TW202127339A - Offline card transaction authentication system and offline card transaction authentication method - Google Patents

Offline card transaction authentication system and offline card transaction authentication method Download PDF

Info

Publication number
TW202127339A
TW202127339A TW109100305A TW109100305A TW202127339A TW 202127339 A TW202127339 A TW 202127339A TW 109100305 A TW109100305 A TW 109100305A TW 109100305 A TW109100305 A TW 109100305A TW 202127339 A TW202127339 A TW 202127339A
Authority
TW
Taiwan
Prior art keywords
transaction
card
key
transaction authentication
user card
Prior art date
Application number
TW109100305A
Other languages
Chinese (zh)
Inventor
林志賢
利建宏
蔡金翰
許銀雄
Original Assignee
宏碁智醫股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宏碁智醫股份有限公司 filed Critical 宏碁智醫股份有限公司
Priority to TW109100305A priority Critical patent/TW202127339A/en
Priority to CN202010147123.3A priority patent/CN113077261A/en
Publication of TW202127339A publication Critical patent/TW202127339A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An offline card transaction authentication system and an offline card transaction authentication method are provided. A user card records an asymmetric private key and balance information and generates a symmetric session key. A transaction authentication host includes a card reader coupled to the user card and generates the symmetric session key. In response to that the transaction authentication host receives a transaction instruction, the transaction authentication host and the user card perform a authentication procedure according to the symmetric session key. In response to that the user card passes the authentication procedure, the transaction authentication host and the user card perform a transaction specified by the transaction instruction, and the user card adjusts the balance information according to the transaction. The user card generates a digital signature for a transaction record of the transaction by using the asymmetric private key and stores the digital signature and the transaction record to a storage medium.

Description

離線式卡片交易認證系統與離線式卡片交易認證方法Off-line card transaction authentication system and off-line card transaction authentication method

本發明是有關於一種電子交易技術,且特別是有關於一種離線式卡片交易認證系統與離線式卡片交易認證方法。The present invention relates to an electronic transaction technology, and particularly relates to an offline card transaction authentication system and an offline card transaction authentication method.

隨著科技的進步,使用電子卡片的電子交易服務已逐漸普及。進一步而言,在現今的生活環境中,為了安全以及方便著想,有許多應用交易環境已經改以各種類型的電子卡片來替代真實貨幣,舉凡車票,計次卡以及電話卡等等,都是電子卡片所可以運用的範圍。使用者需要花費真實貨幣而將等價的虛擬點數或虛擬貨幣儲值於電子卡片中,以利用電子卡片進行消費、使用特定儀器,或獲取對價服務等等。With the advancement of technology, electronic transaction services using electronic cards have gradually become popular. Furthermore, in today's living environment, for the sake of safety and convenience, many application transaction environments have been changed to various types of electronic cards to replace real money. For example, tickets, counter cards, telephone cards, etc., are all electronic cards. The range that can be used. Users need to spend real money and store equivalent virtual points or virtual money in an electronic card to use the electronic card for consumption, use a specific instrument, or obtain consideration services, etc.

一般而言,於使用者使用電子卡片進行交易的過程中,金鑰認證程序是常見的身份驗證方式與交易驗證方式。此外,為了保障與確認電子卡片裡的餘額或剩餘點數,目前常見的作法是透過線上雲端資料庫來追蹤電子卡片每次的交易記錄,以便在電子卡片遺失或損壞時可正確地退回剩餘點數或餘額。然而,無論是金鑰認證程序或是線上雲端資料庫的使用,扣款端的交易主機大多需要連上網路才可以將交易記錄上傳至線上雲端資料庫或取得必須的金鑰。然而,於一些特定場合中,基於資訊安全或資料隱私性的考量,因而不期望將交易主機處在網路連線的狀況下進行使用,以防止有心人士透過網路駭進交易主機修改或竊取資料。另一方面,近年來社會出現許多資訊安全漏洞的問題,易造成商家與民眾對於電子交易的不信任感。由此可知,對於卡片票證等電子交易行為的資訊安全問題亦不容忽視。Generally speaking, in the process of a user using an electronic card to conduct a transaction, the key authentication procedure is a common identity verification method and a transaction verification method. In addition, in order to protect and confirm the balance or remaining points in the e-card, the current common practice is to track each transaction record of the e-card through an online cloud database, so that the remaining points can be returned correctly when the e-card is lost or damaged Number or balance. However, regardless of the key authentication process or the use of online cloud databases, most transaction hosts on the debit side need to be connected to the Internet to upload transaction records to the online cloud database or obtain the necessary keys. However, in some specific occasions, based on the consideration of information security or data privacy, it is not expected to use the trading host under the condition of network connection, so as to prevent the intentional person from hacking the trading host to modify or steal through the network. material. On the other hand, many information security vulnerabilities have appeared in the society in recent years, which can easily cause businesses and the public to distrust electronic transactions. It can be seen that the information security issues of electronic transactions such as card tickets cannot be ignored.

有鑑於此,本發明提出一種離線式卡片交易認證系統與離線式卡片交易認證方法,其可在離線環境中使用電子卡片進行交易,從而確保電子卡片交易的安全性與機密性。In view of this, the present invention proposes an offline card transaction authentication system and an offline card transaction authentication method, which can use electronic cards for transactions in an offline environment, thereby ensuring the security and confidentiality of electronic card transactions.

本發明實施例提供一種離線式卡片交易認證系統,其包括使用者卡片以及交易認證主機。使用者卡片記錄有非對稱私密金鑰以及餘額資訊,並產生一對稱式會議金鑰。交易認證主機,包括耦接至使用者卡片的讀卡裝置,並產生對稱式會議金鑰。反應於交易認證主機接收到交易指令,交易認證主機與使用者卡片依據對稱式會議金鑰進行身份認證程序。反應於使用者卡片通過身份認證程序,交易認證主機與使用者卡片進行交易指令所指定的交易,且使用者卡片依據交易調整餘額資訊。使用者卡片利用非對稱私密金鑰對交易的交易記錄產生數位簽章,並將數位簽章與交易記錄儲存至儲存媒介。The embodiment of the present invention provides an offline card transaction authentication system, which includes a user card and a transaction authentication host. The user card records the asymmetric private key and balance information, and generates a symmetric conference key. The transaction authentication host includes a card reader coupled to the user's card and generates a symmetric conference key. In response to the transaction authentication host receiving the transaction instruction, the transaction authentication host and the user card perform an identity authentication procedure based on the symmetric conference key. In response to the user card passing the identity authentication process, the transaction authentication host performs the transaction specified by the transaction instruction with the user card, and the user card adjusts the balance information according to the transaction. The user card uses the asymmetric private key to generate a digital signature on the transaction record, and stores the digital signature and transaction record in a storage medium.

本發明實施例提供一種離線式卡片交易認證方法,其包括下列步驟。反應於交易認證主機接收到交易指令,藉由使用者卡片產生對稱式會議金鑰,藉由交易認證主機產生對稱式會議金鑰,並藉由交易認證主機與使用者卡片依據對稱式會議金鑰進行身份認證程序;反應於使用者卡片通過身份認證程序,藉由交易認證主機與使用者卡片進行交易指令指定的交易,且藉由使用者卡片依據交易調整使用者卡片所記錄的餘額資訊;以及藉由使用者卡片利用非對稱私密金鑰對交易的交易記錄產生數位簽章,並將數位簽章與交易記錄儲存至儲存媒介。The embodiment of the present invention provides an offline card transaction authentication method, which includes the following steps. In response to the transaction authentication host receiving the transaction instruction, the symmetric conference key is generated by the user card, the symmetric conference key is generated by the transaction authentication host, and the symmetric conference key is generated by the transaction authentication host and the user card Perform the identity authentication process; it reflects that the user card passes the identity authentication process, the transaction authentication host performs the transaction specified by the transaction instruction with the user card, and the user card adjusts the balance information recorded by the user card according to the transaction; and The user card uses the asymmetric private key to generate a digital signature on the transaction record of the transaction, and stores the digital signature and transaction record in a storage medium.

基於上述,於本發明的實施例中,當利用使用者卡片進行電子交易時,使用者卡片與交易認證主機可藉由對稱式金鑰加密法來提昇身份認證時的運算速度。由於使用者卡片與交易認證主機無須透過網路執行查詢公開金鑰的動作,因此本發明實施例的交易認證系統可在離線環境下進行身份認證,從而確保交易認證主機的資料機密性。此外,由於關於使用者卡片的每筆交易記錄皆經過非對稱私密金鑰的簽章動作,因此經過驗證的交易記錄有利交易記錄的稽核與正確性,可有效防止有心人士詐取非法餘額。Based on the above, in the embodiment of the present invention, when the user card is used for electronic transactions, the user card and the transaction authentication host can use the symmetric key encryption method to increase the computing speed during identity authentication. Since the user card and the transaction authentication host do not need to query the public key through the network, the transaction authentication system of the embodiment of the present invention can perform identity authentication in an offline environment, thereby ensuring the data confidentiality of the transaction authentication host. In addition, since each transaction record on the user's card is signed by the asymmetric private key, the verified transaction record facilitates the audit and correctness of the transaction record, and can effectively prevent the intentional person from fraudulently defrauding the illegal balance.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

本發明的部份實施例接下來將會配合附圖來詳細描述,以下的描述所引用的元件符號,當不同附圖出現相同的元件符號將視為相同或相似的元件。這些實施例只是本發明的一部份,並未揭示所有本發明的可實施方式。更確切的說,這些實施例只是本發明的專利申請範圍中的方法與系統的範例。Part of the embodiments of the present invention will be described in detail in conjunction with the accompanying drawings. The reference symbols in the following description will be regarded as the same or similar elements when the same symbol appears in different drawings. These embodiments are only a part of the present invention, and do not disclose all the possible implementation modes of the present invention. More precisely, these embodiments are just examples of methods and systems within the scope of the patent application of the present invention.

圖1是依照本發明一實施例的離線式卡片交易認證系統的示意圖。請參照圖1,離線式卡片交易認證系統10包括交易認證主機120以及使用者卡片110。Fig. 1 is a schematic diagram of an offline card transaction authentication system according to an embodiment of the present invention. Please refer to FIG. 1, the offline card transaction authentication system 10 includes a transaction authentication host 120 and a user card 110.

使用者卡片110是一種智慧卡(Smart Card),也可稱為IC卡(Integrated Circuit Card)。使用者卡片110是將專用的處理晶片112鑲嵌於卡片中,以進行資料儲存或運算處理。更具體而言,於一實施例中,使用者卡片110可包括傳輸介面111以及處理晶片112。傳輸介面111可以是接觸式傳輸介面或非接觸式(感應式)傳輸介面,本發明對此不限制。處理晶片112為具有運算與資料儲存能力的處理電路以及記憶體電路的整合。The user card 110 is a smart card (Smart Card), and may also be called an IC card (Integrated Circuit Card). The user card 110 embeds a dedicated processing chip 112 in the card for data storage or calculation processing. More specifically, in one embodiment, the user card 110 may include a transmission interface 111 and a processing chip 112. The transmission interface 111 may be a contact transmission interface or a non-contact (inductive) transmission interface, which is not limited in the present invention. The processing chip 112 is an integration of a processing circuit with computing and data storage capabilities and a memory circuit.

交易認證主機120包括讀卡裝置121、指令接收單元122、儲存媒介123,以及處理電路124。讀卡裝置121可以是卡槽讀卡機或是感應式讀卡機,本發明對此不限制。指令接收單元例如是鍵盤、滑鼠、觸控輸入元件等等輸入裝置,用以接收使用者所下達的指令。儲存媒介123用以儲存資料、指令、程式碼、軟體元件等等,其可以例如是任意型式的固定式或可移動式隨機存取記憶體(random access memory,RAM)、唯讀記憶體(read-only memory,ROM)、快閃記憶體(flash memory)、硬碟或其他類似裝置、積體電路及其組合。The transaction authentication host 120 includes a card reader 121, an instruction receiving unit 122, a storage medium 123, and a processing circuit 124. The card reading device 121 may be a card slot card reader or an inductive card reader, which is not limited in the present invention. The command receiving unit is, for example, an input device such as a keyboard, a mouse, a touch input element, etc., for receiving commands issued by a user. The storage medium 123 is used to store data, instructions, program codes, software components, etc., and it can be, for example, any type of fixed or removable random access memory (random access memory, RAM), read-only memory (read only). -only memory, ROM), flash memory, hard disk or other similar devices, integrated circuits and combinations thereof.

處理電路124耦接讀卡裝置121、指令接收單元122以及儲存媒介123,以控制離線式卡片交易認證系統10的整體運作。在本實施例中,處理電路124例如是中央處理單元(Central Processing Unit,CPU),或是其他可程式化之一般用途或特殊用途的微處理器(Microprocessor)、數位訊號處理器(Digital Signal Processor,DSP)、可程式化控制器、特殊應用積體電路(Application Specific Integrated Circuits,ASIC)、可程式化邏輯裝置(Programmable Logic Device,PLD)、或其他類似裝置或這些裝置的組合。The processing circuit 124 is coupled to the card reader 121, the instruction receiving unit 122 and the storage medium 123 to control the overall operation of the offline card transaction authentication system 10. In this embodiment, the processing circuit 124 is, for example, a central processing unit (CPU), or other programmable general-purpose or special-purpose microprocessors, or digital signal processors (Digital Signal Processors). , DSP), programmable controller, application specific integrated circuit (Application Specific Integrated Circuits, ASIC), programmable logic device (Programmable Logic Device, PLD), or other similar devices or a combination of these devices.

需說明的是,於一實施例中,交易認證主機120可由電腦裝置(例如筆記型電腦或桌上型電腦)與外接式讀卡裝置121而實施。外接式讀卡裝置121例如可經由USB介面連接至電腦裝置。於另一實施例中,交易認證主機120可以是具有內建式讀卡裝置121的電腦裝置。此外,於一實施例中,處理電路124可包括電腦裝置的中央處理單元與另一張智慧卡的處理晶片。或者,於一實施例中,處理電路124可僅包括電腦裝置的中央處理單元。又或者,於一實施例中,處理電路124可僅包括電腦裝置的中央處理單元以及其他具備運算能力的積體電路。It should be noted that, in one embodiment, the transaction authentication host 120 can be implemented by a computer device (such as a notebook computer or a desktop computer) and an external card reader 121. The external card reader 121 can be connected to a computer device via a USB interface, for example. In another embodiment, the transaction authentication host 120 may be a computer device with a built-in card reader 121. In addition, in one embodiment, the processing circuit 124 may include a central processing unit of a computer device and a processing chip of another smart card. Alternatively, in an embodiment, the processing circuit 124 may only include the central processing unit of the computer device. Or, in an embodiment, the processing circuit 124 may only include a central processing unit of a computer device and other integrated circuits with computing capabilities.

於一實施例中,讀卡裝置121可讀取使用者卡片110裡的資料或提供資料給使用者卡片110,致使處理電路124可透過讀卡裝置121與使用者卡片進行溝通。In one embodiment, the card reader 121 can read data in the user card 110 or provide data to the user card 110, so that the processing circuit 124 can communicate with the user card through the card reader 121.

圖2是依照本發明一實施例的後視鏡控制方法的流程圖。請參照圖2,本實施例的方式適用於上述實施例中的離線式卡片交易認證系統10,以下即搭配離線式卡片交易認證系統10中的各項元件說明本實施例之離線式卡片交易認證方法的詳細步驟。Fig. 2 is a flowchart of a rearview mirror control method according to an embodiment of the present invention. Please refer to FIG. 2, the method of this embodiment is applicable to the offline card transaction authentication system 10 in the above-mentioned embodiment. The following is a description of the offline card transaction authentication system of this embodiment with various components in the offline card transaction authentication system 10 Detailed steps of the method.

於步驟S201,反應於交易認證主機120接收到交易指令CMD,藉由使用者卡片110產生對稱式會議金鑰“session key”,藉由交易認證主機120產生對稱式會議金鑰“session key”,並藉由交易認證主機120與使用者卡片110依據對稱式會議金鑰“session key”進行身份認證程序。In step S201, in response to the transaction authentication host 120 receiving the transaction command CMD, the user card 110 generates the symmetric conference key "session key", and the transaction authentication host 120 generates the symmetric conference key "session key", And the transaction authentication host 120 and the user card 110 perform the identity authentication process according to the symmetrical conference key "session key".

詳細而言,當使用者卡片110的卡片持有者欲進行交易時,系統操作者可透過指令接收單元122下達交易指令CMD。舉例而言,使用者卡片110的卡片持有者可依據使用者卡片110裡的金額、點數或虛擬貨幣來購買物品、專業儀器的使用權、專業軟體系統的使用權、交通票券或其他特定服務等等。在此之前,使用者卡片110的卡片持有者需要花費真實貨幣來購買使用者卡片110裡的金額、點數或虛擬貨幣,此將真實貨幣轉換為卡片裡的的金額、點數或虛擬貨幣動作稱之為儲值。於是,使用者卡片110所記錄的餘額資訊將隨著使用者卡片110的卡片持有者的消費動作與儲值動作而改變。當使用者卡片110的卡片持有者欲進行交易時,使用者卡片110將插入或靠近交易認證主機120的讀卡裝置121,而系統操作者可依據交易類型而下達交易指令CMD給交易認證主機120。In detail, when the card holder of the user card 110 wants to conduct a transaction, the system operator can issue the transaction command CMD through the command receiving unit 122. For example, the card holder of the user card 110 can purchase items, the right to use professional equipment, the right to use professional software systems, transportation tickets, or other items based on the amount, points, or virtual currency in the user card 110. Specific services and so on. Prior to this, the card holder of the user card 110 needs to spend real money to purchase the amount, points or virtual currency in the user card 110, which converts the real currency into the amount, points or virtual currency in the card The action is called a stored value. Therefore, the balance information recorded by the user card 110 will change with the consumption action and the stored value action of the card holder of the user card 110. When the card holder of the user card 110 wants to conduct a transaction, the user card 110 will be inserted into or close to the card reader 121 of the transaction authentication host 120, and the system operator can issue a transaction command CMD to the transaction authentication host according to the transaction type 120.

響應於交易指令CMD,交易認證主機120與使用者卡片110將依據對稱式金鑰加密法來執行身份認證。換言之,在雙方進行交易流程之前,交易認證主機120與使用者卡片110必須先經過一場對話來認證彼此的身份。於一實施例中,交易認證主機120與使用者卡片110需要進行特定步驟而分別產生相同的對稱式會議金鑰“session key”,並使用對稱式會議金鑰“session key”進行身份認證。於此,對稱式會議金鑰“session key”是一次性用於對談中加密用的對稱式金鑰,交易認證主機120與使用者卡片110使用同一把金鑰來加密明文與解密密文。舉例而言,對稱式金鑰加密的加密演算法可包括資料加密標準(Data Encryption Standard,DES)、三階段資料加密標準(Triple Data Encryption Standard,3DES)、高階加密標準(Advanced Encryption Standard,AES)、Blowfish演算法、國際資料加密演算法(International Data Encryption Algorithm,IDEA)等等,本發明對此不限制。In response to the transaction command CMD, the transaction authentication host 120 and the user card 110 will perform identity authentication according to the symmetric key encryption method. In other words, before the two parties conduct the transaction process, the transaction authentication host 120 and the user card 110 must first go through a dialogue to authenticate each other's identities. In one embodiment, the transaction authentication host 120 and the user card 110 need to perform specific steps to generate the same symmetric conference key "session key" respectively, and use the symmetric conference key "session key" for identity authentication. Here, the symmetrical session key "session key" is a one-time symmetrical key used for encryption in the conversation. The transaction authentication host 120 and the user card 110 use the same key to encrypt the plaintext and decrypt the ciphertext. For example, the encryption algorithm of symmetric key encryption may include Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES) , Blowfish algorithm, International Data Encryption Algorithm (IDEA), etc. The present invention is not limited to this.

接著,於步驟S202,反應於使用者卡片110通過身份認證程序,藉由交易認證主機120與使用者卡片110進行交易指令CMD所指定的交易,且藉由使用者卡片110依據交易調整使用者卡片110所記錄的餘額資訊。於一實施例中,交易指令CMD包括一扣款交易指令或一儲值交易指令,且交易包括一扣款交易或一儲值交易。Next, in step S202, it is reflected that the user card 110 passes the identity authentication process, the transaction authentication host 120 and the user card 110 perform the transaction specified by the transaction command CMD, and the user card 110 adjusts the user card according to the transaction 110 recorded balance information. In one embodiment, the transaction instruction CMD includes a deduction transaction instruction or a stored value transaction instruction, and the transaction includes a deduction transaction or a stored value transaction.

需說明的是,於一實施例中,交易認證主機120與使用者卡片110可依據對稱式會議金鑰“session key”加密欲發送給對方的某一訊息而產生訊息鑑別碼(Message authentication code,MAC),致使對方可依據收到的訊息鑑別碼來驗證訊息的完整性。於一實施例中,對稱式會議金鑰“session key”可包括一把用於驗證身份的第一會議金鑰以及另一把用於驗證訊息完整性的第二會議金鑰。在交易認證主機120與使用者卡片110兩方皆依據第一會議金鑰成功認證對方為合法交易對象以及依據第二會議金鑰成功驗證收發訊息的完整性之後,交易認證主機120與使用者卡片110可進行交易指令CMD所指定的交易。例如,使用者卡片110可自餘額資訊扣除交易所需的金額或點數,而交易認證主機120可依據交易內容解鎖特定儀器或專業軟體的使用權。藉此,使用者卡片110的持有者便可經由付費而使用特定儀器或專業軟體。It should be noted that, in one embodiment, the transaction authentication host 120 and the user card 110 can generate a message authentication code (Message authentication code, MAC), so that the other party can verify the integrity of the message based on the received message authentication code. In one embodiment, the symmetrical conference key "session key" may include a first conference key used to verify identity and another second conference key used to verify message integrity. After the transaction authentication host 120 and the user card 110 both successfully authenticate the other party as a legal transaction object according to the first conference key and successfully verify the integrity of the received and sent messages according to the second conference key, the transaction authentication host 120 and the user card 110 can carry out the transaction specified by the transaction command CMD. For example, the user card 110 can deduct the amount or points required for the transaction from the balance information, and the transaction authentication host 120 can unlock the use right of a specific instrument or professional software according to the transaction content. In this way, the holder of the user card 110 can use specific equipment or professional software through payment.

於一實施例中,使用者卡片110記錄有第一加密金鑰K1,使用者卡片110依據第一加密金鑰K1產生對稱式會議金鑰“session key”。交易認證主機120具有第二加密金鑰K2,交易認證主機120依據金鑰衍生函數(KDF)與第二加密金鑰K2推導出第一加密金鑰K1。交易認證主機120再依據第一加密金鑰K1產生對稱式會議金鑰“session key”。In one embodiment, the user card 110 records a first encryption key K1, and the user card 110 generates a symmetrical conference key "session key" according to the first encryption key K1. The transaction authentication host 120 has a second encryption key K2, and the transaction authentication host 120 derives the first encryption key K1 according to the key derivation function (KDF) and the second encryption key K2. The transaction authentication host 120 then generates a symmetrical conference key "session key" according to the first encryption key K1.

最後,於步驟S203,藉由使用者卡片110利用非對稱私密金鑰對交易的交易記錄產生數位簽章,並將數位簽章與交易記錄儲存至儲存媒介。例如,數位簽章與交易記錄可儲存於內建於交易認證主機120中的儲存媒介123,或者位簽章與交易記錄也可儲存於使用者卡片110的處理晶片112中。具體而言,製造使用者卡片110時,製卡方可先依據非對稱加密演算法產生一把非對稱公開金鑰與一把非對稱私密金鑰,並將非對稱私密金鑰寫入至使用者卡片110,且將非對稱公開金鑰儲存至一資料庫。上述非對稱加密演算法例如是RSA(Rivest-Shamir-Adleman)演算法、數位簽章演算法(Digital Signature Algorithm,DSA)或橢圓曲線數位簽章演算法(Elliptic Curve Digital Signature Algorithm,ECDSA)等等。藉此,當要稽核使用者卡片110的交易記錄時,驗證者可自資料庫取得非對稱公開金鑰並對記錄於儲存媒介中的數位簽章與交易記錄進行驗證。通過驗證的數位簽章與交易記錄可供驗證方正確得知使用者卡片110的交易記錄。藉此,本發明實施例可在離線環境下提供一種交易記錄可驗證的卡片交易方法。在有心人士無法得知使用者卡片110的非對稱私密金鑰的情況下,並無法偽造交易記錄。Finally, in step S203, the user card 110 uses the asymmetric private key to generate a digital signature on the transaction record of the transaction, and save the digital signature and transaction record to a storage medium. For example, the digital signature and transaction records can be stored in the storage medium 123 built in the transaction authentication host 120, or the digital signature and transaction records can also be stored in the processing chip 112 of the user card 110. Specifically, when manufacturing the user card 110, the card maker can first generate an asymmetric public key and an asymmetric private key according to the asymmetric encryption algorithm, and write the asymmetric private key to the user And store the asymmetric public key in a database. The aforementioned asymmetric encryption algorithm is, for example, RSA (Rivest-Shamir-Adleman) algorithm, digital signature algorithm (Digital Signature Algorithm, DSA), or elliptic curve digital signature algorithm (Elliptic Curve Digital Signature Algorithm, ECDSA), etc. . Thereby, when the transaction record of the user card 110 is to be audited, the verifier can obtain the asymmetric public key from the database and verify the digital signature and transaction record recorded in the storage medium. The verified digital signature and transaction record can allow the verifier to correctly know the transaction record of the user card 110. In this way, the embodiment of the present invention can provide a card transaction method with verifiable transaction records in an offline environment. In the case that the interested person cannot know the asymmetric private key of the user card 110, the transaction record cannot be forged.

基於前述可知,交易可包括扣款交易或儲值交易。然而,無論是進行扣款交易或儲值交易,使用者卡片110與交易認證主機120之間的身份驗證流程相似,都是在離線環境下透過對稱式金鑰加密法來進行身份驗證與確認訊息的正確性。以下將分別列舉實施例以說明之。Based on the foregoing knowledge, transactions may include deduction transactions or stored value transactions. However, whether it is a deduction transaction or a stored-value transaction, the identity verification process between the user card 110 and the transaction verification host 120 is similar, and the identity verification and confirmation messages are performed through symmetric key encryption in an offline environment. The correctness. Examples will be listed below to illustrate.

圖3是依照本發明一實施例的使用SAM卡片的離線式卡片交易認證系統的示意圖。請參照圖3,於本實施例中,當交易為扣款交易時,交易認證主機120更包括耦接至讀卡裝置121的安全存取模組(Secure Access Module,SAM)卡片124_1。相對的,用於產生對稱式會議金鑰的第二加密金鑰K2包括記錄於SAM卡片124_1中的一把扣款加密金鑰。SAM卡片124_1也是一張具有運算與儲存晶片的智慧卡。亦即,圖1所示的處理電路124可由處理器124_1以及SAM卡片124_1來實施。換言之,於圖3的實施例中,需要SAM卡片124_1來進行交易認證。透過將第二金鑰K2與基於第二金鑰K2而衍生出的第一金鑰K1分別寫入SAM卡片124_1以及使用者卡片110,製卡方將製造可相互匹配的SAM卡片124_1以及使用者卡片110。Fig. 3 is a schematic diagram of an offline card transaction authentication system using a SAM card according to an embodiment of the present invention. 3, in this embodiment, when the transaction is a deduction transaction, the transaction authentication host 120 further includes a Secure Access Module (SAM) card 124_1 coupled to the card reader 121. In contrast, the second encryption key K2 used to generate the symmetric conference key includes a deduction encryption key recorded in the SAM card 124_1. The SAM card 124_1 is also a smart card with computing and storage chips. That is, the processing circuit 124 shown in FIG. 1 can be implemented by the processor 124_1 and the SAM card 124_1. In other words, in the embodiment of FIG. 3, the SAM card 124_1 is required for transaction authentication. By writing the second key K2 and the first key K1 derived from the second key K2 into the SAM card 124_1 and the user card 110, respectively, the card maker will manufacture the SAM card 124_1 and the user that can match each other Card 110.

圖4是依照本發明一實施例的離線式卡片交易認證系統進行扣款流程的流程圖。請參照圖4,本實施例的方式適用於圖3實施例中的離線式卡片交易認證系統10,以下即搭配離線式卡片交易認證系統10中的各項元件說明本實施例之離線式卡片交易認證方法的詳細步驟。Fig. 4 is a flowchart of a deduction process performed by an offline card transaction authentication system according to an embodiment of the present invention. Please refer to FIG. 4, the method of this embodiment is applicable to the offline card transaction authentication system 10 in the embodiment of FIG. The detailed steps of the authentication method.

須先說明的是,以下實施例將以使用者卡片110裡的餘額資訊是以點數為單位進行說明,但本發明並不限制於此。亦即,使用者卡片110需花費特定金額去購買使用者卡片110裡的卡片點數。於步驟S401,交易認證主機120的處理器124_1接收交易指令CMD’,而此交易指令CMD’為一扣款指令。於步驟S402,處理器124_1響應於交易指令CMD’而發送扣點請求至SAM卡片124_1。於步驟S403,SAM卡片124_1產生第一亂數。於步驟S404,SAM卡片124_1將第一亂數發送給交易認證主機120的處理器124_1。於步驟S405,交易認證主機120的處理器124_1將第一亂數與扣點資訊發送給使用者卡片110,而扣點資訊可包括扣點交易點數與時間戳。It should be noted that, in the following embodiments, the balance information in the user card 110 is described in units of points, but the present invention is not limited to this. That is, the user card 110 needs to spend a certain amount of money to purchase the card points in the user card 110. In step S401, the processor 124_1 of the transaction authentication host 120 receives the transaction command CMD', and the transaction command CMD' is a deduction command. In step S402, the processor 124_1 sends a deduction request to the SAM card 124_1 in response to the transaction command CMD'. In step S403, the SAM card 124_1 generates a first random number. In step S404, the SAM card 124_1 sends the first random number to the processor 124_1 of the transaction authentication host 120. In step S405, the processor 124_1 of the transaction authentication host 120 sends the first random number and deduction information to the user card 110, and the deduction information may include deduction transaction points and a time stamp.

接著,於步驟S406,使用者卡片110反應於接收到扣點資訊而產生第二亂數。使用者卡片110記錄有扣點用的第一加密金鑰。於步驟S407,使用者卡片110依據第一加密金鑰、交易計數器、第一亂數以及第二亂數產生對稱式會議金鑰,並且透過依據對稱式會議金鑰加密第一亂數與第二亂數的串接序列而產生第一加密代符(token)。於步驟S408,使用者卡片110將使用者卡片卡號、使用者卡片唯一識別碼(UUID)、第二亂數、扣點資訊、餘額資訊以及第一加密token發送給SAM卡片124_1。此外,於步驟S408,使用者卡片110也可依據上述訊係內容產生MAC並發送給SAM卡片124_1。Next, in step S406, the user card 110 generates a second random number in response to receiving the deduction point information. The user card 110 records the first encryption key for deduction. In step S407, the user card 110 generates a symmetric conference key according to the first encryption key, the transaction counter, the first random number, and the second random number, and encrypts the first random number and the second random number according to the symmetric conference key. The concatenated sequence of random numbers generates the first encrypted token. In step S408, the user card 110 sends the user card number, the user card unique identification code (UUID), the second random number, the deduction information, the balance information, and the first encrypted token to the SAM card 124_1. In addition, in step S408, the user card 110 can also generate a MAC based on the above-mentioned signal content and send it to the SAM card 124_1.

SAM卡片124_1記錄有扣款加密金鑰。於步驟S409,SAM卡片124_1依據金鑰衍生函數(KDF)與扣款加密金鑰推導出第一加密金鑰,並依據依據第一加密金鑰、交易計數器、第一亂數以及第二亂數產生對稱式會議金鑰。於步驟S410,SAM卡片124_1使用對稱式會議金鑰驗證第一加密token。SAM卡片124_1使用對稱式會議金鑰解密第一加密token,從而藉由比較解密結果裡的亂數資訊與第一亂數進行驗證。此外,SAM卡片124_1可依據來自使用者卡片110的MAC驗證訊息完整性。於步驟S411,SAM卡片124_1透過依據對稱式會議金鑰加密第二亂數與第一亂數的串接序列而產生第二加密代符(token)。於步驟S413,SAM卡片124_1將使用者卡片卡號、扣點資訊、餘額資訊以及第二加密token發送給使用者卡片110。The SAM card 124_1 records the debit encryption key. In step S409, the SAM card 124_1 derives the first encryption key according to the key derivation function (KDF) and the deduction encryption key, and according to the first encryption key, the transaction counter, the first random number, and the second random number Generate a symmetric conference key. In step S410, the SAM card 124_1 uses the symmetric conference key to verify the first encryption token. The SAM card 124_1 uses the symmetric conference key to decrypt the first encrypted token, thereby verifying by comparing the random number information in the decryption result with the first random number. In addition, the SAM card 124_1 can verify the integrity of the message according to the MAC from the user card 110. In step S411, the SAM card 124_1 generates a second encrypted token by encrypting the concatenation sequence of the second random number and the first random number according to the symmetric conference key. In step S413, the SAM card 124_1 sends the user card number, deduction point information, balance information, and the second encrypted token to the user card 110.

於步驟S414,使用者卡片110確認交易資訊並使用對稱式會議金鑰驗證第二加密token。使用者卡片110使用對稱式會議金鑰解密第二加密token,從而藉由比較解密結果裡的亂數資訊與第二亂數進行驗證。於步驟S415,使用者卡片110依據扣點資訊調整餘額資訊,亦即自餘額扣除扣點資訊裡的扣點交易點數。像是,餘額資訊原本是50點且扣點交易點數為5點,則使用者卡片110的餘額資訊將基於扣款交易的扣點資訊而減少為45點。於步驟S416,使用者卡片110利用非對稱私密金鑰對交易記錄產生數位簽章,亦即利用非對稱私密金鑰對交易記錄進行簽名。於步驟S417,使用者卡片110將交易記錄與數位簽章一併發送給處理器124_1而記錄於儲存媒介123中,上述交易記錄包括使用者卡片卡號、扣點資訊以及餘額資訊。In step S414, the user card 110 confirms the transaction information and uses the symmetric conference key to verify the second encryption token. The user card 110 uses the symmetric conference key to decrypt the second encrypted token, thereby verifying by comparing the random number information in the decryption result with the second random number. In step S415, the user card 110 adjusts the balance information according to the deduction information, that is, deducts the deduction transaction points in the deduction information from the balance. For example, if the balance information is originally 50 points and the point deduction transaction points are 5 points, the balance information of the user card 110 will be reduced to 45 points based on the deduction point information of the deduction transaction. In step S416, the user card 110 uses the asymmetric private key to generate a digital signature on the transaction record, that is, uses the asymmetric private key to sign the transaction record. In step S417, the user card 110 sends the transaction record and the digital signature to the processor 124_1 and records it in the storage medium 123. The transaction record includes the user card number, deduction point information, and balance information.

基於圖4所示的流程,使用者卡片110可與交易認證主機120於離線環境下進行身份認證流程而進行扣款交易,並將具有數位簽章的交易記錄發送至交易認證主機120以供日後稽核。Based on the process shown in FIG. 4, the user card 110 can perform an identity authentication process with the transaction authentication host 120 in an offline environment to perform a deduction transaction, and send the transaction record with a digital signature to the transaction authentication host 120 for later Audit.

具體而言,於一實施例中,交易記錄包括使用者卡片110的使用者卡片卡號。驗證主機可存取儲存媒介123裡關於多張使用者卡片的所有交易記錄與數位簽章。驗證主機可以是交易認證主機120或是其他裝置,本發明對此不限制。驗證主機可依據使用者卡片110的卡號自資料庫搜尋出匹配於使用者卡片110的非對稱私密金鑰的一非對稱公開金鑰,並依據此非對稱公開金鑰對數位簽章進行驗證,以稽核使用者卡片110的交易記錄。Specifically, in one embodiment, the transaction record includes the user card number of the user card 110. The verification host can access all transaction records and digital signatures of multiple user cards in the storage medium 123. The verification host may be the transaction verification host 120 or other devices, and the present invention is not limited thereto. The verification host can search the database for an asymmetric public key matching the asymmetric private key of the user card 110 according to the card number of the user card 110, and verify the digital signature according to the asymmetric public key. To audit the transaction records of the user card 110.

基於圖3至圖4的說明,於一實施例中,SAM卡片與使用者卡片裡的金鑰可整理如下範例表1。 表1 卡片名稱 記錄金鑰名稱 金鑰類型 衍生源 用途 使用者卡片 私密金鑰EC_C EC 256   數位簽章 扣款用第一加密金鑰 dDEDIT_C   AES 128 dDEDIT_SC 身份認證 扣款用MAC金鑰 dDEDIT_MAC_C   AES 128 dDEDIT_MAC_SC 訊息完整驗證 SAM卡片 扣款加密金鑰dDEDIT_SC AES 128 kDEBIT 身份認證 扣款用MAC金鑰 dDEDIT_MAC_SC   AES 128 kDEBIT_MAC 身份認證 其中,kDEBIT與kDEBIT_mac是製卡方所具有的最上層金鑰。亦即,SAM卡片與使用者卡片所記錄的對稱式加密金鑰都是由製卡方的最上層金鑰衍生而來。Based on the description of FIGS. 3 to 4, in one embodiment, the keys in the SAM card and the user card can be sorted into the following example table 1. Table 1 Card name Record key name Key type Derivative source use User card Private key EC_C EC 256 Digital signature The first encryption key dDEDIT_C for deduction AES 128 dDEDIT_SC Authentication MAC key for deduction dDEDIT_MAC_C AES 128 dDEDIT_MAC_SC Message complete verification SAM card Debit encryption key dDEDIT_SC AES 128 kDEBIT Authentication MAC key for deduction dDEDIT_MAC_SC AES 128 kDEBIT_MAC Authentication Among them, kDEBIT and kDEBIT_mac are the top-level keys possessed by the card maker. That is, the symmetric encryption keys recorded on the SAM card and the user card are all derived from the top key of the card maker.

圖5是依照本發明一實施例的使用經銷商卡片的離線式卡片交易認證系統的示意圖。請參照圖5,於本實施例中,當交易為儲值交易時,交易認證主機120更包括耦接至讀卡裝置121的經銷商卡片124_3。相對的,用於產生對稱式會議金鑰的第二加密金鑰K2包括記錄於經銷商卡片124_3中的一把儲值加密金鑰。經銷商卡片124_3也是一張具有運算與儲存晶片的智慧卡,且經銷商卡片124_3裡記錄有可供使用者購買的經銷點數。亦即,圖1所示的處理電路124可由處理器124_1以及經銷商卡片124_3來實施。換言之,於圖5的實施例中,需要經銷商卡片124_3來進行交易認證與儲值流程。透過將第二金鑰K2與基於第二金鑰K2而衍生出的第一金鑰K1分別寫經銷商卡片124_3以及使用者卡片110,製卡方將製造可相互匹配的經銷商卡片124_3以及使用者卡片110。Fig. 5 is a schematic diagram of an offline card transaction authentication system using a dealer card according to an embodiment of the present invention. 5, in this embodiment, when the transaction is a stored-value transaction, the transaction authentication host 120 further includes a dealer card 124_3 coupled to the card reader 121. In contrast, the second encryption key K2 used to generate the symmetric conference key includes a stored-value encryption key recorded in the dealer card 124_3. The dealer card 124_3 is also a smart card with computing and storage chips, and the dealer card 124_3 records the number of dealership points available for users to purchase. That is, the processing circuit 124 shown in FIG. 1 can be implemented by the processor 124_1 and the dealer card 124_3. In other words, in the embodiment of FIG. 5, the dealer card 124_3 is required to perform the transaction authentication and stored value process. By writing the second key K2 and the first key K1 derived from the second key K2 into the dealer card 124_3 and the user card 110, respectively, the card maker will make a dealer card 124_3 that can be matched with each other and use it者卡110。 The card 110.

圖6是依照本發明一實施例的離線式卡片交易認證系統進行儲值流程的流程圖。請參照圖6,本實施例的方式適用於圖5實施例中的離線式卡片交易認證系統10,以下即搭配離線式卡片交易認證系統10中的各項元件說明本實施例之離線式卡片交易認證方法的詳細步驟。Fig. 6 is a flow chart of the process of storing value in an offline card transaction authentication system according to an embodiment of the present invention. Please refer to FIG. 6, the method of this embodiment is applicable to the offline card transaction authentication system 10 in the embodiment of FIG. The detailed steps of the authentication method.

需說明的是,經銷商卡片124_3以及使用者卡片110之間的身份認證流程相似於前述實施例中SAM卡片124_1以及使用者卡片110之間的身份認證流程。於步驟S601,交易認證主機120的處理器124_1接收交易指令CMD’’,而此交易指令CMD’’為一儲值指令。於步驟S602,處理器124_1響應於交易指令CMD’’而發送儲值請求至經銷商卡片124_3。於步驟S603,經銷商卡片124_3產生第一亂數。於步驟S604,經銷商卡片124_3將第一亂數發送給交易認證主機120的處理器124_1。於步驟S605,交易認證主機120的處理器124_1將第一亂數與儲值資訊發送給使用者卡片110,而儲值資訊可包括儲值交易點數與時間戳。It should be noted that the identity authentication process between the dealer card 124_3 and the user card 110 is similar to the identity authentication process between the SAM card 124_1 and the user card 110 in the foregoing embodiment. In step S601, the processor 124_1 of the transaction authentication host 120 receives the transaction command CMD’’, and the transaction command CMD’’ is a stored value command. In step S602, the processor 124_1 sends a stored value request to the dealer card 124_3 in response to the transaction command CMD'. In step S603, the dealer card 124_3 generates a first random number. In step S604, the dealer card 124_3 sends the first random number to the processor 124_1 of the transaction authentication host 120. In step S605, the processor 124_1 of the transaction authentication host 120 sends the first random number and stored value information to the user card 110, and the stored value information may include stored value transaction points and a time stamp.

接著,於步驟S606,使用者卡片110反應於接收到儲值資訊而產生第二亂數。使用者卡片110記錄有儲值用的第一加密金鑰。於步驟S407,使用者卡片110依據第一加密金鑰、交易計數器、第一亂數以及第二亂數產生對稱式會議金鑰,並且透過依據對稱式會議金鑰加密第一亂數與第二亂數的串接序列而產生第一加密代符(token)。於步驟S608,使用者卡片110將使用者卡片卡號、使用者卡片UUID、第二亂數、儲值資訊、餘額資訊以及第一加密token發送給經銷商卡片124_3。此外,於步驟S408,使用者卡片110也可依據上述訊係內容產生MAC並發送給經銷商卡片124_3。Next, in step S606, the user card 110 generates a second random number in response to receiving the stored value information. The user card 110 records a first encryption key for storing value. In step S407, the user card 110 generates a symmetric conference key according to the first encryption key, the transaction counter, the first random number, and the second random number, and encrypts the first random number and the second random number according to the symmetric conference key. The concatenated sequence of random numbers generates the first encrypted token. In step S608, the user card 110 sends the user card number, the user card UUID, the second random number, the stored value information, the balance information, and the first encrypted token to the dealer card 124_3. In addition, in step S408, the user card 110 can also generate a MAC based on the above-mentioned signal content and send it to the dealer card 124_3.

經銷商卡片124_3記錄有儲值加密金鑰。於步驟S609,SAM卡片124_1依據金鑰衍生函數(KDF)與儲值加密金鑰推導出第一加密金鑰,並依據依據第一加密金鑰、交易計數器、第一亂數以及第二亂數產生對稱式會議金鑰。於步驟S610,經銷商卡片124_3使用對稱式會議金鑰驗證第一加密token。此外,經銷商卡片124_3依據來自使用者卡片110的MAC驗證訊息完整性。於步驟S611,經銷商卡片124_3透過依據對稱式會議金鑰加密第二亂數與第一亂數的串接序列而產生第二加密token。於步驟S613,經銷商卡片124_3將使用者卡片卡號、儲值資訊、餘額資訊以及第二加密token發送給使用者卡片110。此外,在經銷商卡片124_3驗證完使用者卡片110的身份之後,於步驟S612,經銷商卡片124_3可依據儲值資訊而調整經銷商卡片124_3裡的經銷餘額資訊。舉例而言,經銷商卡片124_3裡可供使用者卡片110支持有者購買的經銷餘額原本為1000點,若儲值資訊裡的儲值交易點數是100點,則經銷商卡片124_3裡的經銷餘額將調降為900點。The dealer card 124_3 records the stored value encryption key. In step S609, the SAM card 124_1 derives the first encryption key according to the key derivation function (KDF) and the stored value encryption key, and according to the first encryption key, the transaction counter, the first random number, and the second random number Generate a symmetric conference key. In step S610, the dealer card 124_3 uses the symmetric conference key to verify the first encryption token. In addition, the dealer card 124_3 verifies the integrity of the message according to the MAC from the user card 110. In step S611, the dealer card 124_3 generates a second encrypted token by encrypting the concatenation sequence of the second random number and the first random number according to the symmetric conference key. In step S613, the dealer card 124_3 sends the user card number, stored value information, balance information, and the second encrypted token to the user card 110. In addition, after the dealer card 124_3 verifies the identity of the user card 110, in step S612, the dealer card 124_3 can adjust the dealer balance information in the dealer card 124_3 according to the stored value information. For example, the dealership balance in the dealer card 124_3 available for the user card 110 to support purchasers was originally 1000 points. If the stored value transaction points in the stored value information are 100 points, then the dealership in the dealer card 124_3 The balance will be reduced to 900 points.

於步驟S614,使用者卡片110確認交易資訊並使用對稱式會議金鑰驗證第二加密token。於步驟S615,使用者卡片110依據儲值資訊調升餘額資訊,亦即把餘額加上儲值資訊裡的儲值交易點數。於步驟S616,使用者卡片110利用非對稱私密金鑰對交易記錄產生數位簽章,亦即利用非對稱私密金鑰對交易記錄進行簽名。於步驟S617,使用者卡片110將交易記錄與數位簽章一併發送給處理器124_1而記錄於儲存媒介123中,上述交易記錄包括使用者卡片卡號、儲值資訊以及餘額資訊。In step S614, the user card 110 confirms the transaction information and uses the symmetric conference key to verify the second encryption token. In step S615, the user card 110 increases the balance information according to the stored value information, that is, adds the balance to the stored value transaction points in the stored value information. In step S616, the user card 110 uses the asymmetric private key to generate a digital signature on the transaction record, that is, uses the asymmetric private key to sign the transaction record. In step S617, the user card 110 sends the transaction record and the digital signature to the processor 124_1 and records it in the storage medium 123. The transaction record includes the user card number, stored value information, and balance information.

基於圖6所示的流程,使用者卡片110可與交易認證主機120於離線環境下進行身份認證流程而進行儲值交易,並將具有數位簽章的交易記錄發送至交易認證主機120以供日後稽核。相似的,驗證主機也可驗證使用者卡片110進行儲值的交易記錄。Based on the process shown in FIG. 6, the user card 110 can perform an identity authentication process with the transaction authentication host 120 in an offline environment to perform a stored-value transaction, and send the transaction record with a digital signature to the transaction authentication host 120 for later Audit. Similarly, the verification host can also verify the transaction record of the stored value of the user card 110.

基於圖5至圖6的說明,於一實施例中,使用者卡片以及經銷商卡片裡的金鑰可整理如下範例表2。 表2 卡片名稱 記錄金鑰名稱 金鑰類型 衍生源 用途 使用者卡片 私密金鑰EC_C EC 256   數位簽章 儲值用第一加密金鑰 dCREDIT_C   AES 128 dDREDIT_P 身份認證 儲值用MAC金鑰 dCREDIT_MAC_C   AES 128 dDREDIT_MAC_P 訊息完整驗證 經銷商卡片 儲值加密金鑰 dDEDIT_P   AES 128 kDEBIT 身份認證 儲值用MAC金鑰 dDEDIT_MAC_P   AES 128 kDEBIT_MAC 訊息完整驗證 其中,kDEBIT與kDEBIT_MAC是製卡方所具有的最上層金鑰。亦即,經銷商卡片與使用者卡片所記錄的對稱式加密金鑰都是由製卡方的最上層金鑰衍生而來。Based on the description of FIG. 5 to FIG. 6, in one embodiment, the keys in the user card and the dealer card can be sorted into the following example table 2. Table 2 Card name Record key name Key type Derivative source use User card Private key EC_C EC 256 Digital signature The first encryption key for storing value dCREDIT_C AES 128 dDREDIT_P Authentication MAC key for recharge dCREDIT_MAC_C AES 128 dDREDIT_MAC_P Message complete verification Dealer Card Stored value encryption key dDEDIT_P AES 128 kDEBIT Authentication MAC key for recharge dDEDIT_MAC_P AES 128 kDEBIT_MAC Message complete verification Among them, kDEBIT and kDEBIT_MAC are the top-level keys possessed by the card maker. That is, the symmetric encryption keys recorded on the dealer card and the user card are all derived from the top key of the card maker.

綜上所述,於本發明實施例中,於卡片與交易認證主機進行身份驗證時使用對稱金鑰加密法,並依據非對稱金鑰加密法來產生交易記錄的數位簽章。藉此,本發明實施例可免除身份認證時的非對稱金鑰管理本與交易認證主機上線查詢公開金鑰的步驟,因而可於離線環境中進行快速且低成本的身份驗證。藉此,可避免交易認證主機暴露於網路連線環境中而使其保存的資料受到竊取或竄改。另外,由於本發明實施例是依據非對稱金鑰加密法來產生交易記錄的數位簽章,因此離線式卡片交易認證系統可於離線環境中記錄可驗證的交易記錄,以供驗證主機可使用公開金鑰來驗證交易記錄的正確性以供稽核。In summary, in the embodiment of the present invention, the symmetric key encryption method is used when the card and the transaction authentication host perform identity verification, and the digital signature of the transaction record is generated according to the asymmetric key encryption method. Thereby, the embodiment of the present invention can avoid the steps of asymmetric key management book and transaction authentication host inquiring the public key online during identity authentication, so that fast and low-cost identity verification can be performed in an offline environment. In this way, it is possible to prevent the transaction authentication host from being exposed to the network connection environment and its stored data from being stolen or tampered with. In addition, since the embodiment of the present invention generates the digital signature of the transaction record based on the asymmetric key encryption method, the offline card transaction authentication system can record the verifiable transaction record in the offline environment for the verification host to use the public The key is used to verify the correctness of the transaction record for audit.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The protection scope of the present invention shall be subject to those defined by the attached patent application scope.

10:離線式卡片交易認證系統 110:使用者卡片 120:交易認證主機 111:傳輸介面 112:處理晶片 121:讀卡裝置 122:指令接收單元 123:儲存媒介 124:處理電路 124_1:處理器 124_2:SAM卡 124_3:經銷商卡 CMD、CMD’、CMD’’:交易指令 S201~S203、S401~S417、S601~S617:步驟10: Offline card transaction authentication system 110: User Card 120: Transaction authentication host 111: Transmission interface 112: Handling wafers 121: card reader 122: instruction receiving unit 123: storage medium 124: Processing circuit 124_1: processor 124_2: SAM card 124_3: Dealer Card CMD, CMD’, CMD’’: trading instructions S201~S203, S401~S417, S601~S617: steps

圖1是依照本發明一實施例的離線式卡片交易認證系統的示意圖。 圖2是依照本發明一實施例的離線式卡片交易認證方法的流程圖。 圖3是依照本發明一實施例的使用SAM卡片的離線式卡片交易認證系統的示意圖。 圖4是依照本發明一實施例的離線式卡片交易認證系統進行扣款流程的流程圖。 圖5是依照本發明一實施例的使用經銷商卡片的離線式卡片交易認證系統的示意圖。 圖6是依照本發明一實施例的離線式卡片交易認證系統進行儲值流程的流程圖。Fig. 1 is a schematic diagram of an offline card transaction authentication system according to an embodiment of the present invention. Fig. 2 is a flowchart of an offline card transaction authentication method according to an embodiment of the present invention. Fig. 3 is a schematic diagram of an offline card transaction authentication system using a SAM card according to an embodiment of the present invention. Fig. 4 is a flowchart of a deduction process performed by an offline card transaction authentication system according to an embodiment of the present invention. Fig. 5 is a schematic diagram of an offline card transaction authentication system using a dealer card according to an embodiment of the present invention. Fig. 6 is a flow chart of the process of storing value in an offline card transaction authentication system according to an embodiment of the present invention.

S201~S203:步驟S201~S203: steps

Claims (14)

一種離線式卡片交易認證系統,所述系統包括: 一使用者卡片,記錄有一非對稱私密金鑰以及餘額資訊,並產生一對稱式會議金鑰; 一交易認證主機,包括耦接至該使用者卡片的一讀卡裝置,並產生該對稱式會議金鑰, 其中反應於該交易認證主機接收到一交易指令,該交易認證主機與該使用者卡片依據該對稱式會議金鑰進行一身份認證程序, 反應於該使用者卡片通過該身份認證程序,該交易認證主機與該使用者卡片進行該交易指令所指定的一交易,且該使用者卡片依據該交易調整該餘額資訊, 其中該使用者卡片利用該非對稱私密金鑰對該交易的交易記錄產生一數位簽章,並將該數位簽章與交易記錄儲存至一儲存媒介。An offline card transaction authentication system, the system includes: A user card records an asymmetric private key and balance information, and generates a symmetric conference key; A transaction authentication host includes a card reader coupled to the user card and generates the symmetric conference key, The response is that the transaction authentication host receives a transaction instruction, and the transaction authentication host and the user card perform an identity authentication procedure based on the symmetric conference key. In response to the user card passing the identity authentication process, the transaction authentication host performs a transaction specified by the transaction instruction with the user card, and the user card adjusts the balance information according to the transaction, The user card uses the asymmetric private key to generate a digital signature for the transaction record of the transaction, and stores the digital signature and transaction record in a storage medium. 如申請專利範圍第1項所述的離線式卡片交易認證系統,其中該交易指令包括一扣款交易指令或一儲值交易指令,且該交易包括一扣款交易或一儲值交易。For example, in the offline card transaction authentication system described in item 1 of the scope of patent application, the transaction instruction includes a deduction transaction instruction or a stored value transaction instruction, and the transaction includes a deduction transaction or a stored value transaction. 如申請專利範圍第2項所述的離線式卡片交易認證系統,其中該使用者卡片記錄有一第一加密金鑰,該使用者卡片依據該第一加密金鑰產生該對稱式會議金鑰,該交易認證主機具有一第二加密金鑰,該交易認證主機依據一金鑰衍生函數(KDF)與該第二加密金鑰推導出該第一加密金鑰,且該交易認證主機依據該第一加密金鑰產生該對稱式會議金鑰。For example, the offline card transaction authentication system described in item 2 of the scope of patent application, wherein the user card records a first encryption key, the user card generates the symmetric conference key according to the first encryption key, and The transaction authentication host has a second encryption key, the transaction authentication host derives the first encryption key according to a key derivation function (KDF) and the second encryption key, and the transaction authentication host derives the first encryption key according to the first encryption The key generates the symmetric conference key. 如申請專利範圍第3項所述的離線式卡片交易認證系統,其中該交易認證主機更包括耦接至該讀卡裝置的一安全存取模組卡片,該第二加密金鑰包括記錄於該安全存取模組卡片中的扣款加密金鑰。The offline card transaction authentication system described in item 3 of the scope of patent application, wherein the transaction authentication host further includes a secure access module card coupled to the card reader, and the second encryption key includes records recorded in the Securely access the debit encryption key in the card of the module. 如申請專利範圍第3項所述的離線式卡片交易認證系統,其中該交易認證主機更包括耦接至該讀卡裝置的一經銷商卡片,該第二加密金鑰包括記錄於該經銷商卡片中的儲值加密金鑰。The offline card transaction authentication system described in item 3 of the scope of patent application, wherein the transaction authentication host further includes a dealer card coupled to the card reader, and the second encryption key includes records recorded on the dealer card The stored value encryption key in. 如申請專利範圍第1項所述的離線式卡片交易認證系統,其中該儲存媒介內建於該交易認證主機中。In the offline card transaction authentication system described in item 1 of the scope of patent application, the storage medium is built in the transaction authentication host. 如申請專利範圍第1項所述的離線式卡片交易認證系統,其中該交易記錄包括該使用者卡片的一卡號, 其中所述離線式卡片交易認證系統更包括一驗證主機,該驗證主機依據該卡號自一資料庫搜尋出一非對稱公開金鑰,並依據該非對稱公開金鑰對該數位簽章進行驗證,以稽核該使用者卡片的該交易記錄。For example, the offline card transaction authentication system described in item 1 of the scope of patent application, wherein the transaction record includes a card number of the user card, The offline card transaction authentication system further includes a verification host. The verification host searches for an asymmetric public key from a database based on the card number, and verifies the digital signature based on the asymmetric public key to Audit the transaction record of the user card. 一種離線式卡片交易認證方法,包括: 反應於一交易認證主機接收到一交易指令,藉由該使用者卡片產生一對稱式會議金鑰,藉由該交易認證主機產生該對稱式會議金鑰,並藉由該交易認證主機與該使用者卡片依據該對稱式會議金鑰進行一身份認證程序; 反應於該使用者卡片通過該身份認證程序,藉由該交易認證主機與該使用者卡片進行該交易指令指定的一交易,且藉由該使用者卡片依據該交易調整該使用者卡片所記錄的餘額資訊;以及 藉由該使用者卡片利用該非對稱私密金鑰對該交易的交易記錄產生一數位簽章,並將該數位簽章與交易記錄儲存至一儲存媒介。An offline card transaction authentication method, including: In response to a transaction authentication host receiving a transaction instruction, a symmetric conference key is generated by the user card, the symmetric conference key is generated by the transaction authentication host, and the transaction authentication host and the user The user card performs an identity authentication procedure based on the symmetric conference key; It reflects that the user card passes the identity authentication process, the transaction authentication host performs a transaction specified by the transaction instruction with the user card, and the user card adjusts the recorded value of the user card according to the transaction. Balance information; and The user card uses the asymmetric private key to generate a digital signature for the transaction record of the transaction, and stores the digital signature and transaction record in a storage medium. 如申請專利範圍第8項所述的離線式卡片交易認證方法,其中該交易指令包括一扣款交易指令或一儲值交易指令,且該交易包括一扣款交易或一儲值交易。For example, in the offline card transaction authentication method described in item 8 of the scope of patent application, the transaction instruction includes a deduction transaction instruction or a stored value transaction instruction, and the transaction includes a deduction transaction or a stored value transaction. 如申請專利範圍第9項所述的離線式卡片交易認證方法,其中該使用者卡片記錄有一第一加密金鑰,該使用者卡片依據該第一加密金鑰產生該對稱式會議金鑰,該交易認證主機具有一第二加密金鑰,該交易認證主機依據一金鑰衍生函數(KDF)與該第二加密金鑰推導出該第一加密金鑰,且該交易認證主機依據該第一加密金鑰產生該對稱式會議金鑰。For example, in the off-line card transaction authentication method described in claim 9, wherein the user card records a first encryption key, the user card generates the symmetric conference key according to the first encryption key, and The transaction authentication host has a second encryption key, the transaction authentication host derives the first encryption key according to a key derivation function (KDF) and the second encryption key, and the transaction authentication host derives the first encryption key according to the first encryption The key generates the symmetric conference key. 如申請專利範圍第10項所述的離線式卡片交易認證方法,其中該交易認證主機更包括耦接至該讀卡裝置的一安全存取模組卡片,該第二加密金鑰記錄於該安全存取模組卡片中的扣款加密金鑰。According to the off-line card transaction authentication method described in claim 10, the transaction authentication host further includes a secure access module card coupled to the card reader, and the second encryption key is recorded in the secure Access the debit encryption key in the module card. 如申請專利範圍第10項所述的離線式卡片交易認證方法,其中該交易認證主機更包括耦接至該讀卡裝置的一經銷商卡片,該第二加密金鑰包括記錄於該經銷商卡片中的儲值加密金鑰。The offline card transaction authentication method according to item 10 of the scope of patent application, wherein the transaction authentication host further includes a dealer card coupled to the card reader, and the second encryption key is included in the dealer card The stored value encryption key in. 如申請專利範圍第8項所述的離線式卡片交易認證方法,其中該儲存媒介內建於該交易認證主機中。In the offline card transaction authentication method described in item 8 of the scope of patent application, the storage medium is built in the transaction authentication host. 如申請專利範圍第8項所述的離線式卡片交易認證方法,其中該交易記錄包括該使用者卡片的一卡號,而所述方法更包括: 藉由一驗證主機依據該卡號自一資料庫搜尋出一非對稱公開金鑰,並依據該非對稱公開金鑰對該數位簽章進行驗證,以稽核該使用者卡片的該交易記錄。The offline card transaction authentication method described in item 8 of the scope of patent application, wherein the transaction record includes a card number of the user card, and the method further includes: A verification host searches for an asymmetric public key from a database based on the card number, and verifies the digital signature based on the asymmetric public key to audit the transaction record of the user card.
TW109100305A 2020-01-06 2020-01-06 Offline card transaction authentication system and offline card transaction authentication method TW202127339A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW109100305A TW202127339A (en) 2020-01-06 2020-01-06 Offline card transaction authentication system and offline card transaction authentication method
CN202010147123.3A CN113077261A (en) 2020-01-06 2020-03-05 Offline card transaction authentication system and offline card transaction authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109100305A TW202127339A (en) 2020-01-06 2020-01-06 Offline card transaction authentication system and offline card transaction authentication method

Publications (1)

Publication Number Publication Date
TW202127339A true TW202127339A (en) 2021-07-16

Family

ID=76609103

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109100305A TW202127339A (en) 2020-01-06 2020-01-06 Offline card transaction authentication system and offline card transaction authentication method

Country Status (2)

Country Link
CN (1) CN113077261A (en)
TW (1) TW202127339A (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5577121A (en) * 1994-06-09 1996-11-19 Electronic Payment Services, Inc. Transaction system for integrated circuit cards
CN101183456B (en) * 2007-12-18 2012-05-23 中国工商银行股份有限公司 Encryption device, system and method for encryption, identification using the encryption device
TW201123043A (en) * 2009-12-22 2011-07-01 Financial Information Service Co Ltd Off-line cross-bank authentication method of prepaid card.
CN101848090B (en) * 2010-05-11 2012-07-25 武汉珞珈新世纪信息有限公司 Authentication device and system and method using same for on-line identity authentication and transaction
WO2013130912A2 (en) * 2012-02-29 2013-09-06 Google Inc. In-card access control and monotonic counters for offline payment processing system

Also Published As

Publication number Publication date
CN113077261A (en) 2021-07-06

Similar Documents

Publication Publication Date Title
JP7230235B2 (en) Using Contactless Cards to Securely Share Personal Data Stored on Blockchain
US10586229B2 (en) Anytime validation tokens
US8667285B2 (en) Remote authentication and transaction signatures
US8447991B2 (en) Card authentication system
US20140189359A1 (en) Remote authentication and transaction signatures
CN1956016B (en) Storage media issuing method
US10148648B1 (en) Virtual smart card to perform security-critical operations
JP2004506361A (en) Entity authentication in electronic communication by providing device verification status
WO2020020329A1 (en) Digital wallet allowing anonymous or real-name offline transaction and usage method
CN112567682B (en) Token key for generating a password for token interactions
US20190034925A1 (en) System and method for payment transaction authentication based on a cryptographic challenge
US20170372306A1 (en) Payment by mobile device secured by f-puf
US10503936B2 (en) Systems and methods for utilizing magnetic fingerprints obtained using magnetic stripe card readers to derive transaction tokens
TW202127339A (en) Offline card transaction authentication system and offline card transaction authentication method
CN117203939A (en) Security management of accounts on a display device using contactless cards
CN115280720A (en) Online secret encryption
AU2015200701B2 (en) Anytime validation for verification tokens
US20240095724A1 (en) Techniques to provide secure cryptographic authentication of contactless cards by distributed entities
KR102652497B1 (en) Did authentication method using smart card and smart card device
US20230188340A1 (en) Key recovery based on contactless card authentication
WO2024035529A1 (en) Methods and arrangements for proof of purchase
TWM520168U (en) System generating multiple factor pledge
JP2001357358A (en) Ic card issue processing system