CN109614803B - Bill anti-counterfeiting method and system - Google Patents
Bill anti-counterfeiting method and system Download PDFInfo
- Publication number
- CN109614803B CN109614803B CN201811346346.1A CN201811346346A CN109614803B CN 109614803 B CN109614803 B CN 109614803B CN 201811346346 A CN201811346346 A CN 201811346346A CN 109614803 B CN109614803 B CN 109614803B
- Authority
- CN
- China
- Prior art keywords
- counterfeiting device
- bill
- certificate
- counterfeiting
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a bill anti-counterfeiting method and a system, writing an anti-counterfeiting device private key, an issuer certificate and an anti-counterfeiting device certificate into an anti-counterfeiting device, encrypting billing information, writing a ciphertext of the billing information into an anti-counterfeiting device, verifying the written issuer certificate and the anti-counterfeiting device certificate by using a CA center public key, decrypting the written billing information by using the anti-counterfeiting device, transmitting a plaintext of the billing information to a verification client for displaying, and comparing and verifying the displayed billing information with information on a bill, thereby not only improving the bill anti-counterfeiting effect, but also reducing the difficulty of bill verification and ensuring the safety of bill transaction.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a bill anti-counterfeiting method and a bill anti-counterfeiting system.
Background
In recent years, counterfeit and shoddy products on the market are increasingly abused, counterfeit bills are prevalent, the market order is seriously disturbed, negative influence is brought to the image of companies and enterprises, and the conflict psychology is brought to consumers. In order to ensure the security of bill transaction, some anti-counterfeiting technologies, such as paper-line anti-counterfeiting, printing anti-counterfeiting, ink anti-counterfeiting, secret mark anti-counterfeiting, etc., are generally adopted on bills.
With the continuous progress of science and technology, the existing anti-counterfeiting bill is easy to copy or forge by means of computer scanning, the traditional anti-counterfeiting technology also depends on the sense organ of people for anti-counterfeiting verification, a quantized anti-counterfeiting standard does not exist, so that the authenticity judgment is difficult, the safety degree of the anti-counterfeiting technology is low, the anti-counterfeiting effect is not ideal, and the safety requirement of the modern society on anti-counterfeiting products cannot be met.
Disclosure of Invention
Aiming at the defects in the prior art, the invention solves the technical problems that: how to improve the anti-counterfeiting effect of the bill, reduce the difficulty of bill verification and ensure the safety of bill transaction.
In order to achieve the above purpose, the invention provides 1a bill anti-counterfeiting method, which comprises the following steps:
s1: writing the anti-counterfeiting device private key, the issuer certificate and the anti-counterfeiting device certificate into the anti-counterfeiting device, and turning to S2;
s2: encrypting the billing information, writing the ciphertext of the billing information into a masquerading-proof device, and turning to S3;
s3: verifying the written issuer certificate and the anti-counterfeiting device certificate by using the public key of the CA center, if the issuer certificate and the anti-counterfeiting device certificate are successfully verified, turning to S4, otherwise returning to prevent the masquerading as false;
s4: and after decrypting the written billing information, the anti-counterfeiting device transmits the plaintext of the billing information to the verification client for displaying, compares the displayed billing information with the information on the bill for verification, and if the verification result is consistent, returns the bill to be true, otherwise returns the bill to be false.
On the basis of the technical scheme, the method further comprises the following steps after S4:
s5: and the verification client packages the bill transfer information according to the format, encrypts the packaged bill transfer information and writes the ciphertext of the bill transfer information into the anti-counterfeiting device.
On the basis of the above technical solution, the specific process of S1 is:
s101: generating a public and private key pair of an issuer, and applying an issuer certificate to a CA center; generating a public and private key pair of the anti-counterfeiting device, applying for an anti-counterfeiting device certificate by using a private key of a publisher and a public key of the anti-counterfeiting device, and turning to S102;
s102: the anti-counterfeiting device private key, the issuer certificate, and the anti-counterfeiting device certificate are written into the anti-counterfeiting device, and the process goes to S2.
On the basis of the above technical solution, the specific process of S3 is:
s301: the verification client obtains the issuer certificate, the anti-counterfeiting device certificate and the dynamic signature data of the anti-counterfeiting device from the anti-counterfeiting device, and goes to S302;
s302: the verification client side utilizes the public key of the CA center to verify the certificate of the issuer, if the verification result is true, the public key of the issuer in the certificate of the issuer is extracted, and the operation is transferred to S303, otherwise, the anti-fake setting is returned;
s303: the verification client side verifies the anti-counterfeiting device certificate by using the issuer public key, if the verification result is true, the anti-counterfeiting device public key in the anti-counterfeiting device certificate is extracted, and the step is transferred to S304, otherwise, the anti-counterfeiting device certificate is returned to be false;
s304: and the verification client verifies the dynamic signature data of the anti-counterfeiting device by using the public key of the anti-counterfeiting device, if the verification result is true, the anti-counterfeiting device is returned to be true, otherwise, the anti-counterfeiting device is returned to be false.
On the basis of the above technical solution, the specific process of S4 is:
s401: the verification client sends a command for reading the bill information to the anti-counterfeiting device, and the step goes to S402;
s402: the anti-counterfeiting device decrypts the encrypted billing information by using the private key of the anti-counterfeiting device, returns the decrypted plaintext data to the verification client, and goes to S403;
s403: after the verification client analyzes the received plaintext data, displaying various information of the bill, and turning to S404;
s404: and comparing the displayed bill information with the information on the bill for verification, if the verification result is consistent, returning the bill to be true, otherwise, returning the bill to be false.
In order to solve the technical problem, the invention also provides a bill anti-counterfeiting system, which comprises an issuing system, a business system and a verification system,
the issuing system is used for: writing an anti-counterfeiting device private key, an issuer certificate, an anti-counterfeiting device certificate and application data into the anti-counterfeiting device;
the service system is used for: writing encrypted bill information into the anti-counterfeiting device, and storing a bill number, the bill information and the ID of the anti-counterfeiting device in an associated manner;
the verification system is to: the anti-counterfeiting device is in communication connection with the anti-counterfeiting device and is used for verifying the issuer certificate, the anti-counterfeiting device certificate and the bill information respectively so as to verify the authenticity of the anti-counterfeiting device and the bill offline; the verification system comprises a verification client, wherein the verification client comprises a CA center public key and is connected with the anti-counterfeiting device by adopting a near field communication technology.
On the basis of the technical scheme, the issuing system comprises an encryption machine, a certificate server, a key management system, an anti-counterfeiting device issuing client and a first reader-writer;
the encryption machine is used for: generating a public and private key pair of the anti-counterfeiting device;
the certificate server is to: issuing an issuer certificate and an anti-counterfeiting device certificate;
the key management system is to: storing and managing a public and private key pair of the anti-counterfeiting device, a public and private key pair of an issuer, an issuer certificate and an anti-counterfeiting device certificate;
the anti-counterfeiting device issuing client is used for: sending the private key of the anti-counterfeiting device, the certificate of the issuer, the certificate of the anti-counterfeiting device and the application data to the first reader-writer;
the first reader/writer is configured to: and writing the received private key of the anti-counterfeiting device, the issuer certificate, the anti-counterfeiting device certificate and the application data into the anti-counterfeiting device.
On the basis of the technical scheme, the business system comprises a business management server, a business processing client, a second reader-writer, a printer and a bill database;
the service management server is used for: acquiring an anti-counterfeiting device public key from an issuing system, encrypting bill information by using the anti-counterfeiting device public key, and storing a bill number, the bill information and an anti-counterfeiting device ID in a bill database in an associated manner;
the business processing client is used for: transmitting the corresponding bill number, the bill information and the anti-counterfeiting device ID to a service management server, and sending the encrypted billing information to a second reader-writer;
the printer is used for: printing a paper bill according to the received billing information;
the second reader/writer is for: writing the received bill information ciphertext into a masquerading prevention device;
the ticket database is used for: and storing the corresponding bill number, the bill information and the ID of the anti-counterfeiting device in an associated manner.
On the basis of the technical scheme, the verification client is further used for packaging the bill transfer information according to the format, encrypting the packaged bill transfer information, and writing the ciphertext of the bill transfer information into the anti-disguise device.
On the basis of the technical scheme, the anti-counterfeiting device comprises a safety chip and an induction coil, wherein the safety chip is connected with the induction coil, the induction coil is used for generating current to supply power to the safety chip when a magnetic field changes, the safety chip comprises a main control module, and the main control module is connected with a short-distance communication module, a random number generation module, a data storage module and a safety algorithm module;
the near field communication module is used for: the first reader-writer, the second reader-writer and/or the verification client are/is in communication connection;
the random number generation module is used for: generating high-quality true random numbers;
the data storage module is used for: storing related data, wherein the related data comprises a safe storage area, an application storage area and a temporary storage area, the safe storage area is used for storing sensitive data, the application storage area is used for storing application data and a digital certificate, and the temporary storage area is used for storing temporary data;
the security algorithm module is used for: processing the encryption and decryption operation of the data and generating dynamic signature data;
the main control module is used for: the system is responsible for executing program codes and processing anti-counterfeiting authentication instructions, and realizes the authentication of anti-counterfeiting devices and bills by controlling and coordinating the work of other modules.
Compared with the prior art, the invention has the advantages that:
1) the anti-counterfeiting device is provided with the security chip, sensitive data can be stored safely, the external world can not be modified and copied, the anti-counterfeiting effect of the bill is improved, the difficulty of bill verification is reduced, the safety of bill transaction is ensured through two-stage off-line authentication of the anti-counterfeiting device and the anti-counterfeiting bill, and the anti-counterfeiting device can be widely applied to various anti-counterfeiting objects such as financial bills, certificates, wine bottles and the like;
2) the mobile terminal can be used for offline quickly verifying the authenticity of the anti-counterfeiting device at any time and any place, and can read the bill information and the bill body in the anti-counterfeiting device for checking, so that the operation is more convenient, faster and more accurate;
3) the user can write bill transfer information into the anti-counterfeiting device through the verification client, and offline operation can be realized without depending on a network, so that convenience of financial bill circulation is greatly improved.
Drawings
FIG. 1 is a flow chart of the bill anti-counterfeiting method in the invention.
FIG. 2 is a connection block diagram of the bill anti-counterfeiting system in the invention.
Fig. 3 is a connection block diagram of the security chip of the present invention.
Detailed Description
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Referring to fig. 1, the bill anti-counterfeiting method comprises the following steps:
s1: the issuer writes the private key of the anti-counterfeiting device, the issuer certificate and the anti-counterfeiting device certificate into the existing anti-counterfeiting device, and goes to S2;
when the anti-counterfeiting device is used specifically, an existing security chip can be installed in the anti-counterfeiting device, the information (the anti-counterfeiting device private key, the issuer certificate and the anti-counterfeiting device certificate) is written into the security chip, and the security chip utilizes the information to perform anti-counterfeiting verification.
S2: the invoicing party encrypts the invoicing information (the invoicing information at least comprises account information, invoicing type and invoicing amount) of the bill needing to be verified to be true or false, writes the encrypted invoicing information into the anti-counterfeiting device (the security chip of the anti-counterfeiting device), and turns to S3; therefore, the bill collector can judge the authenticity of the bill by verifying the billing information in the anti-fake device.
Meanwhile, in order to implement online verification, the invoicing party needs to associate and store the bill number, the invoicing information and the anti-counterfeiting device ID (the anti-counterfeiting device ID is a unique identification code of the anti-counterfeiting device), the anti-counterfeiting device ID and the invoicing information corresponding to the bill number are inquired in a database of the invoicing party through a network, then the inquired anti-counterfeiting device ID is compared with the anti-counterfeiting device ID of the bill, if the inquired anti-counterfeiting device ID is the same as the anti-counterfeiting device ID, the anti-counterfeiting device is really issued to the user along with the bill, then the anti-counterfeiting device certificate and the signature data are read, the anti-counterfeiting device certificate and the signature data are verified through the network, and if the anti-counterfeiting. And finally, comparing the inquired billing information with the information on the bill, and if the inquired billing information is the same as the information on the bill, indicating that the bill is true.
S3: after the receipt party acquires the bill sent by the invoicing party and the anti-counterfeiting device, the authenticity of the bill can be verified in an online or offline mode, which is mentioned before, the offline mode is the key point of the invention, and specifically comprises the following steps:
verifying the issuer Certificate and the anti-counterfeiting device Certificate written in the step S1 by using a public key of a CA center (Certificate Authority) acquired in advance (for example, downloaded in advance on the terminal), completing the first-level authentication if the issuer Certificate and the anti-counterfeiting device Certificate are both successfully verified, and turning to the step S4, otherwise, returning to the step of preventing the masquerading as false.
S4: the anti-counterfeiting device decrypts the billing information written in the S2, transmits the decrypted billing information to a verification client for displaying [ the verification client can be installed in the existing mobile terminal (mobile phone, Pad or PDA) ], the ticket acquirer compares the displayed billing information with the information on the ticket for verification, if the verification result is consistent, the second-level authentication is completed, the returned ticket is true, otherwise, the returned ticket is false.
Preferably, the specific process of S1 is:
s101: the issuer generates an issuer public and private key pair, and the issuer applies for an issuer certificate to the CA center by using the issuer public key; the issuer generates a public and private key pair of the anti-counterfeiting device, and the issuer applies for the anti-counterfeiting device certificate to the certificate server by using the issuer private key and the anti-counterfeiting device public key, and then the process goes to S102;
s102: the issuer writes the security device private key, the issuer certificate, and the security device certificate into (the security chip of) the security device, turning to S2.
Preferably, the specific process of S3 is:
s301: the verification client obtains the issuer certificate, the anti-counterfeiting device certificate and the dynamic signature data of the anti-counterfeiting device from (the security chip of) the anti-counterfeiting device, and goes to S302;
s302: the verification client side verifies the issuer certificate by using the CA center public key (the issuer certificate is signed by using the CA center private key and contains issuer information and an issuer public key), if the verification result is true, the issuer public key in the issuer certificate is extracted, and the operation is transferred to S303, otherwise, the anti-fake setting is returned;
s303: the verification client side verifies the anti-counterfeiting device certificate by using the issuer public key (the anti-counterfeiting device certificate is signed by using the issuer private key and contains the anti-counterfeiting device public key), if the verification result is true, the anti-counterfeiting device public key in the anti-counterfeiting device certificate is extracted, and the operation goes to S304, otherwise, the anti-counterfeiting device certificate is returned to be false;
s304: and the verification client side verifies the dynamic signature data of the anti-counterfeiting device by using the public key of the anti-counterfeiting device (the dynamic signature data is generated by the anti-counterfeiting device by using the private key of the anti-counterfeiting device), if the verification result is true, the anti-counterfeiting device is returned to be true, otherwise, the anti-counterfeiting device is returned to be false.
Preferably, the generation flow of the dynamic signature data includes:
s301 a: randomly generating a piece of data (such as 16-byte random number + anti-counterfeiting device ID + issuer identification + certificate authority public key index) by the (security chip of the) anti-counterfeiting device, and going to S301 b;
s301 b: calculating the abstract of the data by adopting an abstract algorithm, and turning to S301 c;
s301 c: and signing the abstract of the data by using the private key of the anti-counterfeiting device to generate dynamic signature data.
Preferably, the specific process of S4 is:
s401: the verification client sends a command for reading the bill information to the anti-counterfeiting device, and the step goes to S402;
s402: the anti-counterfeiting device decrypts the encrypted invoicing information by using the private key of the anti-counterfeiting device according to the received instruction, returns the decrypted plaintext data to the verification client, and goes to S403;
s403: after the verification client analyzes the received plaintext data, displaying various information of the bill, and turning to S404;
s404: and the ticket receiver compares the displayed ticket information with the information on the ticket for verification, if the verification result is consistent, the returned ticket is true, otherwise, the returned ticket is false.
The invention provides an anti-counterfeiting verification method based on an asymmetric encryption algorithm, which utilizes that an anti-counterfeiting device is provided with a security chip, sensitive data can be stored safely, the outside cannot be modified and copied, a mobile terminal can be used for off-line fast verifying the authenticity of the anti-counterfeiting device at any time and any place, and can read bill information and a bill body in the anti-counterfeiting device for checking, so that the operation is more convenient and accurate. Through the two-stage authentication of the anti-counterfeiting device and the anti-counterfeiting bill, the anti-counterfeiting effect of the bill is improved, the difficulty of bill verification is reduced, and the safety of bill transaction is ensured. The anti-counterfeiting verification method can also be widely applied to various anti-counterfeiting objects such as financial bills, certificates, wine bottles and the like, and has a wide application range.
When a financial instrument needs to be transferred, the transfer of the instrument is generally realized through endorsement, and the instrument transfer information is record information of the owner (user A) transferring the right of the instrument to a third party (user B). The ticket transfer information is the proof that the third party (user B) legally owns the ticket right, so that the third party (user B) can conveniently exercise the ticket right at the later stage.
Preferably, when the ticket acquirer (user a) needs to transfer the right of the ticket to the third party (user B), the ticket transfer information is encrypted and then written into (the security chip of) the anti-counterfeiting device to realize the ticket transfer function, that is, after S4, the method further includes the following steps:
s5: the ticket receiver (user A) encrypts the ticket transfer information and writes the encrypted information into the anti-counterfeiting device (security chip); the ticket receiver (user A) can realize the ticket transfer function through the ticket issuer or the verification client, and transfer the ticket right to a third party (user B).
When the ticket receiver (user A) transfers the ticket to the third party (user B) through the ticket issuer, the ticket issuer encrypts the ticket transfer information and writes the encrypted information into the anti-counterfeiting device (security chip). Meanwhile, in order to implement online verification, the invoicing party needs to associate and store the unencrypted ticket transfer information with the ID of the anti-counterfeiting device, and the online verification specifically includes:
the method comprises the steps of firstly inquiring an anti-counterfeiting device ID and bill information (the bill information comprises bill making information and bill transfer information) corresponding to a bill number in a database of a bill making party through a network, then comparing the inquired anti-counterfeiting device ID with the anti-counterfeiting device ID of the bill, if the inquired anti-counterfeiting device ID is the same as the inquired anti-counterfeiting device ID, indicating that the anti-counterfeiting device is really issued to a user along with the bill, then reading an anti-counterfeiting device certificate and signature data, verifying the anti-counterfeiting device certificate and the signature data through the network, and if the anti-counterfeiting device certificate and the. And finally, comparing the inquired bill information with the information on the bill, and if the inquired bill information is the same as the information on the bill, indicating that the bill is true.
The key point of the invention is that a ticket collector (user A) transfers a ticket to a third party (user B) through a verification client, and the specific process is as follows: the verification client packages the bill transfer information input by the bill collector according to a format (packaging is to package the data according to a communication protocol), encrypts the packaged bill transfer information, and finally writes the encrypted bill transfer information into an anti-counterfeiting device (a security chip), wherein the anti-counterfeiting device returns a bill record to the verification client and the bill record is successfully written in the anti-counterfeiting device. Meanwhile, in order to implement online verification, the verification client also needs to upload the encrypted ticket transfer information to the invoicing party through the network, and the invoicing party decrypts the ticket transfer information and stores the decrypted ticket transfer information in association with the ID of the anti-counterfeiting device. The method has the advantages that the verification operation is safe, simple, convenient and accurate, the bill transfer information can be directly written into the anti-counterfeiting device through the verification client, and the convenience of financial bill circulation is improved.
Referring to fig. 2, a bill anti-counterfeiting system comprises an issuing system, a service system and a verification system;
the issuing system is used for: issuing an anti-counterfeiting device, wherein the anti-counterfeiting device is provided with a security chip; the issuing process of the anti-counterfeiting device comprises the following steps: the issuer writes the anti-counterfeiting device private key, the issuer certificate, the anti-counterfeiting device certificate, and application data (including application programs for initializing the anti-counterfeiting device) into (the security chip of) the anti-counterfeiting device.
The service system is used for: processing ticket business and managing tickets; the invoicing party prints the invoicing information on the bill through the service system to obtain the corresponding relation between the invoicing information and the serial number of the bill, and writes encrypted bill information (the bill information comprises the invoicing information and the bill transfer information) into (a security chip of) the anti-counterfeiting device to obtain the corresponding relation between the bill information and the ID of the anti-counterfeiting device; then the bill number, the bill information and the ID of the anti-counterfeiting device are stored in a bill database in an associated manner;
the verification system is to: verifying the authenticity of the anti-counterfeiting device and the bill offline; the ticket collecting party displays the decrypted ticket information through the verification system, the ticket collecting party compares the displayed ticket information with the information on the ticket for verification, and if the displayed ticket information is the same as the information on the ticket, the ticket is true.
Preferably, referring to fig. 2, the issuing system includes an encryption device, a certificate server, a key management system, an anti-counterfeiting device issuing client, and a first reader/writer;
the encryption machine is used for: and generating a public and private key pair of the anti-counterfeiting device.
The certificate server is to: issuing a certificate of the issuer and a certificate of the anti-counterfeiting device. The certificate server signs an issuer certificate using the CA center private key, the issuer certificate containing issuer information and an issuer public key. The certificate server issues an anti-counterfeiting device certificate using the issuer private key, the anti-counterfeiting device certificate including an anti-counterfeiting device public key.
The key management system is to: storing and managing a counterfeit-proof device public-private key pair, an issuer certificate, and a counterfeit-proof device certificate.
The anti-counterfeiting device issuing client is used for: and sending the private key of the anti-counterfeiting device, the certificate of the issuer, the certificate of the anti-counterfeiting device and the application data to the first reader-writer. The anti-counterfeiting device issuing client acquires the anti-counterfeiting device private key, the issuer certificate and the anti-counterfeiting device certificate through the key management system.
The first reader/writer is configured to: the received private key of the anti-counterfeiting device, the issuer certificate, the certificate of the anti-counterfeiting device and the application data are written into (the security chip of) the anti-counterfeiting device.
In the issuing system, the anti-counterfeiting device is connected with a first reader-writer by adopting a near field communication technology, and the first reader-writer stores a private key of the anti-counterfeiting device, a certificate of an issuer, a certificate of the anti-counterfeiting device and application data in the anti-counterfeiting device (a security chip) for realizing electronic anti-counterfeiting and counterfeit identification.
The key management system is respectively in communication connection with the encryption machine, the certificate server and the anti-counterfeiting device issuing client, and the first reader-writer is respectively in communication connection with the anti-counterfeiting device issuing client and the anti-counterfeiting device. When an anti-counterfeiting device with a security chip is issued, firstly, a public and private key pair of the anti-counterfeiting device is generated by using an encryption machine and is stored in a key management system; secondly, the key management system acquires and stores an issuer certificate and an anti-counterfeiting device certificate through a certificate server, and the anti-counterfeiting device issuing client transmits an anti-counterfeiting device private key, the issuer certificate, the anti-counterfeiting device certificate and application data to a first reader-writer; finally, the first reader writes the received information into (the security chip of) the anti-counterfeiting device.
Preferably, referring to fig. 2, the business system includes a business management server, a business processing client, a second reader/writer, a printer, and a ticket database;
the service management server is used for: and managing the bill service, and acquiring the public key of the anti-counterfeiting device from a key management system of the issuing system.
The business processing client is used for: the method comprises the steps of sending the billing information input by a collector to a printer (the billing information comprises account information, billing type and billing amount), obtaining an anti-counterfeiting device public key through a service management server, encrypting the bill information (the bill information comprises billing information and bill transfer information) by using the anti-counterfeiting device public key, and sending the encrypted billing information to a second reader-writer.
The printer is used for: and printing a paper bill according to the received billing information.
The second reader/writer is for: and writing the received bill information into (the security chip of) the anti-counterfeiting device.
The business processing client is also used for: and transmitting the corresponding bill number, the bill information and the anti-counterfeiting device ID to a service management server.
The service management server is further configured to: and storing the received bill number, the bill information and the anti-counterfeiting device ID in a bill database in an associated manner.
The ticket database is used for: and storing the corresponding relation between the bill and the anti-counterfeiting device, and storing the corresponding bill number, the bill information and the ID of the anti-counterfeiting device in a related manner.
In a service system, the anti-counterfeiting device is connected with the second reader-writer by adopting a near field communication technology, and the encrypted bill information is stored in the (safety chip of the) anti-counterfeiting device for realizing off-line verification of the authenticity of the bill.
The service management server is respectively in communication connection with the key management system, the service processing client and the bill database, the service processing client is respectively in communication connection with the printer and the second reader-writer, and the second reader-writer is in communication connection with the anti-counterfeiting device. The bill business comprises billing, transferring, accepting and recovering; when a billing party makes a bill, firstly, a business processing client transmits billing information input by a bill collector to a printer, and prints the bill; secondly, the business processing client sends the invoicing information input by the invoicing party to a business management server, acquires a corresponding anti-counterfeiting device public key in a key management system through the business management server, encrypts the invoicing information by using the anti-counterfeiting device public key, and transmits the encrypted invoicing information to a second reader-writer by the business processing client, and the second reader-writer writes the encrypted invoicing information into a corresponding anti-counterfeiting device (a security chip); and finally, the business processing client stores the corresponding bill number, the billing information and the anti-counterfeiting device ID in a bill database in an associated manner through the business management server.
When a bill is transferred, firstly, a business processing client packs transfer information input by a bill collector according to a format; secondly, the service processing client acquires a corresponding anti-counterfeiting device public key in the key management system through the service management server, encrypts assignment information by using the anti-counterfeiting device public key and transmits the encrypted assignment information to the second reader-writer, and the second reader-writer writes the encrypted assignment information into (a security chip of) the corresponding anti-counterfeiting device; and finally, the business processing client stores the corresponding bill number, bill transfer information and the anti-counterfeiting device ID in a bill database in an associated manner through the business management server.
Preferably, referring to fig. 2, the authentication system includes an authentication client, which can be installed in a mobile terminal (mobile phone, Pad or PDA), and the authentication client includes a public key of the CA center. The verification client is connected with the anti-counterfeiting device by adopting a near field communication technology, acquires an issuer certificate, an anti-counterfeiting device certificate and dynamic signature data in the anti-counterfeiting device, and is used for verifying the authenticity of the anti-counterfeiting device and the bill offline.
When the anti-counterfeiting device is verified, firstly, a verification client verifies an issuer certificate in the anti-counterfeiting device by using a public key of a CA center, and extracts an issuer public key in the issuer certificate after the verification is successful; secondly, the verification client verifies the anti-counterfeiting device certificate by using the public key of the issuer, and extracts the public key of the anti-counterfeiting device in the anti-counterfeiting device certificate after the verification is successful; and finally, the verification client side verifies the dynamic signature data of the anti-counterfeiting device by using the public key of the anti-counterfeiting device (the dynamic signature data is generated by the anti-counterfeiting device by using the private key of the anti-counterfeiting device), if the verification is successful, the anti-counterfeiting device is true, otherwise, the anti-counterfeiting device is set as false.
When the bill is verified, firstly, a verification client side is utilized to send a command for reading bill information to the anti-counterfeiting device, the anti-counterfeiting device utilizes a built-in anti-counterfeiting device private key to decrypt a ciphertext of the bill information, and decrypted plaintext data are returned to the verification client side; secondly, after the verification client analyzes the plaintext data, displaying various information of the bill; and finally, the ticket collector compares the displayed ticket information with the information on the ticket for verification, if the verification is consistent, the ticket is true, otherwise, the ticket is false.
Preferably, the authentication client is further configured to: and encrypting the bill transfer information and writing the encrypted bill transfer information into the anti-counterfeiting device (the security chip). When a ticket collector needs to transfer a ticket, the ticket transfer information can be input through the verification client, the verification client packages the ticket transfer information according to a format, the packaged ticket transfer information is encrypted by using the public key of the anti-counterfeiting device extracted in the verification process, and the ciphertext of the ticket transfer information is written into the anti-counterfeiting device (the security chip). Meanwhile, in order to implement online verification, the verification client also needs to upload the encrypted ticket transfer information to the service system through the network, and the service system decrypts the data and then stores the ticket transfer information in association with the ID of the anti-counterfeiting device.
The anti-counterfeiting device is provided with the security chip, sensitive data can be stored safely, and the external world can not be modified and copied, so that the anti-counterfeiting problem of financial bills is solved, and the safety of bill transaction is ensured. The mobile terminal can verify the authenticity of the anti-counterfeiting device offline at any time and any place (independent of a network), and the authenticity of the checked bill is checked with the bill body by reading the bill information in the anti-counterfeiting device to form a quantitative anti-counterfeiting standard, so that the verification operation is simpler, more convenient and more accurate. In addition, the ticket collector can write in the ticket transfer information to the anti-counterfeiting device through the verification client, and convenience in financial bill circulation is greatly improved.
The anti-counterfeiting device comprises a safety chip and an induction coil, wherein the safety chip is connected with the induction coil, and the induction coil is used for generating current to supply power to the safety chip when the magnetic field changes. Referring to fig. 3, the security chip includes a main control module, and the main control module is connected to a short-range communication module, a random number generation module, a data storage module, and a security algorithm module.
The near field communication module is used for: and the communication connection is carried out with the first reader-writer, the second reader-writer and/or the verification client.
The random number generation module is used for: high quality true random numbers are generated, which are used to generate dynamic signature data.
The data storage module is used for: and storing related data, including a secure storage area, an application storage area and a temporary storage area. The secure storage area is used for storing sensitive data (such as a private key of an anti-counterfeiting device), and is inaccessible to external equipment; an application storage area for storing application data and digital certificates (e.g., issuer certificates and anti-counterfeiting device certificates); the temporary storage area is used to store temporary data (e.g., communication instructions and dynamic signature data).
The security algorithm module is used for: and processing the encryption and decryption operation of the data and generating dynamic signature data. The security algorithm module supports a national cryptographic algorithm (a series of algorithms defined by the State cryptology Bureau of China including a symmetric encryption algorithm, an elliptic curve asymmetric encryption algorithm, a hash algorithm and the like), can perform key operation (encryption and/or decryption) in the security algorithm module, and generates dynamic signature data by using high-quality true random numbers.
The main control module is used for: controls and coordinates the operation of the other modules, including the near field communication module, the random number generation module, the data storage module, and the security algorithm module. The main control module is responsible for executing the program codes and processing the anti-counterfeiting authentication instructions so as to realize the authentication of the anti-counterfeiting device and the bill. And calling data in the data storage module and/or a true random number generated by the random number generation module according to an instruction of the verification client, performing key operation on the called data by using the security algorithm module, and returning data and a result of instruction response to the verification client.
When the anti-counterfeiting device is verified, a random number generation module is used for randomly generating a section of data, the abstract of the data is calculated by adopting an abstract algorithm, and then the abstract is encrypted by using a private key of the anti-counterfeiting device to obtain dynamic signature data which is stored in a temporary storage area, so that the main control module can conveniently call the dynamic signature data.
The present invention is not limited to the above-mentioned preferred embodiments, and any other products in various forms can be obtained by anyone with the teaching of the present invention, but any changes in the shape or structure thereof, which have the same or similar technical solutions as the present invention, are within the protection scope. Those not described in detail in this specification are within the skill of the art.
Claims (7)
1. An anti-counterfeiting method for bills is characterized by comprising the following steps:
s1: writing the anti-counterfeiting device private key, the issuer certificate and the anti-counterfeiting device certificate into the anti-counterfeiting device, and turning to S2;
s2: encrypting the billing information, writing the ciphertext of the billing information into a masquerading-proof device, and turning to S3;
s3: verifying the written issuer certificate and the anti-counterfeiting device certificate by using the public key of the CA center, if the issuer certificate and the anti-counterfeiting device certificate are successfully verified, turning to S4, otherwise returning to prevent the masquerading as false;
s4: after the anti-counterfeiting device decrypts the written billing information, transmitting the plaintext of the billing information to a verification client for displaying, comparing and verifying the displayed billing information with the information on the bill, if the verification result is consistent, returning the bill to be true, otherwise, returning the bill to be false;
the specific process of S3 is as follows:
s301: the verification client obtains the issuer certificate, the anti-counterfeiting device certificate and the dynamic signature data of the anti-counterfeiting device from the anti-counterfeiting device, and goes to S302;
s302: the verification client side utilizes the public key of the CA center to verify the certificate of the issuer, if the verification result is true, the public key of the issuer in the certificate of the issuer is extracted, and the operation is transferred to S303, otherwise, the anti-fake setting is returned;
s303: the verification client side verifies the anti-counterfeiting device certificate by using the issuer public key, if the verification result is true, the anti-counterfeiting device public key in the anti-counterfeiting device certificate is extracted, and the step is transferred to S304, otherwise, the anti-counterfeiting device certificate is returned to be false;
s304: and the verification client verifies the dynamic signature data of the anti-counterfeiting device by using the public key of the anti-counterfeiting device, if the verification result is true, the anti-counterfeiting device is returned to be true, otherwise, the anti-counterfeiting device is returned to be false.
2. A method of security documents as claimed in claim 1, further comprising the steps of, after S4:
s5: and the verification client packages the bill transfer information according to the format, encrypts the packaged bill transfer information and writes the ciphertext of the bill transfer information into the anti-counterfeiting device.
3. The method for preventing counterfeit of bills according to claim 1, wherein the specific process of S1 is as follows:
s101: generating a public and private key pair of an issuer, and applying an issuer certificate to a CA center; generating a public and private key pair of the anti-counterfeiting device, applying for an anti-counterfeiting device certificate by using a private key of a publisher and a public key of the anti-counterfeiting device, and turning to S102;
s102: the anti-counterfeiting device private key, the issuer certificate, and the anti-counterfeiting device certificate are written into the anti-counterfeiting device, and the process goes to S2.
4. The method for preventing counterfeit of bills according to claim 1, wherein the specific process of S4 is as follows:
s401: the verification client sends a command for reading the bill information to the anti-counterfeiting device, and the step goes to S402;
s402: the anti-counterfeiting device decrypts the encrypted billing information by using the private key of the anti-counterfeiting device, returns the decrypted plaintext data to the verification client, and goes to S403;
s403: after the verification client analyzes the received plaintext data, displaying various information of the bill, and turning to S404;
s404: and comparing the displayed bill information with the information on the bill for verification, if the verification result is consistent, returning the bill to be true, otherwise, returning the bill to be false.
5. A bill anti-counterfeiting system comprises an issuing system, a service system and a verification system, and is characterized in that:
the issuing system is used for: writing an anti-counterfeiting device private key, an issuer certificate, an anti-counterfeiting device certificate and application data into the anti-counterfeiting device;
the service system is used for: writing encrypted bill information into the anti-counterfeiting device, and storing a bill number, the bill information and the ID of the anti-counterfeiting device in an associated manner;
the verification system is to: the anti-counterfeiting device is in communication connection with the anti-counterfeiting device and is used for verifying the issuer certificate, the anti-counterfeiting device certificate and the bill information respectively so as to verify the authenticity of the anti-counterfeiting device and the bill offline; the verification system comprises a verification client, wherein the verification client comprises a CA center public key and is connected with the anti-counterfeiting device by adopting a near field communication technology;
the issuing system comprises an encryption machine, a certificate server, a key management system, an anti-counterfeiting device issuing client and a first reader-writer;
the encryption machine is used for: generating a public and private key pair of the anti-counterfeiting device;
the certificate server is to: issuing an issuer certificate and an anti-counterfeiting device certificate;
the key management system is to: storing and managing a public and private key pair of the anti-counterfeiting device, a public and private key pair of an issuer, an issuer certificate and an anti-counterfeiting device certificate;
the anti-counterfeiting device issuing client is used for: sending the private key of the anti-counterfeiting device, the certificate of the issuer, the certificate of the anti-counterfeiting device and the application data to the first reader-writer;
the first reader/writer is configured to: writing the received private key of the anti-counterfeiting device, the issuer certificate, the anti-counterfeiting device certificate and the application data into an anti-counterfeiting device;
the business system comprises a business management server, a business processing client, a second reader-writer, a printer and a bill database;
the service management server is used for: acquiring an anti-counterfeiting device public key from an issuing system, encrypting bill information by using the anti-counterfeiting device public key, and storing a bill number, the bill information and an anti-counterfeiting device ID in a bill database in an associated manner;
the business processing client is used for: transmitting the corresponding bill number, the bill information and the anti-counterfeiting device ID to a service management server, and sending the encrypted billing information to a second reader-writer;
the printer is used for: printing a paper bill according to the received billing information;
the second reader/writer is for: writing the received bill information ciphertext into a masquerading prevention device;
the ticket database is used for: and storing the corresponding bill number, the bill information and the ID of the anti-counterfeiting device in an associated manner.
6. A document security system according to claim 5, wherein: the verification client is further used for packaging the bill transfer information according to the format, encrypting the packaged bill transfer information and writing the ciphertext of the bill transfer information into the anti-counterfeiting device.
7. A document security system according to claim 6, wherein: the anti-counterfeiting device comprises a safety chip and an induction coil, the safety chip is connected with the induction coil, the induction coil is used for generating current to supply power to the safety chip when a magnetic field changes, the safety chip comprises a main control module, and the main control module is connected with a short-distance communication module, a random number generation module, a data storage module and a safety algorithm module;
the near field communication module is used for: the first reader-writer, the second reader-writer and/or the verification client are/is in communication connection;
the random number generation module is used for: generating high-quality true random numbers;
the data storage module is used for: storing related data, wherein the related data comprises a safe storage area, an application storage area and a temporary storage area, the safe storage area is used for storing sensitive data, the application storage area is used for storing application data and a digital certificate, and the temporary storage area is used for storing temporary data;
the security algorithm module is used for: processing the encryption and decryption operation of the data and generating dynamic signature data;
the main control module is used for: the system is responsible for executing program codes and processing anti-counterfeiting authentication instructions, and realizes the authentication of anti-counterfeiting devices and bills by controlling and coordinating the work of other modules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811346346.1A CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811346346.1A CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109614803A CN109614803A (en) | 2019-04-12 |
| CN109614803B true CN109614803B (en) | 2020-11-13 |
Family
ID=66004249
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811346346.1A Active CN109614803B (en) | 2018-11-13 | 2018-11-13 | Bill anti-counterfeiting method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109614803B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110955917B (en) * | 2019-10-28 | 2024-02-02 | 航天信息股份有限公司 | Method and system for verifying electronic certificates related to multiple participants |
| CN112801674B (en) * | 2021-02-02 | 2024-03-01 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and anti-counterfeiting product |
| CN112785308A (en) * | 2021-02-02 | 2021-05-11 | 中钞印制技术研究院有限公司 | Anti-counterfeiting method, anti-counterfeiting system and securities |
| CN117454363B (en) * | 2023-12-22 | 2024-03-12 | 北京安泰伟奥信息技术有限公司 | Public accumulation fund extraction supervision method and equipment based on master-slave terminal information identification |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1858795A (en) * | 2006-05-22 | 2006-11-08 | 北京易恒信认证科技有限公司 | Identifying system and method for electronic bill credit based on CPK |
| US8239927B2 (en) * | 2008-02-29 | 2012-08-07 | Microsoft Corporation | Authentication ticket validation |
| CN103473592B (en) * | 2013-09-25 | 2016-05-11 | 成都市易恒信科技有限公司 | A kind of label off-line authenticating method and device based on CPK system |
| CN105678598A (en) * | 2014-11-19 | 2016-06-15 | 航天信息股份有限公司 | Method and system for issuing online invoice with two-dimension code |
| CN105160242B (en) * | 2015-08-07 | 2018-01-05 | 北京亿速码数据处理有限责任公司 | Certificate loading method, certificate update method and the card reader of a kind of card reader |
| CN205091758U (en) * | 2015-08-07 | 2016-03-16 | 北京亿速码数据处理有限责任公司 | Card reader and CPU card transaction system |
| CN107146120B (en) * | 2017-04-25 | 2020-10-09 | 大象慧云信息技术有限公司 | Electronic invoice generation method and generation device |
| CN108389086A (en) * | 2018-01-24 | 2018-08-10 | 大象慧云信息技术有限公司 | A kind of electronic invoice electronic signature method |
-
2018
- 2018-11-13 CN CN201811346346.1A patent/CN109614803B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109614803A (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109614803B (en) | Bill anti-counterfeiting method and system | |
| JP4638990B2 (en) | Secure distribution and protection of cryptographic key information | |
| CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
| CN101241569B (en) | Electronic signature method and device and system | |
| JP3902440B2 (en) | Cryptographic communication device | |
| CN101866498B (en) | Electronic ticket implementation method and system based on intelligent card | |
| CN102118251B (en) | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card | |
| CN1831865B (en) | Electronic bank safety authorization system and method based on CPK | |
| CN106603496B (en) | A kind of guard method, smart card, server and the communication system of data transmission | |
| CN101859426B (en) | Electronic ticket service system and realizing method thereof | |
| CN102222389A (en) | Realization method and device of fingerprint comparison in financial IC (integrated circuit) card | |
| CN101183439A (en) | Electronic bill processing system and processing method | |
| CN107146120A (en) | The generation method and generating means of electronic invoice | |
| CN102789607A (en) | Network transaction method and system | |
| US20030051141A1 (en) | Method and a system for generating and handling documents | |
| CN105376704A (en) | Mobile wallet near-field communication payment method based on image encryption | |
| CN101758694B (en) | Electronic bill containing electronic part | |
| CN101697192B (en) | Electronic signature having safety component arranged outside and signing on medium containing electronic component | |
| CN101699472B (en) | Electronic signature supporting continuous endorsement | |
| CN101702193B (en) | Electronic signature of external safe component for signing electronic paper | |
| CN101699464B (en) | Electronic signature supporting continuous endorsement on media including electronic components | |
| CN201604388U (en) | Financial instrument including electronic paper | |
| CN201583959U (en) | Signature device of external safety unit for signing medium including electronic unit | |
| CN201583963U (en) | Signing device supporting medium continuous endorsement signature containing electronic parts | |
| CN201583980U (en) | Multifunctional signature device supporting continuous endorsement signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |