CN111967556A - Two-dimensional code offline generation method and storage medium - Google Patents

Two-dimensional code offline generation method and storage medium Download PDF

Info

Publication number
CN111967556A
CN111967556A CN202010800348.4A CN202010800348A CN111967556A CN 111967556 A CN111967556 A CN 111967556A CN 202010800348 A CN202010800348 A CN 202010800348A CN 111967556 A CN111967556 A CN 111967556A
Authority
CN
China
Prior art keywords
code
user terminal
packet
offline
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010800348.4A
Other languages
Chinese (zh)
Other versions
CN111967556B (en
Inventor
叶章明
陈天宇
陈航
郑升尉
张汀勇
刘元
林杰
王敏力
李敏
陈熙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Boss Software Co ltd
Fujian Bosi Digital Technology Co ltd
Original Assignee
Fujian Boss Software Co ltd
Fujian Bosi Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Boss Software Co ltd, Fujian Bosi Digital Technology Co ltd filed Critical Fujian Boss Software Co ltd
Priority to CN202010800348.4A priority Critical patent/CN111967556B/en
Publication of CN111967556A publication Critical patent/CN111967556A/en
Application granted granted Critical
Publication of CN111967556B publication Critical patent/CN111967556B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Abstract

The invention relates to a two-dimension code off-line generation method and a storage medium, wherein the method comprises the following steps: when the user terminal has a network, receiving an offline code output packet pushed by a server; the user terminal stores the received offline code-out packet in a safe storage area; and when the user terminal does not have a network, analyzing the offline code-out packet in the safe storage area to generate the two-dimensional code. When the network of the user terminal is normal, the user terminal receives the offline code generation packet pushed by the server, then the user terminal stores the received offline code generation packet into the safe storage area, and when the network of the user terminal is abnormal, the two-dimensional code is generated according to the offline code generation packet in the safe storage area. By storing the offline code generating packet in the security storage area of the user terminal, the operating system security mechanism ensures that the offline code generating packet stored in the security storage area cannot be read by cross-application, thereby avoiding the offline code generating packet from being intercepted and preventing the information leakage of the user.

Description

Two-dimensional code offline generation method and storage medium
Technical Field
The invention relates to the technical field of two-dimension codes, in particular to a two-dimension code off-line generation method and a storage medium.
Background
The two-dimensional Code is also called as a two-dimensional Bar Code, a common two-dimensional Code is a QR Code, and QR is known as Quick Response, which is an ultra-popular coding mode on mobile equipment in recent years, and compared with the traditional Bar Code, the two-dimensional Code can store more information and represent more data types.
Two-dimensional code generation methods are generally two: one is a mode of generating the two-dimension code on line, namely generating the two-dimension code under the condition of keeping network connection; one is an off-line two-dimensional code generation mode, that is, a two-dimensional code is generated in an environment with a poor network or no network.
However, in the existing offline two-dimensional code generation method, offline coding information is usually requested from a server when a network exists, and when no network exists, a two-dimensional code is generated according to the offline coding information, for example, patent document with application publication No. CN110516776A discloses an offline two-dimensional code riding method and device, and patent document with application publication No. CN110298421A discloses a two-dimensional code offline generation method, but the existing offline two-dimensional code generation method has a risk that the offline coding information is stolen, thereby causing user information leakage.
Disclosure of Invention
Therefore, it is desirable to provide an offline two-dimensional code generation method and a storage medium, which solve the problem of the existing offline two-dimensional code generation method that the risk of stealing offline coding information exists.
In order to achieve the above object, the inventor provides an offline two-dimensional code generation method, which includes the following steps:
when the user terminal has a network, receiving an offline code output packet pushed by a server;
the user terminal stores the received offline code-out packet in a safe storage area;
and when the user terminal does not have a network, analyzing the offline code-out packet in the safe storage area to generate the two-dimensional code.
Further optimization, before the step of receiving the offline code-out packet sent by the server when the user terminal has a network, the method further comprises the following steps:
when a user terminal has a network, sending a code packet output request instruction to a server side, wherein the code packet output request instruction comprises a user ID and a wind control factor, and the wind control factor comprises an external network IP, an equipment ID, GPS information, an SIM card ID, an equipment model and/or operating system information;
after receiving a code packet output request instruction sent by a user terminal, a server judges whether the user terminal is safe or not according to the code packet output request instruction;
if the user terminal is safe, generating an offline code output packet, and pushing the offline code output packet to the user terminal;
if not, the off-line code-out packet is not generated.
Further preferably, the secure storage area comprises a SQLITE database or a Keychain database.
Further optimizing, the offline code output packet comprises code seed data and dynamic key data;
the step of analyzing the offline code-out package in the secure storage area to generate the two-dimensional code specifically comprises the following steps of:
the user terminal decrypts the dynamic key data through the decryption key to obtain a dynamic key plaintext;
decrypting the code seed data through the dynamic secret key plaintext to obtain the code seed plaintext;
and generating the two-dimensional code according to the code seed plaintext.
Further optimization, the step of analyzing the offline code-out packet in the secure storage area and generating the two-dimensional code when the user terminal has no network further comprises the following steps:
after a user generates two-dimensional codes, recording the number of the two-dimensional codes generated according to the current offline code outlet packet, and judging whether the number of the two-dimensional codes generated by the current offline code outlet packet exceeds a preset number;
and if so, pausing the generation of the two-dimensional code by using the current offline code output packet.
Further optimization, the method also comprises the following steps:
the user terminal records the use time period of the current offline code packet;
judging whether the use time period of the current offline code packet reaches a preset time period or not;
and if the preset time period is reached, a new code packet output request instruction is sent to the server again to request a new offline code packet output.
Further optimization, the method also comprises the following steps:
when using the off-line code packet, asynchronously and regularly detecting the network condition of the current user terminal;
when the network of the current user terminal is detected to be recovered to be normal, whether the current user terminal meets code output information is detected;
and if not, deleting the offline code packet.
Further optimization, the method also comprises the following steps:
when the user terminal recovers the network normal, the log of using the offline code generation packet is sent to the server;
the server side analyzes the use behavior of an offline code packet of the user terminal according to the received use log;
and when the server side analyzes that the user terminal uses the offline code-out packet abnormally, adding the user terminal and the user ID thereof into a blacklist.
Still provide another technical scheme: a storage medium, wherein a computer program is stored, and when being executed by a processor, the computer program executes the steps of the two-dimensional code offline generation method.
Different from the prior art, according to the technical scheme, when the network of the user terminal is normal, the user terminal receives the offline code generation packet pushed by the server, then the user terminal stores the received offline code generation packet into the safe storage area, and when the network of the user terminal is abnormal, the two-dimensional code is generated according to the offline code generation packet in the safe storage area. By storing the offline code generating packet in the security storage area of the user terminal, the operating system security mechanism ensures that the offline code generating packet stored in the security storage area cannot be read by cross-application, thereby avoiding the offline code generating packet from being intercepted and preventing the information leakage of the user.
Drawings
Fig. 1 is a schematic flow chart of a method for generating a two-dimensional code offline according to an embodiment;
fig. 2 is a schematic flow chart of a process of generating an offline two-dimensional code according to an embodiment;
fig. 3 is a schematic flow chart of a method for generating a two-dimensional code offline according to an embodiment of the present invention, which can be applied to bus payment;
fig. 4 is a schematic structural diagram of a storage medium according to an embodiment.
Description of reference numerals:
410. a storage medium.
Detailed Description
To explain technical contents, structural features, and objects and effects of the technical solutions in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1, the present embodiment provides an offline two-dimensional code generating method, including the following steps:
step S110: when the user terminal has a network, receiving an offline code output packet pushed by a server; when the user terminal network is normal, then receive the off-line of server side propelling movement and go out the sign indicating number package, wherein, can be the server side initiative to user terminal propelling movement off-line and go out the sign indicating number package, also can be the sign indicating number APP that goes out in the user terminal requests off-line to the server side when the network is normal to go out the sign indicating number package, after the request of user terminal was received to the server side, to user terminal propelling movement off-line go out the sign indicating number package, wherein, in order to guarantee user terminal's security, user terminal's off-line goes out the sign indicating number package and specifically includes following:
when the user terminal has a network, sending a code packet output request instruction to the server, wherein the code packet output request instruction comprises a user ID and a wind control factor, and the wind control factor comprises an external network IP, an equipment ID, GPS information, an SIM card ID, an equipment model and/or operating system information.
After receiving a code packet output request instruction sent by a user terminal, a server judges whether the user terminal is safe or not according to the code packet output request instruction;
if the user terminal is safe, generating an offline code output packet, and pushing the offline code output packet to the user terminal;
if not, the off-line code-out packet is not generated.
When the network of the user terminal is normal, the user terminal sends a code packet sending request instruction to the server, wherein, when the network of the user terminal is normal, whether the off-line code packet stored by the user terminal is valid or not is checked, and when the off-line code packet stored by the user terminal is detected to be invalid or not is detected, the user terminal sends the code packet sending request instruction to the server; after receiving a code packet output request instruction sent by the user terminal, the server judges whether the user terminal is safe according to the received code packet output request instruction, and the method specifically comprises the following steps: judging whether the user ID is in a blacklist or not according to the user ID, and if the user ID is in the blacklist, judging that the user terminal is unsafe; judging whether the user terminal has the problems of embezzlement, embezzlement and the like according to the wind control factor, if the problems occur, judging that the user terminal is unsafe, wherein the wind control factor is identification information of the user terminal, if the user terminal is replaced by the user, the identification information changes, judging that the current user ID replaces the user terminal through the wind control factor, the current user ID needs to provide the stolen risk level of the user ID, and the user needs to perform dynamic authentication, such as short message authentication or face brushing authentication, to prove that the user himself replaces the user terminal, if the authentication passes, judging that the user terminal is safe, if the authentication does not pass, indicating that the user terminal is unsafe, and if the identification information frequently changes, judging that the user terminal is unsafe. When the user terminal is judged to be unsafe, an offline code output packet is not generated, and when the user terminal is judged to be unsafe according to the wind control factor, the user ID of the user terminal is added into a blacklist and the evidence is raised when the problem of embezzlement occurs; and when the safety of the user terminal is detected, the server generates an offline code output packet and sends the offline code output packet to the user terminal.
The user terminal also checks the self environment to see whether the environment of the user terminal is a debugging tool environment such as a network agent, an Xpos and the like, if so, the relevant risk point is shown to appear, and the user terminal does not obtain the offline code output packet.
Step S120: the user terminal stores the received offline code-out packet in a safe storage area; the offline code output package is not stored in a memory card in a file form, but stored in a secure storage area of the user terminal, such as an SQLITE database in an android system or a Keychain database in an IOS system. The operating system may ensure that data in the secure storage area cannot be read across applications.
Step S130: and when the user terminal does not have a network, analyzing the offline code-out packet in the safe storage area to generate the two-dimensional code.
When the network of the user terminal is normal, the user terminal receives the offline code generation packet pushed by the server, then the user terminal stores the received offline code generation packet into the safe storage area, and when the network of the user terminal is abnormal, the two-dimensional code is generated according to the offline code generation packet in the safe storage area. By storing the offline code generating packet in the security storage area of the user terminal, the operating system security mechanism ensures that the offline code generating packet stored in the security storage area cannot be read by cross-application, thereby avoiding the offline code generating packet from being intercepted and preventing the information leakage of the user.
In this embodiment, the security of the offline code outputting package is further ensured, the offline code outputting package is stored in the secure storage area after being encrypted, and the offline code outputting package includes code seed data and dynamic key data; the code seed data comprises essential elements of the code, including a platform certificate, a service private key, an offline packet validity interval, a service data domain, the total number of times of code release every day, a version number and a unique user identifier, and is encrypted by using a dynamic secret key. Each code seed data corresponds to a dynamic key. The platform certificate is a string of character strings, comprises a code sending mechanism, an expiration date, a certificate number and a signature, and is generated by signing through a rear-end encryption machine. The business data field is a business expansion field designed in the two-dimensional code and used for storing some business specific data, such as the balance of a current wallet of a user, a payment mode selected by the user and longitude and latitude information during code output in a public traffic scene, and machines and tools can identify the business information and judge whether the user takes a bus or analyze the time-space information of the code output of the user subsequently. In order to realize that the source can be traced when a problem occurs subsequently, the platform certificate of the code seed of the offline code generation packet contains user ID information, and when a problem occurs subsequently, a specific user can be traced.
Referring to the process of generating the offline two-dimensional code shown in fig. 2, the step "analyzing the offline code packet in the secure storage area to generate the two-dimensional code" specifically includes the following steps:
the user terminal decrypts the dynamic key data through the decryption key to obtain a dynamic key plaintext;
decrypting the code seed data through the dynamic secret key plaintext to obtain the code seed plaintext;
and generating the two-dimensional code according to the code seed plaintext.
When a two-dimensional code needs to be generated according to an offline code outlet packet, the dynamic key data is decrypted through a decryption key stored in the code outlet APP, a dynamic key plaintext is obtained after decryption, then the code seed data is decrypted through the dynamic key plaintext, a code seed plaintext used for generating the two-dimensional code is obtained, and then the corresponding two-dimensional code is generated according to the code seed plaintext. The code output APP program performs a layer of code confusion, and the safety of the code is enhanced; because the off-line generation of the two-dimensional code needs to apply a program package of an external third party, and the external program package also has a risk of disclosure, in order to avoid the risk of disclosure, the APP main process performs enterprise-level shell adding on the APP installation package to secondarily encrypt and hide dex and so files, the format of the external program package required by the off-line generation of the two-dimensional code is in a dex or so format, and by reinforcing and encrypting the dex and so files, source code protection is realized, and the problems of reverse static code analysis, secondary package of a smali injection tampering program and the like are prevented; meanwhile, after the APP main process is reinforced, a layer of developer signature is carried out, and signature verification protection is added; the APP main process can also increase detection interception of a dynamic injection framework, such as injection detection of Xpos, reverse injection similar to the Xpos framework, and prevent hook attack.
In this embodiment, during the process of generating the two-dimensional code by the offline code generation packet, the current limit control is required to be included, where the current limit control includes an upper limit of the total code output amount per day and a code output rate. The step of analyzing the offline code-out packet in the secure storage area to generate the two-dimensional code when the user terminal has no network further comprises the following steps:
after a user generates two-dimensional codes, recording the number of the two-dimensional codes generated according to the current offline code outlet packet, and judging whether the number of the two-dimensional codes generated by the current offline code outlet packet exceeds a preset number;
and if so, pausing the generation of the two-dimensional code by using the current offline code output packet.
In order to realize current limiting, the code outlet APP counts the number of two-dimensional codes generated by the current offline code outlet package in the offline two-dimensional code generation process, the counted number of the two-dimensional codes generated by the current offline code outlet package is stored in a safe storage area, when the number of the two-dimensional codes generated by the current offline code outlet package exceeds a preset number, the current offline code outlet package is limited to generate the two-dimensional codes, and the two-dimensional codes are regenerated after the offline code outlet package is updated or the time is limited to be updated.
In this embodiment, the method further includes the following steps:
the user terminal records the use time period of the current offline code packet;
judging whether the use time period of the current offline code packet reaches a preset time period or not;
and if the preset time period is reached, a new code packet output request instruction is sent to the server again to request a new offline code packet output.
For current-limiting control, recording the use time period of a current offline code output packet by the code output APP in the process of generating the two-dimensional code offline, storing the recorded information in a safe storage area, judging whether the current use time is short or not and exceeds a preset time period, deleting the current offline code output packet if the current use time is short, and requesting a new offline code output packet from a server again when the network is normal.
In this embodiment, the method further includes the following steps:
when using the off-line code packet, asynchronously and regularly detecting the network condition of the current user terminal;
when the network of the current user terminal is detected to be recovered to be normal, whether the current user terminal meets code output information is detected;
and if not, deleting the offline code packet.
When a user terminal generates a two-dimensional code by using an offline code output packet, the network condition of the current user terminal is asynchronously detected, if the network of the user terminal is recovered to be normal, whether the user terminal meets code output information currently is immediately detected, and when the user terminal does not meet the code output information, the offline code output packet is deleted, and meanwhile, the user is guided to carry out other operations such as payment, wherein the unsatisfied code output information comprises the problems of a payment order, an offline code output packet blacklist user, an account abnormity and the like.
In this embodiment, in order to implement the usage behavior analysis on the offline code packet, the method further includes the following steps:
when the user terminal recovers the network normal, the log of using the offline code generation packet is sent to the server;
the server side analyzes the use behavior of an offline code packet of the user terminal according to the received use log;
and when the server side analyzes that the user terminal uses the offline code-out packet abnormally, adding the user terminal and the user ID thereof into a blacklist.
When the network of the user terminal is recovered to be normal, the use log of the offline code generation packet is sent to the server side, the server side analyzes the use behavior of the offline code generation packet, and for the user with abnormal use, a blacklist mode is adopted, and the offline code generation permission of the user terminal and the user ID is closed.
Referring to fig. 3, the two-dimensional code offline generation method in this embodiment may be applied to bus payment, when a network condition of a user terminal is good, an APP platform on the user terminal first obtains an authorization code from an APP rear end, where the APP rear end is a service end, when the APP platform on the user terminal obtains the authorization code, the APP front end is called from the APP front end according to the authorization code and a login user ID of a current APP platform, the APP front end is an outgoing code APP, the APP front end generates an online outgoing code, and meanwhile detects validity of an offline raw code packet in the APP platform, and if the offline raw code packet fails, an offline raw code packet obtaining application is sent to the APP rear end, the APP rear end responds to the application, and sends the offline raw code packet to the APP front end, and the APP front end stores the offline raw code packet in the APP platform; when the network is abnormal, the APP platform of the user terminal acquires the ID of the current login user, the APP front end is called, after the APP front end is called, the APP front end checks the effectiveness of an offline code generation packet, when the offline code generation packet is effective, an offline through code is generated, namely an offline two-dimensional code is generated, and if the offline code generation packet is ineffective, the user is prompted that the code cannot be generated due to network problems; and after the two-dimension code is formed, scanning the two-dimension code by using a code machine to finish the business process.
Referring to fig. 4, in another embodiment, a storage medium 410, where the storage medium 410 stores a computer program, and the computer program is executed by a processor to perform the steps of the two-dimensional code offline generation method according to the above embodiment.
Specifically, the computer program executes the following steps when being executed by the processor:
when the user terminal has a network, receiving an offline code output packet pushed by a server; when the user terminal network is normal, then receive the off-line of server side propelling movement and go out the sign indicating number package, wherein, can be the server side initiative to user terminal propelling movement off-line and go out the sign indicating number package, also can be the sign indicating number APP that goes out in the user terminal requests off-line to the server side when the network is normal to go out the sign indicating number package, after the request of user terminal was received to the server side, to user terminal propelling movement off-line go out the sign indicating number package, wherein, in order to guarantee user terminal's security, user terminal's off-line goes out the sign indicating number package and specifically includes following:
when the user terminal has a network, sending a code packet output request instruction to the server, wherein the code packet output request instruction comprises a user ID and a wind control factor, and the wind control factor comprises an external network IP, an equipment ID, GPS information, an SIM card ID, an equipment model and/or operating system information.
After receiving a code packet output request instruction sent by a user terminal, a server judges whether the user terminal is safe or not according to the code packet output request instruction;
if the user terminal is safe, generating an offline code output packet, and pushing the offline code output packet to the user terminal;
if not, the off-line code-out packet is not generated.
When the network of the user terminal is normal, the user terminal sends a code packet sending request instruction to the server, wherein, when the network of the user terminal is normal, whether the off-line code packet stored by the user terminal is valid or not is checked, and when the off-line code packet stored by the user terminal is detected to be invalid or not is detected, the user terminal sends the code packet sending request instruction to the server; after receiving a code packet output request instruction sent by the user terminal, the server judges whether the user terminal is safe according to the received code packet output request instruction, and the method specifically comprises the following steps: judging whether the user ID is in a blacklist or not according to the user ID, and if the user ID is in the blacklist, judging that the user terminal is unsafe; judging whether the user terminal has the problems of embezzlement, embezzlement and the like according to the wind control factor, if the problems occur, judging that the user terminal is unsafe, wherein the wind control factor is identification information of the user terminal, if the user terminal is replaced by the user, the identification information changes, judging that the current user ID replaces the user terminal through the wind control factor, the current user ID needs to provide the stolen risk level of the user ID, and the user needs to perform dynamic authentication, such as short message authentication or face brushing authentication, to prove that the user himself replaces the user terminal, if the authentication passes, judging that the user terminal is safe, if the authentication does not pass, indicating that the user terminal is unsafe, and if the identification information frequently changes, judging that the user terminal is unsafe. When the user terminal is judged to be unsafe, an offline code output packet is not generated, and when the user terminal is judged to be unsafe according to the wind control factor, the user ID of the user terminal is added into a blacklist and the evidence is raised when the problem of embezzlement occurs; and when the safety of the user terminal is detected, the server generates an offline code output packet and sends the offline code output packet to the user terminal.
The user terminal also checks the self environment to see whether the environment of the user terminal is a debugging tool environment such as a network agent, an Xpos and the like, if so, the relevant risk point is shown to appear, and the user terminal does not obtain the offline code output packet.
The user terminal stores the received offline code-out packet in a safe storage area; the offline code output package is not stored in a memory card in a file form, but stored in a secure storage area of the user terminal, such as an SQLITE database in an android system or a Keychain database in an IOS system. The operating system may ensure that data in the secure storage area cannot be read across applications.
And when the user terminal does not have a network, analyzing the offline code-out packet in the safe storage area to generate the two-dimensional code.
When the network of the user terminal is normal, the user terminal receives the offline code generation packet pushed by the server, then the user terminal stores the received offline code generation packet into the safe storage area, and when the network of the user terminal is abnormal, the two-dimensional code is generated according to the offline code generation packet in the safe storage area. By storing the offline code generating packet in the security storage area of the user terminal, the operating system security mechanism ensures that the offline code generating packet stored in the security storage area cannot be read by cross-application, thereby avoiding the offline code generating packet from being intercepted and preventing the information leakage of the user.
In this embodiment, the security of the offline code outputting package is further ensured, the offline code outputting package is stored in the secure storage area after being encrypted, and the offline code outputting package includes code seed data and dynamic key data; the code seed data comprises essential elements of the code, including a platform certificate, a service private key, an offline packet validity interval, a service data domain, the total number of times of code release every day, a version number and a unique user identifier, and is encrypted by using a dynamic secret key. Each code seed data corresponds to a dynamic key. The platform certificate is a string of character strings, comprises a code sending mechanism, an expiration date, a certificate number and a signature, and is generated by signing through a rear-end encryption machine. The business data field is a business expansion field designed in the two-dimensional code and used for storing some business specific data, such as the balance of a current wallet of a user, a payment mode selected by the user and longitude and latitude information during code output in a public traffic scene, and machines and tools can identify the business information and judge whether the user takes a bus or analyze the time-space information of the code output of the user subsequently. In order to realize that the source can be traced when a problem occurs subsequently, the platform certificate of the code seed of the offline code generation packet contains user ID information, and when a problem occurs subsequently, a specific user can be traced.
The step of analyzing the offline code-out package in the secure storage area to generate the two-dimensional code specifically comprises the following steps of:
the user terminal decrypts the dynamic key data through the decryption key to obtain a dynamic key plaintext;
decrypting the code seed data through the dynamic secret key plaintext to obtain the code seed plaintext;
and generating the two-dimensional code according to the code seed plaintext.
When a two-dimensional code needs to be generated according to an offline code outlet packet, the dynamic key data is decrypted through a decryption key stored in the code outlet APP, a dynamic key plaintext is obtained after decryption, then the code seed data is decrypted through the dynamic key plaintext, a code seed plaintext used for generating the two-dimensional code is obtained, and then the corresponding two-dimensional code is generated according to the code seed plaintext. The APP program performs a layer of code obfuscation to enhance the security of the code; because the off-line generation of the two-dimensional code needs to apply a program package of an external third party, and the external program package also has a risk of disclosure, in order to avoid the risk of disclosure, the APP main process performs enterprise-level shell adding on the APP installation package to secondarily encrypt and hide dex and so files, the format of the external program package required by the off-line generation of the two-dimensional code is in a dex or so format, and by reinforcing and encrypting the dex and so files, source code protection is realized, and the problems of reverse static code analysis, secondary package of a smali injection tampering program and the like are prevented; meanwhile, after the APP main process is reinforced, a layer of developer signature is carried out, and signature verification protection is added; the APP main process can also increase detection interception of a dynamic injection framework, such as injection detection of Xpos, reverse injection similar to the Xpos framework, and prevent hook attack.
In this embodiment, during the process of generating the two-dimensional code by the offline code generation packet, the current limit control is required to be included, where the current limit control includes an upper limit of the total code output amount per day and a code output rate. The step of analyzing the offline code-out packet in the secure storage area to generate the two-dimensional code when the user terminal has no network further comprises the following steps:
after a user generates two-dimensional codes, recording the number of the two-dimensional codes generated according to the current offline code outlet packet, and judging whether the number of the two-dimensional codes generated by the current offline code outlet packet exceeds a preset number;
and if so, pausing the generation of the two-dimensional code by using the current offline code output packet.
In order to realize current limiting, the code outlet APP counts the number of two-dimensional codes generated by the current offline code outlet package in the offline two-dimensional code generation process, the counted number of the two-dimensional codes generated by the current offline code outlet package is stored in a safe storage area, when the number of the two-dimensional codes generated by the current offline code outlet package exceeds a preset number, the current offline code outlet package is limited to generate the two-dimensional codes, and the two-dimensional codes are regenerated after the offline code outlet package is updated or the time is limited to be updated.
In this embodiment, the method further includes the following steps:
the user terminal records the use time period of the current offline code packet;
judging whether the use time period of the current offline code packet reaches a preset time period or not;
and if the preset time period is reached, a new code packet output request instruction is sent to the server again to request a new offline code packet output.
For current-limiting control, recording the use time period of a current offline code output packet by the code output APP in the process of generating the two-dimensional code offline, storing the recorded information in a safe storage area, judging whether the current use time is short or not and exceeds a preset time period, deleting the current offline code output packet if the current use time is short, and requesting a new offline code output packet from a server again when the network is normal.
In this embodiment, the method further includes the following steps:
when using the off-line code packet, asynchronously and regularly detecting the network condition of the current user terminal;
when the network of the current user terminal is detected to be recovered to be normal, whether the current user terminal meets code output information is detected;
and if not, deleting the offline code packet.
When a user terminal generates a two-dimensional code by using an offline code output packet, the network condition of the current user terminal is asynchronously detected, if the network of the user terminal is recovered to be normal, whether the user terminal meets code output information currently is immediately detected, and when the user terminal does not meet the code output information, the offline code output packet is deleted, and meanwhile, the user is guided to carry out other operations such as payment, wherein the unsatisfied code output information comprises the problems of a payment order, an offline code output packet blacklist user, an account abnormity and the like.
In this embodiment, in order to implement the usage behavior analysis on the offline code packet, the method further includes the following steps:
when the user terminal recovers the network normal, the log of using the offline code generation packet is sent to the server;
the server side analyzes the use behavior of an offline code packet of the user terminal according to the received use log;
and when the server side analyzes that the user terminal uses the offline code-out packet abnormally, adding the user terminal and the user ID thereof into a blacklist.
When the network of the user terminal is recovered to be normal, the use log of the offline code generation packet is sent to the server side, the server side analyzes the use behavior of the offline code generation packet, and for the user with abnormal use, a blacklist mode is adopted, and the user terminal and the offline code generation permission of the user ID are closed.
It should be noted that, although the above embodiments have been described herein, the invention is not limited thereto. Therefore, based on the innovative concepts of the present invention, the technical solutions of the present invention can be directly or indirectly applied to other related technical fields by making changes and modifications to the embodiments described herein, or by using equivalent structures or equivalent processes performed in the content of the present specification and the attached drawings, which are included in the scope of the present invention.

Claims (9)

1. A two-dimension code off-line generation method is characterized by comprising the following steps:
when the user terminal has a network, receiving an offline code output packet pushed by a server;
the user terminal stores the received offline code-out packet in a safe storage area;
and when the user terminal does not have a network, analyzing the offline code-out packet in the safe storage area to generate the two-dimensional code.
2. The two-dimension code offline generation method according to claim 1, wherein the step of "receiving the offline code-out packet sent by the server when the user terminal has a network" further comprises the following steps:
when a user terminal has a network, sending a code packet output request instruction to a server side, wherein the code packet output request instruction comprises a user ID and a wind control factor, and the wind control factor comprises an external network IP, an equipment ID, GPS information, an SIM card ID, an equipment model and/or operating system information;
after receiving a code packet output request instruction sent by a user terminal, a server judges whether the user terminal is safe or not according to the code packet output request instruction;
if the user terminal is safe, generating an offline code output packet, and pushing the offline code output packet to the user terminal;
if not, the off-line code-out packet is not generated.
3. The off-line generation method of the two-dimensional code according to claim 1, wherein the secure storage area comprises a SQLITE database or a Keychain database.
4. The off-line generation method of the two-dimension code according to claim 1, wherein the off-line code output package comprises code seed data and dynamic key data;
the step of analyzing the offline code-out package in the secure storage area to generate the two-dimensional code specifically comprises the following steps of:
the user terminal decrypts the dynamic key data through the decryption key to obtain a dynamic key plaintext;
decrypting the code seed data through the dynamic secret key plaintext to obtain the code seed plaintext;
and generating the two-dimensional code according to the code seed plaintext.
5. The off-line generation method of the two-dimension code according to claim 1, wherein the step of "when the user terminal has no network, analyzing the off-line code-out packet in the secure storage area, and generating the two-dimension code" further comprises the following steps:
after a user generates two-dimensional codes, recording the number of the two-dimensional codes generated according to the current offline code outlet packet, and judging whether the number of the two-dimensional codes generated by the current offline code outlet packet exceeds a preset number;
and if so, pausing the generation of the two-dimensional code by using the current offline code output packet.
6. The two-dimensional code offline generation method according to claim 1, further comprising the steps of:
the user terminal records the use time period of the current offline code packet;
judging whether the use time period of the current offline code packet reaches a preset time period or not;
and if the preset time period is reached, a new code packet output request instruction is sent to the server again to request a new offline code packet output.
7. The two-dimensional code offline generation method according to claim 1, further comprising the steps of:
when using the off-line code packet, asynchronously and regularly detecting the network condition of the current user terminal;
when the network of the current user terminal is detected to be recovered to be normal, whether the current user terminal meets code output information is detected;
and if not, deleting the offline code packet.
8. The two-dimensional code offline generation method according to claim 1, further comprising the steps of:
when the user terminal recovers the network normal, the log of using the offline code generation packet is sent to the server;
the server side analyzes the use behavior of an offline code packet of the user terminal according to the received use log;
and when the server side analyzes that the user terminal uses the offline code-out packet abnormally, adding the user terminal and the user ID thereof into a blacklist.
9. A storage medium storing a computer program, wherein the computer program is executed by a processor to perform the steps of the two-dimensional code offline generation method according to any one of claims 1 to 8.
CN202010800348.4A 2020-08-11 2020-08-11 Two-dimensional code offline generation method and storage medium Active CN111967556B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010800348.4A CN111967556B (en) 2020-08-11 2020-08-11 Two-dimensional code offline generation method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010800348.4A CN111967556B (en) 2020-08-11 2020-08-11 Two-dimensional code offline generation method and storage medium

Publications (2)

Publication Number Publication Date
CN111967556A true CN111967556A (en) 2020-11-20
CN111967556B CN111967556B (en) 2022-09-16

Family

ID=73365551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010800348.4A Active CN111967556B (en) 2020-08-11 2020-08-11 Two-dimensional code offline generation method and storage medium

Country Status (1)

Country Link
CN (1) CN111967556B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194688A (en) * 2017-05-16 2017-09-22 冯汉江 In payment system and its method of the offline scenario based on Quick Response Code
CN108234517A (en) * 2018-01-29 2018-06-29 成都智元汇信息技术股份有限公司 A kind of subway based on offline Quick Response Code ticket card is ridden off-line processing system and method
CN108712383A (en) * 2018-04-17 2018-10-26 新大陆(福建)公共服务有限公司 A kind of generation method and computer readable storage medium of offline secure Quick Response Code
CN109146470A (en) * 2018-08-24 2019-01-04 北京小米移动软件有限公司 Generate the method and device of payment code
KR20190015454A (en) * 2019-02-01 2019-02-13 김재형 Method for Providing Payment by using Token Code
CN109523254A (en) * 2018-11-29 2019-03-26 湖北云雷文化传播有限公司 It is a kind of that a variety of methods of payment of double offline barcode scannings are passed through based on cell phone application
CN110012048A (en) * 2018-11-22 2019-07-12 阿里巴巴集团控股有限公司 Message identification code generation method, device, electronic equipment and computer storage medium
CN110298421A (en) * 2019-06-26 2019-10-01 云宝宝大数据产业发展有限责任公司 A kind of online generation, offline generation and the verification method and device of two dimensional code
CN110516776A (en) * 2019-07-12 2019-11-29 北京如易行科技有限公司 Offline two dimensional code is ridden method and apparatus
CN110648147A (en) * 2019-09-11 2020-01-03 郑州地铁集团有限公司 Information interaction method and storage medium for two-dimensional code transaction of rail transit gate

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107194688A (en) * 2017-05-16 2017-09-22 冯汉江 In payment system and its method of the offline scenario based on Quick Response Code
CN108234517A (en) * 2018-01-29 2018-06-29 成都智元汇信息技术股份有限公司 A kind of subway based on offline Quick Response Code ticket card is ridden off-line processing system and method
CN108712383A (en) * 2018-04-17 2018-10-26 新大陆(福建)公共服务有限公司 A kind of generation method and computer readable storage medium of offline secure Quick Response Code
CN109146470A (en) * 2018-08-24 2019-01-04 北京小米移动软件有限公司 Generate the method and device of payment code
CN110012048A (en) * 2018-11-22 2019-07-12 阿里巴巴集团控股有限公司 Message identification code generation method, device, electronic equipment and computer storage medium
CN109523254A (en) * 2018-11-29 2019-03-26 湖北云雷文化传播有限公司 It is a kind of that a variety of methods of payment of double offline barcode scannings are passed through based on cell phone application
KR20190015454A (en) * 2019-02-01 2019-02-13 김재형 Method for Providing Payment by using Token Code
CN110298421A (en) * 2019-06-26 2019-10-01 云宝宝大数据产业发展有限责任公司 A kind of online generation, offline generation and the verification method and device of two dimensional code
CN110516776A (en) * 2019-07-12 2019-11-29 北京如易行科技有限公司 Offline two dimensional code is ridden method and apparatus
CN110648147A (en) * 2019-09-11 2020-01-03 郑州地铁集团有限公司 Information interaction method and storage medium for two-dimensional code transaction of rail transit gate

Also Published As

Publication number Publication date
CN111967556B (en) 2022-09-16

Similar Documents

Publication Publication Date Title
CN112000975B (en) Key management system
CN102984115B (en) A kind of network security method and client-server
CN102946392A (en) URL (Uniform Resource Locator) data encrypted transmission method and system
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
US20180204004A1 (en) Authentication method and apparatus for reinforced software
CN109598104B (en) Software authorization protection system and method based on timestamp and secret authentication file
CN109684129B (en) Data backup recovery method, storage medium, encryption machine, client and server
CN112685786A (en) Financial data encryption and decryption method, system, equipment and storage medium
CN111583482A (en) Access control system based on two-dimensional code and control method thereof
CN101924734A (en) Identity authentication method and authentication device based on Web form
CN101815292A (en) Device and method for protecting data of mobile terminal
CN106656955A (en) Communication method and system and user terminal
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN112787996B (en) Password equipment management method and system
CN108234126B (en) System and method for remote account opening
CN112383577A (en) Authorization method, device, system, equipment and storage medium
CN100561913C (en) A kind of method of access code equipment
CN111967556B (en) Two-dimensional code offline generation method and storage medium
CN111417122A (en) Attack prevention method and device
CN104184580A (en) Network operating method and network operating system
CN108881106B (en) System and method for network electronic identity verification
CN111934862A (en) Server access method, device, readable medium and electronic equipment
CN113709513B (en) Equipment fingerprint processing method, user side, server, system and storage medium
CN114401117B (en) Block chain-based account login verification system
CN113792314A (en) Secure access method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant