CN116228231A - Offline payment method, device, equipment and medium - Google Patents
Offline payment method, device, equipment and medium Download PDFInfo
- Publication number
- CN116228231A CN116228231A CN202310237289.8A CN202310237289A CN116228231A CN 116228231 A CN116228231 A CN 116228231A CN 202310237289 A CN202310237289 A CN 202310237289A CN 116228231 A CN116228231 A CN 116228231A
- Authority
- CN
- China
- Prior art keywords
- payment
- operator
- credential
- offline
- management service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses an offline payment method, device, equipment and medium, comprising the following steps: sending a payment credential redemption request to a digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature; storing the first payment credentials returned by the digital asset operator management service to a first SRE embedded in the first operator APP; selecting a payment credential from the first SRE based on a payment requirement corresponding to a second operator APP and a value denomination of the payment credential in the first SRE to obtain a target payment credential; and transmitting the target payment certificate to the second operator APP in an offline mode so that the second operator APP can verify the target payment certificate by using an operator public key. In this way, the security of offline payment is improved.
Description
Technical Field
The present disclosure relates to the field of offline payment technologies, and in particular, to an offline payment method, device, apparatus, and medium.
Background
At present, the scheme of offline payment mainly realizes transaction through an asymmetric encryption algorithm, such as verifying identity by using the encryption algorithm, generating and storing an offline payment open certificate, and temporarily generating a payment string or a payment certificate through a certificate to pay. However, the temporarily generated payment string or payment certificate cannot be completely controlled by an operator, and the risk of counterfeiting and the security are insufficient.
Disclosure of Invention
In view of the foregoing, an object of the present application is to provide an offline payment method, device, apparatus and medium, which can improve the security of offline payment. The specific scheme is as follows:
in a first aspect, the application discloses an offline payment method applied to a first operator APP, including:
sending a payment credential redemption request to a digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature;
saving the first payment credentials returned by the digital asset operator management service to a first SRE (i.e., safe Running Enviroment, secure operating environment) embedded in the first operator APP;
Selecting a payment credential from the first SRE based on a payment requirement corresponding to a second operator APP and a value denomination of the payment credential in the first SRE to obtain a target payment credential;
and transmitting the target payment certificate to the second operator APP in an offline mode so that the second operator APP can verify the target payment certificate by using an operator public key.
Optionally, before sending the payment credential exchange request to the digital asset operator management service, the method further includes:
sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service generates an offline payment certificate corresponding to the first operator APP; wherein the offline payment attestation includes the operator public key;
correspondingly, before generating a first payment credential according to user requirements, the digital asset operator management service verifies the offline payment credential corresponding to the first operator APP, and if the offline payment credential passes the verification, the digital asset operator management service generates the first payment credential according to the user requirements.
Optionally, sending an offline payment function activation application to the digital asset operator management service, so that the digital asset operator management service generates an offline payment certificate corresponding to the first operator APP, including:
Sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service performs user identity and credit verification based on the offline payment function opening application and returns an initial offline payment proof when verification is passed;
downloading and activating the first SRE based on the initial offline payment proof so that the first SRE generates a user public-private key pair;
and sending the user public key in the user public-private key pair to the digital asset operator management service through the first SRE so that the digital asset operator management service adds the user public key to the initial offline payment certification to obtain an offline payment certification corresponding to a first operator APP.
Optionally, the method further comprises:
when acquiring the confirmation and collection information returned by the second operator APP for the target payment certificate, signing the target payment certificate and the offline payment certificate by using a user private key to obtain the target payment certificate signed by the user;
and sending the target payment certificate signed by the user to the second operator APP so that the second operator APP can verify the user private key signature in the signed target payment certificate, and storing the payment certificate to a second SRE embedded in the second operator APP after verification is passed.
Optionally, the target payment credential includes a first payment credential and/or a second payment credential, where the second payment credential is a payment credential sent by the acquired third operator APP;
if the target payment credential includes a first payment credential and a second payment credential, then:
for the first payment credential, the verification process of the second operator APP before returning the confirmation receipt information includes: verifying the SRE sequence number in the first payment credential, verifying the operator private key signature, verifying whether the first payment credential expires based on a validity period in the first payment credential;
for a second payment credential, the verification process of the second operator APP before returning the confirmation receipt information comprises: and verifying the operator private key signature in the second payment certificate, and if the operator private key signature is verified, verifying the user private key signature based on the user public key in the offline payment certificate sequentially from the back to the front according to the circulation sequence of the second payment certificate.
Optionally, the method further comprises:
sending a payment credential redemption request or a payment credential verification request to a digital asset operator management service, so that the digital asset operator management service performs verification of user identity and whether an offline payment function is opened;
After verification success information returned by the digital asset operator management service is obtained, sending a payment certificate to be exchanged or a payment certificate to be verified to the digital asset operator management service, so that the digital asset operator management service returns corresponding digital assets to the first SRE after the payment certificate to be exchanged or the payment certificate to be verified passes the verification.
Optionally, the method further comprises:
sending an offline payment function closing application to a digital asset operator management service;
acquiring a closing success response returned by the digital asset operator management service, and destroying the first SRE environment;
and the digital asset operator management service returns a closing success response when the user has no payment certificate which is not verified and is not redeemed by the user, and if the payment certificate which is not redeemed by the payee exists, the payment certificate is recorded.
In a second aspect, the application discloses an offline payment device, applied to a first operator APP, comprising:
the payment credential redemption module is used for sending a payment credential redemption request to the digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature;
The payment certificate preservation module is used for preserving the first payment certificate returned by the digital asset operator management service to a first SRE embedded in the first operator APP;
the payment credential selection module is used for selecting the payment credential from the first SRE based on the payment requirement corresponding to the second operator APP and the value denomination of the payment credential in the first SRE so as to obtain a target payment credential;
and the payment credential transmission module is used for transmitting the target payment credential to the second operator APP in an offline manner by a user, so that the second operator APP can verify the target payment credential by using an operator public key.
In a third aspect, the present application discloses an electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the offline payment method described above.
In a fourth aspect, the application discloses a computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the offline payment method described above.
As can be seen, the present application sends a payment credential redemption request to a digital asset operator management service, such that the digital asset operator management service generates a first payment credential according to a user requirement; the first payment credential includes a value denomination and an operator private key signature; and then the first payment certificate returned by the digital asset operator management service is stored to a first SRE embedded in the first operator APP, then based on the payment requirement corresponding to a second operator APP and the value denomination of the payment certificate in the first SRE, the payment certificate is selected from the first SRE to obtain a target payment certificate, and then the target payment certificate is transmitted to the second operator APP in an off-line mode, so that the second operator APP can verify the target payment certificate by using an operator public key. Therefore, in the application, the process of offline payment is completed by transferring the payment certificate, the payment certificate is generated by the operator and the private key signature is confirmed and stored in the safe operation environment, copying, forging and changing cannot be performed, and the public key disclosed by the operator is used for identification and verification, so that the security of offline payment is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of an offline payment method disclosed in the present application;
FIG. 2 is a schematic diagram of a specific open offline payment disclosed herein;
FIG. 3 is a schematic diagram of a specific payment credential redemption disclosed herein;
FIG. 4 is a schematic illustration of a specific offline payment disclosed herein;
FIG. 5 is a schematic diagram of offline payment using a streamed payment credential as disclosed herein;
FIG. 6 is a schematic diagram of a specific payment credential redemption digital asset disclosed herein;
FIG. 7 is a schematic diagram of a specific payment credential verification to be used disclosed herein;
FIG. 8 is a schematic diagram of a specific off-line payment function disclosed herein;
FIG. 9 is a schematic diagram of offline payment disclosed herein;
FIG. 10 is a schematic diagram of an offline payment device disclosed in the present application;
fig. 11 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
At present, the scheme of offline payment mainly realizes transaction through an asymmetric encryption algorithm, such as verifying identity by using the encryption algorithm, generating and storing an offline payment open certificate, and temporarily generating a payment string or a payment certificate through a certificate to pay. However, the temporarily generated payment string or payment certificate cannot be completely controlled by an operator, and the risk of counterfeiting and the security are insufficient. Therefore, the offline payment scheme can improve the security of offline payment.
Referring to fig. 1, an embodiment of the present application discloses an offline payment method, which is applied to a first operator APP, and includes:
Step S11: sending a payment credential redemption request to a digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature.
The user inputs a payment password through an operator APP to open an SRE embedded in the APP, and after opening, the user sends a payment credential exchange request to a digital asset operator management service through the SRE.
In a specific embodiment, before the payment credential exchange request is sent to the digital asset operator management service, an offline payment function opening application is sent to the digital asset operator management service, so that the digital asset operator management service generates an offline payment certificate corresponding to the first operator APP; wherein the offline payment attestation includes the operator public key; correspondingly, before generating a first payment credential according to user requirements, the digital asset operator management service verifies the offline payment credential corresponding to the first operator APP, and if the offline payment credential passes the verification, the digital asset operator management service generates the first payment credential according to the user requirements. After receiving the payment credential exchange request, the digital asset operator management service verifies the user identity and the validity of the request, and then verifies the offline payment credential corresponding to the first operator APP. The method for verifying the user identity and the validity of the request can be to search the user identity information locally based on the SRE sequence number carried by the request, and if so, verify the user signature carried in the request by using the public key used by the user payment. The verification mode of the offline payment evidence is to search the offline payment evidence, and if so, judge whether the offline payment evidence is in the validity period or not so as to judge whether the user opens the offline payment or not, and whether the offline payment evidence is out of date or not. After the offline payment verification is passed, the request is responded.
In one embodiment, the sending of the offline payment function activation application to the digital asset operator management service, so that the digital asset operator management service generates the offline payment certificate corresponding to the first operator APP may specifically include the following steps:
step 00: sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service performs user identity and credit verification based on the offline payment function opening application and returns an initial offline payment proof when verification is passed;
in one embodiment, the initial offline payment credential may include information such as the operator public key, expiration date of the credential, maximum payment amount, SRE serial number, and the like, signed with a private key corresponding to the operator public key.
Step 01: downloading and activating the first SRE based on the initial offline payment certification, so that the first SRE generates a user public and private key pair.
In one embodiment, the activating operation includes setting a payment password, the first SRE cryptographically storing the payment password, and generating a public-private key pair for use in user payment.
Step 02: and sending the user public key in the user public-private key pair to the digital asset operator management service through the first SRE so that the digital asset operator management service adds the user public key to the initial offline payment certification to obtain an offline payment certification corresponding to a first operator APP.
And the digital asset operator management service signs the offline payment certificate and returns to the first operator APP, which verifies the operator signature, SRE serial number, etc., and after verification, persists the offline payment certificate.
For example, referring to fig. 2, fig. 2 is a schematic diagram of open offline payment according to an embodiment of the present application. The user applies for opening an offline payment function through a digital asset operator APP (namely a wallet APP), the operator needs to verify user identity information and credit records of the user, and if the user identity is not real or the credit records do not reach standards, opening is not allowed; after the identity and credit verification is passed, the operator generates a certificate, namely an initial offline payment certificate, for the user, wherein the initial certificate comprises information such as an operator public key, the validity period of the certificate, the highest payment amount, an SRE serial number and the like, and the information is signed by a private key corresponding to the operator public key; after the initial credential is generated, returning to the application user APP, wherein the APP automatically downloads the SRE environment according to the initial credential, and the user manually activates the SRE environment after the SRE environment is downloaded successfully, wherein the activation operation mainly comprises the following steps: setting a payment password, wherein the SRE can encrypt and store the payment password of the user and generate a public and private key pair for payment for the user; the SRE registers public key information used for payment with a digital asset operator management service (namely the digital asset operator offline payment management service, hereinafter simply referred to as an operator service) and acquires complete offline payment evidence, the operator registers a payment public key of a user after receiving a request and supplements the payment public key in the offline payment evidence, data of the offline payment evidence is signed and confirmed by using an operator private key and then is sent to the user, the SRE in the user APP verifies the offline payment evidence after receiving the complete offline payment evidence data, verifies whether the public key verification signature in a certificate is valid, whether an SRE serial number in the certificate corresponds or not, and the like, and after verification is passed, the SRE informs the user that the offline payment is successful through APP. But at this point the user has no payable amount. This operation requires wired environmental support.
Step S12: and storing the first payment certificate returned by the digital asset operator management service to a first SRE embedded in the first operator APP.
For example, referring to fig. 3, fig. 3 is a schematic diagram of a specific payment credential redemption disclosed in an embodiment of the present application. The user inputs a payment password through an operator APP to open an SRE, submits an amount exchange application after opening, and the SRE sends an exchange request to an operator service; after receiving the user exchange request, the operator service verifies the user identity and the validity of the request through the payment public key of the user, and after the verification, the operator service verifies the offline payment evidence (the operator has a backup) of the user, including whether the user opens offline payment, whether the payment evidence is out of date, and the like; after the off-line payment proof verification is passed, responding to a user APP request, selecting a payment certificate of a designated denomination and the number to be exchanged by a user through an APP page, wherein the payment certificate is similar to cash banknote in real life, has the denomination attribute, is sent to an operator service through SRE after being selected, the operator service can calculate the total amount to be exchanged through the denomination and the number, then verifies whether the amount is over-limit or not (the amount applied in the past is required to be accumulated) based on the highest payment amount in the off-line payment proof, and is refused if the amount is over-limit; if the payment request is not exceeded, the operator generates a specified payment certificate according to the requirement of the user, and each generated payment certificate contains information: value denomination, expiration date (not exceeding the expiration date of the offline payment opening certificate), serial number of the SRE, operator private key signature, etc., after the generation is completed, the SRE sends the SRE to the user, and the SRE permanently stores each payment certificate to be used when offline payment is performed. This operation requires wired environmental support.
Step S13: and selecting a payment credential from the first SRE based on the payment requirement corresponding to the second operator APP and the value denomination of the payment credential in the first SRE to obtain a target payment credential.
In a specific embodiment, the target payment credentials include a first payment credential and/or a second payment credential, wherein the second payment credential is a payment credential sent by the acquired third operator APP, and the payment credential is also generated for the digital asset operator management service.
Step S14: and transmitting the target payment certificate to the second operator APP in an offline mode so that the second operator APP can verify the target payment certificate by using an operator public key.
In a specific embodiment, when acquiring the confirmation and collection information returned by the second operator APP for the target payment credential, signing the target payment credential and the offline payment credential by using a user private key to obtain the target payment credential signed by the user; and sending the target payment certificate signed by the user to the second operator APP so that the second operator APP can verify the user private key signature in the signed target payment certificate, and storing the payment certificate to a second SRE embedded in the second operator APP after verification is passed. In one embodiment, the target payment credentials, the time of payment, and the offline proof of payment may be signed.
And, before returning the confirmation receipt information, the second operator APP verifies the target payment credential, in a specific embodiment, if the target payment credential includes the first payment credential and the second payment credential: for the first payment credential, the verification process of the second operator APP before returning the confirmation receipt information includes: verifying the SRE sequence number in the first payment credential, verifying the operator private key signature, verifying whether the first payment credential expires based on a validity period in the first payment credential; for a second payment credential, the verification process of the second operator APP before returning the confirmation receipt information comprises: and verifying the operator private key signature in the second payment certificate, and if the operator private key signature is verified, verifying the user private key signature based on the user public key in the offline payment certificate sequentially from the back to the front according to the circulation sequence of the second payment certificate. Reference may be made to this embodiment for the target payment credential to include only the first payment credential or only the second payment credential, and no further description will be given. After verification is passed, the second operator APP displays the validity period of the target payment certificate, if the user confirms the receipt, the receipt confirmation information is returned to the first operator APP, and if the user refuses to receive, the payment fails.
For example, referring to fig. 4, fig. 4 is a schematic diagram of a specific offline payment disclosed in the embodiment of the present application, when a user a needs to pay to a user B, the user a inputs a password to open an SRE to prepare payment through APP, the user B also needs to input the password to open the SRE to wait for collection, and after the SRE is opened, a peer-to-peer transmission device connection is established, for example, through bluetooth, NFC technology, etc.; after the connection is successful, the user A selects a payment certificate to be used with a specific denomination according to the amount to be paid, the payment certificate is sent to an SRE of an operator APP of the user B through a point-to-point transmission device, the SRE of the operator APP held by the user B can verify the received payment certificate, whether the SRE serial numbers are matched, whether the operator signature is valid, whether the payment certificate is out of date or not and the like, wherein the SRE serial numbers in the offline payment certificate and the SRE serial numbers in the payment certificate can be compared, the two parties can exchange the offline payment certificate, the operator signature in the offline payment certificate is verified by an operator public key, and the payment certificate is sent/received after the authentication certificate is passed. If the verification fails, the method directly refuses; after verification is passed, the APP displays the validity period of each payment certificate, and if the validity period is too short, and the user B can reject to collect money, the payment fails; if the user B returns a confirmation receipt, the SRE in the APP of the user A signs each payment certificate, payment time, offline payment proving information and the like by using a payment private key and then sends the payment certificate to the user B (a corresponding payee performs verification of the validity of the certificate when the user B pays a transaction when the user B uses the received payment certificate again for payment), meanwhile marks that the payment certificate is used in the SRE, the user B performs verification again after receiving the certificate, persists to the SRE after the verification passes, and sends the received payment certificate to the user A after signature confirmation by using the private key of the user B; to this end, the payment was successful. The operation supports the operation of the user A and the user B in an offline environment.
For example, referring to fig. 5, fig. 5 is a schematic diagram of offline payment using a transferred payment credential according to an embodiment of the present application. When a user B needs to pay to a user C and prepares to use payment credentials received from a user A (the received credentials comprise offline payment credentials of an original payer), firstly, the user B and the user C open SRE environments of respective APP by inputting a payment password, and establish point-to-point transmission connection; the user B selects the payment voucher information to be used and sends the payment voucher information to the user C, and after the user C receives the payment voucher information, the payment voucher is verified, and the verification content mainly comprises the following steps: firstly, verifying whether an operator signature of a payment certificate is correct or not, ensuring that the payment certificate is generated by an operator, and rejecting the payment certificate if not; secondly, verifying the validity of the signature sequentially from back to front according to the circulation order, mainly verifying whether the signature of the previous payer is valid or not, wherein the payment credential carries an offline payment proof of the payer when in transfer, the proof comprises payment public key information of a payment user and public key information of an operator, the SRE can directly verify the signature data according to the public key to verify whether the generation of the payment credential is legal or not, and the previous circulation is legal or not, so that the verification is sequentially carried out upwards until the first use of the payment credential, if the payment credential passes the verification, the payment credential is valid, otherwise, the SRE is invalid; the payment flow after the payment credential passes the verification is the same as the flow of fig. 4, i.e. the time when the credential expires is shown, etc. The operation supports the operation of both the user B and the user C in an offline environment.
Further, the embodiment of the application may further send a payment credential exchange request or a payment credential verification request to a digital asset operator management service, so that the digital asset operator management service performs verification of user identity and whether to open an offline payment function; after verification success information returned by the digital asset operator management service is obtained, sending a payment certificate to be exchanged or a payment certificate to be verified to the digital asset operator management service, so that the digital asset operator management service returns corresponding digital assets to the first SRE after the payment certificate to be exchanged or the payment certificate to be verified passes the verification.
For example, referring to fig. 6, fig. 6 is a schematic diagram of a specific payment credential redemption digital asset disclosed in an embodiment of the present application. When a user needs to exchange the received payment credentials for digital assets, firstly, opening the SRE through APP input passwords, after opening, applying for initiating a redemption application, after receiving the redemption request, verifying whether user identity and offline payment are opened or not, and returning after verification is successful; after receiving the successful response, the SRE sends the payment certificate to be redeemed to the operator service, and after receiving the request, the operator service verifies each payment certificate, wherein the verified information mainly comprises: whether the SRE sequence number matches, whether the payment credentials expire, whether the operator signature is valid, whether each transfer record (i.e., verifying the user private key signature) is valid, etc.; after all payment certificates are verified, counting the amount of the verified payment certificates, and then transferring the digital assets with the same amount to a user, and verifying the redeemed payment certificates; after receiving the successful redemption result, the SRE corresponding to the user confirms whether funds are received, and deletes the redeemed payment certificate after confirmation. So far, the redemption operation is complete. This operation requires support for a wired environment.
For example, referring to fig. 7, fig. 7 is a schematic diagram of verifying a payment certificate to be used according to an embodiment of the present application. When a user needs to cancel the payment credentials to be used (such as the payment credentials to be used will expire, etc.), firstly inputting a payment password through an APP to open an SRE, initiating a cancel-verification application after opening, and after receiving a cancel-verification request, verifying whether the user identity and the offline payment credentials are valid or not, and returning after successful verification; after the SRE receives the successful response, the user selects unused payment certificates which need to be verified through the APP and sends the unused payment certificates to the operator service, after the operator service receives the payment certificates, each of the unused payment certificates which need to be verified is verified, whether the serial numbers of the SRE are matched, whether the signatures of the operator are valid or not and the like is mainly verified, the total amount of all unused payment certificates which pass verification is calculated after verification, then the same amount is paid to the current user, and meanwhile, the corresponding payment certificates to be used are destroyed; after the SRE receives the verification result, the verified unused payment certificate is deleted, and the unused payment certificate which is not verified can be confirmed and processed in other manners, such as manual processing, etc.
In addition, the embodiment of the application can also send an offline payment function closing application to the digital asset operator management service; acquiring a closing success response returned by the digital asset operator management service, and destroying the first SRE environment; and the digital asset operator management service returns a closing success response when the user has no payment certificate which is not verified and is not redeemed by the user, and if the payment certificate which is not redeemed by the payee exists, the payment certificate is recorded.
For example, referring to fig. 8, fig. 8 is a schematic diagram of a specific off-line payment function disclosed in an embodiment of the present application, where the off-line payment is performed on the premise that all payment credentials to be used have been validated and the payment credentials that have been used but not yet redeemed are recorded; the user applies for closing the offline payment function through the APP of the operator, the operator service firstly verifies the user identity after receiving the request, then inquires whether the user has a payment certificate which is not verified or not redeemed, if so, prompts the user to confirm, and the user can close after verifying the payment certificate which is not verified; if the user does not have unused payment credentials to be verified, but has payment credentials which are not honored by the payee, the offline payment function can be continuously closed, and the user only needs to confirm the record; after the payment credentials are checked, the operator service marks the off-line payment opening evidence of the user as invalid, returns the off-line payment closing success to the APP, and destroys the embedded SRE environment after the APP receives the off-line payment function closing success response, including operations such as clearing the internal storage data, and prompting the user that the off-line payment function is closed successfully after the SRE is destroyed.
That is, the whole offline payment consists of three parts, namely an operator APP and an embedded SRE, a point-to-point data transmission device and an operator offline payment management service (opening, exchanging and presenting). The APP and the embedded SRE are used for storing the offline payment opening evidence, the offline payment evidence and the exchanged payment evidence, which are equivalent to an offline wallet; the point-to-point data transmission device is used for safely transferring the payment certificate to carry out payment transaction, and business processing logic in the SRE is fixed, so that the data can be ensured not to be copied, tampered and forged, and the payment certificate can be ensured not to have double-flower problems; the offline payment management service provides services such as opening, exchanging payment vouchers, exchanging cash for payment vouchers, verifying payment vouchers and the like for users. Referring to fig. 9, fig. 9 is a schematic diagram of offline payment according to an embodiment of the present application. The operations of offline payment mainly include six types: the method comprises the steps of applying for opening an offline payment function, exchanging payment credentials, performing offline payment (multiple uses of the payment credentials), performing payment credential exchange, verifying and selling unused payment credentials, and closing the offline payment function. The offline payment function is mainly opened for registering and registering in the digital asset operator; the payment voucher is exchanged mainly by credit records or mortgage cash, and newly generated payment voucher information comprises: value denomination, validity period, SRE serial number, operator signature, etc., the denomination of the generated payment certificate is fixed, and can not be copied and tampered, and the payment certificate is stored in the SRE of the operator APP after being exchanged; when offline payment is carried out, a certain amount of money is formed by a payment party by using a certain number of payment certificates with different denominations, the payment party signs by using a payment private key similar to cash and bank notes, then the payment certificates are transferred to a payee by using a point-to-point transmission technology such as Bluetooth, NFC and other technologies, the payee verifies the signature of an operator of the certificate and the signature of the payee after receiving the certificates, and the payee indicates that the payment is successful after the verification is passed; the payee exchanges for the digital asset by redemption in the wired environment as much as possible within the validity period of the voucher; when the payment credentials to be used are about to expire or the offline payment function needs to be closed, the unused payment credentials need to be approved, namely the unused payment credentials are destroyed; and the off-line payment function is closed, the off-line payment evidence is logged off, and the off-line payment function cannot be used by the user after the off-line payment function is closed. In this way, the offline payment certificate and the payment certificate are generated by the operator and confirmed by the private key signature, are bound with the SRE embedded in the operator APP used by the user, cannot be copied, forged and changed, can be identified and verified by the public key disclosed by the operator, and has high safety; the payment credentials used for offline payments are very similar to the use of Renminbi cash, and the APP embedded SRE can be considered the user's wallet, and the payment credentials can be considered cash notes, persisted within the SRE. The payment certificate has the property of denomination, and can be circulated for unlimited times, and when in use, the payment transaction is carried out by transferring the held payment certificate, so that the method is convenient and quick; each transfer of the payment certificate has time and signature of a user, and an operator can conveniently track each transaction in which the payment certificate participates, including identity information and transaction information of both payment parties.
As can be seen, the embodiment of the present application sends a payment credential redemption request to a digital asset operator management service, so that the digital asset operator management service generates a first payment credential according to a user requirement; the first payment credential includes a value denomination and an operator private key signature; and then the first payment certificate returned by the digital asset operator management service is stored to a first SRE embedded in the first operator APP, then based on the payment requirement corresponding to a second operator APP and the value denomination of the payment certificate in the first SRE, the payment certificate is selected from the first SRE to obtain a target payment certificate, and then the target payment certificate is transmitted to the second operator APP in an off-line mode, so that the second operator APP can verify the target payment certificate by using an operator public key. Therefore, in the application, the process of offline payment is completed by transferring the payment certificate, the payment certificate is generated by the operator and the private key signature is confirmed and stored in the safe operation environment, copying, forging and changing cannot be performed, and the public key disclosed by the operator is used for identification and verification, so that the security of offline payment is improved.
In addition, both receiving and paying parties can use electronic payment under the condition of no network, and the payment is similar to cash payment, so that the method is convenient and quick; the payment credentials used in payment can be transferred for multiple times, namely the payment credentials are not limited by times in theory, so that the use convenience is improved, and the problem that the payment credentials or payment strings in the prior art can be used only once and cannot be used for multiple times is solved; and each transfer of the payment certificate requires the signature of the payer, so that the transfer path operator is convenient to track and monitor.
Referring to fig. 10, an embodiment of the present application discloses an offline payment device, which is applied to a first operator APP, and includes:
a payment credential redemption module 11 configured to send a payment credential redemption request to a digital asset operator management service, so that the digital asset operator management service generates a first payment credential according to a user requirement; the first payment credential includes a value denomination and an operator private key signature;
a payment credential preservation module 12, configured to preserve the first payment credential returned by the digital asset operator management service to a first SRE embedded in the first operator APP;
a payment credential selection module 13, configured to select a payment credential from the first SRE based on a payment requirement corresponding to a second operator APP and a value denomination of the payment credential in the first SRE, so as to obtain a target payment credential;
The payment credential transmission module 14, the user transmits the target payment credential offline to the second operator APP, so that the second operator APP verifies the target payment credential with an operator public key.
As can be seen, the embodiment of the present application sends a payment credential redemption request to a digital asset operator management service, so that the digital asset operator management service generates a first payment credential according to a user requirement; the first payment credential includes a value denomination and an operator private key signature; and then the first payment certificate returned by the digital asset operator management service is stored to a first SRE embedded in the first operator APP, then based on the payment requirement corresponding to a second operator APP and the value denomination of the payment certificate in the first SRE, the payment certificate is selected from the first SRE to obtain a target payment certificate, and then the target payment certificate is transmitted to the second operator APP in an off-line mode, so that the second operator APP can verify the target payment certificate by using an operator public key. Therefore, in the application, the process of offline payment is completed by transferring the payment certificate, the payment certificate is generated by the operator and the private key signature is confirmed and stored in the safe operation environment, copying, forging and changing cannot be performed, and the public key disclosed by the operator is used for identification and verification, so that the security of offline payment is improved.
Optionally, the apparatus further includes:
the offline payment function opening module is used for sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service generates an offline payment certificate corresponding to the first operator APP; wherein the offline payment attestation includes the operator public key;
correspondingly, before generating a first payment credential according to user requirements, the digital asset operator management service verifies the offline payment credential corresponding to the first operator APP, and if the offline payment credential passes the verification, the digital asset operator management service generates the first payment credential according to the user requirements.
Further, the offline payment function opening module is specifically configured to:
sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service performs user identity and credit verification based on the offline payment function opening application and returns an initial offline payment proof when verification is passed;
downloading and activating the first SRE based on the initial offline payment proof so that the first SRE generates a user public-private key pair;
and sending the user public key in the user public-private key pair to the digital asset operator management service through the first SRE so that the digital asset operator management service adds the user public key to the initial offline payment certification to obtain an offline payment certification corresponding to a first operator APP.
And, the apparatus further comprises:
the signature module is used for signing the target payment certificate and the offline payment certificate by using a user private key when acquiring the confirmation and collection information returned by the second operator APP and aiming at the target payment certificate so as to obtain the target payment certificate signed by the user;
the corresponding payment credential transmission module 14 is further configured to send the user signed target payment credential to the second operator APP, so that the second operator APP verifies the user private key signature in the signed target payment credential, and if the verification passes, the payment credential is saved to a second SRE embedded in the second operator APP.
The target payment credentials comprise a first payment credential and/or a second payment credential, wherein the second payment credential is a payment credential sent by an acquired third operator APP;
if the target payment credential includes a first payment credential and a second payment credential, then:
for the first payment credential, the verification process of the second operator APP before returning the confirmation receipt information includes: verifying the SRE sequence number in the first payment credential, verifying the operator private key signature, verifying whether the first payment credential expires based on a validity period in the first payment credential;
For a second payment credential, the verification process of the second operator APP before returning the confirmation receipt information comprises: and verifying the operator private key signature in the second payment certificate, and if the operator private key signature is verified, verifying the user private key signature based on the user public key in the offline payment certificate sequentially from the back to the front according to the circulation sequence of the second payment certificate.
Further, the device is further configured to: sending a payment credential redemption request or a payment credential verification request to a digital asset operator management service, so that the digital asset operator management service performs verification of user identity and whether an offline payment function is opened; after verification success information returned by the digital asset operator management service is obtained, sending a payment certificate to be exchanged or a payment certificate to be verified to the digital asset operator management service, so that the digital asset operator management service returns corresponding digital assets to the first SRE after the payment certificate to be exchanged or the payment certificate to be verified passes the verification.
Further, the device is further configured to: sending an offline payment function closing application to a digital asset operator management service; acquiring a closing success response returned by the digital asset operator management service, and destroying the first SRE environment;
And the digital asset operator management service returns a closing success response when the user has no payment certificate which is not verified and is not redeemed by the user, and if the payment certificate which is not redeemed by the payee exists, the payment certificate is recorded.
Referring to fig. 11, an embodiment of the present application discloses an electronic device 20, including a processor 21 and a memory 22; wherein the memory 22 is used for storing a computer program; the processor 21 is configured to execute the computer program, and the offline payment method disclosed in the foregoing embodiment.
For the specific process of the offline payment method, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage mode may be transient storage or permanent storage.
In addition, the electronic device 20 further includes a power supply 23, a communication interface 24, an input-output interface 25, and a communication bus 26; wherein the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
Further, the embodiment of the application also discloses a computer readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the offline payment method disclosed in the previous embodiment.
For the specific process of the offline payment method, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The foregoing has described in detail a method, apparatus, device and medium for offline payment provided by the present application, and specific examples have been applied herein to illustrate the principles and embodiments of the present application, where the foregoing examples are provided to assist in understanding the method and core ideas of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (10)
1. An offline payment method, applied to a first operator APP, comprising:
sending a payment credential redemption request to a digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature;
storing the first payment credentials returned by the digital asset operator management service to a first SRE embedded in the first operator APP;
selecting a payment credential from the first SRE based on a payment requirement corresponding to a second operator APP and a value denomination of the payment credential in the first SRE to obtain a target payment credential;
And transmitting the target payment certificate to the second operator APP in an offline mode so that the second operator APP can verify the target payment certificate by using an operator public key.
2. The offline payment method of claim 1, wherein prior to sending the payment credential redemption request to the digital asset operator management service, further comprising:
sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service generates an offline payment certificate corresponding to the first operator APP; wherein the offline payment attestation includes the operator public key;
correspondingly, before generating a first payment credential according to user requirements, the digital asset operator management service verifies the offline payment credential corresponding to the first operator APP, and if the offline payment credential passes the verification, the digital asset operator management service generates the first payment credential according to the user requirements.
3. The offline payment method according to claim 2, wherein sending an offline payment function activation application to the digital asset operator management service so that the digital asset operator management service generates an offline payment credential corresponding to the first operator APP, comprises:
Sending an offline payment function opening application to the digital asset operator management service so that the digital asset operator management service performs user identity and credit verification based on the offline payment function opening application and returns an initial offline payment proof when verification is passed;
downloading and activating the first SRE based on the initial offline payment proof so that the first SRE generates a user public-private key pair;
and sending the user public key in the user public-private key pair to the digital asset operator management service through the first SRE so that the digital asset operator management service adds the user public key to the initial offline payment certification to obtain an offline payment certification corresponding to a first operator APP.
4. An offline payment method according to claim 3, further comprising:
when acquiring the confirmation and collection information returned by the second operator APP for the target payment certificate, signing the target payment certificate and the offline payment certificate by using a user private key to obtain the target payment certificate signed by the user;
and sending the target payment certificate signed by the user to the second operator APP so that the second operator APP can verify the user private key signature in the signed target payment certificate, and storing the payment certificate to a second SRE embedded in the second operator APP after verification is passed.
5. The offline payment method according to claim 4, wherein the target payment credentials comprise a first payment credential and/or a second payment credential, wherein the second payment credential is a payment credential sent by the acquired third operator APP;
if the target payment credential includes a first payment credential and a second payment credential, then:
for the first payment credential, the verification process of the second operator APP before returning the confirmation receipt information includes: verifying the SRE sequence number in the first payment credential, verifying the operator private key signature, verifying whether the first payment credential expires based on a validity period in the first payment credential;
for a second payment credential, the verification process of the second operator APP before returning the confirmation receipt information comprises: and verifying the operator private key signature in the second payment certificate, and if the operator private key signature is verified, verifying the user private key signature based on the user public key in the offline payment certificate sequentially from the back to the front according to the circulation sequence of the second payment certificate.
6. The offline payment method according to claim 2, further comprising:
sending a payment credential redemption request or a payment credential verification request to a digital asset operator management service, so that the digital asset operator management service performs verification of user identity and whether an offline payment function is opened;
After verification success information returned by the digital asset operator management service is obtained, sending a payment certificate to be exchanged or a payment certificate to be verified to the digital asset operator management service, so that the digital asset operator management service returns corresponding digital assets to the first SRE after the payment certificate to be exchanged or the payment certificate to be verified passes the verification.
7. The offline payment method according to claim 2, further comprising:
sending an offline payment function closing application to a digital asset operator management service;
acquiring a closing success response returned by the digital asset operator management service, and destroying the first SRE environment;
and the digital asset operator management service returns a closing success response when the user has no payment certificate which is not verified and is not redeemed by the user, and if the payment certificate which is not redeemed by the payee exists, the payment certificate is recorded.
8. An offline payment device, characterized in that it is applied to a first operator APP, comprising:
the payment credential redemption module is used for sending a payment credential redemption request to the digital asset operator management service so that the digital asset operator management service generates a first payment credential according to user requirements; the first payment credential includes a value denomination and an operator private key signature;
The payment certificate preservation module is used for preserving the first payment certificate returned by the digital asset operator management service to a first SRE embedded in the first operator APP;
the payment credential selection module is used for selecting the payment credential from the first SRE based on the payment requirement corresponding to the second operator APP and the value denomination of the payment credential in the first SRE so as to obtain a target payment credential;
and the payment credential transmission module is used for transmitting the target payment credential to the second operator APP in an offline manner by a user, so that the second operator APP can verify the target payment credential by using an operator public key.
9. An electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor for executing the computer program to implement the offline payment method according to any of claims 1 to 7.
10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the offline payment method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310237289.8A CN116228231A (en) | 2023-03-06 | 2023-03-06 | Offline payment method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310237289.8A CN116228231A (en) | 2023-03-06 | 2023-03-06 | Offline payment method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116228231A true CN116228231A (en) | 2023-06-06 |
Family
ID=86582256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310237289.8A Pending CN116228231A (en) | 2023-03-06 | 2023-03-06 | Offline payment method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116228231A (en) |
-
2023
- 2023-03-06 CN CN202310237289.8A patent/CN116228231A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111144862B (en) | Method, device, equipment and storage medium for realizing digital currency double-off-line payment | |
| CN108764874B (en) | Anonymous transfer method, system and storage medium based on block chain | |
| US20200336315A1 (en) | Validation cryptogram for transaction | |
| JP6472060B2 (en) | System and method for electronically exchanging value between distributed users | |
| US10535065B2 (en) | Secure payment transactions based on the public bankcard ledger | |
| AU2010295188B2 (en) | Asset storage and transfer system for electronic purses | |
| CN112037068B (en) | Resource transfer method, system, device, computer equipment and storage medium | |
| JP6242809B2 (en) | Electronic check-based payment system and method for issuing, transferring, paying and verifying electronic checks | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| US20190108517A1 (en) | Digital currency for performing cash-equivalent transactions | |
| AU2011235531B2 (en) | Message storage and transfer system | |
| CN111062717B (en) | Data transfer processing method, device and computer readable storage medium | |
| CN116802661A (en) | Token-based out-of-chain interaction authorization | |
| CN106251145A (en) | Electronic fare payment system, electronic payment devices and electric paying method | |
| KR101049556B1 (en) | Method and system for payment of school expenses through electronic voucher and recording medium therefor | |
| CN116228231A (en) | Offline payment method, device, equipment and medium | |
| KR20190065832A (en) | Method for Providing Payment based on Sound Wave by using Cryptocurrency | |
| US11812260B2 (en) | Secure offline mobile interactions | |
| KR20190115555A (en) | Method for Providing Cryptocurrency Trade based on Certification of Connection Status between Wallet and User by using Smart Contract based on Blockchain | |
| CN118154196A (en) | Payment verification method and device based on blockchain | |
| KR20190115558A (en) | Method for Providing Cryptocurrency Trade based on Channel Certification by using Smart Contract based on Blockchain | |
| KR20190115559A (en) | Method for Providing Cryptocurrency Trade based on Code Certification by using Smart Contract based on Blockchain | |
| Islam et al. | A PKI Enabled Authentication Protocol for Secure E-Payment Framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |