each 4th signed data
The combination known.Accordingly, the second electronic signature equipment carries out checking to the 4th signed data and specifically includes: the second electronic signature sets
For utilizing the PKI of the first electronic signature equipment respectively each 4th signed data to be carried out sign test.Second electronic signature equipment is permissible
Obtain the digital certificate of the first electronic signature equipment from the first electronic signature equipment, and from this digital certificate, obtain the first electronics label
The PKI of name equipment.Certainly, the second electronic signature equipment can also prestore the first electronic signature equipment and other electronic signatures set
Standby digital certificate, and obtain the device identification of the first electronic signature equipment from the first electronic signature equipment, according to this device identification
Obtain the digital certificate of the first electronic signature equipment prestored, from this digital certificate, obtain the PKI of the first electronic signature equipment.
Thus, the second electronic signature equipment utilizes the PKI of the first electronic signature equipment the 4th signature to carrying in the second unit data bag
Data carry out sign test, may certify that second unit data bag the strictly first electronic signature equipment is handed down to this second electronic signature and sets
Standby, i.e. verify the correctness of the second unit data bag.
At least one second unit data bag that second electronic signature equipment checking obtains from the first electronic signature equipment for convenience is
No for replay data, in the present embodiment, the second unit data bag also includes: package identification.
As the optional embodiment of one, the second electronic signature equipment is gone back in the transaction request that the first electronic signature equipment sends
Including: package identification.In the first electronic signature equipment, at least one the 3rd unit data bag above-mentioned is sent one by one to the second electricity
In the case of sub-signature device, the package identification in transaction request can be added on one the 3rd list by the first electronic signature equipment
In bit data bag and send it to the second electronic signature equipment;In the first electronic signature equipment by least one the 3rd unit above-mentioned
Packet sends together to the second electronic signature equipment, and the first electronic signature equipment can be by the data in transaction request
Bag mark is added in all 3rd unit data bags that dealing money is corresponding and sends it to the second electronic signature equipment, specifically
Ground, after corresponding package identification is added to the second unit data bag by the first electronic signature equipment, then by this second units
The 3rd unit data bag generated according to bag is sent to the second electronic signature equipment, and the second electronic signature equipment receives the 3rd units
According to bag.In the present embodiment, in order to prevent repeating to obtain certain second unit data bag, specifically, step S13 includes: second
Electronic signature equipment judge the package identification in the second unit data bag of obtaining whether with the packet in the transaction request sent
Identify identical, if it is not the same, the second unit data bag that then package identification is differed by the second electronic signature equipment abandons,
If identical, then the second identical for package identification unit data bag is stored in safety chip by the second electronic signature equipment.By
This, can facilitate the second electronic signature equipment (to decipher the second unit data bag obtained after i.e. receiving the 3rd unit data bag
The the second unit data bag obtained) whether it is that replay data is tested, and owing to package identification is set by the second electronic signature
Back-up is joined, so the second electronic signature equipment is capable of deciding whether to have been received by the second unit data bag that entire packet mark is corresponding,
For subsequent step judging whether, needing to initiate the request of retransmitting provides convenient.To prevent Replay Attack for example, package identification
When being the random number R 1 that the second electronic signature equipment generates, the first electronic signature equipment is sending before a second unit data bag,
Obtain package identification, i.e. random number R 1 from the second electronic signature equipment, and the second unit data of random number R 1 will be included
Bag carries out XOR and obtains the 3rd unit data bag, and sends the 3rd unit data bag to the second electronic signature equipment.The
Two electronic signature equipment can check whether the package identification carried in the second unit data bag obtained is random number R 1, if
It is, then it is assumed that the second unit data bag received is legal;Otherwise it is assumed that the second unit data bag received is playback number
According to, then abandon these data.Thus, it is possible to avoid the second electronic signature equipment to be played out attacking.
As the optional embodiment of another kind, the second electronic signature equipment is in the transaction request that the first electronic signature equipment sends
Also include: package identification initial value.Specifically, in a kind of optional embodiment of the present embodiment, the second electronic signature sets
For being provided with counter, before step S11, the method that the present embodiment provides also includes: the second electronic signature equipment utilizes counting
The count value of device obtains the value of package identification initial value, i.e. this counter and is package identification initial value, this package identification
Initial value is that the number of the packet every time received according to the second electronic signature equipment is accumulated by;Therefore, in step S13
Afterwards, the method that the present embodiment provides also includes: package identification initial value is added by the counter of the second electronic signature equipment
To total number of the second unit data bag be calculated new package identification initial value.Thus, the second electronic signature equipment can
To calculate and to update package identification initial value.First electronic signature equipment can be based on package identification initial value, and according to treating
The calculated each second unit data bag of total number of the second unit data bag being sent to the second electronic signature equipment is corresponding
Package identification.In the present embodiment, in order to prevent repeating to obtain certain second unit data bag, specifically, step S13 includes:
Second electronic signature equipment judges whether the package identification comprised in each second unit data bag obtained meets according to packet
The preset range that mark initial value determines, if be unsatisfactory for, then package identification is unsatisfactory for presetting model by the second electronic signature equipment
The the second unit data bag enclosed abandons, if it is satisfied, then package identification is met the of preset range by the second electronic signature equipment
Two unit data bags are stored in safety chip.
As the optional embodiment of one, when the counter that the counter in the second electronic signature equipment is increment type, each
The package identification comprised in second unit data bag should be not less than package identification initial value, is otherwise considered as replay data, wherein,
The counter of incremental refers to: the second electronic signature equipment often receives a second unit data bag, the count value of its counter
Increase by 1.
For example, when dealing money is 8 yuan, the first electronic signature equipment needs to be sent to the second electronic signature equipment three
Second unit data bag (sends with the form of the 3rd unit data bag), three the second unit data bag representative money face amounts 1 respectively
Unit, 2 yuan and 5 yuan.First electronic signature equipment is 30 from the package identification initial value that the second electronic signature equipment obtains, should
Package identification initial value can be that the number of the current data packet that the rolling counters forward of the second electronic signature equipment is accumulated by adds 1,
Such as, before initiating this transaction, the second electronic signature equipment has stored 29 the second unit data bags altogether, these 29
The package identification of the second unit data bag can be from 1 to 29, then, the next packet received just can be from 30
Start mark, then the first electronic signature equipment is calculated based on package identification initial value 30: represent the of 1 yuan of currency denomination
Package identification corresponding to two unit data bags is 30, represents the data corresponding to the second unit data bag of 2 yuan of currency denominations
Bag is designated 31 and to represent the package identification corresponding to the second unit data bag of 3 yuan of currency denominations be 32, the present embodiment
In, the second electronic signature equipment, after obtaining these 3 the second unit data bags, is associated depositing according to corresponding package identification
Storage, and former package identification initial value 30 is calculated new package identification initial value 33 plus 3.Thus, the first electricity
Sub-signature device only need to obtain a package identification initial value from the second electronic signature equipment, can be according to being sent to the second electricity
The number of the second unit data bag of sub-signature device, calculates the package identification that each second unit data bag is corresponding flexibly.The
Two electronic signature equipment judge that the package identification entrained by three the second unit data bags obtained initiates not less than package identification
Value 30, then be stored in obtain three the second unit data bags in safety chip.Certainly, the present embodiment is only with the second electronics label
As a example by the counter that name is arranged is count-up counter, the counter (such as down counter) of other forms is also in the protection of the present invention
In the range of, it is not illustrated at this.Thus, the second electronic signature equipment can judge to obtain according to package identification the
Whether two unit data bags are replay data, thus avoid the second electronic signature equipment to be played out attacking.
After step s 13, if the second electronic signature equipment does not receive whole second units that the dealing money of request is corresponding
During packet, in a kind of optional embodiment of the present embodiment, the method that the present embodiment provides also includes: the second electronic signature
Equipment is calculated according to the currency denomination representated by the number of the second unit data bag obtained and each second unit data bag
The summation of the currency denomination representated by the second unit data bag the most consistent with the dealing money in transaction request, if inconsistent,
Then send, to the first electronic signature equipment, the request of repeating transmission.Wherein, repeating transmission request at least includes the equipment of the second electronic signature equipment
Mark and/or package identification corresponding to each second unit data bag, so that the first electronic signature equipment can be according to this repeating transmission
Request determines that retransmission of information, retransmission of information are the first electronic signature equipment to a transaction pair of this second electronic signature equipment
The all or part of packet selected in the 3rd unit data bag answered, to ensure that the second electronic signature equipment obtains a transaction
Whole second unit data bags.
In the present embodiment, as the optional embodiment of one, the second electronic signature equipment receives the first electronic signature equipment root
The retransmission of information sent according to the request of repeating transmission, wherein, retransmission of information includes at least one the 3rd unit data bag.Second electronic signature
At least one the second unit data bag being stored in before in safety chip is deleted by equipment, and utilizes XOR factor counterweight respectively to send out
The data ciphertext in each 3rd unit data bag in information carries out XOR, obtains at least one second units of correspondence
According to bag, again store at least one second unit data bag of correspondence.As the optional embodiment of another kind, the second electronics label
Name equipment receives the retransmission of information that the first electronic signature equipment sends according to the request of repeating transmission, and wherein, retransmission of information includes the second electronics
The 3rd unit data bag that signature device does not receives.Second electronic signature equipment utilizes in XOR factor counterweight photos and sending messages respectively
Data ciphertext in each 3rd unit data bag carries out XOR, obtains at least one second unit data bag of correspondence, will
At least one corresponding second unit data bag is stored in safety chip.
For the former, the repeating transmission request of the second electronic signature equipment at least includes the device identification of the second electronic signature equipment, the
The retransmission of information of one electronic signature equipment includes at least one the 3rd unit data bag, and the dealing money i.e. retransmitting a transaction is corresponding
Whole 3rd unit data bags;For the latter, the repeating transmission request of the second electronic signature equipment at least includes: unreceived the
The package identification of two unit data bags, it is also possible to including: the device identification of the second electronic signature equipment, the first electronic signature sets
Standby retransmission of information includes that the second unit data bag not received by the second electronic signature equipment obtains after carrying out XOR
Three unit data bags, i.e. retransmit the 3rd unit data bag of package identification instruction in request.
For the former, for example, for the transaction of a numbered 1*******, the transaction request of the second electronic signature equipment
In dealing money be 10 yuan, the first electronic signature equipment to second electronic signature equipment send 5 represent 2 yuan of currency faces respectively
3rd unit data bag of value, but due to loss of data in transmitting procedure, the second electronic signature equipment only obtains 4 and represents respectively
Second unit data bag of 2 yuan of currency denominations, currency denomination summation is 8 yuan, unequal with dealing money 10 yuan.For this pen
Transaction, the second electronic signature equipment sends, to the first electronic signature equipment, the request of repeating transmission, at least carries second in this repeating transmission request
The device identification of electronic signature equipment, after the first electronic signature equipment receives the repeating transmission request that the second electronic signature equipment sends, pin
This transaction to this second electronic signature equipment can inquire whole 3rd unit data bags of its correspondence, single by 5 the 3rd
Bit data bag carries and sends in retransmission of information to the second electronic signature equipment, will 5 represent the of 2 yuan of currency denominations respectively
Two unit data bags carry with the form of ciphertext and send to the second electronic signature equipment in retransmission of information.Second electronic signature equipment connects
Receive this retransmission of information, carry in retransmission of information 5 the 3rd unit data bags are carried out XOR, obtain 5 of correspondence the
Two unit data bags, and be stored in before in safety chip 4 are represented respectively the second unit data bag of 2 yuan of currency denominations
Delete, 5 the second unit data bags that storage obtains after carrying out XOR again.Thus, the second electronic signature equipment has
The function that repeating transmission is asked is sent not receiving whole second unit data Bao Shixiang the first electronic signature equipment needed for electronic transaction,
First electronic signature equipment has the function that response the second electronic signature equipment is retransmitted, thus ensure that the second electronic signature equipment can
To receive the whole second unit data bags needed for electronic transaction, it is ensured that transaction can smoothly complete.
For the latter, for example, for the transaction of a numbered 1*******, the transaction request of the second electronic signature equipment
In dealing money be 5 yuan, the first electronic signature equipment to second electronic signature equipment send 2 represent 2 yuan of currency faces respectively
The 3rd unit data bag (being called for short 2 metadata bags) of value, and 1 the 3rd unit data bag (letter representing 1 yuan of currency denomination
Claim 1 metadata bag), but due to loss of data in transmitting procedure, the second electronic signature equipment only obtains 22 metadata bags, goods
Coin face amount summation is 4 yuan, unequal with dealing money 5 yuan.For this transaction, the second electronic signature equipment is to the first electronics
Signature device sends the request of repeating transmission, at least carries the device identification of the second electronic signature equipment and do not receive in this repeating transmission request
The package identification (package identification of i.e. 1 metadata bag) of packet or the packet mark of paid-in 2 metadata bags
Know, after the first electronic signature equipment receives the repeating transmission request that the second electronic signature equipment sends, for this second electronic signature equipment
This transaction can inquire the 3rd unit data bag of correspondence according to the package identification of 1 metadata bag, or according to 4
The package identification of 2 metadata bags determines and does not sends the 3rd unit data bag that the package identification of successful 1 metadata bag is corresponding,
The 3rd corresponding for 1 metadata bag mark unit data bag is carried and sends to the second electronic signature equipment in retransmission of information, will count
The second unit data bag corresponding according to bag mark carries in retransmission of information transmission to the second electronic signature equipment with the form of ciphertext.The
Two electronic signature equipment receive this retransmission of information, and the 1 metadata bag carried in retransmission of information is identified the 3rd corresponding unit data
Bag carries out XOR, obtains the second unit data bag that 1 metadata bag mark is corresponding, and by this 1 metadata bag mark correspondence
The second unit data bag be stored in safety chip.Thus, the second electronic signature equipment has and is not receiving electronic transaction institute
Whole second unit data Bao Shixiang the first electronic signature equipment needed send the function of the request of repeating transmission, and receive the first electronic signature
The second unit data bag that the second electronic signature equipment that equipment is retransmitted does not receives, decreases the transmission quantity of retransmission data, it is ensured that
Second electronic signature equipment can receive the whole second unit data bags needed for electronic transaction.
Below it is all to illustrate as a example by the embodiment of a transaction, in the present embodiment, every in many transactions
Transaction can realize in the manner described above.
In the present embodiment, the memory space of the second electronic signature equipment is limited after all, accordingly, it would be desirable to monitor second at any time
The remaining space of electronic signature equipment, in order to instant-free memory space, it is to avoid do not have redundant space to cause in process of exchange
The problem of Fail Transaction.In a kind of optional embodiment of the present embodiment, it is also possible to by the meter in the second electronic signature equipment
Number device monitors the residual memory space of the second electronic signature equipment in real time.Specifically, after each transaction terminates, i.e. in step
After S13, the second electronic signature equipment utilizes the count value of counter to obtain total number of the second currently stored unit data bag.
Specifically, the number of the second unit data bag can all be received plus this transaction at each transaction Counter, many friendships
After Yi, the count value of counter can be accumulated to a numerical value, when this numerical value reaches default value, illustrates that second signs electronically
The memory space of equipment is assigned, does not has unnecessary memory space, and now, the second electronic signature equipment needs to carry out asking
Seek server update packet or apply for the operation (as mentioned above) of new memory space.In the present embodiment, each storage sky
Between size identical, the size of each second unit data bag is identical, and mates with the size of memory space, such as, second electricity
Sub-signature device can store to the memory space that size is 2M, this 2M of the memory space of a second unit data bag distribution
One the second unit data bag, and the space that safety chip reserves storage the second unit data bag is 1G, then, the second electricity
Sub-signature device at most can store 512 the second unit data bags, i.e. default value can be set to 512.Thus, it is possible to it is real
Time monitor the remaining space of the second electronic signature equipment, and discharge unnecessary memory space in time, it is to avoid do not have in process of exchange
There is the problem that redundant space causes Fail Transaction.Certainly, the second electronic signature equipment can also utilize the count value of counter to obtain
Total number of the second unit data bag of every kind of currency denomination of storage in safety chip.Thus, the second electronic signature equipment is permissible
The currency denomination representated by every kind of second unit data bag and number according to storage obtain the second currently stored unit data bag
Sums of money.
In a kind of optional embodiment of the present embodiment, after step s 13, the second electronic signature equipment is by its current account
The amount of money obtains current account balance plus dealing money, shows dealing money and/or current account balance to holding user.Thus,
The user holding electronic signature equipment can inquire about dealing money and current account balance on the equipment of oneself.
Using the method for commerce of a kind of electronic signature equipment of the present embodiment offer, the fund of user is with at least one the second units
It is stored in the first electronic signature equipment or the second electronic signature equipment according to the form of bag.(the second electronic signature sets beneficiary user
Standby side) when collecting the second unit data bag, because fund is no longer to be stored in the second electronic signature equipment with the form of numerical value,
So the second electronic signature equipment need not the numerical value by server change storage, second electronic signature equipment of beneficiary user
Only need to collect a number of second unit data bag, thus, electronics from first electronic signature equipment of paying party user
Signature device is when carrying out electronic transaction with other electronic signature equipment, it is no longer necessary to relies on server to carry out networking and pays, service
Device need not supervise the electronic signature equipment of beneficiary user or paying party user again, thus realizes off line electronics veritably
Transaction.Additionally, the second electronic signature equipment can receive the 3rd unit data bag of ciphertext form from the first electronic signature equipment,
Further increase the security of electronic transaction;Additionally, add package identification and the second electronics in the second unit data bag
The device identification of signature device, can effectively prevent the second electronic signature equipment to be played out attacking, can facilitate the first electricity simultaneously
Sub-signature device determines retransmission of information.
Embodiment 2
Present embodiments provide a kind of transaction system and be applied to the electronic signature equipment of this transaction system.Fig. 2 is the present embodiment
The structural representation of a kind of transaction system provided.As in figure 2 it is shown, this transaction system includes the first electronic signature equipment 20 and
Two electronic signature equipment 30.Wherein, the first electronic signature equipment 20, for receiving the friendship that the second electronic signature equipment 30 sends
Easily request, and send at least one second unit data bag to the second electronic signature equipment 30;Second electronic signature equipment 30 is (i.e.
The electronic signature equipment provided for the present embodiment) include communication module 301, acquisition module 302 and security module 303.
Communication module 301, for sending transaction request to (i.e. the first electronic signature in the present embodiment of opposite end electronic signature equipment
Equipment 20), wherein, transaction request at least includes: dealing money.Acquisition module 302, for receiving the first electronic signature equipment
20 at least one the 3rd unit data bag sent;Security module 303, each for utilize the XOR factor to dock respectively to receive
Data ciphertext in 3rd unit data bag carries out XOR, obtains at least one second unit data bag;Security module 303,
It is additionally operable to store at least one second unit data bag above-mentioned.
In the present embodiment, communication module 301 and the first electronic signature equipment 20 can carry out off-line transaction (i.e. without with service
Device has been networked transaction), both of which can be the electronic equipment with signature function, and such as, the smart card with signature function is (public
Hand over card, bank card, purchase card etc.), the U-shield of industrial and commercial bank etc..In a kind of optional embodiment of the present embodiment, communication
Module 301 can include line interface or wave point, and communication module 301 can be by wired or wireless connected mode and first
Electronic signature equipment 20 sets up communication connection, and wherein, radio connection includes but not limited to: bluetooth, NFC
Or WIFI.Certainly, communication module 301 can also be connected, by outward with external equipment foundation by wired or wireless connected mode
The equipment that connects sends transaction request to the first electronic signature equipment 20, and communication module 301 can also be by wired or wireless connected mode
Set up with external equipment and is connected, by external equipment by transaction request transmission to the first electronic signature equipment 20, wherein, external set
For including but not limited to: mobile phone, PC or panel computer etc. can carry out the electronic equipment of communication.Thus, two electronic signatures set
The transaction request of the other side can be directly received between Bei, and then perform follow-up transaction flow, it is not necessary to network with background server again
Obtain the transaction request of the other side, perform follow-up transaction flow, it is possible to realize off-line transaction truly.
Such as, user is at market shopping, and when needs pay, the second electronic signature equipment 30 of market cashier can be led to by it
Letter module 301 sends the transaction request carrying dealing money to first electronic signature equipment 20 of user, and this dealing money is
User does shopping needs the amount of money of payment, in order in subsequent operation, the first electronic signature equipment 20 is to the second electronic signature equipment 30
Send threeth unit data bag (the currency face of threeth unit data bag that i.e. first electronic signature equipment send corresponding with dealing money
The summation of value is equal to dealing money), two electronic signature equipment can be completely independent, without the equipment of networking, such as two
Just can realize above-mentioned transaction between card, it is achieved off-line transaction, conclude the business simple and efficient.
In order to improve the security of data transmission between two electronic signature equipment further, in communication module 301 to the first electronics
Before signature device 20 sends transaction request, in a kind of optional embodiment of the present embodiment, the second electronic signature equipment 20
Escape way can be set up with the first electronic signature equipment, and utilize escape way to carry out data transmission.Such as, the second electronics label
Security module 303 in name equipment 30 can utilize the PKI of the first electronic signature equipment 20 to be encrypted transaction request to obtain
Transaction request ciphertext M1, the first electronic signature equipment 20 receives what the communication module 301 in the second electronic signature equipment 30 sent
Transaction request ciphertext M1, and utilize own private key that transaction request ciphertext M1 is decrypted to obtain transaction request in plain text;The most such as,
The negotiation that the security module 303 of the second electronic signature equipment 30 can also utilize with the first electronic signature equipment 20 consults to obtain is close
Transaction request is encrypted and obtains ciphertext M2 by key, and the first electronic signature equipment 20 receives leading in the second electronic signature equipment 30
Transaction request ciphertext M2 that letter module 301 sends, and utilize the arranging key of correspondence that transaction request ciphertext M2 is decrypted
To transaction request in plain text.Certainly, the second electronic signature equipment 30 and the first electronic signature equipment 20 can also use other side
Formula sets up the escape way for transmitting data, thus can improve the second electronic signature equipment 30 and the first electronic signature equipment
The security of data transmission between 20.
Acquisition module 302, for receiving at least one the 3rd unit data bag that the first electronic signature equipment 20 sends;
Security module 303, the data ciphertext in each 3rd unit data bag utilizing the XOR factor to dock respectively to receive carries out different
Or computing, obtain at least one second unit data bag;
Wherein, the second unit data in each second unit data bag at least includes: currency denomination data and currency sequence number, its
In, unique mark of currency serial number the second unit data bag;Each second unit data bag represents in multiple currency denomination
Planting currency denomination, the summation of at least one currency denomination representated by the second unit data bag above-mentioned is equal to dealing money.
In the present embodiment, the XOR factor can be that the second electronic signature equipment 30 and the first electronic signature equipment 20 consult to obtain
One group of character or the sequence of numeral, be used for carrying out XOR;Specifically, security module 303, it is used for utilizing the XOR factor extremely
Less the data ciphertext in each 3rd unit data bag is carried out XOR, wherein, the data ciphertext in the 3rd unit data bag
It is the first electronic signature equipment and at least the second unit data in the second unit data bag is carried out what XOR obtained.XOR
Computing falls within a kind of symmetrical deciphering computing mode, but compares the mode of other symmetrical deciphering computings, the speed of XOR,
Thus, it is possible to improve security module 303 the 3rd unit data bag is decrypted the efficiency generating the second unit data bag.
In the present embodiment, at least one the 3rd unit data bag is to be utilized XOR factor pair above-mentioned extremely by the first electronic signature equipment 20
Part or all of data in a few second unit data bag carry out what XOR obtained, right in the first electronic signature equipment 20
After at least one second unit data bag above-mentioned carries out XOR, the first electronic signature equipment 20 is with each 3rd unit data
Each second unit data bag of storage in cladding lid safety chip, and delete this XOR factor.In the present embodiment, with each
In three unit data cladding lid safety chips, each second unit data bag of storage refers to, the first electronic signature equipment 20 will generate
The memory space of former second unit data bag corresponding to each 3rd unit data bag write, replace the second original units
According to bag.Such as, the second unit data packet encryption that package identification is 1*** is generated the 3rd unit data bag, and writes this 1***
In corresponding memory space.The XOR factor is utilized to carry out in the mode of encryption and decryption at this, if in the first electronic signature equipment 20 also
Have this XOR factor, it is possible to the 3rd unit data bag is carried out XOR again thus decryption restoration goes out the second unit data
Bag, therefore, in the present embodiment, sends at least one second unit data bag above-mentioned to second in the first electronic signature equipment 20
After electronic signature equipment 30, it is necessary to the Force Deletion XOR factor, thus, the first electronic signature equipment 20 is carrying out the second list
After bit data bag pays, for having been issued to the second unit data bag of the second electronic signature equipment, the first electronic signature equipment
The safety chip of 20 only stores utilized that the XOR factor obtains after carrying out XOR by the second electronic signature equipment 30 corresponding the
Three unit data bags, and the XOR factor carrying out XOR use has been deleted due to the first electronic signature equipment 20, so,
3rd unit data bag cannot be decrypted by the first electronic signature equipment 20 again, it is impossible to recovers the second unit data bag, also
These the second unit data bags of use cannot be repeated, it is ensured that the uniqueness of same second unit data bag, and, should
The XOR factor only has the first electronic signature equipment 20 and the second electronic signature equipment 30 to know, therefore, and the 3rd unit data bag
Only can be decrypted by XOR again by the security module 303 of the second electronic signature equipment 30, thus only beneficiary is (i.e.
Second electronic signature equipment 30) can have and unencrypted the second unit data bag can be used, other electronic signature equipment are i.e.
The most illegally get the 3rd unit data bag, also cannot get the second units by deciphering because of not this XOR factor
According to bag, thus ensure that the security that the second unit data packet stream is logical.
Such as, acquisition module 302 is used for receiving 5 the 3rd unit data bags representing 2 yuan from the first electronic signature equipment 20,
Security module 303 is for utilizing the data ciphertext in each the 3rd unit data bag representing 2 yuan of XOR factor pair to carry out XOR fortune
Calculate and obtain 5 the second unit data bags representing 2 yuan.In at least one the 3rd unit data bag that acquisition module 302 receives
Including data ciphertext, wherein, data ciphertext by the first electronic signature equipment 20 to the part in each 3rd unit data bag or complete
Portion's data are encrypted what operation obtained.Specifically, the second unit data bag may include that the second unit data, packet
Mark and the device identification etc. of the second electronic signature equipment 30, the first electronic signature equipment 20 utilizes XOR factor pair each second
Part data in unit data bag carry out XOR and refer to: the first electronic signature equipment 20 utilizes the XOR factor at least to second
The second unit data in unit data bag carries out XOR, and such as, the first electronic signature equipment 20 can utilize the XOR factor
The second unit data in second unit data bag and package identification are carried out XOR.
Certainly, the present embodiment is not precluded from other embodiments to prevent electronic signature equipment from illegally re-using same second list
Bit data bag, causes the confusion that the second unit data packet stream is logical, it is ensured that same second unit data wraps in payment process only
One property.Such as: security module 303, for utilizing the private key self stored at least to the data in each 3rd unit data bag
Ciphertext is decrypted, and obtains at least one second unit data bag.In this embodiment, the 3rd unit data bag is by first
Electronic signature equipment 20 utilizes the PKI of the second electronic signature equipment 30 to enter the part or all of data in the second unit data bag
Row encryption obtains.Communication module 303 is sent in the transaction request of the first electronic signature equipment 20 to include the second electronics
The PKI of signature device 30, or the first electronic signature equipment 20 can to Third Party Authentication platform obtain second electronic signature set
The digital certificate of standby 30, preserves the PKI of the second electronic signature equipment 30 in this digital certificate.Thus, the first electronic signature
Equipment 20 can get the PKI of the second electronic signature equipment 30.The first electronic signature equipment 20 to above-mentioned at least one
After two unit data bags are encrypted, the first electronic signature equipment 20 is deposited with in each 3rd unit data cladding lid safety chip
Each second unit data bag of storage.In the present embodiment, each with what each 3rd unit data cladding lid safety chip stored
Second unit data bag refers to, each 3rd unit data bag generated is write corresponding former second by the first electronic signature equipment 20
The memory space of unit data bag, replaces the second original unit data bag.Such as, it is the second of 1*** by package identification
Unit data packet encryption generates the 3rd unit data bag, and writes in memory space corresponding to this 1***.Thus, the first electronics label
Name equipment 20 is after carrying out the second unit data bag and paying, for having been issued to the second unit of the second electronic signature equipment 30
Packet, the safety chip of the first electronic signature equipment 20 only stores after being encrypted by the PKI of the second electronic signature equipment 30
The 3rd corresponding unit data bag obtained, and the first electronic signature equipment 20 can not have the private key of the second electronic signature equipment,
Therefore the 3rd unit data bag cannot be decrypted by the first electronic signature equipment 20, it is impossible to recovers the second unit data bag,
Also these the second unit data bags of use cannot be repeated, it is ensured that the uniqueness of same second unit data bag, and should
3rd unit data bag is the public key encryption utilizing the second electronic signature equipment, so the 3rd unit data bag only can be by second
The security module 303 of electronic signature equipment 30 is decrypted (private key that only security module 303 has oneself), thus only has
Beneficiary (the i.e. second electronic signature equipment 30) can have and can use unencrypted the second unit data bag, other electronics
Even if signature device illegally gets the 3rd unit data bag, also because do not have the second electronic signature equipment 30 private key and cannot
Deciphering can not use the second unit data bag got, thus ensure that the security that the second unit data packet stream is logical.
Additionally, in the present embodiment, the 3rd unit data bag is ciphertext, it is ensured that the security of transmission data, even and if by other
Equipment is intercepted and captured, it is also difficult to crack, and further increases the security that the second unit data packet stream is logical.Additionally, at the first electronics label
After name equipment 20 receives transaction request, in order to ensure the safety of transaction, in addition it is also necessary to obtain holding of the first electronic signature equipment 20
The confirmation of user, could perform follow-up transactional operation.
In the present embodiment, each second unit data bag represents a kind of currency denomination in multiple currency denomination, say, that goods
Coin face amount has multiple, when acquisition module 302 only receives a second unit data bag from the first electronic signature equipment 20, and should
Second unit data bag only represents a kind of currency denomination therein.When acquisition module 302 receives many from the first electronic signature equipment 20
During individual second unit data bag, multiple second unit data bags can represent multiple different currency denomination, such as, the second unit
The number of packet is 3, each second unit data bag respectively representative money face amount 1 yuan, 2 yuan and 5 yuan;Or,
Multiple second unit data bags can represent identical currency denomination, and such as, the number of the second unit data bag is 3, each
Second unit data bag equal representative money face amount 1 yuan;Again or, in the currency denomination representated by multiple second unit data bags both
Including the identical currency denomination also including differing, such as, the number of the second unit data bag is 3, each second unit
Packet respectively representative money face amount 1 yuan, 1 yuan and 2 yuan.Thus, acquisition module 302 is from the first electronic signature equipment 20
At least one currency denomination representated by the second unit data bag received has combination flexibly.
In a kind of optional embodiment of the present embodiment, at least including the second unit data in the second unit data bag, this is second years old
Unit data at least includes: currency denomination data, or, currency sequence number and currency denomination data.Wherein, currency denomination data
It is the currency denomination representated by the second unit data bag, identifies the currency denomination representated by the second unit data bag, currency with this
Unique mark of serial number the second unit data bag, the most different currency sequence numbers in the second unit data bag is different.Thus,
Ensure that the uniqueness of the second unit data bag, in order to recognize the true and false of the second unit data bag.Optionally real as one
Executing mode, the second unit data bag the most also includes one below: the bank of issue identifies and bank certificate sequence number.Wherein, distribution
Bank identifier is the identification information of the bank issuing this second unit data bag, thus, the safety in the second electronic signature equipment 30
Module 303 can inquire the relevant information of the bank of issue of correspondence according to this mark, and, the second electronic signature equipment 30
Acquisition module 302 therein can be utilized to obtain the bank of the corresponding bank of issue according to bank of issue's mark and bank certificate sequence number
Certificate, includes the PKI of the bank of issue in bank certificate, in order to Subsequent secure module 303 utilizes the PKI pair of the bank of issue
The signature of the second unit data completes checking.
In a kind of optional embodiment of the present embodiment, each second unit data bag at least includes: the second unit data, clothes
The 3rd signed data that described second unit data signature is obtained by business device.As the optional embodiment of one, server by utilizing
The second unit data in each second unit data bag is signed by the private key of self respectively, obtains and each second units
According to the 3rd signed data that bag is corresponding.At least one is carried the second unit data bag of the 3rd signed data and sends extremely by server
First electronic signature equipment 20.Second electronic signature equipment 30, when carrying out gathering operation from the first electronic signature equipment 20, is pacified
Full module 303 obtains at least one second unit data bag carrying the 3rd signed data from the first electronic signature equipment 20, with
It is easy to the authenticity that security module 303 in subsequent step can utilize public key verifications the second unit data bag of server.
In the another kind of optional embodiment of the present embodiment, communication module 301 sends the transaction to the first electronic signature equipment 20
Request also includes: the device identification of the second electronic signature equipment 30;Each second unit data bag at least includes: the second unit
The device identification signature of the second unit data and the second electronic signature equipment 30 is obtained by data, the first electronic signature equipment 20
4th signed data.As the optional embodiment of one, the first electronic signature equipment 20 utilizes the private key of self to the second unit
The device identification of data and the second electronic signature equipment 30 is signed, and obtains fourth label corresponding with each second unit data bag
Name data.Second electronic signature equipment 30 from the first electronic signature equipment 20 carry out gathering operation time, security module 303 from
First electronic signature equipment 20 obtains at least one second unit data bag carrying the 4th signed data, in order to subsequent step
Middle security module 303 utilizes the correctness of public key verifications the second unit data bag of the first electronic signature equipment.
In the present embodiment, the first electronic signature equipment 20 sends in the communication module 301 receiving the second electronic signature equipment 30
Transaction request after, the dealing money of the second electronic signature equipment 30 request can be deducted from the account balance of self, and be second
Electronic signature equipment 30 issues summation at least one the 3rd unit data bag equal to dealing money of currency denomination, at the second electronics
Signature device 30 utilizes its acquisition module 302 to receive these the 3rd unit data bags, enters the 3rd unit data bag received
Row XOR obtains the second unit data bag of correspondence, after transferring accounts successfully, just completes off-line transaction, acquisition module 302
Need not just can receive the first electronic signature equipment 20 with server networking again transfer accounts and (i.e. receive the first electronic signature equipment 20
At least one the 3rd unit data bag sent, and it is carried out XOR obtain the second unit data bag).Each second unit
Currency denomination representated by packet can be the same or different, and the first electronic signature equipment 20 is sent to the second electronic signature and sets
The number of the second unit data bag (sending with the form of the 3rd unit data bag) of standby 30 and each the second unit data bag institute
The currency denomination represented can be determined according to dealing money by the first electronic signature equipment 20, it is also possible to by the second electronic signature equipment
Security module 303 in 30 informs the first electronic signature equipment 20 according to dealing money after determining, such as, as in the present embodiment
The optional embodiment of one, the transaction request that communication module 301 sends can also be carried the kind of required second unit data bag
Class and number.The former can realize issuing of the second unit data bag flexibly at the first electronic signature equipment 20, and the latter can meet
The user of the second electronic signature equipment 30 is to the number of the second unit data bag and the demand of face amount.Optional in the present embodiment one
Embodiment in, each second unit data bag represents a kind of currency denomination in multiple currency denomination, such as, the second unit
Currency denomination representated by packet includes: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, certainly, as
The following country of fruit has issued new currency denomination or other regional, the national currency denominations in addition to making by RMB also
Belong to protection scope of the present invention, the present embodiment is only illustrated with RMB face amount.Such as, communication module 301 to
First electronic signature equipment sends transaction request, and wherein, the dealing money that transaction request includes is 10 yuan, and acquisition module 302 connects
Receive 5 the second unit data bags that the first electronic signature equipment 20 sends, the currency denomination representated by 5 the second unit data bags
Being respectively 1 yuan, 1 yuan, 1 yuan, 2 yuan and 5 yuan, the summation of the currency denomination representated by 5 the second unit data bags is 10 yuan,
Equal with dealing money.Certainly, when the dealing money that transaction request includes is 10 yuan, acquisition module 302 can also receive
10 the second unit data bags representing 1 yuan of currency denomination that one electronic signature equipment sends, or, 2 represent 5 yuan of currency
Second unit data bag of face amount, or, 1 the second unit data bag representing 10 yuan of currency denominations.It is to say, second
Currency denomination representated by electron unit monetary data bag and number can be with flexible combination, it is only necessary to make the first electronic signature equipment 20
The summation of the currency denomination representated by least one sent the second unit data bag is equal to dealing money, the most only with trade gold
As a example by volume is 10 yuan, identical for other amount of money Numerical Principles, the most no longer illustrate.Thus, set in the first electronic signature
Determine the number of the second unit data bag, and the feelings of each amount of money representated by the second unit data bag according to dealing money for 20
Under condition, the first electronic signature equipment 20 can realize issuing of the second unit data bag flexibly, can have various combination;Second
Electronic signature equipment 30 determines the number of the second unit data bag according to dealing money, and representated by each the second unit data bag
Currency denomination in the case of, can by request number and correspondence the second unit data bag representated by currency denomination send
To the first electronic signature equipment 20, thus can meet the user of the second electronic signature equipment 30 to the second unit data bag
Number and the demand of currency denomination.
Second electronic signature equipment 30 is determined to the number of the second unit data bag, and each second unit according to dealing money
The situation of the currency denomination representated by packet, does not probably store second in the safety chip of the first electronic signature equipment 20
The second unit data bag corresponding to currency denomination of communication module 301 request of electronic signature equipment 30 or the number of storage are not enough
The number of request, as the optional embodiment of the one in the present embodiment, the first electronic signature equipment 20 can be to the second electronics label
Name equipment 30 sends information, this information may include that the second unit data bag of corresponding currency denomination do not exist or
The information that number is not enough, the security module 303 in the second electronic signature equipment 30 can change the second electronics list according to dealing money
The combined strategy of position currency denomination representated by monetary data bag and number, or, by the first electronic signature equipment 20 according to transaction
The amount of money changes the combined strategy of the currency denomination representated by the second electron unit monetary data bag and number.Such as, the first electronics label
Name equipment 20 receives the second electronic signature equipment and transfers accounts the transaction request of 10 yuan, and asks to send 5 and represent 2 yuan second single
Bit data bag (calls 2 metadata bags in the following text), but first electronic signature equipment 20 only 42 metadata bags, then to the second electronics
Signature device 30 sends only has 42 metadata bags, the information that 2 metadata bag numbers are not enough, now, and the second electronics label
Security module 303 in name equipment 30 can change combined strategy, such as, returns request to the first electronic signature equipment 20 and sends out
Send 42 metadata bags, the response of 21 metadata bags, or, the first electronic signature equipment 20 is to the second electronic signature
After equipment 30 sends information, receive the confirmation response of the second electronic signature equipment 30, then the first electronic signature equipment 20 can
To determine a kind of combined strategy at random, such as, 42 metadata bags, 21 metadata bags are sent to the second electronic signature
Equipment 30, thus, solves the number of the second unit data bag of storage in the safety chip of the first electronic signature equipment 20 not enough
Or non-existent problem.
Additionally, in the specific implementation, there is also the second unit data bag of storage in the safety chip of the first electronic signature equipment 20
Representative currency denomination cannot piece together out the problem of above-mentioned at least one the second unit data bag equal with dealing money, in order to
Solve this problem, in a kind of optional embodiment of the present embodiment, in communication module 301, transaction request is sent to the first electricity
After sub-signature device 20, receive, at acquisition module 302, at least one second units that the first electronic signature equipment 20 sends
Before bag, acquisition module 302, it is additionally operable to receive the small change information for the treatment of that the first electronic signature equipment 20 sends, wherein, waits to look for
Zero information by the first electronic signature equipment 20 according in dealing money and inherently safe chip storage the second unit data bag institute
The currency denomination represented determines, such as, treats that small change information can include needing the communication module 301 of the second electronic signature equipment 30
The currency denomination giving change for change returned.If security module 303 storage of the second electronic signature equipment 30 represents this and gives zero for change
Second unit data bag of money currency denomination, or, storage has the summation of currency denomination to be equal to this second units giving change for change
According to bag, then communication module 301 can return to the first electronic signature equipment 20 and confirm response, i.e. informs the first electronic signature equipment
20 the second unit data bags oneself having small change, the first electronic signature equipment 20 is receiving what communication module 301 sent
After small change information (i.e. return and confirm accordingly), the first electronic signature equipment 20 obtains at least one second list from safety chip
Bit data bag, and at least to this, the second unit data at least one second unit data bag carries out XOR fortune to utilize the XOR factor
Calculating, obtain at least one the 3rd unit data bag of correspondence, by this, at least one the 3rd unit data bag sends to the second electronics label
Name equipment 30, wherein, the summation of at least one currency denomination representated by the second unit data bag above-mentioned should add equal to dealing money
On give the currency denomination of change for change.
Such as, dealing money is 7 yuan, and in the safety chip of the first electronic signature equipment 20, storage has 5 to represent 2 yuan of goods respectively
The second unit data bag (calling 2 metadata bags in the following text) of coin face amount, then the first electronic signature equipment 20 cannot utilize these 52 yuan
Packet pieces together out 7 yuan of currency denominations, and the first electronic signature equipment 20 is only with 52 metadata of storage in safety chip
Bag piece together out with dealing money 7 yuan closest to and more than the currency denomination of dealing money, the i.e. first electronic signature equipment 20 can be in order to
8 yuan of currency denominations are pieced together out, in addition it is also necessary to the second electronic signature equipment 30 gives 1 yuan of change for change, i.e. with 42 metadata bags
After 42 metadata bags are sent to the second electronic signature equipment 30 by one electronic signature equipment 20, the second electronic signature equipment 30
Need to utilize communication module 301 to return 11 metadata bag to the first electronic signature equipment 20 and (represent the of 1 yuan of currency denomination
Two unit data bags).First electronic signature equipment 20 carries to the second electronic signature equipment 30 transmission and gives change for change is 1 yuan
Treat small change information, wherein, treat that small change information is for inquiring whether the second electronic signature equipment 30 can give representative currency face for change
Value summation is the second unit data bag of 1 yuan.If in security module 303, storage has representative currency denomination summation is 1 yuan
The second unit data bag, then communication module 301 sends small change information to the first electronic signature equipment 20, i.e. with purpose the first electricity
Sub-signature device 20 returns and represents 1 yuan or the second unit data bag that currency denomination summation is 1 yuan.First electronic signature equipment
20 after receiving small change information, obtains 4 the second unit data bags representing 2 yuan of currency denominations, profit from safety chip
Carry out XOR with 4 the second unit data bags of XOR factor pair and obtain 4 the 3rd unit datas representing 2 yuan of currency denominations
These 4 the 3rd unit data bags are sent to the second electronic signature equipment 30, the communication in the second electronic signature equipment 30 by bag
Module 301 can return again to 20 11 metadata bags of the first electronic signature equipment.Thus, when piecing together out representative goods
During the coin face amount summation second unit data bag equal with dealing money, electronic transaction can be completed by small change mechanism so that electricity
Son transaction is convenient.
In a kind of optional embodiment of the present embodiment, the transaction request that communication module 301 sends at least includes: the second electronics
The device identification of signature device 30.Before the first electronic signature equipment 20 sends at least one the 3rd unit data bag, first
Electronic signature equipment 20 points out dealing money and the device identification of the second electronic signature equipment 30 to holding user, and receives and hold
There is the confirmation information of user.In a kind of optional embodiment of the present embodiment, the device identification of the second electronic signature equipment 30 can
Think the sequence number that dispatches from the factory of the second electronic signature equipment, it is also possible to be the device name of the second electronic signature equipment 30, it is also possible to for
Second electronic signature equipment 30 holds the name of user.By this device identification, the first electronic signature equipment 20 hold user
Can confirm that whether this second electronic signature equipment 30 is the trading object that user agrees to, only user is right to dealing money and transaction
After all approving, user just can select to confirm this transaction, and the confirmation of transaction ensures the peace of this transaction from there through user
Entirely.
As the optional embodiment of one, the first electronic signature equipment 20 is provided with display screen or loudspeaker, is arranged by self
Display screen show or report dealing money and the equipment of the second electronic signature equipment 30 by the speaker sound self arranged
Mark;Or, the first electronic signature equipment 20 and external equipment are set up and are connected, by the display screen of external equipment or loudspeaker to
Hold user and point out dealing money and the device identification of the second electronic signature equipment 30.Thus, it is possible to facilitate user to confirm payment gold
Volume and beneficiary are the most correct.As the optional embodiment of one, the first electronic signature equipment 20 can be provided with confirmation
Button, user is confirmed by this confirmation button.Certainly, the first electronic signature equipment 20 can also arrange confirmation defeated
Entering assembly, this confirmation input module specifically may include that PIN code input keyboard or fingerprint input module.Thus, user
Can by the way of input PIN code or fingerprint input validation information, same what the relevant information of electronic transaction was confirmed
Time, the identity holding user can also be verified by the first electronic signature equipment 20, improves the security of electronic transaction further.
Security module 303, is additionally operable to store at least one second unit data bag above-mentioned.
In a kind of optional embodiment of the present embodiment, security module 303 includes safety chip, has inside this safety chip
Independent processor and memory cell, can store PKI digital certificate and key, and other characteristics, add data
Deciphering computing, provides the user data encryption and identification safety authentication service, and in the present embodiment, safety chip can store from the
One electronic signature equipment 20 or (supplement the third party such as server service with money such as bank server or market shopping from other background servers
Device) the second unit data bag of receiving, owing to the data in the memory cell of safety chip can not illegally be read, thus may be used
To ensure memory cell stores the security of data.
In a kind of optional mode of the present embodiment, each second unit data bag is only stored once by security module 303, and peace
Module 303 is after storing at least one second unit data bag above-mentioned entirely, the 3rd also will received by communication module 301
Unit data bag is deleted, thus, it is possible to prevent security module 303 from having multiple the second identical unit data bag, or to same
Individual 3rd unit data bag carries out repeatedly XOR and obtains multiple the second identical unit data bags, it is to avoid the second unit data bag
The confusion of circulation, it is ensured that same second unit data wraps in the uniqueness in payment process.
In a kind of optional embodiment of the present embodiment, security module 303, it is additionally operable at storage at least one second list above-mentioned
Before bit data bag, distribution is for storing the memory space of at least one the second unit data bag.In the present embodiment, safe mould
Block 303, is used for storing at least one second unit data bag, specifically includes: security module 303, for by least one second
Unit data bag is stored in the memory space of correspondence, and is set to take by the status word of corresponding memory space.Wherein, peace
Full module 303 is each second unit data bag one memory space of distribution, and a memory space can only store second unit
Packet, and the transaction record of the second electronic signature equipment 30 also can record in a transaction and receive from other electronic signature equipment
The position of the memory space of each the second unit data bag storage arrived.The status word of memory space is used for identifying this memory space
No the most occupied, if the most occupied, then security module 303 can not store the second unit at this occupied memory space
Packet.When all memory spaces of security module 303 distribution are the most occupied, the second electronic signature equipment 30 needs to utilize
Communication module 301 makes requests on background server more new data packets or applies for the operation of new memory space, wherein, as one
Kind of optional embodiment, the second electronic signature equipment 30 utilize communication module 301 to apply for new memory space is new with storage
The the second unit data bag received.As the optional embodiment of another kind, the second electronic signature equipment 30 can also utilize logical
Letter module 301 updates the second locally stored unit data bag to background server request, and such as, communication module 301 can be asked
The the second unit data bag asking background server that locally stored N number of (N is the positive integer more than 1) represents little face amount is replaced
It is that the second unit data bag that 1 or M individual (M < N) represents big currency denomination stores, as long as the amount of currency of storage is not
Become, the most just can discharge multiple memory space, thus save the second units that memory space is newly received with storage
According to bag.Additionally, for the security improving data storage further, in this step, security module 303 can also be by each
Second unit data bag is encrypted the ciphertext data obtaining each second unit data bag, and each ciphertext data are stored in right
In the memory space answered.Thus, it is possible to ensure that the second unit data bag being stored in the memory space of security module 303 can not
By fraudulent copying or change, the security guaranteeing to store the second unit data bag with this.
In the present embodiment, in order to ensure the authenticity of the second unit data bag of storage in security module 303, as this enforcement
The optional embodiment of one in example, security module 303, it is additionally operable to before storing at least one second unit data bag above-mentioned,
3rd signed data is verified, after being verified, performs to store the operation of at least one the second unit data bag above-mentioned.Its
In, the 3rd signed data is that the second unit data is signed and obtained by server, and each second unit data bag at least includes:
The 3rd signed data that second unit data signature is obtained by the second unit data and server, so that security module 303
The authenticity of the second unit data bag can be verified.As the optional embodiment of one, the 3rd signed data is server by utilizing
Second unit data is signed the signed data obtained by the private key of self.Accordingly, security module 303, for the 3rd
Signed data is verified, specifically includes: security module 303, for utilizing the PKI of this server to enter the 3rd signed data
Row sign test.As a example by server is as bank server, bank server carries out HASH computing to the second unit data and obtains second
The summary message A1 of unit data, and utilize the private key of bank server self this summary message A1 is carried out sign computing obtain
3rd signed data, and carry in the second unit data bag, be issued to the first electronic signature equipment 20, set in the second electronic signature
Standby 30 when carrying out gathering operation, acquisition module 302 receive from the first electronic signature equipment 20 carry the 3rd signed data to
A few second unit data bag, security module 303 can utilize the PKI of this bank server to test the 3rd signed data
Sign, specifically, security module 303 utilize the PKI of bank server the 3rd electronic signature data is carried out computing obtain computing knot
Really A2, and the second unit data in the second unit data bag is carried out HASH computing obtain the summary message of the second unit data
A3, compares operation result A2 with summary message A3, if comparison result is consistent, then security module 303 is to the 3rd electricity
Sub-signed data sign test is passed through.Wherein, security module 303 can according to the bank certificate sequence number in the second unit data bag and/
Or bank of issue's mark obtains the PKI of bank, specifically, bank server utilizes the private key of self to carry out signature and refers to that bank takes
Business device obtains corresponding private key according to bank of issue's mark with bank certificate sequence number, utilizes this private key to sign.Such as, safety
Module 303 can identify according to the bank of issue in the second unit data bag, sends out from corresponding with the 3rd signed data to be verified
Row bank server obtains the bank certificate of this bank, and obtains the PKI of this bank from bank certificate;The most such as, safe mould
Block 303 can prestore the bank certificate of each bank, according to the bank certificate sequence number in the second unit data bag from prestore each
Bank certificate obtains the bank certificate corresponding with the 3rd signed data to be verified, and from corresponding bank certificate, obtains bank
PKI.Thus, security module 303 is used for the PKI utilizing bank the 3rd signed data to carrying in the second unit data bag
Carry out sign test, the authenticity of the second unit data bag can be verified.Foregoing description is only carried out as a example by server is as bank server
Illustrate, but the present embodiment is not limited to bank server, the tool of other third-party server such as supermarket shopping card stored value server etc.
Within body embodiment belongs to protection scope of the present invention.
Further, security module 303, on the premise of the second unit data bag guaranteeing to receive is true, still wants to confirm to obtain again
That whether the second unit data bag that delivery block 302 receives is sent by real first electronic signature equipment 20 and first electricity
The object that sub-signature device 20 sends is the second electronic signature equipment 30 itself the most really, to avoid storing the first electronic signature
The packet that equipment 20 is sent out by mistake, in the present embodiment, security module 303, it is additionally operable to storing at least one second units above-mentioned
Before bag, the 4th signed data is verified, perform to store at least one second unit data bag above-mentioned after being verified
Operation.Wherein, the 4th signed data is that the first electronic signature equipment 20 is to the second unit data and the second electronic signature equipment
The device identification signature of 30 obtains, and therefore, in a kind of optional embodiment of the present embodiment, communication module 301 is sent to
The transaction request of the first electronic signature equipment 20 also includes: the device identification of the second electronic signature equipment 30;Each second is single
Bit data bag at least includes: the second unit data and the second electronic signature are set by the second unit data, the first electronic signature equipment 20
The 4th signed data that standby device identification signature obtains, so that security module 303 can verify the second unit data bag
Authenticity and correctness.As the optional embodiment of one, the 4th signed data is that the first electronic signature equipment 20 utilizes self
Private key the device identification of the second unit data and the second electronic signature equipment 30 is signed the signed data obtained, namely
Saying, the signature object of each 4th signed data is each second unit data and the device identification of the second electronic signature equipment 30
Combination.Accordingly, security module 303, for the 4th signed data is verified, specifically include: security module 303, use
Respectively each 4th signed data is carried out sign test in the PKI utilizing the first electronic signature equipment 20.Security module 303 can be led to
Cross acquisition module 302 and obtain the digital certificate of the first electronic signature equipment 20 from the first electronic signature equipment 20, and from this numeral
Certificate obtains the PKI of the first electronic signature equipment 20.Certainly, security module 303 can also prestore the first electronic signature equipment
20 and the digital certificate of other electronic signature equipment, and obtain the first electronic signature equipment 20 from the first electronic signature equipment 20
Device identification, obtain the digital certificate of the first electronic signature equipment 20 prestored according to this device identification, from this digital certificate
Obtain the PKI of the first electronic signature equipment 20.Thus, security module 303 is for utilizing the public affairs of the first electronic signature equipment 20
Key carries out sign test to the 4th signed data carried in the second unit data bag, may certify that the second unit data bag is strictly first
Electronic signature equipment 20 is handed down to this second electronic signature equipment 30, i.e. verifies the correctness of the second unit data bag.
Security module 303 verifies that at least one the second unit data bag received from the first electronic signature equipment 20 is for convenience
No for replay data, in the present embodiment, the second unit data bag also includes: package identification.
As the optional embodiment of one, communication module 301 is also wrapped in the transaction request that the first electronic signature equipment 20 sends
Include: package identification.In the first electronic signature equipment 20, at least one the 3rd unit data bag is sent one by one to the second electronics label
In the case of name equipment 30, the package identification in transaction request can be added on one the 3rd by the first electronic signature equipment 20
In unit data bag and send it to the second electronic signature equipment 30;The first electronic signature equipment 20 by least one the 3rd
Unit data bag sends together to the second electronic signature equipment 30, and transaction can be asked by the first electronic signature equipment 20
The package identification asked is added in all 3rd unit data bags that dealing money is corresponding and sends it to the second electronic signature
Equipment 30, specifically, after corresponding package identification is added to the second unit data bag by the first electronic signature equipment 20,
The 3rd unit data bag that this second unit data bag generates is sent to the second electronic signature equipment 30 again, and the second electronic signature sets
The acquisition module 302 of standby 30 receives the 3rd unit data bag.In the present embodiment, in order to prevent repeating to obtain certain second unit
Packet, security module 303, it is used for storing at least one second unit data bag above-mentioned, including: security module 303, it is used for
Judge that the package identification in the second unit data bag obtained is the most identical with the package identification in the transaction request sent, as
Fruit differs, then the second unit data bag differed by package identification abandons, if identical, then storage package identification phase
The second same unit data bag.Thus, it is possible to convenient and safe module 303 (i.e. receives to the second unit data bag obtained
The the second unit data bag obtained is deciphered after three unit data bags) whether it is that replay data is tested, and due to packet mark
Know and distributed by the security module 303 in the second electronic signature equipment 30, so security module 303 is capable of deciding whether to have been received by entirely
The second unit data bag that portion's package identification is corresponding, for judging whether in subsequent step that needing to initiate the request of retransmitting provides convenient.
To prevent Replay Attack for example, when package identification is the random number R 1 that the second electronic signature equipment 30 generates, the first electricity
Sub-signature device 20, before sending a second unit data bag, obtains package identification from the second electronic signature equipment 30,
I.e. random number R 1, and the second unit data bag including random number R 1 is carried out XOR obtain the 3rd unit data bag,
And the 3rd unit data bag is sent to the second electronic signature equipment 30.The second unit that security module 303 obtains for inspection
Whether the package identification carried in packet is random number R 1, if it is, think that the second unit data bag received is for closing
Method;Otherwise it is assumed that the second unit data bag received is replay data, then abandon these data.Thus, it is possible to avoid second
Electronic signature equipment 30 is played out attacking.
As the optional embodiment of another kind, communication module 301 is gone back in the transaction request that the first electronic signature equipment 20 sends
Including: package identification initial value.Specifically, in a kind of optional embodiment of the present embodiment, the second electronic signature equipment
30 are provided with counter, security module 303, for communication module 301 to the first electronic signature equipment 20 send transaction request it
Before, the value utilizing the count value of counter to obtain package identification initial value, i.e. this counter is package identification initial value,
This package identification initial value is that the number of the packet every time received according to acquisition module 302 is accumulated by;Therefore, exist
After storing at least one second unit data bag above-mentioned, the counter of the second electronic signature equipment 30 is by package identification initial value
Total number plus the second unit data bag obtained is calculated new package identification initial value.Thus, security module 303
Can calculate and update package identification initial value.First electronic signature equipment 20 can be based on package identification initial value, and root
According to calculated each second unit data of total number of the second unit data bag being sent to the second electronic signature equipment 30
The package identification that bag is corresponding.In this embodiment, by the first electronic signature equipment 20 according to package identification initial value and
Packet number to be sent, determines the package identification of each second unit data bag to be sent.In the present embodiment, in order to
Prevent from repeating to obtain certain second unit data bag, security module 303, be used for storing at least one second unit data bag above-mentioned,
Including: security module 303, for judging whether the package identification comprised in each second unit data bag obtained meets root
The preset range determined according to package identification initial value, if be unsatisfactory for, is then unsatisfactory for the second of preset range by package identification
Unit data bag abandons, if it is satisfied, then storage package identification meets the second unit data bag of preset range.
As the optional embodiment of one, when the counter that counter is increment type in the second electronic signature equipment 30, often
The package identification comprised in individual second unit data bag should be not less than package identification initial value, is otherwise considered as replay data, its
In, the counter of incremental refers to: acquisition module 302 often receives a second unit data bag, the count value of its counter
Increase by 1.
For example, when dealing money is 8 yuan, the first electronic signature equipment 20 needs to be sent to the second electronic signature equipment
30 3 the second unit data bags (sending with the form of the 3rd unit data bag), three the second unit data bags represent goods respectively
Coin face amount 1 yuan, 2 yuan and 5 yuan.The package identification that first electronic signature equipment 20 obtains from the second electronic signature equipment 30
Initial value is 30, and this package identification initial value can be working as of being accumulated by of the rolling counters forward of the second electronic signature equipment 30
The number of front packet adds 1, and such as, before initiating this transaction, security module 303 stores altogether 29 the second units
Packet, the package identification of these 29 the second unit data bags can be from 1 to 29, then, the next data received
Bag just can start mark from 30, then the first electronic signature equipment 20 is calculated based on package identification initial value 30: generation
The package identification corresponding to second unit data bag of 1 yuan of currency denomination of table is 30, represents the second unit of 2 yuan of currency denominations
Package identification corresponding to packet is 31 and represents the packet mark corresponding to the second unit data bag of 3 yuan of currency denominations
Knowledge is 32, and in the present embodiment, security module 303 is after obtaining these 3 the second unit data bags, according to corresponding packet mark
Know and be associated storage, and former package identification initial value 30 is calculated new package identification initial value 33 plus 3.
Thus, the first electronic signature equipment 20 only need to obtain a package identification initial value from the second electronic signature equipment 30,
According to the number of the second unit data bag being sent to the second electronic signature equipment 30, calculate each second unit data bag flexibly
Corresponding package identification.Security module 303 judges that the package identification entrained by three the second unit data bags obtained is the least
In package identification initial value 30, then store three the second unit data bags obtained.Certainly, the present embodiment is only with the second electronics
As a example by the counter of signature 30 setting is count-up counter, the counter (such as down counter) of other forms is also in the present invention
In protection domain, it is not illustrated at this.Thus, security module 303 may be used for judging to obtain according to package identification
The second unit data bag whether be replay data, thus avoid the second electronic signature equipment 30 be played out attack.
When acquisition module 302 does not receive whole second unit data bag corresponding to the dealing money of request, at the present embodiment one
Plant in optional embodiment, security module 303, it is additionally operable to after storing at least one second unit data bag above-mentioned, root
According to the currency denomination calculated second representated by the number of the second unit data bag obtained and each second unit data bag
The summation of the currency denomination representated by unit data bag is the most consistent with the dealing money in transaction request, if it is inconsistent, logical
Cross communication module 301 and send, to the first electronic signature equipment 20, the request of repeating transmission.Wherein, repeating transmission request at least includes the second electronics
The device identification of signature device 30 and/or package identification corresponding to each second unit data bag, so that the first electronic signature
According to this repeating transmission request, equipment 20 can determine that retransmission of information, retransmission of information are the first electronic signature equipment 20 to the second electricity
The all or part of packet selected in the 3rd unit data bag that one transaction of sub-signature device 30 is corresponding, to ensure the second electricity
Sub-signature device 30 obtains whole second unit data bags of a transaction.
In the present embodiment, as the optional embodiment of one, acquisition module 302, for receiving the first electronic signature equipment
20 retransmission of information sent according to the request of repeating transmission, wherein, retransmission of information includes at least one the 3rd unit data bag.Security module
303, at least one the second unit data bag stored before is deleted, and utilize in XOR factor counterweight photos and sending messages respectively
Data ciphertext in each 3rd unit data bag carries out XOR, obtains at least one second unit data bag of correspondence, weight
At least one second unit data bag that new storage is corresponding.As the optional embodiment of another kind, acquisition module 302, it is used for
Receiving the retransmission of information that the first electronic signature equipment 20 sends according to the request of repeating transmission, wherein, retransmission of information includes the second electronic signature
The 3rd unit data bag that equipment 30 does not receives.Security module 303, for utilizing in XOR factor counterweight photos and sending messages respectively
Data ciphertext in each 3rd unit data bag carries out XOR, obtains at least one second unit data bag of correspondence, deposits
At least one second unit data bag that storage is corresponding.
For the former, what communication module 301 sent retransmits the device identification at least including the second electronic signature equipment 30 in request,
The retransmission of information of the first electronic signature equipment 20 includes at least one the 3rd unit data bag, i.e. retransmits the dealing money of a transaction
Corresponding whole 3rd unit data bags;For the latter, the repeating transmission request that communication module 301 sends at least includes: do not receive
The package identification of the second unit data bag, it is also possible to including: the device identification of the second electronic signature equipment 30, the first electronics
The retransmission of information of signature device 20 includes that the second unit data bag not received by the second electronic signature equipment 30 carries out XOR fortune
The 3rd unit data bag obtained after calculation, i.e. retransmits the 3rd unit data bag of package identification instruction in request.
For the former, for example, for the transaction of a numbered 1*******, the transaction request that communication module 301 sends
In dealing money be 10 yuan, the first electronic signature equipment 20 sends 5 to the second electronic signature equipment 30 and represents 2 respectively
3rd unit data bag of unit's currency denomination, but due to loss of data in transmitting procedure, the second electronic signature equipment 30 only obtains 4
Individual the second unit data bag representing 2 yuan of currency denominations respectively, currency denomination summation is 8 yuan, unequal with dealing money 10 yuan.
For this transaction, communication module 301 sends, to the first electronic signature equipment 20, the request of repeating transmission, at least carries in this repeating transmission request
The repeating transmission having the device identification of the second electronic signature equipment 30, the first electronic signature equipment 20 to receive communication module 301 transmission is asked
After asking, whole 3rd unit data bags of its correspondence can be inquired for this transaction of this second electronic signature equipment 30, will
5 the 3rd unit data bags carry and send in retransmission of information to the second electronic signature equipment 30, will 5 represent 2 yuan respectively
Second unit data bag of currency denomination carries with the form of ciphertext and sends to the second electronic signature equipment 30 in retransmission of information.Second
The acquisition module 302 of electronic signature equipment 30 receives this retransmission of information, will carry in retransmission of information 5 of security module 303
Three unit data bags carry out XOR, obtain 5 the second unit data bags of correspondence, and by store before 4 generations respectively
Second unit data bag of 2 yuan of currency denominations of table is deleted, 5 the second unit datas that storage obtains after carrying out XOR again
Bag.Thus, the second electronic signature equipment 30 has and is not receiving the whole second unit data Bao Shixiang needed for electronic transaction
One electronic signature equipment 20 sends the function of the request of repeating transmission, and the first electronic signature equipment 20 has response the second electronic signature equipment
30 functions retransmitted, thus ensure that the second electronic signature equipment 30 can receive whole second units needed for electronic transaction
Packet, it is ensured that transaction can smoothly complete.
For the latter, for example, for the transaction of a numbered 1*******, the transaction request that communication module 301 sends
In dealing money be 5 yuan, the first electronic signature equipment 20 sends 2 to the second electronic signature equipment 20 and represents 2 yuan respectively
The 3rd unit data bag (being called for short 2 metadata bags) of currency denomination, and 1 the 3rd unit data representing 1 yuan of currency denomination
Bag (being called for short 1 metadata bag), but due to loss of data in transmitting procedure, security module 303, only obtain 22 metadata bags,
Currency denomination summation is 4 yuan, unequal with dealing money 5 yuan.For this transaction, communication module 301 is to the first electronics label
Name equipment 20 sends the request of repeating transmission, at least carries the device identification and not of the second electronic signature equipment 30 in this repeating transmission request
The package identification (package identification of i.e. 1 metadata bag) of the packet received or the data of paid-in 2 metadata bags
Bag mark, after the first electronic signature equipment 20 receives the repeating transmission request that communication module 301 sends, sets for this second electronic signature
This transaction of standby 30 can inquire the 3rd unit data bag of correspondence according to the package identification of 1 metadata bag, or according to
The package identification of 42 metadata bags determines and does not sends the 3rd units that the package identification of successful 1 metadata bag is corresponding
According to bag, the 3rd corresponding for 1 metadata bag mark unit data bag is carried and sends to the second electronic signature equipment 30 in retransmission of information,
Will carry to send to the second electronic signature in retransmission of information with the form of ciphertext and set by second unit data bag corresponding to package identification
Standby 30.The acquisition module 302 of the second electronic signature equipment 30 receives this retransmission of information, and security module 303 is by retransmission of information
3rd unit data bag corresponding to the 1 metadata bag mark carried carries out XOR, obtain that 1 metadata bag mark is corresponding the
Two unit data bags, and store the second unit data bag that this 1 metadata bag mark is corresponding.Thus, the second electronic signature equipment
30 have do not receiving needed for electronic transaction whole second unit data Bao Shixiang the first electronic signature equipment 20 send retransmit
The function of request, and the second unit that the second electronic signature equipment 30 receiving the first electronic signature equipment 20 repeating transmission does not receives
Packet, decreases the transmission quantity of retransmission data, it is ensured that needed for the second electronic signature equipment 30 can receive electronic transaction
Whole second unit data bags.
Below it is all to illustrate as a example by the embodiment of a transaction, in the present embodiment, every in many transactions
Transaction can realize in the manner described above.
In the present embodiment, the memory space of security module 303 is limited after all, accordingly, it would be desirable to monitor security module at any time
The remaining space of 303, in order to instant-free memory space, it is to avoid do not have redundant space to cause Fail Transaction in process of exchange
Problem.In a kind of optional embodiment of the present embodiment, it is also possible to real by the counter in the second electronic signature equipment 30
Time monitoring security module 303 residual memory space.Specifically, after each transaction terminates, security module 303, also use
In after storing at least one second unit data bag above-mentioned, the count value of counter is utilized to obtain the second currently stored unit
Total number of packet.Specifically, all the second unit data bag can be received plus this transaction at each transaction Counter
Number, after many transactions, the count value of counter can be accumulated to a numerical value, when this numerical value reaches default value,
Illustrating that the memory space of security module 303 is assigned, do not have unnecessary memory space, now, security module 303 needs
Server update packet to be made requests on or apply for the operation (as mentioned above) of new memory space.In the present embodiment, often
The size of individual memory space is identical, and the size of each second unit data bag is identical, and mates with the size of memory space, such as,
Security module 303 can deposit to the memory space that size is 2M, this 2M of the memory space of a second unit data bag distribution
Store up a second unit data bag, and in a security module 303, the space of reserved storage the second unit data bag be 1G, then,
Security module 303 at most can store 512 the second unit data bags, i.e. default value can be set to 512.Thus, it is possible to
Monitor the remaining space of security module 303 in real time, and discharge unnecessary memory space in time, it is to avoid do not have in process of exchange
The problem that redundant space causes Fail Transaction.Certainly, security module 303 can also utilize the count value of counter wherein to be deposited
Total number of the second unit data bag of every kind of currency denomination of storage.Thus, security module 303 can be according to every kind the of storage
Currency denomination representated by two unit data bags and number obtain the sums of money of the second currently stored unit data bag.
In the present embodiment, as in figure 2 it is shown, the second electronic signature equipment 30 is additionally provided with interactive module 304, at the present embodiment one
Plant in optional embodiment, security module 303, it is additionally operable to after storing at least one second unit data bag above-mentioned, will
The current account amount of money obtains current account balance plus dealing money;Interactive module 304, for showing trade gold to holding user
Volume and/or current account balance.Thus, the user holding the second electronic signature equipment 30 can inquire about friendship on the equipment of oneself
The easily amount of money and current account balance.
Using a kind of transaction system that the present embodiment provides, the fund of paying party user is with the shape of at least one the second unit data bag
Formula is stored in first electronic signature equipment of paying party user.Beneficiary user (the second electronic signature equipment side) is collecting
During two unit data bags, because fund is no longer to be stored in the second electronic signature equipment 30 with the form of numerical value, so the second electricity
Sub-signature device 30 need not the numerical value by server change storage, and the second electronic signature equipment of beneficiary only need to be from paying party
First electronic signature equipment of user collects a number of second unit data bag, thus, electronic signature equipment with
When other electronic signature equipment carry out electronic transaction, it is no longer necessary to relying on server to carry out networking and pay, server need not the most right
The electronic signature equipment of beneficiary user or paying party user is supervised, thus realizes off line electronic transaction veritably.Additionally,
Second electronic signature equipment can receive the 3rd unit data bag of ciphertext form from the first electronic signature equipment, further increases
The security of electronic transaction;Additionally, add setting of package identification and the second electronic signature equipment in the second unit data bag
Standby mark, can effectively prevent the second electronic signature equipment to be played out attacking, the first electronic signature equipment can be facilitated true simultaneously
Determine retransmission of information.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or
The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and
The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root
According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute
Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement
In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system
Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art
In any one or their combination realize: have and patrol for the discrete of logic gates that data-signal is realized logic function
Collect circuit, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate
Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries
Instructing relevant hardware by program to complete, described program can be stored in a kind of computer-readable recording medium, this journey
Sequence upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each
Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible
The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If described integrated module is with software merit
Can the form of module realize and as independent production marketing or when using, it is also possible to be stored in the storage of embodied on computer readable and be situated between
In matter.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ",
Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises
In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to
It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or
Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary,
Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective
Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power
Profit requires and equivalent limits.
Claims (10)
1. the method for commerce of an electronic signature equipment, it is characterised in that including:
Transaction request is sent to the first electronic signature equipment by the second electronic signature equipment, and wherein, described transaction request at least includes:
Dealing money;
Described second electronic signature equipment receives at least one the 3rd unit data bag that described first electronic signature equipment sends, profit
The data ciphertext docked respectively by the XOR factor in each 3rd unit data bag received carries out XOR, obtains at least one
Second unit data bag, wherein, the second unit data in each second unit data bag at least includes: currency denomination data and
Currency sequence number, wherein, unique mark of the second unit data bag described in described currency serial number;Described each second unit data
Bao represents a kind of currency denomination in multiple currency denomination, at least one currency denomination representated by the second unit data bag described
Summation is equal to described dealing money;
At least one second unit data bag described is stored in safety chip by described second electronic signature equipment.
Method of commerce the most according to claim 1, it is characterised in that described second electronic signature equipment by described at least
After one the second unit data bag is stored in safety chip, described method also includes:
Described second electronic signature equipment utilizes the count value of counter to obtain total number of the second currently stored unit data bag.
Method of commerce the most according to claim 1 and 2, it is characterised in that
Described each second unit data bag at least includes: described second unit data is signed by the second unit data, server
The 3rd signed data arrived;
Before at least one second unit data bag described is stored in safety chip by described second electronic signature equipment, described
Method also includes:
Described 3rd signed data is verified by described second electronic signature equipment, performs described second electronics after being verified
The step that at least one second unit data bag described is stored in safety chip by signature device.
Method of commerce the most according to claim 1 and 2, it is characterised in that
Described transaction request also includes: the device identification of described second electronic signature equipment;
Described each second unit data bag the most also includes: the second unit data, described first electronic signature equipment are to described
The 4th signed data that the device identification signature of two unit datas and described second electronic signature obtains;
Before at least one second unit data bag described is stored in safety chip by described second electronic signature equipment, described
Method also includes:
Described 4th signed data is verified by described second electronic signature equipment, performs described second electronics after being verified
The step that at least one second unit data bag described is stored in safety chip by signature device.
5. according to the method for commerce described in any one of Claims 1-4, it is characterised in that
Described second unit data bag also includes: package identification.
6. an electronic signature equipment, it is characterised in that described electronic signature equipment includes:
Communication module, for sending transaction request to opposite end electronic signature equipment, wherein, described transaction request at least includes:
Dealing money;
Acquisition module, for receiving at least one the 3rd unit data bag that opposite end electronic signature equipment sends;
Security module, the data ciphertext in each 3rd unit data bag utilizing the XOR factor to dock respectively to receive carries out different
Or computing, obtain at least one second unit data bag, wherein, the second unit data in each second unit data bag is at least
Including: currency denomination data and currency sequence number, wherein, unique mark of the second unit data bag described in described currency serial number;
Described each second unit data bag represents a kind of currency denomination in multiple currency denomination, at least one second unit data described
The summation of the currency denomination representated by bag is equal to described dealing money;
Described security module, is additionally operable to storage at least one second unit data bag described.
Electronic signature equipment the most according to claim 6, it is characterised in that
Described security module, is additionally operable to, after storage at least one second unit data bag described, utilize the count value of counter
Obtain total number of the second currently stored unit data bag.
8. according to the electronic signature equipment described in claim 6 or 7, it is characterised in that
Described each second unit data bag at least includes: described second unit data is signed by the second unit data, server
The 3rd signed data arrived;
Described security module, is additionally operable to before storage at least one second unit data bag described, to described 3rd signed data
Verify, after being verified, perform the operation of storage at least one the second unit data bag described.
9. according to the electronic signature equipment described in claim 6 or 7, it is characterised in that
Described transaction request also includes: the device identification of described second electronic signature equipment;
Described each second unit data bag at least includes: the second unit data, described opposite end electronic signature equipment are to described second
The 4th signed data that the device identification signature of unit data and described electronic signature obtains;
Described security module, is additionally operable to before storage at least one second unit data bag described, to described 4th signed data
Verify, after being verified, perform the operation of storage at least one the second unit data bag described.
10. a transaction system, it is characterised in that including: the first electronic signature equipment and the second electronic signature equipment, wherein:
Described first electronic signature equipment, for receiving the transaction request that described second electronic signature equipment sends, and to described the
Two electronic signature equipment send at least one the 3rd unit data bag described;
Described second electronic signature equipment uses the electronic signature equipment as described in any one of claim 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610179091.9A CN105913259A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610179091.9A CN105913259A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105913259A true CN105913259A (en) | 2016-08-31 |
Family
ID=56745351
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610179091.9A Pending CN105913259A (en) | 2016-03-25 | 2016-03-25 | Trade method and trade system of electronic signature device, and electronic signature device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105913259A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110832520A (en) * | 2018-06-07 | 2020-02-21 | 北京光合信诚科技有限公司 | Transaction method, hardware wallet and transaction equipment |
| CN110945553A (en) * | 2018-06-07 | 2020-03-31 | 北京光合信诚科技有限公司 | Transaction method, hardware wallet and transaction equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1230269A (en) * | 1996-09-13 | 1999-09-29 | 冲电气工业株式会社 | Electronic transaction system |
| CN1259215A (en) * | 1997-04-01 | 2000-07-05 | 卡迪斯企业国际公司 | Countable electronic monetary system and method |
| CN102468960A (en) * | 2010-11-16 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Off-line mode identity and transaction authentication method and terminal |
-
2016
- 2016-03-25 CN CN201610179091.9A patent/CN105913259A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1230269A (en) * | 1996-09-13 | 1999-09-29 | 冲电气工业株式会社 | Electronic transaction system |
| CN1259215A (en) * | 1997-04-01 | 2000-07-05 | 卡迪斯企业国际公司 | Countable electronic monetary system and method |
| CN102468960A (en) * | 2010-11-16 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Off-line mode identity and transaction authentication method and terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110832520A (en) * | 2018-06-07 | 2020-02-21 | 北京光合信诚科技有限公司 | Transaction method, hardware wallet and transaction equipment |
| CN110945553A (en) * | 2018-06-07 | 2020-03-31 | 北京光合信诚科技有限公司 | Transaction method, hardware wallet and transaction equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106651331B (en) | A kind of electronic trade method and system based on digital cash | |
| CN103975352B (en) | The stored value card that can be supplemented with money safely | |
| AU2010295188B2 (en) | Asset storage and transfer system for electronic purses | |
| CN105913255A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
| US20180068280A1 (en) | Verifying electronic transactions | |
| WO2001093139A1 (en) | Electronic value system | |
| CN108229938A (en) | The method and system that a kind of digital cash wallet is opened | |
| AU2011235531B2 (en) | Message storage and transfer system | |
| CN105989466A (en) | Method of payment with mobile phone | |
| CN111724156A (en) | Payment system based on block chain | |
| CN106330888B (en) | The method and device of payment safety in a kind of guarantee the Internet line | |
| CN108305071A (en) | A kind of method and apparatus of enquiring digital currency managing detailed catalogue | |
| TW201317911A (en) | Cloud credit card transaction system and transaction method thereof | |
| CN111062717A (en) | Data transfer processing method and device and computer readable storage medium | |
| CN109961288A (en) | Method of commerce and device based on Proxy Signature | |
| CN105913259A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
| CN106228349A (en) | The method of commerce of a kind of electronic signature equipment and electronic signature equipment | |
| CN106203976A (en) | Payment system based on same fund server and method of payment, device and server | |
| CN106204007A (en) | Payment system based on same fund server and method of payment, device and server | |
| CN105913253A (en) | Trade method and trade system of electronic signature device, and electronic signature device | |
| WO2022154789A1 (en) | Token-based off-chain interaction authorization | |
| CN105913258A (en) | Trade method and trade system of electronic signature device | |
| CN105938597A (en) | Transaction method and transaction system for electronic signature realization device, and electronic signature realization device | |
| CN105976179A (en) | Transaction method and transaction system of electronic signature equipment and electronic signature equipment | |
| CN105913254A (en) | Trade method and trade system of electronic signature device, and electronic signature device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160831 |