WO2014121721A1 - Smart card with electronic signature function, and smart card transaction system and method - Google Patents

Smart card with electronic signature function, and smart card transaction system and method Download PDF

Info

Publication number
WO2014121721A1
WO2014121721A1 PCT/CN2014/071657 CN2014071657W WO2014121721A1 WO 2014121721 A1 WO2014121721 A1 WO 2014121721A1 CN 2014071657 W CN2014071657 W CN 2014071657W WO 2014121721 A1 WO2014121721 A1 WO 2014121721A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
password
terminal
message
transaction
Prior art date
Application number
PCT/CN2014/071657
Other languages
French (fr)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201310071602.1A external-priority patent/CN103136667B/en
Priority claimed from CN201310070753.5A external-priority patent/CN103116847B/en
Priority claimed from CN201310070783.6A external-priority patent/CN103136664B/en
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2014121721A1 publication Critical patent/WO2014121721A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • Smart card with electronic signature function Smart card transaction system and method
  • the present invention relates to the field of electronic technologies, and in particular, to a smart card, a smart card transaction system, and a transaction method having an electronic signature function. Background technique
  • Step S101 The user accesses the terminal in a non-contact manner by using a card.
  • the non-contact mode may be any non-contact mode such as radio frequency, Bluetooth, or NFC.
  • Step S102 The terminal sends the transaction information to the smart card accessed by the user.
  • the transaction information may include at least an account number and an amount, and may further include transaction detail information.
  • Step S103 the smart card receives the transaction information, displays the transaction information, and after the user confirms that the transaction information is correct, receives the confirmation password input by the user, and signs the transaction information;
  • Step S104 The smart card accesses the terminal again in a non-contact manner, and sends the signature information to the terminal.
  • Step S105 The terminal uploads the transaction information and the signature information to the bank server, so that the bank server executes the transaction according to the transaction information.
  • the existing smart card needs to perform at least two accesses with the terminal in a non-contact manner in the process of signing the transaction information, so that there is a problem that the transaction information and/or the signature information are hijacked during the access process. , causing user losses and low security.
  • the invention aims to solve the problem that the security of the existing smart card is not high due to the hijacking of transaction information and/or signature information in the multiple access process.
  • Another object of the present invention is to provide a smart card having an electronic signature function.
  • the invention provides a smart card transaction method with an electronic signature function, the method comprising:
  • a smart card access terminal having an electronic signature function, receiving a transaction message
  • the smart card generates a joint password
  • the smart card generates a signature message according to the transaction packet and the joint password.
  • the smart card sends at least the signature message to the terminal;
  • the terminal obtains a verification password, and sends the transaction message, the signature message, and the verification password to the background system server.
  • the verification password is obtained by scanning, by the terminal, the information displayed by the smart card. a joint password, or a joint password obtained from the smart card by the terminal in a contactless communication manner;
  • the background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the joint password to obtain an encrypted joint password
  • the smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message.
  • the step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the combined password and a combination of random numbers to obtain an encrypted joint password
  • the smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message.
  • the smart card further sends the encrypted joint password and the signed message to the terminal;
  • the terminal further sends the encrypted joint password, the transaction message, the signature message, and the joint password to the backend system server.
  • step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password;
  • the smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
  • the smart card further sends the summary information of the encrypted joint password and the signed message to the terminal;
  • the terminal sends the summary information of the joint password, the transaction message, the signature message, and the joint password to the backend system server.
  • the method further includes:
  • the smart card disconnects from the terminal
  • the smart card displays the transaction message;
  • the smart card receives a confirmation password and/or a confirmation command input through a button;
  • the smart card displays the joint password.
  • Another aspect of the present invention provides a smart card transaction system with an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;
  • the smart card accesses the terminal, receives a transaction message, generates a joint password, generates a signature message according to the transaction message and the combined password, and sends the signature message to the terminal at least;
  • the terminal obtains a verification password, and sends the transaction message, the signature message, and the verification password to the background system server;
  • the verification password is obtained by scanning, by the terminal, the information displayed by the smart card. a joint password, or a joint password obtained from the smart card by the terminal in a contactless communication manner;
  • the background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the smart card includes: a transceiver module, a password generation module, a signature module, and a display module;
  • the transceiver module is configured to receive a transaction message and send the transaction message to the signature module; the transceiver module sends the joint password obtained from the password generation module to the terminal in a contactless communication manner;
  • the password generating module is configured to generate a joint password, and send the signature to the signature module and the display module.
  • the signature module generates a signature message according to the transaction packet and the joint password, and passes the transceiver module. Sending at least the signed message to the terminal.
  • the smart card includes: a transceiver module, a password generation module, a signature module, a display module, and a graphics generation module;
  • the transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;
  • the password generating module is configured to generate a joint password, and send the signature to the signature module and the display module.
  • the signature module generates a signature message according to the transaction packet and the joint password, and passes the transceiver module. Sending at least the signature message to the terminal;
  • the graphics generation module generates a barcode or a picture according to the joint password acquired from the password generation module, and outputs the barcode or the image to the display module for display.
  • the terminal acquires the verification password from the smart card in a contactless communication manner.
  • the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.
  • the smart card further includes: a button module
  • the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command.
  • the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.
  • a further aspect of the present invention provides a smart card transaction method with an electronic signature function, the method comprising: A', a smart card access terminal having an electronic signature function, and receiving a transaction message;
  • the smart card generates a joint password, and generates an encrypted joint password according to at least the joint password;
  • the smart card generates a signature message according to the transaction message
  • the smart card sends the signature message and the encrypted joint password to the terminal;
  • the terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to a background system server;
  • the verification password is scanned by the terminal a joint password obtained by the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner;
  • F' the background system server respectively verifying the signature message and the verification password And after the verification is passed, the transaction operation is performed according to the transaction message.
  • generating the encrypted joint password according to at least the joint password according to step B' includes:
  • the smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; or the smart card encrypts the joint password by using symmetric encryption or asymmetric encryption to obtain an encrypted joint password.
  • the step C' includes:
  • the smart card calculates summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
  • the method further includes:
  • the smart card disconnects from the terminal
  • the smart card displays the transaction message
  • the smart card receives a confirmation password and/or a confirmation command input through a button
  • the smart card displays the joint password.
  • Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;
  • the smart card accesses the terminal, receives a transaction message, generates a joint password, generates an encrypted joint password according to the joint password, generates a signature message according to the transaction message code, and generates the signature message and the Sending an encrypted joint password to the terminal;
  • the terminal obtains a verification password, and sends the transaction message, the signature message, the verification password, and the encrypted joint password to the background system server; the verification password is scanned by the terminal. a joint password obtained by the smart card to display information, or a joint password obtained by the terminal from the smart card in a contactless communication manner;
  • the background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the smart card includes: a transceiver module, a password generation module, an encryption module, a signature module, and a display module;
  • the transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;
  • the contactless communication mode sends the joint password obtained from the password generating module to the terminal;
  • the password generating module is configured to generate a joint password, and send the joint password to the encryption module and the display module;
  • the cryptographic module generates an encrypted joint password according to the joint password, and sends the encrypted joint password to the terminal by using the transceiver module;
  • the signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module.
  • the smart card includes: a transceiver module, a password generation module, an encryption module, a signature module, a display module, and a graphics generation module;
  • the transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;
  • the password generating module is configured to generate a joint password, and send the joint password to the encryption module and the display module;
  • the cryptographic module generates an encrypted joint password according to the joint password, and sends the encrypted joint password to the terminal by using the transceiver module;
  • the signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module;
  • the graphics generation module generates a barcode or a picture according to the joint password acquired from the password generation module, and outputs the barcode or the image to the display module for display.
  • the terminal acquires the verification password from the smart card in a contactless communication manner. Further, the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.
  • the smart card further includes: a button module
  • the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command.
  • the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal.
  • the transaction message
  • a further aspect of the present invention provides a smart card transaction method for an electronic signature function, the method comprising: A. A smart card access terminal having an electronic signature function, receiving a transaction message;
  • the smart card generates a joint password
  • the smart card generates a signature message according to the transaction packet and the joint password.
  • the smart card sends at least the signature message to the terminal;
  • the terminal acquires a verification password, and sends the transaction message, the signature message, and the verification password to the background system server.
  • the background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the verification password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal.
  • the joint password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal.
  • step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the joint password to obtain an encrypted joint password
  • the smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message.
  • the step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the combined password and a combination of random numbers to obtain an encrypted joint password
  • the smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message.
  • the smart card further sends the encrypted joint password and the signature message to the terminal;
  • the terminal further uses the encrypted joint password, the transaction.
  • the message, the signature message, and the joint password are sent to the backend system server.
  • step C includes:
  • the smart card calculates summary information of the transaction message
  • the smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password;
  • the smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
  • the smart card further sends the summary information of the encrypted joint password and the signature message to the terminal; in the step E, the terminal further summarizes the joint password.
  • the information, the transaction message, the signature message, and the joint password are sent to a background system server.
  • the method further includes:
  • the smart card disconnects from the terminal
  • the smart card displays the transaction message
  • the smart card receives a confirmation password and/or a confirmation command input through a button
  • the smart card displays the joint password, barcode or picture.
  • a further aspect of the present invention provides a smart card having an electronic signature function, wherein the smart card includes: a transceiver module, a password generation module, and a signature module;
  • the transceiver module is configured to access a terminal, receive a transaction message, and send the transaction message to the signature module;
  • the password generation module is configured to generate a joint password, and send the joint password to the signature a module;
  • the signature module is configured to generate a signature message according to the transaction message and the joint password;
  • the transceiver module is further configured to send the signature message to the terminal at least.
  • the smart card further includes: a display module; the display module is configured to display the joint password.
  • the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or the confirmation command.
  • the smart card further includes: a display module and a graphic generation module; the graphic generation module is configured to generate a barcode or a picture according to the joint password acquired from the password generation module; and the display module is configured to display the barcode Or picture.
  • the smart card further includes: a button module; the button module triggers the display module to display the barcode or the picture according to the received confirmation password and/or confirmation command.
  • the smart card accesses the terminal in a contactless communication manner.
  • the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal.
  • the transaction message
  • Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and the foregoing smart card having an electronic signature function;
  • the terminal acquires a verification password, and sends at least the transaction message, the signature message, and the verification password to the backend system server;
  • the background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the terminal acquires the verification password by scanning a barcode or a picture displayed by the smart card, or acquires the verification password from the smart card in a contactless communication manner; or receives an input joint password as a verification password by using a button.
  • a smart card transaction method with an electronic signature function the method comprising:
  • A' a smart card access terminal having an electronic signature function, receiving a transaction message
  • the smart card generates a joint password, and generates an encrypted joint password according to at least the joint password;
  • the smart card generates a signature message according to the transaction message
  • the smart card sends the signature message and the encrypted joint password to the terminal;
  • the terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to a background system server;
  • the background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the verification password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal.
  • the joint password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal.
  • generating the encrypted joint password according to at least the joint password according to step B' includes:
  • the smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; or the smart card encrypts the joint password by using symmetric encryption or asymmetric encryption to obtain an encrypted joint password.
  • the step C' includes:
  • the smart card calculates summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
  • the method further includes:
  • the smart card disconnects from the terminal
  • the smart card displays the transaction message
  • the smart card receives a confirmation password and/or a confirmation command input through a button
  • the smart card displays the joint password, barcode or picture.
  • a further aspect of the present invention provides a smart card having an electronic signature function, the smart card comprising: a transceiver module, a password generation module, an encryption module, and a signature module;
  • the transceiver module is configured to access a terminal, receive a transaction message, and send the transaction message to the signature module.
  • the password generation module is configured to generate a joint password, and send the joint password to the encryption module.
  • the encryption module is configured to generate an encrypted joint password according to at least the joint password;
  • the signature module is configured to generate a signature message according to the transaction message
  • the transceiver module is further configured to send the encrypted joint password and the signed message to the terminal.
  • the smart card further includes: a display module; the display module is configured to display the joint password.
  • the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command.
  • the smart card further includes: a graphic generating module and a display module; the graphic generating module is configured to generate a barcode or a picture according to the joint password acquired from the password generating module; the display module is configured to display the barcode Or picture.
  • the smart card further includes: a button module; the button module triggers the display module to display the barcode or the picture according to the received confirmation password and/or confirmation command.
  • the smart card accesses the terminal in a contactless communication manner.
  • the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal.
  • the transaction message
  • Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and the foregoing smart card having an electronic signature function;
  • the terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to the background system server;
  • the background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the terminal acquires the verification password from the smart card in a contactless communication manner, or acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card, or receives an input joint password through a button. As the verification password.
  • the present invention provides a smart card with an electronic signature function, a smart card transaction system, and a smart card transaction method with an electronic signature function, which is required for completing a transaction through a single access of the smart card and the terminal.
  • the interaction of data reduces the risk of interception of important information caused by multiple accesses and improves security.
  • the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted using ciphertext, the joint password of the present invention.
  • the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously
  • the unilateral side of the present invention generates a joint cipher and performs signature or unilaterally generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification.
  • the terminal of the present invention obtains the joint cipher.
  • Send relevant data (which can be transaction message, signature message and joint password) to the background system server, so that the data sent by the terminal to the background system server and processed by the background system server are authorized and valid data, guaranteeing Safety has improved work efficiency.
  • 1 is a flow chart of a method for an existing electronic signature transaction
  • FIG. 2 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 2 of the present invention
  • FIG. 5 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 4 of the present invention.
  • FIG. 6 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 5 of the present invention
  • FIG. 7 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 6 of the present invention
  • FIG. 9 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 8 of the present invention
  • FIG. detailed description is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 5 of the present invention
  • FIG. 7 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 6 of the present invention
  • FIG. 9 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 8 of the present invention
  • orientation or positional relationship of "post”, “left”, “right”, “vertical”, “horizontal”, “top”, “bottom”, “inner”, “outside”, etc. is based on the figure
  • the orientation or positional relationship is merely for the purpose of describing the present invention and the simplification of the description, and is not intended to indicate or imply that the device or component referred to has a particular orientation, is constructed and operated in a particular orientation, and thus is not to be construed as limiting.
  • first and “second” are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
  • connection In the description of the present invention, it should be noted that the terms “installation”, “connected”, and “connected” are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or connected integrally; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • Connected, or connected integrally can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • the specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art.
  • FIG. 2 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 1 of the present invention. Referring now to FIG. 2, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
  • the smart card transaction method with the electronic signature function of the invention includes:
  • Step S201 A smart card access terminal having an electronic signature function, receiving a transaction message
  • the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
  • the smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal.
  • the transaction message includes at least the account and the amount, and may also include transaction details.
  • the smart card can also access the terminal through contact.
  • the terminal of the present invention may be a device capable of interacting with a background system server by a wired or wireless method, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
  • the smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
  • Step S202 The smart card generates a joint password.
  • the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password, which can ensure non-uniqueness of the joint password, randomness, and improve the security of the joint password. Sex.
  • Step S203 The smart card generates a signature message according to the transaction packet and the joint password.
  • the smart card can directly sign the transaction message and the joint password to generate a signature message; or the smart card calculates the summary information of the transaction message, calculates the summary information of the joint password, and summarizes the summary information of the transaction message and the combined password. The information is signed to generate a signature message; or
  • the smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and signs the summary information of the transaction message and the encrypted joint password to generate a signature message; or
  • the smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password, and signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
  • the summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
  • the encryption operation can be symmetric encryption or asymmetric encryption (for example, by the public key of the background system server).
  • the smart card can also generate a random number, which will be combined with the secret. The code and the random number are combined according to a preset format, and the combined data is encrypted to obtain an encrypted joint password. At this point, the joint password and the random number are combined to prevent replay attacks.
  • the invention can adopt the method of performing summary calculation on the joint password, encrypting the joint password or performing digest calculation on the encrypted joint password, thereby ensuring the security of the joint password transmission; the summary information of the joint password, the encrypted joint password or the encrypted joint password.
  • the summary information is signed to improve the security of the transaction.
  • Step S204 The smart card sends at least the signature message to the terminal.
  • step S203 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.
  • step S203 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.
  • the smart card can transmit the calculated information to the terminal.
  • Step S205 The terminal acquires the verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server.
  • the verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal.
  • Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
  • step S203 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal also sends the encrypted joint password, the transaction message, the signature message, and the verification password to the background system server.
  • step S203 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal also sends the summary information of the encrypted joint password, the transaction message, the signature message, and the verification password to the background system server.
  • the terminal can send the information calculated by the smart card to the background system server.
  • the terminal of the present invention After obtaining the verification password, the terminal of the present invention sends the transaction message, the signature message and the verification password to the background system server, so that the background system server authenticates the user identity according to the joint password and the signature message, thereby triggering the background.
  • the system server completes the transaction and improves the security of the transaction.
  • the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously Generate, the unilateral generation of the joint password of the invention and signature, to ensure the security of the joint password transmission and the accuracy of the joint password verification
  • the terminal of the present invention sends relevant data (which may be a transaction message, a signature message, and a verification password) to the background system server after obtaining the verification password, so that the terminal device server needs to be sent by the background system server.
  • the processed data is authorized data, which ensures security and improves work efficiency.
  • Step S206 The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • step S203 if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, determines the verification password and Signature messages are verified.
  • step S203 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signature message according to the transaction message and the verification password.
  • step S203 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature message according to the transaction message and the verification password. The correctness.
  • the terminal may further verify the correctness of the signature message according to the transaction message and the encrypted joint password or the encrypted joint password summary information.
  • the terminal can verify the correctness of the verification password and the signature message according to the information or the verification password.
  • the smart card transaction method of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, reduces the risk of interception of important information caused by multiple accesses, and improves security.
  • Example 2
  • FIG. 3 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 2 of the present invention. Referring now to FIG. 3, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
  • the smart card transaction method with the electronic signature function of the invention includes:
  • Step S301 A smart card access terminal having an electronic signature function, receiving a transaction message
  • the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
  • the smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal.
  • the transaction message includes at least the account and the amount, and may also include transaction details.
  • the smart card can also access the terminal through contact.
  • the terminal of the present invention can be wired or not for mobile phones, notebooks, tablets, PCs, POS machines, etc.
  • a device that interacts with the backend system server in a line mode can be wired or not for mobile phones, notebooks, tablets, PCs, POS machines, etc.
  • the smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
  • Step S302 The smart card generates a joint password.
  • the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password, which can ensure non-uniqueness of the joint password, randomness, and improve the security of the joint password. Sex.
  • Step S303 The smart card generates a signature message according to the transaction packet and the joint password.
  • the smart card can directly sign the transaction message and the joint password to generate a signature message; or the smart card calculates the summary information of the transaction message, calculates the summary information of the joint password, and summarizes the summary information of the transaction message and the combined password. The information is signed to generate a signature message; or
  • the smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and signs the summary information of the transaction message and the encrypted joint password to generate a signature message; or
  • the smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password, and signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
  • the summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
  • the encryption operation can be symmetric encryption or asymmetric encryption (for example, by the public key of the background system server).
  • the smart card may also generate a random number, combine the joint password and the random number according to a preset format, and encrypt the combined data to obtain an encrypted joint password. The combined password and random number are combined to prevent replay attacks.
  • the invention can adopt the method of performing summary calculation on the joint password, encrypting the joint password or performing digest calculation on the encrypted joint password, thereby ensuring the security of the joint password transmission; the summary information of the joint password, the encrypted joint password or the encrypted joint password.
  • the summary information is signed to improve the security of the transaction.
  • Step S304 The smart card sends at least the signature message to the terminal.
  • step S303 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.
  • step S303 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.
  • Step S305 The smart card disconnects from the terminal;
  • the user can leave the sensing range of the smart card to leave the terminal; in the case of the contact mode access, the user can pull out the smart card from the terminal. Disconnecting from the terminal ensures that the smart card and the terminal are in one contact, which reduces the risk of intercepting multiple contact information and improves the security of data transmission.
  • Step S306 The smart card displays the transaction message
  • the smart card displays the received transaction message on the display screen, so that the user can confirm the authenticity of the transaction and ensure the security of the transaction.
  • Step S307 The smart card receives the confirmation password and/or the confirmation command input through the button;
  • the user may trigger the smart card to display the generated joint password by inputting the confirmation password and/or the operation of the confirmation instruction.
  • the confirmation password to trigger the smart card to display the joint password, barcode or picture
  • the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved.
  • Step S308 The smart card displays a joint password, a barcode or a picture
  • the smart card displays a joint password, a barcode, or a picture, so that the terminal can obtain the verification code and complete the transaction.
  • the joint password plaintext may be encrypted by a preset symmetric encryption algorithm and the encrypted joint password is stored in the smart card.
  • Step S309 The terminal acquires the verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server;
  • the verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal.
  • Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
  • step S303 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal also sends the encrypted joint password, the transaction message, the signature message, and the joint password to the background system server.
  • step S303 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal also sends the summary information of the encrypted joint password, the transaction message, the signature message, and the joint password to the background system server.
  • the terminal can send the information calculated by the smart card to the background system server.
  • the terminal of the present invention After obtaining the verification password, the terminal of the present invention sends the transaction message, the signature message and the verification password to the background system server, so that the background system server authenticates the user identity according to the verification password and the signature message, and then triggers the background.
  • the system server completes the transaction and improves the security of the transaction.
  • the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention.
  • the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously Generating, the one-side of the present invention generates a joint password and performs signature to ensure the security of the joint password transmission and the accuracy of the joint password verification; the terminal of the present invention sends the relevant data after obtaining the verification password (may be a transaction message)
  • the signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
  • Step S310 The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • step S303 if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, the verification is determined. Both the password and the signed message are verified.
  • step S303 if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signature message according to the transaction message and the verification password.
  • step S303 if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature report according to the transaction message and the verification password. The correctness of the text.
  • the terminal may further verify the correctness of the signature message according to the transaction message and the encrypted joint password or the encrypted joint password summary information.
  • the terminal can verify the correctness of the verification password and the signature message according to the information of the smart card or the verification password.
  • the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security.
  • Example 3
  • FIG. 4 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 3 of the present invention. Referring now to FIG. 4, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
  • the smart card transaction method with the electronic signature function of the invention includes:
  • Step S401 A smart card access terminal having an electronic signature function, receiving a transaction message
  • the terminal can manually input, network, and scan Obtain commodity information and other means to obtain transaction messages.
  • the smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal.
  • the transaction message includes at least the account and the amount, and may also include transaction details.
  • the smart card can also access the terminal through contact.
  • the terminal can be a device that can interact with the background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
  • the smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
  • Step S402 The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.
  • the smart card may obtain the encrypted joint password by encrypting the combination of the joint password and the random number, or encrypt the joint password by using symmetric encryption or asymmetric encryption to obtain the encrypted joint password.
  • the invention further ensures the security of the joint password transmission by transmitting the encrypted joint password; combining the joint password and the random number to prevent the replay attack.
  • Step S403 The smart card generates a signature message according to the transaction packet.
  • the smart card can directly sign the transaction message to generate a signature message;
  • the smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
  • the summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
  • Step S404 The smart card sends the signature message and the encrypted joint password to the terminal.
  • Step S405 The terminal acquires the verification password, and sends at least the transaction message, the signature message, the encrypted joint password, and the verification password to the background system server.
  • the verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal.
  • Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
  • the back-end system server can be a bank server or a third-party server, and the third-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
  • the terminal of the present invention sends the transaction message, the signature message, the encrypted joint password and the verification password to the background system server only after obtaining the verification password, so that the background system server authenticates the user identity according to the verification password and the signature message. , in turn triggers the background system server to complete the transaction, improving the security of the transaction.
  • the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention.
  • the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously
  • the unilateral side of the present invention generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification.
  • the terminal of the present invention sends the relevant data after obtaining the verification password (which may be a transaction message).
  • the signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
  • Step S406 The background system server separately verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the background system server verifies the correctness of the verification password according to the encrypted joint password; the background system server verifies the correctness of the signature message according to the encrypted joint password and the transaction message, or signs the signature according to the verification password and the transaction message. The correctness of the message is verified. After the background system server verifies that the signature is correct and the verification password is correct, the background system server performs the transaction operation according to the transaction message.
  • the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. .
  • Example 4
  • FIG. 5 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 4 of the present invention. Referring now to FIG. 5, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
  • the smart card transaction method with the electronic signature function of the invention includes:
  • Step S501 A smart card access terminal having an electronic signature function, receiving a transaction message
  • the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
  • the smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal.
  • the transaction message includes at least the account and the amount, and may also include transaction details.
  • the smart card can also access the terminal through contact.
  • the terminal can be a device that can interact with the background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
  • the smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
  • Step S502 The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.
  • the smart card may obtain the encrypted joint password by encrypting the combination of the joint password and the random number, or encrypt the joint password by using symmetric encryption or asymmetric encryption to obtain the encrypted joint password.
  • the invention further ensures the security of the joint password transmission by transmitting the encrypted joint password; combining the joint password and the random number to prevent the replay attack.
  • Step S503 The smart card generates a signature message according to the transaction packet.
  • the smart card can directly sign the transaction message to generate a signature message;
  • the smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
  • the summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
  • Step S504 The smart card sends the signature message and the encrypted joint password to the terminal.
  • Step S505 The smart card disconnects from the terminal
  • the user can leave the sensing range of the smart card to leave the terminal; in the case of the contact mode access, the user can pull out the smart card from the terminal. Disconnecting from the terminal ensures that the smart card and the terminal are in one contact, which reduces the risk of intercepting multiple contact information and improves the security of data transmission.
  • Step S506 The smart card displays the transaction message
  • the smart card displays the received transaction message on the display screen, so that the user can confirm the authenticity of the transaction and ensure the security of the transaction.
  • Step S507 The smart card receives the confirmation password and/or the confirmation command input through the button;
  • the user may trigger the smart card to display the generated joint password by inputting the confirmation password and/or the operation of the confirmation instruction.
  • the confirmation password to trigger the smart card to display the joint password, barcode or picture
  • the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved.
  • Step S508 The smart card displays a joint password, a barcode or a picture
  • the smart card displays a joint password, a barcode, or a picture, so that the terminal obtains the verification password, thereby completing the transaction.
  • the joint password plaintext may be encrypted by a preset symmetric encryption algorithm and the encrypted joint password is stored in the smart card.
  • Step S509 The terminal acquires the verification password, and sends the transaction packet, the signature message, the encrypted joint password, and the verification password. Send to the backend system server;
  • the verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal.
  • Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
  • the back-end system server can be a bank server or a third-party server, and the third-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
  • the terminal of the present invention sends the transaction message, the signature message, the encrypted joint password and the verification password to the background system server only after obtaining the verification password, so that the background system server authenticates the user identity according to the verification password and the signature message. , in turn triggers the background system server to complete the transaction, improving the security of the transaction.
  • the joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously.
  • the unilateral side of the present invention generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification.
  • the terminal of the present invention sends the relevant data after obtaining the verification password (which may be a transaction message).
  • the signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
  • Step S510 The background system server separately verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the background system server verifies the correctness of the verification password according to the encrypted joint password; the background system server verifies the correctness of the signature message according to the encrypted joint password and the transaction message, or signs the signature according to the verification password and the transaction message. The correctness of the message is verified. After the background system server verifies that the signature is correct and the verification password is correct, the background system server performs the transaction operation according to the transaction message.
  • the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security.
  • Example 5
  • FIG. 6 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 5 of the present invention. First, the structure of the smart card transaction system with electronic signature function of the present invention will be described with reference to FIG. 6, which is as follows:
  • the smart card transaction system with electronic signature function of the present invention comprises: a terminal 100, a background system server 200, and a smart card 300 having an electronic signature function.
  • the smart card 300 is a device with an electronic signature function and can be packaged. a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions;
  • the terminal 100 can be a mobile phone, a notebook, a tablet, a PC, a POS machine, etc. Or a device that interacts wirelessly with a back-end system server.
  • the background system server 200 can be a bank server or a third-party server, and the third-party server is a server used by a non-banking system, such as a server used by the bus system to recharge and debit the bus card.
  • the smart card 300 with the electronic signature function includes: a transceiver module 3001, a password generation module 3002, and a signature module 3003; in other words, the above-mentioned modules included in the smart card 300 having the electronic signature function can be integrated on one chip or according to a smart card.
  • the number and function of the 30 chips used are integrated on multiple chips, which are not illustrated here.
  • the transceiver module 3001 is configured to access the terminal 100, and receive the transaction message and send it to the signature module 3003.
  • the transceiver module 3001 can send the joint password acquired from the password generation module 3002 to the terminal 100 in a contactless communication manner.
  • the password generation module 3002 is configured to generate a joint password and send it to the signature module 3003. Specifically, the password generation module 3002 may generate a joint password after the transceiver module 3001 receives the transaction message.
  • the signature module 3003 generates a signature message according to the transaction message and the joint password, and sends the signature message to the terminal 100 through the transceiver module 3001.
  • the terminal 100 receives the acquisition verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server 200.
  • the background system server 200 verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
  • the smart card 300 may further include a display module 3004 for displaying the joint password, so that the terminal 100 scans the displayed joint password acquisition verification password.
  • the joint password input terminal 100 can also be used as the verification password by the button of the terminal 100.
  • the transceiver module 3001 of the smart card 300 of the present invention disconnects the terminal 100 after transmitting the signature message to the terminal 100, so that the display module 3004 displays the transaction message. Therefore, it is ensured that the smart card 300 of the present invention completes the data interaction required for the transaction only by contacting the terminal 100 once, reduces the risk of interception of data generated by the secondary contact, and improves the security of the transaction.
  • the background system server 200 can verify the number of failed authentications (for example, three times) after verifying the verification password, and then lock the account corresponding to the smart card to protect the security of the user account.
  • the smart card 300 may further include: a button module 3005.
  • the button module 3005 triggers the display module 3004 to display the joint password based on the received confirmation password and/or confirmation command.
  • the smart card 300 may further include: a graphics generation module 3006; the graphics generation module 3006 is based on the password generation The joint password obtained by the module 3002 generates a barcode or a picture.
  • the display module 3004 can be triggered by the button module 3005 to display the barcode or the picture.
  • the user may trigger the display module 3004 to display a joint password or display a barcode or a picture by:
  • the display module 3004 displays the joint password, or displays the barcode or picture;
  • the display module 3004 displays the joint password or displays the barcode or picture.
  • condition that the trigger display module 3004 displays the joint password, the barcode, or the picture may be set for different consumption amounts.
  • the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
  • the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security.
  • Example 6
  • FIG. 7 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 6 of the present invention. First, the structure of the smart card transaction system with electronic signature function of the present invention will be described with reference to FIG. 7, which is as follows:
  • the smart card transaction system with electronic signature function of the present invention comprises: a terminal 10, a background system server 20, and a smart card 30 having an electronic signature function.
  • the smart card 30 is a device with an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions; the terminal 10 may be a mobile phone, A device that can interact with a back-end system server, such as a notebook, tablet, PC, or POS, by wire or wirelessly.
  • the backend system server 20 can be a bank server or a third party server, and the third party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
  • the smart card 30 having the electronic signature function includes: a transceiver module 301, a password generation module 302, a signature module 303, and a display module 304; in other words, the above-mentioned modules included in the smart card 30 having the electronic signature function can be integrated on one chip. It can also be integrated on multiple chips according to the number and function of the chips used by the smart card 30, and will not be exemplified herein.
  • the transceiver module 301 is configured to access the terminal 10, and receive the transaction message and send it to the signature module 303.
  • the transceiver module 301 sends the joint password obtained from the password generation module 302 to the terminal 10 in a contactless communication manner.
  • the password generation module 302 is configured to generate a joint password and send it to the signature module 303 and the display module 304. Specifically, the password generating module 302 may generate a joint password after the transceiver module 301 receives the transaction message.
  • the signature module 303 generates a signature message according to the transaction packet and the joint password, and sends the signature message to the terminal 10 through the transceiver module 301.
  • the terminal 10 receives the acquisition verification password, and sends at least the transaction message, the signature message and the verification password to the background system server 20.
  • the verification password is a joint password obtained by scanning the information displayed by the smart card 30 by the terminal 10, or a joint password acquired from the smart card 30 by the terminal 10 in a contactless communication manner, or a combined password input through a button of the terminal 10.
  • the background system server 20 verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
  • the transceiver module 301 of the smart card 30 of the present invention disconnects the terminal 10 after transmitting the signature message to the terminal 10, so that the display module 304 displays the transaction message. Therefore, it is ensured that the smart card 30 of the present invention completes the data interaction required for the transaction only by contacting the terminal 10 once, thereby reducing the risk of data being intercepted due to the secondary contact, thereby improving the security of the transaction.
  • the background system server 20 can protect the authentication password when the number of verification failures reaches a preset number of times (for example, three times), and locks the account corresponding to the smart card to protect the security of the user account.
  • the smart card 30 may further include: a button module 305.
  • the button module 305 triggers the display module 304 to display the joint password based on the received confirmation password and/or confirmation command.
  • the smart card 30 further includes: a graphics generation module 306; the graphics generation module 306 generates a barcode or a picture based on the joint password acquired from the password generation module 302.
  • the display module 304 can be triggered by the button module 305 to display the barcode or picture.
  • the user may trigger the display module 304 to display a joint password or display a barcode or a picture by:
  • the display module 304 displays the joint password or displays the barcode or picture;
  • the trigger display module 304 displays the joint password, or displays the barcode or picture;
  • the display module 304 displays the joint password or displays the barcode or picture.
  • the conditions for triggering the display module 304 to display the joint password, the barcode, or the picture may be set for different consumption amounts.
  • the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
  • FIG. 8 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to an embodiment of the present invention. First combined with the map
  • the smart card transaction system with electronic signature function of the present invention comprises: a terminal 400, a background system server 500, and a smart card 600 having an electronic signature function.
  • the terminal 400 can be a device capable of interacting with a background system server through a wired or wireless manner, such as a mobile phone, a notebook, a tablet, a PC, a POS, etc.;
  • the smart card 600 is a device having an electronic signature function, and can include a user account information.
  • the background system server 500 may be a bank server or a third party server, and the third party server is a server adopted by the non-bank system, for example The server used in the bus system to recharge and deduct the bus card.
  • the smart card 600 with the electronic signature function includes: a transceiver module 6001, a password generation module 6002, a signature module 6003, and an encryption module 6005; in other words, the above-mentioned modules included in the smart card 600 having the electronic signature function can be integrated on one chip. It can also be integrated on multiple chips according to the number and function of the chips used by the smart card 600, and will not be exemplified herein.
  • the transceiver module 6001 is configured to access the terminal 400, and receive the transaction message and send it to the signature module 6003.
  • the transceiver module 6001 sends the joint password obtained from the cryptographic module 6002 to the terminal 400 in a contactless communication manner.
  • the password generation module 6002 is configured to generate a joint password and send it to the signature module 6003. Specifically, the password generation module 6002 may generate a joint password after the transceiver module 6001 receives the transaction message.
  • the encryption module 6005 generates an encrypted joint password based on at least the joint password, and transmits the encrypted joint password to the terminal 400 through the transceiver module 6001.
  • the signature module 6003 generates a signature message according to the transaction message, and sends the signature message to the terminal 400 through the transceiver module 6001.
  • the terminal 400 obtains the verification password, and sends at least the transaction message, the signature message, the encrypted joint password, and the verification password to the background system server 500.
  • the background system server 500 respectively verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
  • the smart card 600 may further include a display module 6004 for displaying the joint password, so that the terminal 400 scans the displayed joint password acquisition verification password.
  • a display module 6004 for displaying the joint password, so that the terminal 400 scans the displayed joint password acquisition verification password.
  • the button of 400 will be combined with the password input terminal 400 as the verification password.
  • the transceiver module 6001 of the smart card 600 of the present invention disconnects the terminal 400 after transmitting the signature message to the terminal 400, so that the display module 6004 displays the transaction message. Therefore, it is ensured that the smart card 600 of the present invention only contacts the terminal 400 once to complete the data interaction required for the transaction, reduces the risk of interception of data generated by the secondary contact, and improves the security of the transaction.
  • the background system server 500 can lock the account corresponding to the smart card to protect the security of the user account after the verification password is verified, after the number of verification failures reaches a preset number of times (for example, three times).
  • the smart card 600 may further include: a button module 6006.
  • the button module 6006 triggers the display module 6004 to display the joint password based on the received confirmation password and/or confirmation command.
  • the smart card 600 further includes: a graphics generation module 6007; the graphics generation module 6007 generates a barcode or a picture based on the joint password acquired from the password generation module 602.
  • the display module 6004 can be triggered by the button module 6006 to display the barcode or the picture.
  • the user may trigger the display module 6004 to display the joint password or display the barcode or picture by:
  • the display module 6004 displays the joint password, or displays the barcode or picture; or
  • the display module 6004 displays the joint password or displays the barcode or picture.
  • the trigger display module 6004 can be configured to display the joint password condition, the barcode or the picture for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
  • the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security.
  • Example 8
  • FIG. 9 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 8 of the present invention.
  • the structure of the smart card transaction system with electronic signature function of the present invention will be described as follows:
  • the smart card transaction system with electronic signature function of the present invention comprises: a terminal 40, a background system server 50, and a smart card 60 having an electronic signature function.
  • the terminal 40 can be a device capable of interacting with a background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, a POS machine, etc.; the smart card 60 has an electronic signature.
  • the functional device may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions;
  • the background system server 50 may be a bank server or a third party server,
  • the three-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
  • the smart card 60 with the electronic signature function includes: a transceiver module 601, a password generation module 602, a signature module 603, a display module 604, and an encryption module 605; in other words, the above-mentioned module included in the smart card 60 having the electronic signature function can be integrated in On one chip, it can also be integrated on multiple chips according to the number and functions of the chips used by the smart card 60, and will not be exemplified herein.
  • the transceiver module 601 is configured to access the terminal 40, and receive the transaction message and send it to the signature module 603.
  • the transceiver module 601 sends the joint password obtained from the cryptographic module 602 to the terminal 40 in a contactless communication manner.
  • the password generation module 602 is configured to generate a joint password and send it to the signature module 603 and the display module 604. Specifically, the password generating module 602 can generate a joint password after the transceiver module 601 receives the transaction message.
  • the encryption module 605 generates an encrypted joint password based on at least the joint password, and transmits the encrypted joint password to the terminal 40 through the transceiver module 601.
  • the signature module 603 generates a signature message according to the transaction message, and sends the signature message to the terminal 40 through the transceiver module 601.
  • the terminal 40 obtains the verification password, and sends at least the transaction message, the signature message, the encrypted joint password and the verification password to the background system server 50.
  • the verification password is a joint password obtained by scanning the information displayed by the smart card 60 by the terminal 40, or a joint password acquired from the smart card 60 by the terminal 40 in a contactless communication manner, or a joint password input through the button of the terminal 40.
  • the background system server 50 respectively verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
  • the transceiver module 601 of the smart card 60 of the present invention disconnects the terminal 40 after transmitting the signature message to the terminal 40, so that the display module 604 displays the transaction message. Therefore, it is ensured that the smart card 60 of the present invention only contacts the terminal 40 once to complete the data interaction required for the transaction, reduces the risk of data being intercepted due to the secondary contact, and improves the security of the transaction.
  • the background system server 50 can protect the authentication password by verifying the number of failed authentications (for example, three times), and then locking the account corresponding to the smart card to protect the security of the user account.
  • the smart card 60 can also include: a button module 606.
  • the button module 606 triggers the display module 604 to display the joint password based on the received confirmation password and/or confirmation command.
  • the smart card 60 further includes: a graphics generation module 607; the graphics generation module 607 is configured according to the slave password generation module The joint password obtained by 602 generates a barcode or a picture.
  • the display module 604 can be triggered by the button module 606 to display the barcode or the picture.
  • the user may trigger the display module 604 to display the joint password or display a barcode or a picture by:
  • the display module 604 displays the joint password, or displays the barcode or picture;
  • the trigger display module 604 displays the joint password, or displays the barcode or picture; or
  • the display module 604 displays the joint password or displays the barcode or picture.
  • the trigger display module 604 can be configured to display the joint password condition, barcode or picture for different consumption amount.
  • the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
  • the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated module if the software works When the module is implemented in the form of a module and sold or used as a stand-alone product, it can also be stored in a computer readable storage medium.
  • the above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the description of the terms “one embodiment”, “some embodiments”, “example”, “specific example”, or “some examples” and the like means a specific feature described in connection with the embodiment or example.
  • a structure, material or feature is included in at least one embodiment or example of the invention.
  • the schematic representation of the above terms does not necessarily mean the same embodiment or example.
  • the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.

Abstract

Disclosed are a smart card with an electronic signature function, and a smart card transaction system and method. The method comprises: A. a smart card accessing a terminal and receiving a transaction packet; B. the smart card generating a joint password; C. the smart card generating a signature packet according to the transaction packet and the joint password; D. the smart card at least sending the signature packet to the terminal; E. the terminal acquiring an authentication password, and at least sending the transaction packet, the signature packet, and the authentication password to a background system server; and F. the background system server authenticating the signature packet and the authentication password, and executing a transaction operation according to the transaction packet after the authentication succeeds.

Description

具有电子签名功能的智能卡、 智能卡交易系统及方法  Smart card with electronic signature function, smart card transaction system and method
技术领域 Technical field
本发明涉及一种电子技术领域, 尤其涉及一种具有电子签名功能的智能卡、智能卡交易 系统及交易方法。 背景技术  The present invention relates to the field of electronic technologies, and in particular, to a smart card, a smart card transaction system, and a transaction method having an electronic signature function. Background technique
现今, 刷卡消费已经成为主流。 采用如下流程实现电子签名交易:  Today, credit card spending has become mainstream. The following process is used to implement electronic signature transactions:
步骤 S101 , 用户持卡以非接触方式接入终端; 其中, 非接触方式可以为射频、 蓝牙、 NFC等任意非接触方式。  Step S101: The user accesses the terminal in a non-contact manner by using a card. The non-contact mode may be any non-contact mode such as radio frequency, Bluetooth, or NFC.
步骤 S102, 终端将交易信息发送至用户接入的智能卡; 其中, 交易信息可以至少包括 帐号和金额, 当然还可以包括交易明细信息。  Step S102: The terminal sends the transaction information to the smart card accessed by the user. The transaction information may include at least an account number and an amount, and may further include transaction detail information.
步骤 S103, 智能卡接收交易信息, 显示交易信息, 待用户确认交易信息无误后, 接收 用户输入的确认密码, 对交易信息进行签名;  Step S103, the smart card receives the transaction information, displays the transaction information, and after the user confirms that the transaction information is correct, receives the confirmation password input by the user, and signs the transaction information;
步骤 S104, 智能卡再次以非接触方式接入终端, 将签名信息发送至终端;  Step S104: The smart card accesses the terminal again in a non-contact manner, and sends the signature information to the terminal.
步骤 S105, 终端将交易信息和签名信息上传至银行服务器, 以便银行服务器根据交易 信息执行交易。  Step S105: The terminal uploads the transaction information and the signature information to the bank server, so that the bank server executes the transaction according to the transaction information.
由此可见,现有的智能卡在完成对交易信息进行签名的过程中需要以非接触方式与终端 进行至少两次接入, 从而会存在接入过程中交易信息和 /或签名信息被劫持的问题, 造成用 户损失, 安全性不高。 发明内容  It can be seen that the existing smart card needs to perform at least two accesses with the terminal in a non-contact manner in the process of signing the transaction information, so that there is a problem that the transaction information and/or the signature information are hijacked during the access process. , causing user losses and low security. Summary of the invention
本发明旨在解决现有智能卡在多次接入过程中交易信息和 /或签名信息被劫持而造成的 安全性不高的问题。  The invention aims to solve the problem that the security of the existing smart card is not high due to the hijacking of transaction information and/or signature information in the multiple access process.
本发明的一个目的在于提供一种具有电子签名功能的智能卡交易方法。  It is an object of the present invention to provide a smart card transaction method having an electronic signature function.
本发明的另一目的在于提供一种具有电子签名功能的智能卡。  Another object of the present invention is to provide a smart card having an electronic signature function.
本发明的又一目的在于提供一种具有电子签名功能的智能卡交易系统。  It is still another object of the present invention to provide a smart card transaction system having an electronic signature function.
为达到上述目的, 本发明的技术方案具体是这样实现的:  In order to achieve the above object, the technical solution of the present invention is specifically implemented as follows:
本发明提供了一种具有电子签名功能的智能卡交易方法, 所述方法包括:  The invention provides a smart card transaction method with an electronic signature function, the method comprising:
A、 具有电子签名功能的智能卡接入终端, 接收交易报文;  A. A smart card access terminal having an electronic signature function, receiving a transaction message;
B、 所述智能卡生成联合密码;  B. The smart card generates a joint password;
C、 所述智能卡根据所述交易报文和所述联合密码生成签名报文; D、 所述智能卡至少将所述签名报文发送至所述终端; C. The smart card generates a signature message according to the transaction packet and the joint password. D. The smart card sends at least the signature message to the terminal;
E、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文和所述验证密码发送 至后台系统服务器;所述验证密码为通过所述终端扫描所述智能卡显示的信息获取的联合密 码, 或通过所述终端以非接触通讯方式从所述智能卡获取的联合密码;  E. The terminal obtains a verification password, and sends the transaction message, the signature message, and the verification password to the background system server. The verification password is obtained by scanning, by the terminal, the information displayed by the smart card. a joint password, or a joint password obtained from the smart card by the terminal in a contactless communication manner;
F、 所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。  F. The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述步骤 C包括:  In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码;  The smart card encrypts the joint password to obtain an encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 此外, 所述步骤 C包括:  The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message. In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码;  The smart card encrypts the combined password and a combination of random numbers to obtain an encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 此外, 所述步骤 D 中, 所述智能卡还将所述加密联合密码和所述签名报文发送至所述 终端;  The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message. In addition, in the step D, the smart card further sends the encrypted joint password and the signed message to the terminal;
所述步骤 E中, 所述终端还将所述加密联合密码、所述交易报文、所述签名报文和所述 联合密码发送至后台系统服务器。  In the step E, the terminal further sends the encrypted joint password, the transaction message, the signature message, and the joint password to the backend system server.
此外, 所述步骤 C包括:  In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码,并计算所述加密联合密码的摘 要信息;  The smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码的摘要信息进行签名,生成 签名报文。  The smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
此外, 所述步骤 D 中, 所述智能卡还将所述加密联合密码的摘要信息和所述签名报文 发送至所述终端;  In addition, in the step D, the smart card further sends the summary information of the encrypted joint password and the signed message to the terminal;
所述步骤 E中, 所述终端还将所述联合密码的摘要信息、所述交易报文、所述签名报文 和所述联合密码发送至后台系统服务器。  In the step E, the terminal sends the summary information of the joint password, the transaction message, the signature message, and the joint password to the backend system server.
此外, 在所述步骤 D和所述步骤 E之间, 所述方法还包括:  In addition, between the step D and the step E, the method further includes:
所述智能卡断开与所述终端的连接;  The smart card disconnects from the terminal;
所述智能卡显示所述交易报文; 所述智能卡接收通过按键输入的确认密码和 /或确认指令; The smart card displays the transaction message; The smart card receives a confirmation password and/or a confirmation command input through a button;
所述智能卡显示所述联合密码。  The smart card displays the joint password.
本发明另一方面提供了一种具有电子签名功能的智能卡交易系统,所述系统包括:终端、 后台系统服务器及具有电子签名功能的智能卡;  Another aspect of the present invention provides a smart card transaction system with an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;
所述智能卡接入所述终端, 接收交易报文, 生成联合密码, 根据所述交易报文和所述联 合密码生成签名报文, 至少将所述签名报文发送至所述终端;  The smart card accesses the terminal, receives a transaction message, generates a joint password, generates a signature message according to the transaction message and the combined password, and sends the signature message to the terminal at least;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文和所述验证密码发送至所 述后台系统服务器;所述验证密码为通过所述终端扫描所述智能卡显示的信息获取的联合密 码, 或通过所述终端以非接触通讯方式从所述智能卡获取的联合密码;  The terminal obtains a verification password, and sends the transaction message, the signature message, and the verification password to the background system server; the verification password is obtained by scanning, by the terminal, the information displayed by the smart card. a joint password, or a joint password obtained from the smart card by the terminal in a contactless communication manner;
所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所述交 易报文执行交易操作。  The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述智能卡包括: 收发模块, 密码生成模块, 签名模块和显示模块;  In addition, the smart card includes: a transceiver module, a password generation module, a signature module, and a display module;
所述收发模块用于接入终端, 接收交易报文并发送至所述签名模块; 所述收发模块以非 接触通讯方式发送从所述密码生成模块获取的联合密码至所述终端;  The transceiver module is configured to receive a transaction message and send the transaction message to the signature module; the transceiver module sends the joint password obtained from the password generation module to the terminal in a contactless communication manner;
所述密码生成模块用于生成联合密码, 并发送至所述签名模块和所述显示模块; 所述签名模块根据所述交易报文和所述联合密码生成签名报文,并通过所述收发模块至 少将所述签名报文发送至所述终端。  The password generating module is configured to generate a joint password, and send the signature to the signature module and the display module. The signature module generates a signature message according to the transaction packet and the joint password, and passes the transceiver module. Sending at least the signed message to the terminal.
此外, 所述智能卡包括: 收发模块, 密码生成模块, 签名模块、 显示模块和图形生成模 块;  In addition, the smart card includes: a transceiver module, a password generation module, a signature module, a display module, and a graphics generation module;
所述收发模块用于接入终端, 接收交易报文并发送至所述签名模块;  The transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;
所述密码生成模块用于生成联合密码, 并发送至所述签名模块和所述显示模块; 所述签名模块根据所述交易报文和所述联合密码生成签名报文,并通过所述收发模块至 少将所述签名报文发送至所述终端;  The password generating module is configured to generate a joint password, and send the signature to the signature module and the display module. The signature module generates a signature message according to the transaction packet and the joint password, and passes the transceiver module. Sending at least the signature message to the terminal;
所述图形生成模块根据从所述密码生成模块获取的所述联合密码生成条形码或图片,并 输出至所述显示模块显示。  The graphics generation module generates a barcode or a picture according to the joint password acquired from the password generation module, and outputs the barcode or the image to the display module for display.
此外, 所述终端以非接触通讯方式从所述智能卡获取所述验证密码。  In addition, the terminal acquires the verification password from the smart card in a contactless communication manner.
此外,所述终端通过扫描所述智能卡的所述显示模块显示的条形码或图片获取所述验证 密码。  Further, the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.
此外, 所述智能卡还包括: 按键模块;  In addition, the smart card further includes: a button module;
所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述联合 密码。 此外, 所述收发模块在发送所述签名报文至所述终端之后, 还断开与所述终端的连接; 所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。 The button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command. In addition, the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.
本发明又一方面提供了一种具有电子签名功能的智能卡交易方法, 所述方法包括: A'、 具有电子签名功能的智能卡接入终端, 接收交易报文;  A further aspect of the present invention provides a smart card transaction method with an electronic signature function, the method comprising: A', a smart card access terminal having an electronic signature function, and receiving a transaction message;
B'、 所述智能卡生成联合密码, 并至少根据所述联合密码生成加密联合密码;  B', the smart card generates a joint password, and generates an encrypted joint password according to at least the joint password;
C'、 所述智能卡根据所述交易报文生成签名报文;  C', the smart card generates a signature message according to the transaction message;
D'、 所述智能卡将所述签名报文和所述加密联合密码发送至所述终端;  D', the smart card sends the signature message and the encrypted joint password to the terminal;
E'、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文、 所述验证密码和所 述加密联合密码发送至后台系统服务器;所述验证密码为通过所述终端扫描所述智能卡显示 的信息获取的联合密码, 或通过所述终端以非接触通讯方式从所述智能卡获取的联合密码; F'、 所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根 据所述交易报文执行交易操作。  E', the terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to a background system server; the verification password is scanned by the terminal a joint password obtained by the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; F', the background system server respectively verifying the signature message and the verification password And after the verification is passed, the transaction operation is performed according to the transaction message.
此外, 步骤 B' 所述至少根据联合密码生成加密联合密码包括:  In addition, generating the encrypted joint password according to at least the joint password according to step B' includes:
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码; 或 所述智能卡采用对称加密或者非对称加密方式对联合密码进行加密获得加密联合密码。 此外, 所述步骤 C'包括:  The smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; or the smart card encrypts the joint password by using symmetric encryption or asymmetric encryption to obtain an encrypted joint password. In addition, the step C' includes:
所述智能卡计算所述交易报文的摘要信息, 对所述交易报文的摘要信息进行签名, 生成 签名报文。  The smart card calculates summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
此外, 在所述步骤 D'和所述步骤 E'之间, 所述方法还包括:  In addition, between the step D' and the step E', the method further includes:
所述智能卡断开与所述终端的连接;  The smart card disconnects from the terminal;
所述智能卡显示所述交易报文;  The smart card displays the transaction message;
所述智能卡接收通过按键输入的确认密码和 /或确认指令;  The smart card receives a confirmation password and/or a confirmation command input through a button;
所述智能卡显示所述联合密码。  The smart card displays the joint password.
本发明再一方面提供了一种具有电子签名功能的智能卡交易系统,所述系统包括:终端、 后台系统服务器及具有电子签名功能的智能卡;  Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and a smart card having an electronic signature function;
所述智能卡接入所述终端, 接收交易报文, 生成联合密码, 至少根据所述联合密码生成 加密联合密码, 根据所述交易报文码生成签名报文, 将所述签名报文和所述加密联合密码发 送至所述终端;  The smart card accesses the terminal, receives a transaction message, generates a joint password, generates an encrypted joint password according to the joint password, generates a signature message according to the transaction message code, and generates the signature message and the Sending an encrypted joint password to the terminal;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文、 所述验证密码和所述加 密联合密码发送至所述后台系统服务器;所述验证密码为通过所述终端扫描所述智能卡显示 的信息获取的联合密码, 或通过所述终端以非接触通讯方式从所述智能卡获取的联合密码; 所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。 The terminal obtains a verification password, and sends the transaction message, the signature message, the verification password, and the encrypted joint password to the background system server; the verification password is scanned by the terminal. a joint password obtained by the smart card to display information, or a joint password obtained by the terminal from the smart card in a contactless communication manner; The background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述智能卡包括: 收发模块, 密码生成模块, 加密模块、 签名模块和显示模块; 所述收发模块用于接入终端, 接收交易报文并发送至所述签名模块; 所述收发模块以非 接触通讯方式发送从所述密码生成模块获取的联合密码至所述终端;  In addition, the smart card includes: a transceiver module, a password generation module, an encryption module, a signature module, and a display module; the transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module; The contactless communication mode sends the joint password obtained from the password generating module to the terminal;
所述密码生成模块用于生成联合密码,发送所述联合密码至所述加密模块和所述显示模 块;  The password generating module is configured to generate a joint password, and send the joint password to the encryption module and the display module;
所述加密模块至少根据所述联合密码生成加密联合密码,并通过所述收发模块将所述加 密联合密码发送至所述终端;  And the cryptographic module generates an encrypted joint password according to the joint password, and sends the encrypted joint password to the terminal by using the transceiver module;
所述签名模块根据所述交易报文生成签名报文,并通过所述收发模块将所述签名报文发 送至所述终端。  The signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module.
此外, 所述智能卡包括: 收发模块、 密码生成模块、 加密模块、 签名模块、 显示模块和 图形生成模块;  In addition, the smart card includes: a transceiver module, a password generation module, an encryption module, a signature module, a display module, and a graphics generation module;
所述收发模块用于接入终端, 接收交易报文并发送至所述签名模块;  The transceiver module is configured to access a terminal, receive a transaction message, and send the message to the signature module;
所述密码生成模块用于生成联合密码,发送所述联合密码至所述加密模块和所述显示模 块;  The password generating module is configured to generate a joint password, and send the joint password to the encryption module and the display module;
所述加密模块至少根据所述联合密码生成加密联合密码,并通过所述收发模块将所述加 密联合密码发送至所述终端;  And the cryptographic module generates an encrypted joint password according to the joint password, and sends the encrypted joint password to the terminal by using the transceiver module;
所述签名模块根据所述交易报文生成签名报文,并通过所述收发模块将所述签名报文发 送至所述终端;  The signature module generates a signature message according to the transaction message, and sends the signature message to the terminal by using the transceiver module;
所述图形生成模块根据从所述密码生成模块获取的所述联合密码生成条形码或图片,并 输出至所述显示模块显示。  The graphics generation module generates a barcode or a picture according to the joint password acquired from the password generation module, and outputs the barcode or the image to the display module for display.
此外, 其特征在于, 所述终端以非接触通讯方式从所述智能卡获取所述验证密码。 此外,所述终端通过扫描所述智能卡的所述显示模块显示的条形码或图片获取所述验证 密码。  In addition, the terminal acquires the verification password from the smart card in a contactless communication manner. Further, the terminal acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card.
此外, 所述智能卡还包括: 按键模块;  In addition, the smart card further includes: a button module;
所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述联合 密码。  The button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command.
此外, 所述收发模块在发送所述签名报文至所述终端之后, 还断开与所述终端的连接; 所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。  In addition, the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.
本发明的再一方面提供了一种电子签名功能的智能卡交易方法, 所述方法包括: A、 具有电子签名功能的智能卡接入终端, 接收交易报文; A further aspect of the present invention provides a smart card transaction method for an electronic signature function, the method comprising: A. A smart card access terminal having an electronic signature function, receiving a transaction message;
B、 所述智能卡生成联合密码;  B. The smart card generates a joint password;
C、 所述智能卡根据所述交易报文和所述联合密码生成签名报文;  C. The smart card generates a signature message according to the transaction packet and the joint password.
D、 所述智能卡至少将所述签名报文发送至所述终端;  D. The smart card sends at least the signature message to the terminal;
E、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文和所述验证密码发送 至后台系统服务器;  E. The terminal acquires a verification password, and sends the transaction message, the signature message, and the verification password to the background system server.
F、 所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。  F. The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述验证密码为通过所述终端扫描所述智能卡显示的信息获取的联合密码, 或通 过所述终端以非接触通讯方式从所述智能卡获取的联合密码;或通过所述终端的按键输入的 联合密码。  In addition, the verification password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal. The joint password.
此外, 所述步骤 C包括:  In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码;  The smart card encrypts the joint password to obtain an encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 此外, 所述步骤 C包括:  The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message. In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码;  The smart card encrypts the combined password and a combination of random numbers to obtain an encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 此外, 所述步骤 D 中, 所述智能卡还将所述加密联合密码和所述签名报文发送至所述 终端; 所述步骤 E中, 所述终端还将所述加密联合密码、 所述交易报文、所述签名报文和所 述联合密码发送至后台系统服务器。  The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signature message. In addition, in the step D, the smart card further sends the encrypted joint password and the signature message to the terminal; in the step E, the terminal further uses the encrypted joint password, the transaction. The message, the signature message, and the joint password are sent to the backend system server.
此外, 所述步骤 C包括:  In addition, the step C includes:
所述智能卡计算所述交易报文的摘要信息;  The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码,并计算所述加密联合密码的摘 要信息;  The smart card encrypts the joint password to obtain an encrypted joint password, and calculates summary information of the encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码的摘要信息进行签名,生成 签名报文。  The smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
此外, 所述步骤 D 中, 所述智能卡还将所述加密联合密码的摘要信息和所述签名报文 发送至所述终端; 所述步骤 E中, 所述终端还将所述联合密码的摘要信息、 所述交易报文、 所述签名报文和所述联合密码发送至后台系统服务器。 此外, 在所述步骤 D和所述步骤 E之间, 所述方法还包括: In addition, in the step D, the smart card further sends the summary information of the encrypted joint password and the signature message to the terminal; in the step E, the terminal further summarizes the joint password. The information, the transaction message, the signature message, and the joint password are sent to a background system server. In addition, between the step D and the step E, the method further includes:
所述智能卡断开与所述终端的连接;  The smart card disconnects from the terminal;
所述智能卡显示所述交易报文;  The smart card displays the transaction message;
所述智能卡接收通过按键输入的确认密码和 /或确认指令;  The smart card receives a confirmation password and/or a confirmation command input through a button;
所述智能卡显示所述联合密码、 条形码或图片。  The smart card displays the joint password, barcode or picture.
本发明的再一方面提供了一种具有电子签名功能的智能卡, 其特征在于, 所述智能卡包 括: 收发模块、 密码生成模块和签名模块;  A further aspect of the present invention provides a smart card having an electronic signature function, wherein the smart card includes: a transceiver module, a password generation module, and a signature module;
所述收发模块用于接入终端, 接收交易报文并将所述交易报文发送至所述签名模块; 所述密码生成模块用于生成联合密码, 并将所述联合密码发送至所述签名模块; 所述签名模块用于根据所述交易报文和所述联合密码生成签名报文;  The transceiver module is configured to access a terminal, receive a transaction message, and send the transaction message to the signature module; the password generation module is configured to generate a joint password, and send the joint password to the signature a module; the signature module is configured to generate a signature message according to the transaction message and the joint password;
所述收发模块还用于至少将所述签名报文发送至所述终端。  The transceiver module is further configured to send the signature message to the terminal at least.
此外, 所述智能卡还包括: 显示模块; 所述显示模块用于显示所述联合密码。  In addition, the smart card further includes: a display module; the display module is configured to display the joint password.
此外, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认 指令, 触发所述显示模块显示所述联合密码。  In addition, the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or the confirmation command.
此外, 所述智能卡还包括: 显示模块和图形生成模块; 所述图形生成模块用于根据从所 述密码生成模块获取的所述联合密码生成条形码或图片;所述显示模块用于显示所述条形码 或图片。  In addition, the smart card further includes: a display module and a graphic generation module; the graphic generation module is configured to generate a barcode or a picture according to the joint password acquired from the password generation module; and the display module is configured to display the barcode Or picture.
此外, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认 指令, 触发所述显示模块显示所述条形码或图片。  In addition, the smart card further includes: a button module; the button module triggers the display module to display the barcode or the picture according to the received confirmation password and/or confirmation command.
此外, 所述智能卡以非接触通讯方式接入所述终端。  In addition, the smart card accesses the terminal in a contactless communication manner.
此外, 所述收发模块在发送所述签名报文至所述终端之后, 还断开与所述终端的连接; 所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。  In addition, the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.
本发明再一方面提供了一种具有电子签名功能的智能卡交易系统,所述系统包括:终端、 后台系统服务器及前述的具有电子签名功能的智能卡;  Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and the foregoing smart card having an electronic signature function;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文和所述验证密码发送至所 述后台系统服务器;  The terminal acquires a verification password, and sends at least the transaction message, the signature message, and the verification password to the backend system server;
所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所述交 易报文执行交易操作。  The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述终端通过扫描所述智能卡显示的条形码或图片获取所述验证密码, 或以非接 触通讯方式从所述智能卡获取所述验证密码;或通过按键接收输入的联合密码作为所述验证 密码。 本发明再一方面提供了一种具有电子签名功能的智能卡交易方法, 所述方法包括:In addition, the terminal acquires the verification password by scanning a barcode or a picture displayed by the smart card, or acquires the verification password from the smart card in a contactless communication manner; or receives an input joint password as a verification password by using a button. . Another aspect of the present invention provides a smart card transaction method with an electronic signature function, the method comprising:
A'、 具有电子签名功能的智能卡接入终端, 接收交易报文; A', a smart card access terminal having an electronic signature function, receiving a transaction message;
B'、 所述智能卡生成联合密码, 并至少根据所述联合密码生成加密联合密码;  B', the smart card generates a joint password, and generates an encrypted joint password according to at least the joint password;
C'、 所述智能卡根据所述交易报文生成签名报文;  C', the smart card generates a signature message according to the transaction message;
D'、 所述智能卡将所述签名报文和所述加密联合密码发送至所述终端;  D', the smart card sends the signature message and the encrypted joint password to the terminal;
E'、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文、 所述验证密码和所 述加密联合密码发送至后台系统服务器;  E', the terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to a background system server;
F'、 所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根 据所述交易报文执行交易操作。  F', the background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述验证密码为通过所述终端扫描所述智能卡显示的信息获取的联合密码, 或通 过所述终端以非接触通讯方式从所述智能卡获取的联合密码;或通过所述终端的按键输入的 联合密码。  In addition, the verification password is a joint password obtained by scanning, by the terminal, the information displayed by the smart card, or a joint password obtained by the terminal from the smart card in a contactless communication manner; or inputting through a button of the terminal. The joint password.
此外, 步骤 B' 所述至少根据联合密码生成加密联合密码包括:  In addition, generating the encrypted joint password according to at least the joint password according to step B' includes:
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码; 或 所述智能卡采用对称加密或者非对称加密方式对联合密码进行加密获得加密联合密码。 此外, 所述步骤 C'包括:  The smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; or the smart card encrypts the joint password by using symmetric encryption or asymmetric encryption to obtain an encrypted joint password. In addition, the step C' includes:
所述智能卡计算所述交易报文的摘要信息, 对所述交易报文的摘要信息进行签名, 生成 签名报文。  The smart card calculates summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message.
此外, 在所述步骤 D'和所述步骤 E'之间, 所述方法还包括:  In addition, between the step D' and the step E', the method further includes:
所述智能卡断开与所述终端的连接;  The smart card disconnects from the terminal;
所述智能卡显示所述交易报文;  The smart card displays the transaction message;
所述智能卡接收通过按键输入的确认密码和 /或确认指令;  The smart card receives a confirmation password and/or a confirmation command input through a button;
所述智能卡显示所述联合密码、 条形码或图片。  The smart card displays the joint password, barcode or picture.
本发明再一方面提供了一种具有电子签名功能的智能卡, 所述智能卡包括: 收发模块、 密码生成模块、 加密模块和签名模块;  A further aspect of the present invention provides a smart card having an electronic signature function, the smart card comprising: a transceiver module, a password generation module, an encryption module, and a signature module;
所述收发模块用于接入终端, 接收交易报文并将所述交易报文发送至所述签名模块; 所述密码生成模块用于生成联合密码, 并发送所述联合密码至所述加密模块; 所述加密模块用于至少根据所述联合密码生成加密联合密码;  The transceiver module is configured to access a terminal, receive a transaction message, and send the transaction message to the signature module. The password generation module is configured to generate a joint password, and send the joint password to the encryption module. The encryption module is configured to generate an encrypted joint password according to at least the joint password;
所述签名模块用于根据所述交易报文生成签名报文;  The signature module is configured to generate a signature message according to the transaction message;
所述收发模块还用于将所述加密联合密码和所述签名报文发送至所述终端。  The transceiver module is further configured to send the encrypted joint password and the signed message to the terminal.
此外, 所述智能卡还包括: 显示模块; 所述显示模块用于显示所述联合密码。 此外, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认 指令, 触发所述显示模块显示所述联合密码。 In addition, the smart card further includes: a display module; the display module is configured to display the joint password. In addition, the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation command.
此外, 所述智能卡还包括: 图形生成模块和显示模块; 所述图形生成模块用于根据从所 述密码生成模块获取的所述联合密码生成条形码或图片;所述显示模块用于显示所述条形码 或图片。  In addition, the smart card further includes: a graphic generating module and a display module; the graphic generating module is configured to generate a barcode or a picture according to the joint password acquired from the password generating module; the display module is configured to display the barcode Or picture.
此外, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认 指令, 触发所述显示模块显示所述条形码或图片。  In addition, the smart card further includes: a button module; the button module triggers the display module to display the barcode or the picture according to the received confirmation password and/or confirmation command.
此外, 所述智能卡以非接触通讯方式接入所述终端。  In addition, the smart card accesses the terminal in a contactless communication manner.
此外, 所述收发模块在发送所述签名报文至所述终端之后, 还断开与所述终端的连接; 所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。  In addition, the transceiver module further disconnects the terminal after sending the signature message to the terminal; the display module further displays after the transceiver module disconnects from the terminal. The transaction message.
本发明再一方面提供了一种具有电子签名功能的智能卡交易系统,所述系统包括:终端、 后台系统服务器及前述的具有电子签名功能的智能卡;  Another aspect of the present invention provides a smart card transaction system having an electronic signature function, the system comprising: a terminal, a background system server, and the foregoing smart card having an electronic signature function;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文、 所述验证密码和所述加 密联合密码发送至所述后台系统服务器;  The terminal acquires a verification password, and sends at least the transaction message, the signature message, the verification password, and the encrypted joint password to the background system server;
所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。  The background system server respectively verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 所述终端以非接触通讯方式从所述智能卡获取所述验证密码, 或通过扫描所述智 能卡的所述显示模块显示的条形码或图片获取所述验证密码,或通过按键接收输入的联合密 码作为所述验证密码。  In addition, the terminal acquires the verification password from the smart card in a contactless communication manner, or acquires the verification password by scanning a barcode or a picture displayed by the display module of the smart card, or receives an input joint password through a button. As the verification password.
由上述本发明提供的技术方案可以看出, 本发明提供了一种具有电子签名功能的智能 卡、智能卡交易系统和具有电子签名功能的智能卡交易方法, 通过智能卡和终端的一次接入 完成交易所需数据的交互, 降低了多次接入造成的重要信息被截获的风险, 提高了安全性。 本发明的联合密码可以是在每次交易时随机生成的数字、 字母和字符的一种或多种的组合, 不同于现有的交易密码和 OTP必须采用密文进行传输, 本发明的联合密码可通过明文进行 传输, 并且不会降低交易过程中账户的安全性; 本发明的联合密码是在智能卡一侧生成并上 传至后台系统服务器, 也不同于现有的 OTP需要后台系统服务器和终端同时生成, 本发明 的单侧生成联合密码并进行签名或单侧生成联合密码并进行加密,以保证联合密码传输的安 全性和联合密码验证的准确性; 本发明的终端是在获取了联合密码之后发送相关数据(可以 是交易报文、 签名报文和联合密码)至后台系统服务器, 使得由终端发送至后台系统服务器 的需要由后台系统服务器进行处理的数据均为经过授权且有效的数据, 保证了安全性, 提高 了工作效率。 附图说明 It can be seen from the technical solution provided by the present invention that the present invention provides a smart card with an electronic signature function, a smart card transaction system, and a smart card transaction method with an electronic signature function, which is required for completing a transaction through a single access of the smart card and the terminal. The interaction of data reduces the risk of interception of important information caused by multiple accesses and improves security. The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted using ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously The unilateral side of the present invention generates a joint cipher and performs signature or unilaterally generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification. The terminal of the present invention obtains the joint cipher. Send relevant data (which can be transaction message, signature message and joint password) to the background system server, so that the data sent by the terminal to the background system server and processed by the background system server are authorized and valid data, guaranteeing Safety has improved work efficiency. DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图 作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于本领域的 普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以根据这些附图获得其他附图。  In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without any creative work.
图 1为现有的电子签名交易的方法流程图;  1 is a flow chart of a method for an existing electronic signature transaction;
图 2为本发明实施例 1的具有电子签名功能的智能卡交易方法的流程图;  2 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 1 of the present invention;
图 3为本发明实施例 2的具有电子签名功能的智能卡交易方法的流程图;  3 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 2 of the present invention;
图 4为本发明实施例 3的具有电子签名功能的智能卡交易方法的流程图;  4 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 3 of the present invention;
图 5为本发明实施例 4的具有电子签名功能的智能卡交易方法的流程图;  5 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 4 of the present invention;
图 6为本发明实施例 5的具有电子签名功能的智能卡交易系统的结构示意图; 图 7为本发明实施例 6的具有电子签名功能的智能卡交易系统的结构示意图; 图 8为本发明实施例 7的具有电子签名功能的智能卡交易系统的结构示意图; 图 9为本发明实施例 8的具有电子签名功能的智能卡交易系统的结构示意图。 具体实施方式  6 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 5 of the present invention; FIG. 7 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 6 of the present invention; FIG. 9 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 8 of the present invention; FIG. detailed description
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明的实 施例, 本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例, 都属于 本发明的保护范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
在本发明的描述中, 需要理解的是, 术语"中心"、 "纵向"、 "横向"、 "上"、 "下"、 "前"、 In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "transverse", "upper", "lower", "front",
"后"、 "左"、 "右"、 "竖直"、 "水平"、 "顶"、 "底"、 "内"、 "外"等指示的方位或位置关系为基 于附图所示的方位或位置关系, 仅是为了便于描述本发明和简化描述, 而不是指示或暗示所 指的装置或元件必须具有特定的方位、 以特定的方位构造和操作, 因此不能理解为对本发明 的限制。 此外, 术语"第一"、 "第二 "仅用于描述目的, 而不能理解为指示或暗示相对重要性 或数量或位置。 The orientation or positional relationship of "post", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside", etc. is based on the figure The orientation or positional relationship is merely for the purpose of describing the present invention and the simplification of the description, and is not intended to indicate or imply that the device or component referred to has a particular orientation, is constructed and operated in a particular orientation, and thus is not to be construed as limiting. Moreover, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
在本发明的描述中, 需要说明的是, 除非另有明确的规定和限定, 术语"安装"、 "相连"、 "连接 "应做广义理解, 例如, 可以是固定连接, 也可以是可拆卸连接, 或一体地连接; 可以 是机械连接, 也可以是电连接; 可以是直接相连, 也可以通过中间媒介间接相连, 可以是两 个元件内部的连通。对于本领域的普通技术人员而言, 可以具体情况理解上述术语在本发明 中的具体含义。  In the description of the present invention, it should be noted that the terms "installation", "connected", and "connected" are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or connected integrally; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components. The specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art.
下面将结合附图对本发明实施例作进一步地详细描述。 实施例 1 The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. Example 1
图 2为本发明实施例 1的具有电子签名功能的智能卡交易方法的流程图。 现结合图 2, 对本发明具有电子签名功能的智能卡交易方法进行说明, 具体如下:  2 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 1 of the present invention. Referring now to FIG. 2, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
本发明具有电子签名功能的智能卡交易方法包括:  The smart card transaction method with the electronic signature function of the invention includes:
步骤 S201 : 具有电子签名功能的智能卡接入终端, 接收交易报文;  Step S201: A smart card access terminal having an electronic signature function, receiving a transaction message;
具体的, 在具有电子签名功能的智能卡接入终端之前, 终端可通过手工输入、 网络、 扫 描商品信息等方式获取交易报文。  Specifically, before the smart card access terminal having the electronic signature function, the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
智能卡可通过非接触方式接入终端, 接收终端发送的交易报文。其中, 交易报文至少包 括账户和金额, 还可包括交易明细信息。  The smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal. Among them, the transaction message includes at least the account and the amount, and may also include transaction details.
当然, 智能卡也可以通过接触方式接入终端。  Of course, the smart card can also access the terminal through contact.
其中, 本发明的终端可为手机、 笔记本、 平板电脑、 PC、 POS 机等能够通过有线或无 线方式与后台系统服务器进行交互的装置。  The terminal of the present invention may be a device capable of interacting with a background system server by a wired or wireless method, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
本发明的智能卡采用非接触方式接入终端较接触方式接入终端具有较高的安全性,防止 信息被获取。  The smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
步骤 S202: 智能卡生成联合密码;  Step S202: The smart card generates a joint password.
具体的, 智能卡随机地生成数字、 字母和 /或符号, 从数字、 字母和符号中选择一种或 多种组合生成联合密码, 可以保证联合密码的不唯一性, 随机性, 提高联合密码的安全性。  Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password, which can ensure non-uniqueness of the joint password, randomness, and improve the security of the joint password. Sex.
步骤 S203: 智能卡根据交易报文和联合密码生成签名报文;  Step S203: The smart card generates a signature message according to the transaction packet and the joint password.
具体的, 智能卡可以直接对交易报文和联合密码进行签名, 生成签名报文; 或者 智能卡计算交易报文的摘要信息, 计算联合密码的摘要信息, 对交易报文的摘要信息和 联合密码的摘要信息进行签名, 生成签名报文; 或者  Specifically, the smart card can directly sign the transaction message and the joint password to generate a signature message; or the smart card calculates the summary information of the transaction message, calculates the summary information of the joint password, and summarizes the summary information of the transaction message and the combined password. The information is signed to generate a signature message; or
智能卡计算交易报文的摘要信息, 对联合密码进行加密获得加密联合密码, 对交易报文 的摘要信息和加密联合密码进行签名, 生成签名报文; 或者  The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and signs the summary information of the transaction message and the encrypted joint password to generate a signature message; or
智能卡计算交易报文的摘要信息, 对联合密码进行加密获得加密联合密码, 并计算加密 联合密码的摘要信息, 对交易报文的摘要信息和加密联合密码的摘要信息进行签名, 生成签 名报文。  The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password, and signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
其中,摘要信息可以包括如下的一种或其组合:通过哈希算法计算的哈希值、通过 MAC 算法计算的 MAC值, 通过对称加密获得的密文本身。  The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
另外, 加密运算可以为对称加密或者非对称加密(例如通过后台系统服务器的公钥进行 加密)。 为了进一步提高联合密码传输的安全性, 智能卡还可以生成一个随机数, 将联合密 码和该随机数按照预设的格式进行组合, 并对组合后的数据进行加密获得加密联合密码。此 时将联合密码和随机数进行组合, 从而防止重放攻击。 In addition, the encryption operation can be symmetric encryption or asymmetric encryption (for example, by the public key of the background system server). In order to further improve the security of the joint password transmission, the smart card can also generate a random number, which will be combined with the secret. The code and the random number are combined according to a preset format, and the combined data is encrypted to obtain an encrypted joint password. At this point, the joint password and the random number are combined to prevent replay attacks.
本发明可以采用通过对联合密码进行摘要计算、对联合密码进行加密或对加密联合密码 进行摘要计算, 保证了联合密码传输的安全性; 可以对联合密码的摘要信息、 加密联合密码 或加密联合密码的摘要信息进行签名, 提高了交易的安全性。  The invention can adopt the method of performing summary calculation on the joint password, encrypting the joint password or performing digest calculation on the encrypted joint password, thereby ensuring the security of the joint password transmission; the summary information of the joint password, the encrypted joint password or the encrypted joint password. The summary information is signed to improve the security of the transaction.
步骤 S204: 智能卡至少将签名报文发送至终端;  Step S204: The smart card sends at least the signature message to the terminal.
具体的, 在步骤 S203中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 智 能卡还将加密联合密码和签名报文发送至终端。  Specifically, in step S203, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.
在步骤 S203中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 智能卡还将加密联合密码的摘要信息和签名报文发送至终端。  In step S203, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.
当然, 无论步骤 S203中, 智能卡计算的是何种信息, 智能卡都可以将计算的信息发送 至终端。  Of course, regardless of what information the smart card calculates in step S203, the smart card can transmit the calculated information to the terminal.
步骤 S205: 终端获取验证密码, 至少将交易报文、 签名报文和验证密码发送至后台系 统服务器;  Step S205: The terminal acquires the verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server.
其中, 验证密码为通过终端扫描智能卡显示的信息获取的联合密码, 或通过终端以非接 触通讯方式从智能卡获取的联合密码, 或通过终端的按键输入的联合密码。非接触通讯方式 可以为蓝牙、 光通讯、 NFC红外等通讯方式。  The verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal. Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
具体的, 在步骤 S203中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 终 端还将加密联合密码、 交易报文、 签名报文和验证密码发送至后台系统服务器。  Specifically, in step S203, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal also sends the encrypted joint password, the transaction message, the signature message, and the verification password to the background system server.
在步骤 S203中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 终端还将加密联合密码的摘要信息、交易报文、签名报文和验证密码发送至后台系统服务器。  In step S203, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal also sends the summary information of the encrypted joint password, the transaction message, the signature message, and the verification password to the background system server.
当然, 无论步骤 S203中, 智能卡计算的是何种信息, 终端均可以将智能卡计算的信息 发送至后台系统服务器。  Of course, regardless of what kind of information is calculated by the smart card in step S203, the terminal can send the information calculated by the smart card to the background system server.
本发明的终端只有在获取验证密码后, 才会将交易报文、签名报文和验证密码发送至后 台系统服务器, 以便后台系统服务器根据联合密码和签名报文对用户身份进行认证, 进而触 发后台系统服务器完成交易, 提高交易的安全性。  After obtaining the verification password, the terminal of the present invention sends the transaction message, the signature message and the verification password to the background system server, so that the background system server authenticates the user identity according to the joint password and the signature message, thereby triggering the background. The system server completes the transaction and improves the security of the transaction.
本发明的联合密码可以是在每次交易时随机生成的数字、字母和字符的一种或多种的组 合, 不同于现有的交易密码和 OTP必须采用密文进行传输, 本发明的联合密码可通过明文 进行传输, 并且不会降低交易过程中账户的安全性; 本发明的联合密码是在智能卡一侧生成 并上传至后台系统服务器, 也不同于现有的 OTP需要后台系统服务器和终端同时生成, 本 发明的单侧生成联合密码并进行签名,以保证联合密码传输的安全性和联合密码验证的准确 性; 本发明的终端是在获取了验证密码之后发送相关数据(可以是交易报文、 签名报文和验 证密码)至后台系统服务器, 使得由终端发送至后台系统服务器的需要由后台系统服务器进 行处理的数据均为经过授权的数据, 保证了安全性, 提高了工作效率。 The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously Generate, the unilateral generation of the joint password of the invention and signature, to ensure the security of the joint password transmission and the accuracy of the joint password verification The terminal of the present invention sends relevant data (which may be a transaction message, a signature message, and a verification password) to the background system server after obtaining the verification password, so that the terminal device server needs to be sent by the background system server. The processed data is authorized data, which ensures security and improves work efficiency.
步骤 S206: 后台系统服务器验证签名报文和验证密码, 并在验证通过后, 根据交易报 文执行交易操作。  Step S206: The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
具体的, 在步骤 S203中, 如果智能卡根据联合密码和交易报文进行签名, 则此步骤中, 终端根据交易报文和验证密码验证签名报文的正确性, 如果签名正确, 则确定验证密码和签 名报文均通过验证。  Specifically, in step S203, if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, determines the verification password and Signature messages are verified.
在步骤 S203中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 终端根据加 密联合密码验证验证密码的正确性, 并根据交易报文和验证密码验证签名报文的正确性。  In step S203, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signature message according to the transaction message and the verification password.
在步骤 S203中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 终端根据加密联合密码的摘要信息验证验证密码的正确性,并根据交易报文和验证密码验证 签名报文的正确性。  In step S203, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature message according to the transaction message and the verification password. The correctness.
当然, 上述过程中, 终端还可以根据交易报文和加密联合密码或加密联合密码的摘要信 息验证签名报文的正确性。  Of course, in the foregoing process, the terminal may further verify the correctness of the signature message according to the transaction message and the encrypted joint password or the encrypted joint password summary information.
当然, 无论步骤 S203中, 智能卡在计算签名报文时根据的是何种信息, 终端均可以根 据该信息或者验证密码来验证验证密码和签名报文的正确性。  Of course, no matter what information the smart card is based on when calculating the signature message in step S203, the terminal can verify the correctness of the verification password and the signature message according to the information or the verification password.
由此可见本发明的智能卡交易方法,通过智能卡和终端的一次接入完成交易所需数据的 交互, 降低了多次接入造成的重要信息被截获的风险, 提高了安全性。 实施例 2  It can be seen that the smart card transaction method of the present invention completes the interaction of data required for transactions through one access of the smart card and the terminal, reduces the risk of interception of important information caused by multiple accesses, and improves security. Example 2
图 3为本发明实施例 2的具有电子签名功能的智能卡交易方法的流程图。 现结合图 3, 对本发明具有电子签名功能的智能卡交易方法进行说明, 具体如下:  3 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 2 of the present invention. Referring now to FIG. 3, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
本发明具有电子签名功能的智能卡交易方法包括:  The smart card transaction method with the electronic signature function of the invention includes:
步骤 S301 : 具有电子签名功能的智能卡接入终端, 接收交易报文;  Step S301: A smart card access terminal having an electronic signature function, receiving a transaction message;
具体的, 在具有电子签名功能的智能卡接入终端之前, 终端可通过手工输入、 网络、 扫 描商品信息等方式获取交易报文。  Specifically, before the smart card access terminal having the electronic signature function, the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
智能卡可通过非接触方式接入终端, 接收终端发送的交易报文。其中, 交易报文至少包 括账户和金额, 还可包括交易明细信息。  The smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal. Among them, the transaction message includes at least the account and the amount, and may also include transaction details.
当然, 智能卡也可以通过接触方式接入终端。  Of course, the smart card can also access the terminal through contact.
其中, 本发明的终端可为手机、 笔记本、 平板电脑、 PC、 POS 机等能够通过有线或无 线方式与后台系统服务器进行交互的装置。 Wherein, the terminal of the present invention can be wired or not for mobile phones, notebooks, tablets, PCs, POS machines, etc. A device that interacts with the backend system server in a line mode.
本发明的智能卡采用非接触方式接入终端较接触方式接入终端具有较高的安全性,防止 信息被获取。  The smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
步骤 S302: 智能卡生成联合密码;  Step S302: The smart card generates a joint password.
具体的, 智能卡随机地生成数字、 字母和 /或符号, 从数字、 字母和符号中选择一种或 多种组合生成联合密码, 可以保证联合密码的不唯一性, 随机性, 提高联合密码的安全性。  Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password, which can ensure non-uniqueness of the joint password, randomness, and improve the security of the joint password. Sex.
步骤 S303: 智能卡根据交易报文和联合密码生成签名报文;  Step S303: The smart card generates a signature message according to the transaction packet and the joint password.
具体的, 智能卡可以直接对交易报文和联合密码进行签名, 生成签名报文; 或者 智能卡计算交易报文的摘要信息, 计算联合密码的摘要信息, 对交易报文的摘要信息和 联合密码的摘要信息进行签名, 生成签名报文; 或者  Specifically, the smart card can directly sign the transaction message and the joint password to generate a signature message; or the smart card calculates the summary information of the transaction message, calculates the summary information of the joint password, and summarizes the summary information of the transaction message and the combined password. The information is signed to generate a signature message; or
智能卡计算交易报文的摘要信息, 对联合密码进行加密获得加密联合密码, 对交易报文 的摘要信息和加密联合密码进行签名, 生成签名报文; 或者  The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and signs the summary information of the transaction message and the encrypted joint password to generate a signature message; or
智能卡计算交易报文的摘要信息, 对联合密码进行加密获得加密联合密码, 并计算加密 联合密码的摘要信息, 对交易报文的摘要信息和加密联合密码的摘要信息进行签名, 生成签 名报文。  The smart card calculates the summary information of the transaction message, encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password, and signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signature message.
其中,摘要信息可以包括如下的一种或其组合:通过哈希算法计算的哈希值、通过 MAC 算法计算的 MAC值, 通过对称加密获得的密文本身。  The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
另外, 加密运算可以为对称加密或者非对称加密(例如通过后台系统服务器的公钥进行 加密)。 为了进一步提高联合密码传输的安全性, 智能卡还可以生成一个随机数, 将联合密 码和该随机数按照预设的格式进行组合, 并对组合后的数据进行加密获得加密联合密码。此 时将联合密码和随机数进行组合, 从而防止重放攻击。  In addition, the encryption operation can be symmetric encryption or asymmetric encryption (for example, by the public key of the background system server). In order to further improve the security of the joint password transmission, the smart card may also generate a random number, combine the joint password and the random number according to a preset format, and encrypt the combined data to obtain an encrypted joint password. The combined password and random number are combined to prevent replay attacks.
本发明可以采用通过对联合密码进行摘要计算、对联合密码进行加密或对加密联合密码 进行摘要计算, 保证了联合密码传输的安全性; 可以对联合密码的摘要信息、 加密联合密码 或加密联合密码的摘要信息进行签名, 提高了交易的安全性。  The invention can adopt the method of performing summary calculation on the joint password, encrypting the joint password or performing digest calculation on the encrypted joint password, thereby ensuring the security of the joint password transmission; the summary information of the joint password, the encrypted joint password or the encrypted joint password. The summary information is signed to improve the security of the transaction.
步骤 S304: 智能卡至少将签名报文发送至终端;  Step S304: The smart card sends at least the signature message to the terminal.
具体的, 在步骤 S303中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 智 能卡还将加密联合密码和签名报文发送至终端。  Specifically, in step S303, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the smart card also sends the encrypted joint password and the signed message to the terminal.
在步骤 S303中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 智能卡还将加密联合密码的摘要信息和签名报文发送至终端。  In step S303, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the smart card also sends the summary information and the signature message of the encrypted joint password to the terminal.
当然, 无论步骤 S303中, 智能卡计算的是何种信息, 智能卡都可以将计算的信息发送 至终端。 步骤 S305: 智能卡断开与终端的连接; Of course, regardless of what kind of information is calculated by the smart card in step S303, the smart card can send the calculated information to the terminal. Step S305: The smart card disconnects from the terminal;
具体的, 在非接触式方式接入的情况下, 用户持智能卡离开终端的感应范围即可; 在接 触式方式接入的情况下, 用户从终端中拔出智能卡即可。断开与终端的连接保证了智能卡与 终端的一次接触, 降低了多次接触信息被截获的风险, 提高了数据传输的安全性。  Specifically, in the case of the contactless mode access, the user can leave the sensing range of the smart card to leave the terminal; in the case of the contact mode access, the user can pull out the smart card from the terminal. Disconnecting from the terminal ensures that the smart card and the terminal are in one contact, which reduces the risk of intercepting multiple contact information and improves the security of data transmission.
步骤 S306: 智能卡显示交易报文;  Step S306: The smart card displays the transaction message;
具体的, 智能卡在显示屏上显示接收到的交易报文, 以便用户确认该交易的真实性, 保 证交易的安全。  Specifically, the smart card displays the received transaction message on the display screen, so that the user can confirm the authenticity of the transaction and ensure the security of the transaction.
步骤 S307: 智能卡接收通过按键输入的确认密码和 /或确认指令;  Step S307: The smart card receives the confirmation password and/or the confirmation command input through the button;
具体的, 用户在确认了交易信息的真实性之后, 可以通过输入确认密码和 /或确认指令 的操作, 触发智能卡显示生成的联合密码。通过输入确认密码触发智能卡显示联合密码、 条 形码或图片可以防止联合密码被他人获知, 提高联合密码的保密性。  Specifically, after confirming the authenticity of the transaction information, the user may trigger the smart card to display the generated joint password by inputting the confirmation password and/or the operation of the confirmation instruction. By entering the confirmation password to trigger the smart card to display the joint password, barcode or picture, the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved.
步骤 S308: 智能卡显示联合密码、 条形码或图片;  Step S308: The smart card displays a joint password, a barcode or a picture;
具体的, 智能卡显示联合密码、 条形码或图片, 便于终端获取验证码, 进而完成交易。 为了进一步提高联合密码的安全性, 防止他人获取联合密码的明文信息, 在步骤 S302 时,还可以将联合密码明文以预设的对称加密算法进行加密并将加密后的联合密码存储在智 能卡中, 在智能卡接收用户通过按键输入的确认密码和 /或确认指令后, 再以该预设的对称 加密算法解密出联合密码明文进行显示。  Specifically, the smart card displays a joint password, a barcode, or a picture, so that the terminal can obtain the verification code and complete the transaction. In order to further improve the security of the joint password, and prevent others from obtaining the plaintext information of the joint password, in step S302, the joint password plaintext may be encrypted by a preset symmetric encryption algorithm and the encrypted joint password is stored in the smart card. After the smart card receives the confirmation password and/or confirmation command input by the user through the button, the combined password clear text is decrypted by the preset symmetric encryption algorithm for display.
步骤 S309: 终端获取验证密码, 至少将交易报文、 签名报文和验证密码发送至后台系 统服务器;  Step S309: The terminal acquires the verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server;
其中, 验证密码为通过终端扫描智能卡显示的信息获取的联合密码, 或通过终端以非接 触通讯方式从智能卡获取的联合密码, 或通过终端的按键输入的联合密码。非接触通讯方式 可以为蓝牙、 光通讯、 NFC红外等通讯方式。  The verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal. Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
具体的, 在步骤 S303中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 终 端还将加密联合密码、 交易报文、 签名报文和联合密码发送至后台系统服务器。  Specifically, in step S303, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal also sends the encrypted joint password, the transaction message, the signature message, and the joint password to the background system server.
在步骤 S303中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 终端还将加密联合密码的摘要信息、交易报文、签名报文和联合密码发送至后台系统服务器。  In step S303, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal also sends the summary information of the encrypted joint password, the transaction message, the signature message, and the joint password to the background system server.
当然, 无论步骤 S303中, 智能卡计算的是何种信息, 终端均可以将智能卡计算的信息 发送至后台系统服务器。  Of course, regardless of the information calculated by the smart card in step S303, the terminal can send the information calculated by the smart card to the background system server.
本发明的终端只有在获取验证密码后, 才会将交易报文、签名报文和验证密码发送至后 台系统服务器, 以便后台系统服务器根据验证密码和签名报文对用户身份进行认证, 进而触 发后台系统服务器完成交易, 提高交易的安全性。 本发明的联合密码可以是在每次交易时随机生成的数字、字母和字符的一种或多种的组 合, 不同于现有的交易密码和 OTP必须采用密文进行传输, 本发明的联合密码可通过明文 进行传输, 并且不会降低交易过程中账户的安全性; 本发明的联合密码是在智能卡一侧生成 并上传至后台系统服务器, 也不同于现有的 OTP需要后台系统服务器和终端同时生成, 本 发明的单侧生成联合密码并进行签名,以保证联合密码传输的安全性和联合密码验证的准确 性; 本发明的终端是在获取了验证密码之后发送相关数据(可以是交易报文、 签名报文和验 证密码)至后台系统服务器, 使得由终端发送至后台系统服务器的需要由后台系统服务器进 行处理的数据均为经过授权的数据, 保证了安全性, 提高了工作效率。 After obtaining the verification password, the terminal of the present invention sends the transaction message, the signature message and the verification password to the background system server, so that the background system server authenticates the user identity according to the verification password and the signature message, and then triggers the background. The system server completes the transaction and improves the security of the transaction. The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously Generating, the one-side of the present invention generates a joint password and performs signature to ensure the security of the joint password transmission and the accuracy of the joint password verification; the terminal of the present invention sends the relevant data after obtaining the verification password (may be a transaction message) The signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
步骤 S310: 后台系统服务器验证签名报文和验证密码, 并在验证通过后, 根据交易报 文执行交易操作。  Step S310: The background system server verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
具体的, 在步骤 S303中, 如果智能卡根据联合密码和交易报文进行签名, 则此步骤中, 终端则根据而交易报文和验证密码验证签名报文的正确性, 如果签名正确, 则确定验证密码 和签名报文均通过验证。  Specifically, in step S303, if the smart card performs signature according to the joint password and the transaction message, in this step, the terminal verifies the correctness of the signature message according to the transaction message and the verification password, and if the signature is correct, the verification is determined. Both the password and the signed message are verified.
在步骤 S303中, 如果采用智能卡计算加密联合密码的方案时, 此步骤中, 终端则根据 加密联合密码验证验证密码的正确性, 并根据交易报文和验证密码验证签名报文的正确性。  In step S303, if the smart card is used to calculate the scheme for encrypting the joint password, in this step, the terminal verifies the correctness of the password according to the encrypted joint password verification, and verifies the correctness of the signature message according to the transaction message and the verification password.
在步骤 S303中, 如果采用智能卡计算加密联合密码的摘要信息的方案时, 此步骤中, 终端则根据加密联合密码的摘要信息验证验证密码的正确性,并根据交易报文和验证密码验 证签名报文的正确性。  In step S303, if the smart card is used to calculate the scheme for encrypting the summary information of the joint password, in this step, the terminal verifies the correctness of the verification password according to the summary information of the encrypted joint password, and verifies the signature report according to the transaction message and the verification password. The correctness of the text.
当然, 上述过程中, 终端还可以根据交易报文和加密联合密码或加密联合密码的摘要信 息验证签名报文的正确性。  Of course, in the foregoing process, the terminal may further verify the correctness of the signature message according to the transaction message and the encrypted joint password or the encrypted joint password summary information.
当然, 无论步骤 S303中, 智能卡在计算签名报文时根据的是何种信息, 终端均可以根 据智能卡该信息或者验证密码来验证验证密码和签名报文的正确性。  Of course, no matter what information the smart card is based on when calculating the signature message in step S303, the terminal can verify the correctness of the verification password and the signature message according to the information of the smart card or the verification password.
由此可见本发明的具有电子签名功能的智能卡交易方法,通过智能卡和终端的一次接入 完成交易所需数据的交互, 降低了多次接入造成的重要信息被截获的风险, 提高了安全性。 实施例 3  Thus, the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. . Example 3
图 4为本发明实施例 3的具有电子签名功能的智能卡交易方法的流程图。 现结合图 4, 对本发明具有电子签名功能的智能卡交易方法进行说明, 具体如下:  4 is a flow chart of a smart card transaction method with an electronic signature function according to Embodiment 3 of the present invention. Referring now to FIG. 4, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
本发明具有电子签名功能的智能卡交易方法包括:  The smart card transaction method with the electronic signature function of the invention includes:
步骤 S401 : 具有电子签名功能的智能卡接入终端, 接收交易报文;  Step S401: A smart card access terminal having an electronic signature function, receiving a transaction message;
具体的, 在具有电子签名功能的智能卡接入终端之前, 终端可通过手工输入、 网络、 扫 描商品信息等方式获取交易报文。 Specifically, before the smart card access terminal having the electronic signature function, the terminal can manually input, network, and scan Obtain commodity information and other means to obtain transaction messages.
智能卡可通过非接触方式接入终端, 接收终端发送的交易报文。其中, 交易报文至少包 括账户和金额, 还可包括交易明细信息。  The smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal. Among them, the transaction message includes at least the account and the amount, and may also include transaction details.
当然, 智能卡也可以通过接触方式接入终端。  Of course, the smart card can also access the terminal through contact.
其中, 终端可为手机、 笔记本、 平板电脑、 PC、 POS 机等能够通过有线或无线方式与 后台系统服务器进行交互的装置。  The terminal can be a device that can interact with the background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
本发明的智能卡采用非接触方式接入终端较接触方式接入终端具有较高的安全性,防止 信息被获取。  The smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired.
步骤 S402: 智能卡生成联合密码, 并至少根据联合密码生成加密联合密码; 具体的, 智能卡随机地生成数字、 字母和 /或符号, 从数字、 字母和符号中选择一种或 多种组合生成联合密码, 可以保证联合密码的不唯一性, 随机性, 提高联合密码的安全性。  Step S402: The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.
具体的, 智能卡可采用对联合密码以及随机数的组合进行加密的方法获得加密联合密 码, 或采用对称加密或者非对称加密方式对联合密码进行加密获得加密联合密码。  Specifically, the smart card may obtain the encrypted joint password by encrypting the combination of the joint password and the random number, or encrypt the joint password by using symmetric encryption or asymmetric encryption to obtain the encrypted joint password.
本发明通过发送加密联合密码, 进一步保证了联合密码传输的安全性; 将联合密码和随 机数进行组合, 从而防止重放攻击。  The invention further ensures the security of the joint password transmission by transmitting the encrypted joint password; combining the joint password and the random number to prevent the replay attack.
步骤 S403: 智能卡根据交易报文生成签名报文;  Step S403: The smart card generates a signature message according to the transaction packet.
具体的, 智能卡可以直接对交易报文进行签名, 生成签名报文; 或者  Specifically, the smart card can directly sign the transaction message to generate a signature message; or
智能卡计算交易报文的摘要信息, 对交易报文的摘要信息进行签名, 生成签名报文。 其中,摘要信息可以包括如下的一种或其组合:通过哈希算法计算的哈希值、通过 MAC 算法计算的 MAC值, 通过对称加密获得的密文本身。  The smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message. The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
步骤 S404: 智能卡将签名报文和加密联合密码发送至终端;  Step S404: The smart card sends the signature message and the encrypted joint password to the terminal.
步骤 S405: 终端获取验证密码, 至少将交易报文、 签名报文、 加密联合密码和验证密 码发送至后台系统服务器;  Step S405: The terminal acquires the verification password, and sends at least the transaction message, the signature message, the encrypted joint password, and the verification password to the background system server.
其中, 验证密码为通过终端扫描智能卡显示的信息获取的联合密码, 或通过终端以非接 触通讯方式从智能卡获取的联合密码, 或通过终端的按键输入的联合密码。非接触通讯方式 可以为蓝牙、 光通讯、 NFC红外等通讯方式。  The verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal. Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
后台系统服务器可以为银行服务器或第三方服务器,第三方服务器为非银行系统采用的 服务器, 比如公交系统所采用的对公交卡进行充值和扣款控制的服务器等。  The back-end system server can be a bank server or a third-party server, and the third-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
本发明的终端只有在获取验证密码后, 才会将交易报文、签名报文、 加密联合密码和验 证密码发送至后台系统服务器,以便后台系统服务器根据验证密码和签名报文对用户身份进 行认证, 进而触发后台系统服务器完成交易, 提高交易的安全性。 本发明的联合密码可以是在每次交易时随机生成的数字、字母和字符的一种或多种的组 合, 不同于现有的交易密码和 OTP必须采用密文进行传输, 本发明的联合密码可通过明文 进行传输, 并且不会降低交易过程中账户的安全性; 本发明的联合密码是在智能卡一侧生成 并上传至后台系统服务器, 也不同于现有的 OTP需要后台系统服务器和终端同时生成, 本 发明的单侧生成联合密码并进行加密,以保证联合密码传输的安全性和联合密码验证的准确 性; 本发明的终端是在获取了验证密码之后发送相关数据(可以是交易报文、 签名报文和验 证密码)至后台系统服务器, 使得由终端发送至后台系统服务器的需要由后台系统服务器进 行处理的数据均为经过授权的数据, 保证了安全性, 提高了工作效率。 The terminal of the present invention sends the transaction message, the signature message, the encrypted joint password and the verification password to the background system server only after obtaining the verification password, so that the background system server authenticates the user identity according to the verification password and the signature message. , in turn triggers the background system server to complete the transaction, improving the security of the transaction. The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously The unilateral side of the present invention generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification. The terminal of the present invention sends the relevant data after obtaining the verification password (which may be a transaction message). The signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
步骤 S406: 后台系统服务器分别验证签名报文和验证密码, 并在验证通过后, 根据交 易报文执行交易操作。  Step S406: The background system server separately verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
具体的, 后台系统服务器根据加密联合密码对验证密码的正确性进行验证; 后台系统服 务器根据加密联合密码和交易报文对签名报文的正确性进行验证,或者根据验证密码和交易 报文对签名报文的正确性进行验证。 后台系统服务器在验证了签名正确且验证密码正确后, 根据交易报文执行交易操作。  Specifically, the background system server verifies the correctness of the verification password according to the encrypted joint password; the background system server verifies the correctness of the signature message according to the encrypted joint password and the transaction message, or signs the signature according to the verification password and the transaction message. The correctness of the message is verified. After the background system server verifies that the signature is correct and the verification password is correct, the background system server performs the transaction operation according to the transaction message.
由此可见本发明的具有电子签名功能的智能卡交易方法,通过智能卡和终端的一次接入 完成交易所需数据的交互, 降低了多次接入造成的重要信息被截获的风险, 提高了安全性。 实施例 4  Thus, the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. . Example 4
图 5为本发明实施例 4的具有电子签名功能的智能卡交易方法的流程图。 现结合图 5, 对本发明具有电子签名功能的智能卡交易方法进行说明, 具体如下:  FIG. 5 is a flowchart of a smart card transaction method with an electronic signature function according to Embodiment 4 of the present invention. Referring now to FIG. 5, a smart card transaction method with an electronic signature function according to the present invention will be described as follows:
本发明具有电子签名功能的智能卡交易方法包括:  The smart card transaction method with the electronic signature function of the invention includes:
步骤 S501 : 具有电子签名功能的智能卡接入终端, 接收交易报文;  Step S501: A smart card access terminal having an electronic signature function, receiving a transaction message;
具体的, 在具有电子签名功能的智能卡接入终端之前, 终端可通过手工输入、 网络、 扫 描商品信息等方式获取交易报文。  Specifically, before the smart card access terminal having the electronic signature function, the terminal can obtain the transaction message by manually inputting, searching for the network, scanning the product information, and the like.
智能卡可通过非接触方式接入终端, 接收终端发送的交易报文。其中, 交易报文至少包 括账户和金额, 还可包括交易明细信息。  The smart card can access the terminal in a contactless manner and receive the transaction message sent by the terminal. Among them, the transaction message includes at least the account and the amount, and may also include transaction details.
当然, 智能卡也可以通过接触方式接入终端。  Of course, the smart card can also access the terminal through contact.
其中, 终端可为手机、 笔记本、 平板电脑、 PC、 POS 机等能够通过有线或无线方式与 后台系统服务器进行交互的装置。  The terminal can be a device that can interact with the background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, or a POS.
本发明的智能卡采用非接触方式接入终端较接触方式接入终端具有较高的安全性,防止 信息被获取。 步骤 S502: 智能卡生成联合密码, 并至少根据联合密码生成加密联合密码; 具体的, 智能卡随机地生成数字、 字母和 /或符号, 从数字、 字母和符号中选择一种或 多种组合生成联合密码, 可以保证联合密码的不唯一性, 随机性, 提高联合密码的安全性。 The smart card of the present invention adopts a non-contact mode access terminal to have higher security than a contact mode access terminal, and prevents information from being acquired. Step S502: The smart card generates a joint password, and generates an encrypted joint password according to at least the joint password. Specifically, the smart card randomly generates numbers, letters, and/or symbols, and selects one or more combinations of numbers, letters, and symbols to generate a joint password. , can guarantee the non-uniqueness of the joint password, randomness, and improve the security of the joint password.
具体的, 智能卡可采用对联合密码以及随机数的组合进行加密的方法获得加密联合密 码, 或采用对称加密或者非对称加密方式对联合密码进行加密获得加密联合密码。  Specifically, the smart card may obtain the encrypted joint password by encrypting the combination of the joint password and the random number, or encrypt the joint password by using symmetric encryption or asymmetric encryption to obtain the encrypted joint password.
本发明通过发送加密联合密码, 进一步保证了联合密码传输的安全性; 将联合密码和随 机数进行组合, 从而防止重放攻击。  The invention further ensures the security of the joint password transmission by transmitting the encrypted joint password; combining the joint password and the random number to prevent the replay attack.
步骤 S503: 智能卡根据交易报文生成签名报文;  Step S503: The smart card generates a signature message according to the transaction packet.
具体的, 智能卡可以直接对交易报文进行签名, 生成签名报文; 或者  Specifically, the smart card can directly sign the transaction message to generate a signature message; or
智能卡计算交易报文的摘要信息, 对交易报文的摘要信息进行签名, 生成签名报文。 其中,摘要信息可以包括如下的一种或其组合:通过哈希算法计算的哈希值、通过 MAC 算法计算的 MAC值, 通过对称加密获得的密文本身。  The smart card calculates the summary information of the transaction message, and signs the summary information of the transaction message to generate a signature message. The summary information may include one or a combination of the following: a hash value calculated by a hash algorithm, a MAC value calculated by a MAC algorithm, and a secret text body obtained by symmetric encryption.
步骤 S504: 智能卡将签名报文和加密联合密码发送至终端;  Step S504: The smart card sends the signature message and the encrypted joint password to the terminal.
步骤 S505: 智能卡断开与终端的连接;  Step S505: The smart card disconnects from the terminal;
具体的, 在非接触式方式接入的情况下, 用户持智能卡离开终端的感应范围即可; 在接 触式方式接入的情况下, 用户从终端中拔出智能卡即可。断开与终端的连接保证了智能卡与 终端的一次接触, 降低了多次接触信息被截获的风险, 提高了数据传输的安全性。  Specifically, in the case of the contactless mode access, the user can leave the sensing range of the smart card to leave the terminal; in the case of the contact mode access, the user can pull out the smart card from the terminal. Disconnecting from the terminal ensures that the smart card and the terminal are in one contact, which reduces the risk of intercepting multiple contact information and improves the security of data transmission.
步骤 S506: 智能卡显示交易报文;  Step S506: The smart card displays the transaction message;
具体的, 智能卡在显示屏上显示接收到的交易报文, 以便用户确认该交易的真实性, 保 证交易的安全。  Specifically, the smart card displays the received transaction message on the display screen, so that the user can confirm the authenticity of the transaction and ensure the security of the transaction.
步骤 S507: 智能卡接收通过按键输入的确认密码和 /或确认指令;  Step S507: The smart card receives the confirmation password and/or the confirmation command input through the button;
具体的, 用户在确认了交易信息的真实性之后, 可以通过输入确认密码和 /或确认指令 的操作, 触发智能卡显示生成的联合密码。通过输入确认密码触发智能卡显示联合密码、 条 形码或图片可以防止联合密码被他人获知, 提高联合密码的保密性。  Specifically, after confirming the authenticity of the transaction information, the user may trigger the smart card to display the generated joint password by inputting the confirmation password and/or the operation of the confirmation instruction. By entering the confirmation password to trigger the smart card to display the joint password, barcode or picture, the joint password can be prevented from being known by others, and the confidentiality of the joint password can be improved.
步骤 S508: 智能卡显示联合密码、 条形码或图片;  Step S508: The smart card displays a joint password, a barcode or a picture;
具体的, 智能卡显示联合密码、条形码或图片, 以便终端获取验证密码,进而完成交易。 为了进一步提高联合密码的安全性, 防止他人获取联合密码的明文信息, 在步骤 S502 时,还可以将联合密码明文以预设的对称加密算法进行加密并将加密后的联合密码存储在智 能卡中, 在智能卡接收用户通过按键输入的确认密码和 /或确认指令后, 再以该预设的对称 加密算法解密出联合密码明文进行显示。  Specifically, the smart card displays a joint password, a barcode, or a picture, so that the terminal obtains the verification password, thereby completing the transaction. In order to further improve the security of the joint password, and prevent others from obtaining the plaintext information of the joint password, in step S502, the joint password plaintext may be encrypted by a preset symmetric encryption algorithm and the encrypted joint password is stored in the smart card. After the smart card receives the confirmation password and/or confirmation command input by the user through the button, the combined password clear text is decrypted by the preset symmetric encryption algorithm for display.
步骤 S509: 终端获取验证密码, 将交易报文、 签名报文、 加密联合密码和验证密码发 送至后台系统服务器; Step S509: The terminal acquires the verification password, and sends the transaction packet, the signature message, the encrypted joint password, and the verification password. Send to the backend system server;
其中, 验证密码为通过终端扫描智能卡显示的信息获取的联合密码, 或通过终端以非接 触通讯方式从智能卡获取的联合密码, 或通过终端的按键输入的联合密码。非接触通讯方式 可以为蓝牙、 光通讯、 NFC红外等通讯方式。  The verification password is a joint password obtained by the terminal scanning the information displayed by the smart card, or a joint password obtained from the smart card by the terminal in a non-contact communication manner, or a joint password input through a button of the terminal. Non-contact communication mode can be Bluetooth, optical communication, NFC infrared and other communication methods.
后台系统服务器可以为银行服务器或第三方服务器,第三方服务器为非银行系统采用的 服务器, 比如公交系统所采用的对公交卡进行充值和扣款控制的服务器等。  The back-end system server can be a bank server or a third-party server, and the third-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
本发明的终端只有在获取验证密码后, 才会将交易报文、签名报文、 加密联合密码和验 证密码发送至后台系统服务器,以便后台系统服务器根据验证密码和签名报文对用户身份进 行认证, 进而触发后台系统服务器完成交易, 提高交易的安全性。  The terminal of the present invention sends the transaction message, the signature message, the encrypted joint password and the verification password to the background system server only after obtaining the verification password, so that the background system server authenticates the user identity according to the verification password and the signature message. , in turn triggers the background system server to complete the transaction, improving the security of the transaction.
本发明的联合密码可以是在每次交易时随机生成的数字、字母和字符的一种或多种的组 合, 不同于现有的交易密码和 OTP必须采用密文进行传输, 本发明的联合密码可通过明文 进行传输, 并且不会降低交易过程中账户的安全性; 本发明的联合密码是在智能卡一侧生成 并上传至后台系统服务器, 也不同于现有的 OTP需要后台系统服务器和终端同时生成, 本 发明的单侧生成联合密码并进行加密,以保证联合密码传输的安全性和联合密码验证的准确 性; 本发明的终端是在获取了验证密码之后发送相关数据(可以是交易报文、 签名报文和验 证密码)至后台系统服务器, 使得由终端发送至后台系统服务器的需要由后台系统服务器进 行处理的数据均为经过授权的数据, 保证了安全性, 提高了工作效率。  The joint password of the present invention may be a combination of one or more of numbers, letters and characters randomly generated at each transaction, unlike existing transaction passwords and OTPs, which must be transmitted in ciphertext, the joint password of the present invention. It can be transmitted in clear text without reducing the security of the account during the transaction; the joint password of the present invention is generated on the smart card side and uploaded to the background system server, and is different from the existing OTP requiring the background system server and the terminal simultaneously The unilateral side of the present invention generates a joint cipher and performs encryption to ensure the security of the joint cipher transmission and the accuracy of the joint cipher verification. The terminal of the present invention sends the relevant data after obtaining the verification password (which may be a transaction message). The signature message and the verification password are sent to the background system server, so that the data that is sent by the terminal to the background system server and processed by the background system server is authorized data, which ensures security and improves work efficiency.
步骤 S510: 后台系统服务器分别验证签名报文和验证密码, 并在验证通过后, 根据交 易报文执行交易操作。  Step S510: The background system server separately verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
具体的, 后台系统服务器根据加密联合密码对验证密码的正确性进行验证; 后台系统服 务器根据加密联合密码和交易报文对签名报文的正确性进行验证,或者根据验证密码和交易 报文对签名报文的正确性进行验证。 后台系统服务器在验证了签名正确且验证密码正确后, 根据交易报文执行交易操作。  Specifically, the background system server verifies the correctness of the verification password according to the encrypted joint password; the background system server verifies the correctness of the signature message according to the encrypted joint password and the transaction message, or signs the signature according to the verification password and the transaction message. The correctness of the message is verified. After the background system server verifies that the signature is correct and the verification password is correct, the background system server performs the transaction operation according to the transaction message.
由此可见本发明的具有电子签名功能的智能卡交易方法,通过智能卡和终端的一次接入 完成交易所需数据的交互, 降低了多次接入造成的重要信息被截获的风险, 提高了安全性。 实施例 5  Thus, the smart card transaction method with electronic signature function of the present invention can complete the interaction of data required for transactions through one access of the smart card and the terminal, thereby reducing the risk of intercepting important information caused by multiple accesses and improving security. . Example 5
图 6为本发明实施例 5的具有电子签名功能的智能卡交易系统的结构示意图。先结合图 6, 对本发明具有电子签名功能的智能卡交易系统的结构进行说明, 具体如下:  6 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 5 of the present invention. First, the structure of the smart card transaction system with electronic signature function of the present invention will be described with reference to FIG. 6, which is as follows:
本发明的具有电子签名功能的智能卡交易系统包括: 终端 100、 后台系统服务器 200以 及具有电子签名功能的智能卡 300。 其中, 智能卡 300为具有电子签名功能的设备, 可以包 括含有用户账户信息的卡芯片和利用密钥进行数字签名的安全芯片,或者包括具有上述两个 芯片功能的集成芯片; 终端 100可为手机、 笔记本、 平板电脑、 PC、 POS机等能够通过有 线或无线方式与后台系统服务器进行交互的装置。后台系统服务器 200可以为银行服务器或 第三方服务器, 第三方服务器为非银行系统采用的服务器, 比如公交系统所采用的对公交卡 进行充值和扣款控制的服务器等。 The smart card transaction system with electronic signature function of the present invention comprises: a terminal 100, a background system server 200, and a smart card 300 having an electronic signature function. The smart card 300 is a device with an electronic signature function and can be packaged. a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions; the terminal 100 can be a mobile phone, a notebook, a tablet, a PC, a POS machine, etc. Or a device that interacts wirelessly with a back-end system server. The background system server 200 can be a bank server or a third-party server, and the third-party server is a server used by a non-banking system, such as a server used by the bus system to recharge and debit the bus card.
其中, 具有电子签名功能的智能卡 300包括: 收发模块 3001、 密码生成模块 3002和签 名模块 3003; 换句话说, 具有电子签名功能的智能卡 300包含的上述模块可集成在一个芯 片上, 也可根据智能卡 30所采用的芯片的数量和功能, 集成在多个芯片上, 在此就不在一 一举例说明。  The smart card 300 with the electronic signature function includes: a transceiver module 3001, a password generation module 3002, and a signature module 3003; in other words, the above-mentioned modules included in the smart card 300 having the electronic signature function can be integrated on one chip or according to a smart card. The number and function of the 30 chips used are integrated on multiple chips, which are not illustrated here.
收发模块 3001用于接入终端 100,接收交易报文并发送至签名模块 3003;收发模块 3001 可以以以非接触通讯方式发送从密码生成模块 3002获取的联合密码至终端 100。  The transceiver module 3001 is configured to access the terminal 100, and receive the transaction message and send it to the signature module 3003. The transceiver module 3001 can send the joint password acquired from the password generation module 3002 to the terminal 100 in a contactless communication manner.
密码生成模块 3002用于生成联合密码, 并发送至签名模块 3003。 具体的, 密码生成模 块 3002可在收发模块 3001接收到交易报文后, 生成联合密码。  The password generation module 3002 is configured to generate a joint password and send it to the signature module 3003. Specifically, the password generation module 3002 may generate a joint password after the transceiver module 3001 receives the transaction message.
签名模块 3003根据交易报文和联合密码生成签名报文,并通过收发模块 3001至少将签 名报文发送至终端 100。  The signature module 3003 generates a signature message according to the transaction message and the joint password, and sends the signature message to the terminal 100 through the transceiver module 3001.
终端 100接收获取验证密码, 至少将交易报文、签名报文和验证密码发送至后台系统服 务器 200。  The terminal 100 receives the acquisition verification password, and sends at least the transaction message, the signature message, and the verification password to the background system server 200.
后台系统服务器 200验证签名报文和验证密码, 并在验证通过后, 根据交易报文执行交 易操作。  The background system server 200 verifies the signature message and the verification password, and after the verification is passed, performs a transaction operation according to the transaction message.
此外, 智能卡 300还可以包括显示模块 3004, 显示模块 3004用于显示联合密码, 以便 终端 100扫描显示的联合密码获取验证密码。 当然, 通过显示该联合密码, 还可以通过终端 100的按键将联合密码输入终端 100作为验证密码。  In addition, the smart card 300 may further include a display module 3004 for displaying the joint password, so that the terminal 100 scans the displayed joint password acquisition verification password. Of course, by displaying the joint password, the joint password input terminal 100 can also be used as the verification password by the button of the terminal 100.
当然, 在上述结构的基础上, 本发明的智能卡 300的收发模块 3001在发送签名报文至 终端 100之后, 还断开与终端 100的连接, 以便显示模块 3004显示交易报文。 从而保证本 发明的智能卡 300仅与终端 100接触一次便完成了交易所需数据交互,降低由于二次接触产 生数据被截获的风险, 提高了交易的安全性。  Of course, on the basis of the above structure, the transceiver module 3001 of the smart card 300 of the present invention disconnects the terminal 100 after transmitting the signature message to the terminal 100, so that the display module 3004 displays the transaction message. Therefore, it is ensured that the smart card 300 of the present invention completes the data interaction required for the transaction only by contacting the terminal 100 once, reduces the risk of interception of data generated by the secondary contact, and improves the security of the transaction.
当然, 后台系统服务器 200可以在对验证密码进行验证时, 验证失败的次数达到预设次 数 (例如 3次) 后, 锁定该智能卡对应的账号以保护用户账户的安全。  Of course, the background system server 200 can verify the number of failed authentications (for example, three times) after verifying the verification password, and then lock the account corresponding to the smart card to protect the security of the user account.
此外, 智能卡 300还可以包括: 按键模块 3005。 按键模块 3005根据接收到的确认密码 和 /或确认指令, 触发显示模块 3004显示联合密码。  In addition, the smart card 300 may further include: a button module 3005. The button module 3005 triggers the display module 3004 to display the joint password based on the received confirmation password and/or confirmation command.
此外, 智能卡 300还可以包括: 图形生成模块 3006; 图形生成模块 3006根据从密码生 成模块 3002获取的联合密码生成条形码或图片。在智能卡 300采用图形生成模块 3006生成 条形码或图片时, 可以通过按键模块 3005触发显示模块 3004显示该条形码或图片。 In addition, the smart card 300 may further include: a graphics generation module 3006; the graphics generation module 3006 is based on the password generation The joint password obtained by the module 3002 generates a barcode or a picture. When the smart card 300 generates a barcode or a picture by using the graphic generation module 3006, the display module 3004 can be triggered by the button module 3005 to display the barcode or the picture.
具体的, 例如用户可以通过如下方式触发显示模块 3004显示联合密码、 或者显示条形 码或图片:  Specifically, for example, the user may trigger the display module 3004 to display a joint password or display a barcode or a picture by:
( 1 )输入确认密码,在智能卡 300验证确认密码正确后,显示模块 3004显示联合密码、 或者显示条形码或图片; 或者  (1) Entering the confirmation password, after the smart card 300 verifies that the confirmation password is correct, the display module 3004 displays the joint password, or displays the barcode or picture; or
(2)按下确认按键, 触发显示模块 3004显示联合密码、 或者显示条形码或图片; 或者 (2) Press the confirm button, trigger the display module 3004 to display the joint password, or display the barcode or picture; or
( 3 ) 输入确认密码, 并按下确认按键, 在智能卡 300验证确认密码正确后, 显示模块 3004显示联合密码、 或者显示条形码或图片。 (3) Enter the confirmation password and press the confirmation button. After the smart card 300 verifies that the confirmation password is correct, the display module 3004 displays the joint password or displays the barcode or picture.
当然, 可以针对不同的消费金额设置触发显示模块 3004显示联合密码、 条形码或图片 的条件, 例如, 小额消费只需要用户按下确认按键, 大额消费需要用户输入确认密码等。  Of course, the condition that the trigger display module 3004 displays the joint password, the barcode, or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
由此可见本发明的具有电子签名功能的智能卡和具有电子签名功能的智能卡交易系统, 通过智能卡和终端的一次接入完成交易所需数据的交互,降低了多次接入造成的重要信息被 截获的风险, 提高了安全性。 实施例 6  Thus, the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security. Example 6
图 7为本发明实施例 6的具有电子签名功能的智能卡交易系统的结构示意图。先结合图 7, 对本发明具有电子签名功能的智能卡交易系统的结构进行说明, 具体如下:  FIG. 7 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 6 of the present invention. First, the structure of the smart card transaction system with electronic signature function of the present invention will be described with reference to FIG. 7, which is as follows:
本发明的具有电子签名功能的智能卡交易系统包括: 终端 10、 后台系统服务器 20以及 具有电子签名功能的智能卡 30。 其中, 智能卡 30为具有电子签名功能的设备, 可以包括含 有用户账户信息的卡芯片和利用密钥进行数字签名的安全芯片,或者包括具有上述两个芯片 功能的集成芯片; 终端 10可为手机、 笔记本、 平板电脑、 PC、 POS机等能够通过有线或无 线方式与后台系统服务器进行交互的装置。 后台系统服务器 20可以为银行服务器或第三方 服务器, 第三方服务器为非银行系统采用的服务器, 比如公交系统所采用的对公交卡进行充 值和扣款控制的服务器等。  The smart card transaction system with electronic signature function of the present invention comprises: a terminal 10, a background system server 20, and a smart card 30 having an electronic signature function. The smart card 30 is a device with an electronic signature function, and may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions; the terminal 10 may be a mobile phone, A device that can interact with a back-end system server, such as a notebook, tablet, PC, or POS, by wire or wirelessly. The backend system server 20 can be a bank server or a third party server, and the third party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
其中, 具有电子签名功能的智能卡 30包括: 收发模块 301、 密码生成模块 302、 签名模 块 303和显示模块 304; 换句话说, 具有电子签名功能的智能卡 30包含的上述模块可集成 在一个芯片上, 也可根据智能卡 30所采用的芯片的数量和功能, 集成在多个芯片上, 在此 就不在一一举例说明。  The smart card 30 having the electronic signature function includes: a transceiver module 301, a password generation module 302, a signature module 303, and a display module 304; in other words, the above-mentioned modules included in the smart card 30 having the electronic signature function can be integrated on one chip. It can also be integrated on multiple chips according to the number and function of the chips used by the smart card 30, and will not be exemplified herein.
收发模块 301用于接入终端 10, 接收交易报文并发送至签名模块 303; 收发模块 301以 非接触通讯方式发送从密码生成模块 302获取的联合密码至终端 10。 密码生成模块 302用于生成联合密码,并发送至签名模块 303和显示模块 304。具体的, 密码生成模块 302可在收发模块 301接收到交易报文后, 生成联合密码。 The transceiver module 301 is configured to access the terminal 10, and receive the transaction message and send it to the signature module 303. The transceiver module 301 sends the joint password obtained from the password generation module 302 to the terminal 10 in a contactless communication manner. The password generation module 302 is configured to generate a joint password and send it to the signature module 303 and the display module 304. Specifically, the password generating module 302 may generate a joint password after the transceiver module 301 receives the transaction message.
签名模块 303根据交易报文和联合密码生成签名报文,并通过收发模块 301至少将签名 报文发送至终端 10。  The signature module 303 generates a signature message according to the transaction packet and the joint password, and sends the signature message to the terminal 10 through the transceiver module 301.
终端 10接收获取验证密码, 至少将交易报文、 签名报文和验证密码发送至后台系统服 务器 20。 其中, 验证密码为通过终端 10扫描智能卡 30显示的信息获取的联合密码, 或通 过终端 10以非接触通讯方式从智能卡 30获取的联合密码, 或通过终端 10的按键输入的联 合密码。  The terminal 10 receives the acquisition verification password, and sends at least the transaction message, the signature message and the verification password to the background system server 20. The verification password is a joint password obtained by scanning the information displayed by the smart card 30 by the terminal 10, or a joint password acquired from the smart card 30 by the terminal 10 in a contactless communication manner, or a combined password input through a button of the terminal 10.
后台系统服务器 20验证签名报文和验证密码, 并在验证通过后, 根据交易报文执行交 易操作。  The background system server 20 verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
当然, 在上述结构的基础上, 本发明的智能卡 30的收发模块 301在发送签名报文至终 端 10之后, 还断开与终端 10的连接, 以便显示模块 304显示交易报文。 从而保证本发明的 智能卡 30仅与终端 10接触一次便完成了交易所需数据交互,降低由于二次接触产生数据被 截获的风险, 提高了交易的安全性。  Of course, on the basis of the above structure, the transceiver module 301 of the smart card 30 of the present invention disconnects the terminal 10 after transmitting the signature message to the terminal 10, so that the display module 304 displays the transaction message. Therefore, it is ensured that the smart card 30 of the present invention completes the data interaction required for the transaction only by contacting the terminal 10 once, thereby reducing the risk of data being intercepted due to the secondary contact, thereby improving the security of the transaction.
当然, 后台系统服务器 20可以在对验证密码进行验证时, 验证失败的次数达到预设次 数 (例如 3次) 后, 锁定该智能卡对应的账号以保护用户账户的安全。  Of course, the background system server 20 can protect the authentication password when the number of verification failures reaches a preset number of times (for example, three times), and locks the account corresponding to the smart card to protect the security of the user account.
此外, 智能卡 30还可以包括: 按键模块 305。 按键模块 305根据接收到的确认密码和 / 或确认指令, 触发显示模块 304显示联合密码。  In addition, the smart card 30 may further include: a button module 305. The button module 305 triggers the display module 304 to display the joint password based on the received confirmation password and/or confirmation command.
此外, 智能卡 30还包括: 图形生成模块 306; 图形生成模块 306根据从密码生成模块 302获取的联合密码生成条形码或图片。 在智能卡 30采用图形生成模块 306生成条形码或 图片时, 可以通过按键模块 305触发显示模块 304显示该条形码或图片。  In addition, the smart card 30 further includes: a graphics generation module 306; the graphics generation module 306 generates a barcode or a picture based on the joint password acquired from the password generation module 302. When the smart card 30 generates a barcode or a picture using the graphic generation module 306, the display module 304 can be triggered by the button module 305 to display the barcode or picture.
具体的, 例如用户可以通过如下方式触发显示模块 304显示联合密码、或者显示条形码 或图片:  Specifically, for example, the user may trigger the display module 304 to display a joint password or display a barcode or a picture by:
( 1 ) 输入确认密码, 在智能卡 30验证确认密码正确后, 显示模块 304显示联合密码、 或者显示条形码或图片; 或者  (1) Enter the confirmation password. After the smart card 30 verifies that the confirmation password is correct, the display module 304 displays the joint password or displays the barcode or picture; or
(2) 按下确认按键, 触发显示模块 304显示联合密码、 或者显示条形码或图片; 或者 (2) Pressing the confirmation button, the trigger display module 304 displays the joint password, or displays the barcode or picture; or
( 3 ) 输入确认密码, 并按下确认按键, 在智能卡 30 验证确认密码正确后, 显示模块 304显示联合密码、 或者显示条形码或图片。 (3) Enter the confirmation password and press the confirmation button. After the smart card 30 verifies that the confirmation password is correct, the display module 304 displays the joint password or displays the barcode or picture.
当然, 可以针对不同的消费金额设置触发显示模块 304显示联合密码、条形码或图片的 条件, 例如, 小额消费只需要用户按下确认按键, 大额消费需要用户输入确认密码等。  Of course, the conditions for triggering the display module 304 to display the joint password, the barcode, or the picture may be set for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
由此可见本发明的具有电子签名功能的智能卡和具有电子签名功能的智能卡交易系统, 通过智能卡和终端的一次接入完成交易所需数据的交互,降低了多次接入造成的重要信息被 截获的风险, 提高了安全性。 实施例 7 Thus, the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can be seen. Through the interaction of the smart card and the terminal to complete the transaction, the risk of intercepting important information caused by multiple accesses is reduced, and the security is improved. Example 7
图 8为本发明实施例 Ί的具有电子签名功能的智能卡交易系统的结构示意图。先结合图 FIG. 8 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to an embodiment of the present invention. First combined with the map
8, 对发明具有电子签名功能的智能卡交易系统的结构进行说明, 具体如下: 8. Explain the structure of the smart card transaction system with the electronic signature function, as follows:
本发明的具有电子签名功能的智能卡交易系统包括: 终端 400、 后台系统服务器 500以 及具有电子签名功能的智能卡 600。其中, 终端 400可为手机、笔记本、平板电脑、 PC、 POS 机等能够通过有线或无线方式与后台系统服务器进行交互的装置;智能卡 600为具有电子签 名功能的设备, 可以包括含有用户账户信息的卡芯片和利用密钥进行数字签名的安全芯片, 或者包括具有上述两个芯片功能的集成芯片;后台系统服务器 500可以为银行服务器或第三 方服务器, 第三方服务器为非银行系统采用的服务器, 比如公交系统所采用的对公交卡进行 充值和扣款控制的服务器等。  The smart card transaction system with electronic signature function of the present invention comprises: a terminal 400, a background system server 500, and a smart card 600 having an electronic signature function. The terminal 400 can be a device capable of interacting with a background system server through a wired or wireless manner, such as a mobile phone, a notebook, a tablet, a PC, a POS, etc.; the smart card 600 is a device having an electronic signature function, and can include a user account information. The card chip and the security chip digitally signed by the key, or the integrated chip having the above two chip functions; the background system server 500 may be a bank server or a third party server, and the third party server is a server adopted by the non-bank system, for example The server used in the bus system to recharge and deduct the bus card.
其中, 具有电子签名功能的智能卡 600包括: 收发模块 6001、 密码生成模块 6002、 签 名模块 6003和加密模块 6005; 换句话说, 具有电子签名功能的智能卡 600包含的上述模块 可集成在一个芯片上,也可根据智能卡 600所采用的芯片的数量和功能,集成在多个芯片上, 在此就不在一一举例说明。  The smart card 600 with the electronic signature function includes: a transceiver module 6001, a password generation module 6002, a signature module 6003, and an encryption module 6005; in other words, the above-mentioned modules included in the smart card 600 having the electronic signature function can be integrated on one chip. It can also be integrated on multiple chips according to the number and function of the chips used by the smart card 600, and will not be exemplified herein.
收发模块 6001用于接入终端 400,接收交易报文并发送至签名模块 6003;收发模块 6001 以非接触通讯方式发送从密码模块 6002获取的联合密码至终端 400。  The transceiver module 6001 is configured to access the terminal 400, and receive the transaction message and send it to the signature module 6003. The transceiver module 6001 sends the joint password obtained from the cryptographic module 6002 to the terminal 400 in a contactless communication manner.
密码生成模块 6002用于生成联合密码, 并发送至签名模块 6003。 具体的, 密码生成模 块 6002可在收发模块 6001接收到交易报文后, 生成联合密码。  The password generation module 6002 is configured to generate a joint password and send it to the signature module 6003. Specifically, the password generation module 6002 may generate a joint password after the transceiver module 6001 receives the transaction message.
加密模块 6005至少根据联合密码生成加密联合密码,并通过收发模块 6001将加密联合 密码发送至终端 400。  The encryption module 6005 generates an encrypted joint password based on at least the joint password, and transmits the encrypted joint password to the terminal 400 through the transceiver module 6001.
签名模块 6003根据交易报文生成签名报文,并通过收发模块 6001至少将签名报文发送 至终端 400。  The signature module 6003 generates a signature message according to the transaction message, and sends the signature message to the terminal 400 through the transceiver module 6001.
终端 400获取验证密码, 至少将交易报文、签名报文、 加密联合密码和验证密码发送至 后台系统服务器 500。  The terminal 400 obtains the verification password, and sends at least the transaction message, the signature message, the encrypted joint password, and the verification password to the background system server 500.
后台系统服务器 500分别验证签名报文和验证密码, 并在验证通过后, 根据交易报文执 行交易操作。  The background system server 500 respectively verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
此外, 智能卡 600还可以包括显示模块 6004, 显示模块 6004用于显示联合密码, 以便 终端 400扫描显示的联合密码获取验证密码。 当然, 通过显示该联合密码, 还可以通过终端 400的按键将联合密码输入终端 400作为验证密码。 In addition, the smart card 600 may further include a display module 6004 for displaying the joint password, so that the terminal 400 scans the displayed joint password acquisition verification password. Of course, by displaying the joint password, it is also possible to pass the terminal. The button of 400 will be combined with the password input terminal 400 as the verification password.
当然, 在上述结构的基础上, 本发明的智能卡 600的收发模块 6001在发送签名报文至 终端 400之后, 还断开与终端 400的连接, 以便显示模块 6004显示交易报文。 从而保证本 发明的智能卡 600仅与终端 400接触一次便完成了交易所需数据交互,降低由于二次接触产 生数据被截获的风险, 提高了交易的安全性。  Of course, on the basis of the above structure, the transceiver module 6001 of the smart card 600 of the present invention disconnects the terminal 400 after transmitting the signature message to the terminal 400, so that the display module 6004 displays the transaction message. Therefore, it is ensured that the smart card 600 of the present invention only contacts the terminal 400 once to complete the data interaction required for the transaction, reduces the risk of interception of data generated by the secondary contact, and improves the security of the transaction.
当然, 后台系统服务器 500可以在对验证密码进行验证时, 验证失败的次数达到预设次 数 (例如 3次) 后, 锁定该智能卡对应的账号以保护用户账户的安全。  Of course, the background system server 500 can lock the account corresponding to the smart card to protect the security of the user account after the verification password is verified, after the number of verification failures reaches a preset number of times (for example, three times).
此外, 智能卡 600还可以包括: 按键模块 6006。 按键模块 6006根据接收到的确认密码 和 /或确认指令, 触发显示模块 6004显示联合密码。  In addition, the smart card 600 may further include: a button module 6006. The button module 6006 triggers the display module 6004 to display the joint password based on the received confirmation password and/or confirmation command.
此外, 智能卡 600还包括: 图形生成模块 6007; 图形生成模块 6007根据从密码生成模 块 602获取的联合密码生成条形码或图片。 在智能卡 600采用图形生成模块 6007生成条形 码或图片时, 可以通过按键模块 6006触发显示模块 6004显示该条形码或图片。  In addition, the smart card 600 further includes: a graphics generation module 6007; the graphics generation module 6007 generates a barcode or a picture based on the joint password acquired from the password generation module 602. When the smart card 600 generates a bar code or a picture by using the graphic generation module 6007, the display module 6004 can be triggered by the button module 6006 to display the barcode or the picture.
具体的, 例如用户可以通过如下方式触发显示模块 6004显示联合密码、 或者显示条形 码或图片:  Specifically, for example, the user may trigger the display module 6004 to display the joint password or display the barcode or picture by:
( 1 )输入确认密码,在智能卡 600验证确认密码正确后,显示模块 6004显示联合密码、 或者显示条形码或图片; 或者  (1) Enter the confirmation password. After the smart card 600 verifies that the confirmation password is correct, the display module 6004 displays the joint password, or displays the barcode or picture; or
(2)按下确认按键, 触发显示模块 6004显示联合密码、 或者显示条形码或图片; 或者 (2) Press the confirmation button, trigger the display module 6004 to display the joint password, or display the barcode or picture; or
( 3 ) 输入确认密码, 并按下确认按键, 在智能卡 600验证确认密码正确后, 显示模块 6004显示联合密码、 或者显示条形码或图片。 (3) Enter the confirmation password and press the confirmation button. After the smart card 600 verifies that the confirmation password is correct, the display module 6004 displays the joint password or displays the barcode or picture.
当然, 可以针对不同的消费金额设置触发显示模块 6004显示联合密码条件、 条形码或 图片, 例如, 小额消费只需要用户按下确认按键, 大额消费需要用户输入确认密码等。  Of course, the trigger display module 6004 can be configured to display the joint password condition, the barcode or the picture for different consumption amounts. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
由此可见本发明的具有电子签名功能的智能卡和具有电子签名功能的智能卡交易系统, 通过智能卡和终端的一次接入完成交易所需数据的交互,降低了多次接入造成的重要信息被 截获的风险, 提高了安全性。 实施例 8  Thus, the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security. Example 8
图 9为本发明实施例 8的具有电子签名功能的智能卡交易系统的结构示意图。先结合图 8, 对本发明具有电子签名功能的智能卡交易系统的结构进行说明, 具体如下:  FIG. 9 is a schematic structural diagram of a smart card transaction system with an electronic signature function according to Embodiment 8 of the present invention. First, with reference to FIG. 8, the structure of the smart card transaction system with electronic signature function of the present invention will be described as follows:
本发明的具有电子签名功能的智能卡交易系统包括: 终端 40、 后台系统服务器 50以及 具有电子签名功能的智能卡 60。 其中, 终端 40可为手机、 笔记本、 平板电脑、 PC、 POS机 等能够通过有线或无线方式与后台系统服务器进行交互的装置; 智能卡 60为具有电子签名 功能的设备, 可以包括含有用户账户信息的卡芯片和利用密钥进行数字签名的安全芯片, 或 者包括具有上述两个芯片功能的集成芯片; 后台系统服务器 50可以为银行服务器或第三方 服务器, 第三方服务器为非银行系统采用的服务器, 比如公交系统所采用的对公交卡进行充 值和扣款控制的服务器等。 The smart card transaction system with electronic signature function of the present invention comprises: a terminal 40, a background system server 50, and a smart card 60 having an electronic signature function. The terminal 40 can be a device capable of interacting with a background system server by wire or wirelessly, such as a mobile phone, a notebook, a tablet, a PC, a POS machine, etc.; the smart card 60 has an electronic signature. The functional device may include a card chip containing user account information and a security chip digitally signed by a key, or an integrated chip having the above two chip functions; the background system server 50 may be a bank server or a third party server, The three-party server is a server used by the non-bank system, such as a server used by the bus system to recharge and debit the bus card.
其中, 具有电子签名功能的智能卡 60包括: 收发模块 601、 密码生成模块 602、 签名模 块 603、 显示模块 604和加密模块 605; 换句话说, 具有电子签名功能的智能卡 60包含的上 述模块可集成在一个芯片上, 也可根据智能卡 60所采用的芯片的数量和功能, 集成在多个 芯片上, 在此就不在一一举例说明。  The smart card 60 with the electronic signature function includes: a transceiver module 601, a password generation module 602, a signature module 603, a display module 604, and an encryption module 605; in other words, the above-mentioned module included in the smart card 60 having the electronic signature function can be integrated in On one chip, it can also be integrated on multiple chips according to the number and functions of the chips used by the smart card 60, and will not be exemplified herein.
收发模块 601用于接入终端 40, 接收交易报文并发送至签名模块 603; 收发模块 601以 非接触通讯方式发送从密码模块 602获取的联合密码至终端 40。  The transceiver module 601 is configured to access the terminal 40, and receive the transaction message and send it to the signature module 603. The transceiver module 601 sends the joint password obtained from the cryptographic module 602 to the terminal 40 in a contactless communication manner.
密码生成模块 602用于生成联合密码,并发送至签名模块 603和显示模块 604。具体的, 密码生成模块 602可在收发模块 601接收到交易报文后, 生成联合密码。  The password generation module 602 is configured to generate a joint password and send it to the signature module 603 and the display module 604. Specifically, the password generating module 602 can generate a joint password after the transceiver module 601 receives the transaction message.
加密模块 605至少根据联合密码生成加密联合密码,并通过收发模块 601将加密联合密 码发送至终端 40。  The encryption module 605 generates an encrypted joint password based on at least the joint password, and transmits the encrypted joint password to the terminal 40 through the transceiver module 601.
签名模块 603根据交易报文生成签名报文,并通过收发模块 601至少将签名报文发送至 终端 40。  The signature module 603 generates a signature message according to the transaction message, and sends the signature message to the terminal 40 through the transceiver module 601.
终端 40获取验证密码, 至少将交易报文、 签名报文、 加密联合密码和验证密码发送至 后台系统服务器 50。 其中, 验证密码为通过终端 40扫描智能卡 60显示的信息获取的联合 密码, 或通过终端 40以非接触通讯方式从智能卡 60获取的联合密码, 或通过终端 40的按 键输入的联合密码。  The terminal 40 obtains the verification password, and sends at least the transaction message, the signature message, the encrypted joint password and the verification password to the background system server 50. The verification password is a joint password obtained by scanning the information displayed by the smart card 60 by the terminal 40, or a joint password acquired from the smart card 60 by the terminal 40 in a contactless communication manner, or a joint password input through the button of the terminal 40.
后台系统服务器 50分别验证签名报文和验证密码, 并在验证通过后, 根据交易报文执 行交易操作。  The background system server 50 respectively verifies the signature message and the verification password, and after the verification is passed, performs the transaction operation according to the transaction message.
当然, 在上述结构的基础上, 本发明的智能卡 60的收发模块 601在发送签名报文至终 端 40之后, 还断开与终端 40的连接, 以便显示模块 604显示交易报文。 从而保证本发明的 智能卡 60仅与终端 40接触一次便完成了交易所需数据交互,降低由于二次接触产生数据被 截获的风险, 提高了交易的安全性。  Of course, based on the above structure, the transceiver module 601 of the smart card 60 of the present invention disconnects the terminal 40 after transmitting the signature message to the terminal 40, so that the display module 604 displays the transaction message. Therefore, it is ensured that the smart card 60 of the present invention only contacts the terminal 40 once to complete the data interaction required for the transaction, reduces the risk of data being intercepted due to the secondary contact, and improves the security of the transaction.
当然, 后台系统服务器 50可以在对验证密码进行验证时, 验证失败的次数达到预设次 数 (例如 3次) 后, 锁定该智能卡对应的账号以保护用户账户的安全。  Of course, the background system server 50 can protect the authentication password by verifying the number of failed authentications (for example, three times), and then locking the account corresponding to the smart card to protect the security of the user account.
此外, 智能卡 60还可以包括: 按键模块 606。 按键模块 606根据接收到的确认密码和 / 或确认指令, 触发显示模块 604显示联合密码。  In addition, the smart card 60 can also include: a button module 606. The button module 606 triggers the display module 604 to display the joint password based on the received confirmation password and/or confirmation command.
此外, 智能卡 60还包括: 图形生成模块 607; 图形生成模块 607根据从密码生成模块 602获取的联合密码生成条形码或图片。 在智能卡 60采用图形生成模块 607生成条形码或 图片时, 可以通过按键模块 606触发显示模块 604显示该条形码或图片。 In addition, the smart card 60 further includes: a graphics generation module 607; the graphics generation module 607 is configured according to the slave password generation module The joint password obtained by 602 generates a barcode or a picture. When the smart card 60 generates a barcode or a picture by using the graphic generation module 607, the display module 604 can be triggered by the button module 606 to display the barcode or the picture.
具体的, 例如用户可以通过如下方式触发显示模块 604显示联合密码、或者显示条形码 或图片:  Specifically, for example, the user may trigger the display module 604 to display the joint password or display a barcode or a picture by:
( 1 ) 输入确认密码, 在智能卡 60验证确认密码正确后, 显示模块 604显示联合密码、 或者显示条形码或图片; 或者  (1) Enter the confirmation password, after the smart card 60 verifies that the confirmation password is correct, the display module 604 displays the joint password, or displays the barcode or picture; or
(2) 按下确认按键, 触发显示模块 604显示联合密码、 或者显示条形码或图片; 或者 (2) Pressing the confirmation button, the trigger display module 604 displays the joint password, or displays the barcode or picture; or
(3) 输入确认密码, 并按下确认按键, 在智能卡 60 验证确认密码正确后, 显示模块 604显示联合密码、 或者显示条形码或图片。 (3) Enter the confirmation password and press the confirmation button. After the smart card 60 verifies that the confirmation password is correct, the display module 604 displays the joint password or displays the barcode or picture.
当然, 可以针对不同的消费金额设置触发显示模块 604显示联合密码条件、条形码或图 片, 例如, 小额消费只需要用户按下确认按键, 大额消费需要用户输入确认密码等。  Of course, the trigger display module 604 can be configured to display the joint password condition, barcode or picture for different consumption amount. For example, the small amount of consumption only requires the user to press the confirmation button, and the large amount of consumption requires the user to input the confirmation password.
由此可见本发明的具有电子签名功能的智能卡和具有电子签名功能的智能卡交易系统, 通过智能卡和终端的一次接入完成交易所需数据的交互,降低了多次接入造成的重要信息被 截获的风险, 提高了安全性。  Thus, the smart card with electronic signature function and the smart card transaction system with electronic signature function of the present invention can complete the interaction of data required for transaction through one access of the smart card and the terminal, thereby reducing the interception of important information caused by multiple accesses. The risk of improving security.
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或 更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分, 并且 本发明的优选实施方式的范围包括另外的实现, 其中可以不按所示出或讨论的顺序, 包括根 据所涉及的功能按基本同时的方式或按相反的顺序, 来执行功能, 这应被本发明的实施例所 属技术领域的技术人员所理解。  Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process. And the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.
应当理解, 本发明的各部分可以用硬件、 软件、 固件或它们的组合来实现。 在上述实施 方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件 来实现。 例如, 如果用硬件来实现, 和在另一实施方式中一样, 可用本领域公知的下列技术 中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻 辑电路, 具有合适的组合逻辑门电路的专用集成电路, 可编程门阵列 (PGA), 现场可编程 门阵列 (FPGA) 等。  It should be understood that portions of the invention may be implemented in hardware, software, firmware or a combination thereof. In the above-described embodiments, multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可 以通过程序来指令相关的硬件完成, 所述的程序可以存储于一种计算机可读存储介质中, 该 程序在执行时, 包括方法实施例的步骤之一或其组合。  One of ordinary skill in the art can understand that all or part of the steps carried by the method of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, one or a combination of the steps of the method embodiments is included.
此外, 在本发明各个实施例中的各功能单元可以集成在一个处理模块中, 也可以是各个 单元单独物理存在, 也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以 采用硬件的形式实现, 也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功 能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介 质中。 In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. The integrated module if the software works When the module is implemented in the form of a module and sold or used as a stand-alone product, it can also be stored in a computer readable storage medium.
上述提到的存储介质可以是只读存储器, 磁盘或光盘等。  The above-mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
在本说明书的描述中, 参考术语"一个实施例"、 "一些实施例"、 "示例"、 "具体示例"、 或"一些示例"等的描述意指结合该实施例或示例描述的具体特征、 结构、 材料或者特点包含 于本发明的至少一个实施例或示例中。在本说明书中, 对上述术语的示意性表述不一定指的 是相同的实施例或示例。 而且, 描述的具体特征、 结构、 材料或者特点可以在任何的一个或 多个实施例或示例中以合适的方式结合。  In the description of the present specification, the description of the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.
尽管上面已经示出和描述了本发明的实施例, 可以理解的是, 上述实施例是示例性的, 不能理解为对本发明的限制,本领域的普通技术人员在不脱离本发明的原理和宗旨的情况下 在本发明的范围内可以对上述实施例进行变化、 修改、 替换和变型。 本发明的范围由所附权 利要求及其等同限定。  Although the embodiments of the present invention have been shown and described, it is understood that the foregoing embodiments are illustrative and not restrictive Variations, modifications, alterations and variations of the above-described embodiments are possible within the scope of the invention. The scope of the invention is defined by the appended claims and their equivalents.

Claims

权利要求书 claims
1、 一种具有电子签名功能的智能卡交易方法, 其特征在于, 所述方法包括: 1. A smart card transaction method with electronic signature function, characterized in that the method includes:
A、 具有电子签名功能的智能卡接入终端, 接收交易报文; A. A smart card with electronic signature function is connected to the terminal to receive transaction messages;
B、 所述智能卡生成联合密码; B. The smart card generates a joint password;
C、 所述智能卡根据所述交易报文和所述联合密码生成签名报文; C. The smart card generates a signature message based on the transaction message and the joint password;
D、 所述智能卡至少将所述签名报文发送至所述终端; D. The smart card sends at least the signed message to the terminal;
E、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文和所述验证密码发送 至后台系统服务器; E. The terminal obtains the verification password and sends at least the transaction message, the signature message and the verification password to the backend system server;
F、 所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。 F. The backend system server verifies the signature message and the verification password, and after passing the verification, performs a transaction operation based on the transaction message.
2、 根据权利要求 1所述的方法, 其特征在于, 所述步骤 C包括: 2. The method according to claim 1, characterized in that step C includes:
所述智能卡计算所述交易报文的摘要信息; The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码; The smart card encrypts the joint password to obtain the encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signed message.
3、 根据权利要求 1所述的方法, 其特征在于, 所述步骤 C包括: 3. The method according to claim 1, characterized in that step C includes:
所述智能卡计算所述交易报文的摘要信息; The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码; The smart card encrypts the combination of the joint password and the random number to obtain the encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码进行签名, 生成签名报文。 The smart card signs the summary information of the transaction message and the encrypted joint password to generate a signed message.
4、 根据权利要求 2或 3所述的方法, 其特征在于, 4. The method according to claim 2 or 3, characterized in that,
所述步骤 D中, 所述智能卡还将所述加密联合密码和所述签名报文发送至所述终端; 所述步骤 E中, 所述终端还将所述加密联合密码、所述交易报文、所述签名报文和所述 联合密码发送至后台系统服务器。 In step D, the smart card also sends the encrypted joint password and the signed message to the terminal; in step E, the terminal also sends the encrypted joint password, the transaction message , the signature message and the joint password are sent to the backend system server.
5、 根据权利要求 1所述的方法, 其特征在于, 所述步骤 C包括: 5. The method according to claim 1, characterized in that step C includes:
所述智能卡计算所述交易报文的摘要信息; The smart card calculates summary information of the transaction message;
所述智能卡对所述联合密码进行加密获得加密联合密码,并计算所述加密联合密码的摘 要信息; The smart card encrypts the joint password to obtain the encrypted joint password, and calculates the summary information of the encrypted joint password;
所述智能卡对所述交易报文的摘要信息和所述加密联合密码的摘要信息进行签名,生成 签名报文。 The smart card signs the summary information of the transaction message and the summary information of the encrypted joint password to generate a signed message.
6、 根据权利要求 5所述的方法, 其特征在于, 6. The method according to claim 5, characterized in that,
所述步骤 D 中, 所述智能卡还将所述加密联合密码的摘要信息和所述签名报文发送至 所述终端; In step D, the smart card also sends the summary information of the encrypted joint password and the signed message to the terminal;
所述步骤 E中, 所述终端还将所述联合密码的摘要信息、所述交易报文、所述签名报文 和所述联合密码发送至后台系统服务器。 In step E, the terminal also sends the summary information of the joint password, the transaction message, the signature message and the joint password to the backend system server.
7、 根据权利要求 1所述的方法, 其特征在于, 在所述步骤 D和所述步骤 E之间, 所述 方法还包括: 7. The method according to claim 1, characterized in that, between the step D and the step E, the method further includes:
所述智能卡断开与所述终端的连接; The smart card disconnects from the terminal;
所述智能卡显示所述交易报文; The smart card displays the transaction message;
所述智能卡接收通过按键输入的确认密码和 /或确认指令; The smart card receives the confirmation password and/or confirmation instruction input through the keys;
所述智能卡显示所述联合密码、 条形码或图片。 The smart card displays the joint password, barcode or picture.
8、 根据权利要求 1所述的方法, 其特征在于, 所述验证密码为通过所述终端扫描所述 智能卡显示的信息获取的联合密码,或通过所述终端以非接触通讯方式从所述智能卡获取的 联合密码; 或通过所述终端的按键输入的联合密码。 8. The method according to claim 1, wherein the verification password is a joint password obtained by scanning the information displayed on the smart card through the terminal, or from the smart card through the terminal in a non-contact communication manner. The joint password obtained; or the joint password entered through the keys of the terminal.
9、 一种具有电子签名功能的智能卡, 其特征在于, 所述智能卡包括: 收发模块、 密码 生成模块和签名模块; 9. A smart card with an electronic signature function, characterized in that the smart card includes: a transceiver module, a password generation module and a signature module;
所述收发模块用于接入终端, 接收交易报文并将所述交易报文发送至所述签名模块; 所述密码生成模块用于生成联合密码, 并将所述联合密码发送至所述签名模块; 所述签名模块用于根据所述交易报文和所述联合密码生成签名报文; The transceiver module is used to access the terminal, receive transaction messages and send the transaction messages to the signature module; the password generation module is used to generate a joint password, and send the joint password to the signature Module; The signature module is used to generate a signature message based on the transaction message and the joint password;
所述收发模块还用于至少将所述签名报文发送至所述终端。 The transceiver module is also configured to send at least the signed message to the terminal.
10、 根据权利要求 9所述的智能卡, 其特征在于, 所述智能卡还包括: 显示模块; 所述显示模块用于显示所述联合密码。 10. The smart card according to claim 9, wherein the smart card further includes: a display module; the display module is used to display the joint password.
11、 根据权利要求 10所述的智能卡, 其特征在于, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述联合 密码。 11. The smart card according to claim 10, characterized in that, the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation instruction. .
12、 根据权利要求 9所述的智能卡, 其特征在于, 所述智能卡还包括: 显示模块和图 形生成模块; 12. The smart card according to claim 9, characterized in that the smart card further includes: a display module and a graphics generation module;
所述图形生成模块用于根据从所述密码生成模块获取的所述联合密码生成条形码或图 片; The graphic generation module is configured to generate a barcode or picture based on the joint password obtained from the password generation module;
所述显示模块用于显示所述条形码或图片。 The display module is used to display the barcode or picture.
13、 根据权利要求 12所述的智能卡, 其特征在于, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述条形 码或图片。 13. The smart card according to claim 12, characterized in that, the smart card further includes: a button module; the button module triggers the display module to display the barcode or the barcode according to the received confirmation password and/or confirmation instruction. picture.
14、 根据权利要求 9所述的智能卡, 其特征在于, 所述智能卡以非接触通讯方式接入所 述终端。 14. The smart card according to claim 9, characterized in that the smart card accesses the terminal in a non-contact communication manner.
15、 根据权利要求 10至 13任一项所述的智能卡, 其特征在于, 所述收发模块在发送 所述签名报文至所述终端之后, 还断开与所述终端的连接; 15. The smart card according to any one of claims 10 to 13, characterized in that, after sending the signature message to the terminal, the transceiver module also disconnects from the terminal;
所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。 The display module also displays the transaction message after the transceiver module disconnects from the terminal.
16、 一种具有电子签名功能的智能卡交易系统, 其特征在于, 所述系统包括: 终端、 后 台系统服务器及前述权利要求 9至 15任一项所述的具有电子签名功能的智能卡; 16. A smart card transaction system with an electronic signature function, characterized in that the system includes: a terminal, a backend system server, and a smart card with an electronic signature function as described in any one of claims 9 to 15;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文和所述验证密码发送至所 述后台系统服务器; The terminal obtains the verification password and sends at least the transaction message, the signature message and the verification password to the backend system server;
所述后台系统服务器验证所述签名报文和所述验证密码, 并在验证通过后, 根据所述交 易报文执行交易操作。 The backend system server verifies the signature message and the verification password, and after passing the verification, performs a transaction operation based on the transaction message.
17、 根据权利要求 16所述的系统, 其特征在于, 所述终端通过扫描所述智能卡显示的 条形码或图片获取所述验证密码, 或以非接触通讯方式从所述智能卡获取所述验证密码; 或 通过按键接收输入的联合密码作为所述验证密码。 17. The system according to claim 16, wherein the terminal obtains the verification password by scanning a barcode or picture displayed on the smart card, or obtains the verification password from the smart card in a non-contact communication manner; Or receive the entered joint password as the verification password by pressing a key.
18、 一种具有电子签名功能的智能卡交易方法, 其特征在于, 所述方法包括: 18. A smart card transaction method with electronic signature function, characterized in that the method includes:
A'、 具有电子签名功能的智能卡接入终端, 接收交易报文; A'. A smart card with electronic signature function accesses the terminal and receives transaction messages;
B'、 所述智能卡生成联合密码, 并至少根据所述联合密码生成加密联合密码; B'. The smart card generates a joint password, and at least generates an encrypted joint password based on the joint password;
C'、 所述智能卡根据所述交易报文生成签名报文; C'. The smart card generates a signature message based on the transaction message;
D'、 所述智能卡将所述签名报文和所述加密联合密码发送至所述终端; D'. The smart card sends the signed message and the encrypted joint password to the terminal;
E'、 所述终端获取验证密码, 至少将所述交易报文、 所述签名报文、 所述验证密码和所 述加密联合密码发送至后台系统服务器; E'. The terminal obtains the verification password and sends at least the transaction message, the signature message, the verification password and the encrypted joint password to the backend system server;
F'、 所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根 据所述交易报文执行交易操作。 F'. The backend system server verifies the signature message and the verification password respectively, and after passing the verification, executes the transaction operation based on the transaction message.
19、 根据权利要求 18所述的方法, 其特征在于, 所述验证密码为通过所述终端扫描所 述智能卡显示的信息获取的联合密码,或通过所述终端以非接触通讯方式从所述智能卡获取 的联合密码; 或通过所述终端的按键输入的联合密码。 19. The method according to claim 18, wherein the verification password is a joint password obtained by scanning the information displayed on the smart card through the terminal, or from the smart card through the terminal in a non-contact communication manner. The joint password obtained; or the joint password entered through the keys of the terminal.
20、根据权利要求 18所述的方法, 其特征在于, 步骤 B' 所述至少根据联合密码生成加 密联合密码包括: 20. The method according to claim 18, characterized in that step B' generating an encrypted joint password based on at least the joint password includes:
所述智能卡对所述联合密码以及随机数的组合进行加密获得加密联合密码; 或 所述智能卡采用对称加密或者非对称加密方式对联合密码进行加密获得加密联合密码。 The smart card encrypts the combination of the joint password and the random number to obtain an encrypted joint password; or the smart card uses symmetric encryption or asymmetric encryption to encrypt the joint password to obtain an encrypted joint password.
21、 根据权利要求 18所述的方法, 其特征在于, 所述步骤 C'包括: 所述智能卡计算所述交易报文的摘要信息, 对所述交易报文的摘要信息进行签名, 生成 签名报文。 21. The method according to claim 18, characterized in that step C' includes: The smart card calculates the summary information of the transaction message, signs the summary information of the transaction message, and generates a signed message.
22、 根据权利要求 18所述的方法, 其特征在于, 在所述步骤 D'和所述步骤 E'之间, 所 述方法还包括: 22. The method according to claim 18, characterized in that, between the step D' and the step E', the method further includes:
所述智能卡断开与所述终端的连接; The smart card disconnects from the terminal;
所述智能卡显示所述交易报文; The smart card displays the transaction message;
所述智能卡接收通过按键输入的确认密码和 /或确认指令; The smart card receives the confirmation password and/or confirmation instruction input through the keys;
所述智能卡显示所述联合密码、 条形码或图片。 The smart card displays the joint password, barcode or picture.
23、 一种具有电子签名功能的智能卡, 其特征在于, 所述智能卡包括: 收发模块、 密码 生成模块、 加密模块和签名模块; 23. A smart card with an electronic signature function, characterized in that the smart card includes: a transceiver module, a password generation module, an encryption module and a signature module;
所述收发模块用于接入终端, 接收交易报文并将所述交易报文发送至所述签名模块; 所述密码生成模块用于生成联合密码, 并发送所述联合密码至所述加密模块; 所述加密模块用于至少根据所述联合密码生成加密联合密码; The transceiver module is used to access the terminal, receive transaction messages and send the transaction messages to the signature module; the password generation module is used to generate a joint password, and send the joint password to the encryption module ; The encryption module is configured to generate an encrypted joint password based on at least the joint password;
所述签名模块用于根据所述交易报文生成签名报文; The signature module is used to generate a signature message according to the transaction message;
所述收发模块还用于将所述加密联合密码和所述签名报文发送至所述终端。 The transceiver module is also configured to send the encrypted joint password and the signed message to the terminal.
24、 根据权利要求 23所述的智能卡, 其特征在于, 所述智能卡还包括: 显示模块; 所述显示模块用于显示所述联合密码。 24. The smart card according to claim 23, wherein the smart card further includes: a display module; the display module is used to display the joint password.
25、 根据权利要求 24所述的智能卡, 其特征在于, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述联合 密码。 25. The smart card according to claim 24, characterized in that, the smart card further includes: a button module; the button module triggers the display module to display the joint password according to the received confirmation password and/or confirmation instruction. .
26、 根据权利要求 23所述的智能卡, 其特征在于, 所述智能卡还包括: 图形生成模块 和显示模块; 26. The smart card according to claim 23, wherein the smart card further includes: a graphics generation module and a display module;
所述图形生成模块用于根据从所述密码生成模块获取的所述联合密码生成条形码或图 片; The graphic generation module is configured to generate a barcode or picture according to the joint password obtained from the password generation module;
所述显示模块用于显示所述条形码或图片。 The display module is used to display the barcode or picture.
27、 根据权利要求 26所述的智能卡, 其特征在于, 所述智能卡还包括: 按键模块; 所述按键模块根据接收到的确认密码和 /或确认指令, 触发所述显示模块显示所述条形 码或图片。 27. The smart card according to claim 26, characterized in that, the smart card further includes: a button module; the button module triggers the display module to display the barcode or the barcode according to the received confirmation password and/or confirmation instruction. picture.
28、 根据权利要求 23所述的智能卡, 其特征在于, 所述智能卡以非接触通讯方式接入 所述终端。 28. The smart card according to claim 23, characterized in that the smart card is connected to the terminal in a non-contact communication method.
29、 根据权利要求 24至 27任一项所述的智能卡, 其特征在于, 所述收发模块在发送所 述签名报文至所述终端之后, 还断开与所述终端的连接; 29. The smart card according to any one of claims 24 to 27, characterized in that the transceiver module transmits After the signed message is sent to the terminal, the connection with the terminal is also disconnected;
所述显示模块在所述收发模块断开与所述终端的连接后, 还显示所述交易报文。 The display module also displays the transaction message after the transceiver module disconnects from the terminal.
30、 一种具有电子签名功能的智能卡交易系统, 其特征在于, 所述系统包括: 终端、 后 台系统服务器及前述权利要求 23至 29任一项所述的具有电子签名功能的智能卡; 30. A smart card transaction system with an electronic signature function, characterized in that the system includes: a terminal, a backend system server, and a smart card with an electronic signature function as described in any one of claims 23 to 29;
所述终端获取验证密码, 至少将所述交易报文、所述签名报文、 所述验证密码和所述加 密联合密码发送至所述后台系统服务器; The terminal obtains the verification password and sends at least the transaction message, the signature message, the verification password and the encryption joint password to the backend system server;
所述后台系统服务器分别验证所述签名报文和所述验证密码, 并在验证通过后, 根据所 述交易报文执行交易操作。 The backend system server verifies the signature message and the verification password respectively, and after passing the verification, performs a transaction operation based on the transaction message.
31、 根据权利要求 30所述的系统, 其特征在于, 所述终端以非接触通讯方式从所述智 能卡获取所述验证密码,或通过扫描所述智能卡的所述显示模块显示的条形码或图片获取所 述验证密码, 或通过按键接收输入的联合密码作为所述验证密码。 31. The system according to claim 30, wherein the terminal obtains the verification password from the smart card in a non-contact communication manner, or by scanning a barcode or picture displayed by the display module of the smart card. The verification password, or a joint password input by pressing a key, is used as the verification password.
PCT/CN2014/071657 2013-02-06 2014-01-28 Smart card with electronic signature function, and smart card transaction system and method WO2014121721A1 (en)

Applications Claiming Priority (16)

Application Number Priority Date Filing Date Title
CN201320069875 2013-02-06
CN201310047316.1 2013-02-06
CN201310047316 2013-02-06
CN201320069875.8 2013-02-06
CN201320102160.8 2013-03-06
CN201320102164 2013-03-06
CN201310070753.5 2013-03-06
CN201310071602.1A CN103136667B (en) 2013-03-06 2013-03-06 There is the smart card of electronic signature functionality, smart card transaction system and method
CN201310070783.6 2013-03-06
CN201310070753.5A CN103116847B (en) 2013-02-06 2013-03-06 Smart card, intelligent card transaction system and method with electronic signature functionality
CN201320102160 2013-03-06
CN201320102164.6 2013-03-06
CN 201320102167 CN203242029U (en) 2013-02-06 2013-03-06 An intelligent card containing an electronic signature function and an intelligent card transaction system
CN201310071602.1 2013-03-06
CN201310070783.6A CN103136664B (en) 2013-03-06 2013-03-06 There is smart card transaction system and the method for electronic signature functionality
CN201320102167.X 2013-03-06

Publications (1)

Publication Number Publication Date
WO2014121721A1 true WO2014121721A1 (en) 2014-08-14

Family

ID=51299243

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/071657 WO2014121721A1 (en) 2013-02-06 2014-01-28 Smart card with electronic signature function, and smart card transaction system and method

Country Status (1)

Country Link
WO (1) WO2014121721A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101000537A (en) * 2007-01-05 2007-07-18 南京瑞康资讯有限公司 Financial POS voice prompter and its voice prompting method
US20070241180A1 (en) * 2006-04-14 2007-10-18 Harexinfotech Inc. Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
CN101131737A (en) * 2006-08-23 2008-02-27 江国庆 Non-contact credit card and debit card and non-contact trading method thereof
CN101894426A (en) * 2009-05-18 2010-11-24 北京银融科技有限责任公司 Transaction method and transaction system
CN102891842A (en) * 2012-09-07 2013-01-23 北京天龙融和软件有限公司 Security authentication method and system
CN103116847A (en) * 2013-02-06 2013-05-22 天地融科技股份有限公司 Intelligent card with electronic signature function, and system and method for intelligent card transactions
CN103136667A (en) * 2013-03-06 2013-06-05 天地融科技股份有限公司 Smart card with electronic signature function, smart card trading system and smart card trading method
CN103136664A (en) * 2013-03-06 2013-06-05 天地融科技股份有限公司 Trading system and trading method of smart card with electronic signature function

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070241180A1 (en) * 2006-04-14 2007-10-18 Harexinfotech Inc. Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
CN101131737A (en) * 2006-08-23 2008-02-27 江国庆 Non-contact credit card and debit card and non-contact trading method thereof
CN101000537A (en) * 2007-01-05 2007-07-18 南京瑞康资讯有限公司 Financial POS voice prompter and its voice prompting method
CN101894426A (en) * 2009-05-18 2010-11-24 北京银融科技有限责任公司 Transaction method and transaction system
CN102891842A (en) * 2012-09-07 2013-01-23 北京天龙融和软件有限公司 Security authentication method and system
CN103116847A (en) * 2013-02-06 2013-05-22 天地融科技股份有限公司 Intelligent card with electronic signature function, and system and method for intelligent card transactions
CN203242029U (en) * 2013-02-06 2013-10-16 天地融科技股份有限公司 An intelligent card containing an electronic signature function and an intelligent card transaction system
CN103136667A (en) * 2013-03-06 2013-06-05 天地融科技股份有限公司 Smart card with electronic signature function, smart card trading system and smart card trading method
CN103136664A (en) * 2013-03-06 2013-06-05 天地融科技股份有限公司 Trading system and trading method of smart card with electronic signature function

Similar Documents

Publication Publication Date Title
CN103136664B (en) There is smart card transaction system and the method for electronic signature functionality
CN106656510B (en) A kind of encryption key acquisition methods and system
WO2014161438A1 (en) Dynamic password token, and data transmission method and system for dynamic password token
WO2014161469A1 (en) Method and system for processing operation requests
CN104243451A (en) Information interaction method and system and smart key equipment
CN107896147B (en) Method and system for negotiating temporary session key based on national cryptographic algorithm
CN203242029U (en) An intelligent card containing an electronic signature function and an intelligent card transaction system
WO2014161468A1 (en) Information processing method and system
CN103516525B (en) Dynamic password generation method and system
CN103532719B (en) Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request
WO2014161436A1 (en) Electronic signature token, and method and system for electronic signature token to respond to operation request
WO2016112675A1 (en) Financial self-service system processing method
WO2014201907A1 (en) Electronic signature method and system
WO2014173288A1 (en) Encryption/decryption device and information processing method and system
WO2014194730A1 (en) Method and system for processing operation request
CN104243162A (en) Information interaction method and system and smart key equipment
CN103198401B (en) There is smart card method of commerce and the system of electronic signature functionality
WO2019165571A1 (en) Method and system for transmitting data
US20240106633A1 (en) Account opening methods, systems, and apparatuses
CN103136667B (en) There is the smart card of electronic signature functionality, smart card transaction system and method
WO2014173233A1 (en) Information processing method and deciphering apparatus
WO2014187209A1 (en) Method and system for backing up information in electronic signature token
WO2015000332A1 (en) Signature data transmission method and electronic signature token
CN203338403U (en) Intelligent card transaction system with an electronic signature function
WO2014121721A1 (en) Smart card with electronic signature function, and smart card transaction system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14749615

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14749615

Country of ref document: EP

Kind code of ref document: A1