CN106056419A - Method, system and device for realizing independent transaction by using electronic signature equipment - Google Patents

Method, system and device for realizing independent transaction by using electronic signature equipment Download PDF

Info

Publication number
CN106056419A
CN106056419A CN201510828084.2A CN201510828084A CN106056419A CN 106056419 A CN106056419 A CN 106056419A CN 201510828084 A CN201510828084 A CN 201510828084A CN 106056419 A CN106056419 A CN 106056419A
Authority
CN
China
Prior art keywords
transaction
electronic signature
information
signature device
background server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510828084.2A
Other languages
Chinese (zh)
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201510828084.2A priority Critical patent/CN106056419A/en
Publication of CN106056419A publication Critical patent/CN106056419A/en
Pending legal-status Critical Current

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a method, a system and a device for realizing an independent transaction by using electronic signature equipment. The method comprises the steps that first electronic signature equipment sends a transaction request to second electronic signature equipment; the second electronic signature equipment reminds a user holding the second electronic signature equipment of a transaction message; the second electronic signature equipment receives confirmation message for the transaction message, carries out first processing on the transaction message so as to generate a first to-be-verified message, and sends the transaction message and the first to-be-verified message to the first electronic signature equipment; the first electronic signature equipment reminds a user holding the first electronic signature equipment of the transaction information, generates a first transaction data packet according to a predetermined format after receiving the confirmation information for the transaction information and stores the first transaction data packet; and the first electronic signature equipment is networked with a first background server, the first electronic signature equipment sends the first transaction data packet to a first background server, and a procedure that the first background server and a second background server complete transaction operations is executed.

Description

Method, system and equipment for realizing independent transaction by using electronic signature equipment
Technical Field
The invention relates to the technical field of electronics, in particular to a method and a system for realizing independent transaction by using electronic signature equipment.
Background
At present, electronic signature equipment generally needs to be connected with a background server through a terminal to conduct transaction, for example, when the electronic signature equipment is a USBKEY and the transaction is executed, a user needs to transfer transaction information confirmed in the USBKEY through a networked terminal, and when the USBKEY is not networked, offline transfer cannot be achieved anytime and anywhere.
With the development of electronic technology, there are various ways of performing off-line transactions by using electronic cash, such as payment or transfer through the circulation of electronic cash, for example, an electronic wallet or a payment card (e.g., a public transportation IC card, a store value card in a store), etc. In these payment methods, the user's funds are stored in the form of numbers in the account of the electronic wallet or payment card, that is, the numbers themselves represent cash. When a user conducts a transaction using electronic cash, the user may consume the electronic cash directly in the account. However, since the numbers stored in the account are easily copied and tampered, electronic cash representing the funds may be maliciously changed, such as the amount of money in the account is increased, resulting in the problems of cash overdue due to the fact that the funds are unnaturalness and lack of credit. In addition, the existing off-line electronic cash transaction is not linked with the internet account system of the bank, is not supervised by the bank system, and has lower safety.
Therefore, a method for performing offline transactions anytime and anywhere and ensuring the safety of account funds is needed.
Disclosure of Invention
The present invention is directed to solving one of the problems set forth above.
The invention mainly aims to provide a method for realizing independent transaction by using electronic signature equipment;
another object of the present invention is to provide a system for realizing independent transaction by using an electronic signature device;
another object of the present invention is also to provide an electronic signature apparatus;
another object of the present invention is to provide another electronic signature apparatus.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a method for implementing independent transaction by using an electronic signature device, including: the first electronic signature device sends a transaction request to the second electronic signature device; the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment; the first electronic signature device prompts transaction information to a user holding the first electronic signature device, and after confirmation information of the transaction information is received, a first transaction data packet is generated according to a preset format and stored, wherein the first transaction data packet at least comprises first information to be verified and the transaction information; the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
In addition, if the first background server and the second background server are the same server, executing a process that the first background server and the second background server complete transaction operation, including: the first background server carries out first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing is passed; if the first background server and the second background server are different servers, executing a process that the first background server and the second background server complete transaction operation, wherein the process comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server performs first verification processing on the first information to be verified, and after the first verification processing is passed, the first background server and the second background server execute corresponding transaction operation according to the transaction information; wherein the first processing includes: signature calculation, wherein the first verification process comprises signature verification; alternatively, the first processing includes: performing encryption calculation, wherein the first verification processing comprises decryption verification or encryption verification; alternatively, the first processing includes: checking and calculating, wherein the first verification processing comprises checking and verifying; alternatively, the first processing includes: the first authentication process includes encryption authentication and verification authentication, or the first authentication process includes decryption authentication and verification authentication.
In addition, after receiving the confirmation information of the transaction information, before generating and storing the first transaction data packet according to the predetermined format, the first electronic signature device further includes: the first electronic signature device carries out second processing on the transaction information to generate second information to be verified; the first transaction data packet further comprises: second information to be verified; if the first background server and the second background server are the same server, executing a process that the first background server and the second background server complete transaction operation, wherein the process comprises the following steps: the first background server carries out second verification processing on the second information to be verified, carries out first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing and the second verification processing are both passed; if the first background server and the second background server are different servers, executing a process that the first background server and the second background server complete transaction operation, wherein the process comprises the following steps: the first background server carries out second verification processing on the second information to be verified and sends the first information to be verified and the transaction information to the second background server, the second background server carries out first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the first background server and the second background server execute corresponding transaction operation according to the transaction information; wherein the second processing includes: signature calculation, the second verification process comprising signature verification; alternatively, the second processing includes: performing encryption calculation, wherein the second verification processing comprises decryption verification or encryption verification; alternatively, the second processing includes: checking and calculating, wherein the second verification processing comprises checking and verifying; alternatively, the second processing includes: the encryption calculation and the verification calculation, the second verification processing comprises encryption verification and verification, or the second verification processing comprises decryption verification and verification.
In addition, before the second electronic signature device receives the transaction request, acquires the transaction information, and prompts the transaction information to the user holding the second electronic signature device, the method further comprises the following steps: the second electronic signature equipment carries out security analysis on the transaction information according to the set risk items, and if the security analysis result has a security risk, a user holding the second electronic signature equipment is prompted to present the risk in the current transaction; before the first electronic signature device prompts the user holding the first electronic signature device for transaction information, the method further comprises: and the first electronic signature equipment carries out security analysis on the transaction information according to the set risk items, and if the security analysis result has a security risk, the user with the first electronic signature equipment is prompted to have a risk in the current transaction.
Further, the first transaction data packet includes: one or more of; the second transaction data packet includes: one or more than one.
The invention also provides a method for realizing independent transaction by using the electronic signature device, which comprises the following steps: the first electronic signature device sends a transaction request to the second electronic signature device; the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified; the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified and transaction information; and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
The invention also provides a method for realizing independent transaction by using the electronic signature device, which comprises the following steps: the first electronic signature device sends a transaction request to the second electronic signature device; the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment; the first electronic signature device prompts transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, and the second information to be verified is sent to the second electronic signature device; the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified, second information to be verified and transaction information; and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
The invention also provides a system for realizing independent transaction by using the electronic signature device, which comprises: the first electronic signature device is used for sending a transaction request to the second electronic signature device; the second electronic signature device is used for receiving the transaction request, acquiring transaction information and prompting the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after the confirmation information of the transaction information is received, the first electronic signature device is also used for carrying out first processing on the transaction information to generate first information to be verified and sending the transaction information and the first information to be verified to the first electronic signature device; the first electronic signature device is also used for prompting transaction information to a user holding the first electronic signature device, generating and storing a first transaction data packet according to a preset format after receiving confirmation information of the transaction information, wherein the first transaction data packet at least comprises first information to be verified and transaction information; the first transaction data packet is sent to the first background server; the first background server is used for completing transaction operation; and the second background server is used for finishing the transaction operation.
In addition, if the first background server and the second background server are the same server, the first background server is specifically configured to perform first verification processing on the first information to be verified, and execute corresponding transaction operation according to the transaction information after the first verification processing is passed; if the first background server and the second background server are different servers, the first background server is specifically used for sending the first transaction data packet to the second background server and executing corresponding transaction operation according to the transaction information after the first verification processing is passed; the second background server is specifically used for performing first verification processing on the first information to be verified; wherein the first processing comprises: signature calculation, wherein the first verification process comprises signature verification; alternatively, the first processing includes: performing encryption calculation, wherein the first verification processing comprises decryption verification or encryption verification; alternatively, the first processing includes: checking and calculating, wherein the first verification processing comprises checking and verifying; alternatively, the first processing includes: the first authentication process includes encryption authentication and verification authentication, or the first authentication process includes decryption authentication and verification authentication.
In addition, the first electronic signature device is further configured to perform second processing on the transaction information to generate second information to be verified after the first electronic signature device receives the confirmation information of the transaction information and before generating and storing the first transaction data packet according to the predetermined format; the first transaction data packet further comprises: second information to be verified; if the first background server and the second background server are the same server, the first background server is specifically used for performing second verification processing on the second information to be verified and also used for performing first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the first background server is also used for executing corresponding transaction operation according to the transaction information; if the first background server and the second background server are different servers, the first background server is specifically used for performing second verification processing on second information to be verified and sending the first information to be verified and the transaction information to the second background server, and after the first verification processing and the second verification processing are both passed, the first background server is also used for executing corresponding transaction operation according to the transaction information; the second background server is also used for carrying out first verification processing on the first information to be verified; wherein the second processing includes: signature calculation, the second verification process comprising signature verification; alternatively, the second processing includes: performing encryption calculation, wherein the second verification processing comprises decryption verification or encryption verification; alternatively, the second processing includes: checking and calculating, wherein the second verification processing comprises checking and verifying; alternatively, the second processing includes: the encryption calculation and the verification calculation, the second verification processing comprises encryption verification and verification, or the second verification processing comprises decryption verification and verification.
The invention also provides a system for realizing independent transaction by using the electronic signature device, which comprises: the first electronic signature device is used for sending a transaction request to the second electronic signature device; the second electronic signature device is used for receiving the transaction request, acquiring transaction information and prompting the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after the confirmation information of the transaction information is received, the transaction information is also used for carrying out first processing on the transaction information to generate first information to be verified, a second transaction data packet is generated according to a preset format and is stored, and the second transaction data packet at least comprises the first information to be verified and the transaction information; the first transaction data packet is sent to the first background server; the second background server is used for completing transaction operation; and the first background server is used for finishing the transaction operation.
The invention also provides a system for realizing independent transaction by using the electronic signature device, which comprises: the first electronic signature device is used for sending a transaction request to the second electronic signature device; the second electronic signature device is used for receiving the transaction request, acquiring transaction information and prompting the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device; after the confirmation information of the transaction information is received, the first electronic signature device is also used for carrying out first processing on the transaction information to generate first information to be verified and sending the transaction information and the first information to be verified to the first electronic signature device; the first electronic signature device is also used for prompting the transaction information to a user holding the first electronic signature device, carrying out second processing on the transaction information after receiving the confirmation information of the transaction information to generate second information to be verified, and sending the second information to be verified to the second electronic signature device; the second electronic signature device is also used for generating and storing a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified, second information to be verified and transaction information; the first transaction data packet is sent to the first background server; the second background server is used for completing transaction operation; and the first background server is used for finishing the transaction operation.
The present invention also provides an electronic signature apparatus including: the sending module is used for sending a transaction request to the second electronic signature device; the receiving module is used for receiving the transaction information and the first information to be verified sent by the second electronic signature device, and the transaction information at least comprises: the transaction amount, the account information related to the electronic signature device and the account information related to the second electronic signature device are obtained, and the first information to be verified is generated by the second electronic signature device performing first processing on the transaction information; the prompting module is used for prompting transaction information to a user with electronic signature equipment; the data packet generating module is used for generating and storing a first transaction data packet according to a preset format after receiving the confirmation information of the transaction information, wherein the first transaction data packet at least comprises first information to be verified and transaction information; and the communication module is used for networking with the first background server and sending the first transaction data packet to the first background server.
In addition, the method further comprises the following steps: the to-be-verified information generating module is used for performing second processing on the transaction information to generate second to-be-verified information after the data packet generating module receives the confirmation information of the transaction information and before generating and storing a first transaction data packet according to a preset format, wherein the first transaction data packet further comprises: second information to be verified;
and the sending module is also used for sending the second information to be verified to the second electronic signature device.
The present invention also provides an electronic signature apparatus including: the receiving module is used for receiving a transaction request sent by the first electronic signature device; the acquisition module is used for acquiring transaction information; the prompting module is used for prompting transaction information to a user with electronic signature equipment, and the transaction information at least comprises the following components: the transaction amount, account information related to the first electronic signature device and account information related to the electronic signature device; the to-be-verified information generation module is used for performing first processing on the transaction information to generate first to-be-verified information after receiving the confirmation information of the transaction information; and the sending module is used for sending the transaction information and the first information to be verified to the first electronic signature device.
In addition, the method further comprises the following steps: and the data packet generating module is used for generating and storing a second transaction data packet according to a preset format after receiving second information to be verified sent by the first electronic signature device, wherein the second transaction data packet at least comprises the first information to be verified, the second information to be verified and the transaction information.
In addition, the method further comprises the following steps: and the data packet generating module is used for generating and storing a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified and transaction information.
In addition, the method further comprises the following steps: and the communication module is used for networking with the second background server and sending the second transaction data packet to the second background server.
According to the technical scheme provided by the invention, the invention provides the method and the system for realizing the independent transaction by using the electronic signature equipment and the electronic signature equipment. Through the technical scheme provided by the invention, a user can realize online transaction anytime and anywhere when the electronic signature equipment is not networked; before the electronic signature device is networked, the background server does not clear the amount of the account, so that the actual account fund of the user cannot be influenced even if the amount of the account stored in the electronic signature device is tampered, and when the background server clears the account amount of the user after the electronic signature device is on line, the background server verifies the identity of the user and then completes transaction clearing, so that the transaction safety is ensured; in addition, the electronic signature device prompts transaction information to the user and confirms the transaction information by the user; the transaction information is confirmed, and the security of the transaction is further ensured. Therefore, the transaction system provided by the embodiment improves the convenience of off-line transaction and ensures the security of the transaction.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a system for implementing independent transactions by using an electronic signature device according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of a first electronic signature device according to embodiment 4 of the present invention;
fig. 3 is a schematic structural diagram of another first electronic signature device according to embodiment 4 of the present invention;
fig. 4 is a schematic structural diagram of a second electronic signature device provided in embodiment 5 of the present invention;
fig. 5 is a schematic structural diagram of another second electronic signature device provided in embodiment 5 of the present invention;
fig. 6 is a flowchart of a method for implementing independent transaction by using an electronic signature device according to embodiment 6 of the present invention;
fig. 7 is a flowchart of another method for implementing independent transactions by using an electronic signature device according to embodiment 7 of the present invention;
fig. 8 is a flowchart of another method for implementing independent transactions by using an electronic signature device according to embodiment 8 of the present invention;
fig. 9 is a flowchart of another method for implementing independent transactions by using an electronic signature device according to embodiment 9 of the present invention;
fig. 10 is a flowchart of another method for implementing a standalone transaction using an electronic signature device according to embodiment 10 of the present invention;
fig. 11 is a flowchart of another method for implementing independent transactions by using an electronic signature device according to embodiment 11 of the present invention;
fig. 12 is a flowchart of another method for implementing a standalone transaction using an electronic signature device according to embodiment 12 of the present invention;
fig. 13 is a flowchart of another method for implementing independent transactions by using an electronic signature device according to embodiment 13 of the present invention;
fig. 14 is a flowchart of another method for implementing a standalone transaction using an electronic signature device according to embodiment 14 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
Fig. 1 is a schematic structural diagram of a system for implementing independent transactions by using an electronic signature device according to this embodiment, and as shown in fig. 1, the system 100 for implementing independent transactions by using an electronic signature device according to this embodiment includes: the system comprises a first electronic signature device 10, a second electronic signature device 20, a first background server 30 and a second background server 40.
In the present embodiment, the first electronic signature device 10 transmits a transaction request to the second electronic signature device 20; the second electronic signature device 20 is configured to receive a transaction request, acquire transaction information, and prompt a user holding the second electronic signature device 20 with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20; after receiving the confirmation information of the transaction information, performing first processing on the transaction information to generate first information to be verified, and sending the transaction information and the first information to be verified to the first electronic signature device 10; the first electronic signature device 10 is further configured to prompt a user holding the first electronic signature device 10 with transaction information, and after receiving confirmation information of the transaction information, generate and store a first transaction data packet according to a predetermined format, where the first transaction data packet at least includes first information to be verified and the transaction information; the first electronic signature device 10 is further configured to be networked with the first backend server 30, and send the first transaction data packet to the first backend server 30; the first background server 30 is used for completing the transaction operation, and the second background server 40 is used for completing the transaction operation.
Through the transaction system provided by the embodiment, a user can realize offline transaction anytime and anywhere when the electronic signature equipment is not networked; before the electronic signature device is networked, the background server does not clear the account amount, so that even if the account amount stored in the electronic signature device is tampered, the actual account fund of the user cannot be influenced; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
As an optional implementation manner of this embodiment, the first electronic signature device 10 is a payee, and the second electronic signature device 20 is a payer; alternatively, the second electronic signature device 20 is a payee and the first electronic signature device 10 is a payer. Specifically, the first electronic signature device 10 may set a mode, that is, the first electronic signature device 10 may be set as a payee or a payer. The second electronic signature device 20 may also be set to a mode, that is, the second electronic signature device 20 may be set as a payer or a payee. Of course, the first electronic signature device 10 and the second electronic signature device 20 need to be set as a payee and the other as a payer for the transaction. In the following description, only the first electronic signature device 10 is a payee and the second electronic signature device 20 is a payer, for example.
In addition, in this embodiment, the first electronic signature device 10 and the second electronic signature device 20 may be devices with digital signature functions, such as a usb KEY (for example, a U shield of a working department, a K treasure of a farming department), an audio KEY, or a smart card with an electronic signature function, as long as the devices can perform the functions of the electronic signature devices in this embodiment.
In this embodiment, before the first electronic signature device 10 sends the transaction request to the second electronic signature device 20, the first electronic signature device 10 and the first backend server 30 may or may not be networked, and the second electronic signature device 20 and the second backend server 40 may or may not be networked. When the first electronic signature device 10 is not networked with the first background server 30 and the second electronic signature device 20 is not networked with the second background server 40, the first electronic signature device 10 and the second electronic signature device 20 realize offline transactions anytime and anywhere. The first electronic signature device 10 and the first background server 30 are not networked, which means that the first electronic signature device 10 and the first background server 30 to which the first electronic signature device 10 belongs do not establish a connection relationship; the fact that the second electronic signature device 20 is not networked with the second backend server 40 means that the second electronic signature device 20 does not establish a connection relationship with the second backend server 40 to which the second electronic signature device 20 belongs. Networking the first electronic signature device 10 with the first backend server 30 means that the first electronic signature device 10 establishes a connection relationship with the first backend server 30 to which the first electronic signature device 10 belongs. As an optional implementation manner of this embodiment, the first electronic signature device 10 may establish a connection with and communicate with the first backend server 30 through a terminal (e.g., a computer or a mobile phone), or may directly establish a connection with and communicate with the first backend server 30 in a wireless manner (e.g., bluetooth, infrared, wireless connection, or NFC near field communication).
As an optional implementation manner of this embodiment, the first electronic signature device 10 may send the transaction request and/or other data to the second electronic signature device 20 in a wireless manner such as bluetooth, infrared, wireless connection, or NFC near field communication, and the second electronic signature device 20 may also send the transaction information, the first information to be verified, and/or other data to the first electronic signature device 10 in a wireless manner such as bluetooth, infrared, wireless connection, or NFC near field communication. Therefore, communication between the electronic signature devices can be faster.
In this embodiment, the second electronic signature device 20 is further configured to obtain transaction information, where the transaction information may be sent to the second electronic signature device 20 by the first electronic signature device 10, or may be input by a user holding the second electronic signature device 20 or stored in the second electronic signature device 20, and a specific embodiment is not limited thereto. For example, the transaction amount in the transaction information may be obtained by one of the following ways: the transaction amount is obtained by inputting the first electronic signature device 10 or the second electronic signature device 20 by the user, or by scanning a two-dimensional code or a barcode related to the transaction amount, or by inputting through a terminal connected to the first electronic signature device 10 or the second electronic signature device 20, and the terminal sends the input transaction amount to the first electronic signature device 10 or the second electronic signature device 20 to obtain the transaction amount (the first electronic signature device 10 or the second electronic signature device 20 and the terminal may be connected in a wired or wireless manner), and the specific embodiment is not limited as long as the second electronic signature device 20 obtains the transaction information.
As an optional implementation manner of this embodiment, before the first electronic signature device 10 sends the transaction request to the second electronic signature device 20, the second electronic signature device 20 is also used for performing security authentication on the first electronic signature device 10. The second electronic signature device 20 performs security authentication on the first electronic signature device 10, so that the validity of the identity of the first electronic signature device 10 as a payee can be ensured, and an illegal person is prevented from pretending to be the payee to perform transaction and causing loss to a user.
As an optional implementation manner of this embodiment, before the first electronic signature device 10 sends the transaction request to the second electronic signature device 20, the first electronic signature device 10 is further used for performing secure authentication on the second electronic signature device 20. The first electronic signature device 10 performs security authentication on the second electronic signature device 20, so that the validity of the identity of the second electronic signature device 20 as a payer can be ensured, and illegal persons can be prevented from pretending to be the payer to perform transactions, stealing information of a payee and the like.
As an optional implementation manner of this embodiment, before the first electronic signature device 10 sends the transaction request to the second electronic signature device 20, the second electronic signature device 20 and the first electronic signature device 10 perform security authentication on each other, which may be implemented by generating single authentication data and signing each, and completing the security authentication after the other verifies the signature, specifically please refer to the detailed description in step 200a in embodiment 4.
As an optional implementation manner of this embodiment, the first electronic signature device 10 and the second electronic signature device 20 may negotiate to generate a transmission key and/or a verification key during identity authentication. Wherein, the transmission key and the verification key that are negotiated and generated by the first electronic signature device 10 and the second electronic signature device 20 are both symmetric keys. As a preferred embodiment, the first electronic signature device 10 and the second electronic signature device 20 negotiate to generate a transmission key and a check key, after data to be transmitted between the first electronic signature device 10 and the second electronic signature device 20 is encrypted by using the transmission key to generate a ciphertext, the ciphertext is calculated by using the check key to generate a check value, and the ciphertext and the check value are transmitted. The transmission mode of generating the ciphertext by encrypting the transmission key and generating the check value by calculating the ciphertext by using the check key can ensure the security of data transmission between the first electronic signature device 10 and the second electronic signature device 20. Of course, the first electronic signature device 10 and the second electronic signature device 20 may only use the transmission key to encrypt and generate a ciphertext for transmission, or may only use the verification key to calculate plaintext data to be transmitted to generate a verification value, and transmit the verification value and the plaintext data to be transmitted.
As an optional implementation manner of this embodiment, in a case where the first electronic signature device 10 acquires the public key of the second electronic signature device 20, the first electronic signature device 10 may encrypt the transaction request by using the public key of the second electronic signature device 20 and send the encrypted transaction request to the second electronic signature device 20, and of course, the first electronic signature device 10 may also encrypt the transaction request by using the transmission key and send the encrypted transaction request to the second electronic signature device 20. In addition, optionally, the first electronic signature device 10 may calculate the transaction request by using the verification key to generate a verification value, and send the verification value and the transaction request to the second electronic signature device 20, or after the first electronic signature device 10 encrypts the transaction request by using the transmission key to generate an encrypted transaction request, calculate the encrypted transaction request by using the verification key to generate the verification value, and send the verification value and the encrypted transaction request to the electronic signature device 20. By encrypting the transaction request to generate a ciphertext and/or generating a check value for transmission, it is possible to prevent an illegal party from tampering with the transaction amount in the transaction request or the account information of the first electronic signature device 10, thereby ensuring the security of the transaction.
As an optional implementation manner of this embodiment, after the second electronic signature device 20 receives the encrypted transaction request, the encrypted transaction request is decrypted by using a private key of the second electronic signature device 20 to obtain a plaintext of information carried in the transaction request, or the encrypted transaction request is decrypted by using a transmission key to obtain a plaintext of information carried in the transaction request, or when the second electronic signature device 20 receives the verification value and the transaction request, the transaction request is calculated by using the verification key to generate the verification value, and whether the verification value received by the second electronic signature device 20 is the same as the calculated verification value is compared, if the verification value is the same as the calculated verification value, it is determined that the transaction request is not modified, or when the verification value and the encrypted transaction request are received by the second electronic signature device 20, the encrypted transaction request is calculated by using the verification key to generate the verification value, and comparing whether the check value received by the second electronic signature device 20 is the same as the calculated check value, if so, indicating that the transaction request is not modified, and preventing illegal molecules from tampering the transaction request by means of ciphertext and/or check value transmission, thereby improving the security of the transaction request in the transmission process.
In this embodiment, the second electronic signature device 20 is further configured to prompt the user holding the second electronic signature device 20 with transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20. For example, user A may transfer 100-dollar transaction information to user B as: "payer: a, a payee: b, transaction amount: 100 yuan. As an optional implementation manner of this embodiment, the transaction information may further include content such as a single identifier (e.g., an order number, a digital timestamp, and/or a random number), a payment time, and/or personal information of the payee, and the embodiment is not limited herein as long as the information used for the transaction is within the scope covered by the present invention. For example, the transaction information may also include a digital timestamp containing the time at which the transaction information was generated, e.g., the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, transaction time: 10/15/14: 20:08 "in 2015. For another example, the transaction information may further include a transaction order number, for example, the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, trade order number: 20151015142008". Therefore, the first background server 30 can verify the transaction information containing a single identifier, and avoid multiple identical transactions at the same time, thereby avoiding the situation that the transactions are maliciously copied.
As an optional implementation manner of this embodiment, both the second electronic signature device 20 and the first electronic signature device 10 may display the transaction information through a display screen to prompt the user, or may prompt the user through a sound to prompt the transaction information of the transaction, and the specific embodiment is not limited, as long as the purpose of prompting the transaction information of the user is all within the scope covered by the present invention. The transaction information is displayed to the user through the display screen, so that the real 'what you see is what you sign' is realized, and the transaction is effectively prevented from being tampered by Trojan horse viruses.
In this embodiment, the user holding the second electronic signature device 20 confirms the transaction information through the physical key on the second electronic signature device 20, so as to improve the security of the transaction. Of course, the user holding the second electronic signature device 20 may also confirm the transaction information in other ways, which is not limited in this embodiment. In addition, the user holding the first electronic signature device 10 may confirm the transaction information through a physical key on the first electronic signature device 20, or may confirm the transaction information through other manners, which is not limited in this embodiment. The transaction information is confirmed through the physical key, so that the attack of Trojan viruses can be effectively prevented, and the remote hijacking of electronic signature transactions is prevented.
In this embodiment, the second electronic signature device 20 performs the first processing on the transaction information to generate the first to-be-verified information, optionally, the second electronic signature device 20 may also perform the first processing on the confirmation information received by the second electronic signature device 20 to generate the first to-be-verified information, which is not limited in this embodiment, and is within the protection scope of the present invention as long as the background server can confirm that the second electronic signature device 20 has confirmed the transaction information through the first to-be-verified information, where the first processing includes signature calculation, encryption calculation, verification calculation, or encryption calculation and verification calculation, and specifically, the second electronic signature device 20 performs the first processing on the transaction information at least through one of the following four ways to generate the first to-be-verified information: the first method is as follows: the second electronic signature device 20 performs signature calculation on the transaction information by using a private key stored in the second electronic signature device to generate signature data as first information to be verified. The second method comprises the following steps: the second electronic signature device 20 performs encryption calculation on the transaction information by using the first transaction key stored in the second electronic signature device to generate first information to be verified. The third method comprises the following steps: the second electronic signature device 20 performs verification calculation on the transaction information by using the first transaction verification key stored in the second electronic signature device and generates a verification value as the first information to be verified. The method is as follows: the second electronic signature device 20 performs encryption calculation on the transaction information by using the first transaction key to generate an encrypted transaction request, and performs verification calculation on the encrypted transaction request by using the first transaction verification key to generate a verification value as the first information to be verified. It should be noted that the first transaction key and the first transaction verification key are both symmetric keys, and when the first transaction key and the first transaction verification key are generally issued to the user by the second backend server 40, the second backend server 40 is stored in the second electronic signing device 20, and other backend servers (for example, the first backend server 30) may not generally obtain the first transaction key and the first transaction verification key. The mode that the transaction information is signed by a private key of the electronic signature device or encrypted by the first transaction key or calculated by the first verification key to generate a transaction value can be convenient for the background server to determine that a user (a payer) holding the second electronic signature device has confirmed the transaction information through signature data, encrypted data or the verification value and verify that the transaction information is not illegally tampered, and the background server can execute corresponding transaction operation according to the transaction information.
In this embodiment, on the premise that the first backend server 30 is the payee and the second backend server 40 is the payer, the process of executing the transaction operation completed by the first backend server 30 and the second backend server 40 is as follows: and performing first verification processing on the first information to be verified, wherein the first verification processing comprises signature verification, decryption verification or encryption verification, verification or encryption verification and verification, after the first verification processing is passed, the second background server 40 executes a transaction operation of making money according to the transaction information, and the first background server 30 executes a transaction operation of receiving money according to the transaction information. By performing the first verification process on the first information to be verified, the background server can confirm that the user holding the second electronic signature device 20 has confirmed the transaction information or the transaction information has not been tampered with, and the background server can perform a corresponding transaction operation according to the transaction information.
As an optional implementation manner in this embodiment, when the second electronic signature device 20 generates the first information to be verified in the first manner, that is, when the first information to be verified is signature data generated by the second electronic signature device 20 performing signature calculation on the transaction information by using a private key stored in the second electronic signature device, the process of executing the first backend server 30 and the second backend server 40 to complete the transaction operation at least includes one of the following two manners:
the first method is as follows: the first background server 30 performs signature verification (signature verification) on the first information to be verified by using the public key of the second electronic signature device 20, and performs corresponding transaction operation according to the transaction information after the signature verification is passed.
In this first mode, as an optional application scenario, the first backend server 30 and the second backend server 40 are the same server, and the first backend server 30 has the public key of the second electronic signature device 20. As another optional application scenario, the first backend server 30 and the second backend server 40 are different servers, and the first backend server 30 may obtain the public key of the second electronic signature device 20. The specific implementation manner of the first background server 30 performing signature verification on the first information to be verified by using the public key of the second electronic signature device 20 is as follows: the first background server 30 decrypts the received signature data by using the public key of the second electronic signature device 20 to obtain the digest of the transaction information, performs HASH calculation on the received transaction information to obtain the digest of the transaction information, compares whether the digest of the transaction information obtained by decryption is the same as the digest of the transaction information obtained by HASH calculation, and if the digest of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
The second method comprises the following steps: the first background server 30 sends the first transaction data packet to the second background server 40, the second background server 40 performs signature verification (signature verification) on the first information to be verified (signature data of the second electronic signature device 20) by using the public key of the second electronic signature device 20, after the signature verification is passed, the second background server 40 executes a money-making transaction operation according to the transaction information, and the first background server 30 executes a money-receiving transaction operation according to the transaction information.
In the second mode, the first backend server 30 and the second backend server 40 are different servers, the first backend server 30 does not have the public key of the second electronic signature device 20, and only the second backend server 40 has the public key of the second electronic signature device 20. The specific implementation manner of the second background server 40 performing signature verification on the first information to be verified by using the public key of the second electronic signature device 20 is as follows: the second background server 40 decrypts the received signature data by using the public key of the second electronic signature device 20 to obtain the digest of the transaction information, performs HASH calculation on the received transaction information to obtain the digest of the transaction information, compares whether the digest of the transaction information obtained by decryption is the same as the digest of the transaction information obtained by HASH calculation, and if the digest of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
As another optional implementation manner in this embodiment, when the second electronic signature device 20 generates the first information to be verified in a second manner, that is, when the first information to be verified is generated by the second electronic signature device 20 by encrypting the transaction information with the first transaction key, the flow of performing the transaction operation completed by the first backend server 30 and the second backend server 40 at least includes one of the following two manners:
the first method is as follows: the first background server 30 performs decryption verification or encryption verification on the first information to be verified by using the first transaction key, and performs corresponding transaction operation according to the transaction information after the decryption verification or the encryption verification is passed.
In the first mode, as an optional application scenario, the first background server 30 and the second background server 40 are the same server, and the first background server 30 has the first transaction key of the second electronic signature device 20; as another optional application scenario, the first backend server 30 and the second backend server 40 are different servers, but the first backend server 30 may obtain the first transaction key of the second electronic signature device 20. In the two application scenarios, the first background server 30 performs decryption verification or encryption verification on the first to-be-verified information by using the first transaction key, where the implementation manner of the encryption verification is as follows: the first background server 30 performs encryption calculation on the received transaction information by using the first transaction key to generate encrypted transaction information, and compares whether the encrypted transaction information obtained by the encryption calculation is the same as the received first information to be verified, if so, the encryption verification is passed; the decryption verification method comprises the following steps: the first background server 30 decrypts the received first to-be-verified information by using the first transaction key to obtain the decrypted transaction information, and compares whether the decrypted transaction information is the same as the transaction information in the received first transaction data packet, if so, it indicates that the decryption verification is passed.
The second method comprises the following steps: the first background server 30 sends the first transaction data packet to the second background server 40, the second background server 40 performs decryption verification or encryption verification on the first information to be verified by using the first transaction key of the second electronic signature device 20, after the decryption verification or encryption verification is passed, the second background server 40 performs a money-making transaction operation according to the transaction information, and the first background server 30 performs a money-receiving transaction operation according to the transaction information.
In this second mode, the first backend server 30 and the second backend server 40 are different servers, the first backend server 30 does not have the first transaction key of the second electronic signature device 20, and the second backend server 40 has the first transaction key. The second background server 40 performs decryption verification or encryption verification on the first to-be-verified information by using the first transaction key, where the implementation manner of the encryption verification is as follows: the second background server 40 encrypts the received transaction information by using the first transaction key to generate encrypted transaction information, and compares whether the encrypted transaction information obtained by calculation is the same as the received first information to be verified, if so, the encryption verification is passed; the decryption verification method comprises the following steps: the second background server 40 decrypts the received first to-be-verified information by using the first transaction key to obtain the decrypted transaction information, and compares whether the decrypted transaction information is the same as the transaction information in the received first transaction data packet, if so, it indicates that the decryption verification is passed.
As an optional implementation manner in this embodiment, when the second electronic signature device 20 generates the first to-be-verified information in a third manner, that is, when the first to-be-verified information is a verification value generated by the second electronic signature device 20 performing verification calculation on the transaction information by using the first transaction verification key stored in the second electronic signature device, a process of performing the transaction operation by the first background server 30 and the second background server 40 at least includes one of the following two manners:
the first method is as follows: the first background server 30 performs verification and verification on the first to-be-verified information by using the first transaction verification key, and performs corresponding transaction operation according to the transaction information after the verification and verification are passed.
In the first mode, as an optional application scenario, the first background server 30 and the second background server 40 are the same server, and the first background server 30 has the first transaction verification key of the second electronic signature device 20; as another optional application scenario, the first backend server 30 and the second backend server 40 are different servers, but the first backend server 30 may obtain the first transaction verification key of the second electronic signature device 20. In these two application scenarios, the first background server 30 performs verification and verification on the first to-be-verified information by using the first transaction verification key, and the specific implementation manner is as follows: the first background server 30 calculates the received transaction information by using the first transaction verification key to generate a verification value, and compares whether the calculated verification value is the same as the received verification value, if so, this indicates that the verification is passed.
The second method comprises the following steps: the first background server 30 sends the first transaction data packet to the second background server 40, the second background server 40 performs verification and verification on the first to-be-verified information by using the first transaction verification key of the second electronic signature device 20, after the verification and verification are passed, the second background server 40 performs a money-making transaction operation according to the transaction information, and the first background server 30 performs a money-receiving transaction operation according to the transaction information.
In this second mode, the first backend server 30 and the second backend server 40 are different servers, the first backend server 30 does not have the first transaction verification key of the second electronic signature device 20, and the second backend server 40 has the first transaction verification key. The specific implementation manner of the second background server 40 using the first transaction verification key to verify and verify the first to-be-verified information is as follows: the second background server 40 calculates the received transaction information by using the first transaction verification key to generate a verification value, and compares whether the calculated verification value is the same as the received verification value, if so, this indicates that the verification is passed.
As an optional implementation manner in this embodiment, when the second electronic signature device 20 generates the first to-be-verified information in the fourth manner, that is, when the first to-be-verified information is a transaction request generated by the second electronic signature device 20 encrypting the transaction information by using the first transaction key to generate an encryption, and calculating the encrypted transaction request by using the first transaction verification key to generate a verification value, a flow of performing the transaction operation by the first background server 30 and the second background server 40 at least includes one of the following two manners:
the first method is as follows: the first background server 30 performs encryption verification and verification on the first information to be verified by using the first transaction verification key, and performs corresponding transaction operation according to the transaction information after the encryption verification and verification pass.
In the first mode, as an optional application scenario, the first background server 30 and the second background server 40 are the same server, and the first background server 30 has the first transaction key and the first transaction verification key of the second electronic signature device 20; as another optional application scenario, the first backend server 30 and the second backend server 40 are different servers, but the first backend server 30 may obtain the first transaction key and the first transaction verification key of the second electronic signature device 20. In these two application scenarios, the first background server 30 performs encryption verification and verification on the first to-be-verified information by using the first transaction key and the first transaction verification key, and the specific implementation manner is as follows: the first background server 30 encrypts and calculates the received transaction information by using the first transaction key to generate an encrypted transaction request, and verifies and calculates the encrypted transaction request by using the first transaction verification key to generate a verification value, and the first background server 30 compares whether the calculated verification value is the same as the received verification value, and if so, the encryption verification and the verification pass. Of course, in the case that the first to-be-verified information includes the encrypted transaction request and the verification value, the specific implementation manner of the first background server 30 performing decryption verification and verification by using the first transaction key and the first transaction verification key is as follows: the first background server 30 performs a verification calculation on the received encrypted transaction request by using the first transaction verification key to generate a verification value, and compares whether the calculated verification value is the same as the received verification value, in the case of the same, decrypts the received encrypted transaction information by using the first transaction key to obtain the transaction information, and compares whether the decrypted transaction information is the same as the received transaction information, if so, the decryption verification and the verification pass.
The second method comprises the following steps: the first background server 30 sends the first transaction data packet to the second background server 40, the second background server 40 performs encryption verification and verification on the first information to be verified by using the first transaction key and the first transaction verification key of the second electronic signature device 20, after the encryption verification and verification pass, the second background server 40 performs a money-making transaction operation according to the transaction information, and the first background server 30 performs a money-receiving transaction operation according to the transaction information.
In the second mode, the first backend server 30 and the second backend server 40 are different servers, the first backend server 30 does not have the first transaction key and the first transaction verification key of the second electronic signature device 20, and the second backend server 40 has the first transaction key and the first transaction verification key. The specific implementation manner of the second background server 40 performing encryption verification and verification on the first to-be-verified information by using the first transaction key and the first transaction verification key is as follows: the second background server 40 encrypts and calculates the received transaction information by using the first transaction key to generate an encrypted transaction request, and verifies and calculates the encrypted transaction request by using the first transaction verification key to generate a verification value, the second background server 40 compares whether the calculated verification value is the same as the received verification value, and if so, the encryption verification and the verification pass. Of course, in the case that the first to-be-verified information includes the encrypted transaction request and the verification value, the specific implementation manner of the first background server 30 performing decryption verification and verification by using the first transaction key and the first transaction verification key is as follows: the first background server 30 performs a verification calculation on the received encrypted transaction request by using the first transaction verification key to generate a verification value, and compares whether the calculated verification value is the same as the received verification value, in the case of the same, decrypts the received encrypted transaction information by using the first transaction key to obtain the transaction information, and compares whether the decrypted transaction information is the same as the received transaction information, if so, the decryption verification and the verification pass.
As an optional implementation manner of this embodiment, the first electronic signature device 10 is further configured to, after receiving the confirmation information of the transaction information, perform a second process on the transaction information to generate second information to be verified before generating a first transaction data packet according to a predetermined format and storing the first transaction data packet, where the first transaction data packet includes, in addition to the first information to be verified and the transaction information that the second electronic signature device 20 sends to the first electronic signature device 10, the second information to be verified that the first electronic signature device 10 generates, according to the predetermined format, the first transaction data packet. When the first electronic signature device 10 performs online transaction, a first transaction data packet containing first information to be verified, second information to be verified and transaction information is uploaded to the first background server 30, and a process that the first background server 30 and the second background server 40 complete transaction operation is executed. Wherein the second processing includes: signature calculation, encryption calculation, verification calculation, or encryption calculation and verification calculation.
Specifically, the first electronic signature device 10 performs second processing on the transaction information to generate second information to be verified, which includes one of four ways of performing signature calculation, encryption calculation, verification calculation, encryption calculation, and verification calculation on the transaction information, and details are not repeated here. In addition, the first to-be-verified information and the second to-be-verified information in the first transaction data packet may be generated in the same manner or may be generated in different manners. When the first transaction data packet includes the first to-be-verified information, the second to-be-verified information, and the transaction information, the process of executing the first background server 30 and the second background server 40 to complete the transaction operation at least includes one of the following two ways:
the first method is as follows: the first background server 30 performs a second verification process on the second information to be verified, and performs a first verification process on the first information to be verified, and after the first verification process and the second verification process both pass, the first background server 30 executes a corresponding transaction operation according to the transaction information.
In the first mode, the first background server 30 performs a second process on the second information to be verified, where the second process includes one of four modes, i.e., signature verification, decryption verification or encryption verification, verification, encryption verification, and verification, and is the same as the implementation mode when the first background server 30 performs the corresponding first process on the first information to be verified, and details are not repeated here. In addition, the first background server 30 may perform the second verification processing on the second information to be verified first, or may perform the first verification processing on the first information to be verified first, which is not limited in this embodiment.
In this first mode, as an optional application scenario, the first backend server 30 and the second backend server 40 are the same backend server, and the first backend server 30 may obtain the public key of the second electronic signature device 20, the first transaction key, and/or the first transaction verification key. As another optional application scenario, the first backend server 30 and the second backend server 40 are different backend servers, and the first backend server 30 may obtain the public key, the first transaction key, and/or the first transaction verification key of the second electronic signature device 20.
The second method comprises the following steps: the first background server 30 performs second verification processing on the second information to be verified, and sends the first information to be verified and the transaction information to the second background server 40, the second background server 40 performs first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the second background server 40 executes money-making transaction operation according to the transaction information, and the first background server 30 executes money-receiving transaction operation according to the transaction information.
In the second mode, the first backend server 30 performs the second processing on the second information to be verified, which is the same as the implementation mode when the first backend server 30 performs the corresponding first processing on the first information to be verified, and is not described herein again.
In the second mode, the first background server 30 and the second background server 40 are different background servers, the first background server 30 may not obtain the public key, the first transaction key, and/or the first transaction verification key of the second electronic signature device 20, and only the second background server 40 has the public key, the first transaction key, and/or the first transaction verification key of the second electronic signature device 20.
As an optional implementation manner of this embodiment, the second electronic signature device 20 is further configured to, before receiving the transaction request and prompting the user holding the second electronic signature device 20 of the transaction information, perform security analysis on the transaction information according to the set risk item by the second electronic signature device 20, and if a security risk exists as a result of the security analysis, prompt the user holding the second electronic signature device 20 that a risk exists in the current transaction. The transaction information is safely analyzed and the user is prompted by setting the risk items, so that the transaction safety is improved.
As an optional implementation manner of this embodiment, before the first electronic signature device 10 is further configured to prompt the user holding the first electronic signature device 10 with transaction information, security analysis is performed on the transaction information according to the set risk item, and if a security risk exists as a result of the security analysis, the user holding the first electronic signature device 10 is prompted that a risk exists in the current transaction. The transaction information is safely analyzed and the user is prompted by setting the risk items, so that the transaction safety is improved.
As an optional implementation manner of this embodiment, the first electronic signature device 10 and the second electronic signature device 20, further configured to perform security analysis on the transaction information according to the set risk item, includes at least one of the following four manners:
judging whether the last transaction of the current transaction is abnormal or not, and if so, presenting a safety risk;
judging whether the transaction amount in the transaction information exceeds a set offline transaction amount, and if so, having a safety risk;
judging whether the transaction amount in the transaction information exceeds the set total amount of the single transaction, if so, the safety risk exists;
and judging whether the preset transaction times are exceeded in a preset time period, and if so, presenting a safety risk.
As an alternative implementation of this embodiment: the first transaction data packet includes one or more and the second transaction data packet includes one or more. Specifically, the first electronic signature device may generate a first transaction data packet and then send the first transaction data packet to the background server for performing a transaction operation. Optionally, the first electronic signature device may also send the multiple first transaction data packets to the background server together for transaction operation after generating the multiple first transaction data packets. Similarly, the second electronic signature device may send the second transaction data packet to the background server to execute the transaction operation after generating one second transaction data packet, or send the plurality of second transaction data packets to the background server together to execute the transaction operation after generating the plurality of second transaction data packets. The data packets are sent to the background server together for online transaction, so that the offline transaction of the user can be facilitated, the online clearing of the user is not needed to be performed every time the offline transaction is performed, and the transaction convenience is improved.
Specifically, as a specific implementation manner, in embodiment 4, a detailed description is given of the first electronic signature device 10 provided by the present invention, and fig. 2 is a schematic structural diagram of an optional first electronic signature device 10 according to an embodiment of the present invention, please refer to the detailed description in embodiment 4. As a specific implementation manner, in embodiment 5, a second electronic signature device 20 provided by the present invention is described in detail, and fig. 3 is a schematic structural diagram of an optional second electronic signature device 20 according to an embodiment of the present invention, please refer to the detailed description in embodiment 5.
Example 2
The system 100 for realizing independent transaction by using electronic signature device provided by the embodiment comprises: the system comprises a first electronic signature device 10, a second electronic signature device 20, a first background server 30 and a second background server 40. The system structure of this embodiment is the same as that of embodiment 1, and is not illustrated here.
In the present embodiment, the first electronic signature device 10 is configured to send a transaction request to the second electronic signature device 20; the second electronic signature device 20 is configured to receive a transaction request, acquire transaction information, and prompt a user holding the second electronic signature device 20 with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20; after the confirmation information of the transaction information is received, the transaction information is also used for carrying out first processing on the transaction information to generate first information to be verified, a second transaction data packet is generated according to a preset format and is stored, and the second transaction data packet at least comprises the first information to be verified and the transaction information; the system is also used for networking with a second background server 40 and sending a second transaction data packet to the second background server 40; a second background server 40 for completing the transaction operation; and the first background server 30 is used for completing the transaction operation.
Through the transaction system provided by the embodiment, a user can realize offline transaction anytime and anywhere when the electronic signature equipment is not networked; before the electronic signature device is networked, the background server does not clear the account amount, so that even if the account amount stored in the electronic signature device is tampered, the actual account fund of the user cannot be influenced; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Different from the embodiment 1, after the second electronic signature device 20 generates the first information to be verified, the first information to be verified and the transaction information are directly generated into the second transaction data packet, instead of the first electronic signature device 10 generating the first transaction data packet from the first information to be verified and the transaction information, so that the confirmation process is simplified, and the transaction efficiency is improved.
In this embodiment, the second transaction data packet at least includes the first to-be-verified information and the transaction information, and the second electronic signature device 20 performs the first processing on the transaction information to generate the first to-be-verified information at least includes four implementation manners, which are the same as the manner of generating the first to-be-verified information in embodiment 1 and are not described herein again. The transaction operations executed by the first backend server 30 and the second backend server 40 specifically include the following four ways: the first method is as follows: the second background server 40 performs signature verification on the first information to be verified by using the public key of the second electronic signature device 20, and performs corresponding transaction operation according to the transaction information after the signature verification is passed; the second method comprises the following steps: the second background server 40 performs decryption verification or encryption verification on the first information to be verified by using the first transaction key of the second electronic signature device 20, and performs corresponding transaction operation according to the transaction information after the decryption verification or the encryption verification is passed; the third method comprises the following steps: the second background server 40 verifies the first information to be verified by using the first transaction verification key of the second electronic signature device 20, and executes corresponding transaction operation according to the transaction information after the verification passes; the method is as follows: the second background server 40 performs encryption verification and verification on the first information to be verified by using the first transaction key and the first transaction verification key of the second electronic signature device 20, and performs corresponding transaction operation according to the transaction information after the encryption verification and verification pass. In this embodiment, the second backend server 40 performs signature verification, decryption verification or encryption verification, verification, encryption verification and verification on the first to-be-verified information in the same manner as in embodiment 1, and details are not repeated here.
In this embodiment, reference may be made to embodiment 1 for implementation of sending a transaction request, prompting transaction information, confirming transaction information, authenticating both parties, and the like, and details are not described herein again.
Example 3
The system 100 for realizing independent transaction by using electronic signature device provided by the embodiment comprises: the system comprises a first electronic signature device 10, a second electronic signature device 20, a first background server 30 and a second background server 40. The system structure of this embodiment is the same as that of embodiment 1, and is not illustrated here.
In the present embodiment, the first electronic signature device 10 transmits a transaction request to the second electronic signature device 20; the second electronic signature device 20 is configured to receive a transaction request, acquire transaction information, and prompt a user holding the second electronic signature device 20 with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20; after receiving the confirmation information of the transaction information, the electronic signature device is further configured to perform a first process on the transaction information to generate first information to be verified, and send the transaction information and the first information to be verified to the first electronic signature device 10; the first electronic signature device 10 is further configured to prompt a user holding the first electronic signature device 10 with transaction information, perform second processing on the transaction information after receiving confirmation information of the transaction information to generate second information to be verified, and send the second information to be verified to the second electronic signature device 20; the second electronic signature device 20 is further configured to generate and store a second transaction data packet according to a predetermined format, where the second transaction data packet at least includes the first information to be verified, the second information to be verified, and the transaction information, and is further configured to network with the second background server 40 and send the second transaction data packet to the second background server; a second background server 40 for completing the transaction operation; and the first background server 30 is used for completing the transaction operation.
Through the transaction system provided by the embodiment, a user can realize offline transaction anytime and anywhere when the electronic signature equipment is not networked; before the electronic signature device is networked, the background server does not clear the account amount, so that even if the account amount stored in the electronic signature device is tampered, the actual account fund of the user cannot be influenced; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Different from embodiment 1, in this embodiment, the first electronic signature device 10 not only performs the second processing on the transaction information to generate the second information to be verified after receiving the confirmation information of the transaction information, but also sends the second information to be verified to the second electronic signature device 20, and the second electronic signature device generates the second transaction data packet by using the first information to be verified, the second information to be verified and the transaction information.
Specifically, the first electronic signature device 10 performs second processing on the transaction information to generate second information to be verified, which includes one of four ways of performing signature calculation, encryption calculation, verification calculation, encryption calculation, and verification calculation on the transaction information, and details are not repeated here. In addition, the first to-be-verified information and the second to-be-verified information in the second transaction data packet may be generated in the same manner or may be generated in different manners. When the second transaction data packet includes the first to-be-verified information, the second to-be-verified information, and the transaction information, taking the first background server 30 as the payee and the second background server 40 as the payer as examples, the process of executing the first background server 30 and the second background server 40 to complete the transaction operation at least includes one of the following two ways:
the first method is as follows: the second background server 40 performs second verification processing on the second information to be verified, performs first verification processing on the first information to be verified, and after the first verification processing and the second verification processing both pass, the second background server 40 executes corresponding transaction operation according to the transaction information.
In the first mode, the second backend server 40 performs second processing on the second information to be verified, where the second processing includes one of four modes, i.e., signature verification, decryption verification or encryption verification, verification, encryption verification, and verification, and is the same as the implementation mode when the first backend server 30 performs corresponding first processing on the first information to be verified, and details are not repeated here. In addition, the second background server 40 may perform the second verification processing on the second information to be verified first, or may perform the first verification processing on the first information to be verified first, which is not limited in this embodiment.
In this first mode, as an optional application scenario, the first background server 30 and the second background server 40 are the same background server, and the second background server 40 may obtain the public key of the first electronic signature device 10, the second transaction key, and/or the second transaction verification key. As another optional application scenario, the first backend server 30 and the second backend server 40 are different backend servers, and the second backend server 40 may obtain the public key, the second transaction key, and/or the second transaction verification key of the first electronic signature device 10.
The second method comprises the following steps: the second background server 40 performs first verification processing on the first information to be verified, and sends the second information to be verified and the transaction information to the first background server 30, the first background server 30 performs second verification processing on the second information to be verified, and after the first verification processing and the second verification processing are both passed, the second background server 40 executes a money-making operation according to the transaction information, and the first background server 30 executes a money-collecting operation according to the transaction information.
In the second mode, the first background server 30 and the second background server 40 are different background servers, the second background server 40 may not obtain the public key, the second transaction key, and/or the second transaction verification key of the first electronic signature device 10, and only the first background server 30 has the public key, the second transaction key, and/or the second transaction verification key of the first electronic signature device 10.
In this embodiment, reference may be made to embodiment 1 for implementation of sending a transaction request, prompting transaction information, confirming transaction information, authenticating both parties, and the like, and details are not described herein again.
Example 4
The present embodiment describes the first electronic signature device 10 in detail. Fig. 2 is a schematic structural diagram of a first electronic signature device 10 according to an embodiment of the present invention, and as shown in fig. 2, the first electronic signature device 10 includes a sending module 11, a receiving module 12, a prompting module 13, a data packet generating module 14, and a communication module 15.
In this embodiment, the sending module 11 is configured to send a transaction request to the second electronic signature device 20; the receiving module 12 is configured to receive transaction information and first information to be verified sent by the second electronic signature device 20, where the transaction information at least includes: the transaction amount, the account information related to the first electronic signature device 10 and the account information related to the second electronic signature device 20, wherein the first information to be verified is a ciphertext generated by the second electronic signature device 20 from the transaction information; a prompting module 13, configured to prompt a user holding the first electronic signature device 10 for transaction information; the data packet generating module 14 is configured to generate and store a first transaction data packet according to a predetermined format after receiving the confirmation information of the transaction information, where the first transaction data packet at least includes first information to be verified and transaction information; the communication module 15 is configured to connect to the first background server 30 in a network, and send the first transaction data packet to the first background server 30.
In this embodiment, before the first electronic signature device 10 sends the transaction request to the second electronic signature device 20, the first electronic signature device 10 and the first backend server 30 may or may not be networked, and the second electronic signature device 20 and the second backend server 40 may or may not be networked. When the first electronic signature device 10 is not networked with the first background server 30 and the second electronic signature device 20 is not networked with the second background server 40, the first electronic signature device 10 and the second electronic signature device 20 realize offline transactions anytime and anywhere. The first electronic signature device 10 and the first background server 30 are not networked, which means that the first electronic signature device 10 and the first background server 30 to which the first electronic signature device 10 belongs do not establish a connection relationship; the networking of the communication module 15 of the first electronic signature device 10 and the first background server 30 means that the first electronic signature device 10 and the first background server 30 to which the first electronic signature device 10 belongs establish a connection relationship.
In this embodiment, the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20. For example, user A may transfer 100-dollar transaction information to user B as: "payer: a, a payee: b, transaction amount: 100 yuan. As an optional implementation manner of this embodiment, the transaction information may further include content such as a single identifier (e.g., an order number, a digital timestamp, and/or a random number), a payment time, and/or personal information of the payee, and the embodiment is not limited herein as long as the information used for the transaction is within the scope covered by the present invention. For example, the transaction information may also include a digital timestamp containing the time at which the transaction information was generated, e.g., the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, transaction time: 10/15/14: 20:08 "in 2015. For another example, the transaction information may further include a transaction order number, for example, the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, trade order number: 20151015142008". Therefore, the first server 30 can verify the transaction information containing a single identifier, and avoid multiple identical transactions at the same time, thereby avoiding the situation that the transactions are maliciously copied.
In this embodiment, the first to-be-verified information is generated by performing the first processing on the transaction information by the second electronic signature device 20, and the first to-be-verified information generated by performing the first processing on the transaction information by the second electronic signature device 20 can be convenient for the background server to determine, through the first to-be-verified information, that the user (payer) holding the second electronic signature device has already confirmed the transaction information, and the background server can perform corresponding transaction operation according to the transaction information.
In this embodiment, the first electronic signature device 10 may display the transaction information through the display screen to prompt the user, or may prompt the user through the sound of the transaction information of the current transaction. The transaction information is displayed to the user through the display screen, so that the real 'what you see is what you sign' is realized, and the transaction information is effectively prevented from being tampered by Trojan horse viruses.
In this embodiment, the confirmation of the transaction information by the user holding the first electronic signature device 10 can be confirmed by a physical key on the first electronic signature device 10, so that the security of the transaction is improved. Of course, the user holding the first electronic signature device 10 may also confirm the transaction information in other ways, and this embodiment is not limited. The transaction information is confirmed through the physical key, so that the attack of Trojan viruses can be effectively prevented, and the remote hijacking of electronic signature transactions is prevented.
In this embodiment, the communication module 15 of the first electronic signature device 10 may establish a connection with the first backend server 30 through a terminal (e.g., a computer or a mobile phone) and perform communication, or may directly establish a connection with the first backend server 30 in a wireless manner (e.g., bluetooth, infrared, wireless connection, or NFC near field communication) and perform communication.
As an optional implementation manner of this embodiment, the communication module 15 of the first electronic signature device 10 may send a first transaction data packet to the background server for transaction operation after the data packet generation module 14 generates the first transaction data packet. Optionally, after the data packet generating module 14 generates a plurality of first transaction data packets, the plurality of first transaction data packets may be sent to the background server together for performing a transaction operation. The plurality of first transaction data packets are sent to the background server together for online transaction, so that offline transaction of the user can be facilitated, online clearing is not needed for the user every time the offline transaction is carried out, and convenience of transaction is improved.
As an optional implementation manner of this embodiment, as shown in fig. 3, the first electronic signature device 10 further includes a security authentication module 16, where the security authentication module 16 is configured to perform security authentication on the second electronic signature device 20, specifically, the second electronic signature device 20 may generate single-time authentication data and sign the single-time authentication data, the security authentication module 16 verifies the signature, and the verification is implemented in a manner that the security authentication is completed after the verification is passed, specifically, refer to the detailed description in step 200a in embodiment 4. Through the safety certification of the second electronic signature device 20, the second electronic signature device 20 can be ensured to be safe and credible, and the safety of the transaction is improved.
As an optional implementation manner of this embodiment, as shown in fig. 3, the first electronic signature device 10 further includes a to-be-verified information generating module 17, configured to, after the data packet generating module 14 receives the confirmation information of the transaction information, perform a second process on the transaction information to generate second to-be-verified information before generating and storing the first transaction data packet according to the predetermined format. After the to-be-verified information generation module 17 in the first electronic signature device 10 generates the second to-be-verified information, the first electronic signature device 10 generates a first transaction data packet according to a predetermined format from the first to-be-verified information, the second to-be-verified information and the transaction information. The second processing of the transaction information by the to-be-verified information generation module 17 of the first electronic signature device 10 to generate the second to-be-verified information at least includes one of four ways: the first method is as follows: the first electronic signature device 10 performs signature calculation on the transaction information by using a private key stored by the first electronic signature device to generate signature data serving as second information to be verified; the second method comprises the following steps: the first electronic signature 10 device encrypts and calculates the transaction information by using a second transaction key stored in the first electronic signature device to generate second information to be verified; the third method comprises the following steps: the first electronic signature 10 device verifies and calculates the transaction information by using a second transaction verification key stored by the first electronic signature device to generate a verification value as second information to be verified; the method is as follows: the second electronic signature device 10 encrypts and calculates the transaction information by using the second transaction key to generate an encrypted transaction request, and verifies and calculates the encrypted transaction request by using the second transaction verification key to generate a verification value as the second information to be verified. After the first electronic signature device 10 is networked with the first background server 30, the communication module 15 sends the first transaction data packet generated by the data packet generation module 14 to the first background server 30, the first transaction data packet includes the first information to be verified and the transaction information, and also includes the second information to be verified, and the first background server can judge that the user holding the first electronic signature device 10 has confirmed the transaction information and the transaction information has not been tampered with through the second information to be verified. In addition, after the first electronic signature device 10 generates the second information to be verified, the sending module 11 is further configured to send the second information to be verified to the second electronic signature device, so that the second electronic password device 20 can obtain the second information to be verified conveniently.
As an optional implementation manner of this embodiment, as shown in fig. 3, the first electronic signature device 10 further includes a security analysis module 18, configured to perform security analysis on the transaction information according to a set risk item before the prompting module 13 prompts the transaction information to the user holding the first electronic signature device 10, and trigger the prompting module to prompt the user holding the first electronic signature device 10 that the current transaction is at risk when a security risk exists as a result of the analysis; the safety analysis module 18 performs safety analysis on the transaction information according to the set risk items, which includes at least one of the following four ways: the first method is as follows: the security analysis module 18 judges whether the last transaction of the current transaction is abnormal, and if the last transaction of the current transaction is abnormal, security risks exist; the second method comprises the following steps: the security analysis module 18 judges whether the transaction amount in the transaction information exceeds the set offline transaction amount, and if the transaction amount in the transaction information exceeds the set offline transaction amount, security risks exist; the third method comprises the following steps: the safety analysis module 18 judges whether the transaction amount in the transaction information exceeds the set total amount of the single transaction, and if the transaction amount in the transaction information exceeds the set total amount of the single transaction, safety risks exist; the method is as follows: the security analysis module 18 determines whether a predetermined number of transactions have been exceeded for a predetermined period of time, and if so, a security risk exists. Whether risk items exist or not is analyzed through the safety analysis module, and safety risks of transactions can be reduced.
As an optional implementation manner of this embodiment, the prompting module 13 is further configured to prompt the user holding the first electronic signature device 10 that the current transaction is at risk under the trigger of the security analysis module. Specifically, when the result of the analysis by the security analysis module 18 is that there is a security risk, the prompt module 13 prompts the user holding the first electronic signature device 10 that there is a risk in the current transaction, so that the user can conveniently make a judgment on whether to perform further transaction, and the security of the transaction is improved.
By adopting the electronic signature device provided by the embodiment, a user can realize online transaction anytime and anywhere when the electronic signature device is not networked; before the electronic signature device is networked, the background server does not clear the account amount, so that even if the account amount stored in the electronic signature device is tampered, the actual account fund of the user cannot be influenced; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 5
The present embodiment describes the second electronic signature device 20 in detail. Fig. 4 is a schematic structural diagram of a second electronic signature device 20 according to an embodiment of the present invention, and as shown in fig. 4, the second electronic signature device 20 includes: the system comprises a receiving module 21, an obtaining module 25, a prompting module 22, an information to be verified generating module 23 and a sending module 24.
In this embodiment, the receiving module 21 is configured to receive a transaction request sent by the first electronic signature device 10; an obtaining module 25, configured to obtain transaction information; a prompting module 22, configured to prompt a user holding the second electronic signature device 20 with transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20; the to-be-verified information generating module 23 is configured to perform a first process on the transaction information to generate first to-be-verified information after receiving the confirmation information of the transaction information; and the sending module 24 is configured to send the transaction information and the first to-be-verified information to the first electronic signature device 10.
In this embodiment, the receiving module 21 in the second electronic signature device 20 may receive the transaction request or other data sent by the first electronic signature device 10 in a wireless manner, such as bluetooth, infrared, wireless, or NFC near field communication, and the receiving module 21 and the first electronic signature device 10 may also complete data transmission through terminals connected to each other, and the receiving module 21 and the terminals may be connected in a wired or wireless manner. In addition, the sending module 24 of the second electronic signature device 20 may send the first to-be-verified information to the first electronic signature device 10 in a wireless manner, such as bluetooth, infrared, wireless, or NFC near field communication, and in addition, the sending module 24 and the first electronic signature device 10 may also complete data transmission through terminals connected to each other, and the sending module 24 and the terminals may be connected in a wired or wireless manner. Therefore, communication between the electronic signature devices can be faster.
In this embodiment, the obtaining module 25 of the second electronic signature device 20 is further configured to obtain transaction information, where the transaction information may be sent to the second electronic signature device 20 by the first electronic signature device 10, or may be input by a user holding the second electronic signature device 20 or stored in the second electronic signature device 20, and a specific embodiment is not limited thereto. For example, the transaction amount in the transaction information may be obtained by one of the following ways: the first electronic signature device 10 or the second electronic signature device 20 is input by a user, or obtained by scanning a two-dimensional code or a barcode related to a transaction amount, or input by a terminal connected to the first electronic signature device 10 or the second electronic signature device 20, and the terminal sends the input transaction amount to the first electronic signature device 10 or the second electronic signature device 20 (the first electronic signature device 10 or the second electronic signature device 20 and the terminal may be connected in a wired or wireless manner), which is not limited in the specific embodiment, as long as the second electronic signature device 20 obtains transaction information.
In this embodiment, the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device 10, and account information relating to the second electronic signature device 20. For example, user A may transfer 100-dollar transaction information to user B as: "payer: a, a payee: b, transaction amount: 100 yuan. As an optional implementation manner of this embodiment, the transaction information may further include content such as a single identifier (e.g., an order number, a digital timestamp, and/or a random number), a payment time, and/or personal information of the payee, and the embodiment is not limited herein as long as the information used for the transaction is within the scope covered by the present invention. For example, the transaction information may also include a digital timestamp containing the time at which the transaction information was generated, e.g., the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, transaction time: 10/15/14: 20:08 "in 2015. For another example, the transaction information may further include a transaction order number, for example, the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, trade order number: 20151015142008". Therefore, the first background server 30 can verify the transaction information containing a single identifier, and avoid multiple identical transactions at the same time, thereby avoiding the situation that the transactions are maliciously copied.
In this embodiment, the prompting module 22 in the second electronic signature device 20 may display the transaction information through a display screen to prompt the user, or may prompt the user of the transaction information of the current transaction through sound. The transaction information is displayed to the user through the display screen, so that the real 'what you see is what you sign' is realized, and the transaction information is effectively prevented from being tampered by Trojan horse viruses.
In this embodiment, the confirmation of the transaction information by the user holding the second electronic signature device 20 can be confirmed by a physical key on the second electronic signature device 20, so that the security of the transaction is improved. Of course, the user holding the second electronic signature device 20 may also confirm the transaction information in other ways, which is not limited in this embodiment. The transaction information is confirmed through the physical key, so that the attack of Trojan viruses can be effectively prevented, and the remote hijacking of electronic signature transactions is prevented.
In this embodiment, the second electronic signature device 20 performs the first processing on the transaction information to generate the first information to be verified, and the second electronic signature device 20 specifically generates the first information to be verified in one of the following four ways: the first method is as follows: the second electronic signature device 20 performs signature calculation on the transaction information by using a private key stored by itself to generate signature data as first information to be verified; the second method comprises the following steps: the second electronic signature 20 device encrypts and calculates the transaction information by using a first transaction key stored in the second electronic signature 20 device to generate first information to be verified; the third method comprises the following steps: the second electronic signature 20 device verifies and calculates the transaction information by using a first transaction verification key stored in the second electronic signature device to generate a verification value as first information to be verified; the method is as follows: the second electronic signature device 20 performs encryption calculation on the transaction information by using the first transaction key to generate an encrypted transaction request, and performs verification calculation on the encrypted transaction request by using the first transaction verification key to generate a verification value as the first information to be verified. The to-be-verified information generating module 23 performs the first processing on the transaction information to generate the first to-be-verified information, so that the background server can determine that the user (payer) holding the second electronic signature device has confirmed the transaction information through the first to-be-verified information, and the background server can perform corresponding transaction operation according to the transaction information.
As an optional implementation manner of this embodiment, as shown in fig. 5, the second electronic signature device 20 further includes a security authentication module 29, where the security authentication module 29 is configured to perform security authentication on the first electronic signature device 10, specifically, the first electronic signature device 10 may generate single-time authentication data and sign the single-time authentication data, the security authentication module 29 verifies the signature, and the verification is implemented in a manner that the security authentication is completed after the verification is passed, specifically, refer to the detailed description in step 200a in embodiment 4. Through the safety certification of the first electronic signature device 10, the first electronic signature device 20 can be ensured to be safe and credible, and the safety of the transaction is improved.
As an optional implementation manner of this embodiment, as shown in fig. 5, the second electronic signature device 20 further includes a data packet generating module 26, and the data packet generating module 26 is configured to generate and store the first to-be-verified information and the transaction information into a second transaction data packet according to a predetermined format.
As an optional implementation manner of this embodiment, as shown in fig. 5, the second electronic signature device further includes a communication module 27, configured to network with the second backend server 40, and send the second transaction data packet to the second backend server 40. In a specific application, the communication module 27 in the second electronic signature device 20 may establish a connection with the second backend server 40 through a terminal (e.g., a computer or a mobile phone) and perform communication, or may directly establish a connection with the second backend server 40 in a wireless manner (e.g., bluetooth, infrared, wireless connection, or NFC near field communication) and perform communication.
As an optional implementation manner of this embodiment, the communication module 27 of the second electronic signature device 20 may send a second transaction data packet to the background server for transaction operation after the data packet generation module 26 generates the second transaction data packet. Optionally, after the data packet generating module 26 generates a plurality of second transaction data packets, the plurality of second transaction data packets may be sent to the background server together for performing a transaction operation. The plurality of second transaction data packets are sent to the background server together for online transaction, so that the offline transaction of the user can be facilitated, the online clearing of the user is not needed to be performed every time the offline transaction is performed, and the transaction convenience is improved.
As an optional implementation manner of this embodiment, the second electronic signature device 20 further includes a security analysis module 28, configured to perform security analysis on the transaction information according to the set risk item before the prompting module 22 prompts the transaction information to the user holding the second electronic signature device 20, and trigger the prompting module 22 to prompt the user holding the second electronic signature device 20 that the current transaction is at risk when there is a security risk as a result of the analysis. The safety analysis module 28 performs safety analysis on the transaction information according to the set risk item, wherein the safety analysis at least includes one of the following four modes: the first method is as follows: the security analysis module 28 determines whether the last transaction of the current transaction is abnormal, and if so, there is a security risk; the second method comprises the following steps: the security analysis module 28 judges whether the transaction amount in the transaction information exceeds the set offline transaction amount, and if the transaction amount in the transaction information exceeds the set offline transaction amount, security risks exist; the third method comprises the following steps: the security analysis module 28 judges whether the transaction amount in the transaction information exceeds the set total amount of the single transaction, and if the transaction amount in the transaction information exceeds the set total amount of the single transaction, security risks exist; the method is as follows: the security analysis module 28 determines whether a predetermined number of transactions have been exceeded for a predetermined period of time, and if so, a security risk exists. By analyzing whether a risk item is present by the security analysis module 28, the security risk of the transaction may be reduced.
As an optional implementation manner of this embodiment, the prompting module 22 is further configured to prompt the user holding the second electronic signature device 20 that the current transaction is at risk under the trigger of the security analysis module 28. Specifically, when the result of the analysis by the security analysis module 28 is that there is a security risk, the prompt module 22 prompts the user holding the electronic signature device that there is a risk in the current transaction, so that the user can conveniently make a judgment on whether to perform further transaction, thereby improving the security of the transaction.
By adopting the electronic signature device provided by the embodiment, a user can realize online transaction anytime and anywhere when the electronic signature device is not networked; before the electronic signature device is networked, the background server does not clear the account amount, so that even if the account amount stored in the electronic signature device is tampered, the actual account fund of the user cannot be influenced; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 6
The present embodiment provides a method for implementing independent transactions by using an electronic signature device, which can be applied to the system 100, the first electronic signature device 10, and the second electronic signature device 20 for implementing independent transactions by using an electronic signature device in embodiments 1 to 5, as shown in fig. 6, the method includes the following steps (401 to 406):
step 401: the first electronic signature device sends a transaction request to the second electronic signature device;
in this embodiment, the first electronic signature device may set a mode, that is, the first electronic signature device may be set as a payee or a payer. The second electronic signature device may also be set to a mode, that is, the second electronic signature device may be set as a payer or a payee. Of course, the first electronic signature device and the second electronic signature device need one party to be set as a payee and the other party to be set as a payer for the transaction. In the following description, only the first electronic signature device is a payee and the second electronic signature device is a payer, for example.
In addition, in this embodiment, the first electronic signature device and the second electronic signature device may be dynamic token, electronic signature tools having a dynamic token function, or other devices as long as the devices can perform the functions of the electronic signature devices in this embodiment.
In this embodiment, before the first electronic signature device sends the transaction request to the second electronic signature device, the first electronic signature device and the first background server may or may not be networked, and the second electronic signature device and the second background server may or may not be networked. When the first electronic signature device is not networked with the first background server and the second electronic signature device is not networked with the second background server, the first electronic signature device and the second electronic signature device realize the online transaction anytime and anywhere. In this embodiment, the fact that the first electronic signature device is not networked with the first background server means that the first electronic signature device and the first background server to which the first electronic signature device belongs do not establish a connection relationship; the fact that the second electronic signature device is not networked with the second background server means that the second electronic signature device and the second background server to which the second electronic signature device belongs do not establish a connection relation.
As an optional implementation manner of this embodiment, the first electronic signature device may send the transaction request and/or other data to the second electronic signature device in a wireless manner, such as bluetooth, infrared, wireless connection, or NFC near field communication, and in addition, the first electronic signature device and the second electronic signature device may also complete data transmission through terminals respectively connected to the first electronic signature device and the second electronic signature device, and the electronic signature device and the terminals may be connected in a wired or wireless manner. Therefore, communication between the electronic signature devices can be faster.
In this embodiment, the transaction information acquired by the second electronic signature device may be sent by the first electronic signature device to the second electronic signature device, or may be input by a user holding the second electronic signature device or stored in the second electronic signature device, and the specific embodiment is not limited thereto. For example, the transaction amount in the transaction information may be obtained by one of the following ways: the transaction amount is obtained by inputting the first electronic signature device or the second electronic signature device by the user, or by scanning a two-dimensional code or a barcode related to the transaction amount, or by inputting the transaction amount through a terminal connected to the first electronic signature device or the second electronic signature device, and the terminal sends the input transaction amount to the first electronic signature device or the second electronic signature device to obtain the transaction amount (the first electronic signature device or the second electronic signature device and the terminal may be connected in a wired or wireless manner).
As an optional implementation manner of this embodiment, before the first electronic signature device sends the transaction request to the second electronic signature device, the method further includes step 400 a: and the second electronic signature device and the first electronic signature device respectively carry out security authentication on the other side.
In step 400a, the second electronic signature device and the first electronic signature device respectively perform security authentication on each other, including two aspects: on one hand, the second electronic signature device carries out security authentication on the first electronic signature device; another aspect is that the first electronic signature device securely authenticates the second electronic signature device. As an optional implementation manner, the second electronic signature device and the first electronic signature device respectively perform security authentication on the other party by respectively generating single authentication data and signing, and the other party completes the security authentication after verifying the signature.
In a specific application, the specific process of the second electronic signature device for performing security authentication on the first electronic signature device is as follows: the first electronic signature device generates the single authentication data R1, and signs the single authentication data R1 to generate signature data S1. The first electronic signature device sends a security authentication request carrying single authentication data R1, signature data S1 and a digital certificate of the first electronic signature device to a second electronic signature device, wherein the digital certificate at least comprises a public key of the first electronic signature device. After the second electronic signature device receives the security authentication request, the second electronic signature device verifies the validity of the digital certificate sent by the first electronic signature device by using the root certificate, so that the security authentication of the first electronic signature device is realized, and the security of the transaction is improved. After the second electronic signature device verifies the digital certificate sent by the first electronic signature device, the second electronic signature device verifies the received signature data S1 by using the public key of the first electronic signature device, if the verification passes, the signature data S1 is signed by the first electronic signature device, and further, the security authentication of the first electronic signature device is realized.
In a specific application, a specific process of the first electronic signature device for performing security authentication on the second electronic signature device is as follows: the second electronic signature device generates the single authentication data R2, and signs the single authentication data R2 to generate signature data S2. And the second electronic signature device sends a security authentication request carrying the single authentication data R2, the signature data S2 and a digital certificate of the second electronic signature device to the first electronic signature device, wherein the digital certificate at least comprises a public key of the second electronic signature device. After the first electronic signature device receives the security authentication request, the first electronic signature device verifies the validity of the digital certificate sent by the second electronic signature device by using the root certificate, so that the security of the transaction is improved. After the first electronic signature device verifies the digital certificate sent by the second electronic signature device, the first electronic signature device verifies the received signature data S2 by using the public key of the second electronic signature device, if the verification passes, the signature data S2 is signed by the second electronic signature device, and further, the security authentication of the second electronic signature device is realized.
Optionally, the first electronic signature device may perform security authentication on the second electronic signature device in the following manner, and the specific process is as follows: after the second electronic signature device generates the single authentication data R2, the second electronic signature device also connects the received single authentication data R1 sent by the first electronic signature device with the single authentication data R2 generated by the second electronic signature device to generate the single authentication data R, and signs the single authentication data R to generate the signature data S. And the second electronic signature device sends a security authentication request carrying the single authentication data R, the signature data S and the digital certificate of the second electronic signature device to the first electronic signature device. After the first electronic signature device receives the security authentication request, the first electronic signature device verifies the validity of the digital certificate of the second electronic signature device by using the root certificate, so that the security authentication of the second electronic signature device is further realized, and the security of the transaction is improved. After the first electronic signature device verifies the digital certificate sent by the second electronic signature device, the first electronic signature device verifies the received signature data S by using the public key of the second electronic signature device, and the signature data S is signed by the second electronic signature device, so that the security authentication of the second electronic signature device is further realized. In addition, after the signature verification is passed, the first electronic signature device disconnects the data R to obtain single authentication data R1 ' and single authentication data R2 ', and the first electronic signature device verifies whether the obtained single authentication data R1 ' is the same as the single authentication data R1 generated by the first electronic signature device so as to confirm that the security authentication request is sent by the second electronic signature device, thereby realizing the security authentication of the second electronic signature device and improving the security of the transaction.
As an optional implementation manner of this embodiment, after step 400a and before step 401, further comprising step 400 b: the first electronic signature device and the second electronic signature device can negotiate to generate a transmission key or a verification key in the process of identity authentication. For example, a transmission key is generated by calculation from the single authentication data R1 and the single authentication data R2, or a check key is generated by calculation from the single authentication data R1 and the single authentication data R2. It should be noted that, in step 400b, the transmission key and the verification key are both symmetric keys.
In this embodiment, the data to be transmitted between the first electronic signature device and the second electronic signature device may be encrypted by using a transmission key or a verification key to generate a ciphertext or generate a verification value and then transmitted, and the security of data transmission between the first electronic signature device and the second electronic signature device may be ensured by using the ciphertext or the verification value. In addition, the data transmission mode of the check value shortens the byte number of the data to be transmitted, accelerates the transmission speed, and has small space for storing the check value. Of course, the data to be transmitted between the first electronic signature device and the second electronic signature device may also be encrypted by an asymmetric key (e.g., a public key), so as to improve the security of data transmission.
As an optional implementation manner of this embodiment, before step 401, the method further includes step 400 c: and the first electronic signature device performs PIN code verification on the second electronic signature device. Specifically, the first electronic signature device sends a PIN code check request to the second electronic signature device, after the second electronic signature device receives the PIN code check request sent by the first electronic signature device, the user is prompted to input a PIN code, the user inputs the PIN code, the second electronic signature device checks whether the PIN code input by the user is correct, and if the PIN code input by the user is correct, a check result is returned to the first electronic signature device.
In step 400c, the first electronic signature device initiates a transaction request to the second electronic signature device after receiving the verification result that the verification result is correct. The identity of the user can be verified through the PIN code, and the fact that the user is lost due to the fact that an illegal party conducts transaction through the second electronic password device under the condition that the second electronic password device is lost is prevented.
It should be noted that, before step 401, at least one of steps 400a to 400c may be included, however, step 400b needs to be executed after step 400a, and step 400c is not in sequence with steps 400a and 400 b.
As an optional implementation manner of this embodiment, the first electronic signature device may encrypt the transaction request by using a symmetric key (e.g., a transmission key and a verification key) and send the encrypted transaction request to the second electronic signature device, and of course, the first electronic signature device may also encrypt the transaction request by using an asymmetric key (e.g., a public key) and send the encrypted transaction request to the second electronic signature device. By encrypting the transaction request, illegal parties can be prevented from tampering the transaction amount in the transaction request or the account information of the first electronic signature device, and the transaction safety is ensured.
Step 402: the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
the second electronic signature device may display the transaction information through a display screen to prompt the user, or may prompt the user of the transaction information of the current transaction through a sound. The transaction information is displayed to the user through the display screen, so that the real 'what you see is what you sign' is realized, and the transaction is effectively prevented from being tampered by Trojan horse viruses.
In this embodiment, the transaction information at least includes: the transaction amount, account information associated with the first electronic signature device, and account information associated with the second electronic signature device. For example, user A may transfer 100-dollar transaction information to user B as: "payer: a, a payee: b, transaction amount: 100 yuan. As an optional implementation manner of this embodiment, the transaction information may further include content such as a single identifier (e.g., an order number, a digital timestamp, and/or a random number), a payment time, and/or personal information of the payee, and the embodiment is not limited herein as long as the information used for the transaction is within the scope covered by the present invention. For example, the transaction information may also include a digital timestamp containing the time at which the transaction information was generated, e.g., the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, transaction time: 10/15/14: 20:08 "in 2015. For another example, the transaction information may further include a transaction order number, for example, the transaction information may be: "payer: a, a payee: b, transaction amount: 100 yuan, trade order number: 20151015142008". Therefore, the first background server 30 can verify the transaction information containing a single identifier, and avoid multiple identical transactions at the same time, thereby avoiding the situation that the transactions are maliciously copied.
As an optional implementation manner of this embodiment, when the transaction request received by the second electronic signature device is an encrypted transaction request, the second electronic signature device decrypts the encrypted transaction request by using a decryption key corresponding to the symmetric transmission key to obtain a plaintext of the transaction information, or decrypts the transaction request encrypted by using a private key of the second electronic signature device to obtain the plaintext of the transaction information, so that the security of the transaction request in the transmission process is improved.
Step 403: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
in this embodiment, the user holding the second electronic signature device can confirm the transaction information through the physical key on the second electronic signature device, so that the security of the transaction is improved. Of course, the user holding the second electronic signature device may also confirm the transaction information in other ways, which is not limited in this embodiment. The transaction information is confirmed through the physical key, so that the attack of Trojan viruses can be effectively prevented, and the remote hijacking of electronic signature transactions is prevented.
In this embodiment, the second electronic signature device performs the first processing on the transaction information to generate the first information to be verified in at least one of the following four ways: the first method is as follows: the second electronic signature device performs signature calculation on the transaction information by using a private key stored in the second electronic signature device to generate signature data serving as first information to be verified. The second method comprises the following steps: the second electronic signature device encrypts and calculates the transaction information by using the first transaction key stored in the second electronic signature device to generate first information to be verified. The third method comprises the following steps: the second electronic signature device carries out verification calculation on the transaction information by using the first transaction verification key stored in the second electronic signature device and generates a verification value serving as first information to be verified. The method is as follows: the second electronic signature device utilizes the first transaction key to encrypt and calculate the transaction information to generate an encrypted transaction request, and utilizes the first transaction verification key to verify and calculate the encrypted transaction request and generate a verification value as the first information to be verified. The second electronic signature device performs the first processing on the transaction information to generate the first to-be-verified information, so that the background server can determine that the user (payer) holding the second electronic signature device has confirmed the transaction information through the first to-be-verified information, and the background server can perform corresponding transaction operation according to the transaction information.
As an optional implementation manner of this embodiment, the second electronic signature device may send the transaction request or other data to the first electronic signature device in a wireless manner, such as bluetooth, infrared, wireless connection, or NFC near field communication, and in addition, the second electronic signature device and the first electronic signature device may also complete data transmission through terminals connected to each other, and the electronic signature device and the terminals may be connected in a wired or wireless manner. Therefore, communication between the electronic signature devices can be faster.
Step 404: the first electronic signature device prompts transaction information to a user holding the first electronic signature device, and after confirmation information of the transaction information is received, a first transaction data packet is generated according to a preset format and stored, wherein the first transaction data packet at least comprises first information to be verified and the transaction information;
in this embodiment, the first electronic signature device may display the transaction information through the display screen to prompt the user, or may prompt the user of the transaction information of the current transaction through sound. The transaction information is displayed to the user through the display screen, so that the real 'what you see is what you sign' is realized, and the transaction is effectively prevented from being tampered by Trojan horse viruses.
In this embodiment, the user holding the first electronic signature device can confirm the transaction information through a physical key on the first electronic signature device, so that the security of the transaction is improved. Of course, the user holding the first electronic signature device may also confirm the transaction information in other ways, which is not limited in this embodiment. The transaction information is confirmed through the physical key, so that the attack of Trojan viruses can be effectively prevented, and the remote hijacking of electronic signature transactions is prevented.
Step 405: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
In this embodiment, the networking of the first electronic signature device and the first background server means that the first electronic signature device and the first background server to which the first electronic signature device belongs establish a connection relationship. As an optional implementation manner of this embodiment, the first electronic signature device may establish connection and communicate with the first backend server through a terminal (e.g., a computer or a mobile phone), or may directly establish connection and communicate with the first backend server in a wireless manner (e.g., bluetooth, infrared, wireless connection, or NFC near field communication).
In this embodiment, a process of completing a transaction operation by the first background server and the second background server is executed, and first verification processing needs to be performed on the first to-be-verified information, where the first verification processing includes signature verification, decryption verification or encryption verification, verification or encryption verification and verification, the first verification processing is performed on the first to-be-verified information, the background server confirms that the user of the second electronic signature device has confirmed the transaction information or the transaction information is not tampered, and the background server may execute a corresponding transaction operation according to the transaction information.
As an optional implementation manner in this embodiment, when the second electronic signature device generates the first to-be-verified information in a first manner, that is, when the first to-be-verified information is signature data generated by the second electronic signature device performing signature calculation on the transaction information by using a private key stored in the second electronic signature device, a process of executing the first background server and the second background server to complete the transaction operation at least includes one of the following two manners:
the first method is as follows: and the first background server performs signature verification (signature verification) on the first information to be verified by using the public key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the signature verification is passed.
In the first mode, as an optional application scenario, the first background server and the second background server are the same server, and the first background server has the public key of the second electronic signature device. As another optional application scenario, the first background server and the second background server are different servers, and the first background server may obtain the public key of the second electronic signature device. The specific implementation manner of the first background server performing signature verification on the first to-be-verified information by using the public key of the second electronic signature device is as follows: the first background server decrypts the received signature data by using the public key of the second electronic signature device to obtain the abstract of the transaction information, performs HASH calculation on the received transaction information to obtain the abstract of the transaction information, compares whether the abstract of the transaction information obtained by decryption is the same as the abstract of the transaction information obtained by HASH calculation, and if the abstract of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
The second method comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server performs signature verification (signature verification) on first information to be verified (signature data of second electronic signature equipment) by using a public key of the second electronic signature equipment, the second background server executes money making transaction operation according to the transaction information after the signature verification is passed, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different servers, the first background server does not have the public key of the second electronic signature device, and only the second background server has the public key of the second electronic signature device. The specific implementation manner of the second background server performing signature verification on the first information to be verified by using the public key of the second electronic signature device is as follows: the second background server decrypts the received signature data by using the public key of the second electronic signature device to obtain the abstract of the transaction information, performs HASH calculation on the received transaction information to obtain the abstract of the transaction information, compares whether the abstract of the transaction information obtained by decryption is the same as the abstract of the transaction information obtained by HASH calculation, and if the abstract of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
As another optional implementation manner in this embodiment, when the second electronic signature device generates the first information to be verified in a second manner, that is, when the first information to be verified is generated by the second electronic signature device by encrypting the transaction information with the first transaction key, a flow of performing the transaction operation by the first backend server and the second backend server includes at least one of the following two manners:
the first method is as follows: the first background server carries out decryption verification or encryption verification on the first information to be verified by using the first transaction key, and executes corresponding transaction operation according to the transaction information after the decryption verification or the encryption verification is passed.
In the first mode, as an optional application scenario, the first background server and the second background server are the same server, and the first background server has the first transaction key of the second electronic signature device; as another optional application scenario, the first backend server and the second backend server are different servers, but the first backend server may obtain the first transaction key of the second electronic signature device. Under the two application scenarios, the first background server performs decryption verification or encryption verification on the first to-be-verified information by using the first transaction key, wherein the implementation manner of the encryption verification is as follows: the first background server encrypts the received transaction information by using the first transaction key to generate a first check ciphertext, compares whether the first check ciphertext is the same as the first information to be verified, and if so, indicates that the decryption verification or the encryption verification is passed; the decryption verification method comprises the following steps: the first background server decrypts the received first to-be-verified information by using the first transaction key to obtain decrypted transaction information, compares whether the decrypted transaction information is the same as the transaction information in the received first transaction data packet, and if so, indicates that decryption verification or encryption verification is passed.
The second method comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server performs decryption verification or encryption verification on the first information to be verified by using a first transaction key of the second electronic signature device, and after the decryption verification or encryption verification is passed, the second background server executes money-making transaction operation according to the transaction information, and the first background server executes money-collecting transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different servers, the first background server does not have the first transaction key of the second electronic signature device, and the second background server has the first transaction key. The second background server performs decryption verification or encryption verification on the first information to be verified by using the first transaction key, wherein the implementation mode of the encryption verification is as follows: the second background server encrypts the received transaction information by using the first transaction key to generate a first check ciphertext, compares whether the first check ciphertext is the same as the first information to be verified, and if so, indicates that the decryption verification or the encryption verification is passed; the decryption verification method comprises the following steps: the second background server decrypts the received first to-be-verified information by using the first transaction key to obtain decrypted transaction information, compares whether the decrypted transaction information is the same as the transaction information in the received first transaction data packet, and if so, indicates that the decryption verification or the encryption verification is passed.
As an optional implementation manner in this embodiment, when the second electronic signature device generates the first to-be-verified information in a third manner, that is, when the first to-be-verified information is a verification value generated by the second electronic signature device performing verification calculation on the transaction information by using the first transaction verification key stored in the second electronic signature device, a process of executing the first background server and the second background server to complete the transaction operation at least includes one of the following two manners:
the first method is as follows: and the first background server carries out verification and verification on the first information to be verified by using the first transaction verification key, and executes corresponding transaction operation according to the transaction information after the verification and verification are passed.
In the first mode, as an optional application scenario, the first background server and the second background server are the same server, and the first background server has a first transaction verification key of the second electronic signature device; as another optional application scenario, the first backend server and the second backend server are different servers, but the first backend server may obtain the first transaction verification key of the second electronic signature device. In the two application scenarios, the first background server performs verification and verification on the first to-be-verified information by using the first transaction verification key, and the specific implementation manner is as follows: the first background server calculates the received transaction information by using the first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value, and if so, indicates that the verification passes.
The second method comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server performs verification and verification on the first information to be verified by using a first transaction verification key of the second electronic signature device, the second background server executes money making transaction operation according to the transaction information after the verification and verification are passed, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different servers, the first background server does not have the first transaction verification key of the second electronic signature device, and the second background server has the first transaction verification key. The specific implementation manner of the second background server using the first transaction verification key to verify and verify the first to-be-verified information is as follows: and the second background server calculates the received transaction information by using the first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value or not, and if so, indicates that the verification passes.
As an optional implementation manner in this embodiment, when the second electronic signature device generates the first to-be-verified information in the fourth manner, that is, when the first to-be-verified information is a transaction request generated by the second electronic signature device encrypting the transaction information by using the first transaction key to generate an encryption, and calculating the encrypted transaction request by using the first transaction verification key to generate a verification value, a process of executing the first background server and the second background server to complete a transaction operation includes at least one of the following two manners:
the first method is as follows: and the first background server performs encryption verification and verification on the first information to be verified by using the first transaction verification key, and executes corresponding transaction operation according to the transaction information after the encryption verification and verification are passed.
In the first mode, as an optional application scenario, the first background server and the second background server are the same server, and the first background server has a first transaction key and a first transaction verification key of the second electronic signature device; as another optional application scenario, the first background server and the second background server are different servers, but the first background server may obtain the first transaction key and the first transaction verification key of the second electronic signature device. In the two application scenarios, the first background server performs encryption verification and verification on the first to-be-verified information by using the first transaction key and the first transaction verification key, and the specific implementation manner is as follows: the first background server encrypts and calculates the received transaction information by using the first transaction key to generate an encrypted transaction request, verifies and calculates the encrypted transaction request by using the first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value, and if so, indicates that the encryption verification and the verification pass. Certainly, when the first to-be-verified information includes the encrypted transaction request and the verification value, the specific implementation manner of the first background server performing decryption verification and verification by using the first transaction key and the first transaction verification key is as follows: the first background server carries out verification calculation on the received encrypted transaction request by using a first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value, decrypts the received encrypted transaction information by using the first transaction key under the same condition to obtain transaction information, compares whether the decrypted transaction information is the same as the received transaction information, and if so, indicates that decryption verification and verification pass.
The second method comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server conducts encryption verification and verification on the first information to be verified by using a first transaction key and a first transaction verification key of the second electronic signature device, the second background server executes money making transaction operation according to the transaction information after the encryption verification and verification are passed, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different servers, the first background server does not have the first transaction key and the first transaction verification key of the second electronic signature device, and the second background server has the first transaction key and the first transaction verification key. The specific implementation manner of the second background server performing encryption verification and verification on the first to-be-verified information by using the first transaction key and the first transaction verification key is as follows: the second background server encrypts and calculates the received transaction information by using the first transaction key to generate an encrypted transaction request, verifies and calculates the encrypted transaction request by using the first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value, and if so, indicates that the encryption verification and the verification pass. Certainly, when the first to-be-verified information includes the encrypted transaction request and the verification value, the specific implementation manner of the first background server performing decryption verification and verification by using the first transaction key and the first transaction verification key is as follows: the first background server carries out verification calculation on the received encrypted transaction request by using a first transaction verification key to generate a verification value, compares whether the calculated verification value is the same as the received verification value, decrypts the received encrypted transaction information by using the first transaction key under the same condition to obtain transaction information, compares whether the decrypted transaction information is the same as the received transaction information, and if so, indicates that decryption verification and verification pass.
As an optional implementation manner of this embodiment, after receiving the confirmation information of the transaction information and before generating and storing the first transaction data packet according to the predetermined format, the first electronic signature device in step 404 further includes: the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, wherein the second processing comprises the following steps: signature calculation, encryption calculation, verification calculation, or encryption calculation and verification calculation. The first transaction data packet generated in step 404 also includes second information to be verified.
Specifically, the first electronic signature device performs second processing on the transaction information to generate second information to be verified, which includes one of four ways of performing signature calculation, encryption calculation, verification calculation, encryption calculation, and verification calculation on the transaction information, and details are not repeated here. In addition, the first to-be-verified information and the second to-be-verified information in the first transaction data packet may be generated in the same manner or may be generated in different manners. When the first transaction data packet includes the first to-be-verified information, the second to-be-verified information, and the transaction information, the process of executing the first background server and the second background server to complete the transaction operation in step 405 at least includes one of the following two ways:
the first method is as follows: and the first background server performs second verification processing on the second information to be verified and performs first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing and the second verification processing are both passed.
In the first mode, the first background server performs second processing on the second information to be verified, where the second processing includes one of four modes, i.e., signature verification, decryption verification or encryption verification, verification, encryption verification, and verification, and the implementation mode is the same as that when the first background server performs corresponding first processing on the first information to be verified, and is not described herein again. In addition, the first background server may perform the second verification processing on the second information to be verified first, or may perform the first verification processing on the first information to be verified first, which is not limited in this embodiment.
In the first mode, as an optional application scenario, the first background server and the second background server are the same background server, and the first background server may obtain the public key of the second electronic signature device, the first transaction key, and/or the first transaction verification key. As another optional application scenario, the first background server and the second background server are different background servers, and the first background server may obtain the public key of the second electronic signature device, the first transaction key, and/or the first transaction verification key.
The second method comprises the following steps: the first background server carries out second verification processing on the second information to be verified and sends the first information to be verified and the transaction information to the second background server, the second background server carries out first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the second background server executes money making transaction operation according to the transaction information, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different background servers, the first background server 30 may not obtain the public key, the first transaction key and/or the first transaction verification key of the second electronic signature device, and only the second background server has the public key, the first transaction key and/or the first transaction verification key set for the second electronic signature device.
As an optional implementation manner of this embodiment, before step 403, the method provided in this embodiment further includes: and the second electronic signature equipment performs security analysis on the transaction information according to the set risk items, and prompts a user holding the first electronic signature equipment that the current transaction has risk if the security analysis result has security risk. The transaction information is safely analyzed and the user is prompted by setting the risk items, so that the transaction safety is improved.
As an optional implementation manner of this embodiment, before step 404, the method provided in this embodiment further includes: and the first electronic signature equipment carries out security analysis on the transaction information according to the set risk items, and if the security analysis result has a security risk, the user with the first electronic signature equipment is prompted to have a risk in the current transaction. The transaction information is safely analyzed and the user is prompted by setting the risk items, so that the transaction safety is improved.
As an optional implementation manner of this embodiment, the performing, by the first electronic signature device and the second electronic signature device, security analysis on the transaction information according to the set risk item includes at least one of the following four manners:
judging whether the last transaction of the current transaction is abnormal or not, and if so, presenting a safety risk;
judging whether the transaction amount in the transaction information exceeds a set offline transaction amount, and if so, having a safety risk;
judging whether the transaction amount in the transaction information exceeds the set total amount of the single transaction, if so, the safety risk exists;
and judging whether the preset transaction times are exceeded in a preset time period, and if so, presenting a safety risk.
As an optional implementation manner of this embodiment, the first transaction data packet includes one or more than one, and the second transaction data packet includes one or more than one. Specifically, the first electronic signature device may generate a first transaction data packet and then send the first transaction data packet to the background server for performing a transaction operation. Optionally, the first electronic signature device may also send the multiple first transaction data packets to the background server together for transaction operation after generating the multiple first transaction data packets. Similarly, the second electronic signature device may send the second transaction data packet to the background server to execute the transaction operation after generating one second transaction data packet, or send the plurality of second transaction data packets to the background server together to execute the transaction operation after generating the plurality of second transaction data packets. The data packets are sent to the background server together for online transaction, so that the offline transaction of the user can be facilitated, the online clearing of the user is not needed to be performed every time the offline transaction is performed, and the transaction convenience is improved.
Specifically, as a specific implementation manner, in embodiment 4, a detailed description is given of the first electronic signature device 10 provided by the present invention, and fig. 2 is a schematic structural diagram of an optional first electronic signature device 10 according to an embodiment of the present invention, please refer to the detailed description in embodiment 4. As a specific implementation manner, in embodiment 5, a second electronic signature device 20 provided by the present invention is described in detail, and fig. 4 is a schematic structural diagram of an optional second electronic signature device 20 according to an embodiment of the present invention, please refer to the detailed description in embodiment 5.
Example 7
The method for performing independent transaction by using electronic signature device in the embodiment of the present invention is a flowchart, as shown in fig. 7, the method includes the following steps (501-511):
step 501: the second electronic signature device and the first electronic signature device respectively perform security authentication on the other party, and after the security authentication is passed, step 502 or step 503 is executed;
in this embodiment, the process of the second electronic signature device and the process of the first electronic signature device respectively performing security authentication on each other at least include one of the following two ways:
the first method is as follows:
a1: the first electronic signature device generates single authentication data R1, and signs the single authentication data R1 to generate signature data S1;
a2: the first electronic signature device sends a security authentication request carrying the single authentication data R1, the signature data S1 and the digital certificate of the first electronic signature device to a second electronic signature device;
a3: the second electronic signature device verifies the digital certificate sent by the first electronic signature device by using a prestored root certificate, if the digital certificate passes the verification, A4 is executed, if the digital certificate does not pass the verification, the transaction flow is ended, and if necessary, a message that the digital certificate does not pass the verification can be fed back to the first electronic signature device and/or the second electronic signature device;
a4: the second electronic signature device acquires the public key of the first electronic signature device from the digital certificate of the first electronic signature device, verifies the signature data S1 by using the public key of the first electronic signature device, if the signature passes, executes A5, if the signature does not pass, stops the transaction process, and also can feed back a message that the signature does not pass to the first electronic signature device and/or the second electronic signature device;
a5: the second electronic signature device generates single authentication data R2;
a6: the second electronic signature device connects the single authentication data R1 with the single authentication data to generate single authentication data R, and signs the single authentication data R to generate signature data S;
a7: the second electronic signature device sends a security authentication request carrying the single authentication data R, the signature data S and a digital certificate of the second electronic signature device to the first electronic signature device;
a8: the first electronic signature device verifies the digital certificate of the second electronic signature device by using the root certificate, if the verification is passed, A9 is executed, if the verification is not passed, the transaction flow is stopped, and a message that the verification certificate is not passed can be fed back to the first electronic signature device and/or the second electronic signature device;
a9: the first electronic signature device acquires a public key of the second electronic signature device from a digital certificate of the second electronic signature device, verifies the signature data S by using the public key of the second electronic signature device, executes B10 if the signature passes the verification, stops the transaction process if the signature does not pass the verification, and can also feed back a message that the signature does not pass the verification to the first electronic signature device and/or the second electronic signature device;
a10: the first electronic signature device disconnects the single authentication data R to obtain signature data R1 ' and signature data R2 ', compares whether the single authentication data R1 ' obtained by disconnection is the same as the single authentication data R1 generated by the first electronic signature device, if so, performs subsequent operations, and if not, can feed back a message that the single authentication data verification fails to the first electronic signature device and/or the second electronic signature device.
The second method comprises the following steps:
b1: the first electronic signature device generates single authentication data R1, and signs the single authentication data R1 to generate signature data S1;
b2: the first electronic signature device sends a security authentication request carrying the single authentication data R1, the signature data S1 and the digital certificate of the first electronic signature device to a second electronic signature device;
b3: the second electronic signature device verifies the digital certificate sent by the first electronic signature device by using a prestored root certificate, if the digital certificate passes the verification, B4 is executed, if the digital certificate does not pass the verification, the transaction flow is ended, and if necessary, a message that the digital certificate does not pass the verification can be fed back to the first electronic signature device and/or the second electronic signature device;
b4: the second electronic signature device acquires the public key of the first electronic signature device from the digital certificate of the first electronic signature device, verifies the signature data S1 by using the public key of the first electronic signature device, if the signature passes, executes B5, if the signature does not pass, stops the transaction process, and also can feed back a message that the signature does not pass to the first electronic signature device and/or the second electronic signature device;
b5: the second electronic signature device generates single authentication data R2;
b6: the second electronic signature device signs the single authentication data R2 to generate signature data S2;
b7: the second electronic signature device sends a security authentication request carrying the single authentication data R, the signature data S2 and a digital certificate of the second electronic signature device to the first electronic signature device;
b8: the first electronic signature device verifies the digital certificate of the second electronic signature device by using the root certificate, if the verification is passed, B9 is executed, if the verification is not passed, the transaction flow is stopped, and a message that the verification certificate is not passed can be fed back to the first electronic signature device and/or the second electronic signature device;
b9: the first electronic signature device obtains the public key of the second electronic signature device from the digital certificate of the second electronic signature device, verifies the signature data S by using the public key of the second electronic signature device, executes subsequent operation if the signature passes the verification, stops the transaction process if the signature does not pass the verification, and can also feed back a message that the signature does not pass the verification to the first electronic signature device and/or the second electronic signature device.
Of course, besides the above two modes, there are other modes for the second electronic signature device and the first electronic signature device to perform security authentication on each other, and other modes expanded by those skilled in the art on the basis of the present invention should be a protection scope of the present invention.
In this step, the first electronic signature device and the second electronic signature device may negotiate to generate a transmission key or a verification key in the process of performing security authentication, and the specific implementation manner thereof is the same as that of step 400b in embodiment 4, and details are not described here.
Step 502: the first electronic signature device performs PIN code verification on the second electronic signature device, and after verification is successful, step 503 is executed;
in this embodiment, the implementation manner of step 502 is the same as that of step 400c in embodiment 4, and is not described herein again. Wherein, the step 501 and the step 502 are not in sequence.
Step 503: the first electronic signature device sends a transaction request to the second electronic signature device;
step 504: the second electronic signature device receives the transaction request, acquires transaction information, performs security analysis on the transaction information according to the set risk items, and if the security analysis result has a security risk, executes step 505; if there is no security risk, go to step 506;
step 505: the second electronic signature device prompts a user holding the second electronic signature device that the current transaction is at risk;
step 506: the second electronic signature device prompts the user with the second electronic signature device for transaction information, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
step 507: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
step 508: the first electronic signature device performs security analysis on the transaction information according to the set risk item, if the security analysis result has a security risk, step 509 is performed, and if the security analysis does not have a security risk, step 510 is performed.
Step 509: the first electronic signature device prompts a user holding the first electronic signature device that the current transaction is at risk;
step 510, the first electronic signature device prompts transaction information to a user holding the first electronic signature device, and generates and stores a first transaction data packet according to a preset format after receiving confirmation information of the transaction information, wherein the first transaction data packet at least comprises first information to be verified and the transaction information;
step 511: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
In this embodiment, the first transaction data packet includes first information to be verified and transaction information, and how the first background server completes a corresponding transaction operation according to the first transaction data packet will be described below by taking only an example that the first information to be verified is generated by the second electronic signature device through signature calculation using a private key stored in the first background server. The process of executing the first background server and the second background server to complete the transaction operation at least comprises one of the following two modes:
the first method is as follows: and the first background server performs signature verification (signature verification) on the first information to be verified by using the public key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the signature verification is passed.
In the first mode, as an optional application scenario, the first background server and the second background server are the same server, and the first background server has the public key of the second electronic signature device. As another optional application scenario, the first background server and the second background server are different servers, and the first background server may obtain the public key of the second electronic signature device. The specific implementation manner of the first background server performing signature verification on the first to-be-verified information by using the public key of the second electronic signature device is as follows: the first background server decrypts the received signature data by using the public key of the second electronic signature device to obtain the abstract of the transaction information, performs HASH calculation on the received transaction information to obtain the abstract of the transaction information, compares whether the abstract of the transaction information obtained by decryption is the same as the abstract of the transaction information obtained by HASH calculation, and if the abstract of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
The second method comprises the following steps: the first background server sends the first transaction data packet to a second background server, the second background server performs signature verification (signature verification) on first information to be verified (signature data of second electronic signature equipment) by using a public key of the second electronic signature equipment, the second background server executes money making transaction operation according to the transaction information after the signature verification is passed, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different servers, the first background server does not have the public key of the second electronic signature device, and only the second background server has the public key of the second electronic signature device. The specific implementation manner of the second background server performing signature verification on the first information to be verified by using the public key of the second electronic signature device is as follows: the second background server decrypts the received signature data by using the public key of the second electronic signature device to obtain the abstract of the transaction information, performs HASH calculation on the received transaction information to obtain the abstract of the transaction information, compares whether the abstract of the transaction information obtained by decryption is the same as the abstract of the transaction information obtained by HASH calculation, and if the abstract of the transaction information obtained by HASH calculation is the same, the signature verification is passed.
The step 405 in embodiment 6 can be referred to in the implementation manner of executing the flow in which the first background server and the second background server complete the transaction operation when the first to-be-verified information in the first transaction data packet is otherwise, and details are not described herein again.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; the first electronic signature device is used as a payee to execute the networked transaction, the first background server determines that the user (payer) holds the second electronic signature device and confirms the transaction information through the first information to be verified, the transaction operation can be executed, and the security of the transaction is ensured; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 8
The method for performing independent transaction by using electronic signature device according to the embodiment of the present invention is a flowchart, as shown in fig. 8, including the following steps (601-606):
steps 601 to 603 are the same as steps 401 to 403 in embodiment 4, and are not described herein again.
Step 604, the first electronic signature device prompts transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device performs second processing on the transaction information to generate second information to be verified, and generates and stores a first transaction data packet by the first information to be verified, the second information to be verified and the transaction information according to a preset format;
in this embodiment, different from step 404 in embodiment 4, after the first electronic signature device receives the confirmation of the user on the transaction information, the first electronic signature device generates the transaction information into second information to be verified, and the first transaction data packet includes not only the first information to be verified and the transaction information, but also the second information to be verified.
Step 605: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
In this embodiment, the first transaction data packet includes first information to be verified, second information to be verified, and transaction information, and the process of executing the first background server and the second background server to complete the transaction operation at least includes one of the following two ways:
the first method is as follows: and the first background server performs second verification processing on the second information to be verified, performs first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing and the second verification processing are passed.
In the first mode, the first background server performs second processing on the second information to be verified, where the second processing includes one of four modes, i.e., signature verification, decryption verification or encryption verification, verification, encryption verification, and verification, and the implementation mode is the same as that when the first background server performs corresponding first processing on the first information to be verified, and is not described herein again. In addition, the first background server may perform the second verification processing on the second information to be verified first, or may perform the first verification processing on the first information to be verified first, which is not limited in this embodiment.
In the first mode, as an optional application scenario, the first background server and the second background server are the same background server, and the first background server may obtain the public key of the second electronic signature device, the first transaction key, and/or the first transaction verification key. As another optional application scenario, the first background server and the second background server are different background servers, and the first background server may obtain the public key of the second electronic signature device, the first transaction key, and/or the first transaction verification key.
The second method comprises the following steps: the first background server carries out second verification processing on the second information to be verified and sends the first information to be verified and the transaction information to the second background server, the second background server carries out first verification processing on the first information to be verified, after the first verification processing and the second verification processing are both passed, the second background server executes money making transaction operation according to the transaction information, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different background servers, the first background server may not obtain the public key, the first transaction key and/or the first transaction verification key of the second electronic signature device, and only the second background server has the public key, the first transaction key and/or the first transaction verification key of the second electronic signature device.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; the first electronic signature device is used as a payee to execute the networked transaction, the first background server and the second background server determine that a user (a payer) holding the second electronic signature device and the user (the payee) holding the first electronic signature device confirm the transaction information through the first information to be verified and the second information to be verified, the transaction operation can be executed, and the security of the transaction is ensured; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 9
The method for performing independent transaction by using electronic signature device in the embodiment of the present invention is a flowchart, as shown in fig. 9, the method includes the following steps (701-704):
in this embodiment, steps 701 to 702 are the same as steps 401 to 402 in embodiment 4, and are not described herein again.
Step 703: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, generates a second transaction data packet according to a preset format and stores the second transaction data packet, wherein the second transaction data packet at least comprises the first information to be verified and the transaction information;
unlike step 403 in embodiment 4, the second electronic signature apparatus generates the first information to be verified and then generates the second transaction data packet by using the first information to be verified and the transaction information instead of sending the first information to be verified and the transaction information to the first electronic signature apparatus. The manner in which the second electronic signature device performs the first processing on the transaction information to generate the first to-be-verified information may be specifically referred to in embodiment 6, and details are not described here.
Step 704: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, the second transaction data packet at least includes the first to-be-verified information and the transaction information, and details of a manner in which the second electronic signature device performs the first processing on the transaction information to generate the first to-be-verified information are not repeated herein. The process of executing the first background server and the second background server to complete the transaction operation specifically includes the following four ways: the first method is as follows: the second background server performs signature verification on the first information to be verified by using the public key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the signature verification is passed; the second method comprises the following steps: the second background server performs decryption verification or encryption verification on the first information to be verified by using the first transaction key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the decryption verification or the encryption verification is passed; the third method comprises the following steps: the second background server verifies the first information to be verified by using the first transaction verification key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the verification is passed; the method is as follows: and the second background server performs encryption verification and verification on the first information to be verified by using the first transaction key and the first transaction verification key of the second electronic signature device, and executes corresponding transaction operation according to the transaction information after the encryption verification and verification are passed. In this embodiment, the second backend server performs signature verification, decryption verification or encryption verification, verification, encryption verification, and verification on the first information to be verified in the same manner as in embodiment 6, and details are not repeated here.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; the second electronic signature device is used as a payer to execute networking transaction, and the second background server determines that the user (payer) holds the second electronic signature device and confirms the transaction information through the first information to be verified, so that transaction operation can be executed, and the security of the transaction is ensured; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 10
The method for performing independent transaction by using electronic signature device in the embodiment of the present invention is a flowchart, as shown in fig. 10, the method includes the following steps (801 and 806):
in this embodiment, steps 801 to 803 are the same as steps 401 to 403 in embodiment 4, and are not described herein again.
Step 804, the first electronic signature device prompts transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, and sends the second information to be verified to the second electronic signature device;
different from step 604 in embodiment 8, after the first electronic signature device generates the second information to be verified, the second electronic signature device also sends the second information to be verified to the second electronic signature device.
Step 805: the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified, second information to be verified and transaction information;
step 806: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, the process of executing the first backend server and the second backend server to complete the transaction operation at least includes one of the following two ways:
the first method is as follows: and the second background server performs second verification processing on the second information to be verified, performs first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing and the second verification processing are passed.
In the first mode, the second background server performs second processing on the second information to be verified, where the second processing includes one of four modes, i.e., signature verification, decryption verification or encryption verification, verification, encryption verification, and verification, and the implementation mode is the same as that when the first background server performs corresponding first processing on the first information to be verified, and is not described herein again. In addition, the second background server may perform the second verification processing on the second information to be verified first, or may perform the first verification processing on the first information to be verified first, which is not limited in this embodiment.
In the first mode, as an optional application scenario, the first background server and the second background server are the same background server, and the second background server may obtain the public key of the first electronic signature device, the second transaction key, and/or the second transaction verification key. As another optional application scenario, the first background server and the second background server are different background servers, and the second background server may obtain the public key of the first electronic signature device, the second transaction key, and/or the second transaction verification key.
The second method comprises the following steps: the second background server carries out first verification processing on the first information to be verified and sends the second information to be verified and the transaction information to the first background server, the first background server carries out second verification processing on the second information to be verified, and after the first verification processing and the second verification processing are both passed, the second background server executes money making transaction operation according to the transaction information, and the first background server executes money receiving transaction operation according to the transaction information.
In the second mode, the first background server and the second background server are different background servers, the second background server cannot obtain the public key, the second transaction key and/or the second transaction verification key of the first electronic signature device, and only the first background server has the public key, the second transaction key and/or the second transaction verification key of the first electronic signature device.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; the second electronic signature device is used as a payee to execute the networked transaction, and the second background server and the first background server confirm that the user (payer) holding the second electronic signature device and the user (payee) holding the first electronic signature device confirm the transaction information through the first information to be verified and the second information to be verified, so that the transaction operation can be executed, and the security of the transaction is ensured; in addition, the electronic signature device prompts the transaction information to the user and confirms the transaction information by the user, so that the security of the transaction is further ensured.
Example 11
The method for performing independent transaction by using electronic signature device in the embodiment of the present invention is a flowchart, as shown in fig. 11, the method includes the following steps (901-):
step 901: the first electronic signature device sends a transaction request to the second electronic signature device;
step 902: the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
step 903: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified;
step 904: the second electronic signature device sends the transaction information and the first information to be verified to the first electronic signature device;
step 905: the first electronic signature device prompts transaction information to a user holding the first electronic signature device, and after confirmation information of the transaction information is received, a first transaction data packet is generated according to a preset format and stored, wherein the first transaction data packet at least comprises first information to be verified and the transaction information;
step 906: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
After step 903, there are further steps (907 to 908) in which,
step 907: the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified and transaction information;
step 908: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, steps 904-906 and steps 907-908 are not in sequence and can be performed simultaneously.
As an optional implementation manner of the present invention, the executing, in step 906, a flow of the first backend server and the second backend server completing the transaction operation specifically includes: the first background server judges whether the transaction indicated by the first transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. In this embodiment, the first background server may query whether the transaction has been completed through the single identifier indicated in the first transaction data packet, if not, execute a process in which the first background server and the second background server complete the transaction operation, record the single identifier information of the transaction in the background server, and if so, end the transaction. Before the background server executes the transaction, whether the transaction is executed or not is judged first, and repeated transactions are avoided.
As an optional implementation manner of the present invention, the executing, in step 908, a flow of the first backend server and the second backend server completing the transaction operation specifically includes: and the second background server judges whether the transaction indicated by the second transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. In this embodiment, the second background server may query whether the transaction has been completed through the single identifier indicated in the second transaction data packet, if not, execute the process in which the first background server and the second background server complete the transaction operation, record the single identifier information of the transaction in the background server, and if so, end the transaction. Before the background server executes the transaction, whether the transaction is executed or not is judged first, and repeated transactions are avoided.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; after the first electronic signature device or the second electronic signature device is networked, the account amount of the user is cleared after the identity of the user is verified to be legal, and the safety of transaction is guaranteed; in addition, the first electronic signature device and the second electronic signature device can perform networking transaction, and the transaction convenience is improved.
Example 12
The method flowchart for performing independent transaction by using electronic signature device provided in this embodiment, as shown in the method embodiment shown in fig. 12, includes the following steps (1001-1008):
step 1001: the first electronic signature device sends a transaction request to the second electronic signature device;
step 1002: the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
step 1003: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
step 1004: the first electronic signature device prompts transaction information to a user holding the first electronic signature device;
step 1005: after receiving the confirmation information of the transaction information, the first electronic signature device generates and stores a first transaction data packet according to a preset format, wherein the first transaction data packet at least comprises first information to be verified and the transaction information;
step 1005: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
After step 1003, there are further steps (1006 to 1008) in which,
step 1006: the first electronic signature device prompts transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, and the second information to be verified is sent to the second electronic signature device;
step 1007: the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified, second information to be verified and transaction information;
step 1008: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, steps 1004 to 1005 and steps 1006 to 1008 are not in sequence, and can be performed simultaneously.
As an optional implementation manner of this embodiment, the executing, in step 1005, a flow of the transaction operation completed by the first backend server and the second backend server specifically includes: the first background server judges whether the transaction indicated by the first transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
As an optional implementation manner of this embodiment, the executing, in step 1008, a flow of the first backend server and the second backend server completing the transaction operation specifically includes: and the second background server judges whether the transaction indicated by the second transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; after the first electronic signature device or the second electronic signature device is networked, the account amount of the user is cleared after the identity of the user is verified to be legal, and the safety of transaction is guaranteed; in addition, the first electronic signature device and the second electronic signature device can perform networking transaction, and the transaction convenience is improved.
Example 13
The method for performing independent transaction by using electronic signature device provided by this embodiment is a flowchart, and the method embodiment shown in fig. 13 includes the following steps (1101-1108):
step 1101: the first electronic signature device sends a transaction request to the second electronic signature device;
step 1102: the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
step 1103: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified;
step 1104: the second electronic signature device sends the transaction information and the first information to be verified to the first electronic signature device;
step 1105: the first electronic signature equipment prompts transaction information to a user holding the first electronic signature equipment, after confirmation information of the transaction information is received, the first electronic signature equipment carries out second processing on the transaction information to generate second information to be verified, and generates a first transaction data packet according to a preset format by using the first information to be verified, the second information to be verified and the transaction information;
step 1106: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
After step 1103, there are also steps (1107 and 1108) in which,
step 1107: the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified and transaction information;
step 1108: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, steps 1104 to 1106 and steps 1107 to 1108 are not in sequence and can be performed simultaneously.
As an optional implementation manner of this embodiment, the executing a flow of the transaction operation by the first backend server and the second backend server in step 1106 specifically includes: the first background server judges whether the transaction indicated by the first transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
As an optional implementation manner of this embodiment, the executing, in step 1108, a flow of the first backend server and the second backend server completing the transaction operation specifically includes: and the second background server judges whether the transaction indicated by the second transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; after the first electronic signature device or the second electronic signature device is networked, the account amount of the user is cleared after the identity of the user is verified to be legal, and the safety of transaction is guaranteed; in addition, the first electronic signature device and the second electronic signature device can perform networking transaction, and the transaction convenience is improved.
Example 14
The method for performing independent transaction by using electronic signature device in the embodiment is a flowchart, as shown in fig. 14, the method includes the following steps (1201-1208):
step 1201: the first electronic signature device sends a transaction request to the second electronic signature device;
step 1202: the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device and account information related to the second electronic signature device;
step 1203: after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
step 1204: the first electronic signature equipment prompts transaction information to a user holding the first electronic signature equipment, after confirmation information of the transaction information is received, the first electronic signature equipment carries out second processing on the transaction information to generate second information to be verified, and generates a first transaction data packet according to a preset format by using the first information to be verified, the second information to be verified and the transaction information;
step 1205: the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
After step 1203, the following steps (1206 to 1208) are also included, wherein,
step 1206: the first electronic signature device prompts transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, and the second information to be verified is sent to the second electronic signature device;
step 1207: the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises first information to be verified, second information to be verified and transaction information;
step 1208: and the second electronic signature equipment is networked with the second background server, and the second electronic signature equipment sends the second transaction data packet to the second background server to execute the process of completing the transaction operation by the first background server and the second background server.
In this embodiment, steps 1204-1205 and steps 1206-1208 are not in sequence and can be performed simultaneously.
As an optional implementation manner of this embodiment, the executing a flow of the transaction operation by the first backend server and the second backend server in step 1205 specifically includes: the first background server judges whether the transaction indicated by the first transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
As an optional implementation manner of this embodiment, the executing a flow of the transaction operation by the first backend server and the second backend server in step 1208 specifically includes: and the second background server judges whether the transaction indicated by the second transaction data packet is completed or not, if not, the first background server and the second background server are executed to complete the transaction operation process, and if so, the transaction is ended. For specific implementation, reference may be made to corresponding contents in embodiment 11, which are not described herein again.
In the method provided by the embodiment, the user can realize the online transaction anytime and anywhere when the electronic signature equipment is not networked; after the first electronic signature device or the second electronic signature device is networked, the account amount of the user is cleared after the identity of the user is verified to be legal, and the safety of transaction is guaranteed; in addition, the first electronic signature device and the second electronic signature device can perform networking transaction, and the transaction convenience is improved.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (18)

1. A method for enabling independent transactions using an electronic signature device, the method comprising:
the first electronic signature device sends a transaction request to the second electronic signature device;
the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device;
after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
the first electronic signature device prompts the transaction information to a user holding the first electronic signature device, and after receiving confirmation information of the transaction information, a first transaction data packet is generated according to a preset format and stored, wherein the first transaction data packet at least comprises the first information to be verified and the transaction information;
the first electronic signature device is networked with the first background server, and the first electronic signature device sends the first transaction data packet to the first background server to execute a process that the first background server and the second background server complete transaction operation.
2. The method of claim 1,
if the first background server and the second background server are the same server, executing a process that the first background server and the second background server complete transaction operation, including: the first background server carries out first verification processing on the first information to be verified, and executes corresponding transaction operation according to the transaction information after the first verification processing is passed;
if the first background server and the second background server are different servers, executing a process that the first background server and the second background server complete transaction operation, including: the first background server sends the first transaction data packet to the second background server, the second background server performs first verification processing on the first information to be verified, and after the first verification processing is passed, the first background server and the second background server execute corresponding transaction operation according to the transaction information;
wherein the first processing includes: signature calculation, wherein the first verification process comprises signature verification; or,
the first process includes: performing encryption calculation, wherein the first verification processing comprises decryption verification or encryption verification; or,
the first process includes: checking and calculating, wherein the first verification processing comprises checking and verifying; or,
the first process includes: the first authentication process includes encryption authentication and verification authentication, or the first authentication process includes decryption authentication and verification authentication.
3. The method of claim 1, wherein the first electronic signature device, upon receiving the confirmation of the transaction information, further comprises, prior to generating and storing the first transaction data packet in a predetermined format: the first electronic signature device carries out second processing on the transaction information to generate second information to be verified;
the first transaction data packet further comprises: the second information to be verified;
if the first background server and the second background server are the same server, executing a process that the first background server and the second background server complete transaction operation, including: the first background server carries out second verification processing on the second information to be verified and carries out first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the first background server executes corresponding transaction operation according to the transaction information;
if the first background server and the second background server are different servers, executing a process that the first background server and the second background server complete transaction operation, including: the first background server carries out second verification processing on the second information to be verified and sends the first information to be verified and the transaction information to a second background server, the second background server carries out first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the first background server and the second background server execute corresponding transaction operation according to the transaction information;
wherein the second processing includes: signature calculation, the second verification process comprising signature verification; or,
the second process includes: performing encryption calculation, wherein the second verification processing comprises decryption verification or encryption verification; or,
the second process includes: checking and calculating, wherein the second verification processing comprises checking and verifying; or,
the second process includes: the encryption calculation and the verification calculation, the second verification processing comprises encryption verification and verification, or the second verification processing comprises decryption verification and verification.
4. The method according to any one of claims 1 to 3,
before the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, the method further includes: the second electronic signature device carries out security analysis on the transaction information according to a set risk item, and if a security risk exists in the security analysis result, the user with the second electronic signature device is prompted to have a risk in the current transaction;
before the first electronic signature device prompts the transaction information to a user holding the first electronic signature device, the method further comprises: and the first electronic signature equipment carries out security analysis on the transaction information according to a set risk item, and if the security analysis result has a security risk, the first electronic signature equipment prompts the user with the first electronic signature equipment that the current transaction has the risk.
5. The method according to any one of claims 1 to 4,
the first transaction data packet includes: one or more of; the second transaction data packet includes: one or more than one.
6. A method for enabling independent transactions using an electronic signature device, the method comprising:
the first electronic signature device sends a transaction request to the second electronic signature device;
the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device;
after the second electronic signature device receives the confirmation information of the transaction information, the first electronic signature device performs first processing on the transaction information to generate first information to be verified;
the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises the first information to be verified and the transaction information;
the second electronic signature device is networked with the second background server, and the second electronic signature device sends the second transaction data packet to the second background server to execute the process that the first background server and the second background server complete transaction operation.
7. A method for enabling independent transactions using an electronic signature device, the method comprising:
the first electronic signature device sends a transaction request to the second electronic signature device;
the second electronic signature device receives the transaction request, acquires transaction information, and prompts the transaction information to a user holding the second electronic signature device, wherein the transaction information at least comprises: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device;
after receiving the confirmation information of the transaction information, the second electronic signature equipment performs first processing on the transaction information to generate first information to be verified, and sends the transaction information and the first information to be verified to the first electronic signature equipment;
the first electronic signature device prompts the transaction information to a user holding the first electronic signature device, after receiving confirmation information of the transaction information, the first electronic signature device carries out second processing on the transaction information to generate second information to be verified, and the second information to be verified is sent to the second electronic signature device;
the second electronic signature device generates and stores a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises the first information to be verified, the second information to be verified and the transaction information;
the second electronic signature device is networked with the second background server, and the second electronic signature device sends the second transaction data packet to the second background server to execute the process that the first background server and the second background server complete transaction operation.
8. A system for enabling independent transactions using an electronic signature device, the system comprising:
the first electronic signature device is used for sending a transaction request to the second electronic signature device;
the second electronic signature device is configured to receive the transaction request, acquire transaction information, and prompt the user holding the second electronic signature device with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device; after the confirmation information of the transaction information is received, the first electronic signature device is further used for performing first processing on the transaction information to generate first information to be verified, and sending the transaction information and the first information to be verified to the first electronic signature device;
the first electronic signature device is further configured to prompt the user holding the first electronic signature device with the transaction information, and after receiving confirmation information of the transaction information, generate and store a first transaction data packet according to a predetermined format, where the first transaction data packet at least includes the first to-be-verified information and the transaction information; the first background server is also used for networking with the first background server and sending the first transaction data packet to the first background server;
the first background server is used for completing transaction operation;
and the second background server is used for finishing transaction operation.
9. The system of claim 8,
if the first background server and the second background server are the same server, the first background server is specifically configured to perform first verification processing on the first information to be verified, and execute corresponding transaction operation according to the transaction information after the first verification processing is passed;
if the first background server and the second background server are different servers, the first background server is specifically configured to send the first transaction data packet to the second background server, and execute corresponding transaction operation according to the transaction information after the first verification processing is passed; the second background server is specifically used for performing first verification processing on the first information to be verified;
wherein the first processing comprises: signature calculation, wherein the first verification process comprises signature verification; or,
the first process includes: performing encryption calculation, wherein the first verification processing comprises decryption verification or encryption verification; or,
the first process includes: checking and calculating, wherein the first verification processing comprises checking and verifying; or,
the first process includes: the first authentication process includes encryption authentication and verification authentication, or the first authentication process includes decryption authentication and verification authentication.
10. The system of claim 8,
the first electronic signature device is further configured to, after receiving the confirmation information of the transaction information, perform second processing on the transaction information to generate second information to be verified before generating and storing a first transaction data packet according to a predetermined format;
the first transaction data packet further comprises: the second information to be verified;
if the first background server and the second background server are the same server, the first background server is specifically used for performing second verification processing on the second information to be verified and also used for performing first verification processing on the first information to be verified, and after the first verification processing and the second verification processing are both passed, the first background server is also used for executing corresponding transaction operation according to the transaction information;
if the first background server and the second background server are different servers, the first background server is specifically configured to perform second verification processing on the second information to be verified, and is further configured to send the first information to be verified and the transaction information to the second background server, and after the first verification processing and the second verification processing both pass, is further configured to execute corresponding transaction operation according to the transaction information; the second background server is also used for carrying out first verification processing on the first information to be verified;
wherein the second processing includes: signature calculation, the second verification process comprising signature verification; or,
the second process includes: performing encryption calculation, wherein the second verification processing comprises decryption verification or encryption verification; or,
the second process includes: checking and calculating, wherein the second verification processing comprises checking and verifying; or,
the second process includes: the encryption calculation and the verification calculation, the second verification processing comprises encryption verification and verification, or the second verification processing comprises decryption verification and verification.
11. A system for enabling independent transactions using an electronic signature device, the system comprising:
the first electronic signature device is used for sending a transaction request to the second electronic signature device;
the second electronic signature device is configured to receive the transaction request, acquire transaction information, and prompt the user holding the second electronic signature device with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device; after receiving the confirmation information of the transaction information, the transaction information processing device is also used for performing first processing on the transaction information to generate first information to be verified, generating a second transaction data packet according to a preset format and storing the second transaction data packet, wherein the second transaction data packet at least comprises the first information to be verified and the transaction information; the second transaction data packet is sent to the second background server;
the second background server is used for completing transaction operation;
and the first background server is used for finishing transaction operation.
12. A system for enabling independent transactions using an electronic signature device, the system comprising:
the first electronic signature device is used for sending a transaction request to the second electronic signature device;
the second electronic signature device is configured to receive the transaction request, acquire transaction information, and prompt the user holding the second electronic signature device with the transaction information, where the transaction information at least includes: the transaction amount, account information relating to the first electronic signature device, and account information relating to the second electronic signature device; after the confirmation information of the transaction information is received, the first electronic signature device is further used for performing first processing on the transaction information to generate first information to be verified, and sending the transaction information and the first information to be verified to the first electronic signature device;
the first electronic signature device is further configured to prompt the user holding the first electronic signature device with the transaction information, perform second processing on the transaction information after receiving confirmation information of the transaction information to generate second information to be verified, and send the second information to be verified to the second electronic signature device;
the second electronic signature device is further configured to generate and store a second transaction data packet according to a predetermined format, where the second transaction data packet at least includes the first information to be verified, the second information to be verified, and the transaction information; the second transaction data packet is sent to the second background server;
the second background server is used for completing transaction operation;
and the first background server is used for finishing transaction operation.
13. An electronic signature device, characterized in that the electronic signature device comprises:
the sending module is used for sending a transaction request to the second electronic signature device;
a receiving module, configured to receive transaction information and first to-be-verified information sent by the second electronic signature device, where the transaction information at least includes: the transaction amount, account information related to the electronic signature device and account information related to the second electronic signature device, wherein the first information to be verified is information to be verified generated by the second electronic signature device performing first processing on the transaction information;
the prompting module is used for prompting the transaction information to a user holding the electronic signature device;
the data packet generating module is used for generating and storing a first transaction data packet according to a preset format after receiving the confirmation information of the transaction information, wherein the first transaction data packet at least comprises the first information to be verified and the transaction information;
and the communication module is used for networking with the first background server and sending the first transaction data packet to the first background server.
14. The apparatus according to claim 13, wherein the electronic signature apparatus further comprises:
a to-be-verified information generating module, configured to, after the data packet generating module receives the confirmation information of the transaction information, perform a second process on the transaction information to generate second to-be-verified information before generating and storing a first transaction data packet according to a predetermined format, where the first transaction data packet further includes: the second information to be verified;
the sending module is further configured to send the second to-be-verified information to the second electronic signature device.
15. An electronic signature device, characterized in that the electronic signature device comprises:
the receiving module is used for receiving a transaction request sent by the first electronic signature device;
the acquisition module is used for acquiring transaction information;
the prompting module is used for prompting transaction information to a user holding the electronic signature device, and the transaction information at least comprises: the transaction amount, account information related to the first electronic signature device, and account information related to the electronic signature device;
the to-be-verified information generation module is used for performing first processing on the transaction information to generate first to-be-verified information after receiving the confirmation information of the transaction information;
and the sending module is used for sending the transaction information and the first information to be verified to the first electronic signature device.
16. The apparatus according to claim 15, wherein the electronic signature apparatus further comprises:
and the data packet generating module is used for generating and storing a second transaction data packet according to a preset format after receiving second to-be-verified information sent by the first electronic signature device, wherein the second transaction data packet at least comprises the first to-be-verified information, the second to-be-verified information and the transaction information.
17. The apparatus according to claim 15, wherein the electronic signature apparatus further comprises:
and the data packet generating module is used for generating and storing a second transaction data packet according to a preset format, wherein the second transaction data packet at least comprises the first information to be verified and the transaction information.
18. The apparatus according to claim 16 or 17, wherein the electronic signature apparatus further comprises:
and the communication module is used for networking with the second background server and sending the second transaction data packet to the second background server.
CN201510828084.2A 2015-11-25 2015-11-25 Method, system and device for realizing independent transaction by using electronic signature equipment Pending CN106056419A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510828084.2A CN106056419A (en) 2015-11-25 2015-11-25 Method, system and device for realizing independent transaction by using electronic signature equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510828084.2A CN106056419A (en) 2015-11-25 2015-11-25 Method, system and device for realizing independent transaction by using electronic signature equipment

Publications (1)

Publication Number Publication Date
CN106056419A true CN106056419A (en) 2016-10-26

Family

ID=57179358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510828084.2A Pending CN106056419A (en) 2015-11-25 2015-11-25 Method, system and device for realizing independent transaction by using electronic signature equipment

Country Status (1)

Country Link
CN (1) CN106056419A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107153918A (en) * 2017-05-05 2017-09-12 国网福建省电力有限公司 A kind of goods and materials check management system
CN107491961A (en) * 2017-09-02 2017-12-19 刘兴丹 A kind of method, apparatus of the network payment of NFC checkings
CN107633400A (en) * 2017-08-09 2018-01-26 北京云知科技有限公司 A kind of method of payment and device of the machine wallet based on block chain
CN108053012A (en) * 2017-12-28 2018-05-18 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN110582793A (en) * 2017-04-18 2019-12-17 电信区块链联盟软件公司 Anonymity and traceability of digital property transactions over a distributed transaction consensus network
WO2020224343A1 (en) * 2019-05-09 2020-11-12 天地融科技股份有限公司 Electronic currency offline payment method and payment collection method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1756150A (en) * 2004-09-30 2006-04-05 飞力凯网路股份有限公司 Information management apparatus, information management method, and program
CN102983973A (en) * 2012-11-02 2013-03-20 天地融科技股份有限公司 Trading system and trading method
CN103326862A (en) * 2013-06-20 2013-09-25 天地融科技股份有限公司 Electronically signing method and system
CN103544452A (en) * 2012-07-11 2014-01-29 株式会社日立制作所 Signature generation and verification system and signature verification apparatus
CN104036391A (en) * 2014-05-30 2014-09-10 天地融科技股份有限公司 Information interaction method and system, information processing method and electronic key equipment
CN104850996A (en) * 2015-05-04 2015-08-19 苏州海博智能系统有限公司 External security equipment-based transaction method, system and server

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1756150A (en) * 2004-09-30 2006-04-05 飞力凯网路股份有限公司 Information management apparatus, information management method, and program
CN103544452A (en) * 2012-07-11 2014-01-29 株式会社日立制作所 Signature generation and verification system and signature verification apparatus
CN102983973A (en) * 2012-11-02 2013-03-20 天地融科技股份有限公司 Trading system and trading method
CN103326862A (en) * 2013-06-20 2013-09-25 天地融科技股份有限公司 Electronically signing method and system
CN104036391A (en) * 2014-05-30 2014-09-10 天地融科技股份有限公司 Information interaction method and system, information processing method and electronic key equipment
CN104850996A (en) * 2015-05-04 2015-08-19 苏州海博智能系统有限公司 External security equipment-based transaction method, system and server

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110582793A (en) * 2017-04-18 2019-12-17 电信区块链联盟软件公司 Anonymity and traceability of digital property transactions over a distributed transaction consensus network
CN110582793B (en) * 2017-04-18 2024-04-19 电信区块链联盟软件公司 Anonymity and traceability of digital property transactions on a distributed transaction consensus network
CN107153918A (en) * 2017-05-05 2017-09-12 国网福建省电力有限公司 A kind of goods and materials check management system
CN107633400A (en) * 2017-08-09 2018-01-26 北京云知科技有限公司 A kind of method of payment and device of the machine wallet based on block chain
CN107491961A (en) * 2017-09-02 2017-12-19 刘兴丹 A kind of method, apparatus of the network payment of NFC checkings
CN108053012A (en) * 2017-12-28 2018-05-18 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN108053012B (en) * 2017-12-28 2018-10-30 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
WO2020224343A1 (en) * 2019-05-09 2020-11-12 天地融科技股份有限公司 Electronic currency offline payment method and payment collection method
US11887111B2 (en) 2019-05-09 2024-01-30 Tendyron Corporation Electronic currency offline payment method and payment collection method

Similar Documents

Publication Publication Date Title
CN105245340B (en) It is a kind of based on the identity identifying method remotely opened an account and system
CN105427099B (en) The method for network authorization of secure electronic transaction
CN105245341B (en) Remote identity authentication method and system and long-range account-opening method and system
KR102119895B1 (en) Secure remote payment transaction processing
CN107248075B (en) Method and device for realizing bidirectional authentication and transaction of intelligent key equipment
CN107798531B (en) Electronic payment method and system
WO2015161699A1 (en) Secure data interaction method and system
CN106056419A (en) Method, system and device for realizing independent transaction by using electronic signature equipment
CN103944724B (en) A kind of subscriber identification card
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN110930147B (en) Offline payment method and device, electronic equipment and computer-readable storage medium
CN106469370A (en) A kind of method of commerce, system and electronic signature equipment
CN105184557B (en) Payment authentication method and system
CN102194178A (en) Payment processing system, method and device
JP6430544B2 (en) O2O secure settlement method and O2O secure settlement system
WO2015161690A1 (en) Secure data interaction method and system
CN112055019B (en) Method for establishing communication channel and user terminal
US20150170144A1 (en) System and method for signing and authenticating secure transactions through a communications network
KR20120108599A (en) Credit card payment service using online credit card payment device
KR20170005400A (en) System and method for encryption
CN106033571A (en) Trading method of electronic signature devices, electronic signature devices and trading system
CN106022081A (en) Card reading method for identity-card card-reading terminal, and terminal and system for identity-card card-reading
CN109600296A (en) A kind of certificate chain instant communicating system and its application method
CN108401494B (en) Method and system for transmitting data
CN106027461A (en) Secret key use method for cloud authentication platform in identity card authentication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20161026

RJ01 Rejection of invention patent application after publication