CN103136664A - Trading system and trading method of smart card with electronic signature function - Google Patents
Trading system and trading method of smart card with electronic signature function Download PDFInfo
- Publication number
- CN103136664A CN103136664A CN2013100707836A CN201310070783A CN103136664A CN 103136664 A CN103136664 A CN 103136664A CN 2013100707836 A CN2013100707836 A CN 2013100707836A CN 201310070783 A CN201310070783 A CN 201310070783A CN 103136664 A CN103136664 A CN 103136664A
- Authority
- CN
- China
- Prior art keywords
- password
- smart card
- terminal
- message
- combined password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a trading system and a trading method of a smart card with an electronic signature function, wherein the trading method includes: A, accessing the smart card to a terminal, and the smart card receiving a trading message; B, the smart card generating an associated password; C, the smart card generating a signature message according to the trading message and the associated password; D, the smart card at least sending the signature message to the terminal; E, the terminal obtaining a verification password, and at least sending the trading message, the signature message and the verification password to a background system server, wherein the verification password is the associated password obtained through information displayed by smart card scanning of the terminal or the associated password obtained from the smart card through the terminal in a non-contact communication mode; and F, the background system server verifying the signature message and the verification password, and after the verification is passed, executing trading operation according to the trading message. The interaction of needed data of the transaction is completed through one-time access of the smart card and the terminal, the risk that due to repeated access, important information is intercepted and captured is reduced, and the safety is improved.
Description
Technical field
The present invention relates to a kind of electronic technology field, relate in particular to a kind of smart card method of commerce that has the smart card transaction system of electronic signature functionality and have electronic signature functionality.
Background technology
Now, bankcard consumption has become main flow.Adopt following flow process to realize the electronic signature transaction:
Step S101, user hold and access terminal with cordless; Wherein, cordless can be any cordless such as radio frequency, bluetooth, NFC.
Step S102, terminal is sent to Transaction Information the smart card of user's access; Wherein, Transaction Information can comprise account number and the amount of money at least, certainly can also comprise transaction details information.
Step S103, smart card receives Transaction Information, shows Transaction Information, after the user confirms that Transaction Information is errorless, receives the confirmation password of user's input, and Transaction Information is signed;
Step S104, smart card accesses terminal with cordless again, and signing messages is sent to terminal;
Step S105, terminal is uploaded to bank server with Transaction Information and signing messages, so that bank server is carried out transaction according to Transaction Information.
This shows, existing smart card need to carry out at least twice access with cordless and terminal in completing the process that Transaction Information is signed, thereby the problem that can exist Transaction Information in access procedure and/or signing messages to be held as a hostage causes the user to lose, and security is not high.
Summary of the invention
The present invention is intended to solve that existing smart card Transaction Information and/or signing messages in access procedure repeatedly are held as a hostage and the not high problem of security that causes.
One object of the present invention is to provide a kind of smart card method of commerce with electronic signature functionality.
Another object of the present invention is to provide a kind of smart card transaction system with electronic signature functionality.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
The invention provides a kind of smart card method of commerce with electronic signature functionality, described method comprises:
A, the smart card with electronic signature functionality access terminal, and receive transaction message;
B, described smart card generate combined password;
C, described smart card generate the signature message according to described transaction message and described combined password;
D, described smart card to the described signature message of major general are sent to described terminal;
E, described terminal are obtained authentication password, are sent to the background system server to the described transaction message of major general, described signature message and described authentication password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
F, the described signature message of described background system server authentication and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted described combined password and obtains to encrypt combined password;
Described smart card is signed to summary info and the described encryption combined password of described transaction message, generates the signature message.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted acquisition encryption combined password to the combination of described combined password and random number;
Described smart card is signed to summary info and the described encryption combined password of described transaction message, generates the signature message.
In addition, in described step D, described smart card also is sent to described terminal with described encryption combined password and described signature message;
In described step e, described terminal also is sent to the background system server with described encryption combined password, described transaction message, described signature message and described combined password.
In addition, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted described combined password and obtains to encrypt combined password, and calculates the summary info of described encryption combined password;
Described smart card is signed to the summary info of described transaction message and the summary info of described encryption combined password, generates the signature message.
In addition, in described step D, described smart card also is sent to described terminal with summary info and the described signature message of described encryption combined password;
In described step e, described terminal also is sent to the background system server with the summary info of described combined password, described transaction message, described signature message and described combined password.
In addition, between described step D and described step e, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password.
The present invention provides a kind of smart card transaction system with electronic signature functionality on the other hand, and described system comprises: terminal, background system server and the smart card with electronic signature functionality;
The described terminal of described smart card access receives transaction message, generates combined password, generates the signature message according to described transaction message and described combined password, is sent to described terminal to the described signature message of major general;
Described terminal is obtained authentication password, is sent to described background system server to the described transaction message of major general, described signature message and described authentication password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
The described signature message of described background system server authentication and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
In addition, described smart card comprises: transceiver module, password generation module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module sends the combined password that obtains from described password generation module to described terminal in the non-contact communication mode;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates the signature message according to described transaction message and described combined password, and is sent to described terminal by described transceiver module to the described signature message of major general.
In addition, described smart card comprises: transceiver module, password generation module, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates the signature message according to described transaction message and described combined password, and is sent to described terminal by described transceiver module to the described signature message of major general;
Described figure generation module generates bar code or picture according to the described combined password that obtains from described password generation module, and exports described display module demonstration to.
In addition, described terminal is obtained described authentication password in the non-contact communication mode from described smart card.
In addition, described terminal is obtained described authentication password by bar code or the picture that the described display module that scans described smart card shows.
In addition, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password that receives and/or confirm instruction, triggers described display module and shows described combined password.
In addition, described transceiver module is sending described signature message to the described terminal, also disconnects and being connected of described terminal;
Described display module described transceiver module disconnect with being connected of described terminal after, also show described transaction message.
Another aspect of the invention provides a kind of smart card method of commerce with electronic signature functionality, and described method comprises:
A ', the smart card with electronic signature functionality access terminal, and receive transaction message;
B ', described smart card generate combined password, and generate the encryption combined password according to described combined password at least;
C ', described smart card generate the signature message according to described transaction message;
D ', described smart card are sent to described terminal with described signature message and described encryption combined password;
E ', described terminal are obtained authentication password, are sent to the background system server to the described transaction message of major general, described signature message, described authentication password and described encryption combined password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
F ', described background system server are verified respectively described signature message and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
In addition, step B ' is described comprises according to combined password generation encryption combined password at least:
Described smart card is encrypted acquisition encryption combined password to the combination of described combined password and random number; Or
Described smart card adopts symmetric cryptography or asymmetric encryption mode that combined password is encrypted and obtains to encrypt combined password.
In addition, described step C ' comprising:
Described smart card calculates the summary info of described transaction message, and the summary info of described transaction message is signed, and generates the signature message.
In addition, in described step D ' and described step e ' between, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password.
Further aspect of the present invention provides a kind of smart card transaction system with electronic signature functionality, and described system comprises: terminal, background system server and the smart card with electronic signature functionality;
The described terminal of described smart card access, receive transaction message, generate combined password, generate according to described combined password at least and encrypt combined password, generate the signature message according to described transaction message code, described signature message and described encryption combined password are sent to described terminal;
Described terminal is obtained authentication password, is sent to described background system server to the described transaction message of major general, described signature message, described authentication password and described encryption combined password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
Described background system server is verified respectively described signature message and described authentication password, and after being verified, carries out the transaction operation according to described transaction message.
In addition, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module sends the combined password that obtains from described password generation module to described terminal in the non-contact communication mode;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described display module;
Described encrypting module generates according to described combined password at least and encrypts combined password, and by described transceiver module, described encryption combined password is sent to described terminal;
Described signature blocks generates the signature message according to described transaction message, and by described transceiver module, described signature message is sent to described terminal.
In addition, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described display module;
Described encrypting module generates according to described combined password at least and encrypts combined password, and by described transceiver module, described encryption combined password is sent to described terminal;
Described signature blocks generates the signature message according to described transaction message, and by described transceiver module, described signature message is sent to described terminal;
Described figure generation module generates bar code or picture according to the described combined password that obtains from described password generation module, and exports described display module demonstration to.
In addition, it is characterized in that, described terminal is obtained described authentication password in the non-contact communication mode from described smart card.
In addition, described terminal is obtained described authentication password by bar code or the picture that the described display module that scans described smart card shows.
In addition, described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password that receives and/or confirm instruction, triggers described display module and shows described combined password.
In addition, described transceiver module is sending described signature message to the described terminal, also disconnects and being connected of described terminal;
Described display module described transceiver module disconnect with being connected of described terminal after, also show described transaction message.
As seen from the above technical solution provided by the invention, the invention provides a kind of have the smart card transaction system of electronic signature functionality and the smart card method of commerce with electronic signature functionality, the mutual of transaction desired data completed in once access by smart card and terminal, reduce the risk that important information that repeatedly access causes is intercepted and captured, improved security.Combined password of the present invention can be one or more combination of random numeral, letter and the character that generates when each transaction, being different from existing trading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and can not reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to the background system server at smart card one adnation, also being different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation combined password of the present invention is also signed or one-sided generation combined password and being encrypted, with the security that guarantees the combined password transmission and the accuracy of combined password checking; Terminal of the present invention is to have sent related data (can be transaction message, signature message and combined password) to the background system server after having obtained combined password, make by terminal and be sent to need to being by the data that the background system server is processed through authorizing and active data of background system server, guarantee security, improved work efficiency.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, during the below will describe embodiment, the accompanying drawing of required use is done to introduce simply, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the method flow diagram of existing electronic signature transaction;
Fig. 2 is the process flow diagram that the present invention has the smart card method of commerce embodiment 1 of electronic signature functionality;
Fig. 3 is the process flow diagram that the present invention has the smart card method of commerce embodiment 2 of electronic signature functionality;
Fig. 4 is the process flow diagram that the present invention has the smart card method of commerce embodiment 3 of electronic signature functionality;
Fig. 5 is the process flow diagram that the present invention has the smart card method of commerce embodiment 4 of electronic signature functionality;
Fig. 6 is the structural representation that the present invention has the smart card transaction system embodiment 5 of electronic signature functionality;
Fig. 7 is the structural representation that the present invention has the smart card transaction system embodiment 6 of electronic signature functionality.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills belong to protection scope of the present invention not making the every other embodiment that obtains under the creative work prerequisite.
in description of the invention, it will be appreciated that, term " " center ", " vertically ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " only are used for describing purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, need to prove, unless clear and definite regulation and restriction are separately arranged, term " installation ", " being connected ", " connection " should be done broad understanding, for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also to be electrically connected to; Can be directly to be connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Fig. 2 is the process flow diagram that the present invention has the smart card method of commerce embodiment 1 of electronic signature functionality.Now in conjunction with Fig. 2, the smart card method of commerce that the present invention is had electronic signature functionality describes, and is specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S201: the smart card with electronic signature functionality accesses terminal, and receives transaction message;
Concrete, before the smart card with electronic signature functionality accessed terminal, terminal can be obtained transaction message by modes such as manual input, network, items scanning information.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends.Wherein, transaction message comprises account and the amount of money at least, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal of the present invention can be mobile phone, notebook, panel computer, PC, POS machine etc. and can carry out mutual device by wired or wireless mode and background system server.
Smart card employing cordless of the present invention accesses terminal to access terminal than the way of contact and has higher security, and the information of preventing is acquired.
Step S202: smart card generates combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects one or more combination producing combined passwords from numeral, letter and symbol, can guarantee the nonuniqueness of combined password, randomness, the security that improves combined password.
Step S203: smart card generates the signature message according to transaction message and combined password;
Concrete, smart card can directly be signed to transaction message and combined password, generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, calculates the summary info of combined password, and the summary info of transaction message and the summary info of combined password are signed, and generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, combined password is encrypted obtains to encrypt combined password, and summary info and the encryption combined password of transaction message are signed, and generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, combined password is encrypted obtains to encrypt combined password, and calculate the summary info of encrypting combined password, and the summary info of transaction message and the summary info of encryption combined password are signed, generate the signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic hash of calculating by hash algorithm, the MAC value of calculating by the MAC algorithm, the ciphertext itself that obtains by symmetric cryptography.
In addition, cryptographic calculation can be symmetric cryptography or asymmetric encryption (for example the PKI by the background system server is encrypted).For the security that further raising combined password transmits, smart card can also generate a random number, combined password and this random number is made up according to default form, and the data after making up are encrypted acquisition encryption combined password.Make up combined password and random number this moment, thereby prevent Replay Attack.
The present invention can adopt by combined password being carried out digest calculations, combined password being encrypted or carrying out digest calculations to encrypting combined password, has guaranteed the security of combined password transmission; Can sign to the summary info of combined password, the summary info encrypting combined password or encrypt combined password, improve the security of transaction.
Step S204: smart card to major general's message of signing is sent to terminal;
Concrete, in step S203, if when adopting smart card to calculate the scheme of encrypting combined password, in this step, smart card also will encrypt combined password and the signature message is sent to terminal.
In step S203, if when adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, summary info and signature message that smart card also will be encrypted combined password are sent to terminal.
Certainly, no matter in step S203, which kind of information what smart card calculated is, smart card can be sent to terminal with the information of calculating.
Step S205: terminal is obtained authentication password, is sent to the background system server to major general's transaction message, signature message and authentication password;
Wherein, authentication password is the combined password of the acquisition of information that shows by the terminal scanning smart card, or the combined password that obtains from smart card in the non-contact communication mode by terminal.The non-contact communication mode can be the communication modes such as bluetooth, optical communication, NFC be infrared.
Concrete, in step S203, if when adopting smart card to calculate the scheme of encrypting combined password, in this step, terminal also will be encrypted combined password, transaction message, signature message and authentication password and is sent to the background system server.
In step S203, if when adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, summary info, transaction message, signature message and authentication password that terminal also will be encrypted combined password are sent to the background system server.
Certainly, no matter in step S203, which kind of information what smart card calculated is, terminal all can be sent to the background system server with the information that smart card calculates.
Terminal of the present invention is only after obtaining authentication password, just transaction message, signature message and authentication password can be sent to the background system server, so that the background system server authenticates user identity according to combined password and signature message, and then trigger the background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more combination of random numeral, letter and the character that generates when each transaction, being different from existing trading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and can not reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to the background system server at smart card one adnation, also being different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation combined password of the present invention is also signed, with the security that guarantees the combined password transmission and the accuracy of combined password checking; Terminal of the present invention is to have sent related data (can be transaction message, signature message and authentication password) to the background system server after having obtained authentication password, make the data through authorizing of need to being by the data that the background system server is processed that are sent to the background system server by terminal, guarantee security, improved work efficiency.
Step S206: background system server authentication signature message and authentication password, and after being verified, carry out the transaction operation according to transaction message.
This shows smart card method of commerce of the present invention, complete the mutual of transaction desired data by the once access of smart card and terminal, reduced the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 2
Fig. 3 is the process flow diagram that the present invention has the smart card method of commerce embodiment 2 of electronic signature functionality.Now in conjunction with Fig. 3, the smart card method of commerce that the present invention is had electronic signature functionality describes, and is specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S301: the smart card with electronic signature functionality accesses terminal, and receives transaction message;
Concrete, before the smart card with electronic signature functionality accessed terminal, terminal can be obtained transaction message by modes such as manual input, network, items scanning information.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends.Wherein, transaction message comprises account and the amount of money at least, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal of the present invention can be mobile phone, notebook, panel computer, PC, POS machine etc. and can carry out mutual device by wired or wireless mode and background system server.
Smart card employing cordless of the present invention accesses terminal to access terminal than the way of contact and has higher security, and the information of preventing is acquired.
Step S302: smart card generates combined password;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects one or more combination producing combined passwords from numeral, letter and symbol, can guarantee the nonuniqueness of combined password, randomness, the security that improves combined password.
Step S303: smart card generates the signature message according to transaction message and combined password;
Concrete, smart card can directly be signed to transaction message and combined password, generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, calculates the summary info of combined password, and the summary info of transaction message and the summary info of combined password are signed, and generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, combined password is encrypted obtains to encrypt combined password, and summary info and the encryption combined password of transaction message are signed, and generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, combined password is encrypted obtains to encrypt combined password, and calculate the summary info of encrypting combined password, and the summary info of transaction message and the summary info of encryption combined password are signed, generate the signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic hash of calculating by hash algorithm, the MAC value of calculating by the MAC algorithm, the ciphertext itself that obtains by symmetric cryptography.
In addition, cryptographic calculation can be symmetric cryptography or asymmetric encryption (for example the PKI by the background system server is encrypted).For the security that further raising combined password transmits, smart card can also generate a random number, combined password and this random number is made up according to default form, and the data after making up are encrypted acquisition encryption combined password.Make up combined password and random number this moment, thereby prevent Replay Attack.
The present invention can adopt by combined password being carried out digest calculations, combined password being encrypted or carrying out digest calculations to encrypting combined password, has guaranteed the security of combined password transmission; Can sign to the summary info of combined password, the summary info encrypting combined password or encrypt combined password, improve the security of transaction.
Step S304: smart card to major general's message of signing is sent to terminal;
Concrete, in step S303, if when adopting smart card to calculate the scheme of encrypting combined password, in this step, smart card also will encrypt combined password and the signature message is sent to terminal.
In step S303, if when adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, summary info and signature message that smart card also will be encrypted combined password are sent to terminal.
Certainly, no matter in step S303, which kind of information what smart card calculated is, smart card can be sent to terminal with the information of calculating.
Step S305: the smart card disconnection is connected with terminal;
Concrete, in the situation that contactless mode accesses, the user holds the induction range that smart card leaves terminal and gets final product; In the situation that the contact mode accesses, the user extracts smart card and gets final product from terminal.Disconnect and guaranteed once contacting of smart card and terminal being connected of terminal, having reduced the risk that multiple-contact information is intercepted and captured, the security that has improved data transmission.
Step S306: smart card shows transaction message;
Concrete, smart card so that the user confirms the authenticity of this transaction, guarantees the safety of transaction in the transaction message that shows that screen display receives.
Step S307: smart card receives by the confirmation password of key-press input and/or confirms instruction;
Concrete, the user can by the operation of input validation password and/or confirmation instruction, trigger smart card and show the combined password that generates after the authenticity of having confirmed Transaction Information.Trigger smart card by the input validation password and show that combined password, bar code or picture can prevent that combined password from being known by other people, improve the confidentiality of combined password.
Step S308: smart card shows combined password, bar code or picture;
Concrete, smart card shows combined password, bar code or picture, is convenient to terminal and obtains identifying code, and then complete transaction.
In order further to improve the security of combined password, prevent that other people from obtaining the cleartext information of combined password, when step S302, combined password after combined password expressly can also being encrypted and will encrypting with default symmetric encipherment algorithm is stored in smart card, receive the user by the confirmation password of key-press input and/or after confirming instruction at smart card, then decrypt combined password with this default symmetric encipherment algorithm and expressly show.
Step S309: terminal is obtained authentication password, is sent to the background system server to major general's transaction message, signature message and authentication password;
Wherein, authentication password is the combined password of the acquisition of information that shows by the terminal scanning smart card, or the combined password that obtains from smart card in the non-contact communication mode by terminal.The non-contact communication mode can be the communication modes such as bluetooth, optical communication, NFC be infrared.
Concrete, in step S303, if when adopting smart card to calculate the scheme of encrypting combined password, in this step, terminal also will be encrypted combined password, transaction message, signature message and combined password and is sent to the background system server.
In step S303, if when adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, summary info, transaction message, signature message and combined password that terminal also will be encrypted combined password are sent to the background system server.
Certainly, no matter in step S303, which kind of information what smart card calculated is, terminal all can be sent to the background system server with the information that smart card calculates.
Terminal of the present invention is only after obtaining authentication password, just transaction message, signature message and authentication password can be sent to the background system server, so that the background system server authenticates user identity according to authentication password and signature message, and then trigger the background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more combination of random numeral, letter and the character that generates when each transaction, being different from existing trading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and can not reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to the background system server at smart card one adnation, also being different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation combined password of the present invention is also signed, with the security that guarantees the combined password transmission and the accuracy of combined password checking; Terminal of the present invention is to have sent related data (can be transaction message, signature message and authentication password) to the background system server after having obtained authentication password, make the data through authorizing of need to being by the data that the background system server is processed that are sent to the background system server by terminal, guarantee security, improved work efficiency.
Step S310: background system server authentication signature message and authentication password, and after being verified, carry out the transaction operation according to transaction message.
Concrete, in step S303, if smart card is signed according to combined password and transaction message, in this step, terminal according to and the correctness of transaction message and authentication password certifying signature message if signature is correct, determines that authentication password and signature message are all by verifying.
In step S303, if when adopting smart card to calculate the scheme of encrypting combined password, in this step, terminal is according to the correctness of encrypting combined password authentication password, and according to the correctness of transaction message and authentication password certifying signature message.
In step S303, if when adopting smart card to calculate the scheme of the summary info of encrypting combined password, in this step, terminal is according to the correctness of the summary info authentication password of encrypting combined password, and according to the correctness of transaction message and authentication password certifying signature message.
Certainly, in said process, terminal can also be according to transaction message and the correctness of encrypting combined password or encrypting the summary info certifying signature message of combined password.
Certainly, no matter in step S303, according to which kind of information, terminal all can be come according to this information of smart card or authentication password the correctness of authentication password and signature message to smart card when the compute signature message.
This shows the smart card method of commerce with electronic signature functionality of the present invention, complete the mutual of transaction desired data by the once access of smart card and terminal, reduced the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 3
Fig. 4 is the process flow diagram that the present invention has the smart card method of commerce embodiment 3 of electronic signature functionality.Now in conjunction with Fig. 4, the smart card method of commerce that the present invention is had electronic signature functionality describes, and is specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S401: the smart card with electronic signature functionality accesses terminal, and receives transaction message;
Concrete, before the smart card with electronic signature functionality accessed terminal, terminal can be obtained transaction message by modes such as manual input, network, items scanning information.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends.Wherein, transaction message comprises account and the amount of money at least, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal can be mobile phone, notebook, panel computer, PC etc. and can carry out mutual device by wired or wireless mode and background system server.
Smart card employing cordless of the present invention accesses terminal to access terminal than the way of contact and has higher security, and the information of preventing is acquired.
Step S402: smart card generates combined password, and generates the encryption combined password according to combined password at least;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects one or more combination producing combined passwords from numeral, letter and symbol, can guarantee the nonuniqueness of combined password, randomness, the security that improves combined password.
Concrete, the method that smart card can adopt the combination to combined password and random number to be encrypted obtains to encrypt combined password, or adopts symmetric cryptography or asymmetric encryption mode that combined password is encrypted to obtain to encrypt combined password.
The present invention encrypts combined password by transmission, has further guaranteed the security of combined password transmission; Combined password and random number are made up, thereby prevent Replay Attack.
Step S403: smart card generates the signature message according to transaction message;
Concrete, smart card can directly be signed to transaction message, generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, and the summary info of transaction message is signed, and generates the signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic hash of calculating by hash algorithm, the MAC value of calculating by the MAC algorithm, the ciphertext itself that obtains by symmetric cryptography.
Step S404: will sign message and encrypt combined password and be sent to terminal of smart card;
Step S405: terminal is obtained authentication password, to major general's transaction message, signature message, encrypt combined password and authentication password is sent to the background system server;
Wherein, authentication password is the combined password of the acquisition of information that shows by the terminal scanning smart card, or the combined password that obtains from smart card in the non-contact communication mode by terminal.The non-contact communication mode can be the communication modes such as bluetooth, optical communication, NFC be infrared.
The background system server can be bank server or third-party server, and third-party server is the server that the non-banking system adopts, such as public transit system adopts mass transit card is supplemented with money and the server controlled of withholing etc.
Terminal of the present invention is only after obtaining authentication password, just transaction message, signature message, encryption combined password and authentication password can be sent to the background system server, so that the background system server authenticates user identity according to authentication password and signature message, and then trigger the background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more combination of random numeral, letter and the character that generates when each transaction, being different from existing trading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and can not reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to the background system server at smart card one adnation, also being different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation combined password of the present invention also is encrypted, with the security that guarantees the combined password transmission and the accuracy of combined password checking; Terminal of the present invention is to have sent related data (can be transaction message, signature message and authentication password) to the background system server after having obtained authentication password, make the data through authorizing of need to being by the data that the background system server is processed that are sent to the background system server by terminal, guarantee security, improved work efficiency.
Step S406: the background system server is certifying signature message and authentication password respectively, and after being verified, carries out the transaction operation according to transaction message.
Concrete, the background system server is verified the correctness of authentication password according to encrypting combined password; The background system server is verified the correctness of signature message according to encrypting combined password and transaction message, perhaps according to authentication password and transaction message, the correctness of signature message is verified.The background system server is carried out the transaction operation according to transaction message after having verified that the correct and authentication password of signature is correct.
This shows the smart card method of commerce with electronic signature functionality of the present invention, complete the mutual of transaction desired data by the once access of smart card and terminal, reduced the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 4
Fig. 5 is the process flow diagram that the present invention has the smart card method of commerce embodiment 4 of electronic signature functionality.Now in conjunction with Fig. 5, the smart card method of commerce that the present invention is had electronic signature functionality describes, and is specific as follows:
The smart card method of commerce that the present invention has electronic signature functionality comprises:
Step S501: the smart card with electronic signature functionality accesses terminal, and receives transaction message;
Concrete, before the smart card with electronic signature functionality accessed terminal, terminal can be obtained transaction message by modes such as manual input, network, items scanning information.
Smart card can access terminal by cordless, the transaction message that receiving terminal sends.Wherein, transaction message comprises account and the amount of money at least, also can comprise transaction details information.
Certainly, smart card also can access terminal by the way of contact.
Wherein, terminal can be mobile phone, notebook, panel computer, PC etc. and can carry out mutual device by wired or wireless mode and background system server.
Smart card employing cordless of the present invention accesses terminal to access terminal than the way of contact and has higher security, and the information of preventing is acquired.
Step S502: smart card generates combined password, and generates the encryption combined password according to combined password at least;
Concrete, smart card is generating digital, letter and/or symbol randomly, selects one or more combination producing combined passwords from numeral, letter and symbol, can guarantee the nonuniqueness of combined password, randomness, the security that improves combined password.
Concrete, the method that smart card can adopt the combination to combined password and random number to be encrypted obtains to encrypt combined password, or adopts symmetric cryptography or asymmetric encryption mode that combined password is encrypted to obtain to encrypt combined password.
The present invention encrypts combined password by transmission, has further guaranteed the security of combined password transmission; Combined password and random number are made up, thereby prevent Replay Attack.
Step S503: smart card generates the signature message according to transaction message;
Concrete, smart card can directly be signed to transaction message, generates the signature message; Perhaps
Smart card calculates the summary info of transaction message, and the summary info of transaction message is signed, and generates the signature message.
Wherein, summary info can comprise following a kind of or its combination: the cryptographic hash of calculating by hash algorithm, the MAC value of calculating by the MAC algorithm, the ciphertext itself that obtains by symmetric cryptography.
Step S504: will sign message and encrypt combined password and be sent to terminal of smart card;
Step S505: the smart card disconnection is connected with terminal;
Concrete, in the situation that contactless mode accesses, the user holds the induction range that smart card leaves terminal and gets final product; In the situation that the contact mode accesses, the user extracts smart card and gets final product from terminal.Disconnect and guaranteed once contacting of smart card and terminal being connected of terminal, having reduced the risk that multiple-contact information is intercepted and captured, the security that has improved data transmission.
Step S506: smart card shows transaction message;
Concrete, smart card so that the user confirms the authenticity of this transaction, guarantees the safety of transaction in the transaction message that shows that screen display receives.
Step S507: smart card receives by the confirmation password of key-press input and/or confirms instruction;
Concrete, the user can by the operation of input validation password and/or confirmation instruction, trigger smart card and show the combined password that generates after the authenticity of having confirmed Transaction Information.Trigger smart card by the input validation password and show that combined password, bar code or picture can prevent that combined password from being known by other people, improve the confidentiality of combined password.
Step S508: smart card shows combined password, bar code or picture;
Concrete, smart card shows combined password, bar code or picture, so that terminal is obtained authentication password, and then completes transaction.
In order further to improve the security of combined password, prevent that other people from obtaining the cleartext information of combined password, when step S502, combined password after combined password expressly can also being encrypted and will encrypting with default symmetric encipherment algorithm is stored in smart card, receive the user by the confirmation password of key-press input and/or after confirming instruction at smart card, then decrypt combined password with this default symmetric encipherment algorithm and expressly show.
Step S509: terminal is obtained authentication password, and transaction message, signature message, encryption combined password and authentication password are sent to the background system server;
Wherein, authentication password is the combined password of the acquisition of information that shows by the terminal scanning smart card, or the combined password that obtains from smart card in the non-contact communication mode by terminal.The non-contact communication mode can be the communication modes such as bluetooth, optical communication, NFC be infrared.
The background system server can be bank server or third-party server, and third-party server is the server that the non-banking system adopts, such as public transit system adopts mass transit card is supplemented with money and the server controlled of withholing etc.
Terminal of the present invention is only after obtaining authentication password, just transaction message, signature message, encryption combined password and authentication password can be sent to the background system server, so that the background system server authenticates user identity according to authentication password and signature message, and then trigger the background system server and complete transaction, improve the security of transaction.
Combined password of the present invention can be one or more combination of random numeral, letter and the character that generates when each transaction, being different from existing trading password and OTP must adopt ciphertext to transmit, combined password of the present invention can transmit by plaintext, and can not reduce the security of account in process of exchange; Combined password of the present invention is become and be uploaded to the background system server at smart card one adnation, also being different from existing OTP needs background system server and terminal to generate simultaneously, one-sided generation combined password of the present invention also is encrypted, with the security that guarantees the combined password transmission and the accuracy of combined password checking; Terminal of the present invention is to have sent related data (can be transaction message, signature message and authentication password) to the background system server after having obtained authentication password, make the data through authorizing of need to being by the data that the background system server is processed that are sent to the background system server by terminal, guarantee security, improved work efficiency.
Step S510: the background system server is certifying signature message and authentication password respectively, and after being verified, carries out the transaction operation according to transaction message.
Concrete, the background system server is verified the correctness of authentication password according to encrypting combined password; The background system server is verified the correctness of signature message according to encrypting combined password and transaction message, perhaps according to authentication password and transaction message, the correctness of signature message is verified.The background system server is carried out the transaction operation according to transaction message after having verified that the correct and authentication password of signature is correct.
This shows the smart card method of commerce with electronic signature functionality of the present invention, complete the mutual of transaction desired data by the once access of smart card and terminal, reduced the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 5
Fig. 6 is the structural representation that the present invention has the smart card transaction system embodiment 5 of electronic signature functionality.First in conjunction with Fig. 6, the structure that the present invention is had the smart card transaction system of electronic signature functionality describes, and is specific as follows:
Smart card transaction system with electronic signature functionality of the present invention comprises: terminal 10, background system server 20 and the smart card 30 with electronic signature functionality.Wherein, the equipment of smart card 30 for having electronic signature functionality can comprise the core of the card sheet that contains user account information and utilize key to carry out the safety chip of digital signature, perhaps comprises the integrated chip with above-mentioned two chip functions; Terminal 10 can be mobile phone, notebook, panel computer, PC, POS machine etc. can carry out mutual device by wired or wireless mode and background system server.Background system server 20 can be bank server or third-party server, and third-party server is the server that the non-banking system adopts, such as public transit system adopts mass transit card is supplemented with money and the server controlled of withholing etc.
Wherein, the smart card 30 that has an electronic signature functionality comprises: transceiver module 301, password generation module 302, signature blocks 303 and display module 304; In other words, have the above-mentioned module that the smart card 30 of electronic signature functionality comprises and can be integrated on a chip, quantity and the function of the chip that also can adopt according to smart card 30 are integrated on a plurality of chips, are not just illustrating one by one at this.
Signature blocks 303 generates the signature message according to transaction message and combined password, and is sent to terminal 10 by transceiver module 301 to major general's message of signing.
Certainly, on the basis of said structure, the transceiver module 301 of smart card 30 of the present invention is sending the signature message to terminal 10, also disconnects and being connected of terminal 10, so that display module 304 demonstration transaction message.Thereby guaranteeing that smart card 30 of the present invention only contacts with terminal 10 has once just completed exchange and has needed data interaction, reduces because the secondary contact produces the risk that data are intercepted and captured, and has improved the security of transaction.
Certainly, background system server 20 can be when verifying authentication password, after the number of times of authentication failed reaches preset times (for example 3 times), locks account corresponding to this smart card with the safety of protection user account.
In addition, smart card 30 can also comprise: key-press module 305.Key-press module 305 is according to the confirmation password that receives and/or confirm instruction, triggers display module 304 and shows combined password, bar code or picture.
In addition, smart card 30 also comprises: figure generation module 306; Figure generation module 306 generates bar code or picture according to the combined password that obtains from password generation module 302, and exports display module 304 demonstrations to.
Concrete, for example the user can trigger display module 304 demonstration combined password, bar code or pictures in the following way:
(1) input validation password, after smart card 30 demonstration validation passwords were correct, display module 304 showed combined password, bar code or picture; Perhaps
(2) press the confirmation button, trigger display module 304 and show combined password, bar code or picture; Perhaps
(3) input validation password, and press the confirmation button, after smart card 30 demonstration validation passwords were correct, display module 304 showed combined password, bar code or picture.
Certainly, the condition that display module 304 shows combined password, bar code or picture that triggers can be set for the different consumption amount of money, for example, small amount consumption only needs the user to press the confirmation button, wholesale consumer need user input validation password etc.
This shows the smart card transaction system that has the smart card of electronic signature functionality and have electronic signature functionality of the present invention, the mutual of transaction desired data completed in once access by smart card and terminal, reduce the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Embodiment 6
Fig. 7 is the structural representation that the present invention has the smart card transaction system embodiment 6 of electronic signature functionality.First in conjunction with Fig. 7, the structure that the present invention is had the smart card transaction system of electronic signature functionality describes, and is specific as follows:
Smart card transaction system with electronic signature functionality of the present invention comprises: terminal 40, background system server 50 and the smart card 60 with electronic signature functionality.Wherein, terminal 40 can be mobile phone, notebook, panel computer, PC etc. and can carry out mutual device by wired or wireless mode and background system server; The equipment of smart card 60 for having electronic signature functionality can comprise the core of the card sheet that contains user account information and utilize key to carry out the safety chip of digital signature, perhaps comprises the integrated chip with above-mentioned two chip functions; Background system server 50 can be bank server or third-party server, and third-party server is the server that the non-banking system adopts, such as public transit system adopts mass transit card is supplemented with money and the server controlled of withholing etc.
Wherein, the smart card 60 that has an electronic signature functionality comprises: transceiver module 601, password generation module 602, signature blocks 603, display module 604 and encrypting module 605; In other words, have the above-mentioned module that the smart card 60 of electronic signature functionality comprises and can be integrated on a chip, quantity and the function of the chip that also can adopt according to smart card 60 are integrated on a plurality of chips, are not just illustrating one by one at this.
Transceiver module 601 is used for accessing terminal 40, receives transaction message and is sent to signature blocks 603; Transceiver module 601 sends the combined password that obtains from crypto module 602 to terminal 40 in the non-contact communication mode.
Encrypting module 605 generate to be encrypted combined password according to combined password at least, and will encrypt combined password by transceiver module 601 and be sent to terminal 40.
Signature blocks 603 generates the signature message according to transaction message, and is sent to terminal 40 by transceiver module 601 to major general's message of signing.
Certainly, on the basis of said structure, the transceiver module 601 of smart card 60 of the present invention is sending the signature message to terminal 40, also disconnects and being connected of terminal 40, so that display module 604 demonstration transaction message.Thereby guaranteeing that smart card 60 of the present invention only contacts with terminal 40 has once just completed exchange and has needed data interaction, reduces because the secondary contact produces the risk that data are intercepted and captured, and has improved the security of transaction.
Certainly, background system server 50 can be when verifying authentication password, after the number of times of authentication failed reaches preset times (for example 3 times), locks account corresponding to this smart card with the safety of protection user account.
In addition, smart card 60 can also comprise: key-press module 606.Key-press module 606 is according to the confirmation password that receives and/or confirm instruction, triggers display module 604 and shows combined password.
In addition, smart card 60 also comprises: figure generation module 607; Figure generation module 607 generates bar code or picture according to the combined password that obtains from password generation module 602, and exports display module 604 demonstrations to.
Concrete, for example the user can trigger display module 604 demonstration combined password, bar code or pictures in the following way:
(1) input validation password, after smart card 60 demonstration validation passwords were correct, display module 604 showed combined password, bar code or picture; Perhaps
(2) press the confirmation button, trigger display module 604 and show combined password, bar code or picture; Perhaps
(3) input validation password, and press the confirmation button, after smart card 60 demonstration validation passwords were correct, display module 604 showed combined password, bar code or picture.
Certainly, can arrange for the different consumption amount of money and trigger display module 604 demonstration combined password conditions, bar code or picture, for example, small amount consumption only needs the user to press the confirmation button, wholesale consumer need user input validation password etc.
This shows the smart card transaction system that has the smart card of electronic signature functionality and have electronic signature functionality of the present invention, the mutual of transaction desired data completed in once access by smart card and terminal, reduce the risk that important information that repeatedly access causes is intercepted and captured, improved security.
Describe and to be understood in process flow diagram or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in storer and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with any one in following technology well known in the art or their combination: have for data-signal being realized the discrete logic of the logic gates of logic function, special IC with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to come the relevant hardware of instruction to complete by program, described program can be stored in a kind of computer-readable recording medium, this program comprises step of embodiment of the method one or a combination set of when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although the above has illustrated and has described embodiments of the invention, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art is not in the situation that break away from principle of the present invention and aim can change above-described embodiment within the scope of the invention, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (25)
1. the smart card method of commerce with electronic signature functionality, is characterized in that, described method comprises:
A, the smart card with electronic signature functionality access terminal, and receive transaction message;
B, described smart card generate combined password;
C, described smart card generate the signature message according to described transaction message and described combined password;
D, described smart card to the described signature message of major general are sent to described terminal;
E, described terminal are obtained authentication password, are sent to the background system server to the described transaction message of major general, described signature message and described authentication password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
F, the described signature message of described background system server authentication and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
2. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted described combined password and obtains to encrypt combined password;
Described smart card is signed to summary info and the described encryption combined password of described transaction message, generates the signature message.
3. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted acquisition encryption combined password to the combination of described combined password and random number;
Described smart card is signed to summary info and the described encryption combined password of described transaction message, generates the signature message.
4. according to claim 2 or 3 described methods, is characterized in that,
In described step D, described smart card also is sent to described terminal with described encryption combined password and described signature message;
In described step e, described terminal also is sent to the background system server with described encryption combined password, described transaction message, described signature message and described combined password.
5. method according to claim 1, is characterized in that, described step C comprises:
Described smart card calculates the summary info of described transaction message;
Described smart card is encrypted described combined password and obtains to encrypt combined password, and calculates the summary info of described encryption combined password;
Described smart card is signed to the summary info of described transaction message and the summary info of described encryption combined password, generates the signature message.
6. method according to claim 5, is characterized in that,
In described step D, described smart card also is sent to described terminal with summary info and the described signature message of described encryption combined password;
In described step e, described terminal also is sent to the background system server with the summary info of described combined password, described transaction message, described signature message and described combined password.
7. method according to claim 1, is characterized in that, between described step D and described step e, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password, bar code or picture.
8. the smart card transaction system with electronic signature functionality, is characterized in that, described system comprises: terminal, background system server and the smart card with electronic signature functionality;
The described terminal of described smart card access receives transaction message, generates combined password, generates the signature message according to described transaction message and described combined password, is sent to described terminal to the described signature message of major general;
Described terminal is obtained authentication password, is sent to described background system server to the described transaction message of major general, described signature message and described authentication password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
The described signature message of described background system server authentication and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
9. system according to claim 8, is characterized in that, described smart card comprises: transceiver module, password generation module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module sends the combined password that obtains from described password generation module to described terminal in the non-contact communication mode;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates the signature message according to described transaction message and described combined password, and is sent to described terminal by described transceiver module to the described signature message of major general.
10. system according to claim 8, is characterized in that, described smart card comprises: transceiver module, password generation module, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, and is sent to described signature blocks and described display module;
Described signature blocks generates the signature message according to described transaction message and described combined password, and is sent to described terminal by described transceiver module to the described signature message of major general;
Described figure generation module generates bar code or picture according to the described combined password that obtains from described password generation module, and exports described display module demonstration to.
11. system according to claim 9 is characterized in that, described terminal is obtained described authentication password in the non-contact communication mode from described smart card.
12. system according to claim 10 is characterized in that, described terminal is obtained described authentication password by bar code or the picture that the described display module that scans described smart card shows.
13. according to claim 9 or 10 described systems is characterized in that described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password that receives and/or confirm instruction, triggers described display module and shows described combined password, bar code or picture.
14. according to claim 9 or 10 described systems is characterized in that, described transceiver module is sending described signature message to the described terminal, also disconnects and being connected of described terminal;
Described display module described transceiver module disconnect with being connected of described terminal after, also show described transaction message.
15. the smart card method of commerce with electronic signature functionality is characterized in that, described method comprises:
A ', the smart card with electronic signature functionality access terminal, and receive transaction message;
B ', described smart card generate combined password, and generate the encryption combined password according to described combined password at least;
C ', described smart card generate the signature message according to described transaction message;
D ', described smart card are sent to described terminal with described signature message and described encryption combined password;
E ', described terminal are obtained authentication password, are sent to the background system server to the described transaction message of major general, described signature message, described authentication password and described encryption combined password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
F ', described background system server are verified respectively described signature message and described authentication password, and after being verified, carry out the transaction operation according to described transaction message.
16. method according to claim 15 is characterized in that, step B ' is described to be comprised according to combined password generation encryption combined password at least:
Described smart card is encrypted acquisition encryption combined password to the combination of described combined password and random number; Or
Described smart card adopts symmetric cryptography or asymmetric encryption mode that combined password is encrypted and obtains to encrypt combined password.
17. method according to claim 15 is characterized in that, described step C ' comprising:
Described smart card calculates the summary info of described transaction message, and the summary info of described transaction message is signed, and generates the signature message.
18. method according to claim 15 is characterized in that, in described step D ' and described step e ' between, described method also comprises:
Described smart card disconnection is connected with described terminal;
Described smart card shows described transaction message;
Described smart card receives by the confirmation password of key-press input and/or confirms instruction;
Described smart card shows described combined password, bar code or picture.
19. the smart card transaction system with electronic signature functionality is characterized in that, described system comprises: terminal, background system server and the smart card with electronic signature functionality;
The described terminal of described smart card access, receive transaction message, generate combined password, generate according to described combined password at least and encrypt combined password, generate the signature message according to described transaction message code, described signature message and described encryption combined password are sent to described terminal;
Described terminal is obtained authentication password, is sent to described background system server to the described transaction message of major general, described signature message, described authentication password and described encryption combined password; Described authentication password is the combined password of the acquisition of information that shows by the described smart card of described terminal scanning, or the combined password that obtains from described smart card in the non-contact communication mode by described terminal;
Described background system server is verified respectively described signature message and described authentication password, and after being verified, carries out the transaction operation according to described transaction message.
20. system according to claim 19 is characterized in that, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks and display module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks; Described transceiver module sends the combined password that obtains from described password generation module to described terminal in the non-contact communication mode;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described display module;
Described encrypting module generates according to described combined password at least and encrypts combined password, and by described transceiver module, described encryption combined password is sent to described terminal;
Described signature blocks generates the signature message according to described transaction message, and by described transceiver module, described signature message is sent to described terminal.
21. system according to claim 19 is characterized in that, described smart card comprises: transceiver module, password generation module, encrypting module, signature blocks, display module and figure generation module;
Described transceiver module is used for accessing terminal, and receives transaction message and is sent to described signature blocks;
Described password generation module is used for generating combined password, sends described combined password to described encrypting module and described display module;
Described encrypting module generates according to described combined password at least and encrypts combined password, and by described transceiver module, described encryption combined password is sent to described terminal;
Described signature blocks generates the signature message according to described transaction message, and by described transceiver module, described signature message is sent to described terminal;
Described figure generation module generates bar code or picture according to the described combined password that obtains from described password generation module, and exports described display module demonstration to.
22. system according to claim 20 is characterized in that, described terminal is obtained described authentication password in the non-contact communication mode from described smart card.
23. system according to claim 21 is characterized in that, described terminal is obtained described authentication password by bar code or the picture that the described display module that scans described smart card shows.
24. according to claim 20 or 21 described systems is characterized in that described smart card also comprises: key-press module;
Described key-press module is according to the confirmation password that receives and/or confirm instruction, triggers described display module and shows described combined password, bar code or picture.
25. according to claim 20 or 21 described systems is characterized in that, described transceiver module is sending described signature message to the described terminal, also disconnects and being connected of described terminal;
Described display module described transceiver module disconnect with being connected of described terminal after, also show described transaction message.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310070783.6A CN103136664B (en) | 2013-03-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
| PCT/CN2014/071657 WO2014121721A1 (en) | 2013-02-06 | 2014-01-28 | Smart card with electronic signature function, and smart card transaction system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310070783.6A CN103136664B (en) | 2013-03-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103136664A true CN103136664A (en) | 2013-06-05 |
| CN103136664B CN103136664B (en) | 2016-05-18 |
Family
ID=48496467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310070783.6A Active CN103136664B (en) | 2013-02-06 | 2013-03-06 | There is smart card transaction system and the method for electronic signature functionality |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103136664B (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103973455A (en) * | 2014-05-28 | 2014-08-06 | 天地融科技股份有限公司 | Information interaction method |
| CN103986581A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information interaction system |
| WO2014121721A1 (en) * | 2013-02-06 | 2014-08-14 | 天地融科技股份有限公司 | Smart card with electronic signature function, and smart card transaction system and method |
| CN104268780A (en) * | 2014-10-21 | 2015-01-07 | 中国建设银行股份有限公司 | Trade order confirmation method and device and server |
| CN104318440A (en) * | 2014-11-06 | 2015-01-28 | 苏州海博智能系统有限公司 | IC card |
| CN105069620A (en) * | 2015-07-23 | 2015-11-18 | 冯凤清 | Transaction secrecy system of smart phone |
| CN105069613A (en) * | 2015-07-23 | 2015-11-18 | 冯凤清 | On-line payment security system of smart phone |
| CN105117906A (en) * | 2015-07-23 | 2015-12-02 | 冯凤清 | Smart phone online payment security system supporting external confirmation |
| CN105139195A (en) * | 2015-07-23 | 2015-12-09 | 冯凤清 | Security system of intelligent mobile phone |
| CN105471580A (en) * | 2014-09-11 | 2016-04-06 | 苏州海博智能系统有限公司 | Signature checking method and equipment |
| CN105488674A (en) * | 2014-09-26 | 2016-04-13 | 苏州海博智能系统有限公司 | Method and system for carrying out secure transaction by using wireless security device, and server |
| CN105556550A (en) * | 2013-07-19 | 2016-05-04 | 金雅拓股份有限公司 | Method for securing a validation step of an online transaction |
| CN105654294A (en) * | 2015-06-19 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Safety authentication method, apparatus and mobile terminal thereof |
| CN105653925A (en) * | 2016-02-04 | 2016-06-08 | 操明立 | Networked transaction authentication method and system and smart card |
| CN106100850A (en) * | 2016-06-17 | 2016-11-09 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method based on Quick Response Code and system |
| CN106131037A (en) * | 2016-07-25 | 2016-11-16 | 四川易想电子商务有限公司 | A kind of internet trade method |
| CN103984906B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of electronic key equipment of no button |
| WO2018045918A1 (en) * | 2016-09-09 | 2018-03-15 | 天地融科技股份有限公司 | Authorization method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856970B1 (en) * | 2000-09-26 | 2005-02-15 | Bottomline Technologies | Electronic financial transaction system |
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN201757903U (en) * | 2010-06-25 | 2011-03-09 | 北京天地融科技有限公司 | Usb key device |
| CN102609750A (en) * | 2012-02-15 | 2012-07-25 | 东信和平智能卡股份有限公司 | Intelligent card provided with input device and output device |
-
2013
- 2013-03-06 CN CN201310070783.6A patent/CN103136664B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6856970B1 (en) * | 2000-09-26 | 2005-02-15 | Bottomline Technologies | Electronic financial transaction system |
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN101178802A (en) * | 2006-11-08 | 2008-05-14 | 李东声 | Dynamic password realization method in network bank trading and electronic signing device |
| CN101436280A (en) * | 2008-12-15 | 2009-05-20 | 北京华大智宝电子系统有限公司 | Method and system for implementing electronic payment of mobile terminal |
| CN201757903U (en) * | 2010-06-25 | 2011-03-09 | 北京天地融科技有限公司 | Usb key device |
| CN102609750A (en) * | 2012-02-15 | 2012-07-25 | 东信和平智能卡股份有限公司 | Intelligent card provided with input device and output device |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014121721A1 (en) * | 2013-02-06 | 2014-08-14 | 天地融科技股份有限公司 | Smart card with electronic signature function, and smart card transaction system and method |
| CN105556550A (en) * | 2013-07-19 | 2016-05-04 | 金雅拓股份有限公司 | Method for securing a validation step of an online transaction |
| CN103984906B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of electronic key equipment of no button |
| CN103986581A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information interaction system |
| CN103986581B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of information interaction system |
| CN108319870A (en) * | 2014-05-28 | 2018-07-24 | 天地融科技股份有限公司 | A kind of electronic key equipment of no button |
| CN108319870B (en) * | 2014-05-28 | 2021-08-17 | 天地融科技股份有限公司 | Electronic key equipment without keys |
| CN103973455A (en) * | 2014-05-28 | 2014-08-06 | 天地融科技股份有限公司 | Information interaction method |
| CN103973455B (en) * | 2014-05-28 | 2018-09-18 | 天地融科技股份有限公司 | A kind of information interacting method |
| CN105471580A (en) * | 2014-09-11 | 2016-04-06 | 苏州海博智能系统有限公司 | Signature checking method and equipment |
| CN105471580B (en) * | 2014-09-11 | 2021-12-24 | 苏州海博智能系统有限公司 | Signature rechecking method and device |
| CN105488674A (en) * | 2014-09-26 | 2016-04-13 | 苏州海博智能系统有限公司 | Method and system for carrying out secure transaction by using wireless security device, and server |
| CN104268780A (en) * | 2014-10-21 | 2015-01-07 | 中国建设银行股份有限公司 | Trade order confirmation method and device and server |
| CN104318440A (en) * | 2014-11-06 | 2015-01-28 | 苏州海博智能系统有限公司 | IC card |
| CN105654294A (en) * | 2015-06-19 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Safety authentication method, apparatus and mobile terminal thereof |
| CN105117906A (en) * | 2015-07-23 | 2015-12-02 | 冯凤清 | Smart phone online payment security system supporting external confirmation |
| CN105069613B (en) * | 2015-07-23 | 2018-09-25 | 黄秀开 | A kind of on-line payment security system of smart mobile phone |
| CN105069620A (en) * | 2015-07-23 | 2015-11-18 | 冯凤清 | Transaction secrecy system of smart phone |
| CN105069613A (en) * | 2015-07-23 | 2015-11-18 | 冯凤清 | On-line payment security system of smart phone |
| CN105117906B (en) * | 2015-07-23 | 2018-10-09 | 黄秀开 | A kind of smart mobile phone on-line payment security system that can be confirmed from outside |
| CN105069620B (en) * | 2015-07-23 | 2018-08-07 | 黄秀开 | A kind of transaction privacy system of smart mobile phone |
| CN105139195A (en) * | 2015-07-23 | 2015-12-09 | 冯凤清 | Security system of intelligent mobile phone |
| CN105139195B (en) * | 2015-07-23 | 2018-09-25 | 黄秀开 | A kind of security system of smart mobile phone |
| CN105653925A (en) * | 2016-02-04 | 2016-06-08 | 操明立 | Networked transaction authentication method and system and smart card |
| CN105653925B (en) * | 2016-02-04 | 2019-04-26 | 操明立 | Network trading authentication method, system and smart card |
| CN106100850B (en) * | 2016-06-17 | 2019-07-05 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method and system based on two dimensional code |
| CN106100850A (en) * | 2016-06-17 | 2016-11-09 | 公安部第三研究所 | Intelligent and safe chip signing messages transmission method based on Quick Response Code and system |
| CN106131037A (en) * | 2016-07-25 | 2016-11-16 | 四川易想电子商务有限公司 | A kind of internet trade method |
| WO2018045918A1 (en) * | 2016-09-09 | 2018-03-15 | 天地融科技股份有限公司 | Authorization method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103136664B (en) | 2016-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103136664B (en) | There is smart card transaction system and the method for electronic signature functionality | |
| CN203242029U (en) | An intelligent card containing an electronic signature function and an intelligent card transaction system | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN104243451A (en) | Information interaction method and system and smart key equipment | |
| CN103220148B (en) | The method of electronic signature token operation response request, system and electronic signature token | |
| CN103208151B (en) | Process the method and system of operation requests | |
| CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
| CN103220280A (en) | Dynamic password token and data transmission method and system for dynamic password token | |
| CN103516525B (en) | Dynamic password generation method and system | |
| CN103401844A (en) | Operation request processing method and system | |
| CN104243162A (en) | Information interaction method and system and smart key equipment | |
| CN103198401B (en) | There is smart card method of commerce and the system of electronic signature functionality | |
| CN103136665A (en) | Method and system of network transaction | |
| CN103366278A (en) | Method and system for processing operation request | |
| CN103281183A (en) | Conversion device and display system | |
| CN103136667A (en) | Smart card with electronic signature function, smart card trading system and smart card trading method | |
| CN103973455A (en) | Information interaction method | |
| CN203338403U (en) | Intelligent card transaction system with an electronic signature function | |
| CN104796266A (en) | Authentication method, device and system | |
| CN103984906A (en) | Electronic key device without button | |
| CN103346886A (en) | Signature data sending method and electronic signature token | |
| CN103699859A (en) | Information display method and device | |
| CN103716328A (en) | Operation request processing method and system | |
| CN103136666B (en) | There is smart card method of commerce and the system of electronic signature functionality | |
| CN104036391A (en) | Information interaction method and system, information processing method and electronic key equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |