CN111507716A

CN111507716A - Security control method and device for electronic certificate

Info

Publication number: CN111507716A
Application number: CN202010305736.5A
Authority: CN
Inventors: 不公告发明人
Original assignee: Lakala Payment Co ltd
Current assignee: Lakala Payment Co ltd
Priority date: 2020-04-17
Filing date: 2020-04-17
Publication date: 2020-08-07
Anticipated expiration: 2040-04-17
Also published as: CN111507716B

Abstract

The embodiment of the disclosure discloses a security control method and device for an electronic certificate. Wherein, the method comprises the following steps: initializing an electronic certificate, uniquely binding the electronic certificate with local hardware, and recording the electronic certificate by adopting a multilayer structure; releasing the unique binding according to a whole or partial transfer request of the electronic certificate in a trusted environment within the life period of the electronic certificate; copying the copies of the multilayer structure to at least one piece of hardware corresponding to the transfer request, maintaining the inner-layer structure data of the multilayer structure in each copy unchanged, and correspondingly updating the outer-layer structure data of the multilayer structure in each copy; and uploading the local copy, receiving an asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and returning to the initialization step.

Description

Security control method and device for electronic certificate

Technical Field

The present disclosure relates to the field of digital security technologies, and in particular, to a security control method and apparatus for an electronic certificate, an electronic device, and a storage medium.

Background

The mobile communication technology brings great changes to people's daily life style, wherein the most typical is the popularization of mobile payment, and the cashless life has become the normal life of people in China. However, in the existing payment methods, both cash payment and non-cash payment are based on traditional currencies, except that the former is that cash money with physical entities is transferred between natural people, and the latter is that virtual deposit currency (belonging to credit currency) is transferred between bank accounts or third party payment accounts, which is essentially only the accounting process of the accounts. It can be seen that the current cashless payment only represents and manages user account information electronically, and still relies heavily on user account and internet-based account interaction, although it has certain convenience, it still cannot be compared with cash payment in some aspects (such as network independence, transfer without intermediary, natural certificates, anonymous balance, etc.), and users can only give up these aspects for convenience.

In order to provide electronic payment with the related features of cash payment, electronic money based on block chain technology is presented in the prior art, but the electronic money is still not dependent on network and management agency. To further enhance the experience of Electronic money, the people's bank of China has been publishing DC/EP (Digital Current/Electronic Payment) money. Unlike traditional currencies, the DC/EP currency of the central bank is purely digital currency, which is itself a string of characters that directly represents the DC/EP currency, being out of the presence of bank accounts or third party payment accounts, and unlike deposit currencies that are simply a record on a bank account or third party payment account, being out of these intermediaries and accounts is meaningless. The DC/EP currency is not only used for electronic payment, but also aims to replace cash currency, and like the cash currency, does not need the balance accounts of two parties or an intermediary (a bank/a third party payment mechanism, or networking is not needed without the intermediary, so that double off-line payment can be naturally realized), can directly realize value transfer, and can meet the requirement of anonymous balance of users.

However, the inventor finds in the process of implementing the technical solution related to the embodiment of the present disclosure that the current DC/EP currency, as legal currency issued at the central row, should also have space-time uniqueness (copy invalidity, repeat-cost invalidity, etc.) like cash currency; however, the DC/EP currency is data in nature, and can be copied and moved at will theoretically, and the DC/EP currency flows into a form and is changed into cash currency or block chain electronic currency again due to too strict limitation. Thus, the prior art has a unique and reproducible paradox for electronic voucher management of DC/EP currency, and the balance between security and convenience of control by electronic vouchers is of paramount importance.

Disclosure of Invention

To solve the above technical problems in the prior art, embodiments of the present disclosure provide a method and an apparatus for controlling security of an electronic certificate, an electronic device, and a computer-readable storage medium, so as to solve the problem that security and convenience conflict with each other in electronic certificate management control in the prior art.

A first aspect of the embodiments of the present disclosure provides a method for controlling security of an electronic certificate, including:

initializing an electronic certificate, uniquely binding the electronic certificate with local hardware, and recording the electronic certificate by adopting a multilayer structure;

releasing the unique binding according to a whole or partial transfer request of the electronic certificate in a trusted environment within the life period of the electronic certificate;

copying the copies of the multilayer structure to at least one piece of hardware corresponding to the transfer request, maintaining the inner-layer structure data of the multilayer structure in each copy unchanged, and correspondingly updating the outer-layer structure data of the multilayer structure in each copy;

and uploading the local copy, receiving an asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and returning to the initialization step.

In some embodiments, the method further comprises:

freezing the local copy of the electronic voucher after the end of the lifetime of the electronic voucher.

In some embodiments, said generating a new electronic credential from said verification result comprises:

after the verification result is passed, receiving the new electronic certificate after merging processing is carried out on at least one electronic certificate of local hardware;

and generating and resetting the life cycle in the outer structure data according to the merging processing result.

A second aspect of the embodiments of the present disclosure provides a method for controlling security of an electronic certificate, including:

receiving a copy of a multilayer structure of an electronic certificate corresponding to a transfer request according to the transfer request of all or part of the electronic certificate in a trusted environment;

checking the life cycle and the binding state of the electronic certificate, maintaining the inner-layer structure data of the multilayer structure unchanged when the life cycle is valid and unbound, and updating the outer-layer structure data of the multilayer structure in the local copy according to the transfer request;

and uploading the local copy, receiving an asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and initializing the electronic certificate.

A third aspect of the embodiments of the present disclosure provides a method for controlling security of an electronic certificate, including:

generating at least one electronic certificate with a multilayer structure in a trusted environment according to at least one of issuing, exchanging and unfreezing requests, and issuing the electronic certificate to hardware equipment corresponding to the request;

receiving a copy of the electronic certificate uploaded by at least one hardware device, and performing asynchronous verification on the transfer behavior of the electronic certificate according to at least one copy of the electronic certificate in the same life cycle;

and generating a new electronic certificate according to the asynchronous verification result and issuing the new electronic certificate to hardware equipment corresponding to the asynchronous verification result.

A fourth aspect of the embodiments of the present disclosure provides a security control apparatus for an electronic certificate, including:

the first initialization module is used for initializing the electronic certificate, uniquely binding the electronic certificate with local hardware, and recording the electronic certificate by adopting a multilayer structure;

the first request processing module is used for removing the unique binding according to all or part of transfer requests of the electronic certificate in a trusted environment in the life period of the electronic certificate;

a first copy updating module, configured to copy the copy of the multilayer structure to at least one piece of hardware corresponding to the transfer request, maintain the inner-layer structure data of the multilayer structure in each copy unchanged, and update the outer-layer structure data of the multilayer structure in each copy correspondingly;

and the first unfreezing module is used for uploading a local copy, receiving an asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and returning to the initialization step.

In some embodiments, the apparatus further comprises:

and the life period management module is used for freezing the local copy of the electronic certificate after the life period of the electronic certificate is finished.

In some embodiments, the first thawing module comprises:

the merging module is used for receiving the new electronic certificate after merging processing is carried out on at least one electronic certificate of local hardware after the verification result is passed;

A fifth aspect of the embodiments of the present disclosure provides a security control apparatus for an electronic certificate, including:

the second request processing module is used for receiving a copy of a multilayer structure of the electronic certificate corresponding to the transfer request in a trusted environment according to the transfer request of all or part of the electronic certificate;

the second copy updating module is used for checking the life cycle and the binding state of the electronic certificate, maintaining the inner-layer structure data of the multilayer structure unchanged when the life cycle is valid and unbound, and updating the outer-layer structure data of the multilayer structure in the local copy according to the transfer request;

and the second unfreezing module is used for uploading the local copy, receiving an asynchronous verification result of the security center on the local copy, generating a new electronic certificate according to the verification result and initializing the new electronic certificate.

A sixth aspect of the embodiments of the present disclosure provides a security control apparatus for an electronic certificate, including:

the system comprises a first issuing module, a second issuing module and a third issuing module, wherein the first issuing module is used for generating at least one electronic certificate with a multilayer structure in a trusted environment according to at least one of issuing, exchanging and unfreezing requests, and issuing the electronic certificate to hardware equipment corresponding to the request;

the verification module is used for receiving the copies of the electronic certificates uploaded by at least one hardware device and asynchronously verifying the transfer behaviors of the electronic certificates according to at least one copy of the electronic certificates in the same life cycle;

and the second issuing module is used for generating a new electronic certificate according to the asynchronous verification result and issuing the new electronic certificate to the hardware equipment corresponding to the asynchronous verification result.

A seventh aspect of an embodiment of the present disclosure provides an electronic device, including:

a memory and one or more processors;

wherein the memory is communicatively coupled to the one or more processors, and the memory stores instructions executable by the one or more processors, and when the instructions are executed by the one or more processors, the electronic device is configured to implement the method according to the foregoing embodiments.

An eighth aspect of the embodiments of the present disclosure provides a computer-readable storage medium having stored thereon computer-executable instructions, which, when executed by a computing device, may be used to implement the method as described in the foregoing embodiments.

A ninth aspect of an embodiment of the present disclosure provides a computer program product comprising a computer program stored on a computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, are operable to implement a method as in the preceding embodiments.

According to the technical scheme provided by the embodiment of the disclosure, the electronic certificate representing digital currency can be effectively and reliably controlled, so that the electronic certificate can be freely transferred under the condition of double offline, sufficient safety can be ensured, and the problem of data fragmentation generated after multiple times of splitting can be prevented.

Drawings

The features and advantages of the present disclosure will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the disclosure in any way, and in which:

FIG. 1 is a schematic flow chart diagram illustrating a method for security control of an electronic credential according to some embodiments of the present disclosure;

FIG. 2 is a flow diagram illustrating a method for security control of an electronic credential in accordance with some embodiments of the present disclosure;

FIG. 3 is a flow diagram illustrating a method for security control of an electronic credential in accordance with some embodiments of the present disclosure;

FIG. 4 is a block diagram representation of a security control mechanism for an electronic voucher, according to some embodiments of the present disclosure;

fig. 5 is a schematic structural diagram of an electronic device according to some embodiments of the present disclosure.

Detailed Description

In the following detailed description, numerous specific details of the disclosure are set forth by way of examples in order to provide a thorough understanding of the relevant disclosure. However, it will be apparent to one of ordinary skill in the art that the present disclosure may be practiced without these specific details. It should be understood that the use of the terms "system," "apparatus," "unit" and/or "module" in this disclosure is a method for distinguishing between different components, elements, portions or assemblies at different levels of sequence. However, these terms may be replaced by other expressions if they can achieve the same purpose.

It will be understood that when a device, unit or module is referred to as being "on" … … "," connected to "or" coupled to "another device, unit or module, it can be directly on, connected or coupled to or in communication with the other device, unit or module, or intervening devices, units or modules may be present, unless the context clearly dictates otherwise. For example, as used in this disclosure, the term "and/or" includes any and all combinations of one or more of the associated listed items.

The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to limit the scope of the present disclosure. As used in the specification and claims of this disclosure, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" are intended to cover only the explicitly identified features, integers, steps, operations, elements, and/or components, but not to constitute an exclusive list of such features, integers, steps, operations, elements, and/or components.

These and other features and characteristics of the present disclosure, as well as the methods of operation and functions of the related elements of structure and the combination of parts and economies of manufacture, will be better understood by reference to the following description and drawings, which form a part of this specification. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only and are not intended as a definition of the limits of the disclosure. It will be understood that the figures are not drawn to scale.

Various block diagrams are used in this disclosure to illustrate various variations of embodiments according to the disclosure. It should be understood that the foregoing and following structures are not intended to limit the present disclosure. The protection scope of the present disclosure is subject to the claims.

In order to effectively support electronic payment and actively cope with the impact of illegal electronic money such as a block chain, the people have been promulgated to issue DC/EP money, and the aim is to support electronic payment and simultaneously realize double off-line payment of both parties of collection and payment like cash money, which puts higher requirements on electronic voucher control of DC/EP money. The anti-counterfeiting security of legal currency must be the first, and the anti-counterfeiting security refers to the space-time uniqueness of currency, namely, similar to cash currency, the currency can be used only in a certain occasion at a certain moment, and cannot be used simultaneously in a plurality of occasions, which requires that the currency has only a unique and real expression form. In order to guarantee the space-time uniqueness of the DC/EP currency, the DC/EP currency is generally bound with substances (such as unique hardware) with space-time uniqueness; however, in order to realize convenience of electronic payment, the method must support unbinding and information transfer during payment (otherwise, if the payment is realized by hardware transfer, the method is the same as cash money and has no issuing significance), so that the security of the process of unbinding the payment to a new binding process must be considered, and the problems of illegal unbinding (embezzlement), illegal binding of a plurality of pieces of hardware (counterfeiting) and the like are avoided.

In view of this, the embodiments of the present disclosure provide a security control method for an electronic certificate, which effectively achieves balance between convenience and security during the use of the electronic certificate by performing lifetime control on the electronic certificate with a dual-core structure, and achieves controllable splitting and transferring of the electronic certificate under the condition of ensuring data security. In one embodiment of the present disclosure, as shown in fig. 1, the method for controlling the security of the electronic certificate includes:

s101, initializing an electronic certificate, uniquely binding the electronic certificate with local hardware, and recording the electronic certificate by adopting a multilayer structure.

In the embodiment of the present disclosure, for the security of the electronic certificate, both hardware and software carrying the electronic certificate are limited, the electronic certificate is saved by designated hardware (preferably, such as an officially directly issued hardware device, or a third party hardware device authenticated by the officials, or a user hardware device qualified in safety by officials), information of the electronic certificate is maintained by a specific multi-layer structure, and meanwhile, the transfer use of the electronic certificate is limited in a trusted environment (preferably, such as the interaction between a receiving party and a paying party in designated one or more security software). Preferably, the multilayer structure at least comprises an inner layer structure data and an outer layer structure data, wherein the inner layer structure data is core data, generally comprises a core character string of the electronic certificate, is equivalent to the serial number of the paper currency, is a unique identification of the electronic certificate, and can be copied but can not be changed; the outer layer structure data records the current characterization information of the electronic certificate, which can include face value, uniquely bound hardware identification code, life time, and the like, and is dynamically updated along with the actual transfer use condition of money.

S102, in the life period of the electronic certificate, the unique binding is released according to all or part of transfer requests of the electronic certificate in a trusted environment.

In the embodiment of the present disclosure, the system supports dual offline payment, that is, both the receiving and the payment parties can complete the operation in the offline state without network (certainly, because of electronic payment, or at least near field communication means, such as bluetooth, NFC, or code scanning, etc., are required by both the receiving and the payment parties, only the connection to the internet is not required, and the confirmation by the cloud server is not required). In order to tightly control the process of unbinding/binding (i.e., the process of electronic credential transfer), it may be required that the relevant requests and responses must be performed through a security system (typically a digital wallet installed on the personal devices of the both the acquirer and the payer, which may be a combination of software or software and hardware, so-called software wallet and hardware wallet). However, it should be understood that whether software or hardware is provided, as long as the system is likely to be cracked, the system on the personal device is more likely to be cracked by active or passive attack, so that it is difficult to truly avoid illegal operations by simply relying on the security system, and the security of the transfer cannot be completely guaranteed, so that further means are required to enhance the security.

Although it is difficult to determine and prevent illegal payment at the first time due to lack of real-time authentication of the system caused by the double offline payment without mediation, the confirmation can be performed at a later time by adopting an asynchronous authentication mode in consideration of the occurrence probability of the unsafe event and the operational convenience. For example, it is preferable that the defaulted completed payment is valid, so that the both parties can complete the transaction directly in the dual off-line condition, but the trusted third party (e.g. the central bank) can asynchronously confirm the payment according to the currency flow path under the condition of conditional networking afterwards, screen and distinguish illegal payment, and take a way of post-pursuing payment to pursue payment to the wrong party in the illegal payment, thereby indirectly limiting illegal unbinding/binding, and guaranteeing space-time uniqueness of the DC/EP currency. The asynchronous confirmation also needs to network to acquire the recorded information of each party to complete the verification, but because the system supports both the receiving and the supporting parties to complete the operation in an offline state, the networking is not necessary for the user, and thus the effective acquisition of the related recorded information is difficult to guarantee. In order to solve the contradiction between the offline function and the networking requirement, a life cycle is preferably set for the DC/EP currency in the embodiment of the disclosure, and the electronic certificate can be normally used for unlimited times in the life cycle through the life cycle management; if the record information of both the receiving and the payment is not received in the current life cycle, at least one copy of the electronic certificate is frozen outside the life cycle (namely after the current life cycle is finished), so that the electronic certificate can not be used temporarily. Through the mode, on one hand, the normal use requirement of the user is guaranteed, on the other hand, the user is reminded in time to transmit the recorded information, and the safety and the stability of the whole system are guaranteed.

S103, copying the copies of the multilayer structure to at least one piece of hardware corresponding to the transfer request, keeping the inner-layer structure data of the multilayer structure in each copy unchanged, and correspondingly updating the outer-layer structure data of the multilayer structure in each copy.

In an embodiment of the present disclosure, the electronic certificate is data of a multi-layer structure, and the data of an inner layer structure is core data which can be copied but can not be changed; the outer structure data is dynamically updated with the actual transfer usage of the currency. According to the transfer request (namely the actual payment request) of the user, the electronic certificate in the hardware of the paying party is copied into the hardware of the receiving party, the internal layer structure data in the copied copy is unchanged, and the external layer structure data is correspondingly updated according to the actual transfer condition (such as updating the face value, adding a new hardware identification code, re-binding and the like). The transfer request can be a complete transfer or a partial transfer, when the transfer is complete, the face value in the copy of the hardware of the payer is zero, no longer bound with the hardware and no longer available, and the face value in the copy of the hardware of the receiver is kept and only bound with the new hardware; and during partial transfer, the value in the copy of the hardware of the payer is subtracted by the payment amount and is still bound with the original hardware, the value in the copy of the hardware of the receiver is the amount received and is bound with the new hardware, and the sum of the values of the multiple copies is the original value of the electronic certificate.

It can be seen that the DC/EP currency is split at the time of partial transfer, and there are copies of the electronic voucher available in multiple pieces of hardware. The situation of splitting is more obvious after a plurality of partial transfers, and the pressure problem of safety and performance caused by fragmentation of the electronic certificate is more prominent. Therefore, asynchronous verification is needed to be carried out timely, completed transfer operation is confirmed, and fragmented electronic certificates are unified again.

S104, uploading the local copy, receiving the asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and returning to the initialization step.

In the embodiment of the disclosure, the concept of 'daily cutting' in clearing is borrowed, and the life cycle is set for the digital currency, the digital currency can be paid for many times in one life cycle, but is frozen until the digital currency is reinitialized after asynchronous verification. If one digital currency is partially transferred, the digital currency may be transferred into a plurality of digital wallets in multiple copies, and after the life cycle is over, the portion corresponding to the digital currency in each digital wallet is frozen, but the portion can be thawed only by reinitializing after the local copy is uploaded through the network and asynchronous verification, and other related parties do not need to wait for verification. In this way, the embodiment of the disclosure can effectively perform security control on the issuance, use and settlement of the digital currency, and can confirm the amount of money and trace back the transaction process through the recorded information of the copy during asynchronous verification. For the loss, the user can be positioned through the digital wallet (a corresponding relation needs to be established between the digital wallet and the user) so as to carry out additional payment on the user; the hardware device may also be located by a hardware identification code to limit reuse of the device.

It will be understood by those skilled in the art that during normal use of electronic money, there should be at least two parties of balance interaction, and the embodiment of figure 1 is described primarily from the perspective of the paying party. Correspondingly, referring to fig. 2, the method for controlling the security of the electronic certificate corresponding to the receiving party includes:

s201, receiving a copy of a multilayer structure of an electronic certificate corresponding to a transfer request according to the transfer request of all or part of the electronic certificate in a trusted environment;

s202, checking the life cycle and the binding state of the electronic certificate, keeping the inner-layer structure data of the multilayer structure unchanged when the life cycle is valid and not bound, and updating the outer-layer structure data of the multilayer structure in the local copy according to the transfer request;

s203, uploading the local copy, receiving the asynchronous verification result of the local copy by the security center, generating a new electronic certificate according to the verification result and initializing.

The money transfer request (i.e. the payment request) is usually initiated by a receiving party, but may be initiated by a paying party in some cases, which is a business behavior without any need of deep research. Therefore, in the embodiment of the present disclosure, both parties are limited to interacting in a trusted environment, and no matter which party initiates a request, the request still needs to pass the verification of the lifetime and binding state of the electronic certificate before being validated. Preferably, when the transfer request is trusted and legitimate, the payer unbinds the unique binding of the hardware and sends a copy of the electronic certificate to the collector, while updating the local copy; and after the receiving party also judges that the transfer request is credible and legal, when the electronic certificate corresponding to the transfer request is still in the life cycle and is not uniquely bound with other hardware, the hardware of the receiving party confirms to receive, copy and update the copy of the electronic certificate. When any one of the above conditions is not satisfied, the payer and/or the receiver can reject the request, the interaction is ended in failure, the result is notified to both parties, and the subsequent processing is the content of the next request and is determined by both parties of the interaction.

Furthermore, similar to the foregoing payer scenario, in embodiments of the present disclosure, the electronic voucher for digital currency is managed by a lifetime, which may be paid multiple times during a lifetime (the recipient pays for use in subsequent interactions after the current collection), but becomes frozen by the end of the lifetime until the digital currency is reinitialized after asynchronous validation. Of course, it will be understood by those skilled in the art that asynchronous authentication does not have to wait until the end of the lifetime, but may be performed at any time that the electronic certificate is networked, and for multiple copies after the electronic certificate is transferred, any copy that has passed asynchronous authentication may be independently confirmed, a new electronic certificate is generated and re-initialized, and thus may be put into use again without being affected by the lifetime of the previous electronic certificate. For a certain transfer operation causing bad results, the transfer operation is generally processed by a subsequent program, and other normally finished transfer operations are not influenced.

More specifically, according to current official regulations, DC/EP digital currency adopts a two-tier operation system, and an issuer (the chinese people bank) firstly exchanges DC/EP digital currency (which should in principle have hardware to carry its electronic certificate) to a trusted third party (generally a commercial bank or a commercial institution), and then exchanges DC/EP digital currency to a user (i.e., the general public, who generally exchanges DC/EP digital currency using conventional currency) according to a user request. The hardware bearing the electronic certificate can be issued with the digital currency, and the receiving party can also prepare the hardware equipment to receive the electronic certificate and then bind the electronic certificate. Preferably, in order to reduce the burden of the user, the same hardware can bear a plurality of electronic certificates, and the valid electronic certificates in the same hardware can be merged after being verified.

The hardware that the user holds is an electronic wallet, which can be analogized to the user's wallet, and the digital money in the hardware (managed by the electronic voucher) can be analogized to the paper money in the wallet. Unlike the management of electronic banking accounts, a user can manage own digital money by a plurality of hardware devices (instead of having to manage it centrally), and the amount of digital money in each hardware device can be freely selected by a transfer operation by the user himself. That is, the transfer operation is only related to the hardware and electronic certificates, and is not related to the hardware devices and the attribution parties of the digital money, the user can complete the transfer of the digital money in a plurality of hardware devices owned by the user, and the same user can simultaneously act as the payer and the collector in the foregoing embodiment (or the payer and the collector can be considered to be only corresponding hardware devices, not the user). By the mode, the amount of the digital currency in the hardware equipment carried by the user at any time can be freely selected, and the function similar to the real currency is realized. Of course, the physical security of the hardware device is also a security issue to be considered, and how to secure digital currency in the event of hardware loss/theft may also be a research project, and the issue will be specifically discussed in other technical solutions in principle, and the embodiments of the present disclosure do not make any intensive research for a while, and generally perform prevention through user identification in a trusted environment (such as designated software).

In the preferred embodiment of the present disclosure, multiple digital money transfer actions occur among multiple users, each transfer action is independent, and the issuer or a trusted third party authorized by the issuer confirms each transfer action afterwards according to the record information uploaded by each user hardware device, and simultaneously, the fragmentation problem generated after the multiple transfer actions is solved by initializing the electronic certificate again.

Specifically, one preferred embodiment of the present disclosure is:

day 1 (assuming that the life time of the electronic certificate corresponding to the digital currency is preferably not more than 1 Day, and may be terminated at a fixed time every Day or 24 hours after the initialization):

first, a first user a exchanges a first digital currency DC1 (corresponding to a first core character string S1) with a first face value (assumed to be 100 yuan) and uniquely binds the first digital currency DC1 to a first hardware device HD1 owned by the first user a (similar to binding a mobile phone SIM card when binding a mobile phone number); similarly, the second user B has redeemed a second digital currency DC2 (corresponding to a second core string S2) for a second denomination (also assumed to be 100 dollars), also uniquely binding the second hardware device HD 2; the third user C has redeemed a third denomination (again assumed to be 100 dollars) of a third digital currency DC3 (corresponding to a third core string S3), also uniquely bound to a third hardware device HD 3. Through these binding operations, the issuer can obtain the starting point (i.e., the original owner) in the flow path for the corresponding three sets of digital currency DC 1-3; alternatively, in order to guarantee the true value of the digital currency, and also to verify the possible settlement liability and the like after the fact, the conventional currency of the corresponding amount of the digital currency exchange party may be frozen as the deposit.

In the preferred embodiment of the present disclosure, it is assumed that Day 1, the first user a has transferred 50 elements to the second user B, and the third user C has not participated in the transfer behavior for a while. Then, to the end of the first lifetime (assuming as 0 point of Day 2), the recorded information in the local copy of each user is:

the first user A: the remaining 50 dollars of the first digital currency DC1, wherein the exchange received 100 dollars of the first digital currency DC1 and uniquely bound the first hardware device HD1 at a first time T1, and the 50 dollars of the first digital currency DC1 was transferred to the second hardware device HD2 (owned by the second user B) at a third time T3;

the second user B: the remaining 100-dollar second digital currency DC2 and 50-dollar first digital currency DC1, wherein the 100-dollar second digital currency DC2 is exchanged and uniquely bound to the second hardware device HD2 at a second time T2, and the 50-dollar first digital currency DC1 transferred from the first hardware device HD1 is received at a third time T3;

the third user C: the remaining 100 dollars of the third digital currency DC3, wherein the 100 dollars of the third digital currency DC3 was redeemed at a fourth time T4 and is uniquely bound to the third hardware device HD 3.

2.Day 2：

In principle, the three sets of digital currency DC1-3 will be frozen from the end of the first life cycle (assuming 0's of Day 2). In particular, the lifetime of the electronic voucher may be detected in the trusted context of the parties based on the current time, e.g. if the digital wallet of the payer detects that the lifetime of the electronic voucher of the digital money has passed based on the current time, the digital money can no longer be used for payment; or the digital wallet of the receiving party detects that the electronic certificate life time of the digital currency is over according to the current time, refusing to receive the digital currency; in short, if the lifetime detection of any one of the devices fails, the transfer operation is terminated in failure. To further enhance security, the current time of the trusted environment needs to be periodically retrieved/corrected through a trusted channel and cannot be modified by the user, such as configuring a separate hardware clock, having to be periodically synchronized with the remote server/satellite and cannot be modified in other ways. In addition, it is contemplated to limit the total number of transfers of digital currency over a lifetime to avoid the security and fragmentation issues associated with frequent transfers.

When the three users A, B, C upload their respective recorded information and pass asynchronous authentication, their respective valid digital currencies are thawed (reinitialized). The uploading and asynchronous verification of the recorded information can be carried out at any time, and the recorded information is not required to be carried out only after the life cycle is ended; independent unfreezing (reinitialization) can also be performed by each party independently, and unified unfreezing (reinitialization) is not required after all the parties are finished. In addition, the unfreezing (reinitialization) operation may be immediate, may be delayed, and may depend on how the lifetime is managed in various embodiments. Preferably, the unfreezing (reinitialization) should be operated by the issuer and/or the trusted third party without accepting unfreezing (reinitialization) operation instructions of the user's personal or untrusted channel.

In a preferred embodiment of the present disclosure, the unfreezing (reinitialization) operation may include various embodiments, such as:

1. the new digital currency keeps the core data (character string codes in the inner layer structure) of the original electronic certificate unchanged, and only changes the life cycle in the data of the outer layer structure. The operation mode has small calculation amount, but can cause fragmentation of digital currency, so that a plurality of electronic certificates exist in one hardware device, one electronic certificate has copies in a plurality of hardware devices, a large amount of storage space is sacrificed, and meanwhile, great pressure is brought to management and verification of recorded information after multiple times of splitting.

2. Therefore, more preferably, at least one electronic certificate corresponding to at least one digital currency is merged according to the current situation of each hardware device during unfreezing (reinitialization), that is, the currency amount is merged and then placed in a newly issued digital currency, the corresponding electronic certificate is regenerated, and the core character string of the inner-layer structure data is brand-new; and the face value in the outer-layer structure data is reset after the sum and the life cycle are combined. And all previous digital currencies in the hardware equipment are correspondingly invalidated, the local copies of the stored electronic certificates are deleted, and the information of the invalidated digital currencies is recorded at the same time by the cloud end/the server end/the data chain/the block chain. Taking the three users as an example, after operating in this way, the three users A, B, C each hold 1 digital currency with denominations of 50 yen, 150 yen, and 100 yen, respectively.

And after the issuer and/or the trusted third party collects the record information uploaded by any hardware equipment, the account checking can be started, the current legal transfer behavior is confirmed, and the problematic transfer behavior is screened and traced through the circulation path. For example, the transfer behavior of the second hardware device to the third hardware device is confirmed through the record information uploaded by the second hardware device or the third hardware device before, but the record of the first digital money transferred from the first hardware device to the second hardware device is not found in the record information uploaded by the first hardware device later (that is, the first digital money in the second hardware device has no source record), at this time, it can be judged that the second hardware device illegally acquires the first digital money according to the current record, and it is determined that the second hardware device has a security problem, and the transfer behavior of the second hardware device to the third hardware device confirmed before has an illegal operation. The second hardware device (and the electronic certificate therein) can be frozen and the loss caused by the digital currency still valid in the second hardware device or the deposit in advance corresponding to the user can be compensated (the third hardware device is admitted to have valid money amount, but the source is corrected to be compensation, and the part of compensation which belongs to the second hardware device or the corresponding user is deducted at the same time), thereby ensuring that all transfer behaviors are valid and the total amount is consistent.

In correspondence with the above description, in the embodiment of the present disclosure, it is obvious that there should be a controlling party (i.e. the security center in fig. 1 and 2) different from the paying party or the receiving party, and referring to fig. 3, the security control method of the electronic certificate corresponding to the security center includes:

s301, generating at least one electronic certificate with a multilayer structure in a trusted environment according to at least one of issuing, exchanging and unfreezing requests, and issuing the electronic certificate to hardware equipment corresponding to the request;

s302, receiving a copy of the electronic certificate uploaded by at least one hardware device, and performing asynchronous verification on the transfer behavior of the electronic certificate according to at least one copy of the electronic certificate in the same life cycle;

and S303, generating a new electronic certificate according to the asynchronous verification result and issuing the new electronic certificate to hardware equipment corresponding to the asynchronous verification result.

According to the security control method of the electronic certificate provided by the embodiment of the disclosure, the electronic certificate representing digital currency can be effectively and reliably controlled, so that the electronic certificate can be freely transferred under the condition of double offline, sufficient security can be ensured, and the problem of data fragmentation generated after multiple times of splitting can be prevented.

Fig. 4 is a schematic diagram of a security control device for an electronic credential according to some embodiments of the present disclosure. As shown in fig. 4, the security control apparatus 400 of the electronic certificate includes a first initialization module 401, a first request processing module 402, a first copy update module 403, and a first unfreezing module 404; wherein the content of the first and second substances,

a first initialization module 401, configured to initialize an electronic certificate, uniquely bind the electronic certificate with local hardware, and record the electronic certificate by using a multilayer structure;

a first request processing module 402, configured to release the unique binding according to a transfer request for all or part of the electronic certificate in a trusted environment during a lifetime of the electronic certificate;

a first copy updating module 403, configured to copy the copies of the multilayer structure in at least one piece of hardware corresponding to the transfer request, maintain the inner-layer structure data of the multilayer structure in each copy unchanged, and update the outer-layer structure data of the multilayer structure in each copy correspondingly;

a first unfreezing module 404, configured to upload a local copy, receive an asynchronous verification result of the local copy by the security center, generate a new electronic certificate according to the verification result, and return to the initialization step.

In some embodiments, the apparatus further comprises: and the life period management module is used for freezing the local copy of the electronic certificate after the life period of the electronic certificate is finished.

In some embodiments, the first thawing module comprises: the merging module is used for receiving the new electronic certificate after merging processing is carried out on at least one electronic certificate of local hardware after the verification result is passed; and generating and resetting the life cycle in the outer structure data according to the merging processing result.

It will be understood by those skilled in the art that the above embodiment shown in fig. 4 generally corresponds to the apparatus of the payer, and in some embodiments of the present disclosure, the security control apparatus of an electronic certificate corresponding to the receiving party includes:

Accordingly, in some embodiments of the present disclosure, the electronic certificate security control apparatus further includes a security center, which corresponds to the electronic certificate, including:

Referring to fig. 5, a schematic diagram of an electronic device is provided for one embodiment of the present disclosure. As shown in fig. 5, the electronic device 500 includes:

memory 530 and one or more processors 510;

wherein the memory 530 is communicatively coupled to the one or more processors 510, and instructions 532 executable by the one or more processors are stored in the memory 530, and the instructions 532 are executed by the one or more processors 510 to cause the one or more processors 510 to perform the methods of the foregoing embodiments of the present disclosure.

In particular, processor 510 and memory 530 may be connected by a bus or other means, such as bus 540 in FIG. 5. Processor 510 may be a Central Processing Unit (CPU). The Processor 510 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.

The memory 530, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as the cascaded progressive network in the disclosed embodiments. The processor 510 performs various functional applications of the processor and data processing by executing non-transitory software programs, instructions, and functional modules 532 stored in the memory 530.

The memory 530 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 510, and the like. Further, memory 530 may include high-speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 530 may optionally include memory located remotely from processor 510, which may be connected to processor 510 via a network, such as through communication interface 520. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

An embodiment of the present disclosure also provides a computer-readable storage medium, in which computer-executable instructions are stored, and the computer-executable instructions are executed to perform the method in the foregoing embodiment of the present disclosure.

The foregoing computer-readable storage media include physical volatile and nonvolatile, removable and non-removable media implemented in any manner or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. The computer-readable storage medium specifically includes, but is not limited to, a USB flash drive, a removable hard drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), an erasable programmable Read-Only Memory (EPROM), an electrically erasable programmable Read-Only Memory (EEPROM), flash Memory or other solid state Memory technology, a CD-ROM, a Digital Versatile Disk (DVD), an HD-DVD, a Blue-Ray or other optical storage, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer.

While the subject matter described herein is provided in the general context of execution in conjunction with the execution of an operating system and application programs on a computer system, those skilled in the art will recognize that other implementations may also be performed in combination with other types of program modules. Generally, program modules include routines, programs, components, data structures, and other types of structures that perform particular tasks or implement particular abstract data types. Those skilled in the art will appreciate that the subject matter described herein may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like, as well as distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.

Those of ordinary skill in the art will appreciate that the various illustrative elements and method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present disclosure may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present disclosure.

In summary, the present disclosure provides a method and an apparatus for controlling security of an electronic certificate, an electronic device, and a computer-readable storage medium thereof. The electronic certificate representing digital currency can be effectively and reliably controlled through controlling the multilayer structure of the electronic certificate and multiple copies and through multiple safety detection such as life cycle and asynchronous verification, so that the electronic certificate can be freely transferred under the condition of double offline, sufficient safety can be guaranteed, and the problem of data fragmentation generated after multiple times of splitting can be prevented.

It is to be understood that the above-described specific embodiments of the present disclosure are merely illustrative of or illustrative of the principles of the present disclosure and are not to be construed as limiting the present disclosure. Accordingly, any modification, equivalent replacement, improvement or the like made without departing from the spirit and scope of the present disclosure should be included in the protection scope of the present disclosure. Further, it is intended that the following claims cover all such variations and modifications that fall within the scope and bounds of the appended claims, or equivalents of such scope and bounds.

Claims

1. A method for secure control of an electronic credential, comprising:

2. The method of claim 1, further comprising:

3. The method of claim 1, wherein generating a new electronic credential based on the verification result comprises:

4. A method for secure control of an electronic credential, comprising:

5. A method for secure control of an electronic credential, comprising:

6. A security control device for an electronic certificate, comprising:

7. The apparatus of claim 6, further comprising:

8. The apparatus of claim 6, wherein the first thawing module comprises:

9. A security control device for an electronic certificate, comprising:

10. A security control device for an electronic certificate, comprising: