WO2021008325A1 - 一种基于电子现金的脱机交易方法和系统 - Google Patents
一种基于电子现金的脱机交易方法和系统 Download PDFInfo
- Publication number
- WO2021008325A1 WO2021008325A1 PCT/CN2020/098411 CN2020098411W WO2021008325A1 WO 2021008325 A1 WO2021008325 A1 WO 2021008325A1 CN 2020098411 W CN2020098411 W CN 2020098411W WO 2021008325 A1 WO2021008325 A1 WO 2021008325A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction
- smart card
- information
- electronic cash
- background server
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
- G06Q20/065—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
- G06Q20/06—Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
Definitions
- the invention relates to the technical field of electronic transactions, in particular to an offline transaction method and system based on electronic cash.
- One aspect of the present invention provides an offline transaction method based on electronic cash, which includes: a back-end server receives an anti-replay factor generated by a smart card from a smart card; the back-end server determines whether there is an abnormal transaction in the smart card according to a preset algorithm, and if there is no abnormal transaction , Then use the private key of the background server to sign the security information, generate the security information signature, and send the security information and the security information signature to the smart card; where the security information includes at least: anti-replay factor and active field information; active field information at least Including: the number of transactions of the smart card; the smart card receives the security information and the security information signature information from the background server, and uses the public key of the background server to verify the security information signature information.
- the security information is compared with the anti-duplication Whether the release factor is consistent with the anti-replay factor generated by the smart card, if they are consistent, the active field information is stored; the transaction terminal and the back-end server will establish a connection with the smart card without establishing a connection, and send the electronic cash transaction application selection information to the smart card; Without establishing a connection between the smart card and the background server, the electronic cash transaction application selection information is received, the electronic cash transaction application is determined to be activated, and the transaction information sent by the transaction terminal is received; the transaction information includes at least: transaction amount; smart card reception After the transaction information, compare the accumulated number of transactions stored by itself with the number of transactions available for the smart card.
- the active field information is judged to be invalid and the transaction process is terminated; if the accumulated number of transactions is less than the available number for the smart card The number of transactions, the active field information is judged to be valid, the smart card deducts the card balance according to the transaction amount in the transaction information, adds 1 to the cumulative number of transactions stored in itself, and calculates the transaction information to obtain the transaction voucher, and sends the transaction voucher to the transaction Terminal:
- the smart card establishes a connection with the background server, generates an anti-replay factor, and sends the anti-replay factor to the background server.
- Another aspect of the present invention provides another offline transaction method based on electronic cash, which includes: the back-end server receives the anti-replay factor generated by the smart card from the smart card; the back-end server determines whether there is an abnormal transaction in the smart card according to a preset algorithm, and if it does not exist For abnormal transactions, use the private key of the background server to sign the security information, generate a security information signature, and send the security information and the security information signature to the smart card; the security information includes at least: anti-replay factor and active field information; active field The information includes at least: the transaction amount of the smart card; the smart card receives the security information and the security information signature information from the back-end server, uses the public key of the back-end server to verify the security information signature information, and compares the security information in the security information after the verification is passed.
- the active field information will be stored; the transaction terminal and the back-end server will establish a connection with the smart card and send the electronic cash transaction application selection to the smart card without establishing a connection Information; without establishing a connection between the smart card and the back-end server, receive the electronic cash transaction application selection information, confirm the activation of the electronic cash transaction application, and receive the transaction information sent by the transaction terminal; the transaction information includes at least: transaction amount; smart card reception After transaction information, compare the accumulated transaction amount stored by itself with the transaction amount of the smart card.
- the active field information is judged to be invalid and the transaction process is terminated;
- Transaction amount the active field information is judged to be valid, the smart card deducts the card balance according to the transaction amount in the transaction information, adds the accumulated transaction amount stored in itself to the transaction amount, calculates the transaction information to obtain the transaction voucher, and sends the transaction voucher To the transaction terminal;
- the smart card establishes a connection with the background server, generates an anti-replay factor, and sends the anti-replay factor to the background server.
- Another aspect of the present invention provides an offline transaction system based on electronic cash.
- the system includes: a back-end server, a smart card and a transaction terminal; a back-end server for receiving the anti-replay factor generated by the smart card from the smart card; and according to a preset algorithm Determine whether there is an abnormal transaction in the smart card.
- the security information includes at least: Replay factor and active field information
- active field information includes at least: the number of transactions of the smart card
- the smart card is used to receive security information and security information signature information from the background server, and use the public key of the background server to verify the security information signature information After the verification is passed, check whether the anti-replay factor in the security information is consistent with the anti-replay factor generated by the smart card.
- the transaction terminal is used to establish a connection with the back-end server In the case of establishing a connection with a smart card, it sends the electronic cash transaction application selection information to the smart card; the smart card is also used to receive electronic cash transaction application selection information without establishing a connection with the back-end server to confirm the electronic cash transaction application activation , And generate and receive transaction information sent by the transaction terminal.
- the transaction information includes at least: transaction amount; compare the accumulated number of transactions stored by itself with the number of transactions of the smart card, if the accumulated number of transactions is greater than or equal to the number of transactions of the smart card, then determine the activity If the field information is invalid, the transaction process is terminated; if the cumulative number of transactions is less than the number of transactions available for the smart card, the active field information is judged to be valid, the card balance is deducted according to the transaction amount in the transaction information, and the cumulative number of transactions stored in itself is increased by 1, and Calculate the transaction information to obtain the transaction voucher, send the transaction voucher to the transaction terminal; establish a connection with the background server, generate the anti-replay factor, and send the anti-replay factor to the background server.
- Another aspect of the present invention provides another offline transaction system based on electronic cash.
- the system includes: a background server, a smart card and a transaction terminal; a background server for receiving the anti-replay factor generated by the smart card from the smart card; The algorithm determines whether there is an abnormal transaction in the smart card.
- the private key of the background server is used to sign the security information, generate a security information signature, and send the security information and the security information signature to the smart card;
- the security information includes at least: Anti-replay factor and active field information;
- the active field information includes at least: the transaction amount of the smart card;
- the smart card is used to receive security information and security information signature information from the back-end server, and use the public key of the back-end server to verify the security information signature information After passing the verification, check whether the anti-replay factor in the security information is consistent with the anti-replay factor generated by the smart card.
- the transaction terminal is used to establish a connection with the back-end server When connected, it establishes a connection with a smart card and sends the electronic cash transaction application selection information to the smart card; the smart card is also used to receive electronic cash transaction application selection information without establishing a connection with the back-end server to determine the electronic cash transaction application Activate and receive the transaction information sent by the transaction terminal.
- the transaction information includes at least: transaction amount; compare the accumulated transaction amount stored by itself with the transaction amount of the smart card.
- the activity is judged If the accumulated transaction amount is greater than or equal to the transaction amount of the smart card, the activity is judged If the field information is invalid, the transaction process is terminated; if the cumulative transaction amount is less than the transaction amount of the smart card, the active field information is judged to be valid, the card balance is deducted according to the transaction amount in the transaction information, and the cumulative transaction amount stored in itself is added to the transaction amount , Calculate the transaction information to obtain the transaction voucher, send the transaction voucher to the transaction terminal; establish a connection with the background server, generate the anti-replay factor, and send the anti-replay factor to the background server.
- FIG. 1 is a flowchart of an offline transaction method based on electronic cash according to Embodiment 1 of the present invention
- Embodiment 2 is a flowchart of another offline transaction method based on electronic cash provided by Embodiment 1 of the present invention
- Embodiment 3 is a schematic structural diagram of an offline transaction system based on electronic cash provided by Embodiment 2 of the present invention.
- FIG. 1 is a flowchart of an offline transaction method based on electronic cash provided by this embodiment
- FIG. 2 is a flowchart of another offline transaction method based on electronic cash provided by this embodiment.
- this embodiment provides an offline transaction method based on electronic cash.
- the method includes:
- Step S1 The background server receives the anti-replay factor generated by the smart card from the smart card;
- Step S2 The back-end server judges whether there is an abnormal transaction in the smart card according to the preset algorithm. If there is no abnormal transaction, the private key of the back-end server is used to sign the security information, generate a security information signature, and send the security information and the security information signature to the smart card ;
- the security information includes at least: anti-replay factor and active field information;
- the active field information includes at least: the number of transactions that can be performed on the smart card;
- Step S3 The smart card receives the security information and the security information signature information from the background server, and uses the public key of the background server to verify the security information signature information. After the verification is passed, the anti-replay factor in the security information is compared with the smart card generation Whether the anti-replay factors are the same, if they are the same, store the active field information;
- Step S4 The transaction terminal establishes a connection with the smart card without establishing a connection with the background server, and sends the electronic cash transaction application selection information to the smart card;
- Step S5 Without establishing a connection between the smart card and the back-end server, receive the electronic cash transaction application selection information, confirm that the electronic cash transaction application is activated, and receive the transaction information sent by the transaction terminal
- the transaction information includes at least: transaction amount;
- Step S6-1 After the smart card receives the transaction information, it compares the accumulated number of transactions stored by itself with the number of transactions available for the smart card; if the accumulated number of transactions is greater than or equal to the number of transactions available for the smart card, it is judged that the active field information is invalid, and step S6-3 is executed ; If the cumulative number of transactions is less than the number of transactions available for the smart card, it is determined that the active field information is valid, and step S6-2 is executed;
- Step S6-2 The smart card deducts the card balance according to the transaction amount in the transaction information, adds 1 to the accumulated number of transactions stored by itself, calculates the transaction information to obtain a transaction certificate, and sends the transaction certificate to the transaction terminal;
- Step S6-3 The smart card terminates the transaction process
- Step S7 The smart card establishes a connection with the background server, generates an anti-replay factor, and sends the anti-replay factor to the background server.
- the background server issues active field information to the smart card, and the smart card stores the received active field information after verification.
- the smart card judges whether the active field information is valid according to the transaction information, and the offline transaction of electronic cash can be completed only when the active field information is valid. Therefore, by limiting the number of offline transactions of the smart card, if a criminal (the payee, that is, an illegal transaction terminal) uses a transaction terminal such as a POS machine to illegally swipe the card with electronic cash, because the payment card is offline Due to the limitation of the number of transactions, criminals cannot steal electronic cash multiple times.
- the active field information is issued after being signed by the backend server, and the smart card is stored after the verification is passed. This issuing mechanism effectively prevents illegal devices from tampering with the active field information stored in the smart card.
- Step S1 The background server receives the anti-replay factor generated by the smart card from the smart card;
- the smart card refers to the transaction device at the payment terminal.
- the transaction terminal and the smart card may be a smart card type transaction device of the same model, that is, the smart card type transaction device may have both a payment function and a collection function.
- the smart card type transaction device is called a smart card when used as a payment terminal, and called a transaction terminal when used as a payment terminal.
- the anti-replay factor generated by the smart card may be a random number.
- Step S2 The back-end server judges whether there is an abnormal transaction in the smart card according to the preset algorithm. If there is no abnormal transaction, the private key of the back-end server is used to sign the security information, generate a security information signature, and send the security information and the security information signature to the smart card ;
- the security information includes at least: anti-replay factor and active field information;
- the active field information includes at least: the number of transactions available for the smart card.
- the active field information may be the number of transactions of the smart card, the transaction amount of the smart card, or the tradable currency and transaction time of the smart card.
- the active field information may also include the above-mentioned various kinds of information.
- the smart card refers to the transaction device at the payment terminal.
- the transaction terminal and the smart card may be a smart card type transaction device of the same model, that is, the smart card type transaction device may have both a payment function and a collection function.
- the smart card type transaction device is called a smart card when used as a payment terminal, and called a transaction terminal when used as a receiving terminal.
- Step S3 The smart card receives the security information and the security information signature information from the background server, and uses the public key of the background server to verify the security information signature information. After the verification is passed, the anti-replay factor in the security information is compared with the smart card generation Whether the anti-replay factors are consistent, if they are consistent, the active field information is stored.
- the smart card obtains the public key of the back-end server from the back-end server, and uses the public key to verify the security information signature information issued by the back-end server.
- the smart card can confirm the received security by way of verification.
- the reliability of the source of the information if an illegal device performs a replay attack on the back-end server, the anti-replay factor in the security information sent by the back-end server is inconsistent with the anti-replay factor generated by the smart card. Therefore, the back-end server can pass the anti-replay factor.
- the active field information of the smart card in this embodiment is issued by the background server, and the smart card itself cannot modify the active field information, thereby ensuring the reliability of the active field information.
- Step S4 The transaction terminal establishes a connection with the smart card without establishing a connection with the background server, and sends the electronic cash transaction application selection information to the smart card;
- the transaction terminal refers to a transaction device at the receiving end, which can be a mobile phone or POS machine with an offline transaction function of electronic cash, or a smart card type transaction device.
- Step S5 Without establishing a connection between the smart card and the back-end server, the electronic cash transaction application selection information is received, the electronic cash transaction application is determined to be activated, and the transaction information sent by the transaction terminal is received.
- the transaction information includes at least the transaction amount.
- the transaction amount may be entered by the receiving user into the transaction terminal to be traded, or it may be obtained by the transaction terminal to be traded in other ways.
- the transaction information may also include other fields other than the transaction amount, such as transaction time, smart card identification information, transaction terminal identification information, currency type identification, and so on.
- Step S6-1 After the smart card receives the transaction information, it compares the accumulated number of transactions stored by itself with the number of transactions available for the smart card; if the accumulated number of transactions is greater than or equal to the number of transactions available for the smart card, it is judged that the active field information is invalid, and step S6-3 is executed ; If the cumulative number of transactions is less than the number of transactions available for the smart card, it is determined that the active field information is valid, and step S6-2 is executed;
- Step S6-2 The smart card deducts the card balance according to the transaction amount in the transaction information, adds 1 to the cumulative number of transactions stored by itself, calculates the transaction information to obtain a transaction certificate, and sends the transaction certificate to the transaction terminal;
- Step S6-3 The smart card terminates the transaction process.
- the transaction certificate may be a transaction information signature value obtained by the smart card using its private key to sign the transaction information, or may be a transaction information cipher text obtained by the smart card using an encryption key to encrypt the transaction information. Therefore, in the subsequent steps of electronic cash clearing, the back-end server can verify the transaction voucher, thereby verifying the identity of the payer.
- the number of transactions possible is 3 times. After smart card A makes three consecutive payments, the cumulative number of transactions is 3.
- the smart card judges that the cumulative number of transactions stored in itself is equal to the number of transactions available, and then determines that the active field information is invalid, and smart card A terminates the transaction process. In this case, the smart card A must establish a connection with the back-end server to obtain the updated active field information issued by the back-end server before proceeding to the next offline transaction. Therefore, by limiting the number of offline transactions of the smart card, the user of the smart card is forced to establish a connection with the server after the active field information is invalid, and perform the steps of updating the active field information, thereby avoiding the long-term use of the smart card offline. Security issues.
- a criminal the payee, that is, a criminal transaction terminal
- a transaction terminal such as a POS machine
- the criminal cannot do it multiple times
- the stealing of electronic cash has improved the security of smart cards to a certain extent.
- the active field information is not limited to the number of transactions that can be performed by the smart card, it can also be the number of transactions that can be performed by the smart card, the transaction amount of the smart card, or the transaction currency and transaction time of the smart card.
- the method of judging the validity of the active field information also varies according to the content included in the active field information.
- Step S6-1' After receiving the transaction information, the smart card compares the accumulated transaction amount stored in itself with the transaction amount of the smart card; if the accumulated transaction amount is greater than or equal to the transaction amount of the smart card, it is judged that the active field information is invalid, and step S6- 3'; if the accumulated transaction amount is less than the tradable amount of the smart card, it is judged that the active field information is valid, and step S6-2' is executed;
- Step S6-2' The smart card deducts the card balance according to the transaction amount in the transaction information, adds the accumulated transaction amount stored in itself to the transaction amount, calculates the transaction information to obtain a transaction certificate, and sends the transaction certificate to the transaction terminal; Thus, the updated cumulative transaction amount is obtained;
- Step S7-3' The smart card terminates the transaction process.
- the active field information is the number of transactions or the transaction amount as an example, and the method of judging the validity of the active field information is exemplified.
- the active field information includes a variety of information, for example, the active field information includes: the number of transactions, the amount of transactions that can be traded, and the transaction time, then when judging the validity of the active field information, the cumulative number of transactions of the smart card is required to be less than the number of transactions available , The accumulated transaction amount is less than the tradable amount, and the transaction time is within the tradable time range, that is, when all the fields included in the active field information are valid, the active field information of the smart card is judged to be valid.
- the smart card may also verify whether the transaction amount in the received transaction information is not greater than its own card balance; if the transaction amount is not greater than its own card balance, execute Step S6-1: If the transaction amount is greater than your card balance, then skip to step S6-3.
- the smart card can have the function of prompting the user with the card balance, and the user can artificially determine whether the card balance is sufficient to pay the transaction amount, and the smart card is not used for payment when the card balance is insufficient.
- Step S7 The smart card establishes a connection with the background server, generates an anti-replay factor, and sends the anti-replay factor to the background server.
- each transaction clearing information includes at least: at least one transaction certificate; the back-end server receives transaction clearing information from the smart card, and performs electronic cash clearing based on the transaction clearing information.
- the back-end server can use the public key of the smart card to verify each transaction certificate in the transaction clearing information.
- the transaction information in the transaction vouchers performs electronic cash clearing.
- the background server can use the decryption key to decrypt each transaction vouchers to obtain the plaintext of the transaction information, and execute the electronic cash according to the plaintext of each transaction information. Liquidation.
- the decryption key used by the background server and the encryption key used by the smart card may be a pre-negotiated symmetric key or an asymmetric key.
- the back-end server can authenticate the identity of the payer by verifying the transaction certificate.
- the method further includes: the back-end server issues new electronic cash to the smart card; the smart card receives and stores the new electronic cash, Add the face value of the new electronic cash to your own card balance.
- the back-end server judges whether there are abnormal transactions in the smart card according to a preset algorithm, including: the back-end server receives transaction settlement information sent by the smart card, and judges all the information generated by the smart card without establishing a connection with the back-end server Whether the total transaction amount of the transaction information is greater than the face value of the electronic cash stored in the smart card itself, if the total transaction amount of all the transaction information generated by the back-end server without establishing a connection is greater than the face value of the electronic cash stored in the smart card itself, it is judged that the smart card exists Unusual transaction.
- the smart card as the smart card A as an example: the face value of the electronic cash stored in the smart card A is 100 yuan, and the number of transactions that can be performed on the smart card A is 3 times.
- the smart card A can make 3 offline electronic cash payments at most, and after 3 payments, it must establish a connection with the back-end server and execute the electronic cash clearing process.
- Smart card A can record the card balance. After each payment, smart card A can deduct the payment transaction amount to complete the update of the current card balance. When smart card A is used normally, the sum of the transaction amount of three consecutive payments will not exceed 100 yuan.
- the transaction clearing information sent by smart card A to the back-end server includes the three transaction information corresponding to the foregoing three payments and the electronic cash stored in smart card A;
- the transaction amount of a piece of transaction information is calculated, and the total transaction amount of the above three payments is calculated, and it is judged whether the total transaction amount is greater than the face value of the electronic cash stored by itself 100 yuan. If the total transaction amount is greater than 100 yuan, the background server determines that the smart card A has an abnormal transaction. Therefore, if smart card A is tampered with by criminals, the sum of the transaction amount of three consecutive payments may be greater than 100 yuan. At this time, the back-end server will judge smart card A when performing electronic cash clearing. If there is an abnormal transaction, the updated active field information will no longer be issued to the smart card A, so that the smart card A can no longer perform the next offline transaction, which effectively prevents criminals from making illegal consumption again.
- smart card A after smart card A is cleared by electronic cash and there is no abnormal transaction in smart card A, smart card A can obtain new electronic cash from the background server. Specifically, after the transaction clearing information sent by smart card A to the back-end server includes the three transaction information corresponding to the above three payments and the electronic cash (100 yuan face value) stored by smart card A itself, smart card A can delete the stored electronic cash. Cash, or smart card A makes its own stored electronic cash unusable. After the back-end server executes the electronic cash clearing, it issues new electronic cash (200 yuan face value) to the smart card A. Smart card A receives and stores new electronic cash, and adds 200 yuan to its current card balance.
- FIG. 2 is a schematic structural diagram of an offline transaction system based on electronic cash provided by this embodiment. Now, in conjunction with Figure 2, the structure of the system provided by this embodiment will be described in detail:
- This embodiment provides an offline transaction system based on electronic cash.
- the system includes a background server 10, a smart card 20, and a transaction terminal 30.
- the smart card 20 refers to a transaction device at the payment terminal.
- the transaction terminal 30 and the smart card 20 may be smart card type transaction devices of the same model, that is, the smart card type transaction device may have both a payment function and a collection function.
- the smart card type transaction device is referred to as a smart card 20 when used as a payment terminal, and as a transaction terminal 30 when used as a receiving terminal.
- the back-end server 10 is used to receive the anti-replay factor generated by the smart card 20 from the smart card 20; determine whether the smart card 20 has an abnormal transaction according to a preset algorithm, and if there is no abnormal transaction, use the private key of the back-end server 10 Sign the security information, generate a security information signature, and send the security information and the security information signature to the smart card 20; where the security information includes at least: anti-replay factor and active field information; the active field information includes at least: the tradable of the smart card 20 frequency.
- the anti-replay factor generated by the smart card 20 may be a random number.
- the active field information may be the number of transactions that can be performed by the smart card 20, the transaction amount of the smart card 20, or the transaction currency and transaction time of the smart card 20.
- the active field information may also include the above-mentioned various kinds of information.
- the smart card 20 is used to receive security information and security information signature information from the back-end server 10, use the public key of the back-end server 10 to verify the security information signature information, and after the verification is passed, compare the anti-replay factor in the security information Whether it is consistent with the anti-replay factor generated by the smart card 20, if it is consistent, the active field information is stored.
- the smart card 20 obtains the public key of the back-end server 10 from the back-end server 10, and uses the public key to verify the security information signature information issued by the back-end server 10, so that the smart card 20 can be used to verify the signature. Confirm the reliability of the source of the received safety information.
- the back-end server 10 can pass Anti-replay factor to avoid replay attacks from illegal devices.
- the transaction terminal 30 is configured to establish a connection with the smart card 20 without establishing a connection with the back-end server 10, and send electronic cash transaction application selection information to the smart card 20.
- the transaction terminal 30 refers to a transaction device at the receiving end, which can be a mobile phone, POS machine, or other transaction device with an offline transaction function of electronic cash, or a smart card type transaction device.
- the smart card 20 is also used for receiving electronic cash transaction application selection information, confirming that the electronic cash transaction application is activated, and receiving transaction information sent by the transaction terminal without establishing a connection with the background server 10; wherein, the transaction information includes at least: The transaction amount.
- the transaction amount may be entered by the receiving user into the transaction terminal 30 to be traded, or it may be obtained by the transaction terminal 30 to be traded in other ways.
- the transaction information may also include other fields besides the transaction amount, such as transaction time, identification information of the smart card 20, identification information of the transaction terminal 30, currency type identification, and so on.
- the smart card 20 is also used to compare the accumulated number of transactions stored by itself with the number of transactions available to the smart card 20 after receiving the transaction information. If the accumulated number of transactions is greater than or equal to the number of transactions available to the smart card 20, the active field information is judged to be invalid and the transaction is terminated Process; if the cumulative number of transactions is less than the number of transactions available for the smart card 20, the active field information is judged to be valid, the card balance is deducted according to the transaction amount in the transaction information, the cumulative number of transactions stored in itself is increased by 1, and the transaction information is calculated Obtain the transaction certificate, and send the transaction certificate to the transaction terminal.
- the transaction certificate may be a transaction information signature value obtained by the smart card 20 using its private key to sign the transaction information, or may be a transaction information ciphertext obtained by the smart card 20 using an encryption key to encrypt the transaction information. Therefore, in the subsequent steps of electronic cash clearing, the back-end server 10 can verify the transaction voucher, thereby verifying the identity of the payer.
- the number of transactions possible is 3 times. After smart card A makes 3 consecutive payments, the cumulative number of transactions is 3. Smart card A can determine that the active field information is invalid by judging that the cumulative number of transactions stored in itself is equal to the number of transactions available, and smart card A terminates the transaction process. In this case, the smart card A must establish a connection with the back-end server 10 to obtain the updated active field information issued by the back-end server 10 before proceeding to the next offline transaction.
- the user of the smart card 20 is forced to establish a connection with the server 10 after the active field information is invalid, and perform the steps of updating the active field information, thereby preventing the smart card 20 from being offline for a long time.
- Safety issues caused by use For example, if a criminal (the payee, that is, a criminal transaction terminal) uses a transaction terminal such as a POS machine to illegally stolen a card with electronic cash, due to the limitation of the number of offline transactions of the payment card, the criminal cannot do it multiple times The stealing of electronic cash has improved the security of smart cards to a certain extent.
- the active field information is not limited to the number of transactions that can be performed by the smart card 20, it can also be the number of transactions that can be performed by the smart card 20, the transaction amount of the smart card 20, or the transaction currency of the smart card 20, The available transaction time, etc.
- the method of judging the validity of the active field information also varies according to the content of the active field information. For example, when the active field information is the tradable amount of the smart card: the smart card 20 is also used to compare the accumulated transaction amount stored by itself with the tradable amount of the smart card 20 after receiving the transaction information.
- the active field information is judged to be invalid, and the transaction process is terminated; if the cumulative transaction amount is less than the tradable amount of the smart card 20, the active field information is judged to be valid, the card balance is deducted according to the transaction amount in the transaction information, and the transaction The stored accumulated transaction amount is added to the transaction amount to obtain the updated accumulated transaction amount, the transaction information is calculated to obtain the transaction certificate, and the transaction certificate is sent to the transaction terminal.
- the active field information is the number of transactions or the transaction amount as an example, and the method of judging the validity of the active field information is exemplified.
- the active field information includes a variety of information, for example, the active field information includes: the number of transactions, the amount of transactions that can be traded, and the transaction time, then when judging the validity of the active field information, the cumulative number of transactions of the smart card 20 is required to be less than the number of transactions available The number of times, the cumulative transaction amount is less than the tradable amount, and the transaction time is within the tradable time range, that is, when all the fields included in the active field information are valid, the active field information of the smart card 20 is judged to be valid.
- the smart card 20 is also used to verify whether the transaction amount in the received transaction information is not greater than its own card balance; if the transaction amount is not greater than its own card balance, continue the transaction process; if If the transaction amount is greater than your own card balance, the transaction process will be terminated.
- the smart card 20 may have a display screen, and the card balance can be displayed to the user through the display screen. The user can artificially determine whether the card balance is sufficient to pay the transaction amount, and the smart card is not used for payment when the card balance is insufficient.
- the smart card 20 is also used to establish a connection with the background server 10, generate an anti-replay factor, and send the anti-replay factor to the background server 10.
- the smart card 20 is also used to establish a connection with the back-end server 10, according to all transaction vouchers generated by the smart card 20 without establishing a connection with the back-end server 10 and electronic cash stored in itself Generate transaction clearing information, and send the transaction clearing information to the background server 10.
- each transaction clearing information includes at least: at least one transaction certificate; the back-end server 10 is also used to receive transaction clearing information from the smart card 20, and execute electronic cash clearing based on the transaction clearing information.
- the back-end server 10 when the transaction voucher includes the transaction information signature value, the back-end server 10 is also used to verify each transaction voucher in the transaction clearing information by using the public key of the smart card 20, and then pass the verification. After that, electronic cash clearing is performed according to the transaction information in each transaction certificate.
- the back-end server 10 when the transaction certificate includes the transaction information ciphertext, the back-end server 10 is also used to decrypt each transaction certificate with the decryption key to obtain the transaction information plaintext, and according to each transaction Electronic cash clearing is performed in clear text of information.
- the decryption key used by the background server 10 and the encryption key used by the smart card 20 may be a pre-negotiated symmetric key or an asymmetric key. Therefore, the back-end server 10 can verify the identity of the payer by verifying the transaction certificate.
- the back-end server 10 is also used to issue new electronic cash to the smart card 20; the smart card 20 is also used to receive and store new electronic cash, and add new electronic cash to its own card balance. The face value of the cash.
- the back-end server 10 is configured to determine whether there is an abnormal transaction in the smart card 20 according to a preset algorithm, including: the back-end server 10 is configured to receive transaction settlement information sent by the smart card 20, and determine whether the smart card 20 is in contact with the back-end Whether the total transaction amount of all transaction information generated by the server 10 without establishing a connection is greater than the face value of the electronic cash stored in the smart card 20 itself, if the back-end server 10 generates the total transaction amount of all transaction information without establishing a connection If it is greater than the face value of the electronic cash stored in the smart card 20 itself, it is determined that the smart card 20 has an abnormal transaction.
- a preset algorithm including: the back-end server 10 is configured to receive transaction settlement information sent by the smart card 20, and determine whether the smart card 20 is in contact with the back-end Whether the total transaction amount of all transaction information generated by the server 10 without establishing a connection is greater than the face value of the electronic cash stored in the smart card 20 itself, if the back-end server 10 generates the
- the smart card 20 as the smart card A as an example: the face value of the electronic cash stored in the smart card A is 100 yuan, and the number of transactions of the smart card A is 3 times.
- the smart card A can make 3 offline electronic cash payments at most, and after 3 payments, it must establish a connection with the background server 10 and execute the electronic cash clearing process.
- Smart card A can record the card balance. After each payment, smart card A can deduct the payment transaction amount to complete the update of the current card balance. When smart card A is used normally, the sum of the transaction amount of three consecutive payments will not exceed 100 yuan.
- the transaction clearing information sent by the smart card A to the back-end server 10 includes the three transaction information corresponding to the foregoing three payments and the electronic cash stored in the smart card A itself; the back-end server 10 receives For the transaction amount of each transaction information, calculate the sum of the transaction amount of the above 3 payments, and determine whether the sum of the transaction amount is greater than the face value of the electronic cash stored in itself 100 yuan. If the total transaction amount is greater than 100 yuan, the background server 10 determines that the smart card A has an abnormal transaction. Therefore, if smart card A is tampered with by criminals, the sum of the transaction amount of three consecutive payments may be greater than 100 yuan.
- the back-end server 10 will judge the smart card when performing electronic cash clearing There is an abnormal transaction in A, and the updated active field information is no longer issued to smart card A, so that smart card A can no longer perform the next offline transaction, effectively preventing criminals from making illegal consumption again.
- the smart card A can obtain new electronic cash from the background server 10.
- the transaction clearing information sent by smart card A to the back-end server 10 includes the three transaction information corresponding to the aforementioned three payments and the electronic cash (100 yuan in face value) stored by smart card A itself
- smart card A can delete the self-stored Electronic cash, or smart card A makes the stored electronic cash unusable.
- the back-end server 10 performs electronic cash settlement, it issues new electronic cash (200 yuan face value) to the smart card A.
- Smart card A receives and stores new electronic cash, and adds 200 yuan to its current card balance.
- the background server issues active field information to the smart card, and the smart card stores the received active field information after verification.
- the smart card judges whether the active field information is valid according to the transaction information, and the offline transaction of electronic cash can be completed only when the active field information is valid. Therefore, by limiting the number of offline transactions of the smart card, if a criminal (the payee, that is, an illegal transaction terminal) uses a transaction terminal such as a POS machine to illegally swipe the card with electronic cash, because the payment card is offline Due to the limitation of the number of transactions, criminals cannot steal electronic cash multiple times.
- the active field information is issued after being signed by the backend server, and the smart card is stored after the verification is passed. This issuing mechanism effectively prevents illegal devices from tampering with the active field information stored in the smart card.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Cash Registers Or Receiving Machines (AREA)
Abstract
一种基于电子现金的脱机交易方法和系统,该方法包括:后台服务器从智能卡接收智能卡生成的防重放因子(S1);后台服务器按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡(S2);智能卡从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息(S3);智能卡与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器(S7)。
Description
相关申请的交叉引用
本申请要求天地融公司于2019年7月17日提交的、发明名称为“一种基于电子现金的脱机交易方法和系统”的、中国专利申请号“201910645444.3”的优先权。
本发明涉及一种电子交易技术领域,尤其涉及一种基于电子现金的脱机交易方法和系统。
在传统的电子现金等脱机交易应用中,由于脱机交易不能够实时联网认证,这就导致后台服务器不能及时对电子现金进行清算。在脱机交易的情况下,付款终端存储有一张电子现金,该电子现金可以被用户重复消费,付款终端在用户每次消费后,会在卡片余额上扣减相应的消费金额。因此存在以下安全问题:不法分子可能利用POS机等交易终端对圈存有电子现金的卡片进行大量的非法盗刷,由于不能实时清算,用户无法及时得知卡片内电子现金被盗刷走。
因此,急需一种更优的电子现金脱机交易的技术方案,在智能卡上增加活性字段信息,避免上述电子现金脱机交易中可能出现的安全问题。
发明内容
本发明一方面提供了一种基于电子现金的脱机交易方法,包括:后台服务器从智能卡接收智能卡生成的防重放因子;后台服务器按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易次数;智能卡从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息;交易终端与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;智能卡与后台服务器在不建立连接的情况下, 接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收所述交易终端发送的交易信息;其中,交易信息至少包括:交易金额;智能卡接收交易信息后,比较自身存储的交易累计次数与智能卡的可交易次数,如果交易累计次数大于或等于智能卡的可交易次数,则判断活性字段信息无效,终止交易流程;如果交易累计次数小于智能卡的可交易次数,则判断活性字段信息有效,智能卡根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计次数加1,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;智能卡与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
本发明另一方面提供了另一种基于电子现金的脱机交易方法,包括:后台服务器从智能卡接收智能卡生成的防重放因子;后台服务器按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易金额;智能卡从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息;交易终端与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;智能卡与后台服务器在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收交易终端发送的交易信息;其中,交易信息至少包括:交易金额;智能卡接收交易信息后,比较自身存储的交易累计金额与智能卡的可交易金额,如果交易累计金额大于或等于智能卡的可交易金额,则判断活性字段信息无效,终止交易流程;如果交易累计金额小于智能卡的可交易金额,则判断活性字段信息有效,智能卡根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计金额加上交易金额,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;智能卡与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
本发明又一方面提供了一种基于电子现金的脱机交易系统,该系统包括:后台服务器、智能卡和交易终端;后台服务器,用于从智能卡接收智能卡生成的防重放因子;按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易次数;智能卡,用于从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能 卡生成的防重放因子是否一致,如果一致,则存储活性字段信息;交易终端,用于在与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;智能卡,还用于在与后台服务器在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并生成接收交易终端发送的交易信息其中,交易信息至少包括:交易金额;比较自身存储的交易累计次数与智能卡的可交易次数,如果交易累计次数大于或等于智能卡的可交易次数,则判断活性字段信息无效,终止交易流程;如果交易累计次数小于智能卡的可交易次数,则判断活性字段信息有效,根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计次数加1,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
本发明再一方面提供了另一种基于电子现金的脱机交易系统,该系统包括:后台服务器、智能卡和交易终端;后台服务器,用于从智能卡接收智能卡生成的防重放因子;按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易金额;智能卡,用于从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息;交易终端,用于在与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;智能卡,还用于在与后台服务器在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收交易终端发送的交易信息其中,交易信息至少包括:交易金额;比较自身存储的交易累计金额与智能卡的可交易金额,如果交易累计金额大于或等于智能卡的可交易金额,则判断活性字段信息无效,终止交易流程;如果交易累计金额小于智能卡的可交易金额,则判断活性字段信息有效,根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计金额加上交易金额,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附 图。
图1为本发明实施例1提供的一种基于电子现金的脱机交易方法的流程图;
图2为本发明实施例1提供的另一种基于电子现金的脱机交易方法的流程图;
图3为本发明实施例2提供的一种基于电子现金的脱机交易系统的结构示意图。
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。
实施例1
图1为本实施例提供的一种基于电子现金的脱机交易方法的流程图、图2为本实施例提供的另一种基于电子现金的脱机交易方法的流程图。
如图1所示,本实施例提供了一种基于电子现金的脱机交易方法,该方法包括:
步骤S1:后台服务器从智能卡接收智能卡生成的防重放因子;
步骤S2:后台服务器按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;
其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易次数;
步骤S3:智能卡从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息;
步骤S4:交易终端与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;
步骤S5:智能卡与后台服务器在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收交易终端发送的交易信息
其中,交易信息至少包括:交易金额;
步骤S6-1:智能卡接收交易信息后,比较自身存储的交易累计次数与智能卡的可交易次数;如果交易累计次数大于或等于智能卡的可交易次数,则判断活性字段信息无效,执行步骤S6-3;如果交易累计次数小于智能卡的可交易次数,则判断活性字段信息有效,执 行步骤S6-2;
步骤S6-2:智能卡根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计次数加1,并对交易信息进行计算得到交易凭证,将交易凭证送至所述交易终端;
步骤S6-3:智能卡终止交易流程;
步骤S7:智能卡与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
由上述本实施例提供的技术方案可以看出,后台服务器向智能卡下发活性字段信息,智能卡在验证通过后将接收到的活性字段信息存储。在交易时,智能卡根据交易信息判断活性字段信息是否有效,只有在活性字段信息有效的情况下才能完成电子现金的脱机交易。由此,通过限制智能卡脱机的可交易次数,如果不法分子(收款方,即不法交易终端)利用POS机等交易终端对圈存有电子现金的卡片进行非法盗刷,由于付款卡片脱机交易次数的限制,不法分子无法多次进行电子现金的盗刷。此外,活性字段信息是由后台服务器签名后下发,智能卡在验签通过后再进行存储,该下发机制有效地避免了非法设备对智能卡中存储的活性字段信息进行篡改。
下面对本实施例提供的方法中智能卡与后台服务器以及交易终端的交互流程进行详细的说明:
步骤S1:后台服务器从智能卡接收智能卡生成的防重放因子;
本实施例中,智能卡是指付款端的交易设备。需要说明的是,作为一种可选的实施方式,交易终端和智能卡可以为同一型号的智能卡型交易设备,即该智能卡型交易设备可以既具有付款功能也具有收款功能。为方便说明,在本实施例中,将该智能卡型交易设备作为付款端使用时称为智能卡,作为收款端使用时称为交易终端。作为一种可选的实施方式,智能卡生成的防重放因子可以为随机数。
步骤S2:后台服务器按预设算法判断智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡的可交易次数。
本实施例中,活性字段信息可以为智能卡的可交易次数,也可以为智能卡的可交易金额,或者还可以为智能卡的可交易币种、可交易时间等。当然,活性字段信息也可以包括上述多种信息。
本实施例中,智能卡是指付款端的交易设备。需要说明的是,作为一种可选的实施方式,交易终端和智能卡可以为同一型号的智能卡型交易设备,即该智能卡型交易设备可以既具有付款功能也具有收款功能。为方便说明,在本实施例中,将该智能卡型交易设备作 为付款端使用时称为智能卡,作为收款端使用时称为交易终端。
本实施例中,后台服务器判断智能卡是否存在异常交易的具体流程在本实施例后文中进行说明。
步骤S3:智能卡从后台服务器接收安全信息和安全信息签名信息,利用后台服务器的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡生成的防重放因子是否一致,如果一致,则存储活性字段信息。
本实施例中,智能卡从后台服务器获取后台服务器的公钥,利用该公钥对后台服务器下发的安全信息签名信息进行验签,由此,智能卡可以通过验签的方式来确认接收到的安全信息的来源的可靠性。此外,如果有不法设备对后台服务器进行重放攻击,后台服务器下发的安全信息中的防重放因子与智能卡生成的防重放因子是不一致的,由此,后台服务器可以通过防重放因子来避免不法设备的重放攻击。此外,本实施例中的智能卡,其活性字段信息是由后台服务器下发的,智能卡本身无法对活性字段信息进行修改,由此保证了活性字段信息的可靠性。
步骤S4:交易终端与后台服务器在不建立连接的情况下,与智能卡建立连接,向智能卡发送电子现金交易应用选择信息;
本实施例中,本实施例中,交易终端是指收款端的交易设备,可以为带有电子现金脱机交易功能的手机、POS机等交易设备,也可以为智能卡型的交易设备。
步骤S5:智能卡与后台服务器在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收交易终端发送的交易信息;其中,交易信息至少包括:交易金额。
本实施例中,交易金额可以是由收款用户录入至待交易的交易终端的,也可以是待交易的交易终端通过其他方式获取的。作为一种可选的实施方式,交易信息还可以包括除交易金额之外的其他字段,例如交易时间、智能卡的标识信息、交易终端的标识信息、货币种类标识等等。
步骤S6-1:智能卡接收交易信息后,比较自身存储的交易累计次数与智能卡的可交易次数;如果交易累计次数大于或等于智能卡的可交易次数,则判断活性字段信息无效,执行步骤S6-3;如果交易累计次数小于智能卡的可交易次数,则判断活性字段信息有效,执行步骤S6-2;
步骤S6-2:智能卡根据交易信息中的交易金额扣减卡片余额,将自身存储的交易累计次数加1,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;
步骤S6-3:智能卡终止交易流程。
在步骤S6-2中,交易凭证可以为智能卡可以利用自身的私钥对交易信息进行签名得到 的交易信息签名值,也可以为智能卡利用加密密钥对交易信息进行加密得到的交易信息密文。由此,在后续电子现金清算的步骤中,后台服务器可以对交易凭证进行验证,从而对付款方的身份进行认证。
举例来说,智能卡A的活性字段信息中,可交易次数为3次。在智能卡A连续进行3次付款后,其交易累计次数为3,智能卡通过判断自身存储的累计交易次数与可交易次数相等,即可判断出活性字段信息无效,智能卡A终止交易流程。在这种情况下,智能卡A必须与后台服务器建立连接,获取后台服务器下发的更新的活性字段信息,才可以继续进行下一次脱机交易。由此,通过限制智能卡脱机的可交易次数,迫使智能卡的用户在活性字段信息无效后与服务器建立连接,执行更新活性字段信息的步骤,从而避免智能卡长期在脱机状态下被使用所带来的安全问题。比如,如果不法分子(收款方,即不法交易终端)利用POS机等交易终端对圈存有电子现金的卡片进行非法盗刷,由于付款卡片脱机交易次数的限制,不法分子无法多次进行电子现金的盗刷,在一定程度上提高了智能卡的安全性。
本实施例中,由于活性字段信息不限于智能卡的可交易次数,还可以为智能卡的可交易次数,也可以为智能卡的可交易金额,或者还可以为智能卡的可交易币种、可交易时间等,活性字段信息有效性的判断方式也根据活性字段信息所包括的内容的不同而不同。
如图2所示,当活性字段信息为智能卡的可交易金额时,上述步骤6-1至6-3可以替换为步骤S6-1’至S6-3’(其余步骤不变):
步骤S6-1’:智能卡接收交易信息后,比较自身存储的交易累计金额与智能卡的可交易金额;如果交易累计金额大于或等于智能卡的可交易金额,则判断活性字段信息无效,执行步骤S6-3’;如果交易累计金额小于智能卡的可交易金额,则判断活性字段信息有效,执行步骤S6-2’;
步骤S6-2’:智能卡根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计金额加上交易金额,并对交易信息进行计算得到交易凭证,将交易凭证送至交易终端;由此,得到更新的交易累计金额;
步骤S7-3’:智能卡终止交易流程。
本实施例中,仅以活性字段信息为可交易次数或可交易金额为例,对活性字段信息有效性的判断方式进行了举例说明。当活性字段信息包括多种信息时,比如,活性字段信息包括:可交易次数、可交易金额和可交易时间,那么在判断活性字段信息的有效性时,需要智能卡的交易累计次数小于可交易次数、交易累计金额小于可交易金额、并且交易时间在可交易时间范围内,即活性字段信息中包括的所有字段均为有效时,才判断该智能卡的活性字段信息有效。
作为一种可选的实施方式,在执行步骤S6-1之前,智能卡还可以验证接收到的交易信 息中的交易金额是否不大于自身的卡片余额;如果交易金额不大于自身的卡片余额,则执行步骤S6-1;如果交易金额大于自身的卡片余额,则跳转至步骤S6-3。当然,在实际应用中,智能卡可以具有向用户提示卡片余额的功能,用户可以人为判断卡片余额是否足够支付交易金额,在卡片余额不足时不使用智能卡付款。
步骤S7:智能卡与后台服务器建立连接,生成防重放因子,将防重放因子发送至后台服务器。
作为一种可选的实施方式,在智能卡与后台服务器建立连接之后,智能卡根据智能卡在与后台服务器在不建立连接的情况下产生的全部交易凭证和自身存储的电子现金生成交易清算信息,将交易清算信息发送至后台服务器。其中,每条交易清算信息至少包括:至少一条交易凭证;后台服务器从智能卡接收交易清算信息,根据交易清算信息执行电子现金清算。
作为一种可选的实施方式,当交易凭证包括交易信息签名值时,后台服务器可以利用智能卡的公钥对交易清算信息中的每条交易凭证进行验签,再验签通过后,根据每条交易凭证中的交易信息执行电子现金清算。作为另一种可选的实施方式,当交易凭证包括交易信息密文时,后台服务器可以利用解密密钥对每条交易凭证进行解密,得到交易信息明文,并根据每条交易信息明文执行电子现金清算。其中,后台服务器使用的解密密钥和智能卡使用的加密秘钥可以为预先协商的对称密钥或非对称密钥。由此,后台服务器可以通过对交易凭证的验证,来对付款方的身份进行认证。
作为一种可选的实施方式,在后台服务器从智能卡接收交易清算信息,执行电子现金清算后,方法还包括:后台服务器向智能卡下发新的电子现金;智能卡接收并储存新的电子现金,在自身的卡片余额上增加新的电子现金的面值。
作为一种可选的实施方式,后台服务器按预设算法判断智能卡是否存在异常交易,包括:后台服务器接收智能卡发送的交易清算信息,判断智能卡在与后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和是否大于智能卡自身存储的电子现金的面值,如果后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和大于智能卡自身存储的电子现金的面值,则判断智能卡存在异常交易。
在具体实施中,以智能卡为智能卡A举例来说:智能卡A中存储的电子现金的面值为100元,且智能卡A的可交易次数为3次。该智能卡A最多能够连续进行3次脱机的电子现金付款,在3次付款后必须与后台服务器建立连接并执行电子现金清算流程。智能卡A可以记录卡片余额,在每次付款后,智能卡A可以扣减付款的交易金额,完成当前卡片余额的更新。智能卡A在被正常使用的情况下,连续3次付款的交易金额的总和不会超过100元。在连续3次付款,并进入清算流程之后,智能卡A向后台服务器发送的交易清算信息 中包括上述3次付款对应的3条交易信息以及智能卡A自身存储的电子现金;后台服务器根据接收到的每条交易信息的交易金额,计算上述3次付款的交易金额总和,并判断交易金额总和是否大于自身存储的电子现金的面值100元。如果交易金额总和大于100元,则后台服务器判断该智能卡A存在异常交易。由此,如果智能卡A在被不法分子篡改卡片余额,智能卡A可能会出现连续3次付款的交易金额的总和大于100元的情况,此时,后台服务器在执行电子现金清算时,会判断智能卡A存在异常交易,不再向智能卡A下发更新的活性字段信息,从而使该智能卡A无法再进行下一次的脱机交易,有效地防止不法分子再次进行非法消费。
本实施例中,在智能卡A经过电子现金清算后,智能卡A不存在异常交易的情况下,智能卡A可以从后台服务器获取新的电子现金。具体地,智能卡A在向后台服务器发送的交易清算信息中包括上述3次付款对应的3条交易信息以及智能卡A自身存储的电子现金(100元面值)之后,智能卡A可以删除该自身存储的电子现金,或者,智能卡A将该自身存储的电子现金置为不可用。后台服务器在执行电子现金清算后,向智能卡A智能卡下发新的电子现金(200元面值)。智能卡A接收并存储新的电子现金,并在自身当前卡片余额上增加200元。
实施例2
图2为本实施例提供的一种基于电子现金的脱机交易系统的结构示意图,现结合图2,对本实施例提供的系统的结构进行详细的说明:
本实施例提供了一种基于电子现金的脱机交易系统,该系统包括:后台服务器10、智能卡20和交易终端30。
本实施例中,智能卡20是指付款端的交易设备。需要说明的是,作为一种可选的实施方式,交易终端30和智能卡20可以为同一型号的智能卡型交易设备,即该智能卡型交易设备可以既具有付款功能也具有收款功能。为方便说明,在本实施例中,将该智能卡型交易设备作为付款端使用时称为智能卡20,作为收款端使用时称为交易终端30。
本实施例中,后台服务器10,用于从智能卡20接收智能卡20生成的防重放因子;按预设算法判断智能卡20是否存在异常交易,如果不存在异常交易,则利用后台服务器10的私钥对安全信息进行签名,生成安全信息签名,将安全信息和安全信息签名发送至智能卡20;其中,安全信息至少包括:防重放因子和活性字段信息;活性字段信息至少包括:智能卡20的可交易次数。
作为一种可选的实施方式,智能卡20生成的防重放因子可以为随机数。
本实施例中,活性字段信息可以为智能卡20的可交易次数,也可以为智能卡20的可 交易金额,或者还可以为智能卡20的可交易币种、可交易时间等。当然,活性字段信息也可以包括上述多种信息。
智能卡20,用于从后台服务器10接收安全信息和安全信息签名信息,利用后台服务器10的公钥对安全信息签名信息进行验签,在验签通过后,比对安全信息中的防重放因子与智能卡20生成的防重放因子是否一致,如果一致,则存储活性字段信息。
本实施例中,智能卡20从后台服务器10获取后台服务器10的公钥,利用该公钥对后台服务器10下发的安全信息签名信息进行验签,由此,智能卡20可以通过验签的方式来确认接收到的安全信息的来源的可靠性。此外,如果有不法设备对后台服务器10进行重放攻击,后台服务器10下发的安全信息中的防重放因子与智能卡20生成的防重放因子是不一致的,由此,后台服务器10可以通过防重放因子来避免不法设备的重放攻击。
交易终端30,用于在与后台服务器10在不建立连接的情况下,与智能卡20建立连接,向智能卡20发送电子现金交易应用选择信息。
实施例中,本实施例中,交易终端30是指收款端的交易设备,可以为带有电子现金脱机交易功能的手机、POS机等交易设备,也可以为智能卡型的交易设备。
智能卡20,还用于在与后台服务器10在不建立连接的情况下,接收电子现金交易应用选择信息,确定电子现金交易应用激活,并接收交易终端发送的交易信息;其中,交易信息至少包括:交易金额。
本实施例中,交易金额可以是由收款用户录入至待交易的交易终端30的,也可以是待交易的交易终端30通过其他方式获取的。作为一种可选的实施方式,交易信息还可以包括除交易金额之外的其他字段,例如交易时间、智能卡20的标识信息、交易终端30的标识信息、货币种类标识等等。
智能卡20,还用于在接收交易信息后,比较自身存储的交易累计次数与智能卡20的可交易次数,如果交易累计次数大于或等于智能卡20的可交易次数,则判断活性字段信息无效,终止交易流程;如果交易累计次数小于智能卡20的可交易次数,则判断活性字段信息有效,根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计次数加1,并对交易信息进行计算得到交易凭证,将交易凭证送至所述交易终端。
本实施例中,交易凭证可以为智能卡20可以利用自身的私钥对交易信息进行签名得到的交易信息签名值,也可以为智能卡20利用加密密钥对交易信息进行加密得到的交易信息密文。由此,在后续电子现金清算的步骤中,后台服务器10可以对交易凭证进行验证,从而对付款方的身份进行认证。
举例来说,智能卡A的活性字段信息中,可交易次数为3次。在智能卡A连续进行3次付款后,其交易累计次数为3,智能卡A通过判断自身存储的累计交易次数与可交易次 数相等,即可判断出活性字段信息无效,智能卡A终止交易流程。在这种情况下,智能卡A必须与后台服务器10建立连接,获取后台服务器10下发的更新的活性字段信息,才可以继续进行下一次脱机交易。由此,通过限制智能卡20脱机的可交易次数,迫使智能卡20的用户在活性字段信息无效后与服务器10建立连接,执行更新活性字段信息的步骤,从而避免智能卡20长期在脱机状态下被使用所带来的安全问题。比如,如果不法分子(收款方,即不法交易终端)利用POS机等交易终端对圈存有电子现金的卡片进行非法盗刷,由于付款卡片脱机交易次数的限制,不法分子无法多次进行电子现金的盗刷,在一定程度上提高了智能卡的安全性。
本实施例中,由于活性字段信息不限于智能卡20的可交易次数,还可以为智能卡20的可交易次数,也可以为智能卡20的可交易金额,或者还可以为智能卡20的可交易币种、可交易时间等,活性字段信息有效性的判断方式也根据活性字段信息所包括的内容的不同而不同。比如,当活性字段信息为智能卡的可交易金额时:智能卡20,还用于在接收交易信息后,比较自身存储的交易累计金额与智能卡20的可交易金额,如果交易累计次数大于或等于智能卡20的可交易金额,则判断活性字段信息无效,终止交易流程;如果交易累计金额小于智能卡20的可交易金额,则判断活性字段信息有效,根据交易信息中的交易金额扣减卡片余额,并将自身存储的交易累计金额加上交易金额,得到更新的交易累计金额,对交易信息进行计算得到交易凭证,将交易凭证送至交易终端。
本实施例中,仅以活性字段信息为可交易次数或可交易金额为例,对活性字段信息有效性的判断方式进行了举例说明。当活性字段信息包括多种信息时,比如,活性字段信息包括:可交易次数、可交易金额和可交易时间,那么在判断活性字段信息的有效性时,需要智能卡20的交易累计次数小于可交易次数、交易累计金额小于可交易金额、并且交易时间在可交易时间范围内,即活性字段信息中包括的所有字段均为有效时,才判断该智能卡20的活性字段信息有效。
作为一种可选的实施方式,智能卡20,还用于验证接收到的交易信息中的交易金额是否不大于自身的卡片余额;如果交易金额不大于自身的卡片余额,则继续执行交易流程;如果交易金额大于自身的卡片余额,则终止交易流程。当然,在实际应用中,智能卡20可以具有显示屏,通过显示屏向用户显示卡片余额,用户可以人为判断卡片余额是否足够支付交易金额,在卡片余额不足时不使用智能卡付款。
智能卡20,还用于与后台服务器10建立连接,生成防重放因子,将防重放因子发送至后台服务器10。
作为一种可选的实施方式,智能卡20,还用于在与后台服务器10建立连接之后,根据智能卡20在与后台服务器10在不建立连接的情况下产生的全部交易凭证和自身存储的 电子现金生成交易清算信息,将交易清算信息发送至后台服务器10。其中,每条交易清算信息至少包括:至少一条交易凭证;后台服务器10,还用于从智能卡20接收交易清算信息,根据交易清算信息执行电子现金清算。
作为一种可选的实施方式,当交易凭证包括交易信息签名值时,后台服务器10,还用于利用智能卡20的公钥对交易清算信息中的每条交易凭证进行验签,再验签通过后,根据每条交易凭证中的交易信息执行电子现金清算。作为另一种可选的实施方式,当交易凭证包括交易信息密文时,后台服务器10,还用于可以利用解密密钥对每条交易凭证进行解密,得到交易信息明文,并根据每条交易信息明文执行电子现金清算。其中,后台服务器10使用的解密密钥和智能卡20使用的加密秘钥可以为预先协商的对称密钥或非对称密钥。由此,后台服务器10可以通过对交易凭证的验证,来对付款方的身份进行认证。
作为一种可选的实施方式,后台服务器10,还用于向智能卡20下发新的电子现金;智能卡20,还用于接收并储存新的电子现金,在自身的卡片余额上增加新的电子现金的面值。
作为一种可选的实施方式,后台服务器10,用于按预设算法判断智能卡20是否存在异常交易,包括:后台服务器10,用于接收智能卡20发送的交易清算信息,判断智能卡20在与后台服务器10在不建立连接的情况下产生的全部交易信息的交易金额总和是否大于智能卡20自身存储的电子现金的面值,如果后台服务器10在不建立连接的情况下产生的全部交易信息的交易金额总和大于智能卡20自身存储的电子现金的面值,则判断智能卡20存在异常交易。
在具体实施中,以智能卡20为智能卡A举例来说:智能卡A中存储的电子现金的面值为100元,且智能卡A的可交易次数为3次。该智能卡A最多能够连续进行3次脱机的电子现金付款,在3次付款后必须与后台服务器10建立连接并执行电子现金清算流程。智能卡A可以记录卡片余额,在每次付款后,智能卡A可以扣减付款的交易金额,完成当前卡片余额的更新。智能卡A在被正常使用的情况下,连续3次付款的交易金额的总和不会超过100元。在连续3次付款,并进入清算流程之后,智能卡A向后台服务器10发送的交易清算信息中包括上述3次付款对应的3条交易信息以及智能卡A自身存储的电子现金;后台服务器10根据接收到的每条交易信息的交易金额,计算上述3次付款的交易金额总和,并判断交易金额总和是否大于自身存储的电子现金的面值100元。如果交易金额总和大于100元,则后台服务器10判断该智能卡A存在异常交易。由此,如果智能卡A在被不法分子篡改卡片余额,智能卡A可能会出现连续3次付款的交易金额的总和大于100元的情况,此时,后台服务器10在执行电子现金清算时,会判断智能卡A存在异常交易,不再向智能卡A下发更新的活性字段信息,从而使该智能卡A无法再进行下一次的脱机交易,有效地 防止不法分子再次进行非法消费。
本实施例中,在智能卡A经过电子现金清算后,智能卡A不存在异常交易的情况下,智能卡A可以从后台服务器10获取新的电子现金。具体地,智能卡A在向后台服务器10发送的交易清算信息中包括上述3次付款对应的3条交易信息以及智能卡A自身存储的电子现金(100元面值)之后,智能卡A可以删除该自身存储的电子现金,或者,智能卡A将该自身存储的电子现金置为不可用。后台服务器10在执行电子现金清算后,向智能卡A智能卡下发新的电子现金(200元面值)。智能卡A接收并存储新的电子现金,并在自身当前卡片余额上增加200元。
由上述本实施例提供的技术方案可以看出,后台服务器向智能卡下发活性字段信息,智能卡在验证通过后将接收到的活性字段信息存储。在交易时,智能卡根据交易信息判断活性字段信息是否有效,只有在活性字段信息有效的情况下才能完成电子现金的脱机交易。由此,通过限制智能卡脱机的可交易次数,如果不法分子(收款方,即不法交易终端)利用POS机等交易终端对圈存有电子现金的卡片进行非法盗刷,由于付款卡片脱机交易次数的限制,不法分子无法多次进行电子现金的盗刷。此外,活性字段信息是由后台服务器签名后下发,智能卡在验签通过后再进行存储,该下发机制有效地避免了非法设备对智能卡中存储的活性字段信息进行篡改。
Claims (10)
- 一种基于电子现金的脱机交易方法,其特征在于,包括:后台服务器从智能卡接收所述智能卡生成的防重放因子;所述后台服务器按预设算法判断所述智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将所述安全信息和所述安全信息签名发送至所述智能卡;其中,所述安全信息至少包括:防重放因子和活性字段信息;所述活性字段信息至少包括:所述智能卡的可交易次数;所述智能卡从所述后台服务器接收所述安全信息和所述安全信息签名信息,利用所述后台服务器的公钥对所述安全信息签名信息进行验签,在验签通过后,比对所述安全信息中的防重放因子与所述智能卡生成的防重放因子是否一致,如果一致,则存储所述活性字段信息;交易终端与所述后台服务器在不建立连接的情况下,与所述智能卡建立连接,向所述智能卡发送电子现金交易应用选择信息;所述智能卡与所述后台服务器在不建立连接的情况下,接收所述电子现金交易应用选择信息,确定电子现金交易应用激活,并接收所述交易终端发送的交易信息;其中,所述交易信息至少包括:交易金额;所述智能卡接收所述交易信息后,比较自身存储的交易累计次数与所述智能卡的可交易次数,如果所述交易累计次数大于或等于所述智能卡的可交易次数,则判断所述活性字段信息无效,终止交易流程;如果所述交易累计次数小于所述智能卡的可交易次数,则判断所述活性字段信息有效,所述智能卡根据所述交易信息中的交易金额扣减所述卡片余额,将所述自身存储的交易累计次数加1,并对所述交易信息进行计算得到交易凭证,将所述交易凭证送至所述交易终端;所述智能卡与所述后台服务器建立连接,生成防重放因子,将所述防重放因子发送至后台服务器。
- 一种基于电子现金的脱机交易方法,其特征在于,包括:后台服务器从智能卡接收所述智能卡生成的防重放因子;所述后台服务器按预设算法判断所述智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将所述安全信息和所述安全信息签名发送至所述智能卡;其中,所述安全信息至少包括:防重放因子和活性字 段信息;所述活性字段信息至少包括:所述智能卡的可交易金额;所述智能卡从所述后台服务器接收所述安全信息和所述安全信息签名信息,利用所述后台服务器的公钥对所述安全信息签名信息进行验签,在验签通过后,比对所述安全信息中的防重放因子与所述智能卡生成的防重放因子是否一致,如果一致,则存储所述活性字段信息;交易终端与所述后台服务器在不建立连接的情况下,与所述智能卡建立连接,向所述智能卡发送电子现金交易应用选择信息;所述智能卡与所述后台服务器在不建立连接的情况下,接收所述电子现金交易应用选择信息,确定电子现金交易应用激活,并接收所述交易终端发送的交易信息;其中,所述交易信息至少包括:交易金额;所述智能卡接收所述交易信息后,比较自身存储的交易累计金额与所述智能卡的可交易金额,如果所述交易累计金额大于或等于所述智能卡的可交易金额,则判断所述活性字段信息无效,终止交易流程;如果所述交易累计金额小于所述智能卡的可交易金额,则判断所述活性字段信息有效,所述智能卡根据所述交易信息中的交易金额扣减所述卡片余额,将所述自身存储的交易累计金额加上交易金额,并对所述交易信息进行计算得到交易凭证,将所述交易凭证送至所述交易终端;所述智能卡与所述后台服务器建立连接,生成防重放因子,将所述防重放因子发送至后台服务器。
- 根据权利要求1或2所述的方法,其特征在于,该方法还包括:在所述智能卡与所述后台服务器建立连接之后,所述智能卡根据所述智能卡在与所述后台服务器在不建立连接的情况下产生的全部交易凭证和自身存储的电子现金生成所述交易清算信息,将所述交易清算信息发送至后台服务器;其中,每条所述交易清算信息至少包括:至少一条交易凭证;所述后台服务器从所述智能卡接收交易清算信息,根据所述交易清算信息执行电子现金清算。
- 根据权利要求3所述的方法,其特征在于,在所述后台服务器从所述智能卡接收交易清算信息,执行电子现金清算后,所述方法还包括:所述后台服务器向所述智能卡下发新的电子现金;所述智能卡接收并储存所述新的电子现金,在自身的卡片余额上增加所述新的电子现金的面值。
- 根据权利要求4所述的方法,其特征在于,所述后台服务器按预设算法判断所述智能卡是否存在异常交易,包括:所述后台服务器接收所述智能卡发送的交易清算信息,判断所述智能卡在与所述后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和是否大于所述智能卡自身存储的电子现金的面值,如果所述后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和大于所述智能卡自身存储的电子现金的面值,则判断所述智能卡存在异常交易。
- 一种基于电子现金的脱机交易系统,其特征在于,所述系统包括:后台服务器、智能卡和交易终端;所述后台服务器,用于从所述智能卡接收所述智能卡生成的防重放因子;按预设算法判断所述智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将所述安全信息和所述安全信息签名发送至所述智能卡;其中,所述安全信息至少包括:防重放因子和活性字段信息;所述活性字段信息至少包括:所述智能卡的可交易次数;所述智能卡,用于从所述后台服务器接收所述安全信息和所述安全信息签名信息,利用所述后台服务器的公钥对所述安全信息签名信息进行验签,在验签通过后,比对所述安全信息中的防重放因子与所述智能卡生成的防重放因子是否一致,如果一致,则存储所述活性字段信息;交易终端,用于在与所述后台服务器在不建立连接的情况下,与所述智能卡建立连接,向所述智能卡发送电子现金交易应用选择信息;所述智能卡,还用于在与所述后台服务器在不建立连接的情况下,接收所述电子现金交易应用选择信息,确定电子现金交易应用激活,并接收所述交易终端发送的交易信息;其中,所述交易信息至少包括:交易金额;比较自身存储的交易累计次数与所述智能卡的可交易次数,如果所述交易累计次数大于或等于所述智能卡的可交易次数,则判断所述活性字段信息无效,终止交易流程;如果所述交易累计次数小于所述智能卡的可交易次数,则判断所述活性字段信息有效,根据所述交易信息中的交易金额扣减所述卡片余额,并将所述自身存储的交易累计次数加1,并对所述交易信息进行计算得到交易凭证,将所述交易凭证送至所述交易终端;与所述后台服务器建立连接,生成防重放因子,将所述防重放因子发送至后台服务器。
- 一种基于电子现金的脱机交易系统,其特征在于,所述系统包括:后台服务器、智能卡和交易终端;所述后台服务器,用于从所述智能卡接收所述智能卡生成的防重放因子;按预设算法 判断所述智能卡是否存在异常交易,如果不存在异常交易,则利用后台服务器的私钥对安全信息进行签名,生成安全信息签名,将所述安全信息和所述安全信息签名发送至所述智能卡;其中,所述安全信息至少包括:防重放因子和活性字段信息;所述活性字段信息至少包括:所述智能卡的可交易金额;所述智能卡,用于从所述后台服务器接收所述安全信息和所述安全信息签名信息,利用所述后台服务器的公钥对所述安全信息签名信息进行验签,在验签通过后,比对所述安全信息中的防重放因子与所述智能卡生成的防重放因子是否一致,如果一致,则存储所述活性字段信息;交易终端,用于在与所述后台服务器在不建立连接的情况下,与所述智能卡建立连接,向所述智能卡发送电子现金交易应用选择信息;所述智能卡,还用于在与所述后台服务器在不建立连接的情况下,接收所述电子现金交易应用选择信息,确定电子现金交易应用激活,并接收所述交易终端发送的交易信息;其中,所述交易信息至少包括:交易金额;比较自身存储的交易累计金额与所述智能卡的可交易金额,如果所述交易累计金额大于或等于所述智能卡的可交易金额,则判断所述活性字段信息无效,终止交易流程;如果所述交易累计金额小于所述智能卡的可交易金额,则判断所述活性字段信息有效,根据所述交易信息中的交易金额扣减所述卡片余额,并将所述自身存储的交易累计金额加上交易金额,并对所述交易信息进行计算得到交易凭证,将所述交易凭证送至所述交易终端;与所述后台服务器建立连接,生成防重放因子,将所述防重放因子发送至后台服务器。
- 根据权利要求6或7所述的系统,其特征在于,所述智能卡,还用于在与所述后台服务器建立连接之后,根据所述智能卡在与所述后台服务器在不建立连接的情况下产生的全部交易凭证和自身存储的电子现金生成所述交易清算信息,将所述交易清算信息发送至后台服务器;其中,每条所述交易清算信息至少包括:至少一条交易凭证;所述后台服务器,还用于从所述智能卡接收交易清算信息,根据所述交易清算信息执行电子现金清算。
- 根据权利要求8所述的系统,其特征在于,所述后台服务器,还用于向所述智能卡下发新的电子现金;所述智能卡,还用于接收并储存所述新的电子现金,在自身的卡片余额上增加所述新的电子现金的面值。
- 根据权利要求9所述的系统,其特征在于,所述后台服务器,用于按预设算法判断所述智能卡是否存在异常交易,包括:所述后台服务器,用于接收所述智能卡发送的交易清算信息,判断所述智能卡在与所述后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和是否大于所述智能卡自身存储的电子现金的面值,如果所述后台服务器在不建立连接的情况下产生的全部交易信息的交易金额总和大于所述智能卡自身存储的电子现金的面值,则判断所述智能卡存在异常交易。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910645444.3A CN112241880A (zh) | 2019-07-17 | 2019-07-17 | 一种基于电子现金的脱机交易方法和系统 |
CN201910645444.3 | 2019-07-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021008325A1 true WO2021008325A1 (zh) | 2021-01-21 |
Family
ID=74167389
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/098411 WO2021008325A1 (zh) | 2019-07-17 | 2020-06-28 | 一种基于电子现金的脱机交易方法和系统 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN112241880A (zh) |
WO (1) | WO2021008325A1 (zh) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105205659A (zh) * | 2015-08-28 | 2015-12-30 | 深圳市雪球科技有限公司 | 移动支付装置及其移动支付方法、联机清算方法 |
CN105427106A (zh) * | 2014-09-17 | 2016-03-23 | 苏州海博智能系统有限公司 | 电子现金数据的授权处理方法、支付处理方法及虚拟卡 |
CN105741117A (zh) * | 2016-01-25 | 2016-07-06 | 恒宝股份有限公司 | 一种基于安全密钥的方法以及脱机交易装置 |
CN106096925A (zh) * | 2016-07-15 | 2016-11-09 | 建亿通(北京)数据处理信息有限公司 | 一种智能卡、一种智能卡的充值方法及系统 |
CN106251145A (zh) * | 2015-12-30 | 2016-12-21 | 李平 | 电子支付系统、电子支付设备及电子支付方法 |
CN108566381A (zh) * | 2018-03-19 | 2018-09-21 | 百度在线网络技术(北京)有限公司 | 一种安全升级方法、装置、服务器、设备和介质 |
CN108985928A (zh) * | 2018-06-07 | 2018-12-11 | 捷德(中国)信息科技有限公司 | 数字货币交易方法、装置、系统及移动终端 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10193700B2 (en) * | 2015-02-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Trust-zone-based end-to-end security |
-
2019
- 2019-07-17 CN CN201910645444.3A patent/CN112241880A/zh active Pending
-
2020
- 2020-06-28 WO PCT/CN2020/098411 patent/WO2021008325A1/zh active Application Filing
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105427106A (zh) * | 2014-09-17 | 2016-03-23 | 苏州海博智能系统有限公司 | 电子现金数据的授权处理方法、支付处理方法及虚拟卡 |
CN105205659A (zh) * | 2015-08-28 | 2015-12-30 | 深圳市雪球科技有限公司 | 移动支付装置及其移动支付方法、联机清算方法 |
CN106251145A (zh) * | 2015-12-30 | 2016-12-21 | 李平 | 电子支付系统、电子支付设备及电子支付方法 |
CN105741117A (zh) * | 2016-01-25 | 2016-07-06 | 恒宝股份有限公司 | 一种基于安全密钥的方法以及脱机交易装置 |
CN106096925A (zh) * | 2016-07-15 | 2016-11-09 | 建亿通(北京)数据处理信息有限公司 | 一种智能卡、一种智能卡的充值方法及系统 |
CN108566381A (zh) * | 2018-03-19 | 2018-09-21 | 百度在线网络技术(北京)有限公司 | 一种安全升级方法、装置、服务器、设备和介质 |
CN108985928A (zh) * | 2018-06-07 | 2018-12-11 | 捷德(中国)信息科技有限公司 | 数字货币交易方法、装置、系统及移动终端 |
Non-Patent Citations (1)
Title |
---|
WU, CUNQIAN: "Hangzhou Public Transport Promotes Integrated Model on Public Transport Mobile Payment "Internet + Public", URBAN PUBLIC TRANSPORT, no. 2, 28 February 2018 (2018-02-28), pages 22 - 24, XP009525530 * |
Also Published As
Publication number | Publication date |
---|---|
CN112241880A (zh) | 2021-01-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2023202521B2 (en) | Method and Apparatus for Providing Secure Services Using a Mobile Device | |
US20210192510A1 (en) | Method and network for configuring a communications terminal | |
US8516560B2 (en) | Secure remote authentication through an untrusted network | |
US20160012432A1 (en) | Universal electronic payment credential processing | |
AU2019355834B2 (en) | Systems and methods for cryptographic authentication of contactless cards | |
CN111386688B (zh) | 用于防范中继攻击的系统和方法 | |
US20120254041A1 (en) | One-time credit card numbers | |
WO2021008326A1 (zh) | 一种基于电子现金的脱机交易方法和系统 | |
WO2021008325A1 (zh) | 一种基于电子现金的脱机交易方法和系统 | |
CN111937023B (zh) | 安全认证系统和方法 | |
CN113379405B (zh) | 一种车机终端的支付方法及车机终端支付系统 | |
KR102015861B1 (ko) | 은행 업무 관리 서버, 은행 업무 처리 시스템, 및 이를 이용한 계좌 개설 방법 | |
JP2024513782A (ja) | トランザクションカードベースの認証のシステム及び方法 | |
Assora et al. | Using WPKI for security of web transaction | |
JP2004334783A (ja) | 電子価値流通システムおよび電子価値流通方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20840522 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20840522 Country of ref document: EP Kind code of ref document: A1 |