CN109614803A - A kind of bill anti-counterfeit method and system - Google Patents

A kind of bill anti-counterfeit method and system Download PDF

Info

Publication number
CN109614803A
CN109614803A CN201811346346.1A CN201811346346A CN109614803A CN 109614803 A CN109614803 A CN 109614803A CN 201811346346 A CN201811346346 A CN 201811346346A CN 109614803 A CN109614803 A CN 109614803A
Authority
CN
China
Prior art keywords
proof device
false proof
certificate
bill
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811346346.1A
Other languages
Chinese (zh)
Other versions
CN109614803B (en
Inventor
刘辉
王波
侯卫红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Tianyu Information Industry Co Ltd
Original Assignee
Wuhan Tianyu Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Tianyu Information Industry Co Ltd filed Critical Wuhan Tianyu Information Industry Co Ltd
Priority to CN201811346346.1A priority Critical patent/CN109614803B/en
Publication of CN109614803A publication Critical patent/CN109614803A/en
Application granted granted Critical
Publication of CN109614803B publication Critical patent/CN109614803B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a kind of bill anti-counterfeit method and systems, false proof device private key is written to false proof device, publisher's certificate and false proof device certificate, to making out an invoice, information is encrypted, it again will be in the ciphertext write-in false proof device for information of making out an invoice, it is verified using publisher certificate and false proof device certificate of the CA center public key to write-in, after false proof device is to the information decryption of making out an invoice of write-in, the plaintext transmission for information of making out an invoice to verifying client is shown, verifying is compared with the information on bill in the information of making out an invoice of display again, the effect of bill anti-counterfeit can not only be improved, the difficulty of note validating can also be reduced, ensure the safety of bill business.

Description

A kind of bill anti-counterfeit method and system
Technical field
The present invention relates to field of information security technology, and in particular to a kind of bill anti-counterfeit method and system.
Background technique
In recent years, the counterfeit and shoddy goods occurred in the market are increasingly spread unchecked, and fictitious bill is prevailing, very disruptive market order Sequence not only brings negative impact to incorporated business's image, also brings conflict psychology to consumer.For backed bill transaction It is safe, some anti-counterfeiting technologies can be generally used on bill, such as paper line is anti-fake, printing is anti-fake, ink is anti-fake, secret mark is anti-fake etc..
With the continuous progress of science and technology, existing false proof bill is made to be easy to be replicated or pseudo- by computer scanning means It creates, and traditional anti-counterfeiting technology also relies on the sense organ of people to carry out fake certification, there is no the anti-fake standard of a quantization, Lead to true and false difficult judgment, the degree of safety of anti-counterfeiting technology is low, and antifalse effect is undesirable, is not able to satisfy modern society for anti-fake production The safety requirements of product.
Summary of the invention
In view of the deficiencies in the prior art, present invention solves the technical problem that are as follows: how to improve the effect of bill anti-counterfeit Fruit reduces the difficulty of note validating, it is ensured that the safety of bill business.
To achieve the above objectives, provided by the invention 1, a kind of bill anti-counterfeit method, comprising the following steps:
S1: to false proof device write-in false proof device private key, publisher's certificate and false proof device certificate, S2 is gone to;
S2: to making out an invoice, information is encrypted, then by the ciphertext write-in false proof device for information of making out an invoice, goes to S3;
S3: being verified using publisher's certificate and false proof device certificate of the CA center public key to write-in, if publisher demonstrate,proves Book and false proof device certificate are proved to be successful, and go to S4, and it is false for otherwise returning to false proof device;
S4: false proof device to write-in make out an invoice information decryption after, by the plaintext transmission for information of making out an invoice to verifying client into Row display, then verifying is compared with the information on bill in the information of making out an invoice of display, if verification result is consistent, surrender of bills is Very, otherwise surrender of bills is false.
Based on the above technical solution, further comprising the steps of after S4:
S5: verifying client carries out bill transferable information according to format group packet, then to the bill transferable information after group packet Encryption, will be in the ciphertext write-in false proof device of bill transferable information.
Based on the above technical solution, the detailed process of S1 are as follows:
S101: generating publisher's public private key pair, applies for publisher's certificate to the center CA;False proof device public private key pair is generated, Using publisher's private key and false proof device public key application false proof device certificate, S102 is gone to;
S102: false proof device private key, publisher's certificate and false proof device certificate are written in false proof device, S2 is gone to.
Based on the above technical solution, the detailed process of S3 are as follows:
S301: verifying client obtains the dynamic of publisher's certificate, false proof device certificate and false proof device from false proof device State signed data, goes to S302;
S302: verifying client verifies publisher's certificate using CA center public key, if verification result is true, extraction publisher Publisher's public key in certificate, goes to S303, and it is false for otherwise returning to false proof device;
S303: verifying client utilizes publisher's public key verifications false proof device certificate, if verification result is very, to extract anti-fake False proof device public key in device certificate, goes to S304, and it is false for otherwise returning to false proof device;
S304: verifying client utilizes the dynamic signature data of false proof device public key verifications false proof device, if verification result It is that very, returning to false proof device is that very, it is false for otherwise returning to false proof device.
Based on the above technical solution, the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device is decrypted using the information of making out an invoice of false proof device private key pair encryption, then will be bright after decryption Literary data return to verifying client, go to S403;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill is gone to S404;
S404: being compared verifying with the information on bill for the billing information of display, if verification result is consistent, returns to ticket According to be true, otherwise surrender of bills is false.
In order to solve the above technical problems, the present invention also provides a kind of bill anti-counterfeiting system, including publishing system, operation system With verifying system,
Publishing system is used for: false proof device private key, publisher's certificate, false proof device certificate being written into false proof device and answers Use data;
Operation system is used for: the billing information of encryption being written into false proof device, and associated storage ticket number, bill are believed Breath and false proof device ID;
Verifying system is used for: being communicated to connect with false proof device, is believed respectively publisher's certificate, false proof device certificate and bill Breath is verified, with the true and false of off-line verification false proof device and bill;Verifying system includes verifying client, is verified in client Comprising CA center public key, verifies client and connect using close range communication techniques with false proof device.
Based on the above technical solution, the publishing system includes encryption equipment, certificate server, key management system System, false proof device distribution client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair;
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate;
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate And false proof device certificate;
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, anti-camouflage to the first reader Set certificate and using data;
First reader is used for: by received false proof device private key, publisher's certificate, false proof device certificate and applying data It is written in false proof device.
Based on the above technical solution, the operation system include service managing server, business processing client, Second reader, printer and ticket database;
Service managing server is used for: false proof device public key is obtained from publishing system, and will using false proof device public key Billing information is encrypted, by ticket number, billing information and false proof device ID associated storage in ticket database;
Business processing client is used for: corresponding ticket number, billing information and false proof device ID are transmitted to service management Server sends encrypted information of making out an invoice to the second reader;
Printer is used for: information of making out an invoice based on the received prints paper-bill;
Second reader is used for: received billing information ciphertext is written in false proof device;
Ticket database is used for: corresponding ticket number, billing information and false proof device ID are associated storage.
Based on the above technical solution, the verifying client is also used to bill transferable information according to format group Packet encrypts the bill transferable information after group packet, then will be in the ciphertext write-in false proof device of bill transferable information.
Based on the above technical solution, the false proof device includes safety chip and induction coil, safety chip with Induction coil connection, induction coil are used to generate electric current in changes of magnetic field as safety chip power supply, and safety chip includes master control Module, main control module are connected with proximity communication module, random number generation module, data memory module and security algorithm module;
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication;
Random number generation module is used for: generating high quality true random number;
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA), Data and digital certificate are applied for storing for storing sensitive data, application memory area in secure storage areas, and scratchpad area (SPA) is used In storage ephemeral data;
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data;
Main control module is used for: being responsible for executing program code and processing anti-fake certificate instruction, by controlling and coordinating other moulds The work of block is to realize the certification to false proof device and bill.
Compared with the prior art, the advantages of the present invention are as follows:
1) using false proof device have safety chip, can secure storage sensitive data, the external world can not modify and replicate, pass through False proof device and false proof bill two-stage offline authentication not only improve the effect of bill anti-counterfeit, also reduce the difficulty of note validating, really The safety for protecting bill business, also can be widely used in the various anti-counterfeiting objects such as financial document, certificate, bottle;
2) mobile terminal can offline fast verification false proof device whenever and wherever possible the true and false, and can be read in false proof device Billing information and bill ontology are checked, and it is more convenient accurate to operate;
3) user can by verifying client to false proof device be written bill transferable information, and do not depend on network can realize from Line operation, to greatly improve the convenience of financial document circulation.
Detailed description of the invention
Fig. 1 is the flow chart of bill anti-counterfeit method in the present invention.
Fig. 2 is the connection block diagram of bill anti-counterfeiting system in the present invention.
Fig. 3 is the connection block diagram of safety chip in the present invention.
Specific embodiment
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
It is shown in Figure 1, a kind of bill anti-counterfeit method, comprising the following steps:
S1: publisher turns to existing false proof device write-in false proof device private key, publisher's certificate and false proof device certificate To S2;
When concrete application, one piece of existing safety chip can be installed in false proof device, (false proof device is private by above- mentioned information Key, publisher's certificate and false proof device certificate) it is written in safety chip, safety chip utilizes above- mentioned information to carry out fake certification.
S2: by the information of making out an invoice of the bill for needing to verify the true and false, (information of making out an invoice includes at least account information, makes out an invoice for the side of making out an invoice Type and make out an invoice the amount of money) after encryption, in write-in false proof device (safety chip), go to S3;So far it is logical that receipts ticket side can be realized The information of making out an invoice in verifying false proof device is crossed, to judge the true and false of bill.
At the same time, in order to realize online verification, the side of making out an invoice also needs ticket number, information of making out an invoice and prevents the present embodiment Pseudo-device ID (unique identifier that false proof device ID is false proof device) is associated and stores, can be by network in the side of making out an invoice The corresponding false proof device ID of ticket number is first inquired in database and information of making out an invoice, then by the false proof device ID and bill of inquiry False proof device ID be compared, then illustrate that the false proof device has issued user with bill really if they are the same, then read anti-fake Device certificate and signed data, if being verified, illustrate the anti-camouflage by network verification false proof device certificate and signed data It is set to true.The information of making out an invoice of inquiry is compared with the information on bill finally, then illustrates that the bill is true if they are the same.
S3: after receipts ticket side gets the bill and false proof device that the side of making out an invoice issues, online or offline two ways can be passed through The true and false for verifying bill, it has been noted that offline mode is emphasis of the invention before online verification, specifically:
Utilize the preparatory center CA (Certificate Authority, the certification for obtaining (such as downloading in advance at the terminal) Center) public key, the publisher's certificate and false proof device certificate that are written in S1 are verified, if publisher's certificate and false proof device Certificate is proved to be successful, then completes first order certification, go to S4, and it is false for otherwise returning to false proof device.
S4: the information of making out an invoice being written in false proof device decryption S2, then the information of making out an invoice after decryption is transmitted to verifying client End is shown [verifying client is mountable in existing mobile terminal (mobile phone, Pad or PDA)], receives ticket side for display Verifying is compared with the information on bill in information of making out an invoice, if verification result is consistent, completes second level certification, surrender of bills is Very, otherwise surrender of bills is false.
Preferably, the detailed process of S1 are as follows:
S101: publisher generates publisher's public private key pair, and publisher applies for publisher to the center CA using publisher's public key Certificate;Publisher generates false proof device public private key pair, and publisher utilizes publisher's private key and false proof device public key to cert services Device application false proof device certificate, goes to S102;
S102: false proof device (safety is written in false proof device private key, publisher's certificate and false proof device certificate by publisher Chip) in, go to S2.
Preferably, the detailed process of S3 are as follows:
S301: verifying client obtain from the false proof device (safety chip) publisher's certificate, false proof device certificate and The dynamic signature data of false proof device, go to S302;
S302: using CA center public key verifying publisher's certificate, (publisher's certificate is private using the center CA to verifying client What key was signed and issued, publisher's certificate includes publisher's information and publisher's public key), if verification result is true, extraction publisher's certificate In publisher's public key, go to S303, it is false for otherwise returning to false proof device;
S303: using publisher's public key verifications false proof device certificate, (false proof device certificate is to utilize distribution to verifying client Quotient's private key is signed and issued, and false proof device certificate includes false proof device public key), if verification result is very, to extract in false proof device certificate False proof device public key, go to S304, it is false for otherwise returning to false proof device;
S304: verifying client utilizes dynamic signature data (the dynamic signature number of false proof device public key verifications false proof device Generated according to being false proof device using false proof device private key signature), if verification result is that very, very, otherwise returning to false proof device is It is false for returning to false proof device.
Preferably, the product process of the dynamic signature data includes:
S301a: false proof device (safety chip) generates one piece of data (such as 16 bytes random number+false proof device at random ID+ publisher's mark+authentication center's public key index), go to S301b;
S301b: the abstract of data is calculated using digest algorithm, goes to S301c;
S301c: using false proof device private key to the digest of data, dynamic signature data are generated.
Preferably, the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device instructs based on the received to be decrypted using the information of making out an invoice of false proof device private key pair encryption, The clear data after decryption is returned into verifying client again, goes to S403;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill is gone to S404;
S404: receiving ticket side for the billing information of display and verifying be compared with the information on bill, if verification result is consistent, Surrender of bills is that very, otherwise surrender of bills is false.
The present invention proposes a kind of anti-counterfeit authentication method, has using false proof device on the basis of rivest, shamir, adelman Have safety chip, can secure storage sensitive data, the external world can not modify and replicate, and mobile terminal can be tested quickly offline whenever and wherever possible The true and false of false proof device is demonstrate,proved, and the billing information in false proof device and the examination of bill ontology can be read, it is more convenient accurate to operate. It is authenticated by false proof device and false proof bill two-stage, not only improves the effect of bill anti-counterfeit, also reduce the difficulty of note validating, really Protect the safety of bill business.The anti-counterfeit authentication method also can be widely used in the various anti-counterfeiting objects such as financial document, certificate, bottle On, it has wide range of applications.
When financial document needs to transfer the possession of, generally realize that the transfer of bill, bill transferable information are to hold by endorsing People (user A) is by the subrogation of bill to the record information of the third party (user B).Bill transferable information is the third party (user B) the legal authority for possessing right of negotiable instrument exercises the power of bill convenient for the third party (user B) in the later period.
Preferably, when receipts ticket side (user A) need to transfer right of negotiable instrument third party (user B), bill is transferred the possession of After information encryption, in write-in false proof device (safety chip), realizes the transfer function of bill, i.e., further include following after S4 Step:
S5: ticket side (user A) is received by after the encryption of bill transferable information, is written in false proof device (safety chip);So far The transfer function of bill can be realized by the side of making out an invoice or verifying client by receiving ticket side (user A), and right of negotiable instrument is transferred third Side (user B).
When bill is transferred third party (user B) by the side of making out an invoice by receipts ticket side (user A), the side of making out an invoice believes bill transfer After encryption for information, in write-in false proof device (safety chip).At the same time, the present embodiment is in order to realize online verification, the side of making out an invoice It also needs the bill transferable information of unencryption and false proof device ID being associated storage, line verifying specifically:
It first passes through network and inquires the corresponding false proof device ID of ticket number and billing information (ticket in the database for the side of making out an invoice It is believed that breath includes making out an invoice information and bill transferable information), then by the false proof device ID of the false proof device ID of inquiry and bill into Row compares, and then illustrates that the false proof device has issued user with bill really if they are the same, then reads false proof device certificate and signature Data, if being verified, illustrate that the false proof device is true by network verification false proof device certificate and signed data.Finally will The billing information of inquiry is compared with the information on bill, then illustrates that the bill is true if they are the same.
Receiving ticket side (user A) and bill is transferred third party (user B) by verifying client is emphasis of the invention, tool Body process are as follows: verifying client first by receive ticket side input bill transferable information according to format group packet (group packet i.e. by data according to Communication protocol is packaged), then the bill transferable information after group packet is encrypted, finally the bill transferable information of encryption is written anti- In pseudo-device (safety chip), false proof device is written successfully to verifying client surrender of bills record.At the same time, this implementation In order to realize online verification, verifying client also needs that the bill transferable information of encryption is uploaded to the side of making out an invoice by network example, The side of making out an invoice will be associated storage with false proof device ID after the decryption of bill transferable information.Not only make verification operation safe and simple With it is accurate, and can by verifying client directly to false proof device be written bill transferable information, improve financial document circulation Convenience.
It is shown in Figure 2, a kind of bill anti-counterfeiting system, including publishing system, operation system and verifying system;
Publishing system is used for: distribution false proof device, false proof device are equipped with safety chip;The distribution process of false proof device Are as follows: false proof device private key, publisher's certificate, false proof device certificate are written into false proof device (safety chip) and answers by publisher With data (including application program using data, for being initialized to false proof device).
Operation system is used for: processing bill operation and management bill;The side of making out an invoice by operation system will make out an invoice information printing On bill, the corresponding relationship of obtain making out an invoice information and ticket number, and the write-in encryption into false proof device (safety chip) Billing information (billing information include make out an invoice information and bill transferable information), it is corresponding with false proof device ID to obtain billing information Relationship;Again by ticket number, billing information and false proof device ID associated storage in ticket database;
Verifying system is used for: the true and false of off-line verification false proof device and bill;After receipts ticket side passes through verifying system to decryption Billing information shown, receive ticket side and verifying be compared with the information on bill in the billing information of display, if they are the same then Illustrate that the bill is true.
Preferably, shown in Figure 2, the publishing system includes encryption equipment, certificate server, key management system, prevents Pseudo-device issues client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair.
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate.Certificate server utilizes CA center secret key Publisher's certificate is signed and issued, publisher's certificate includes publisher's information and publisher's public key.Certificate server utilizes publisher's private key False proof device certificate is signed and issued, false proof device certificate includes false proof device public key.
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate And false proof device certificate.
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, anti-camouflage to the first reader Set certificate and using data.False proof device issues client and obtains false proof device private key, publisher's card by key management system Book and false proof device certificate.
First reader is used for: by received false proof device private key, publisher's certificate, false proof device certificate and applying data It is written in false proof device (safety chip).
In publishing system, false proof device is connect using close range communication techniques with the first reader, and the first reader will False proof device private key, publisher's certificate, false proof device certificate and application data store are used in false proof device (safety chip) In realization electronic anti-fogery, discrimination.
Key management system is connect with encryption equipment, certificate server and false proof device distribution client communication respectively, and first Client is issued with false proof device respectively for reader and false proof device communicates to connect.In false proof device of the distribution with safety chip When, false proof device public private key pair is generated first with encryption equipment, and be stored in key management system;Secondly, key management system System is obtained by certificate server, storage publisher's certificate and false proof device certificate, false proof device issue client for anti-camouflage It sets private key, publisher's certificate, false proof device certificate and is transmitted to the first reader using data;Finally, the first reader will connect In information write-in false proof device (safety chip) of receipts.
Preferably, shown in Figure 2, the operation system includes service managing server, business processing client, second Reader, printer and ticket database;
Service managing server is used for: management bill operation obtains anti-camouflage from the key management system of publishing system Set public key.
Business processing client is used for: the information of making out an invoice for receiving the input of ticket side is sent to printer, and (information of making out an invoice includes account Number information, type of making out an invoice and the amount of money of making out an invoice), and false proof device public key is obtained by service managing server, utilize false proof device Public key encrypts billing information (billing information includes make out an invoice information and bill transferable information), sends and adds to the second reader Information of making out an invoice after close.
Printer is used for: information of making out an invoice based on the received prints paper-bill.
Second reader is used for: received billing information is written in false proof device (safety chip).
Business processing client is also used to: corresponding ticket number, billing information and false proof device ID are transmitted to business pipe Manage server.
Service managing server is also used to: received ticket number, billing information and false proof device ID associated storage are existed In ticket database.
Ticket database is used for: the corresponding relationship of storing bill and false proof device, and corresponding ticket number, bill are believed Breath and false proof device ID are associated storage.
In operation system, false proof device is connect using close range communication techniques with the second reader, by encrypted ticket It is believed that breath is stored in false proof device (safety chip), for realizing the true and false of off-line verification bill.
Service managing server is communicated to connect with key management system, business processing client and ticket database respectively, Business processing client is communicated to connect with printer and the second reader respectively, and the second reader and false proof device communicate to connect. Bill operation includes making out an invoice, transfer the possession of, honour and recycling;When the side of making out an invoice makes out an invoice, it is defeated will to receive ticket side for business processing client first The information of making out an invoice entered is transmitted to printer, prints bill;Secondly, business processing client will receive the information of making out an invoice of ticket side's input It is sent to service managing server, it is public to obtain corresponding false proof device in key management system by service managing server Key, and will be made out an invoice using false proof device public key and the second reader is transmitted to by business processing client again after information encryption, second The information of making out an invoice of encryption is written in corresponding false proof device (safety chip) reader;Finally, business processing client passes through Service managing server is by corresponding ticket number, information of making out an invoice and false proof device ID associated storage in ticket database.
When bill is transferred the possession of, business processing client will receive the transferable information of ticket side's input according to format group packet first;Its Secondary, business processing client obtains corresponding false proof device public key by service managing server in key management system, and Be transmitted to the second reader, the second reader writes the transferable information of encryption after transferable information being encrypted using false proof device public key Enter in corresponding false proof device (safety chip);Finally, business processing client passes through service managing server for corresponding ticket According to number, bill transferable information and false proof device ID associated storage in ticket database.
Preferably, shown in Figure 2, the verifying system includes verifying client, and verifying client is mountable in movement It include CA center public key in verifying client in terminal (mobile phone, Pad or PDA).It verifies client and uses close range communication techniques It is connect with false proof device, publisher's certificate, false proof device certificate and dynamic signature data in false proof device is obtained, for testing offline Demonstrate,prove the true and false of false proof device and bill.
When verifying false proof device, first verify that client is demonstrate,proved using publisher in CA center public key verifying false proof device Book extracts publisher's public key in publisher's certificate after being proved to be successful;Secondly, verifying client is anti-using publisher's public key verifications Pseudo-device certificate extracts the false proof device public key in false proof device certificate after being proved to be successful;Finally, it is verified that client is using anti-fake (dynamic signature data are that false proof device utilizes false proof device private key signature to the dynamic signature data of device public key verifications false proof device Generate), if being proved to be successful, false proof device is that very, otherwise false proof device is false.
When verifying bill, the instruction for reading billing information is sent to false proof device first with verifying client, it is anti-fake Device decrypts the ciphertext of billing information using built-in false proof device private key, and the clear data of decryption is returned to verifying client End;Secondly, after verifying client parses clear data, the every terms of information of presentation of bill;Finally, receiving ticket side for display Verifying is compared with the information on bill in billing information, if verifying is consistent, bill is that very, otherwise bill is false.
Preferably, the verifying client is also used to: false proof device (safe core will be written after the encryption of bill transferable information Piece) in.When receipts ticket side needs to transfer the possession of bill, bill transferable information can be inputted by verifying client, verify client for ticket According to transferable information according to format group packet, using the false proof device public key extracted in verification process by the bill transferable information after group packet It is encrypted, and the ciphertext of bill transferable information is written in false proof device (safety chip).At the same time, the present embodiment is Realization online verification, verifying client also need the bill transferable information of encryption is uploaded to operation system, industry by network Bill transferable information and false proof device ID are associated storage to after data deciphering by business system.
Using false proof device have safety chip, can secure storage sensitive data, the external world can not modify and replicate, to solve The certainly anti-fake problem of financial document, it is ensured that the safety of bill business.Mobile terminal can off-line verification false proof device whenever and wherever possible The true and false (does not depend on network), and by reading the billing information in false proof device, the true and false of examination bill, shape are checked with bill ontology The anti-fake standard quantified at one, verification operation are easier to be accurate.It can also be by verifying client to anti-fake in addition, receiving ticket side Bill transferable information is written in device, greatly improves the convenience of financial document circulation.
The false proof device includes safety chip and induction coil, and safety chip is connect with induction coil, and induction coil is used It powers in generating electric current in changes of magnetic field for safety chip.Shown in Figure 3, safety chip includes main control module, master control mould Block is connected with proximity communication module, random number generation module, data memory module and security algorithm module.
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication.
Random number generation module is used for: generating high quality true random number, true random number is for generating dynamic signature data.
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA). For storing sensitive data (such as false proof device private key), external equipment is inaccessible for secure storage areas;Application memory area is used for Data and digital certificate (such as publisher's certificate and false proof device certificate) are applied in storage;Scratchpad area (SPA) is for storing nonce According to (such as communication instruction and dynamic signature data).
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data.Security algorithm module Support national secret algorithm (State Commercial Cryptography Administration formulate standard series of algorithms, including symmetric encipherment algorithm, elliptic curve it is asymmetric plus Close algorithm and hash algorithm etc.), key operation (encryption and/or decryption) can be carried out in security algorithm module, utilize high quality True random number generate dynamic signature data.
Main control module is used for: controlling and coordinate the work of other modules, (other modules include proximity communication module, random Number generation module, data memory module and security algorithm module).Main control module is responsible for executing program code and handles anti-fake certificate Instruction, to realize the certification to false proof device and bill.The number in data memory module is called according to the instruction of verifying client According to and/or the true random number that generates of random number generation module, key operation is carried out to the data of calling using security algorithm module Afterwards, the data and result responded to verifying client return instruction.
When verifying false proof device, one piece of data is generated at random using random number generation module, is calculated using digest algorithm The abstract of the data recycles false proof device private key encryption abstract to obtain dynamic signature data, and is stored in scratchpad area (SPA), just It is called in main control module.
The present invention is not only limited to above-mentioned preferred forms, anyone can show that other are each under the inspiration of the present invention The product of kind form, however, make any variation in its shape or structure, it is all with identical or similar with the present invention Technical solution, within its protection scope.The content being not described in detail in this specification belongs to this field professional technique people The prior art well known to member.

Claims (10)

1. a kind of bill anti-counterfeit method, which comprises the following steps:
S1: to false proof device write-in false proof device private key, publisher's certificate and false proof device certificate, S2 is gone to;
S2: to making out an invoice, information is encrypted, then by the ciphertext write-in false proof device for information of making out an invoice, goes to S3;
S3: being verified using publisher's certificate and false proof device certificate of the CA center public key to write-in, if publisher's certificate and False proof device certificate is proved to be successful, and goes to S4, and it is false for otherwise returning to false proof device;
S4: after false proof device is to the information decryption of making out an invoice of write-in, the plaintext transmission for information of making out an invoice to verifying client is shown Show, then verifying be compared with the information on bill in the information of making out an invoice of display, if verification result is consistent, surrender of bills be it is true, Otherwise surrender of bills is false.
2. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that further comprising the steps of after S4:
S5: verifying client encrypts bill transferable information according to format group packet, then to the bill transferable information after group packet, It will be in the ciphertext write-in false proof device of bill transferable information.
3. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S1 are as follows:
S101: generating publisher's public private key pair, applies for publisher's certificate to the center CA;False proof device public private key pair is generated, is utilized Publisher's private key and false proof device public key application false proof device certificate, go to S102;
S102: false proof device private key, publisher's certificate and false proof device certificate are written in false proof device, S2 is gone to.
4. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S3 are as follows:
S301: verifying client obtains the dynamic label of publisher's certificate, false proof device certificate and false proof device from false proof device Name data, go to S302;
S302: verifying client verifies publisher's certificate using CA center public key, if verification result is true, extraction publisher's certificate In publisher's public key, go to S303, it is false for otherwise returning to false proof device;
S303: verifying client utilizes publisher's public key verifications false proof device certificate, if verification result is true, extraction false proof device False proof device public key in certificate, goes to S304, and it is false for otherwise returning to false proof device;
S304: verifying client utilizes the dynamic signature data of false proof device public key verifications false proof device, if verification result be it is true, Returning to false proof device is that very, it is false for otherwise returning to false proof device.
5. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device is decrypted using the information of making out an invoice of false proof device private key pair encryption, then by the plaintext number after decryption According to verifying client is returned to, S403 is gone to;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill goes to S404;
S404: verifying is compared with the information on bill in the billing information of display, if verification result is consistent, surrender of bills is Very, otherwise surrender of bills is false.
6. a kind of bill anti-counterfeiting system, including publishing system, operation system and verifying system, it is characterised in that:
Publishing system is used for: false proof device private key, publisher's certificate, false proof device certificate being written into false proof device and applies number According to;
Operation system is used for: be written the billing information of encryption into false proof device, and associated storage ticket number, billing information and False proof device ID;
Verifying system is used for: with false proof device communicate to connect, respectively to publisher's certificate, false proof device certificate and billing information into Row verifying, with the true and false of off-line verification false proof device and bill;Verifying system includes verifying client, includes in verifying client CA center public key, verifying client are connect using close range communication techniques with false proof device.
7. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the publishing system includes encryption equipment, card Book server, key management system, false proof device distribution client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair;
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate;
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate and False proof device certificate;
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, false proof device card to the first reader Book and apply data;
First reader is used for: received false proof device private key, publisher's certificate, false proof device certificate and application data are written In false proof device.
8. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the operation system includes service management clothes Business device, business processing client, the second reader, printer and ticket database;
Service managing server is used for: being obtained false proof device public key from publishing system, and is utilized false proof device public key by bill Information is encrypted, by ticket number, billing information and false proof device ID associated storage in ticket database;
Business processing client is used for: corresponding ticket number, billing information and false proof device ID are transmitted to service management service Device sends encrypted information of making out an invoice to the second reader;
Printer is used for: information of making out an invoice based on the received prints paper-bill;
Second reader is used for: received billing information ciphertext is written in false proof device;
Ticket database is used for: corresponding ticket number, billing information and false proof device ID are associated storage.
9. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the verifying client is also used to bill Transferable information encrypts the bill transferable information after group packet according to format group packet, then the ciphertext of bill transferable information is write Enter in false proof device.
10. a kind of bill anti-counterfeiting system as claim in any one of claims 6-9, it is characterised in that: the false proof device includes Safety chip and induction coil, safety chip are connect with induction coil, and induction coil, which is used to generate electric current in changes of magnetic field, is Safety chip power supply, safety chip includes main control module, and main control module is connected with proximity communication module, generating random number mould Block, data memory module and security algorithm module;
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication;
Random number generation module is used for: generating high quality true random number;
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA), safety Data and digital certificate are applied for storing for storing sensitive data, application memory area in memory block, and scratchpad area (SPA) is for depositing Store up ephemeral data;
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data;
Main control module is used for: being responsible for executing program code and processing anti-fake certificate instruction, by controlling and coordinating other modules Work is to realize the certification to false proof device and bill.
CN201811346346.1A 2018-11-13 2018-11-13 Bill anti-counterfeiting method and system Active CN109614803B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811346346.1A CN109614803B (en) 2018-11-13 2018-11-13 Bill anti-counterfeiting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811346346.1A CN109614803B (en) 2018-11-13 2018-11-13 Bill anti-counterfeiting method and system

Publications (2)

Publication Number Publication Date
CN109614803A true CN109614803A (en) 2019-04-12
CN109614803B CN109614803B (en) 2020-11-13

Family

ID=66004249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811346346.1A Active CN109614803B (en) 2018-11-13 2018-11-13 Bill anti-counterfeiting method and system

Country Status (1)

Country Link
CN (1) CN109614803B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110955917A (en) * 2019-10-28 2020-04-03 航天信息股份有限公司 Method and system for verifying electronic certificates related to multiple participants
CN112785308A (en) * 2021-02-02 2021-05-11 中钞印制技术研究院有限公司 Anti-counterfeiting method, anti-counterfeiting system and securities
CN112801674A (en) * 2021-02-02 2021-05-14 中钞印制技术研究院有限公司 Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product
CN117454363A (en) * 2023-12-22 2024-01-26 北京安泰伟奥信息技术有限公司 Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1858795A (en) * 2006-05-22 2006-11-08 北京易恒信认证科技有限公司 Identifying system and method for electronic bill credit based on CPK
US20120272306A1 (en) * 2008-02-29 2012-10-25 Microsoft Corporation Authentication ticket validation
CN103473592A (en) * 2013-09-25 2013-12-25 成都市易恒信科技有限公司 Tag off-line distinguishing method and device based on CPK system
CN105160242A (en) * 2015-08-07 2015-12-16 北京亿速码数据处理有限责任公司 Certificate loading method and certificate updating method of card reader and card reader
CN205091758U (en) * 2015-08-07 2016-03-16 北京亿速码数据处理有限责任公司 Card reader and CPU card transaction system
CN105678598A (en) * 2014-11-19 2016-06-15 航天信息股份有限公司 Method and system for issuing online invoice with two-dimension code
CN107146120A (en) * 2017-04-25 2017-09-08 大象慧云信息技术有限公司 The generation method and generating means of electronic invoice
CN108389086A (en) * 2018-01-24 2018-08-10 大象慧云信息技术有限公司 A kind of electronic invoice electronic signature method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1858795A (en) * 2006-05-22 2006-11-08 北京易恒信认证科技有限公司 Identifying system and method for electronic bill credit based on CPK
US20120272306A1 (en) * 2008-02-29 2012-10-25 Microsoft Corporation Authentication ticket validation
CN103473592A (en) * 2013-09-25 2013-12-25 成都市易恒信科技有限公司 Tag off-line distinguishing method and device based on CPK system
CN105678598A (en) * 2014-11-19 2016-06-15 航天信息股份有限公司 Method and system for issuing online invoice with two-dimension code
CN105160242A (en) * 2015-08-07 2015-12-16 北京亿速码数据处理有限责任公司 Certificate loading method and certificate updating method of card reader and card reader
CN205091758U (en) * 2015-08-07 2016-03-16 北京亿速码数据处理有限责任公司 Card reader and CPU card transaction system
CN107146120A (en) * 2017-04-25 2017-09-08 大象慧云信息技术有限公司 The generation method and generating means of electronic invoice
CN108389086A (en) * 2018-01-24 2018-08-10 大象慧云信息技术有限公司 A kind of electronic invoice electronic signature method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110955917A (en) * 2019-10-28 2020-04-03 航天信息股份有限公司 Method and system for verifying electronic certificates related to multiple participants
CN110955917B (en) * 2019-10-28 2024-02-02 航天信息股份有限公司 Method and system for verifying electronic certificates related to multiple participants
CN112785308A (en) * 2021-02-02 2021-05-11 中钞印制技术研究院有限公司 Anti-counterfeiting method, anti-counterfeiting system and securities
CN112801674A (en) * 2021-02-02 2021-05-14 中钞印制技术研究院有限公司 Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product
CN112801674B (en) * 2021-02-02 2024-03-01 中钞印制技术研究院有限公司 Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product
CN117454363A (en) * 2023-12-22 2024-01-26 北京安泰伟奥信息技术有限公司 Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification
CN117454363B (en) * 2023-12-22 2024-03-12 北京安泰伟奥信息技术有限公司 Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification

Also Published As

Publication number Publication date
CN109614803B (en) 2020-11-13

Similar Documents

Publication Publication Date Title
CN109614803A (en) A kind of bill anti-counterfeit method and system
CN1831865B (en) Electronic bank safety authorization system and method based on CPK
CN103413159B (en) A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK
CN101183439A (en) Electronic bill processing system and processing method
WO2018099336A1 (en) Cpk-based digital bank, digital currency, and payment method
CN110458542A (en) Offline electronic payment system and method based on block chain
CN104393993B (en) A kind of safety chip and its implementation for electricity-selling terminal
CN102789607A (en) Network transaction method and system
CN103873244A (en) Identity authentication method and system in mobile payment based on fingerprint identification
CN107786550A (en) A kind of safety communicating method of self-service device, safe communication system and self-service device
CN102222389A (en) Realization method and device of fingerprint comparison in financial IC (integrated circuit) card
CN105162607A (en) Authentication method and system of payment bill voucher
CN106953732A (en) The key management system and method for chip card
CN109754241A (en) A kind of hard money packet and the verification method based on hard money packet
CN113364597A (en) Privacy information proving method and system based on block chain
CN101101660A (en) Bill false-proof method and its system
CN104579659A (en) Device for safety information interaction
CN104899737A (en) Fingerprint IRLRD characteristic encryption method, and mobile payment system and method based on encryption method
CN102831517A (en) Electronic consumption card system based on mobile terminal
CN102609842B (en) A kind of payment cipher device based on hardware signature equipment and application process thereof
CN104243164A (en) Dynamic encryption non-contact type anti-counterfeit label and control method
JP2014134881A (en) Authority delegation management system and method thereof
CN100486156C (en) Forming and verifying system for bill anti-fake code
EP0886248A2 (en) Method and apparatus for registration of information with plural institutions and recording medium with registration program stored thereon
CN102332144B (en) Bank electronic password produces system and applies the authentication method of this bank electronic password generation system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant