CN109614803A - A kind of bill anti-counterfeit method and system - Google Patents
A kind of bill anti-counterfeit method and system Download PDFInfo
- Publication number
- CN109614803A CN109614803A CN201811346346.1A CN201811346346A CN109614803A CN 109614803 A CN109614803 A CN 109614803A CN 201811346346 A CN201811346346 A CN 201811346346A CN 109614803 A CN109614803 A CN 109614803A
- Authority
- CN
- China
- Prior art keywords
- proof device
- false proof
- certificate
- bill
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a kind of bill anti-counterfeit method and systems, false proof device private key is written to false proof device, publisher's certificate and false proof device certificate, to making out an invoice, information is encrypted, it again will be in the ciphertext write-in false proof device for information of making out an invoice, it is verified using publisher certificate and false proof device certificate of the CA center public key to write-in, after false proof device is to the information decryption of making out an invoice of write-in, the plaintext transmission for information of making out an invoice to verifying client is shown, verifying is compared with the information on bill in the information of making out an invoice of display again, the effect of bill anti-counterfeit can not only be improved, the difficulty of note validating can also be reduced, ensure the safety of bill business.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of bill anti-counterfeit method and system.
Background technique
In recent years, the counterfeit and shoddy goods occurred in the market are increasingly spread unchecked, and fictitious bill is prevailing, very disruptive market order
Sequence not only brings negative impact to incorporated business's image, also brings conflict psychology to consumer.For backed bill transaction
It is safe, some anti-counterfeiting technologies can be generally used on bill, such as paper line is anti-fake, printing is anti-fake, ink is anti-fake, secret mark is anti-fake etc..
With the continuous progress of science and technology, existing false proof bill is made to be easy to be replicated or pseudo- by computer scanning means
It creates, and traditional anti-counterfeiting technology also relies on the sense organ of people to carry out fake certification, there is no the anti-fake standard of a quantization,
Lead to true and false difficult judgment, the degree of safety of anti-counterfeiting technology is low, and antifalse effect is undesirable, is not able to satisfy modern society for anti-fake production
The safety requirements of product.
Summary of the invention
In view of the deficiencies in the prior art, present invention solves the technical problem that are as follows: how to improve the effect of bill anti-counterfeit
Fruit reduces the difficulty of note validating, it is ensured that the safety of bill business.
To achieve the above objectives, provided by the invention 1, a kind of bill anti-counterfeit method, comprising the following steps:
S1: to false proof device write-in false proof device private key, publisher's certificate and false proof device certificate, S2 is gone to;
S2: to making out an invoice, information is encrypted, then by the ciphertext write-in false proof device for information of making out an invoice, goes to S3;
S3: being verified using publisher's certificate and false proof device certificate of the CA center public key to write-in, if publisher demonstrate,proves
Book and false proof device certificate are proved to be successful, and go to S4, and it is false for otherwise returning to false proof device;
S4: false proof device to write-in make out an invoice information decryption after, by the plaintext transmission for information of making out an invoice to verifying client into
Row display, then verifying is compared with the information on bill in the information of making out an invoice of display, if verification result is consistent, surrender of bills is
Very, otherwise surrender of bills is false.
Based on the above technical solution, further comprising the steps of after S4:
S5: verifying client carries out bill transferable information according to format group packet, then to the bill transferable information after group packet
Encryption, will be in the ciphertext write-in false proof device of bill transferable information.
Based on the above technical solution, the detailed process of S1 are as follows:
S101: generating publisher's public private key pair, applies for publisher's certificate to the center CA;False proof device public private key pair is generated,
Using publisher's private key and false proof device public key application false proof device certificate, S102 is gone to;
S102: false proof device private key, publisher's certificate and false proof device certificate are written in false proof device, S2 is gone to.
Based on the above technical solution, the detailed process of S3 are as follows:
S301: verifying client obtains the dynamic of publisher's certificate, false proof device certificate and false proof device from false proof device
State signed data, goes to S302;
S302: verifying client verifies publisher's certificate using CA center public key, if verification result is true, extraction publisher
Publisher's public key in certificate, goes to S303, and it is false for otherwise returning to false proof device;
S303: verifying client utilizes publisher's public key verifications false proof device certificate, if verification result is very, to extract anti-fake
False proof device public key in device certificate, goes to S304, and it is false for otherwise returning to false proof device;
S304: verifying client utilizes the dynamic signature data of false proof device public key verifications false proof device, if verification result
It is that very, returning to false proof device is that very, it is false for otherwise returning to false proof device.
Based on the above technical solution, the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device is decrypted using the information of making out an invoice of false proof device private key pair encryption, then will be bright after decryption
Literary data return to verifying client, go to S403;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill is gone to
S404;
S404: being compared verifying with the information on bill for the billing information of display, if verification result is consistent, returns to ticket
According to be true, otherwise surrender of bills is false.
In order to solve the above technical problems, the present invention also provides a kind of bill anti-counterfeiting system, including publishing system, operation system
With verifying system,
Publishing system is used for: false proof device private key, publisher's certificate, false proof device certificate being written into false proof device and answers
Use data;
Operation system is used for: the billing information of encryption being written into false proof device, and associated storage ticket number, bill are believed
Breath and false proof device ID;
Verifying system is used for: being communicated to connect with false proof device, is believed respectively publisher's certificate, false proof device certificate and bill
Breath is verified, with the true and false of off-line verification false proof device and bill;Verifying system includes verifying client, is verified in client
Comprising CA center public key, verifies client and connect using close range communication techniques with false proof device.
Based on the above technical solution, the publishing system includes encryption equipment, certificate server, key management system
System, false proof device distribution client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair;
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate;
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate
And false proof device certificate;
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, anti-camouflage to the first reader
Set certificate and using data;
First reader is used for: by received false proof device private key, publisher's certificate, false proof device certificate and applying data
It is written in false proof device.
Based on the above technical solution, the operation system include service managing server, business processing client,
Second reader, printer and ticket database;
Service managing server is used for: false proof device public key is obtained from publishing system, and will using false proof device public key
Billing information is encrypted, by ticket number, billing information and false proof device ID associated storage in ticket database;
Business processing client is used for: corresponding ticket number, billing information and false proof device ID are transmitted to service management
Server sends encrypted information of making out an invoice to the second reader;
Printer is used for: information of making out an invoice based on the received prints paper-bill;
Second reader is used for: received billing information ciphertext is written in false proof device;
Ticket database is used for: corresponding ticket number, billing information and false proof device ID are associated storage.
Based on the above technical solution, the verifying client is also used to bill transferable information according to format group
Packet encrypts the bill transferable information after group packet, then will be in the ciphertext write-in false proof device of bill transferable information.
Based on the above technical solution, the false proof device includes safety chip and induction coil, safety chip with
Induction coil connection, induction coil are used to generate electric current in changes of magnetic field as safety chip power supply, and safety chip includes master control
Module, main control module are connected with proximity communication module, random number generation module, data memory module and security algorithm module;
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication;
Random number generation module is used for: generating high quality true random number;
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA),
Data and digital certificate are applied for storing for storing sensitive data, application memory area in secure storage areas, and scratchpad area (SPA) is used
In storage ephemeral data;
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data;
Main control module is used for: being responsible for executing program code and processing anti-fake certificate instruction, by controlling and coordinating other moulds
The work of block is to realize the certification to false proof device and bill.
Compared with the prior art, the advantages of the present invention are as follows:
1) using false proof device have safety chip, can secure storage sensitive data, the external world can not modify and replicate, pass through
False proof device and false proof bill two-stage offline authentication not only improve the effect of bill anti-counterfeit, also reduce the difficulty of note validating, really
The safety for protecting bill business, also can be widely used in the various anti-counterfeiting objects such as financial document, certificate, bottle;
2) mobile terminal can offline fast verification false proof device whenever and wherever possible the true and false, and can be read in false proof device
Billing information and bill ontology are checked, and it is more convenient accurate to operate;
3) user can by verifying client to false proof device be written bill transferable information, and do not depend on network can realize from
Line operation, to greatly improve the convenience of financial document circulation.
Detailed description of the invention
Fig. 1 is the flow chart of bill anti-counterfeit method in the present invention.
Fig. 2 is the connection block diagram of bill anti-counterfeiting system in the present invention.
Fig. 3 is the connection block diagram of safety chip in the present invention.
Specific embodiment
The embodiment of the present invention is described in further detail below in conjunction with attached drawing.
It is shown in Figure 1, a kind of bill anti-counterfeit method, comprising the following steps:
S1: publisher turns to existing false proof device write-in false proof device private key, publisher's certificate and false proof device certificate
To S2;
When concrete application, one piece of existing safety chip can be installed in false proof device, (false proof device is private by above- mentioned information
Key, publisher's certificate and false proof device certificate) it is written in safety chip, safety chip utilizes above- mentioned information to carry out fake certification.
S2: by the information of making out an invoice of the bill for needing to verify the true and false, (information of making out an invoice includes at least account information, makes out an invoice for the side of making out an invoice
Type and make out an invoice the amount of money) after encryption, in write-in false proof device (safety chip), go to S3;So far it is logical that receipts ticket side can be realized
The information of making out an invoice in verifying false proof device is crossed, to judge the true and false of bill.
At the same time, in order to realize online verification, the side of making out an invoice also needs ticket number, information of making out an invoice and prevents the present embodiment
Pseudo-device ID (unique identifier that false proof device ID is false proof device) is associated and stores, can be by network in the side of making out an invoice
The corresponding false proof device ID of ticket number is first inquired in database and information of making out an invoice, then by the false proof device ID and bill of inquiry
False proof device ID be compared, then illustrate that the false proof device has issued user with bill really if they are the same, then read anti-fake
Device certificate and signed data, if being verified, illustrate the anti-camouflage by network verification false proof device certificate and signed data
It is set to true.The information of making out an invoice of inquiry is compared with the information on bill finally, then illustrates that the bill is true if they are the same.
S3: after receipts ticket side gets the bill and false proof device that the side of making out an invoice issues, online or offline two ways can be passed through
The true and false for verifying bill, it has been noted that offline mode is emphasis of the invention before online verification, specifically:
Utilize the preparatory center CA (Certificate Authority, the certification for obtaining (such as downloading in advance at the terminal)
Center) public key, the publisher's certificate and false proof device certificate that are written in S1 are verified, if publisher's certificate and false proof device
Certificate is proved to be successful, then completes first order certification, go to S4, and it is false for otherwise returning to false proof device.
S4: the information of making out an invoice being written in false proof device decryption S2, then the information of making out an invoice after decryption is transmitted to verifying client
End is shown [verifying client is mountable in existing mobile terminal (mobile phone, Pad or PDA)], receives ticket side for display
Verifying is compared with the information on bill in information of making out an invoice, if verification result is consistent, completes second level certification, surrender of bills is
Very, otherwise surrender of bills is false.
Preferably, the detailed process of S1 are as follows:
S101: publisher generates publisher's public private key pair, and publisher applies for publisher to the center CA using publisher's public key
Certificate;Publisher generates false proof device public private key pair, and publisher utilizes publisher's private key and false proof device public key to cert services
Device application false proof device certificate, goes to S102;
S102: false proof device (safety is written in false proof device private key, publisher's certificate and false proof device certificate by publisher
Chip) in, go to S2.
Preferably, the detailed process of S3 are as follows:
S301: verifying client obtain from the false proof device (safety chip) publisher's certificate, false proof device certificate and
The dynamic signature data of false proof device, go to S302;
S302: using CA center public key verifying publisher's certificate, (publisher's certificate is private using the center CA to verifying client
What key was signed and issued, publisher's certificate includes publisher's information and publisher's public key), if verification result is true, extraction publisher's certificate
In publisher's public key, go to S303, it is false for otherwise returning to false proof device;
S303: using publisher's public key verifications false proof device certificate, (false proof device certificate is to utilize distribution to verifying client
Quotient's private key is signed and issued, and false proof device certificate includes false proof device public key), if verification result is very, to extract in false proof device certificate
False proof device public key, go to S304, it is false for otherwise returning to false proof device;
S304: verifying client utilizes dynamic signature data (the dynamic signature number of false proof device public key verifications false proof device
Generated according to being false proof device using false proof device private key signature), if verification result is that very, very, otherwise returning to false proof device is
It is false for returning to false proof device.
Preferably, the product process of the dynamic signature data includes:
S301a: false proof device (safety chip) generates one piece of data (such as 16 bytes random number+false proof device at random
ID+ publisher's mark+authentication center's public key index), go to S301b;
S301b: the abstract of data is calculated using digest algorithm, goes to S301c;
S301c: using false proof device private key to the digest of data, dynamic signature data are generated.
Preferably, the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device instructs based on the received to be decrypted using the information of making out an invoice of false proof device private key pair encryption,
The clear data after decryption is returned into verifying client again, goes to S403;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill is gone to
S404;
S404: receiving ticket side for the billing information of display and verifying be compared with the information on bill, if verification result is consistent,
Surrender of bills is that very, otherwise surrender of bills is false.
The present invention proposes a kind of anti-counterfeit authentication method, has using false proof device on the basis of rivest, shamir, adelman
Have safety chip, can secure storage sensitive data, the external world can not modify and replicate, and mobile terminal can be tested quickly offline whenever and wherever possible
The true and false of false proof device is demonstrate,proved, and the billing information in false proof device and the examination of bill ontology can be read, it is more convenient accurate to operate.
It is authenticated by false proof device and false proof bill two-stage, not only improves the effect of bill anti-counterfeit, also reduce the difficulty of note validating, really
Protect the safety of bill business.The anti-counterfeit authentication method also can be widely used in the various anti-counterfeiting objects such as financial document, certificate, bottle
On, it has wide range of applications.
When financial document needs to transfer the possession of, generally realize that the transfer of bill, bill transferable information are to hold by endorsing
People (user A) is by the subrogation of bill to the record information of the third party (user B).Bill transferable information is the third party (user
B) the legal authority for possessing right of negotiable instrument exercises the power of bill convenient for the third party (user B) in the later period.
Preferably, when receipts ticket side (user A) need to transfer right of negotiable instrument third party (user B), bill is transferred the possession of
After information encryption, in write-in false proof device (safety chip), realizes the transfer function of bill, i.e., further include following after S4
Step:
S5: ticket side (user A) is received by after the encryption of bill transferable information, is written in false proof device (safety chip);So far
The transfer function of bill can be realized by the side of making out an invoice or verifying client by receiving ticket side (user A), and right of negotiable instrument is transferred third
Side (user B).
When bill is transferred third party (user B) by the side of making out an invoice by receipts ticket side (user A), the side of making out an invoice believes bill transfer
After encryption for information, in write-in false proof device (safety chip).At the same time, the present embodiment is in order to realize online verification, the side of making out an invoice
It also needs the bill transferable information of unencryption and false proof device ID being associated storage, line verifying specifically:
It first passes through network and inquires the corresponding false proof device ID of ticket number and billing information (ticket in the database for the side of making out an invoice
It is believed that breath includes making out an invoice information and bill transferable information), then by the false proof device ID of the false proof device ID of inquiry and bill into
Row compares, and then illustrates that the false proof device has issued user with bill really if they are the same, then reads false proof device certificate and signature
Data, if being verified, illustrate that the false proof device is true by network verification false proof device certificate and signed data.Finally will
The billing information of inquiry is compared with the information on bill, then illustrates that the bill is true if they are the same.
Receiving ticket side (user A) and bill is transferred third party (user B) by verifying client is emphasis of the invention, tool
Body process are as follows: verifying client first by receive ticket side input bill transferable information according to format group packet (group packet i.e. by data according to
Communication protocol is packaged), then the bill transferable information after group packet is encrypted, finally the bill transferable information of encryption is written anti-
In pseudo-device (safety chip), false proof device is written successfully to verifying client surrender of bills record.At the same time, this implementation
In order to realize online verification, verifying client also needs that the bill transferable information of encryption is uploaded to the side of making out an invoice by network example,
The side of making out an invoice will be associated storage with false proof device ID after the decryption of bill transferable information.Not only make verification operation safe and simple
With it is accurate, and can by verifying client directly to false proof device be written bill transferable information, improve financial document circulation
Convenience.
It is shown in Figure 2, a kind of bill anti-counterfeiting system, including publishing system, operation system and verifying system;
Publishing system is used for: distribution false proof device, false proof device are equipped with safety chip;The distribution process of false proof device
Are as follows: false proof device private key, publisher's certificate, false proof device certificate are written into false proof device (safety chip) and answers by publisher
With data (including application program using data, for being initialized to false proof device).
Operation system is used for: processing bill operation and management bill;The side of making out an invoice by operation system will make out an invoice information printing
On bill, the corresponding relationship of obtain making out an invoice information and ticket number, and the write-in encryption into false proof device (safety chip)
Billing information (billing information include make out an invoice information and bill transferable information), it is corresponding with false proof device ID to obtain billing information
Relationship;Again by ticket number, billing information and false proof device ID associated storage in ticket database;
Verifying system is used for: the true and false of off-line verification false proof device and bill;After receipts ticket side passes through verifying system to decryption
Billing information shown, receive ticket side and verifying be compared with the information on bill in the billing information of display, if they are the same then
Illustrate that the bill is true.
Preferably, shown in Figure 2, the publishing system includes encryption equipment, certificate server, key management system, prevents
Pseudo-device issues client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair.
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate.Certificate server utilizes CA center secret key
Publisher's certificate is signed and issued, publisher's certificate includes publisher's information and publisher's public key.Certificate server utilizes publisher's private key
False proof device certificate is signed and issued, false proof device certificate includes false proof device public key.
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate
And false proof device certificate.
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, anti-camouflage to the first reader
Set certificate and using data.False proof device issues client and obtains false proof device private key, publisher's card by key management system
Book and false proof device certificate.
First reader is used for: by received false proof device private key, publisher's certificate, false proof device certificate and applying data
It is written in false proof device (safety chip).
In publishing system, false proof device is connect using close range communication techniques with the first reader, and the first reader will
False proof device private key, publisher's certificate, false proof device certificate and application data store are used in false proof device (safety chip)
In realization electronic anti-fogery, discrimination.
Key management system is connect with encryption equipment, certificate server and false proof device distribution client communication respectively, and first
Client is issued with false proof device respectively for reader and false proof device communicates to connect.In false proof device of the distribution with safety chip
When, false proof device public private key pair is generated first with encryption equipment, and be stored in key management system;Secondly, key management system
System is obtained by certificate server, storage publisher's certificate and false proof device certificate, false proof device issue client for anti-camouflage
It sets private key, publisher's certificate, false proof device certificate and is transmitted to the first reader using data;Finally, the first reader will connect
In information write-in false proof device (safety chip) of receipts.
Preferably, shown in Figure 2, the operation system includes service managing server, business processing client, second
Reader, printer and ticket database;
Service managing server is used for: management bill operation obtains anti-camouflage from the key management system of publishing system
Set public key.
Business processing client is used for: the information of making out an invoice for receiving the input of ticket side is sent to printer, and (information of making out an invoice includes account
Number information, type of making out an invoice and the amount of money of making out an invoice), and false proof device public key is obtained by service managing server, utilize false proof device
Public key encrypts billing information (billing information includes make out an invoice information and bill transferable information), sends and adds to the second reader
Information of making out an invoice after close.
Printer is used for: information of making out an invoice based on the received prints paper-bill.
Second reader is used for: received billing information is written in false proof device (safety chip).
Business processing client is also used to: corresponding ticket number, billing information and false proof device ID are transmitted to business pipe
Manage server.
Service managing server is also used to: received ticket number, billing information and false proof device ID associated storage are existed
In ticket database.
Ticket database is used for: the corresponding relationship of storing bill and false proof device, and corresponding ticket number, bill are believed
Breath and false proof device ID are associated storage.
In operation system, false proof device is connect using close range communication techniques with the second reader, by encrypted ticket
It is believed that breath is stored in false proof device (safety chip), for realizing the true and false of off-line verification bill.
Service managing server is communicated to connect with key management system, business processing client and ticket database respectively,
Business processing client is communicated to connect with printer and the second reader respectively, and the second reader and false proof device communicate to connect.
Bill operation includes making out an invoice, transfer the possession of, honour and recycling;When the side of making out an invoice makes out an invoice, it is defeated will to receive ticket side for business processing client first
The information of making out an invoice entered is transmitted to printer, prints bill;Secondly, business processing client will receive the information of making out an invoice of ticket side's input
It is sent to service managing server, it is public to obtain corresponding false proof device in key management system by service managing server
Key, and will be made out an invoice using false proof device public key and the second reader is transmitted to by business processing client again after information encryption, second
The information of making out an invoice of encryption is written in corresponding false proof device (safety chip) reader;Finally, business processing client passes through
Service managing server is by corresponding ticket number, information of making out an invoice and false proof device ID associated storage in ticket database.
When bill is transferred the possession of, business processing client will receive the transferable information of ticket side's input according to format group packet first;Its
Secondary, business processing client obtains corresponding false proof device public key by service managing server in key management system, and
Be transmitted to the second reader, the second reader writes the transferable information of encryption after transferable information being encrypted using false proof device public key
Enter in corresponding false proof device (safety chip);Finally, business processing client passes through service managing server for corresponding ticket
According to number, bill transferable information and false proof device ID associated storage in ticket database.
Preferably, shown in Figure 2, the verifying system includes verifying client, and verifying client is mountable in movement
It include CA center public key in verifying client in terminal (mobile phone, Pad or PDA).It verifies client and uses close range communication techniques
It is connect with false proof device, publisher's certificate, false proof device certificate and dynamic signature data in false proof device is obtained, for testing offline
Demonstrate,prove the true and false of false proof device and bill.
When verifying false proof device, first verify that client is demonstrate,proved using publisher in CA center public key verifying false proof device
Book extracts publisher's public key in publisher's certificate after being proved to be successful;Secondly, verifying client is anti-using publisher's public key verifications
Pseudo-device certificate extracts the false proof device public key in false proof device certificate after being proved to be successful;Finally, it is verified that client is using anti-fake
(dynamic signature data are that false proof device utilizes false proof device private key signature to the dynamic signature data of device public key verifications false proof device
Generate), if being proved to be successful, false proof device is that very, otherwise false proof device is false.
When verifying bill, the instruction for reading billing information is sent to false proof device first with verifying client, it is anti-fake
Device decrypts the ciphertext of billing information using built-in false proof device private key, and the clear data of decryption is returned to verifying client
End;Secondly, after verifying client parses clear data, the every terms of information of presentation of bill;Finally, receiving ticket side for display
Verifying is compared with the information on bill in billing information, if verifying is consistent, bill is that very, otherwise bill is false.
Preferably, the verifying client is also used to: false proof device (safe core will be written after the encryption of bill transferable information
Piece) in.When receipts ticket side needs to transfer the possession of bill, bill transferable information can be inputted by verifying client, verify client for ticket
According to transferable information according to format group packet, using the false proof device public key extracted in verification process by the bill transferable information after group packet
It is encrypted, and the ciphertext of bill transferable information is written in false proof device (safety chip).At the same time, the present embodiment is
Realization online verification, verifying client also need the bill transferable information of encryption is uploaded to operation system, industry by network
Bill transferable information and false proof device ID are associated storage to after data deciphering by business system.
Using false proof device have safety chip, can secure storage sensitive data, the external world can not modify and replicate, to solve
The certainly anti-fake problem of financial document, it is ensured that the safety of bill business.Mobile terminal can off-line verification false proof device whenever and wherever possible
The true and false (does not depend on network), and by reading the billing information in false proof device, the true and false of examination bill, shape are checked with bill ontology
The anti-fake standard quantified at one, verification operation are easier to be accurate.It can also be by verifying client to anti-fake in addition, receiving ticket side
Bill transferable information is written in device, greatly improves the convenience of financial document circulation.
The false proof device includes safety chip and induction coil, and safety chip is connect with induction coil, and induction coil is used
It powers in generating electric current in changes of magnetic field for safety chip.Shown in Figure 3, safety chip includes main control module, master control mould
Block is connected with proximity communication module, random number generation module, data memory module and security algorithm module.
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication.
Random number generation module is used for: generating high quality true random number, true random number is for generating dynamic signature data.
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA).
For storing sensitive data (such as false proof device private key), external equipment is inaccessible for secure storage areas;Application memory area is used for
Data and digital certificate (such as publisher's certificate and false proof device certificate) are applied in storage;Scratchpad area (SPA) is for storing nonce
According to (such as communication instruction and dynamic signature data).
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data.Security algorithm module
Support national secret algorithm (State Commercial Cryptography Administration formulate standard series of algorithms, including symmetric encipherment algorithm, elliptic curve it is asymmetric plus
Close algorithm and hash algorithm etc.), key operation (encryption and/or decryption) can be carried out in security algorithm module, utilize high quality
True random number generate dynamic signature data.
Main control module is used for: controlling and coordinate the work of other modules, (other modules include proximity communication module, random
Number generation module, data memory module and security algorithm module).Main control module is responsible for executing program code and handles anti-fake certificate
Instruction, to realize the certification to false proof device and bill.The number in data memory module is called according to the instruction of verifying client
According to and/or the true random number that generates of random number generation module, key operation is carried out to the data of calling using security algorithm module
Afterwards, the data and result responded to verifying client return instruction.
When verifying false proof device, one piece of data is generated at random using random number generation module, is calculated using digest algorithm
The abstract of the data recycles false proof device private key encryption abstract to obtain dynamic signature data, and is stored in scratchpad area (SPA), just
It is called in main control module.
The present invention is not only limited to above-mentioned preferred forms, anyone can show that other are each under the inspiration of the present invention
The product of kind form, however, make any variation in its shape or structure, it is all with identical or similar with the present invention
Technical solution, within its protection scope.The content being not described in detail in this specification belongs to this field professional technique people
The prior art well known to member.
Claims (10)
1. a kind of bill anti-counterfeit method, which comprises the following steps:
S1: to false proof device write-in false proof device private key, publisher's certificate and false proof device certificate, S2 is gone to;
S2: to making out an invoice, information is encrypted, then by the ciphertext write-in false proof device for information of making out an invoice, goes to S3;
S3: being verified using publisher's certificate and false proof device certificate of the CA center public key to write-in, if publisher's certificate and
False proof device certificate is proved to be successful, and goes to S4, and it is false for otherwise returning to false proof device;
S4: after false proof device is to the information decryption of making out an invoice of write-in, the plaintext transmission for information of making out an invoice to verifying client is shown
Show, then verifying be compared with the information on bill in the information of making out an invoice of display, if verification result is consistent, surrender of bills be it is true,
Otherwise surrender of bills is false.
2. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that further comprising the steps of after S4:
S5: verifying client encrypts bill transferable information according to format group packet, then to the bill transferable information after group packet,
It will be in the ciphertext write-in false proof device of bill transferable information.
3. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S1 are as follows:
S101: generating publisher's public private key pair, applies for publisher's certificate to the center CA;False proof device public private key pair is generated, is utilized
Publisher's private key and false proof device public key application false proof device certificate, go to S102;
S102: false proof device private key, publisher's certificate and false proof device certificate are written in false proof device, S2 is gone to.
4. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S3 are as follows:
S301: verifying client obtains the dynamic label of publisher's certificate, false proof device certificate and false proof device from false proof device
Name data, go to S302;
S302: verifying client verifies publisher's certificate using CA center public key, if verification result is true, extraction publisher's certificate
In publisher's public key, go to S303, it is false for otherwise returning to false proof device;
S303: verifying client utilizes publisher's public key verifications false proof device certificate, if verification result is true, extraction false proof device
False proof device public key in certificate, goes to S304, and it is false for otherwise returning to false proof device;
S304: verifying client utilizes the dynamic signature data of false proof device public key verifications false proof device, if verification result be it is true,
Returning to false proof device is that very, it is false for otherwise returning to false proof device.
5. a kind of bill anti-counterfeit method as described in claim 1, which is characterized in that the detailed process of S4 are as follows:
S401: verifying client sends the instruction for reading billing information to false proof device, goes to S402;
S402: false proof device is decrypted using the information of making out an invoice of false proof device private key pair encryption, then by the plaintext number after decryption
According to verifying client is returned to, S403 is gone to;
S403: after verifying client parses received clear data, the every terms of information of presentation of bill goes to S404;
S404: verifying is compared with the information on bill in the billing information of display, if verification result is consistent, surrender of bills is
Very, otherwise surrender of bills is false.
6. a kind of bill anti-counterfeiting system, including publishing system, operation system and verifying system, it is characterised in that:
Publishing system is used for: false proof device private key, publisher's certificate, false proof device certificate being written into false proof device and applies number
According to;
Operation system is used for: be written the billing information of encryption into false proof device, and associated storage ticket number, billing information and
False proof device ID;
Verifying system is used for: with false proof device communicate to connect, respectively to publisher's certificate, false proof device certificate and billing information into
Row verifying, with the true and false of off-line verification false proof device and bill;Verifying system includes verifying client, includes in verifying client
CA center public key, verifying client are connect using close range communication techniques with false proof device.
7. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the publishing system includes encryption equipment, card
Book server, key management system, false proof device distribution client and the first reader;
Encryption equipment is used for: generating false proof device public private key pair;
Certificate server is used for: signing and issuing publisher's certificate and false proof device certificate;
Key management system is used for: storage and management false proof device public private key pair, publisher's public private key pair, publisher's certificate and
False proof device certificate;
False proof device distribution client is used for: sending false proof device private key, publisher's certificate, false proof device card to the first reader
Book and apply data;
First reader is used for: received false proof device private key, publisher's certificate, false proof device certificate and application data are written
In false proof device.
8. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the operation system includes service management clothes
Business device, business processing client, the second reader, printer and ticket database;
Service managing server is used for: being obtained false proof device public key from publishing system, and is utilized false proof device public key by bill
Information is encrypted, by ticket number, billing information and false proof device ID associated storage in ticket database;
Business processing client is used for: corresponding ticket number, billing information and false proof device ID are transmitted to service management service
Device sends encrypted information of making out an invoice to the second reader;
Printer is used for: information of making out an invoice based on the received prints paper-bill;
Second reader is used for: received billing information ciphertext is written in false proof device;
Ticket database is used for: corresponding ticket number, billing information and false proof device ID are associated storage.
9. a kind of bill anti-counterfeiting system as claimed in claim 6, it is characterised in that: the verifying client is also used to bill
Transferable information encrypts the bill transferable information after group packet according to format group packet, then the ciphertext of bill transferable information is write
Enter in false proof device.
10. a kind of bill anti-counterfeiting system as claim in any one of claims 6-9, it is characterised in that: the false proof device includes
Safety chip and induction coil, safety chip are connect with induction coil, and induction coil, which is used to generate electric current in changes of magnetic field, is
Safety chip power supply, safety chip includes main control module, and main control module is connected with proximity communication module, generating random number mould
Block, data memory module and security algorithm module;
Proximity communication module is used for: being connect with the first reader, the second reader and/or verifying client communication;
Random number generation module is used for: generating high quality true random number;
Data memory module is used for: storage related data, including secure storage areas, application memory area and scratchpad area (SPA), safety
Data and digital certificate are applied for storing for storing sensitive data, application memory area in memory block, and scratchpad area (SPA) is for depositing
Store up ephemeral data;
Security algorithm module is used for: being handled the encryption and decryption operation of data and is generated dynamic signature data;
Main control module is used for: being responsible for executing program code and processing anti-fake certificate instruction, by controlling and coordinating other modules
Work is to realize the certification to false proof device and bill.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811346346.1A CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811346346.1A CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109614803A true CN109614803A (en) | 2019-04-12 |
CN109614803B CN109614803B (en) | 2020-11-13 |
Family
ID=66004249
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811346346.1A Active CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109614803B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955917A (en) * | 2019-10-28 | 2020-04-03 | 航天信息股份有限公司 | Method and system for verifying electronic certificates related to multiple participants |
CN112785308A (en) * | 2021-02-02 | 2021-05-11 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and securities |
CN112801674A (en) * | 2021-02-02 | 2021-05-14 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product |
CN117454363A (en) * | 2023-12-22 | 2024-01-26 | 北京安泰伟奥信息技术有限公司 | Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1858795A (en) * | 2006-05-22 | 2006-11-08 | 北京易恒信认证科技有限公司 | Identifying system and method for electronic bill credit based on CPK |
US20120272306A1 (en) * | 2008-02-29 | 2012-10-25 | Microsoft Corporation | Authentication ticket validation |
CN103473592A (en) * | 2013-09-25 | 2013-12-25 | 成都市易恒信科技有限公司 | Tag off-line distinguishing method and device based on CPK system |
CN105160242A (en) * | 2015-08-07 | 2015-12-16 | 北京亿速码数据处理有限责任公司 | Certificate loading method and certificate updating method of card reader and card reader |
CN205091758U (en) * | 2015-08-07 | 2016-03-16 | 北京亿速码数据处理有限责任公司 | Card reader and CPU card transaction system |
CN105678598A (en) * | 2014-11-19 | 2016-06-15 | 航天信息股份有限公司 | Method and system for issuing online invoice with two-dimension code |
CN107146120A (en) * | 2017-04-25 | 2017-09-08 | 大象慧云信息技术有限公司 | The generation method and generating means of electronic invoice |
CN108389086A (en) * | 2018-01-24 | 2018-08-10 | 大象慧云信息技术有限公司 | A kind of electronic invoice electronic signature method |
-
2018
- 2018-11-13 CN CN201811346346.1A patent/CN109614803B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1858795A (en) * | 2006-05-22 | 2006-11-08 | 北京易恒信认证科技有限公司 | Identifying system and method for electronic bill credit based on CPK |
US20120272306A1 (en) * | 2008-02-29 | 2012-10-25 | Microsoft Corporation | Authentication ticket validation |
CN103473592A (en) * | 2013-09-25 | 2013-12-25 | 成都市易恒信科技有限公司 | Tag off-line distinguishing method and device based on CPK system |
CN105678598A (en) * | 2014-11-19 | 2016-06-15 | 航天信息股份有限公司 | Method and system for issuing online invoice with two-dimension code |
CN105160242A (en) * | 2015-08-07 | 2015-12-16 | 北京亿速码数据处理有限责任公司 | Certificate loading method and certificate updating method of card reader and card reader |
CN205091758U (en) * | 2015-08-07 | 2016-03-16 | 北京亿速码数据处理有限责任公司 | Card reader and CPU card transaction system |
CN107146120A (en) * | 2017-04-25 | 2017-09-08 | 大象慧云信息技术有限公司 | The generation method and generating means of electronic invoice |
CN108389086A (en) * | 2018-01-24 | 2018-08-10 | 大象慧云信息技术有限公司 | A kind of electronic invoice electronic signature method |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955917A (en) * | 2019-10-28 | 2020-04-03 | 航天信息股份有限公司 | Method and system for verifying electronic certificates related to multiple participants |
CN110955917B (en) * | 2019-10-28 | 2024-02-02 | 航天信息股份有限公司 | Method and system for verifying electronic certificates related to multiple participants |
CN112785308A (en) * | 2021-02-02 | 2021-05-11 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and securities |
CN112801674A (en) * | 2021-02-02 | 2021-05-14 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product |
CN112801674B (en) * | 2021-02-02 | 2024-03-01 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product |
CN117454363A (en) * | 2023-12-22 | 2024-01-26 | 北京安泰伟奥信息技术有限公司 | Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification |
CN117454363B (en) * | 2023-12-22 | 2024-03-12 | 北京安泰伟奥信息技术有限公司 | Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification |
Also Published As
Publication number | Publication date |
---|---|
CN109614803B (en) | 2020-11-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109614803A (en) | A kind of bill anti-counterfeit method and system | |
CN1831865B (en) | Electronic bank safety authorization system and method based on CPK | |
CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
CN101183439A (en) | Electronic bill processing system and processing method | |
WO2018099336A1 (en) | Cpk-based digital bank, digital currency, and payment method | |
CN110458542A (en) | Offline electronic payment system and method based on block chain | |
CN104393993B (en) | A kind of safety chip and its implementation for electricity-selling terminal | |
CN102789607A (en) | Network transaction method and system | |
CN103873244A (en) | Identity authentication method and system in mobile payment based on fingerprint identification | |
CN107786550A (en) | A kind of safety communicating method of self-service device, safe communication system and self-service device | |
CN102222389A (en) | Realization method and device of fingerprint comparison in financial IC (integrated circuit) card | |
CN105162607A (en) | Authentication method and system of payment bill voucher | |
CN106953732A (en) | The key management system and method for chip card | |
CN109754241A (en) | A kind of hard money packet and the verification method based on hard money packet | |
CN113364597A (en) | Privacy information proving method and system based on block chain | |
CN101101660A (en) | Bill false-proof method and its system | |
CN104579659A (en) | Device for safety information interaction | |
CN104899737A (en) | Fingerprint IRLRD characteristic encryption method, and mobile payment system and method based on encryption method | |
CN102831517A (en) | Electronic consumption card system based on mobile terminal | |
CN102609842B (en) | A kind of payment cipher device based on hardware signature equipment and application process thereof | |
CN104243164A (en) | Dynamic encryption non-contact type anti-counterfeit label and control method | |
JP2014134881A (en) | Authority delegation management system and method thereof | |
CN100486156C (en) | Forming and verifying system for bill anti-fake code | |
EP0886248A2 (en) | Method and apparatus for registration of information with plural institutions and recording medium with registration program stored thereon | |
CN102332144B (en) | Bank electronic password produces system and applies the authentication method of this bank electronic password generation system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |