CN115409504A - Transaction settlement method and device for digital currency and gate machine - Google Patents

Transaction settlement method and device for digital currency and gate machine Download PDF

Info

Publication number
CN115409504A
CN115409504A CN202110589432.0A CN202110589432A CN115409504A CN 115409504 A CN115409504 A CN 115409504A CN 202110589432 A CN202110589432 A CN 202110589432A CN 115409504 A CN115409504 A CN 115409504A
Authority
CN
China
Prior art keywords
data
digital currency
transaction
gate
storage medium
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110589432.0A
Other languages
Chinese (zh)
Inventor
范楠迪
曹炜
牛争科
祝景国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN202110589432.0A priority Critical patent/CN115409504A/en
Publication of CN115409504A publication Critical patent/CN115409504A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application provides a transaction settlement method, a device and a gate for digital currency, wherein the method comprises the following steps: receiving credential data generated by a user-side digital currency device; the voucher data comprises digital currency paid by the user-side digital currency equipment; storing the certificate data into a preset safe storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate. Therefore, for the digital currency equipment at the user end, the digital currency deduction is realized during transaction, and the digital currency collection is realized for the gate, so that the real-time transaction based on the digital currency is realized, and the payment of the money is not required to be carried out through a commercial bank. Meanwhile, the voucher data with larger data volume is stored in the safe storage medium instead of the transaction processing unit in the gate, so that the burden of the transaction processing unit on each link is reduced, and the application of the digital currency in the traffic field is realized.

Description

Transaction settlement method and device for digital currency and gate machine
Technical Field
The application relates to the technical field of digital currency, in particular to a transaction settlement method and device of digital currency and a gate machine.
Background
The traffic card is widely applied to the traffic field due to the characteristics of convenience and safety, and is characterized in that: when the user passes through the gate, after security calculation and authentication are carried out on a PSAM (Purchase Secure Access Module) in the gate and an electronic wallet application in the traffic card through a non-connection communication technology, the electronic wallet application in the traffic card updates balance data in the card, and meanwhile, the gate records transaction flow so as to realize off-line payment.
In the transportation field, each gate can process a large amount of transactions (the transaction processing amount per minute of each gate can reach forty even fifty times in a peak period), so that in order to ensure that the gates can rapidly perform gate opening and closing control and ensure normal passing of users, after the gates acquire transaction information in a traffic card, transaction data is not uploaded to a background server for settlement of money (namely corresponding money amount is requested from a bank managing the traffic card), but the transaction data is uploaded in a downtime period or an off-peak period, and after the background summarizes the transaction data, the corresponding money amount is requested from the bank managing the traffic card, so that final settlement and reconciliation are realized, and at the moment, a traffic management company realizes the fund transaction from the bank and completes real transaction payment.
With the popularization of digital currency, the dual offline application of a digital currency hard wallet and an Integrated Circuit (IC) card brings more convenient payment experience to users. The rail transit is an important application scene of digital currency as an important infrastructure in life.
The transaction between the gate and the traffic card is realized by using the electronic wallet application at present, and the application of digital currency combined with the block chain technology is not supported.
In the current dual offline transaction scheme for digital currency applications, the transaction processing units (such as PSAM card, SE (security element, etc.) are combined with the digital currency devices of the clients through the block chain technique, and the digital currency device of each transaction client generates the voucher data (including the paid digital currency). Currently, each voucher data is generated in about 900 bytes and is recorded in the transaction processing unit in a file.
If the application scheme is directly applied to the traffic field, based on the characteristic of high transaction volume in the traffic field, for a transaction processing unit in a gate, a great burden exists in a storage link and a data reporting link between the transaction processing unit and a background, so that the implementation of digital currency in the traffic field is seriously influenced.
Disclosure of Invention
The embodiment of the application aims to provide a transaction settlement method, a transaction settlement device and a gate for digital currency, so as to realize the application of the digital currency in the traffic field.
The embodiment of the application provides a transaction settlement method of digital currency, which is applied to a gate and comprises the following steps: receiving credential data generated by a user-side digital currency device; the voucher data comprises digital currency paid by the user-side digital currency equipment; storing the certificate data into a preset safe storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate.
In the implementation process, when the gate transacts with the digital currency equipment at the user end, after acquiring the voucher data of the user, which contains digital currency, the gate receives the voucher data and stores the voucher data into the secure storage medium. Thus, for the digital currency equipment at the user end, the deduction of the digital currency is realized during transaction, and for the gate, the collection of the digital currency is realized, so that the real-time transaction based on the digital currency is realized, and the payment through a commercial bank is not needed. Meanwhile, the voucher data with larger data volume is stored in the safe storage medium and is not stored in the transaction processing unit in the gate, so that the burden of the transaction processing unit on each link is reduced, the application based on the digital currency can meet the requirement of the traffic field, and the application of the digital currency in the traffic field is realized.
Further, the method further comprises: when a preset reporting condition is triggered, sending each voucher data in the secure storage medium to a preset background device; after receiving a response message returned by the background equipment, clearing the certificate data stored in the secure storage medium; and the response message represents that the background equipment successfully stores the credential data.
In the implementation process, the reporting condition is preset, so that all the voucher data in the secure storage medium are integrally reported when the reporting condition is triggered, and all the reported voucher data are cleared after the reporting is successful, thereby realizing the summary uploading of the digital currency to the background equipment. In addition, by setting reasonable reporting conditions, the summarizing and submitting process of the digital currency from the gate to the background equipment does not influence the normal traffic processing of the gate, so that the method and the device are suitable for the data processing requirements in the traffic field.
Further, the sending each credential data in the secure storage medium to a preset backend device includes: performing compression calculation on each voucher data in the secure storage medium to obtain a voucher data compression value; and sending the compressed value of the voucher data and each voucher data to the background equipment, so that the background equipment checks whether each received voucher data is each voucher data in the secure storage medium according to the compressed value of the voucher data, and returns the response message when the check is passed.
In the implementation structure, the voucher data to be reported in the secure storage medium is compressed and calculated to obtain a voucher data compressed value, and then the voucher data compressed value and the voucher data are sent to the background device together, so that the background device can verify the integrity and correctness of the received voucher data according to the voucher data compressed value, and the security of the data and the digital currency in the whole reporting process is improved.
Further, before sending the credential data compression value and each of the credential data to the backend device, the method further includes: reading a transaction flow in a transaction processing unit of the gate; correspondingly, the sending the compressed value of the credential data and each credential data to the background device, so that the background device checks whether each received credential data is each credential data in the secure storage medium according to the compressed value of the credential data, and returns the response message when the check is passed, includes: and sending the voucher data compression value, the transaction flow and each voucher data to the background equipment, so that the background equipment checks whether each received voucher data is each voucher data in the secure storage medium according to the voucher data compression value, checks whether the total amount of digital money in the voucher data is correct according to the transaction flow, and returns the response message when the two checks are passed.
In the practical application process, the background equipment often needs to acquire the transaction flow of the gate machine so as to check accounts and ensure accurate accounts. In the implementation process, the transaction flow stored by the transaction processing unit can not change the storage logic of the transaction flow in the existing gate, so that the change of the gate is reduced, and the popularization of the scheme of the embodiment of the application in the traffic field is facilitated. In addition, by reporting the transaction flow, the background equipment can check accounts, thereby improving the reliability of the whole scheme.
Further, after receiving a response message returned by the background device, the method further includes: clearing the transaction pipeline in the transaction processing unit.
It will be appreciated that the transaction pipeline within the gate loses value of existence after the background device has successfully received the transaction pipeline, and memory space within it is extremely limited and valuable to the transaction processing unit. Through the implementation process, the efficient management of the transaction processing unit is realized, and the utilization rate of the storage resources of the transaction processing unit is improved.
Further, before sending the credential data compression value, the transaction pipeline, and each of the credential data to the backend device, the method further comprises: encrypting the voucher data compression value and the transaction running water in the transaction processing unit of the gate by adopting a preset first secret key respectively; correspondingly, the step of sending the compressed value of the voucher data, the transaction flow and each voucher data to the background equipment comprises the following steps: and sending the encrypted voucher data compression value, the encrypted transaction flow and each voucher data to the background equipment.
In the implementation process, the voucher data compression value and the transaction running water are encrypted by adopting the preset first secret key, so that on one hand, the data security is ensured, and on the other hand, the background equipment can also realize the identity authentication of the gate machine through whether the voucher data compression value and the transaction running water can be correctly decrypted. In addition, the voucher data with large data volume is not encrypted in the implementation process, so that the efficient processing of the data is facilitated, the data processing efficiency is improved, and the implementation in the traffic field is facilitated.
Further, before receiving the credential data generated by the user-side digital money device, the method further comprises: receiving a first negotiation parameter generated by the digital currency equipment at the user side, and generating a second negotiation parameter; generating a second key according to the first negotiation parameter and the second negotiation parameter; generating an authentication ciphertext by using the second key, sending the second negotiation parameter and the authentication ciphertext to the user-side digital currency equipment so that the user-side digital currency equipment can generate the second key by using the second negotiation parameter and the first negotiation parameter, decrypting the authentication ciphertext, and encrypting the credential data by using the second key after the decryption is successful; correspondingly, the method for receiving the certificate data generated by the digital currency device at the user side comprises the following steps: receiving the certificate data encrypted by the digital currency equipment at the user side; decrypting the credential data using the second key.
In the implementation process, the gate and the user-side digital currency device negotiate a second key based on the negotiation parameters to perform encrypted transmission of the certificate data, so that the transaction security between the gate and the user-side digital currency device is improved.
The embodiment of the present application further provides a transaction settlement device for digital currency, which is applied to a gate, and includes: the device comprises a receiving module and a processing module; the receiving module is used for receiving the certificate data generated by the digital currency equipment at the user side; the certificate data comprises digital currency paid by the digital currency equipment at the user end; the processing module is used for storing the certificate data into a preset safe storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate.
The embodiment of the present application further provides a gate, including: the system comprises a main controller, a secure storage medium and a transaction processing unit; the secure storage medium is provided independently of the transaction processing unit; the main controller is used for receiving the voucher data generated by the digital currency equipment at the user end and sending the voucher data to the transaction processing unit; the certificate data comprises digital currency paid by the digital currency equipment at the user end; the transaction processing unit is used for storing the certificate data into the secure storage medium.
Further, the main controller is further configured to, when a preset report condition is triggered, acquire the credential data from the secure storage medium and send the credential data to a preset background device; the system is used for clearing each voucher data stored in the secure storage medium after receiving a response message returned by the background equipment; and the response message represents that the background equipment successfully stores the credential data.
There is also provided in an embodiment of the present application a readable storage medium storing one or more programs, the one or more programs being executable by one or more devices having data processing capabilities, to implement a method of settling transactions in digital currency as described in any one of the above.
Drawings
To more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of a gate and a client-side digital money device according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating a method for settling transactions in digital currency according to an embodiment of the present disclosure;
fig. 3 is an interaction diagram of a station entering process according to an embodiment of the present application;
fig. 4 is an interaction diagram of an outbound process according to an embodiment of the present application;
fig. 5 is an interaction diagram of a reporting process according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a transaction settlement apparatus for digital currency according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
The first embodiment is as follows:
the embodiment of the application provides a transaction settlement method of digital currency applicable to the traffic field. Referring to fig. 1, in the method provided by the present application, a host controller, a secure storage medium and a transaction processing unit are included in a gate, while a customer premises digital money device has a hardware wallet for implementing digital money management and transactions.
In the embodiment of the present application, the main controller may be a component having a data Processing function, such as an MCU ((Microcontroller Unit), a CPU (Central Processing Unit/Processor), and the like, but is not limited thereto.
In the embodiment of the present application, the Secure storage medium may be implemented by a component having a data storage capability, such as a floppy disk, an optical disk, a hard disk, a flash Memory, a usb (Secure Digital Memory Card), an SD (Secure Digital Card), and the like, but is not limited thereto.
It should be noted that in the embodiment of the present application, the secure storage medium may be a component provided in the gate, but may also be an external device communicatively connected to the gate. However, the secure storage medium is a separate component provided independently of the transaction processing unit.
In the embodiment of the present application, the transaction processing unit may be a PSAM, or a unit such as an SE having a transaction processing capability, but is not limited thereto.
In addition, in the embodiment of the present application, the client-side digital currency device may be a device such as a mobile phone, an IC card, a tablet computer, a smart watch, and the like, but is not limited thereto.
Based on the gate provided above, referring to fig. 2, fig. 2 is a schematic flow chart of a transaction settlement method for digital currency applied to the gate provided in the embodiment of the present application, including:
s201: receiving credential data generated by a user-side digital money device.
It should be noted that, in the embodiment of the present application, the digital currency paid by the digital currency device at the user end is included in the credential data. It is to be understood that so-called digital currency, i.e., a digitized currency that can be used directly as a transaction entity, having a monetary value. In the embodiment of the present application, the Digital money may be Digital money such as DCEP (Digital current Electronic Payment), but is not limited thereto.
S202: and storing the certificate data into a preset safe storage medium.
It should be noted that in the embodiment of the present application, the secure storage medium may store the credential data in a file. For example, a credential file may be set, and after the secure storage medium receives the credential data, the received credential data may be added to the credential file to implement storage of the credential data. It should be understood that multiple credential files may be provided to hold different credential data during actual application.
Therefore, for the digital currency equipment at the user end, the deduction of the digital currency is realized during the transaction, and for the gate, the collection of the digital currency is realized, so that the real-time transaction based on the digital currency is realized, and the payment of the money is not required to be carried out through a commercial bank. Meanwhile, the voucher data with larger data volume is stored in the safe storage medium instead of the transaction processing unit in the gate, so that the burden of the transaction processing unit on each link is reduced, the application based on the digital currency can meet the requirement of the traffic field, and the application of the digital currency in the traffic field is realized.
In the embodiment of the application, in order to ensure the security of the digital currency in the transaction process, after the gate establishes a communication connection relationship with the digital currency equipment at the user end, a secret key can be obtained through negotiation in a negotiation manner, and then secret transmission of credential data is performed by using the secret key obtained through negotiation, so that the security of the data transmission process is ensured.
For example, the gate may receive a first negotiation parameter generated by the digital money device at the user terminal after establishing a communication connection with the digital money device at the user terminal, and the gate may generate a second negotiation parameter. Then, the gate can generate a second key according to the first negotiation parameter and the second negotiation parameter in a set mode, and generate an authentication ciphertext by using the second key. And then, sending the second negotiation parameter and the authentication ciphertext to the digital currency equipment at the user end.
After receiving the second negotiation parameter and the authentication ciphertext sent by the gate, the user-side digital currency device may generate a second key according to the second negotiation parameter and the first negotiation parameter of the user-side digital currency device in a set manner, and then decrypt the authentication ciphertext based on the generated second key. If the decryption is successful, indicating that the negotiation is successful, the client digital money device can then encrypt the voucher data using the second key and send it to the gate. And the gate machine can decrypt the certificate data through the second key, so that the certificate data can be verified, and the encryption interaction of the certificate data is completed.
In this embodiment, the decrypted credential data may be saved to the secure memory.
It should be noted that in the embodiment of the present application, there may be only one second key, that is, both encryption and decryption are implemented by using the same key. Furthermore, the second key may also be a key pair, where one key is dedicated for encryption and the other key is dedicated for decryption.
It should also be noted that, in the embodiment of the present application, the first negotiation parameter may include a random number generated by the digital money device at the user end and a negotiation factor (given data for performing key negotiation, which may be data determined by content in the digital money device at the user end). Similarly, the second negotiation parameters may include a random number generated by the gate and a negotiation factor (which may be given data within the gate).
It should be noted that, in the embodiment of the present application, when the digital currency device at the user side sends the credential data, the credential data may also be signed by using a preset private key (for example, the digital currency in the credential data may be signed), so that after the gate receives the credential data, the gate verifies the signature by using the corresponding preset public key, thereby ensuring the validity of the credential data.
In this embodiment, optionally, after the gate establishes a communication connection with the digital currency device at the user end, before receiving the credential data generated by the digital currency device at the user end, the gate may further obtain balance information of the digital currency in the digital currency device at the user end. And if the balance information of the digital currency in the digital currency equipment of the user side does not meet the preset balance condition, terminating the transaction and reminding.
For example, in the embodiment of the present application, the balance condition may be, but is not limited to, one of the following: and (4) the arrearage does not exist, the balance is larger than a preset minimum balance threshold value, and the balance is larger than the amount to be traded.
It should be understood that the scheme of the embodiment of the present application may be applied to various scenes in the traffic field, for example, in a rail transit scene, the scheme of the embodiment of the present application may be applied to an outbound gate, and at this time, the gate may obtain inbound running water from a user-side digital money device, so as to obtain an inbound position of a user, and thereby calculate the amount of money to be transacted this time. In addition, in the scenes of public transportation and the like, the transaction amount is a preset quota, and the amount to be transacted is preset in the gate.
It should be noted that, in the embodiment of the present application, the gate and the digital currency device at the user end may implement Communication connection through Near Field Communication (NFC), zigBee (ZigBee), bluetooth, SIMpass (Subscriber Identity Module) card, RF-SIM (SIM card capable of implementing medium-short range wireless Communication), and other Near Field Communication, so as to implement offline payment.
In order to avoid that the transaction efficiency between the gate and the digital currency equipment at the user end is affected due to the fact that the processing resources in the gate are occupied due to the fact that data such as the reported certificate data are reported, in the embodiment of the application, the reporting condition can be preset, and therefore when the reporting condition is triggered, the certificate data in the safe storage medium are sent to the preset background equipment, and the digital currency in the gate is handed over.
It should be noted that, in the embodiment of the present application, the background device may be a preset device for hosting funds.
It should be further noted that, in this embodiment of the present application, after the background device successfully receives and stores each transaction credential reported by the gate, a response message indicating that the background device has successfully stored each credential data may be returned to the gate. And after the gate receives the response message returned by the background equipment, the data of each certificate stored in the safe storage medium can be cleared, so that the successful submission of the digital currency is ensured.
It should be further noted that, in the embodiment of the present application, the reporting condition may be, but is not limited to, at least one of the following: the current time is a preset time (such as a certain time in the outage period), and no communication connection is established with the digital currency equipment at the user end within the preset time.
It should be noted that, in the embodiment of the present application, when the reporting condition is triggered, the gate may further perform compression calculation on each credential data in the secure storage medium to obtain a credential data compression value. It should be understood that the compressed value of the credential data corresponds to all credential data to be reported in the secure storage medium.
For example, in the embodiment of the present application, a hash value calculation method may be used to calculate hash values of all credential data to be reported in a secure storage medium, and then use the calculated hash values as credential data compression values.
It should be understood that the above manner of obtaining the compressed value of the credential data by calculating the hash value is only one possible manner of obtaining the compressed value of the credential data by calculating, which is exemplified in the embodiments of the present application, and is not limited.
Then, the credential data compression value and all credential data to be reported in the secure storage medium can be sent to the background device.
After receiving the certificate data compression value and the certificate data, the background equipment can check whether the received certificate data are the certificate data in the secure storage medium according to the certificate data compression value, and returns a response message when the check is passed.
For example, the background device may perform credential data compression value calculation on the received credential data of the gate in the same credential data compression value calculation manner, and then compare whether the calculated credential data compression value is consistent with the received credential data compression value, if so, it indicates that the received credential data is complete and correct, and may perform subsequent operations. If the difference is not consistent, the gate machine can be required to report again or alarm.
It should be noted that, in the embodiment of the present application, the credential data in the secure storage medium may be stored in the form of a file (hereinafter referred to as a credential file). At this time, the voucher data compression value can be obtained only by calculating the compression value of the related voucher file to be reported. Meanwhile, when the document is reported, the document file can be directly reported, so that the data interaction efficiency is improved by reporting in a form of the whole document.
It should be noted that, in this embodiment of the application, before sending the credential data compression value and each credential data to the background device, the gate may further read the transaction pipeline in the transaction processing unit of the gate, and send the credential data compression value, the transaction pipeline, and each credential data to the background device.
Therefore, the background equipment can check whether the received voucher data are the voucher data in the safe storage medium or not according to the voucher data compression value, check whether the total amount of the digital currency in the voucher data is correct or not according to the transaction flow, and return a response message when the two checks are passed.
Meanwhile, in the embodiment of the application, the transaction flow stored by the transaction processing unit is still used, and the storage logic of the transaction flow in the existing gate is not changed, so that the change of the gate is reduced, and the popularization of the scheme of the embodiment of the application in the traffic field is facilitated.
It will be appreciated that the transaction pipeline within the gate loses value of its existence after the background device has successfully received the transaction pipeline, and memory space within it is extremely limited and valuable to the transaction processing unit. Therefore, in an optional implementation manner of the embodiment of the present application, after the gate receives the response message returned by the background device, the transaction flow in the transaction processing unit may be cleared, so as to implement efficient management on the transaction processing unit and improve the utilization rate of the storage resource of the transaction processing unit.
In this embodiment of the present application, in order to improve output processing efficiency while ensuring data security during a reporting process, in an optional implementation manner of this embodiment of the present application, the gate may encrypt the credential data compression value and the transaction running stream with a preset first key, so as to send the encrypted credential data compression value, the encrypted transaction running stream, and each piece of unencrypted credential data to the background device.
At the moment, the voucher data compression value and the transaction running water are encrypted by adopting the preset first secret key, so that on one hand, the data security is ensured, and on the other hand, the background equipment can also realize the authentication of the gate identity through whether the correct decryption can be realized. In addition, because the certificate data with large data volume is not encrypted, the efficient processing of the data is facilitated, the data processing efficiency is improved, and the implementation in the traffic field is facilitated.
It should be understood that, in another possible implementation manner of the embodiment of the present application, the gate may also encrypt all of the credential data compressed value, the transaction pipeline and the credential data by using the preset first key, so as to send the encrypted credential data compressed value, the encrypted transaction pipeline and the encrypted credential data to the background device.
It should be understood that the first key is a preset key in the gate and the background device.
It should be noted that before the gate sends the information such as the credential data to the background device, the gate may also send its own identification ID to the background device, so that the background device can check whether the gate is in the preset identification list. If so, the gate is allowed to report information.
It should be further noted that, before the gate sends information such as credential data to the background device, the gate may also send an authentication ciphertext encrypted by using the first key to the background device, so that the background device may decrypt the authentication ciphertext by using the first key, thereby implementing the verification on the validity of the first key in the gate and the background device by using the authentication ciphertext.
It should be noted that in the rail transit scenario, the above process can be applied to the exit gate, and for the entrance gate, the transaction with the digital currency device at the user end is not required, but the recording of the entering flow is required.
For example, after the inbound gate establishes a communication connection with the user-side digital money device, the inbound gate may send inbound initialization information including inbound time, site information, and the like to the user-side digital money device for the user-side digital money device to record to obtain the inbound flow.
In the process, identity authentication can be carried out between the entrance gate and the digital currency equipment at the user end so as to ensure the identity reliability of the two parties.
For example, a user-side digital money device may send its own personal certificate and signature to an inbound gate. The gate machine can check and sign the personal certificate and the signature, thereby realizing the identity detection of the digital currency equipment at the user end. Similarly, the gate machine can also send the gate certificate and the signature of the gate machine to the digital currency equipment at the user end, so that the digital currency equipment at the user end can check and sign the gate certificate and the signature, and the identity detection of the gate machine is realized. If the identity detection of any party fails, the whole data interaction process can be finished, and the equipment with the detected identity problem can give an alarm.
It should be noted that, for the rail transit scenario, since the authentication of the digital money device at the user end is already performed on the inbound gate, the authentication based on the certificate and the signature may no longer be required at the exit gate (of course, the authentication may continue to be performed again in the above manner). However, in a scenario such as public transportation with only one gate, the gate may also perform authentication in the above manner before performing a transaction of digital money, so as to ensure the reliability of both parties of the transaction.
In addition, in the embodiment of the present application, after the inbound gate establishes the communication connection with the digital money device at the user end, before the inbound gate sends the inbound initialization information to the digital money device at the user end, the inbound gate may further acquire the balance information of the digital money device at the user end, and then determine whether the digital money device at the user end meets the inbound requirement based on the balance information. When the inbound request is satisfied, the subsequent operation is executed. When the inbound request is not met, a prompt message can be sent out.
In the embodiment of the present application, the inbound request may be, but is not limited to, one of the following: there is no arrears, and the balance is greater than a preset minimum balance threshold.
It should be noted that, in the embodiments of the present application, all the involved links, such as encryption, decryption, verification, etc., may be performed by the transaction processing unit in the gate.
According to the digital currency transaction settlement method provided by the embodiment of the application, when the gate machine transacts with the digital currency equipment at the user end, the gate machine receives the certificate data containing the digital currency after acquiring the certificate data of the user, and stores the certificate data into the secure storage medium. Therefore, for the digital currency equipment at the user end, the deduction of the digital currency is realized during the transaction, and for the gate, the collection of the digital currency is realized, so that the real-time transaction based on the digital currency is realized, and the payment of the money is not required to be carried out through a commercial bank. Meanwhile, the voucher data with larger data volume is stored in the safe storage medium and is not stored in the transaction processing unit in the gate, so that the burden of the transaction processing unit on each link is reduced, the application based on the digital currency can meet the requirement of the traffic field, and the application of the digital currency in the traffic field is realized.
Example two:
in this embodiment, based on the first embodiment, the implementation process of the user-side digital currency device being a card with a digital currency hardware wallet and the scenario being a rail transit scenario is taken as an example, and further examples are provided for the present application.
Referring to fig. 3, when entering a station:
firstly, the gate main controller reads the digital currency balance information of the card and judges whether the card balance is larger than the lowest fare. If so, the subsequent operation is executed. If not, the balance is not enough.
And then, the main controller of the inbound gate sends inbound initialization information carrying the current time and the station information to the card. And after receiving the inbound initialization information, the card returns the personal certificate and the signature.
And then the master controller sends the personal certificate and the signature of the card to the PSAM card, and the PSAM card verifies and signs the personal certificate and the signature of the card.
After the signature passes, the PSAM card sends a gate certificate and signature to the user's card through the host controller.
And the card checks the gate certificate and the signature, generates the inbound flow according to the inbound initialization information after the gate certificate and the signature pass, and returns a verification result.
And after receiving the verification result, the main controller controls to open the gate.
Referring to fig. 4, at outbound:
the main controller of the outbound gate reads the digital currency balance information and the inbound flow of the card, and calculates the amount to be deducted according to the inbound station information recorded by the inbound flow.
And judging whether the balance in the card is more than or equal to the deduction amount to be deducted. If so, the subsequent operation is executed. If not, the balance is prompted to be insufficient.
When the balance in the card is more than or equal to the amount to be deducted, the main controller sends outbound initialization information carrying information such as the current time, the amount to be deducted and the like to the card.
And after receiving the outbound initialization information, the card returns the first random number and the first negotiation factor.
The main controller sends the first random number and the first negotiation factor to the PSAM card, the PSAM card generates a second random number and a second negotiation factor, a second key is generated based on the first random number, the first negotiation factor, the second random number and the second negotiation factor, an authentication ciphertext is generated by adopting the second key, and the second random number, the second negotiation factor and the authentication ciphertext are returned to the card.
The card generates a second key based on the first random number, the first negotiation factor, the second random number and the second negotiation factor, decrypts the authentication ciphertext by adopting the second key, generates voucher data (including digital currency of which the money amount needs to be deducted) according to the money amount needing to be deducted after decryption is successful, encrypts the voucher data by adopting the second key, and then sends the voucher data to the gate.
The main controller sends the encrypted certificate data to the PSAM card, and after the PSAM card decrypts the certificate data, the PSAM card verifies whether the amount of the digital currency in the certificate data is correct or not, and returns a verification result.
And when the verification result is correct, generating a transaction flow according to the outbound initialization information and the amount to be deducted, storing the decrypted certificate data into a certificate file in a safe storage medium in the gate, and opening the gate.
Referring to fig. 5, when performing the fund reporting summary:
and the gate master controller indexes all the voucher files in the secure storage medium and performs compression calculation to obtain a voucher data compression value.
The master controller sends the current time and the credential data compression value to the PSAM card.
And the PSAM card sends the identification ID of the gate and an authentication ciphertext encrypted by a preset first key to the background equipment.
And the background equipment verifies the identification ID and the authentication ciphertext and returns initialization response information. The initialization response message is encrypted using the first key.
The PSAM card verifies the initialization response information (decrypts the initialization response information), encrypts the certificate data compression value and the transaction flow by adopting the first secret key after the initialization response information passes the verification (the decryption is successful, namely the first secret key passes the decryption), and returns the certificate data compression value and the transaction flow to the main controller.
And the main controller sends the voucher file in the secure storage medium, the encrypted voucher data compression value and the transaction running water to the background equipment.
And the background equipment checks the certificate file based on the certificate data compression value and the transaction flow and returns a check result.
And the PSAM card verifies the checking result, and if the checking result is correct, the reported result information is returned to the background equipment. And after the background equipment confirms the result information, returning a confirmation result.
After the gate receives the confirmation result, the PSAM card clears the uploaded running water inside, and the main controller controls the secure storage medium to clear the uploaded voucher file.
By the scheme, the digital currency can be successfully applied to the field of rail transit, the bottleneck that the storage capacity of the PSAM becomes the application of the digital currency in the field of rail transit can be effectively avoided, and the fund reporting and summarizing can be realized under the condition that the communication speed is not reduced.
Example three:
based on the same inventive concept, the embodiment of the present application further provides a transaction settlement apparatus 100 for digital currency. Referring to fig. 6, fig. 6 illustrates a transaction settlement apparatus for digital money using the method shown in fig. 2. It should be understood that the specific functions of the apparatus 100 can be referred to the above description, and the detailed description is omitted here as appropriate to avoid redundancy. The device 100 includes at least one software functional module that can be stored in memory in the form of software or firmware or solidified in the operating system of the device 100. Specifically, the method comprises the following steps:
referring to fig. 6, the apparatus 100 is applied to a gate, and includes: a receiving module 101 and a processing module 102. Wherein:
the receiving module 101 is configured to receive credential data generated by a digital currency device at a user end; the voucher data comprises digital currency paid by the user-side digital currency equipment;
the processing module 102 is configured to store the credential data in a preset secure storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate.
In a possible implementation manner of the embodiment of the present application, the processing module 102 is further configured to send each credential data in the secure storage medium to a preset background device when a preset reporting condition is triggered; after receiving a response message returned by the background equipment, clearing the certificate data stored in the secure storage medium; and the response message represents that the background equipment successfully stores the credential data.
In an example manner of the foregoing feasible embodiment, the processing module 102 is specifically configured to perform compression calculation on each credential data in the secure storage medium to obtain a credential data compression value; and sending the compressed value of the voucher data and each voucher data to the background equipment, so that the background equipment checks whether each received voucher data is each voucher data in the secure storage medium according to the compressed value of the voucher data, and returns the response message when the check is passed.
In an optional example of the foregoing example manner, the processing module 102 is specifically configured to read a transaction flow in a transaction processing unit of the gate before sending the credential data compression value and each credential data to the background device; and sending the voucher data compression value, the transaction flow and each voucher data to the background equipment, so that the background equipment checks whether each received voucher data is each voucher data in the secure storage medium according to the voucher data compression value, checks whether the total amount of digital money in the voucher data is correct according to the transaction flow, and returns the response message when the two checks are passed.
In the above optional example, the processing module 102 is further configured to clear the transaction pipeline in the transaction processing unit after receiving a response message returned by the background device.
In the above optional example, the processing module 102 is specifically configured to, before sending the credential data compressed value, the transaction pipeline, and each credential data to the background device, respectively encrypt the credential data compressed value and the transaction pipeline in the transaction processing unit of the gate by using a preset first key; and sending the encrypted voucher data compression value, the transaction pipeline and each voucher data to the background equipment.
In this embodiment of the present application, the receiving module 101 is further configured to receive a first negotiation parameter generated by a digital currency device at a user end before receiving credential data generated by the digital currency device at the user end, and generate a second negotiation parameter;
the processing module 102 is configured to generate a second key according to the first negotiation parameter and the second negotiation parameter; generating an authentication ciphertext by using the second key, sending the second negotiation parameter and the authentication ciphertext to the user-side digital currency equipment so that the user-side digital currency equipment can generate the second key by using the second negotiation parameter and the first negotiation parameter, decrypting the authentication ciphertext, and encrypting the credential data by using the second key after the decryption is successful; receiving the certificate data encrypted by the digital currency equipment at the user side; decrypting the credential data with the second key.
It should be understood that, for the sake of brevity, the contents described in some embodiments are not repeated in this embodiment.
Example four:
the embodiment provides a gate, the structure of which can be seen in fig. 1, and comprises a main controller, a secure storage medium and a transaction processing unit.
The main controller is used for receiving the voucher data generated by the digital currency equipment at the user end and sending the voucher data to the transaction processing unit; the voucher data comprises digital currency paid by the user-side digital currency device.
The transaction processing unit is used for verifying the validity of the certificate data and storing the certificate data into the safe storage medium after the certificate data passes the verification.
It should be understood that the main controller is further configured to, when a preset report condition is triggered, obtain the credential data from the secure storage medium and send the credential data to a preset background device; the system is used for clearing each voucher data stored in the secure storage medium after receiving a response message returned by the background equipment; and the response message represents that the background equipment successfully stores the credential data.
It will be appreciated that the arrangement shown in figure 1 is merely illustrative and that the gate may also comprise more or fewer components than shown in figure 1 or have a different configuration than that shown in figure 1, for example may also have a short range wireless communications module such as bluetooth, NFC, etc., have a traffic control component such as a gate, etc.
It should be noted that, the methods illustrated in the first and second embodiments of the present application may be implemented by cooperation of the main controller, the secure storage medium, and the transaction processing unit in the gate, and are not described herein again.
The present embodiment also provides a readable storage medium, such as a floppy disk, an optical disk, a hard disk, a flash Memory, a usb (Secure Digital Card), an MMC (Multimedia Card), etc., in which one or more programs for implementing the above steps are stored, and the one or more programs can be executed by one or more devices with data processing capability (such as a host controller and a transaction processing unit in a gate, etc.) to implement the method processes in the first embodiment and/or the second embodiment. And will not be described in detail herein.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described apparatus embodiments are merely illustrative, and for example, the division of the units into only one type of logical function may be implemented in other ways, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be through some communication interfaces, indirect coupling or communication connection between devices or units, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
In this context, a plurality means two or more.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made to the present application by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A transaction settlement method of digital currency is applied to a gate and comprises the following steps:
receiving credential data generated by a user-side digital currency device; the certificate data comprises digital currency paid by the digital currency equipment at the user end;
storing the certificate data into a preset safe storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate.
2. A transaction settlement method of digital currency according to claim 1, characterized in that the method further comprises:
when a preset reporting condition is triggered, sending each certificate data in the secure storage medium to a preset background device;
after receiving a response message returned by the background equipment, clearing each credential data stored in the secure storage medium; and the response message represents that the background equipment successfully stores the credential data.
3. The method for settling transactions on digital currency according to claim 2, wherein said sending each voucher data in said secure storage medium to a predetermined back office device comprises:
performing compression calculation on each voucher data in the secure storage medium to obtain a voucher data compression value;
and sending the certificate data compression value and each certificate data to the background equipment, so that the background equipment verifies whether each received certificate data is each certificate data in the secure storage medium according to the certificate data compression value, and returns the response message when the verification is passed.
4. A transaction settlement method for digital currency according to claim 3, wherein before sending the voucher data compressed value and each of the voucher data to the back office device, the method further comprises:
reading a transaction flow in a transaction processing unit of the gate;
correspondingly, the sending the compressed value of the credential data and each credential data to the background device, so that the background device checks whether each received credential data is each credential data in the secure storage medium according to the compressed value of the credential data, and returns the response message when the check is passed, includes:
and sending the voucher data compression value, the transaction flow and each voucher data to the background equipment, so that the background equipment checks whether each received voucher data is each voucher data in the secure storage medium according to the voucher data compression value, checks whether the total amount of digital money in the voucher data is correct according to the transaction flow, and returns the response message when the two checks are passed.
5. A transaction settlement method for digital currency according to claim 4, wherein upon receiving a reply message returned by the background device, the method further comprises:
clearing the transaction pipeline in the transaction processing unit.
6. The method for transaction settlement of digital currency according to claim 4, wherein before sending the voucher data compressed value, the transaction pipeline and each of the voucher data to the backend device, the method further comprises:
encrypting the voucher data compression value and the transaction flow in the transaction processing unit of the gate by adopting a preset first secret key respectively;
correspondingly, the step of sending the compressed value of the voucher data, the transaction flow and each voucher data to the background device comprises:
and sending the encrypted voucher data compression value, the encrypted transaction flow and each voucher data to the background equipment.
7. A method of settling transactions in digital currency according to any of claims 1 to 6, wherein prior to receiving credential data generated by a user-side digital currency device, the method further comprises:
receiving a first negotiation parameter generated by the user-side digital currency equipment and generating a second negotiation parameter;
generating a second key according to the first negotiation parameter and the second negotiation parameter;
generating an authentication ciphertext by using the second key, sending the second negotiation parameter and the authentication ciphertext to the user-side digital currency device so that the user-side digital currency device can generate the second key by using the second negotiation parameter and the first negotiation parameter, decrypting the authentication ciphertext, and encrypting the credential data by using the second key after the decryption is successful;
correspondingly, the receiving of the voucher data generated by the digital currency device at the user end comprises:
receiving the certificate data encrypted by the digital currency equipment at the user side;
decrypting the credential data using the second key.
8. A transaction settlement device for digital currency, applied to a gate, comprising: the device comprises a receiving module and a processing module;
the receiving module is used for receiving the voucher data generated by the digital currency equipment at the user end; the certificate data comprises digital currency paid by the digital currency equipment at the user end;
the processing module is used for storing the certificate data into a preset safe storage medium; the secure storage medium is disposed independently of a transaction processing unit of the gate.
9. A gate, comprising: the system comprises a main controller, a secure storage medium and a transaction processing unit; the secure storage medium is provided independently of the transaction processing unit;
the main controller is used for receiving the voucher data generated by the digital currency equipment at the user end and sending the voucher data to the transaction processing unit; the certificate data comprises digital currency paid by the digital currency equipment at the user end;
the transaction processing unit is used for storing the certificate data into the secure storage medium.
10. The gate of claim 9,
the main controller is further configured to acquire the credential data from the secure storage medium and send the credential data to a preset background device when a preset reporting condition is triggered; the system is used for clearing each voucher data stored in the secure storage medium after receiving a response message returned by the background equipment; the response message represents that the background equipment successfully stores each credential data.
CN202110589432.0A 2021-05-27 2021-05-27 Transaction settlement method and device for digital currency and gate machine Pending CN115409504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110589432.0A CN115409504A (en) 2021-05-27 2021-05-27 Transaction settlement method and device for digital currency and gate machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110589432.0A CN115409504A (en) 2021-05-27 2021-05-27 Transaction settlement method and device for digital currency and gate machine

Publications (1)

Publication Number Publication Date
CN115409504A true CN115409504A (en) 2022-11-29

Family

ID=84156230

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110589432.0A Pending CN115409504A (en) 2021-05-27 2021-05-27 Transaction settlement method and device for digital currency and gate machine

Country Status (1)

Country Link
CN (1) CN115409504A (en)

Similar Documents

Publication Publication Date Title
US9516487B2 (en) Automated account provisioning
US8898088B2 (en) In-card access control and monotonic counters for offline payment processing system
US8959034B2 (en) Transaction signature for offline payment processing system
CN107609866B (en) Electronic payment and electronic cash collection method and device based on virtual currency
US20130226796A1 (en) Presence-of-Card Code for Offline Payment Processing System
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN113196704B (en) Techniques for securely performing offline authentication
CN111222841B (en) Block chain-based data distribution method and equipment and storage medium thereof
CN105956855B (en) Transaction method and transaction system of electronic signature device
CN105117963A (en) Device and method based on digital signature
CN112508575B (en) Subway passing brake payment method and system based on digital currency
CN105162607A (en) Authentication method and system of payment bill voucher
AU2023201327B2 (en) Techniques for secure channel communications
CN106251145A (en) Electronic fare payment system, electronic payment devices and electric paying method
CN113628352B (en) Subway ticket business system based on secondary selling and subway ticket secondary selling method
CN112074835A (en) Techniques to perform secure operations
WO2022154789A1 (en) Token-based off-chain interaction authorization
CN115409504A (en) Transaction settlement method and device for digital currency and gate machine
CN106296145A (en) Transportation card the Internet recharge method and device
CN111415148A (en) Method and device for non-inductive payment, electronic equipment and storage medium
KR101361138B1 (en) On-line non-facing payment system and method
US20230107197A1 (en) Blockchain based interaction processing
Wafula Muliaro et al. Enhancing Personal Identification Number (Pin) Mechanism To Provide Non-Repudiation Through Use Of Timestamps In Mobile Payment Systems.
CN114462990A (en) Method and device for secret-free payment based on digital currency
AU2013202684B9 (en) In-card access control and monotonic counters for offline payment processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination