CN106228349B - Transaction method of electronic signature device and electronic signature device - Google Patents

Transaction method of electronic signature device and electronic signature device Download PDF

Info

Publication number
CN106228349B
CN106228349B CN201610584717.4A CN201610584717A CN106228349B CN 106228349 B CN106228349 B CN 106228349B CN 201610584717 A CN201610584717 A CN 201610584717A CN 106228349 B CN106228349 B CN 106228349B
Authority
CN
China
Prior art keywords
unit data
data packets
electronic signature
server
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610584717.4A
Other languages
Chinese (zh)
Other versions
CN106228349A (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Corp filed Critical Tendyron Corp
Priority to CN201610584717.4A priority Critical patent/CN106228349B/en
Publication of CN106228349A publication Critical patent/CN106228349A/en
Application granted granted Critical
Publication of CN106228349B publication Critical patent/CN106228349B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Abstract

The invention provides a transaction method of electronic signature equipment and the electronic signature equipment, the method comprises: the electronic signature device obtains M first unit data packets from a security chip of the electronic signature device, and sends the M first unit data packets and a transaction request to a server, wherein the transaction request at least comprises: a transaction amount, wherein each first unit data packet represents a currency denomination of the plurality of currency denominations, and wherein a sum of the currency denominations represented by the M first unit data packets equals the transaction amount; the electronic signature device receives N first unit data packets sent by a server, wherein 0< N < M, and M, N are integers; and in the case that the sum of the currency values represented by the N first unit data packets is equal to the transaction amount, the electronic signature device deletes the M first unit data packets in the security chip and stores the received N first unit data packets in the storage space allocated by the security chip of the electronic signature device.

Description

Transaction method of electronic signature device and electronic signature device
Technical Field
The present invention relates to the field of electronic technologies, and in particular, to a transaction method for an electronic signature device and an electronic signature device.
Background
In existing electronic transactions, the user's funds are stored in the account in the form of numbers, such as: the user holds 100 dollars of funds, which are stored in the user account of the bank server in a digital form, and after the user consumes 10 dollars, the bank server needs to rewrite the funds 100 in the user account to 90 dollars to complete the clearing of the account. To secure the value of the funds, the rewritten value of the funds 90 is signed after the bank server has rewritten the value. Since the value of the amount of money in the account changes every time the user makes a transaction, the bank server processes the value after each change. That is, the existing electronic transaction depends on the bank server, and the electronic transaction performed by the user needs to be synchronized with the bank server in real time, so that the multi-offline transaction cannot be independently completed without networking.
Disclosure of Invention
The present invention is directed to solving at least one of the problems set forth above.
The invention mainly aims to provide a transaction method of electronic signature equipment.
Another object of the present invention is to provide an electronic signature apparatus.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a transaction method for an electronic signature device, including: the electronic signature device obtains M first unit data packets from a security chip of the electronic signature device, and sends the M first unit data packets and a transaction request to a server, wherein the transaction request at least comprises: a transaction amount, wherein each first unit data packet represents a currency denomination of the plurality of currency denominations, and wherein a sum of the currency denominations represented by the M first unit data packets equals the transaction amount; the electronic signature device receives N first unit data packets sent by a server, wherein 0< N < M, and M, N are integers; and in the case that the sum of the currency values represented by the N first unit data packets is equal to the transaction amount, the electronic signature device deletes the M first unit data packets in the security chip and stores the received N first unit data packets in the storage space allocated by the security chip of the electronic signature device.
In addition, before the electronic signature device obtains the M first unit data packets from the security chip of the electronic signature device, the method further includes: the electronic signature device receives a trigger instruction for releasing the storage space of the security chip, or the electronic signature device detects that the total number of the first unit data packets currently stored in the security chip reaches a preset value.
Further, the electronic signature device transmits the M first unit packets to the server, including: the electronic signature device encrypts the M first unit data packets to obtain M second unit data packets, covers the M first unit data packets stored in the security chip with the M second unit data packets, and sends the M second unit data packets to the server; the electronic signature device deletes the M first unit data packets in the security chip, and the method comprises the following steps: and the electronic signature device deletes the M second unit data packets in the security chip.
Further, the first unit packet includes at least: a first unit data, the first unit data including at least: currency denomination data, or, a currency number and currency denomination data; the first unit packet further includes at least one of: issuing bank identification and bank certificate serial number.
In addition, the electronic signature device encrypts the M first unit packets, including: the electronic signature device encrypts at least the first unit data in each of the M first unit data packets using a public key of the server.
In addition, the electronic signature device encrypts the M first unit packets, including: the electronic signature device encrypts at least the first unit data in each of the M first unit data packets by using a symmetric key; after the electronic signature device encrypts the M first unit data packets, the method further comprises: the symmetric key is deleted.
Another aspect of the present invention provides an electronic signature apparatus, including: the safety module is used for acquiring M first unit data packets stored by the safety module; a communication module, configured to send the M first unit data packets and a transaction request to a server, where the transaction request includes: a transaction amount, wherein each first unit data packet represents a currency denomination of the plurality of currency denominations, and wherein a sum of the currency denominations represented by the M first unit data packets equals the transaction amount; the server comprises an acquisition module, a sending module and a sending module, wherein the acquisition module is used for receiving N first unit data packets sent by the server, and N is more than 0 and less than M, and M, N are integers; and the safety module is also used for deleting the M first unit data packets stored by the safety module under the condition that the sum of the currency values represented by the N first unit data packets is equal to the transaction amount, and storing the received N first unit data packets in the storage space allocated by the safety module.
In addition, the security module is also used for receiving a trigger instruction for releasing the storage space of the security module before acquiring the M first unit data packets stored in the security module; or, the method is further configured to detect that the total number of the first unit data packets currently stored in the device reaches a preset value before the M first unit data packets stored in the device are acquired.
In addition, the security module is further configured to encrypt the M first unit data packets to obtain M second unit data packets, and cover the M first unit data packets stored therein with the M second unit data packets; the communication module is also used for sending the M second unit data packets to the server; the security module is further used for deleting the M first unit data packets stored in the security module, and comprises: and the safety module is also used for deleting the M second unit data packets.
Further, the first unit data includes at least: a first unit data, the first unit data including at least: currency denomination data, or, a currency number and currency denomination data; the first unit packet further includes at least one of: issuing bank identification and bank certificate serial number.
In addition, the security module is further configured to encrypt the M first unit data packets, and includes: and the safety module is further used for encrypting at least the first unit data in each of the M first unit data packets by using the public key of the server.
In addition, the security module is further configured to encrypt the M first unit data packets, and includes: the security module encrypts at least the first unit data in each of the M first unit data packets by using the symmetric key; and the security module is also used for deleting the symmetric key after the M first unit data packets are encrypted.
According to the technical scheme provided by the invention, the invention provides the transaction method of the electronic signature device and the electronic signature device. When the electronic signature device uses the first unit data packets to perform transactions, since each first unit data packet occupies a certain storage space in the security chip of the electronic signature device, the storage space of the security chip may be occupied, so that the electronic signature device cannot perform subsequent transactions. By adopting the technical scheme provided by the embodiment, when a trigger instruction for releasing the storage space is received or the total number of the first unit data packets currently stored in the security chip reaches a preset value, the electronic signature device can send the first unit data packets of M small face values stored by the electronic signature device to the server, and exchange the first unit data packets of N large face values with the same currency face value sum to the server, so that the security chip can release the storage space occupied by the M-N first unit data packets, and the electronic signature device is ensured to have enough storage space to support the sequential transaction. In addition, when the electronic signature device is used, the electronic signature device can complete payment operation by sending the first unit data packets to the opposite-end electronic signature device, and the payment can be completed without being networked to a background server, so that the electronic signature device has the function of offline transaction.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of a transaction method of an electronic signature device according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of an electronic signature device provided in embodiment 2 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
Fig. 1 is a flowchart of a transaction method of an electronic signature device according to this embodiment, where the method embodiment shown in fig. 1 includes the following steps S11 to S13:
step S11, the electronic signature device obtains M first unit data packets from its security chip, and sends the M first unit data packets and a transaction request to the server, where the transaction request at least includes: the transaction amount.
Wherein each first unit data packet represents a currency denomination of the plurality of currency denominations, and the sum of the currency denominations represented by the M first unit data packets equals the transaction amount;
in this embodiment, the electronic signature device is an electronic device with a signature function, for example, a smart card (a bus card, a bank card, a shopping card, etc.) with a signature function, a U-shield of a worker, and the like. In an optional implementation manner of this embodiment, a security chip is disposed in the electronic signature device, and the security chip has an independent processor and a storage unit inside, and can store a PKI digital certificate and a secret key, as well as other feature data, and perform encryption and decryption operations on the data to provide data encryption and identity security authentication services for a user.
In this embodiment, each of the first unit data packets represents one of a plurality of currency denominations, for example, the currency denominations represented by the first unit data packets include: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, and of course, if a future country issues a new currency denomination or currency denominations of other regions and countries except for using the renminbi also belong to the protection scope of the present invention, and the embodiment is only exemplified by the renminbi denomination. The currency values are multiple, when the electronic signature device obtains multiple first unit data packets from the security chip (namely, when M > 1), the multiple first unit data packets can represent multiple different currency values, for example, when M is 3, the number of the first unit data packets is 3, and the 3 first unit data packets respectively represent the currency values of 1 yuan, 2 yuan and 5 yuan; alternatively, a plurality of first unit packets may represent the same currency denomination, for example, when M is 3, 3 first unit packets each represent a currency denomination of 1 unit; further alternatively, the currency values represented by the first unit data packets include identical currency values and different currency values, for example, when M is 3, the 3 first unit data packets represent currency values of 1 st, 1 st and 2 nd. Therefore, the electronic signature device has a flexible combination mode for the currency values represented by the M first unit data packets acquired from the security chip.
In an optional implementation manner of this embodiment, the first unit data packet includes at least first unit data, and the first unit data includes at least: currency denomination data, or, alternatively, currency number and currency denomination data. The currency face value data is the currency face value represented by the first unit data packet so as to identify the currency face value represented by the first unit data packet, and the currency serial number is the unique serial number of each first unit data packet, namely the currency serial numbers in different first unit data packets are different. Therefore, the uniqueness of each first unit data packet can be ensured, so that the authenticity of the first unit data packet can be identified conveniently. As an optional implementation, the first unit data packet further includes at least one of: issuing bank identification and bank certificate serial number. The issuing bank identifier is identification information of the bank issuing the first unit data packet, so that relevant information of the corresponding issuing bank can be inquired according to the identifier, and the electronic signature device can acquire a bank certificate of the corresponding issuing bank according to the issuing bank identifier and the bank certificate serial number, wherein the bank certificate comprises a public key of the issuing bank, so that the electronic signature device can verify the signature of the first unit data by using the public key of the issuing bank in the subsequent steps.
In an optional implementation manner of this embodiment, the first unit data packet stored by the electronic signature device itself further includes at least: the first unit data and first signature data obtained by the server signing the first unit data. As an alternative embodiment, the server (e.g., a third party server such as a bank server or a shopping mall recharging server) signs the first unit data in each first unit data packet by using its own private key, and obtains first signature data corresponding to each first unit data packet. In this embodiment, the security chip of the electronic signature device may verify the authenticity of the first unit data packet by using the public key of the server before storing the plurality of first unit data packets sent by the server, and store the first unit data packets after the verification is passed, so that the first unit data packets stored in the security chip are all authentic and secure.
In another optional implementation manner of this embodiment, the transaction request sent by the electronic signature device to the server further includes: a device identification of the electronic signature device; the electronic signature device stores a first unit data packet at least comprising: the first unit data, the server sign the first unit data and the device identification of the electronic signature device to obtain second signature data. As an alternative embodiment, the server signs the first unit data and the device identification of the electronic signature device by using its own private key, and obtains the second signature data corresponding to the first unit data packet. The server sends at least one first unit data packet carrying second signature data to the electronic signature device, so that the electronic signature device verifies the second signature data in the first unit data packet after receiving the first unit data packet sent by the server, and if the verification passes, the first unit data packet is real and the first unit data packet is sent to the electronic signature device.
Because the first unit data packet is stored in the security chip of the electronic signature device, and each first unit data packet needs to occupy a certain storage space, when the remaining storage space of the security chip is insufficient, a new first unit data packet cannot be stored, so that the electronic signature device cannot perform subsequent transactions. Therefore, in this embodiment, before step S11, the method may further include: and the electronic signature equipment receives a trigger instruction for releasing the storage space of the security chip, or the electronic signature equipment detects that the total number of the first unit data packets currently stored in the security chip reaches a preset value. As an alternative embodiment, after the electronic signature device receives a trigger instruction for releasing the storage space of the secure chip, which is input by the user, the electronic signature device executes step S11. Wherein, the user may input a trigger instruction through a keyboard, voice, etc., the trigger instruction input by the user may include a transaction amount, the electronic signature device may obtain M first unit data packets from its security chip randomly or according to a preset rule, the sum of the money denominations represented by the M first unit data packets is equal to the transaction amount, in this alternative, the value of M is randomly determined, but in order to release the largest space, the electronic signature device may select M as the maximum value where the sum of the money denominations represented by the M first unit data packets is equal to the transaction amount, for example, when there are 10 1-metadata packets and 2 5-metadata packets, the electronic signature device selects 10 1-metadata packets, M is equal to 10, it should be noted that, in this alternative, whether the money denominations represented by the first unit data packets are the same or not, the size of the memory space occupied by each first unit packet is the same. As another alternative, after the electronic signature device detects that the total number of the first unit data packets currently stored in the security chip reaches the preset value M, the electronic signature device performs step S11. The preset value M may be set by a user or preset when the electronic signature device leaves a factory, the electronic signature device obtains M first unit data packets from a security chip of the electronic signature device, calculates a sum of money denominations represented by the M first unit data packets, and sends the sum of the money denominations as a transaction amount to the server. Alternatively, the first unit packet reaching the preset value occupies half of the memory space of the security chip, that is, each time half of the memory space of the security chip is occupied, step S11 is triggered. Therefore, when the storage space is insufficient, the electronic signature device can trigger the step of releasing the storage space (S11-S13), and achieve the purpose of releasing the storage space through data packet exchange with the server, thereby ensuring that the security chip of the electronic signature device keeps enough storage space.
In an alternative implementation manner of this embodiment, the electronic signature device may establish a connection with an external device (e.g., a PC or a mobile terminal, etc.), and send the M first unit data packets and the transaction request to the server through the external device. Or the electronic signature device is provided with a wired interface or a wireless interface, establishes wired connection or wireless connection with the server, and directly sends the M first unit data packets and the transaction request to the server. The wireless connection mode can include bluetooth, NFC near field communication, WIFI and other modes. Therefore, the electronic signature device in the embodiment can send the transaction request to the server in various ways. As an alternative embodiment, the server includes a bank server or a third party server, for example, the third party server may be a shopping card stored value server of a certain store.
In step S12, the electronic signature device receives N first unit data packets sent by the server, where 0< N < M, M, N are integers.
In this step, each of the N first unit data packets represents one currency denomination of the currency denominations, wherein the first unit data packet at least includes first unit data, and the first unit data at least includes: currency denomination data, or, alternatively, currency number and currency denomination data. The description of the first unit data may refer to the description in step S11, and is not repeated here. As an optional implementation, each first unit packet of the N first packets further includes at least: the server signs the obtained first signature data for the first unit data. Thus, the electronic signature device can determine whether the received N first unit packets are authentic by verifying the first signature data, and a specific verification manner can be referred to as a manner in which the electronic signature device verifies the first signature data in step S13 below. As another alternative, each of the N first unit packets includes at least: the server signs the first unit data and the device identification of the electronic signature device with the obtained second signature data. Thus, the electronic signature device can determine whether the received N first unit packets are authentic and are addressed to the electronic signature device by verifying the second signature data, which may be referred to as the way in which the electronic signature device verifies the second signature data in step S13 below.
In this embodiment, each first unit packet may occupy the same memory space (e.g., each first unit packet occupies 1M of memory space). For example, the electronic signature device obtains 100 first unit data packets with a currency denomination of 2 yuan from the security chip, and the sum of the currency denominations represented by the 100 first unit data packets is 200 yuan, that is, the transaction amount is 200 yuan, and occupies 100M of the storage space. After receiving the first unit data packet and the transaction amount sent by the electronic signature device, the server issues 2 first unit data packets representing the currency denomination 100 to the electronic signature device according to the transaction amount (the sum of the currency denominations is still 200, and the occupied space is 2M). Therefore, the electronic signature device exchanges 100 first unit data packets into 2 first unit data packets under the condition of keeping the currency denomination unchanged, and therefore, the security chip of the electronic signature device can release 98M storage space, namely the storage space occupied by 98 first unit data packets.
In step S13, in a case where the sum of the denominations of money represented by the N first unit packets is equal to the transaction amount, the electronic signature device deletes the M first unit packets in the security chip and stores the received N first unit packets in the storage space allocated to the security chip of the electronic signature device.
In this embodiment, in a case where the sum of the currency denominations represented by the N first unit data packets is equal to the transaction amount, that is, in a case where the first unit electronic currency data packet sent by the server is not lost during transmission, the electronic signature device deletes the M first unit data packets in the security chip, and stores the received N first unit data packets in the storage space allocated to the security chip of the electronic signature device. Thus, the electronic signature device can complete the release of the storage space.
In this embodiment, in order to further ensure the authenticity of the first unit data packet stored by the electronic signature device in step S13, as an optional implementation manner in this embodiment, the electronic signature device in step S13 stores the received N first unit data packets in a storage space allocated to the security chip of the electronic signature device, and specifically includes: and the electronic signature device verifies the first signature data, and after the verification is passed, the electronic signature device stores the received N first unit data packets in a storage space allocated by a security chip of the electronic signature device. The first signature data is obtained by the server signing the first unit data, and therefore, as an optional implementation, the first unit data packet sent by the server to the electronic signature device further includes at least: the server signs the obtained first signature data to the first unit data, thereby allowing the electronic signature device to verify the authenticity of the first unit data packet. As an alternative embodiment, the first signature data is signature data obtained by the server signing the first unit data with its own private key. Correspondingly, the verifying the first signature data by the electronic signature device specifically includes: and the electronic signature device verifies the first signature data by using the public key of the server. Taking the server as a bank server as an example, the bank server performs HASH operation on the first unit data to obtain a summary message a1 of the first unit data, performs signature operation on the summary message a1 by using a private key of the bank server to obtain first signature data, and carries the first signature data in a first unit data packet and sends the first signature data to the electronic signature device. The electronic signature device can check the first signature data by using the public key of the bank server, specifically, the electronic signature device performs operation on the first electronic signature data by using the public key of the bank server to obtain an operation result a2, performs HASH operation on the first unit data in the received first unit data packet to obtain a digest message A3 of the first unit data, compares the operation result a2 with the digest message A3, and if the comparison result is consistent, the electronic signature device checks the first electronic signature data. The electronic signature device may obtain the public key of the bank according to the serial number of the bank certificate and/or the issuing bank identifier in the first unit data packet, for example, the electronic signature device may obtain the bank certificate of the bank from the issuing bank server corresponding to the first signature data to be verified according to the issuing bank identifier in the first unit data packet, and obtain the public key of the bank from the bank certificate; for another example, the electronic signature device may pre-store bank certificates of respective banks, obtain, from the pre-stored bank certificates, the bank certificate corresponding to the first signature data to be verified according to the bank certificate serial number in the first unit data packet, and obtain, from the corresponding bank certificate, the public key of the bank. Therefore, the electronic signature device verifies the first signature data carried in the first unit data packet by using the public key of the bank, and can verify the authenticity of the first unit data packet. The above description only takes the server as the bank server as an example for explanation, but the embodiment is not limited to the bank server, and the specific implementation of other third party servers such as the supermarket shopping card value storage server and the like all fall within the protection scope of the present invention.
Further, the electronic signature apparatus further wants to confirm whether the object sent by the server is the electronic signature apparatus on the premise of ensuring that the received first unit data packet is authentic, so as to avoid storing the data packet sent by the server by mistake, and the electronic signature apparatus in step S13 stores the received N first unit data packets in the storage space allocated to the security chip of the electronic signature apparatus, and specifically includes: and the electronic signature device verifies the second signature data, and after the verification is passed, the electronic signature device stores the received N first unit data packets in a storage space allocated by a security chip of the electronic signature device. In an optional implementation manner of this embodiment, the transaction request sent by the electronic signature device to the server further includes: a device identification of the electronic signature device; each first unit data packet in the N first unit data packets returned by the server at least further includes: the server signs the first unit of data and the device identification of the electronic signature device with the resulting second signature data, thereby allowing the electronic signature device to verify the authenticity and correctness of the first unit of data packet. As an alternative implementation manner, the second signature data is signature data obtained by the server signing the first unit data and the device identifier of the electronic signature device by using a private key of the server itself, that is, a signature object of each second signature data is a combination of each first unit data and the device identifier of the electronic signature device. Correspondingly, the verifying the second signature data by the electronic signature device specifically includes: and the electronic signature device verifies each piece of second signature data by using the public key of the server. Taking the server as a bank server as an example, the bank server signs the first unit data and the device identifier of the electronic signature device by using a private key of the bank server to obtain second signature data, and the second signature data is carried in the first unit data packet and issued to the electronic signature device. The electronic signature device can verify the second signature data by using the public key of the bank server. The electronic signature device may obtain the bank certificate of the bank according to the bank certificate serial number and/or the issuing bank identifier in the first unit data packet, and obtain the public key of the bank from the bank certificate, for example, the electronic signature device may obtain the public key of the bank from an issuing bank server corresponding to the second signature data to be verified according to the issuing bank identifier in the first unit data; for another example, the electronic signature device may pre-store bank certificates of respective banks, obtain, from the pre-stored bank certificates, the bank certificate corresponding to the second signature data to be verified according to the bank certificate serial number in the first unit data packet, and obtain, from the corresponding bank certificate, the public key of the bank. Therefore, the electronic signature device verifies the second signature data carried in the first unit data packet by using the public key of the bank, so that not only can the authenticity of the first unit data packet be verified, but also the first unit data packet can be proved to be really issued to the electronic signature device by the bank server, namely the correctness of the first unit data packet is verified. The above description only takes the server as the bank server as an example for explanation, but the embodiment is not limited to the bank server, and the specific implementation of other third party servers such as the supermarket shopping card value storage server and the like all fall within the protection scope of the present invention.
During data transmission, the first unit data packet may be lost, and when the first unit data packet is lost during transmission, the sum of the currency denominations represented by the N first unit data packets received by the electronic signature device is smaller than the transaction amount. In an optional implementation manner of this embodiment, in a case that the sum of the currency denominations represented by the N first unit data packets is not equal to the transaction amount (i.e., is greater than or less than the transaction amount), the method may further include: the electronic signature device deletes M first unit data packets in the security chip and stores the received N first unit data packets in a storage space allocated to the security chip of the electronic signature device; the electronic signature device sends a retransmission request to the server; the electronic signature device receives retransmission information transmitted by the server according to the retransmission request, wherein the retransmission information comprises: retransmitting X first unit data packets, wherein the sum of the currency values represented by the X first unit data packets is equal to the transaction amount, or the sum of the currency values represented by the X first unit data packets plus the sum of the currency values represented by the N first unit data packets is equal to the transaction amount; and the electronic signature device stores the received X first unit data packets in a storage space allocated by a security chip of the electronic signature device. Specifically, after the electronic signature device sends a retransmission request to the server, the electronic signature device receives retransmission information returned by the server, and the retransmission information returned by the server is different according to the content of the retransmission request, for example, the retransmission request may carry a device identifier of the electronic signature device, a transaction record (such as a number of each transaction, account information, a timestamp, a transaction amount, the number of received first unit data packets, a represented currency value, and the like, and these server sides may also correspondingly record), so that the server may query a certain transaction corresponding to the electronic signature device, and retransmit all first unit data packets corresponding to the transaction to the electronic signature device, and for example, the retransmission request may also carry a data packet identifier of the received first unit data packet (an identifier that may uniquely identify one first unit data packet, such as a unique identifier configured by the server for each first unit data packet, or a currency serial number), the server can query which first unit data packets are missed or lost in the transmission process after receiving the data packet identifiers, and send the missed or lost first unit data packets to the electronic signature device. The following is an exemplary description of the server retransmitting the first unit of electronic data packet:
for example, as an optional implementation manner, the electronic signature device receives retransmission information sent by the server according to a retransmission request, where the retransmission request at least includes: the device identifier and the transaction record of the electronic signature device, the retransmission information includes X first unit data packets, and the sum of the currency denominations represented by the X first unit data packets is equal to the transaction amount, that is, in this optional embodiment, the server retransmits all first unit data packets corresponding to one transaction to the electronic signature device, in this embodiment, the server also stores the transaction record corresponding to each transaction (such as the number, account information, timestamp, transaction amount, the number of the transmitted first unit data packets, the denominations of the currencies represented by the sent and the like) and the device identifier of the electronic signature device when performing transactions with the unit electronic signature device, and a certain transaction corresponding to the electronic signature device can be queried according to the device identifier and the transaction record, and in this optional embodiment, the server retransmits all the first unit data packets of the transaction requested to be retransmitted by the queried electronic signature device And sending the data to the electronic signature device to ensure that the electronic signature device receives the complete first unit data packet, and the transaction between the server and the electronic signature device is error-free (namely, the space release operation is error-free). In this alternative embodiment, after receiving X first unit data packets retransmitted by the server, the electronic signature device determines whether each first unit data packet in the X first unit data packets has a first unit data packet that is the same as N previously stored first unit data packets, specifically, the electronic signature device compares a first unit data packet a in the X first unit data packets with each first unit data packet stored by itself in sequence, and if there is a first unit data packet that is the same as the first unit data packet a in the first unit data packet stored by itself, skips the first unit data packet a, or deletes the first unit data packet that is the same as the first unit data packet a and stores the first unit data packet a again; after completing the determination of the first unit packet a, the electronic signature device continues to determine, one by one, the second first unit packet b, the third first unit packet c … …, and the last first unit packet X of the X first unit packets. Thus, the electronic signature device can store the X first unit data packets retransmitted by the server in the storage space allocated by the security chip.
For example, for a transaction with a number of 1, the transaction amount in the transaction request of the electronic signature device is 10 yuan, the electronic signature device receives 2 first unit data packets (2 first unit data packets are data packet a and data packet b) which respectively represent 5 yuan currency denomination sent by the server, but due to data loss in the transmission process, the electronic signature device only receives 1 first unit data packet (only data packet a) which represents 5 yuan currency denomination, the sum of the currency denomination is 5 yuan, and is not equal to 10 yuan of the transaction. For the transaction, the electronic signature device stores the data packet a, transmits a retransmission request to the server, and receives retransmission information transmitted by the server according to the retransmission request, wherein the retransmission request comprises: after receiving the retransmission request, the server may query the transaction corresponding to the electronic signature device according to the device identifier and the transaction record, and the server may retransmit all the first unit data packets of the transaction requested to be retransmitted by the queried electronic signature device to the electronic signature device, that is, the retransmission information sent by the server to the electronic signature device includes the data packet a and the data packet b. The electronic signature device judges that the data packet a in the retransmitted first unit data packet is the same as the previously stored data packet a, skips the data packet a, and stores only the retransmitted data packet b, or deletes the previously stored data packet a and stores the data packet a and the data packet b again. Therefore, when the electronic signature device does not receive all the first unit data packets required by one transaction, the server can retransmit all the first unit data packets required by the transaction to the electronic signature device, so that the transaction can be smoothly completed.
For another example, as an optional implementation manner, after the electronic signature device sends the retransmission request to the server, the electronic signature device receives retransmission information sent by the server according to the retransmission request, where the retransmission request at least includes: in the optional embodiment, the server retransmits the first unit data packets missed in one transaction or lost in the transmission process to the electronic signature device, a certain transaction corresponding to the electronic signature device can be inquired according to the device identification and the transaction record, and the server retransmits the first unit data packets corresponding to the data packet identification which is not inquired in the transaction requested to be retransmitted by the electronic signature device to the electronic signature device, so as to ensure that the electronic signature device receives the complete first unit data packet, and the transaction between the server and the electronic signature device is error-free (i.e. the space release operation is error-free). Compared with the optional embodiment in the previous example, the optional embodiment can reduce the data transmission amount of the server, greatly reduce the workload of the server and improve the work efficiency of server retransmission.
For example, for a transaction with number 1 x, the transaction amount in the transaction request of the electronic signature device is 15 yuan, the electronic signature device receives 1 first unit data packet (data packet c) representing the face value of 5 yuan and 1 first unit data packet (data packet d) representing the face value of 10 yuan sent by the server, but due to data loss in the transmission process, the electronic signature device only receives the data packet c, the sum of the face values of the currencies is 5 yuan, and the sum is not equal to the transaction amount of 15 yuan. For the transaction, the electronic signature device sends a retransmission request to the server, receives retransmission information sent by the server according to the retransmission request, and the retransmission request also carries a data packet identifier of the data packet c, after the server receives the retransmission request, all the first unit data packets corresponding to the transaction of the electronic signature device can be inquired for the transaction of the electronic signature device, so that the fact that the data packet identifier of the data packet d does not exist in the retransmission request can be found, and the server can retransmit the data packet d to the electronic signature device. The electronic signature device stores the data packet d retransmitted by the server in the security chip. In this embodiment, the retransmission request sent by the electronic signature device to the server may include the packet identifier of the part of the first unit packet that has been received, and the server may determine the first unit packet that needs to be carried in the retransmission information according to the packet identifier in the retransmission request. Therefore, when the electronic signature device does not receive all the first unit data packets required by one transaction, the server can retransmit the first unit data packets which are not received to the electronic signature device, so that the transmission quantity of retransmitted data is reduced, and the transaction can be successfully completed.
In the above, the embodiment of one transaction is taken as an example, and in this embodiment, each transaction in the plurality of transactions can be implemented as described above.
In this embodiment, in order to prevent the electronic signature device from illegally reusing the same first unit data packet to cause confusion of electronic financial circulation and ensure uniqueness of the same first unit data packet in the transaction process, the step S11 in which the electronic signature device sends M first unit data packets to the server specifically includes: the electronic signature device encrypts the M first unit data packets to obtain M second unit data packets, covers the M first unit data packets stored in the security chip with the M second unit data packets, and sends the M second unit data packets to the server; in step S13, the electronic signature device deletes M first unit data packets in the security chip, which specifically includes: and the electronic signature device deletes the M second unit data packets in the security chip. In this embodiment, the encryption operation performed by the electronic signature device on the M first unit data packets is an irreversible operation, that is, the electronic signature device can encrypt the first unit data packet to obtain the second unit data packet, but cannot decrypt the second unit data packet to obtain the first unit data packet, so when the obtained M second unit data packets cover the corresponding M first unit data packets, only the encrypted second unit data packets are stored in the electronic signature device, and since the encrypted second unit data packets cannot be decrypted, the first unit data packets cannot be recovered, and the first unit data packets cannot be reused, thereby preventing a user holding the electronic signature device from repeatedly using the first unit data packets for consumption and causing a disorder in circulation of the first unit data packets.
Specifically, as an optional implementation manner, the electronic signature device encrypts M first unit data packets, specifically including: the electronic signature device encrypts at least the first unit data in each of the M first unit data packets using a public key of the server. As another optional implementation, the electronic signature device encrypts the M first unit data packets, specifically including: the electronic signature device encrypts at least the first unit data in each of the M first unit data packets by using a symmetric key; after the electronic signature device encrypts the M first unit data packets, the method further includes: the symmetric key is deleted.
For the latter alternative, the symmetric key may be negotiated between the electronic signature device and the server. Alternatively, the symmetric key may be an exclusive-or factor associated with the server. The electronic signature device at least encrypts the first unit data in each of the M first unit data packets by using a symmetric key, and specifically includes: the electronic signature device exclusive-ors at least the first unit data in each of the M first unit data packets using an exclusive-or factor. The exclusive-or operation also belongs to a symmetric encryption operation mode, but the speed of the exclusive-or operation is higher than that of other symmetric encryption operation modes, so that the efficiency of encrypting the first unit data packet by the electronic signature device to generate the second unit data packet can be improved.
In an optional implementation manner of this embodiment, after step S11 and before step S12, the method may further include: the electronic signature equipment receives a retransmission request sent by a server; and the electronic signature device retransmits the M second unit data packets to the server, or the electronic signature device transmits second unit data packets which are not received by the server to the server according to a retransmission request transmitted by the server. Specifically, after receiving the second unit data packet and the transaction request sent by the electronic signature device, the server calculates whether the sum of the currency denominations represented by the received second unit data packet is equal to the transaction amount in the transaction request, and if the sum of the currency denominations is smaller than the transaction amount, it indicates that the second unit data packet is lost in the transmission process, and at this time, the server sends a retransmission request to the electronic signature device. Thus, the electronic signature device can ensure that the server receives all the transmitted second data packets by retransmitting the second unit data packets.
In this embodiment, at least the first unit data packet may be encrypted by using a symmetric key or a public key of the server, so as to prevent the electronic signature device from illegally and repeatedly using the same first unit data packet, which may cause confusion of circulation of the first unit data packet, and ensure uniqueness of the same first unit data packet in the transaction process. Of course, this embodiment does not exclude other embodiments as long as the same technical effects can be achieved. When the electronic signature device is used, the electronic signature device can complete payment operation by sending the first unit data packets to the opposite-end electronic signature device, and the payment can be completed without being networked to a background server, so that the electronic signature device has the function of offline transaction. In addition, it should be noted that, in this embodiment, the first unit packet may be understood as including: the second unit data packet can be understood as one of the first unit data packets, namely, the data packet after the first unit data packet is encrypted, namely, the data packet is in the form of the ciphertext of the first unit data packet. In addition, the second unit data packet is a ciphertext, so that the safety of data transmission is guaranteed, the ciphertext is difficult to crack even if intercepted by other equipment, and the circulation safety of the first unit data packet is further improved.
When the electronic signature device uses the first unit data packets to perform transactions, since each first unit data packet occupies a certain storage space in the security chip of the electronic signature device, the storage space of the security chip may be occupied, so that the electronic signature device cannot perform subsequent transactions. By adopting the technical scheme provided by the embodiment, when a trigger instruction for releasing the storage space is received or the total number of the first unit data packets currently stored in the security chip reaches a preset value, the electronic signature device can send the first unit data packets of M small face values stored by the electronic signature device to the server, and exchange the first unit data packets of N large face values with the same currency face value sum to the server, so that the security chip can release the storage space occupied by the M-N first unit data packets, and the electronic signature device is ensured to have enough storage space to support the sequential transaction.
Example 2
Fig. 2 is a schematic structural diagram of an electronic signature device provided in this embodiment, and the structure of the electronic signature device provided in this embodiment is described in detail with reference to fig. 2.
The present embodiment provides an electronic signature apparatus 2, the electronic signature apparatus 2 including: the security module 21 is configured to obtain M first unit data packets stored in the security module; a communication module 22, configured to send the M first unit data packets and a transaction request to the server, where the transaction request includes: a transaction amount, wherein each first unit data packet represents a currency denomination of the plurality of currency denominations, and wherein a sum of the currency denominations represented by the M first unit data packets equals the transaction amount; the obtaining module 23 is configured to receive N first unit data packets sent by a server, where 0< N < M, and M, N are integers; the security module 21 is further configured to delete the M first unit data packets stored in the security module when the sum of the currency denominations represented by the N first unit data packets is equal to the transaction amount, and store the received N first unit data packets in the storage space allocated to the security module.
In this embodiment, when the electronic signature device 2 uses the first unit data packet to perform a transaction, since each first unit data packet occupies a certain storage space in the security module 21 of the electronic signature device 2, the storage space of the security module 21 may be occupied, so that the electronic signature device 2 cannot perform a subsequent transaction. By adopting the electronic signature device 2 provided by this embodiment, when receiving a trigger instruction for releasing the storage space or when the total number of the first unit data packets currently stored in the security chip reaches a preset value, the electronic signature device 2 may send the first unit data packets of M small face values stored by itself to the server, and exchange the first unit data packets of N large face values with the same currency face value sum to the server, thereby enabling the security chip to release the storage space occupied by the M-N first unit data packets.
In this embodiment, the security module 21 is configured to obtain M first unit data packets stored therein, where each first unit data packet represents one of the multiple currency denominations, a sum of the currency denominations represented by the M first unit data packets is equal to the transaction amount, each first unit data packet represents one of the multiple currency denominations, and a sum of the currency denominations represented by the M first unit data packets is equal to the transaction amount.
In the present embodiment, the electronic signature device 2 is an electronic device having a signature function, for example, a smart card (a bus card, a bank card, a shopping card, etc.) having a signature function, a U-shield of a worker, and the like. In an optional implementation manner of this embodiment, the security module 21 may adopt a security chip, and the security chip has an independent processor and a storage unit inside, and may store a PKI digital certificate and a secret key, and other feature data, and perform encryption and decryption operations on the data to provide data encryption and identity security authentication services for a user.
In this embodiment, each of the first unit data packets represents one of a plurality of currency denominations, for example, the currency denominations represented by the first unit data packets include: 1 yuan, 2 yuan, 5 yuan, 10 yuan, 20 yuan, 50 yuan and 100 yuan, and of course, if a future country issues a new currency denomination or currency denominations of other regions and countries except for using the renminbi also belong to the protection scope of the present invention, and the embodiment is only exemplified by the renminbi denomination. That is, the currency values are multiple in number, and when the security module 21 obtains multiple first unit data packets from its own storage space (i.e. when M > 1), the multiple first unit data packets may represent multiple different currency values, for example, when M is 3, the number of the first unit data packets is 3, and the 3 first unit data packets represent the currency values of 1, 2 and 5; alternatively, a plurality of first unit packets may represent the same currency denomination, for example, when M is 3, 3 first unit packets each represent a currency denomination of 1 unit; further alternatively, the currency values represented by the first unit data packets include identical currency values and different currency values, for example, when M is 3, the 3 first unit data packets represent currency values of 1 st, 1 st and 2 nd. Thus, the electronic signature device 2 has a flexible combination of the currency denominations represented by the M first unit data packets obtained from its security chip.
In an optional implementation manner of this embodiment, the first unit data packet includes at least first unit data, and the first unit data includes at least: currency denomination data, or, alternatively, currency number and currency denomination data. The currency face value data is the currency face value represented by the first unit data packet so as to identify the currency face value represented by the first unit data packet, and the currency serial number is the unique serial number of each first unit data packet, namely the currency serial numbers in different first unit data packets are different. Therefore, the uniqueness of each first unit data packet can be ensured, so that the authenticity of the first unit data packet can be identified conveniently. As an optional implementation, the first unit data packet further includes at least one of: issuing bank identification and bank certificate serial number. The issuing bank identifier is identification information of the bank that issues the first unit data packet, so that relevant information of the corresponding issuing bank can be queried according to the identifier, and the electronic signature device 2 can obtain a bank certificate of the corresponding issuing bank according to the issuing bank identifier and the bank certificate serial number, where the bank certificate includes a public key of the issuing bank, so that the security module 21 in the electronic signature device 2 completes verification of the signature of the first unit data by using the public key of the issuing bank in subsequent steps.
In an optional implementation manner of this embodiment, the first unit data packet stored by the security module 21 itself further includes at least: the first unit data and first signature data obtained by the server signing the first unit data. As an alternative embodiment, the server (e.g., a third party server such as a bank server or a shopping mall recharging server) signs the first unit data in each first unit data packet by using its own private key, and obtains first signature data corresponding to each first unit data packet. In this embodiment, the security module 21 may verify the authenticity of the first unit data packet by using a public key of the server before storing the plurality of first unit data packets sent by the server, and store the first unit data packets after the verification is passed, so that the first unit data packets stored in the security module 21 are both authentic and secure.
In another optional implementation manner of this embodiment, the transaction request sent by the communication module 22 to the server further includes: the device identification of the electronic signature device 2; each first unit packet stored by the security module 21 itself comprises at least: the first unit data, and second signature data obtained by the server signing the first unit data and the device identification of the electronic signature device 2. As an alternative embodiment, the server signs the first unit data and the device identification of the electronic signature device 2 with its own private key, resulting in second signature data corresponding to each first unit data packet. The server sends at least one first unit data packet carrying second signature data to the electronic signature device 2, so that after receiving the first unit data packet sent by the server, the security module 21 can verify the second signature data in the first unit data packet, and if the verification passes, the first unit data packet is authentic and the first unit data packet is sent to the electronic signature device.
Since the first unit data packet is stored in the storage space of the security module 21, and each first unit data packet needs to occupy a certain storage space, when the remaining storage space of the security module 21 is insufficient, a new first unit data packet cannot be stored, so that the electronic signature device 2 cannot perform subsequent transactions. Therefore, in this embodiment, the security module 21 is further configured to receive a trigger instruction for releasing the storage space of the security module 21 before acquiring the M first unit data packets stored in the security module; or, the method is further configured to detect that the total number of the first unit data packets currently stored in the device reaches a preset value before the M first unit data packets stored in the device are acquired. As an optional implementation, the electronic signature device 2 further includes an interaction module 24, and the interaction module 24 is configured to receive a trigger instruction for releasing the storage space, which is input by a user. Wherein, the user can input the trigger instruction by keyboard, language, etc., the trigger instruction input by the user can include the transaction amount, the security module 21 can randomly obtain the M first unit data packets stored by itself according to the transaction amount or according to the preset rule, the sum of the denominations of money represented by the M first unit data packets equals the transaction amount, in which alternative the value of M is randomly determined, but, in order to free up the maximum space, the security module 21 may choose M to be equal to the maximum value of the transaction amount for the sum of the denominations of the money represented, for example, when there are 10 1-metadata packets and 2 5-metadata packets, the security module 21 selects 10 1-metadata packets, where M is equal to 10, and it should be noted that, in this alternative embodiment, the size of the storage space occupied by each first unit packet is the same, regardless of whether the currency denomination represented by the first unit packet is the same. As another optional implementation manner, after detecting that the total number of the first unit data packets currently stored by the security module 21 reaches the preset value M, the security module performs an operation of acquiring M first unit data packets. The preset value M may be set by a user or preset when the electronic signature device 2 leaves a factory, the security module 21 obtains M first unit data packets, calculates a sum of money denominations represented by the M first unit data packets, uses the sum of the money denominations as a transaction amount, and sends the M first unit data packets and the transaction amount to the server through the communication module 22. Alternatively, the first unit packet reaching the preset value occupies half of the memory space of the security module 21, that is, each time half of the memory space of the security module 21 is occupied, the operation of releasing the memory space by the electronic signature device 2 is triggered. Therefore, when the storage space is insufficient, the electronic signature device 2 can achieve the purpose of releasing the storage space through data packet exchange with the server, thereby ensuring that the security module 21 keeps enough storage space.
A communication module 22, configured to send the M first unit data packets and a transaction request to the server, where the transaction request includes: the transaction amount.
In this embodiment, each of the N first unit data packets represents one currency denomination of the currency denominations, where the first unit data packet at least includes first unit data, and the first unit data at least includes: currency denomination data, or, alternatively, currency number and currency denomination data. The description of the first unit data can be referred to above, and is not repeated herein. As an optional implementation, each first unit packet of the N first packets further includes at least: the server signs the obtained first signature data for the first unit data. Thus, the security module 21 may determine whether the received N first unit data packets are authentic by verifying the first signature data, which may be referred to as the way of verifying the first signature data in the following. As another alternative, each of the N first unit packets includes at least: the server signs the first unit data and the device identification of the electronic signature device with the obtained second signature data. Thus, the security module 21 may determine whether the received N first unit packets are authentic and are addressed to the electronic signature device by verifying the second signature data, which may be referred to as the way of verifying the second signature data in the following.
In an alternative implementation manner of this embodiment, the communication module 22 may establish a connection with an external device (e.g., a PC or a mobile terminal, etc.), and send the M first unit data packets and the transaction request to the server through the external device. Alternatively, the communication module 22 has a wired interface or a wireless interface, establishes a wired connection or a wireless connection with the server, and directly transmits the M first unit data packets and the transaction request to the server. The wireless connection mode can include bluetooth, NFC near field communication, WIFI and other modes. Thus, the communication module 22 in this embodiment may send the transaction request to the server in a variety of ways. As an alternative embodiment, the server includes a bank server or a third party server, for example, the third party server may be a shopping card stored value server of a certain store.
The obtaining module 23 is configured to receive N first unit data packets sent by a server, where 0< N < M, and M, N are integers.
In this embodiment, each first unit packet may occupy the same memory space (e.g., each first unit packet occupies 1M of memory space). The number M of the first unit data packets sent to the server by the communication module 22 is greater than the number N of the first unit data packets received from the server by the obtaining module 23, for example, the security module 21 obtains 100 first unit data packets with a currency denomination of 2 yuan from its storage space, and the total currency denomination represented by the 100 first unit data packets is 200 yuan, that is, the transaction amount is 200 yuan, and occupies 100M of the storage space. After receiving the first unit data packet and the transaction amount sent by the communication module 22, the server issues 2 first unit data packets representing the currency denomination 100 to the electronic signature device 2 according to the transaction amount (the sum of the currency denominations is still 200, and the occupied space is 2M). Thus, the electronic signature device 2 exchanges 100 first unit data packets with 2 first unit data packets while keeping the currency denomination unchanged, and thus, the security module 21 can release 98M of storage space, that is, storage space occupied by 98 first unit data packets.
The security module 21 is further configured to delete the M first unit data packets stored in the security module itself and store the received N first unit data packets in the storage space thereof, when the sum of the currency denominations represented by the N first unit data packets is equal to the transaction amount.
In this embodiment, when the sum of the money denominations represented by the N first unit data packets is equal to the transaction amount, that is, when the first unit electronic money data packet sent by the server is not lost during transmission, the security module 21 deletes the M first unit data packets stored therein, and stores the received N first unit data packets in the storage space thereof. Thereby, the electronic signature device 2 can complete the release of the storage space.
In this embodiment, in order to further ensure the authenticity of the first unit data packet stored by the security module 21, as an optional implementation manner in this embodiment, the security module 21 is configured to store the received N first unit data packets in a storage space thereof, and specifically includes: and the security module 21 is configured to verify the first signature data, and store the received N first unit data packets in the storage space of the security module after the verification is passed. The first signature data is obtained by the server signing the first unit data, and therefore, as an optional implementation, the first unit data packet sent by the server to the electronic signature device further includes at least: the server signs the resulting first signature data for the first unit of data, thereby allowing the security module 21 to verify the authenticity of the first unit of data packet. As an alternative embodiment, the first signature data is signature data obtained by the server signing the first unit data with its own private key. Correspondingly, the security module 21 is configured to verify the first signature data, and specifically includes: and the security module 21 is used for verifying the first signature data by using the public key of the server. Taking the server as a bank server as an example, the bank server performs HASH operation on the first unit data to obtain a digest message a1 of the first unit data, performs signature operation on the digest message a1 by using a private key of the bank server itself to obtain first signature data, and carries the first signature data in a first unit data packet and sends the first signature data to the electronic signature device 2. The security module 21 may check the first signature data by using the public key of the bank server, specifically, the security module 21 performs operation on the first electronic signature data by using the public key of the bank server to obtain an operation result a2, performs HASH operation on the first unit data in the received first unit data packet to obtain a digest message A3 of the first unit data, compares the operation result a2 with the digest message A3, and if the comparison result is consistent, the security module 21 checks the first electronic signature data. The security module 21 may obtain the public key of the bank according to the serial number of the bank certificate and/or the issuing bank identifier in the first unit data packet, for example, the security module 21 may obtain the bank certificate of the bank from the issuing bank server corresponding to the first signature data to be verified according to the issuing bank identifier in the first unit data packet, and obtain the public key of the bank from the bank certificate; for another example, the security module 21 may pre-store bank certificates of each bank, obtain, from the pre-stored bank certificates, the bank certificate corresponding to the first signature data to be verified according to the bank certificate serial number in the first unit data packet, and obtain the public key of the bank from the corresponding bank certificate. Therefore, the security module 21 verifies the first signature data carried in the first unit data packet by using the public key of the bank, and can verify the authenticity of the first unit data packet. The above description only takes the server as the bank server as an example for explanation, but the embodiment is not limited to the bank server, and the specific implementation of other third party servers such as the supermarket shopping card value storage server and the like all fall within the protection scope of the present invention.
Further, the electronic signature device 2 further wants to confirm whether the object sent by the server is the electronic signature device 2 again on the premise of ensuring that the received first unit data packet is authentic, so as to avoid storing the data packet sent by the server by mistake, and the security module 21 is configured to store the received N first unit data packets in the storage space thereof, and specifically includes: and the security module 21 is configured to verify the second signature data, and store the received N first unit data packets in the storage space after the verification is passed. In this embodiment, the second signature data is obtained by the server signing the first unit data and the device identifier of the electronic signature device 2, and therefore, in an optional implementation manner of this embodiment, the transaction request sent by the electronic signature device 2 to the server through the communication module 22 further includes: the device identification of the electronic signature device 2; each first unit data packet in the N first unit data packets returned by the server at least further includes: the first unit data, the second signature data signed by the server to the first unit data and the device identification of the electronic signature device 2, thereby enabling the security module 21 to verify the authenticity and correctness of the first unit data packet. As an alternative embodiment, the second signature data is signature data obtained by the server signing the first unit data and the device identifier of the electronic signature device 2 by using a private key of the server itself, that is, a signature object of each second signature data is a combination of each first unit data and the device identifier of the electronic signature device 2. Correspondingly, the security module 21 is configured to verify the second signature data, and specifically includes: and the security module 21 is configured to verify each second signature data by using the public key of the server. Taking the server as a bank server as an example, the bank server signs the first unit data and the device identifier of the electronic signature device 2 by using a private key of the bank server to obtain second signature data, and the second signature data is carried in the first unit data packet and is issued to the electronic signature device 2. The security module 21 may verify the second signature data using the public key of the bank server. The security module 21 may obtain the bank certificate of the bank according to the bank certificate serial number and/or the issuing bank identifier in the first unit data packet, and obtain the public key of the bank from the bank certificate, for example, the security module 21 may obtain the public key of the bank from the issuing bank server corresponding to the second signature data to be verified through the obtaining module 23 according to the issuing bank identifier in the first unit data; for another example, the security module 21 may pre-store bank certificates of each bank, obtain, from the pre-stored bank certificates according to the bank certificate serial number in the first unit data packet, a bank certificate corresponding to the second signature data to be verified, and obtain, from the corresponding bank certificate, a public key of the bank. Therefore, the security module 21 verifies the second signature data carried in the first unit data packet by using the public key of the bank, which not only can verify the authenticity of the first unit data packet, but also can prove that the first unit data packet is indeed issued to the electronic signature device 2 by the bank server, i.e. the correctness of the first unit data packet is verified. The above description only takes the server as the bank server as an example for explanation, but the embodiment is not limited to the bank server, and the specific implementation of other third party servers such as the supermarket shopping card value storage server and the like all fall within the protection scope of the present invention.
During data transmission, the first unit data packet may be lost, and when the first unit data packet is lost during transmission, the sum of the currency denominations represented by the N first unit data packets received by the obtaining module 23 is smaller than the transaction amount. In an optional implementation manner of this embodiment, the security module 21 is further configured to delete M first unit data packets stored in the security module itself and store the received N first unit data packets in a storage space thereof when a sum of currency denominations represented by the N first unit data packets is not equal to the transaction amount (i.e., is greater than or less than the transaction amount); a communication module 22, further configured to send a retransmission request to the server; the obtaining module 23 is further configured to receive retransmission information sent by the server according to the retransmission request, where the retransmission information includes: retransmitting X first unit data packets, wherein the sum of the currency values represented by the X first unit data packets is equal to the transaction amount, or the sum of the currency values represented by the X first unit data packets plus the sum of the currency values represented by the N first unit data packets is equal to the transaction amount; the security module 21 is further configured to store the received X first unit data packets in the storage space thereof. Specifically, after the communication module 22 sends the retransmission request to the server, the obtaining module 23 receives retransmission information returned by the server, and the retransmission information returned by the server is different according to the content of the retransmission request, for example, the retransmission request may carry an apparatus identifier of the electronic signature apparatus 2, a transaction record (such as a number of each transaction, account information, a timestamp, a transaction amount, the number of received first unit data packets, a represented currency value, and the like, and these server sides may also correspond to the record), so that the server may query a certain transaction corresponding to the electronic signature apparatus 2, retransmit all the first unit data packets corresponding to the transaction to the electronic signature apparatus 2, and for example, the retransmission request may also carry a data packet identifier of the received first unit data packet (an identifier that can uniquely identify one first unit data packet, such as a unique identifier configured by the server for each first unit data packet, or a currency serial number), the server may query which first unit data packets are missed or lost during transmission after receiving the identifiers of the data packets, and send the missed or lost first unit data packets to the electronic signature device 2. The following is an exemplary description of the server retransmitting the first unit of electronic data packet:
for example, as an optional implementation manner, the obtaining module 23 is further configured to receive retransmission information sent by the server according to a retransmission request, where the retransmission request at least includes: the device id and the transaction record of the electronic signature device 2, the retransmission information includes X first unit data packets, and the sum of the currency values represented by the X first unit data packets is equal to the transaction amount, that is, in this optional embodiment, the server retransmits all the first unit data packets corresponding to one transaction to the electronic signature device 2, in this embodiment, the server also stores the transaction record corresponding to each transaction (such as the number, account information, timestamp, transaction amount, the number of the transmitted first unit data packets, the represented currency value, and the like) and the device id of the electronic signature device 2 when performing transactions with the unit electronic signature device 2, and in this optional embodiment, a certain transaction corresponding to the electronic signature device 2 can be queried according to the device id and the transaction record, the server will retransmit all the first unit data packets of the transaction requested to be retransmitted by the electronic signature device 2 to the electronic signature device 2, so as to ensure that the transaction between the server and the electronic signature device 2 is error-free (i.e. the space release operation is error-free) when the electronic signature device 2 receives the complete first unit data packets. In this optional embodiment, the obtaining module 23 is further configured to, after receiving X first unit data packets retransmitted by the server, determine whether each first unit data packet in the X first unit data packets has a first unit data packet that is the same as N first unit data packets stored before, specifically, the security module 21 compares a first unit data packet a in the X first unit data packets with each first unit data packet stored by itself in sequence, and if there is a first unit data packet that is the same as the first unit data packet a in the first unit data packet stored by itself, skips the first unit data packet a, or deletes the first unit data packet that is the same as the first unit data packet a stored before, and stores the first unit data packet a again; after the determination of the first unit data packet a is completed, the security module 21 continues to determine, one by one, the second first unit data packet b and the third first unit data packet c … … of the X first unit data packets. The security module 21 can thus store the X first unit data packets retransmitted by the server in its memory space.
For example, for a transaction with a serial number of 1 x, the transaction amount in the transaction request sent by the communication module 22 is 10 yuan, and the obtaining module 23 receives 2 first unit data packets (2 first unit data packets are data packet a and data packet b, respectively) sent by the server and representing 5 yuan denomination respectively, but because data is lost in the transmission process, the obtaining module 23 only receives 1 first unit data packet (only data packet a) representing 5 yuan denomination, and the sum of the currency denomination is 5 yuan, which is not equal to the transaction amount 10 yuan. For the transaction, the security module 21 stores the data packet a, the communication module 22 sends a retransmission request to the server, and the obtaining module 23 receives retransmission information sent by the server according to the retransmission request, where the retransmission request includes: after receiving the retransmission request, the server may query the transaction corresponding to the electronic signature device 2 according to the device identifier and the transaction record, and the server may retransmit all the first unit data packets of the transaction requested to be retransmitted by the queried electronic signature device 2 to the electronic signature device 2, that is, the retransmission information sent by the server to the electronic signature device 2 includes the data packet a and the data packet b. The security module 21 determines that the data packet a in the retransmitted first unit data packet is identical to the previously stored data packet a, and skips the data packet a and stores only the retransmitted data packet b, or deletes the previously stored data packet a and stores the data packets a and b again. Therefore, when the electronic signature device 2 does not receive all the first unit data packets required by one transaction, the server can retransmit all the first unit data packets required by the transaction to the electronic signature device 2, so that the transaction can be smoothly completed.
For another example, as an optional implementation manner, after the electronic signature device 2 sends a retransmission request to the server, the electronic signature device 2 receives retransmission information sent by the server according to the retransmission request, where the retransmission request at least includes: in this alternative embodiment, the server retransmits the first unit data packet missed in one transaction or lost in the transmission process to the electronic signature device 2, and can query one transaction corresponding to the electronic signature device 2 according to the device identifier and the transaction record, and retransmits to the electronic signature device 2 those first unit data packets corresponding to the data packet identifiers that are not queried in the one transaction requested to be retransmitted by the electronic signature device 2, to ensure that the electronic signature device 2 receives the complete first unit data packet, and the transaction between the server and the electronic signature device 2 is error-free (i.e. the space release operation is error-free). Compared with the optional embodiment in the previous example, the optional embodiment can reduce the data transmission amount of the server, greatly reduce the workload of the server and improve the work efficiency of server retransmission.
For example, for a transaction with a number of 1 x, the transaction amount in the transaction request sent by the communication module 22 is 15 yuan, the obtaining module 23 receives 1 first unit data packet (data packet c) representing a denomination of 5 yuan of money sent by the server and 1 first unit data packet (data packet d) representing a denomination of 10 yuan of money, but due to data loss during transmission, the obtaining module 23 only receives the data packet c, and the sum of the denominations of money is 5 yuan, which is not equal to the transaction amount of 15 yuan. For the transaction, the communication module 22 sends a retransmission request to the server, receives retransmission information sent by the server according to the retransmission request, and the retransmission request also carries the data packet identifier of the data packet c, after the server receives the retransmission request, all the first unit data packets corresponding to the transaction of the electronic signature device 2 may be queried for the transaction, so that it may be found that there is no data packet identifier of the data packet d in the retransmission request, and the server may retransmit the data packet d to the electronic signature device 2. The security module 21 stores the data packet d retransmitted by the server in its memory space. In this embodiment, the retransmission request sent by the communication module 22 to the server may include the packet identifier of the received part of the first unit data packet, and the server may determine the first unit data packet to be carried in the retransmission information according to the packet identifier in the retransmission request. Therefore, when the electronic signature device 2 does not receive all the first unit data packets required by a transaction, the server can retransmit the first unit data packets which are not received to the electronic signature device 2, so that the transmission quantity of retransmitted data is reduced, and the transaction can be successfully completed.
In the above, the embodiment of one transaction is taken as an example, and in this embodiment, each transaction in the plurality of transactions can be implemented as described above.
In this embodiment, in order to prevent the electronic signature device 2 from illegally reusing the same first unit data packet to cause confusion of electronic financial circulation and ensure uniqueness of the same first unit data packet in the transaction process, the security module 21 is further configured to encrypt M first unit data packets to obtain M second unit data packets, and cover the M first unit data packets stored in the security chip with the M second unit data packets; the communication module 22 is further configured to send the M second unit data packets to the server; the security module 21 is further configured to delete M first unit data packets, and specifically includes: the security module 21 is further configured to delete the M second unit packets. In this embodiment, the encryption operation performed by the security module 21 on the M first unit data packets is an irreversible operation, that is, the security module 21 can encrypt the first unit data packet to obtain the second unit data packet, but cannot decrypt the second unit data packet to obtain the first unit data packet, so when the obtained M second unit data packets cover the corresponding M first unit data packets, only the encrypted second unit data packets are stored in the security module 21, and since the second unit data packets cannot be decrypted, the first unit data packets cannot be recovered, and the first unit data packets cannot be reused, thereby preventing a user holding an electronic signature device from repeatedly using the first unit data packets for consumption and causing a disorder in circulation of the first unit data packets.
Specifically, as an optional implementation manner, the security module 21 is configured to encrypt M first unit data packets, and specifically includes: and a security module 21 for encrypting at least the first unit data in each of the M first unit data packets using a public key of the server. As another optional implementation manner, the security module 21 is configured to encrypt the M first unit data packets, and specifically includes: a security module 21 for encrypting at least the first unit data in each of the M first unit data packets using a symmetric key; and deletes the symmetric key after encrypting the M first unit packets.
For the latter alternative, the symmetric key may be negotiated by the electronic signature device 2 and the server. Alternatively, the symmetric key may be an exclusive-or factor associated with the server. The security module 21 is configured to encrypt at least the first unit data in each of the M first unit data packets by using a symmetric key, and specifically includes: the security module 21 is configured to perform an exclusive-or operation on at least the first unit data in each of the M first unit data packets by using an exclusive-or factor. The exclusive-or operation also belongs to a symmetric encryption operation method, but the speed of the exclusive-or operation is faster than that of other symmetric encryption operation methods, so that the efficiency of the security module 21 encrypting the first unit data packet to generate the second unit data packet can be improved.
In an optional implementation manner of this embodiment, the obtaining module 23 is further configured to receive a retransmission request sent by the server; the communication module 22 is further configured to retransmit the M second unit packets to the server, or to transmit a second unit packet that is not received by the server to the server according to a retransmission request transmitted by the server. Specifically, after receiving the second unit data packet and the transaction request sent by the electronic signature device, the server calculates whether the sum of the currency denominations represented by the received second unit data packet is equal to the transaction amount in the transaction request, and if the sum of the currency denominations is smaller than the transaction amount, it indicates that the second unit data packet is lost in the transmission process, and at this time, the server sends a retransmission request to the electronic signature device. Thus, the electronic signature device can ensure that the server receives all the transmitted second data packets by retransmitting the second unit data packets.
In this embodiment, at least the first unit data packet may be encrypted by using a symmetric key or a public key of the server, so as to prevent the electronic signature device 2 from illegally and repeatedly using the same first unit data packet, which may cause confusion of circulation of the first unit data packet, and ensure uniqueness of the same first unit data packet in the transaction process. Of course, this embodiment does not exclude other embodiments as long as the same technical effects can be achieved. When the electronic signature device is used, the electronic signature device can complete payment operation by sending the first unit data packets to the opposite-end electronic signature device, and the payment can be completed without being networked to a background server, so that the electronic signature device has the function of offline transaction. In addition, it should be noted that, in this embodiment, the first unit packet may be understood as including: the second unit data packet can be understood as one of the first unit data packets, namely, the data packet after the first unit data packet is encrypted, namely, the data packet is in the form of the ciphertext of the first unit data packet. In addition, the second unit data packet is a ciphertext, so that the safety of data transmission is guaranteed, the ciphertext is difficult to crack even if intercepted by other equipment, and the circulation safety of the first unit data packet is further improved.
By adopting the electronic signature device 2 provided by this embodiment, when receiving a trigger instruction for releasing the storage space or when the total number of the first unit data packets currently stored in the security chip reaches a preset value, the electronic signature device 2 may send the first unit data packets of M small face values stored by itself to the server, and exchange the first unit data packets of N large face values with the same currency face value sum to the server, thereby enabling the security chip to release the storage space occupied by the M-N first unit data packets, and ensuring that the electronic signature device has sufficient storage space to support subsequent transactions to be sequentially performed.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (10)

1. A transaction method of an electronic signature device is characterized by comprising the following steps:
the electronic signature device obtains M first unit data packets from a security chip of the electronic signature device, and sends the M first unit data packets and a transaction request to a server, wherein the transaction request at least comprises: a transaction amount, wherein each of said first unit data packets represents a currency denomination of a plurality of currency denominations, and wherein a sum of the currency denominations represented by said M first unit data packets equals said transaction amount;
the electronic signature device receives N first unit data packets sent by the server, wherein 0< N < M, and M, N are integers;
in the case that the sum of the currency denominations represented by the N first unit data packets is equal to the transaction amount, the electronic signature device deletes the M first unit data packets in the security chip and stores the received N first unit data packets in a storage space allocated by the security chip of the electronic signature device;
the electronic signature device sends the M first unit packets to the server, including:
the electronic signature device encrypts the M first unit data packets to obtain M second unit data packets, covers the M first unit data packets stored in the security chip with the M second unit data packets, and sends the M second unit data packets to a server;
the electronic signature device deleting the M first unit data packets in the security chip, including:
and the electronic signature device deletes the M second unit data packets in the security chip.
2. The transaction method according to claim 1,
before the electronic signature device obtains M first unit data packets from the security chip of the electronic signature device, the method further includes:
the electronic signature device receives a trigger instruction for releasing the storage space of the security chip, or the electronic signature device detects that the total number of the first unit data packets currently stored in the security chip reaches a preset value.
3. The transaction method according to claim 1 or 2,
the first unit packet includes at least: a first unit of data, the first unit of data including at least: currency denomination data, or, a currency number and currency denomination data;
the first unit data packet further includes at least one of: issuing bank identification and bank certificate serial number.
4. The transaction method according to claim 3,
the electronic signature device encrypts the M first unit data packets, including:
the electronic signature device encrypts at least the first unit data in each of the M first unit data packets using a public key of the server.
5. The transaction method according to claim 3,
the electronic signature device encrypts the M first unit data packets, including:
the electronic signature device encrypts at least the first unit data in each of the M first unit data packets by using a symmetric key;
after the electronic signature device encrypts the M first unit data packets, the method further comprises:
deleting the symmetric key.
6. An electronic signature device, characterized in that the electronic signature device comprises:
the safety module is used for acquiring M first unit data packets stored by the safety module;
a communication module, configured to send the M first unit data packets and a transaction request to a server, where the transaction request includes: a transaction amount, wherein each first unit data packet represents a currency denomination of a plurality of currency denominations, and wherein a sum of the currency denominations represented by the M first unit data packets equals the transaction amount;
an obtaining module, configured to receive N first unit data packets sent by the server, where 0< N < M, and M, N are integers;
the security module is further configured to delete the M first unit data packets stored in the security module when the sum of the currency denominations represented by the N first unit data packets is equal to the transaction amount, and store the received N first unit data packets in the storage space allocated by the security module;
the security module is further configured to encrypt the M first unit data packets to obtain M second unit data packets, and cover the M first unit data packets stored therein with the M second unit data packets;
the communication module is further configured to send the M second unit data packets to the server;
the security module is further configured to delete the M first unit data packets stored in the security module, and includes:
the security module is further configured to delete the M second unit data packets.
7. The electronic signature device as claimed in claim 6,
the safety module is also used for receiving a trigger instruction for releasing the storage space of the safety module before acquiring the M first unit data packets stored in the safety module; or, the method is further configured to detect that the total number of the first unit data packets currently stored in the device reaches a preset value before the M first unit data packets stored in the device are acquired.
8. The electronic signature device according to claim 6 or 7,
the first unit data includes at least: a first unit of data, the first unit of data including at least: currency denomination data, or, a currency number and currency denomination data;
the first unit data packet further includes at least one of: issuing bank identification and bank certificate serial number.
9. The electronic signature device as claimed in claim 8,
the security module is further configured to encrypt the M first unit data packets, and includes:
the security module is further configured to encrypt at least the first unit data in each of the M first unit data packets using a public key of the server.
10. The electronic signature device as claimed in claim 8,
the security module is further configured to encrypt the M first unit data packets, and includes: the security module encrypting at least the first unit of data in each of the M first unit of data packets using a symmetric key;
the security module is further configured to delete the symmetric key after encrypting the M first unit data packets.
CN201610584717.4A 2016-07-22 2016-07-22 Transaction method of electronic signature device and electronic signature device Active CN106228349B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610584717.4A CN106228349B (en) 2016-07-22 2016-07-22 Transaction method of electronic signature device and electronic signature device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610584717.4A CN106228349B (en) 2016-07-22 2016-07-22 Transaction method of electronic signature device and electronic signature device

Publications (2)

Publication Number Publication Date
CN106228349A CN106228349A (en) 2016-12-14
CN106228349B true CN106228349B (en) 2021-01-15

Family

ID=57532458

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610584717.4A Active CN106228349B (en) 2016-07-22 2016-07-22 Transaction method of electronic signature device and electronic signature device

Country Status (1)

Country Link
CN (1) CN106228349B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105913255A (en) * 2016-01-22 2016-08-31 天地融科技股份有限公司 Trade method and trade system of electronic signature device, and electronic signature device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL120585D0 (en) * 1997-04-01 1997-08-14 Teicher Mordechai Countable electronic monetary system and method
JP4391375B2 (en) * 2004-09-30 2009-12-24 フェリカネットワークス株式会社 Information management apparatus and method, and program
CN102468960A (en) * 2010-11-16 2012-05-23 卓望数码技术(深圳)有限公司 Off-line mode identity and transaction authentication method and terminal
US20130262245A1 (en) * 2012-03-27 2013-10-03 Shankar Narayanan Digital emulation of cash-based transactions

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105913255A (en) * 2016-01-22 2016-08-31 天地融科技股份有限公司 Trade method and trade system of electronic signature device, and electronic signature device

Also Published As

Publication number Publication date
CN106228349A (en) 2016-12-14

Similar Documents

Publication Publication Date Title
CN103714639B (en) A kind of method and system that realize the operation of POS terminal security
US9485092B2 (en) Electronic authentication systems
US10461927B2 (en) Secure channel establishment between payment device and terminal device
US20190165947A1 (en) Signatures for near field communications
WO2017162164A1 (en) Electronic signature device transaction method
CN107231235B (en) Electronic receipt generating method, business handling system and intelligent secret key equipment
CN101300808A (en) Method and arrangement for secure autentication
CN104408620B (en) A kind of safe NFC payment and system
US11134065B2 (en) Secured extended range application data exchange
US20140289129A1 (en) Method for secure contactless communication of a smart card and a point of sale terminal
CN106027250A (en) Identity card information safety transmission method and system
EP1142194A1 (en) Method and system for implementing a digital signature
CN102624710A (en) Sensitive information transmission method and sensitive information transmission system
CN101340289A (en) Replay attack preventing method and method thereof
CN106027457A (en) Identity card information transmission method and system
CN106027249B (en) Identity card card reading method and system
CN109992949B (en) Equipment authentication method, over-the-air card writing method and equipment authentication device
CN106156677A (en) Identity card card reading method and system
CN106372557B (en) Certificate card information acquisition method, device and system
CN106228349B (en) Transaction method of electronic signature device and electronic signature device
CN105681041B (en) A kind of RFID ownership transfer method
US10389702B2 (en) Entity authentication method and device with Elliptic Curve Diffie Hellman (ECDH) key exchange capability
JP2012044430A (en) Portable information apparatus and encrypted communication program
CN106407859B (en) Certificate card information acquisition method, terminal and certificate card information acquisition system
CN109165934B (en) Safe mobile payment method and system based on identification password

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant