CN112070490A - Off-line POS machine transaction method and system based on two-dimension code - Google Patents

Off-line POS machine transaction method and system based on two-dimension code Download PDF

Info

Publication number
CN112070490A
CN112070490A CN202010844446.8A CN202010844446A CN112070490A CN 112070490 A CN112070490 A CN 112070490A CN 202010844446 A CN202010844446 A CN 202010844446A CN 112070490 A CN112070490 A CN 112070490A
Authority
CN
China
Prior art keywords
public key
transaction
pca
management platform
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010844446.8A
Other languages
Chinese (zh)
Other versions
CN112070490B (en
Inventor
彭金辉
雷宗华
张磊
李鑫
李顶占
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202010844446.8A priority Critical patent/CN112070490B/en
Publication of CN112070490A publication Critical patent/CN112070490A/en
Application granted granted Critical
Publication of CN112070490B publication Critical patent/CN112070490B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/12Cash registers electronically operated

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an off-line POS machine transaction method based on two-dimension codes, which comprises the following steps: generating and communicating key information, transaction data and user information at each end, and performing hash calculation by the mobile terminal according to the user information U, the public key Pca and the public key factor Pu to generate a summary e ', and then calculating to generate a real private key du (r + e') k; the transaction process comprises the following steps: the mobile terminal signs the transaction data T through the real private key du to generate a signature value S, and then generates a transaction two-dimensional code; the POS machine scans the transaction two-dimensional code to obtain information, generates a digest value e ' according to user information U, a public key Pca and a public key factor Pu, and calculates and generates a real public key Qu ═ e ' ] Pu + [ e ' ] Pca; and the POS machine verifies the signature value S by using the real public key Qu and processes the transaction data T. The method reduces the information amount in the transaction process and can ensure the security of the transaction.

Description

Off-line POS machine transaction method and system based on two-dimension code
Technical Field
The invention relates to the technical field of two-dimension code transaction, in particular to an off-line POS machine transaction method based on a two-dimension code and an off-line POS machine transaction system based on the two-dimension code.
Background
The existing mobile payment mode mainly comprises two modes; online two-dimensional code consumption transaction and offline two-dimensional code consumption transaction.
At present, two-dimension code consumption transaction is mostly online transaction, namely, a user terminal and a POS machine need to be connected to a management platform in the transaction process, the transaction is completed after money deduction is completed, the transaction process is long, and the method is not suitable for rapid consumption scenes such as public transport and subway.
The off-line two-dimensional code consumption transaction refers to a two-dimensional code swiping transaction process after the user terminal generates the two-dimensional code, and the code swiping transaction can be completed without accessing the mobile phone and the POS machine to a management platform.
However, when the user terminal performs two-dimensional code transaction with the offline POS machine in an offline state, the two-dimensional code information generally needs to include four pieces of information, namely, a user public key, identity information, a management platform signature, and a user signature for transaction data, which results in a long total length of the two-dimensional code data, and for the POS machine with limited code scanning information, because the code scanning capability and the computing capability are limited, the POS machine does not support scanning and computing of the two-dimensional code with a large amount of information, which results in an offline transaction obstacle; in addition, certain potential safety hazards exist when the two-dimensional code is used for off-line transaction, so that the user information, transaction data and the like are easily stolen and tampered, and the problem that the user information, the transaction data and the like cannot be verified is caused.
Therefore, for the POS with limited code scanning information, how to reduce the amount of two-dimensional code information, reduce the amount of calculation of the POS, and ensure the security of transactions is a problem that needs to be solved urgently at present.
In order to solve the above problems, people are always seeking an ideal technical solution.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides an off-line POS machine transaction method based on a two-dimension code and an off-line POS machine transaction system based on the two-dimension code, which can reduce the information amount of the two-dimension code, reduce the calculated amount of a POS machine and ensure the safety of the transaction process.
In order to achieve the purpose, the invention adopts the technical scheme that: a two-dimension code-based off-line POS machine transaction method comprises an initialization process and a transaction process, and comprises the following steps:
an initialization process:
the mobile terminal generates a temporary private key k and user information U, and a temporary public key Ru is generated by calculation according to the temporary private key k;
the management platform generates a public key Pca, a private key Dca and transaction data T;
the POS machine obtains a public key Pca and transaction data T through the management platform;
the management platform obtains a temporary public key Ru and user information U through the mobile terminal;
the mobile terminal obtains a public key Pca, a public key factor Pu, a private key factor r and transaction data T through the management platform, wherein the public key factor Pu and the private key factor r are generated by the management platform in a calculation mode;
the mobile terminal performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a summary e ', and then calculates and generates a real private key du (r + e ') k according to the private key factor r, the summary value e ' and the temporary private key k;
the transaction process comprises the following steps:
the mobile terminal signs the transaction data T through the real private key du to generate a transaction signature value S, and then generates a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S for displaying to the POS machine;
the POS machine scans the transaction two-dimensional code to obtain a public key factor Pu, user information U and a transaction signature value S;
the POS machine generates a digest value e according to user information U, a public key Pca and a public key factor Pu, and calculates and generates a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the digest value e' and the public key Pca;
and the POS machine verifies the signature value S by using the real public key Qu and processes the transaction data T according to a verification result.
Basically, in the initialization process, the management platform generates a random number k1, and calculates and generates a public key factor Pu ═ k1] G + Ru according to the temporary public key Ru and the random number k 1;
the mobile terminal calculates and generates a temporary public key Ru ═ k ] G according to the temporary private key k;
g is an elliptic curve base point.
Based on the above, the step of generating, calculating and generating the digest value e by the management platform includes:
the management platform performs hash calculation on user information U, a public key Pca and elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), and a and b are parameters of the elliptic curve.
Basically, in the initialization process, the private key factor r is generated through the following steps:
the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and then calculates and generates a private key factor r (k1+ Dca) according to the digest value e, the random number k1 and the private key Dca.
Basically, the step of generating the digest value e' by the mobile terminal includes:
the mobile terminal performs hash calculation on user information U, the public key Pca and elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
Basically, the step of generating the digest value e "by the POS machine includes: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z' and the public key factor Pu to generate an abstract value e ═ H (Pu | | | z "), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
An off-line POS machine transaction system based on two-dimensional codes comprises a mobile terminal, a POS machine and a management platform;
in the initialization process:
the mobile terminal is used for generating a temporary private key k and user information U, and calculating and generating a temporary public key Ru according to the temporary private key k;
the management platform is used for generating a public key Pca, a private key Dca and transaction data T;
the POS machine is communicated with a management platform to obtain a public key Pca and transaction data T;
the management platform is communicated with the mobile terminal to obtain a temporary public key Ru and user information U;
the mobile terminal is communicated with a management platform to obtain a public key Pca, a public key factor Pu, a private key factor r and transaction data T, wherein the public key factor Pu and the private key factor r are generated by the management platform through calculation;
the mobile terminal is further used for carrying out hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e ', and calculating a private key du (r + e ') k according to the private key factor r, the digest value e ' and the temporary private key k;
in the transaction process:
the mobile terminal is used for signing the transaction data T through the real private key du to generate a transaction signature value S, generating a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S, and displaying the transaction two-dimensional code to the POS machine;
the POS machine is used for scanning a transaction two-dimensional code to obtain a public key factor Pu, user information U and a transaction signature value S, generating a summary value e according to the user information U, a public key Pca and the public key factor Pu, and then calculating and generating a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the summary value e' and the public key Pca; and finally, verifying the signature value S by using the true public key Qu, and processing the transaction data T according to a verification result.
Basically, in the initialization process, the management platform generates a random number k1, and calculates and generates a public key factor Pu ═ k1] G + Ru according to the temporary public key Ru and the random number k 1;
the mobile terminal calculates and generates a temporary public key Ru ═ k ] G according to the temporary private key k;
in the initialization process, the private key factor r is generated by the following steps:
the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and then calculates and generates a private key factor r (e) (k1+ Dca) according to the digest value e, the random number k1 and the private key Dca;
g is an elliptic curve base point.
Based on the above, the step of generating, calculating and generating the digest value e by the management platform includes:
the management platform performs hash calculation on user information U, a public key Pca and elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), and a and b are parameters of the elliptic curve.
Basically, the step of generating the digest value e' by the mobile terminal includes:
the mobile terminal performs hash calculation on user information U, the public key Pca and elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
Basically, the step of generating the digest value e "by the POS machine includes: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z' and the public key factor Pu to generate an abstract value e ═ H (Pu | | | z "), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
Compared with the prior art, the invention has outstanding substantive characteristics and remarkable progress, and particularly, in the transaction process, the mobile terminal and the POS machine do not need to obtain a digital certificate through a management platform for user verification, do not need to transmit signature information of the management platform, and do not need the management platform to participate in the transaction process, so that a certificate-free communication mechanism in an off-line state is realized, the information quantity of the two-dimensional code is effectively reduced, the POS machine with limited information can quickly and effectively scan the two-dimensional code and obtain related transaction information, and the requirement on the computing capacity of the POS machine is reduced.
Furthermore, through an initialization process, the mobile terminal obtains a real private key, then signs the transaction data through the real private key, the POS machine obtains a real public key through calculation, then verifies the signature information of the transaction data to indicate the correctness of the two-dimensional code information, and as the generation of the signature value S depends on the real private key du, and the generation of the real private key depends on the private key factor r and the digest values e ', r and e' which are random values, the signature information also changes randomly, which is equivalent to that the transmitted two-dimensional code information changes dynamically, so that the replay attack resistance can be prevented.
Furthermore, a certificate-free mechanism is adopted, the number of interaction times between the management platform and the management platform is reduced, the requirement that the management platform issues a certificate to carry out the verification process of the user certificate and the signature is avoided, the amount of information transmitted in the transaction process is reduced, and meanwhile, the legality of the user can be verified.
Drawings
Fig. 1 shows a flow chart of the off-line POS transaction method based on two-dimensional codes in the present invention.
Fig. 2 is a flow chart illustrating an embodiment of an initialization process in the two-dimension code-based offline POS transaction method according to the present invention.
Fig. 3 is a flow chart showing an embodiment of a transaction process in the two-dimension code-based offline POS transaction method according to the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the following embodiments.
As shown in fig. 1, a first aspect of the present invention provides an offline POS transaction method based on two-dimensional codes, where the transaction method is applied to a mobile terminal, a POS, and a management platform; the card swiping method specifically comprises the following steps: an initialization process and a transaction process.
The initialization process comprises the following steps:
the mobile terminal generates a temporary private key k and user information U, and calculates and generates a temporary public key Ru according to the temporary private key k; the management platform generates its public key Pca, private key Dca and transaction data T, random number k 1.
The POS machine obtains the public key Pca and the transaction data T through the management platform; the management platform obtains the temporary public key Ru and the user information U through the mobile terminal; the mobile terminal obtains the public key Pca, the public key factor Pu, the private key factor r and the transaction data T through the management platform; and the public key factor Pu and the private key factor r are generated by the management platform in a calculation way.
And the mobile terminal performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e ', and calculates and generates a real private key du (r + e ') k according to the private key factor r, the digest value e ' and a temporary private key k.
The transaction process comprises the following steps:
and after the mobile terminal signs the transaction data T through the real private key du to generate a transaction signature value S, generating a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S, and displaying the transaction two-dimensional code to the POS machine.
The POS machine scans the transaction two-dimensional code to obtain the public key factor Pu, the user information U and the transaction signature value S; the POS machine generates a digest value e 'according to the user information U, the public key Pca and the public key factor Pu, and calculates and generates a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the digest value e' and the public key Pca; and the POS machine verifies the transaction value S by using the real public key Qu and processes the transaction data T according to a verification result.
Specifically, in the initialization process, the public key factor Pu and the private key factor r are generated by the management platform through calculation, which specifically includes:
and the management platform calculates and generates a public key factor Pu according to the temporary public key Ru and the random number k 1.
And the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and calculates and generates a private key factor r ═ e (k1+ Dca) according to the digest value e, a random number k1 and a private key Dca.
Specifically, the calculation and generation of the public key factor Pu by the management platform according to the temporary public key Ru and the random number k1 specifically includes: pu ═ k1] G + Ru, G being the base point of the elliptic curve.
The step of performing hash calculation by the management platform according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e specifically includes: the management platform performs hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z-H (U | | a | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), wherein a and b are parameters of an elliptic curve.
Specifically, in the initialization process, the calculation and generation of the temporary public key Ru by the mobile terminal according to the temporary private key k specifically includes: ru ═ k ] G, G being the base point of the elliptic curve.
The mobile terminal performing hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e' specifically includes: the mobile terminal performs hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), where a and b are parameters of an elliptic curve.
Specifically, in the transaction process, the generating, by the POS machine, the digest value e ″ according to the user information U, the public key Pca, and the public key factor Pu specifically includes: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z 'and the public key factor Pu to generate an abstract value e ═ H (Pu | | z'), and a and b are parameters of an elliptic curve.
As shown in fig. 2, in a specific embodiment, the initialization process specifically includes:
1) the mobile terminal generates a random number k as a temporary private key, calculates a temporary public key Ru (k) G, and sends the temporary public key Ru and user information U to a management platform, wherein G is an elliptic curve base point; the management platform generates a public key Pca, a private key Dca and transaction data T and sends the public key Pca and the transaction data T to the POS machine.
2) The management platform generates a random number k1 and calculates a public key factor Pu ═ k1] G + Ru.
3) The management platform calculates the digest value z ═ H (U | | a | | b | | G | | | Pca), then calculates the digest value e ═ H (Pu | | z), finally calculates the private key factor r ═ e · (k1+ Dca), and returns the private key factor r, the public key factor Pu, the transaction data T, and the public key Pca to the mobile terminal.
4) After the mobile terminal calculates the digest value z '═ H (U | | a | | b | | G | | | Pca), the mobile terminal calculates the digest value e' ═ H (Pu | | z '), and finally calculates the true private key du ═ r + e' × k.
As shown in fig. 3, in a specific embodiment, the transaction process is specifically:
1) the mobile terminal signs the transaction data T by using the real private key du to obtain transaction signature information S, generates a two-dimensional code comprising a public key factor Pu, user information U and the transaction signature information S, and then displays the two-dimensional code to the POS machine.
2) The POS machine scans codes to obtain a public key factor Pu, user information U and transaction signature information S, calculates an abstract value z ═ H (U | | a | | b | | G | | | Pca), then calculates an abstract value e ═ H (Pu | | | z), and finally calculates a real public key Qu [ e "] Pu + [ e" ] Pca.
3) And the POS uses the true public key Qu to decrypt and verify the transaction signature information S, and processes the transaction information according to a verification result.
Example 2
The second aspect of the present invention further provides an offline POS transaction system based on two-dimensional codes, where the transaction system includes: mobile terminal, POS machine and management platform.
In the initialization process:
the mobile terminal is used for generating a temporary private key k and user information U and calculating and generating a temporary public key Ru according to the temporary private key k; the management platform is used for generating a public key Pca, a private key Dca, transaction data T and a random number k 1.
The POS machine is used for obtaining the public key Pca and the transaction data T through the management platform; the management platform is further configured to obtain the temporary public key Ru and the user information U through the mobile terminal; the mobile terminal is further configured to obtain the public key Pca, a public key factor Pu, a private key factor r and the transaction data T through the management platform; the public key factor Pu and the private key factor r are generated by the management platform in a calculation way; and the mobile terminal is further configured to perform hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e ', and calculate and generate a real private key du ═ r + e ' × k according to the private key factor r, the digest value e ' and the temporary private key k.
During the transaction:
and the mobile terminal is used for generating a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S after the transaction data T is signed by the real private key du to generate the transaction signature value S, and displaying the transaction two-dimensional code to the POS machine.
The POS machine is used for scanning the transaction two-dimensional code to obtain the public key factor Pu, the user information U and the transaction signature value S; the public key management system is also used for generating a digest value e 'according to the user information U, the public key Pca and the public key factor Pu, and calculating and generating a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the digest value e' and the public key Pca; and the system is used for verifying the transaction value S by using the real public key Qu and processing the transaction data T according to a verification result.
Specifically, the public key factor Pu and the private key factor r are generated by the management platform through calculation, and specifically include:
and the management platform calculates and generates a public key factor Pu according to the temporary public key Ru and the random number k 1.
And the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and calculates and generates a private key factor r ═ e (k1+ Dca) according to the digest value e, a random number k1 and a private key Dca.
Specifically, the calculation and generation of the public key factor Pu by the management platform according to the temporary public key Ru and the random number k1 specifically includes: pu ═ k1] G + Ru, G being the base point of the elliptic curve.
The step of performing hash calculation by the management platform according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e specifically includes: the management platform performs hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z-H (U | | a | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), wherein a and b are parameters of an elliptic curve.
Specifically, the calculation and generation of the temporary public key Ru by the mobile terminal according to the temporary private key k specifically includes: ru ═ k ] G, G being the base point of the elliptic curve.
The mobile terminal performing hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e' specifically includes: the mobile terminal performs hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), where a and b are parameters of an elliptic curve.
Specifically, the generating, by the POS, the digest value e ″ according to the user information U, the public key Pca, and the public key factor Pu specifically includes: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z 'and the public key factor Pu to generate an abstract value e ═ H (Pu | | z'), and a and b are parameters of an elliptic curve.
The invention does not need to transmit the signature information of the management platform in the transaction process, the mobile terminal and the POS machine do not need to obtain the digital certificate through the management platform for user verification, and the management platform does not need to participate in the transaction process, thereby realizing a communication mechanism in an off-line state without the certificate; therefore, the invention can effectively reduce the information quantity of the two-dimensional code, so that the POS machine with limited code scanning information can effectively and quickly scan the two-dimensional code to obtain the related transaction information, and the computing capacity of the POS machine is correspondingly reduced.
Through an initialization process, the mobile terminal officer obtains a real private key, signs the transaction data through the real private key, and the POS machine calculates the real public key and verifies the signature of the signature information of the transaction data, if the signature can be decrypted and verified successfully, the correctness of the two-dimensional code information is indicated; in addition, the transaction signature information is randomly changed, which is equivalent to that the transmitted two-dimensional code information is dynamically changed, so that the replay attack resistance can be prevented.
By adopting a certificate-free mechanism, the interaction times are reduced, the need of issuing a certificate through a management platform to verify the user certificate and the user signature is avoided, the transmitted information in the transaction process is less, and the legality of the user can be verified.
Finally, it should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit the same; although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art will understand that: modifications to the specific embodiments of the invention or equivalent substitutions for parts of the technical features may be made; without departing from the spirit of the present invention, it is intended to cover all aspects of the invention as defined by the appended claims.

Claims (10)

1. An off-line POS machine transaction method based on two-dimensional codes is characterized in that: the method comprises an initialization process and a transaction process, and comprises the following steps:
an initialization process:
the mobile terminal generates a temporary private key k and user information U, and a temporary public key Ru is generated by calculation according to the temporary private key k;
the management platform generates a public key Pca, a private key Dca and transaction data T;
the POS machine obtains a public key Pca and transaction data T through the management platform;
the management platform obtains a temporary public key Ru and user information U through the mobile terminal;
the mobile terminal obtains a public key Pca, a public key factor Pu, a private key factor r and transaction data T through the management platform, wherein the public key factor Pu and the private key factor r are generated by the management platform in a calculation mode;
the mobile terminal performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a summary e ', and then calculates and generates a real private key du (r + e ') k according to the private key factor r, the summary value e ' and the temporary private key k;
the transaction process comprises the following steps:
the mobile terminal signs the transaction data T through the real private key du to generate a transaction signature value S, and then generates a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S for displaying to the POS machine;
the POS machine scans the transaction two-dimensional code to obtain a public key factor Pu, user information U and a transaction signature value S;
the POS machine generates a digest value e according to user information U, a public key Pca and a public key factor Pu, and calculates and generates a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the digest value e' and the public key Pca;
and the POS machine verifies the signature value S by using the real public key Qu and processes the transaction data T according to a verification result.
2. The two-dimensional code based off-line POS machine transaction method according to claim 1, characterized in that: in the initialization process, the management platform generates a random number k1, and calculates and generates a public key factor Pu ═ k 1G + Ru according to the temporary public key Ru and the random number k 1;
the mobile terminal calculates and generates a temporary public key Ru ═ k ] G according to the temporary private key k;
g is an elliptic curve base point.
3. The two-dimensional code based off-line POS machine transaction method according to claim 2, wherein: in the initialization process, the private key factor r is generated by the following steps:
the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and then calculates and generates a private key factor r (e) (k1+ Dca) according to the digest value e, the random number k1 and the private key Dca;
the step of generating the calculation generation abstract value e by the management platform comprises the following steps:
the management platform performs hash calculation on user information U, a public key Pca and elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), and a and b are parameters of the elliptic curve.
4. The two-dimensional code based offline POS machine transaction method according to any one of claims 1 to 3, wherein: the step of generating the abstract value e' by the mobile terminal comprises the following steps:
the mobile terminal performs hash calculation on user information U, the public key Pca and elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
5. The two-dimensional code based offline POS machine transaction method according to any one of claims 1 to 3, wherein: the POS machine generates the abstract value e', and the method comprises the following steps: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z' and the public key factor Pu to generate an abstract value e ═ H (Pu | | | z "), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
6. The utility model provides an off-line POS machine transaction system based on two-dimensional code which characterized in that: the system comprises a mobile terminal, a POS machine and a management platform;
in the initialization process:
the mobile terminal is used for generating a temporary private key k and user information U, and calculating and generating a temporary public key Ru according to the temporary private key k;
the management platform is used for generating a public key Pca, a private key Dca and transaction data T;
the POS machine is communicated with a management platform to obtain a public key Pca and transaction data T;
the management platform is communicated with the mobile terminal to obtain a temporary public key Ru and user information U;
the mobile terminal is communicated with a management platform to obtain a public key Pca, a public key factor Pu, a private key factor r and transaction data T, wherein the public key factor Pu and the private key factor r are generated by the management platform through calculation;
the mobile terminal is further used for carrying out hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e ', and calculating a private key du (r + e ') k according to the private key factor r, the digest value e ' and the temporary private key k; (ii) a
In the transaction process:
the mobile terminal is used for signing the transaction data T through the real private key du to generate a transaction signature value S, generating a transaction two-dimensional code according to the public key factor Pu, the user information U and the transaction signature value S, and displaying the transaction two-dimensional code to the POS machine;
the POS machine is used for scanning a transaction two-dimensional code to obtain a public key factor Pu, user information U and a transaction signature value S, generating a summary value e according to the user information U, a public key Pca and the public key factor Pu, and then calculating and generating a real public key Qu ═ e "] Pu + [ e" ] Pca according to the public key factor Pu, the summary value e' and the public key Pca; and finally, verifying the signature value S by using the true public key Qu, and processing the transaction data T according to a verification result.
7. The two-dimensional code based offline POS machine transaction system according to claim 6, wherein: in the initialization process, the management platform generates a random number k1, and calculates and generates a public key factor Pu ═ k 1G + Ru according to the temporary public key Ru and the random number k 1;
the mobile terminal calculates and generates a temporary public key Ru ═ k ] G according to the temporary private key k;
in the initialization process, the private key factor r is generated by the following steps:
the management platform performs hash calculation according to the user information U, the public key Pca and the public key factor Pu to generate a digest value e, and then calculates and generates a private key factor r (e) (k1+ Dca) according to the digest value e, the random number k1 and the private key Dca;
g is an elliptic curve base point.
8. The two-dimensional code based offline POS machine transaction system according to claim 6, wherein: the step of generating the calculation generation abstract value e by the management platform comprises the following steps:
the management platform performs hash calculation on user information U, a public key Pca and elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z and the public key factor Pu to generate an abstract value e-H (Pu | | z), and a and b are parameters of the elliptic curve.
9. The two-dimensional code based offline POS machine transaction system according to any one of claims 6 to 8, wherein: the step of generating the abstract value e' by the mobile terminal comprises the following steps:
the mobile terminal performs hash calculation on user information U, the public key Pca and elliptic curve parameters a, b and G to generate a digest value z' ═ H (U | | a | | b | | | G | | | Pca); and the management platform performs hash calculation on the digest value z 'and the public key factor Pu to generate a digest value e ═ H (Pu | | | z'), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
10. The two-dimensional code based offline POS machine transaction system according to any one of claims 6 to 8, wherein: the POS machine generates the abstract value e', and the method comprises the following steps: the POS machine carries out hash calculation on the user information U, the public key Pca and the elliptic curve parameters a, b and G to generate a digest value z ═ H (U | | a | | b | | G | | | Pca); and the management platform performs hash calculation on the abstract value z' and the public key factor Pu to generate an abstract value e ═ H (Pu | | | z "), a and b are parameters of the elliptic curve, and G is an elliptic curve base point.
CN202010844446.8A 2020-08-20 2020-08-20 Off-line POS machine transaction method and system based on two-dimension code Active CN112070490B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010844446.8A CN112070490B (en) 2020-08-20 2020-08-20 Off-line POS machine transaction method and system based on two-dimension code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010844446.8A CN112070490B (en) 2020-08-20 2020-08-20 Off-line POS machine transaction method and system based on two-dimension code

Publications (2)

Publication Number Publication Date
CN112070490A true CN112070490A (en) 2020-12-11
CN112070490B CN112070490B (en) 2022-03-25

Family

ID=73660756

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010844446.8A Active CN112070490B (en) 2020-08-20 2020-08-20 Off-line POS machine transaction method and system based on two-dimension code

Country Status (1)

Country Link
CN (1) CN112070490B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205664A (en) * 2015-09-25 2015-12-30 中城智慧科技有限公司 Novel offline payment method
CN106789019A (en) * 2016-12-27 2017-05-31 深圳大学 A kind of Certificateless partially blind signature method and device
CN108830587A (en) * 2018-04-28 2018-11-16 广东工业大学 A kind of NFC method of mobile payment based on no certificate signature
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment
WO2020115265A1 (en) * 2018-12-06 2020-06-11 Secure-Ic Sas Certificateless public key encryption using pairings

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105205664A (en) * 2015-09-25 2015-12-30 中城智慧科技有限公司 Novel offline payment method
CN106789019A (en) * 2016-12-27 2017-05-31 深圳大学 A kind of Certificateless partially blind signature method and device
CN108830587A (en) * 2018-04-28 2018-11-16 广东工业大学 A kind of NFC method of mobile payment based on no certificate signature
CN109379181A (en) * 2018-08-10 2019-02-22 航天信息股份有限公司 It generates, the method and apparatus of verifying two dimensional code, storage medium and electronic equipment
WO2020115265A1 (en) * 2018-12-06 2020-06-11 Secure-Ic Sas Certificateless public key encryption using pairings

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SIAVASH KHODAMBASHI等: "A quantum blind signature scheme for electronic payments", 《2014 22ND IRANIAN CONFERENCE ON ELECTRICAL ENGINEERING (ICEE)》 *
单家凌: "一种无证书签名方案在数据验证中的应用研究", 《软件》 *
张振超等: "无证书签名方案的分析及改进", 《密码学报》 *

Also Published As

Publication number Publication date
CN112070490B (en) 2022-03-25

Similar Documents

Publication Publication Date Title
EP4236188A2 (en) Computer-implemented system and method suitable for increasing the security of instant off-line blockchain transactions
CN104618116B (en) A kind of cooperative digital signature system and its method
CN103839157A (en) Electronic payment method, device and system
WO2020073715A1 (en) Two-dimensional code anti-counterfeiting method, device and system based on security application
CN101576983A (en) Electronic payment method and system based on mobile terminal
CN110659470B (en) Authentication method and authentication system for off-line physical isolation
CN101916476A (en) Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology
CN103942684A (en) Data security interactive system
CN102238193A (en) Data authentication method and system using same
CN112889241A (en) Verification service for account verification
CN101969640A (en) Computing key generating method for mobile terminal equipment
CN103942685A (en) Data security interactive system
CN103401277B (en) A kind of intelligent power and utilize this intelligent power to realize the method for mobile payment
CN104881781A (en) Method, system, and client based on secure transaction
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
CN106980977B (en) Payment method and system based on Internet of things
CN104657860A (en) Mobile banking security authentication method
CN112070490B (en) Off-line POS machine transaction method and system based on two-dimension code
CN112070493B (en) Off-line POS machine transaction method and system based on two-dimensional code
CN112070492B (en) Off-line POS machine transaction method and system
CN102800153B (en) The service downloading method and system of card swiping terminal
CN116802661A (en) Token-based out-of-chain interaction authorization
Wang et al. Building a consumer scalable anonymity payment protocol for Internet purchases
CN111937023B (en) Security authentication system and method
CN105654295A (en) Transaction control method and client

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant