CN113793149B

CN113793149B - Off-line transaction authentication system, method, central server and client

Info

Publication number: CN113793149B
Application number: CN202111086449.0A
Authority: CN
Inventors: 张牧宇
Original assignee: Bank of China Ltd
Current assignee: Bank of China Ltd
Priority date: 2021-09-16
Filing date: 2021-09-16
Publication date: 2024-10-25
Anticipated expiration: 2041-09-16
Also published as: CN113793149A

Abstract

The invention discloses an off-line transaction authentication system and method, a central server and a client, which are applied to the financial field, wherein the method comprises the following steps: the first client sends a request to a central server; the central server determines the ticket amount according to the request of the first client; integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon; the first client and the second client conduct off-line transaction to generate transaction running water, the private key of the first client is used for encrypting the transaction running water to obtain transaction running water ciphertext, and the transaction running water ciphertext are written into the first client electronic cash coupon; and the second client uses the second client electronic signature to replace the first client electronic signature to obtain the second client electronic cash coupon, so that the off-line transaction authentication is realized. The invention can realize that the transaction link cannot be forged and tampered, thereby meeting the transaction security requirement under the high-risk high-value transaction situation.

Description

Off-line transaction authentication system, method, central server and client

Technical Field

The invention relates to the field of finance, in particular to an offline transaction authentication system and method, a central server and a client.

Background

This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.

With the development of technology, the information system is applied gradually in the fields of electronic payment, bill transaction and commodity transaction. However, the transaction system is mostly dependent on network, and in some offline scenarios (network connection cannot be performed), the general information system cannot provide service.

The offline transaction scenario needs to be performed by using an electronic device under the condition of no internet connection, such as the existing applications such as meal card swiping, shopping card swiping, off-line verification of cash vouchers and the like, and an off-line transaction system without encryption or with simple encryption can be adopted, but the off-line transaction scenario is not high in security, and can not be applied to the limited field, and cannot be applied to the business scenario with high risk and high security requirements, such as bill transaction, securities transaction, large commodity transaction and the like. In addition, the general security authentication system needs online verification, such as an online transaction system, a blockchain system and the like, but the blockchain system can work normally only when most nodes are always online. Therefore, the conventional transaction authentication method cannot meet the security requirement and is easy to attack and forge.

Disclosure of Invention

The embodiment of the invention provides an offline transaction authentication system, which is used for solving the problem that a traditional transaction authentication mode can not meet the transaction security requirement under the high-risk high-value situation, and comprises the following steps:

the system comprises a central server, a first client and a second client;

The central server is used for: determining the ticket amount according to the request of the first client; generating an electronic cash coupon serial number and a plaintext password; encrypting the ticket amount and the electronic cash ticket serial number by using a private key of a central server to obtain ticket information; encrypting the plaintext password by using a private key of the central server to generate an electronic signature of the central server; integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon; generating a certificate by using a private key of a central server; transmitting the electronic cash coupon and the certificate to a first client;

The first client is used for: sending a request to a central server; receiving an electronic cash coupon and a certificate; decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature; replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client; the method comprises the steps of conducting offline transaction with a second client, generating transaction running water, encrypting the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writing the transaction running water ciphertext and the transaction running water ciphertext into a first client electronic cash coupon, and sending the first client electronic cash coupon and a certificate to the second client;

The second client is used for: verifying that the certificate of the first client is legitimate using the central server public key; decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct; verifying that the first client electronic cash coupon is authentic based on the coupon information, the ticket face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key; verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client; decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature; and replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, so as to realize offline transaction authentication.

The embodiment of the invention provides an off-line transaction authentication method, which is used for solving the problem that the traditional transaction authentication mode can not meet the transaction security requirement under the high-risk high-value situation, and comprises the following steps:

the first client sends a request to a central server;

The central server determines the ticket amount according to the request of the first client; generating an electronic cash coupon serial number and a plaintext password; encrypting the ticket amount and the electronic cash ticket serial number by using a private key of a central server to obtain ticket information; encrypting the plaintext password by using a private key of the central server to generate an electronic signature of the central server; integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon; generating a certificate by using a private key of a central server; transmitting the electronic cash coupon and the certificate to a first client;

The first client receives the electronic cash coupon and the certificate; decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature; replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client; the method comprises the steps of conducting offline transaction with a second client, generating transaction running water, encrypting the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writing the transaction running water ciphertext and the transaction running water ciphertext into a first client electronic cash coupon, and sending the first client electronic cash coupon and a certificate to the second client;

The second client uses the public key of the central server to verify that the certificate of the first client is legal; decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct; verifying that the first client electronic cash coupon is authentic based on the coupon information, the ticket face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key; verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client; decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature; and replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, so as to realize offline transaction authentication.

Determining the ticket amount according to the request of the first client;

Generating an electronic cash coupon serial number and a plaintext password;

encrypting the ticket amount and the electronic cash ticket serial number by using a private key of a central server to obtain ticket information;

Encrypting the plaintext password by using a private key of the central server to generate an electronic signature of the central server;

Integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon;

generating a certificate by using a private key of a central server;

the electronic cash coupon and the certificate are sent to the first client.

sending a request to a central server;

Receiving an electronic cash coupon and a certificate;

Decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature;

Replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client;

And the second client performs off-line transaction, generates transaction running water, encrypts the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writes the transaction running water and the transaction running water ciphertext into the first client electronic cash coupon, and sends the first client electronic cash coupon and the certificate to the second client.

Verifying that the certificate of the first client is legitimate using the central server public key;

decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct;

Verifying that the first client electronic cash coupon is authentic based on the coupon information, the ticket face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key;

verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client;

Decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature;

and replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, so as to realize offline transaction authentication.

The embodiment of the invention provides a central server for solving the problem that a traditional transaction authentication mode can not meet the transaction security requirement under the high-risk high-value situation, which comprises the following steps:

The amount generation module is used for determining the ticket amount according to the request of the first client;

The serial number password generation module is used for generating an electronic cash coupon serial number and a plaintext password;

The encryption module is used for encrypting the ticket amount and the serial number of the electronic cash ticket by using the private key of the central server to obtain ticket information;

the signature module is used for encrypting the plaintext password by using the private key of the central server to generate an electronic signature of the central server;

The integration module is used for integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain the electronic cash coupon;

the certificate generation module is used for generating a certificate by utilizing a private key of the central server;

And the sending module is used for sending the electronic cash coupon and the certificate to the first client.

The embodiment of the invention provides a first client for solving the problem that a traditional transaction authentication mode cannot meet the transaction security requirement under the high-risk high-value situation, comprising:

the sending request module is used for sending a request to the central server;

the receiving module is used for receiving the electronic cash coupon and the certificate;

The first client signature module is used for decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature;

the first label changing module is used for replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client;

And the transaction running water module performs off-line transaction with the second client to generate transaction running water, encrypts the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writes the transaction running water and the transaction running water ciphertext into the first client electronic cash coupon, and sends the first client electronic cash coupon and the certificate to the second client.

The embodiment of the invention provides a second client for solving the problem that a traditional transaction authentication mode cannot meet the transaction security requirement under the high-risk high-value situation, the second client comprises:

A certificate verification module for verifying that the certificate of the first client is legal using the central server public key;

verifying the identity module of the first client, decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct;

The first client electronic cash register verification module is used for verifying that the first client electronic cash register is true based on the ticket information, the ticket face amount and the electronic cash register serial number in the first client electronic cash register by using the public key of the central server;

The verification transaction flow module is used for verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client;

The second client signature module is used for decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature;

and the second label changing module uses the second client electronic signature to replace the first client electronic signature to obtain the second client electronic cash coupon, thereby realizing offline transaction authentication.

The embodiment of the invention also provides computer equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the offline transaction authentication method when executing the computer program.

The embodiment of the invention also provides a computer readable storage medium, which stores a computer program for executing the offline transaction authentication method.

In the embodiment of the invention, the electronic signature technology is adopted, the central server generates ticket basic information, the chained encryption transaction flow technology is adopted, any client cannot delete and modify the previous transaction flow, the server public key is used for encryption, and the client private key encryption double encryption technology determines ownership.

Drawings

In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:

FIG. 1 is a schematic diagram of an offline transaction authentication system according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of a central server according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of a central server according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a first client according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a second client according to an embodiment of the present invention;

FIG. 6 is a flowchart of an offline transaction authentication method according to an embodiment of the present invention;

FIG. 7 is a flowchart of an offline transaction authentication method according to an embodiment of the present invention;

FIG. 8 is a flowchart of an offline transaction authentication method according to an embodiment of the present invention;

FIG. 9 is a flowchart of an offline transaction authentication method according to an embodiment of the present invention;

FIG. 10 is a flowchart of an offline transaction authentication method according to an embodiment of the present invention;

FIG. 11 is a general flowchart of an off-line transaction authentication method according to an embodiment of the present invention;

fig. 12 is a schematic diagram of an electronic cash coupon data structure according to an embodiment of the present invention.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present invention and their descriptions herein are for the purpose of explaining the present invention, but are not to be construed as limiting the invention.

Term interpretation:

Asymmetric encryption: asymmetric encryption algorithms require two keys, a public key and a private key. The public key and the private key are a pair, and if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key. The basic process of realizing the secret information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys and discloses the public keys, and other roles (second party) needing to send information to the first party encrypt confidential information by using the secret keys (first party's public keys) and then send the encrypted confidential information to the first party; and the first party decrypts the encrypted information by using the private key. The opposite is true when the first party wants to reply to the second party, the public key of the second party is used for encrypting the data, and the second party uses the private key of the second party for decrypting.

Electronic signature: a piece of information is encrypted using a private key. The information may be decrypted by the public key. Since public keys are available to the public, the encrypted information can be decrypted and read by all but cannot be generated by others instead. This technique is commonly used in networks for authentication.

Digital certificate: for authenticating the identity of a public key holder to prevent impersonation by a third party typically involves: a public key; holder information; certificate Authority (CA) information; the CA digitally signs and uses the algorithm of this document; certificate validity period; there are some other additional information.

An offline transaction authentication system is provided in an embodiment of the present invention, and fig. 1 is a schematic diagram of an offline transaction authentication system in an embodiment of the present invention, as shown in fig. 1, the system may include:

A center server 101, a first client 102, and a second client 103;

The central server is used for 101: determining the ticket amount according to the request of the first client; generating an electronic cash coupon serial number and a plaintext password; encrypting the ticket amount and the electronic cash ticket serial number by using a private key of a central server to obtain ticket information; encrypting the plaintext password by using a private key of the central server to generate an electronic signature of the central server; integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon; generating a certificate by using a private key of a central server; transmitting the electronic cash coupon and the certificate to a first client;

the first client 102 is configured to: sending a request to a central server; receiving an electronic cash coupon and a certificate; decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature; replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client; the method comprises the steps of conducting offline transaction with a second client, generating transaction running water, encrypting the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writing the transaction running water ciphertext and the transaction running water ciphertext into a first client electronic cash coupon, and sending the first client electronic cash coupon and a certificate to the second client;

The second client 103 is configured to: verifying that the certificate of the first client is legitimate using the central server public key; decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct; verifying that the first client electronic cash coupon is authentic based on the coupon information, the ticket face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key; verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client; decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature; and replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, so as to realize offline transaction authentication.

Specifically, for convenience of flow description, a first client and a second client are provided, where functions of the first client and the second client may exist in one client, and different functions are executed when offline transactions are performed.

In the embodiment of the invention, the electronic signature technology is adopted, the central server generates ticket face basic information, the chained encryption transaction flow technology is adopted, any client cannot delete and modify the previous transaction flow, the server public key is used for encryption, and the client private key is used for encryption to determine ownership, so that the transaction security requirement can be met under the high-risk high-value transaction scenario.

The off-line transaction authentication system of the embodiment of the invention has the advantages that the center server accords with the related standard of the hardware encryptor, can provide standard symmetric encryption and decryption, asymmetric encryption and decryption, encryption and verification signature functions, and can generate related certificate files.

In one embodiment, determining the nominal amount based on the request of the first client may include: the first client may include a first mobile phone of the first user, and the central server may include a bank server that determines the amount of the ticket according to the request of the first mobile phone, for example, the bank server determines the amount of the ticket to be 1000 yuan according to the request of the first mobile phone.

In one embodiment, generating an electronic cash coupon serial number and a clear text password may include: the central server randomly generates an electronic cash coupon serial number 001 and a clear password 666.

In one embodiment, encrypting the ticket amount and the electronic cash coupon serial number using the central server private key, the obtaining coupon information may include: the central server encrypts the ticket amount 1000 yuan and the electronic cash coupon serial number 001 by using a private key of the central server, and the encrypted ticket amount 1000 yuan and the encrypted electronic cash coupon serial number 001 are coupon information.

In one embodiment, encrypting the plaintext password using the central server private key, generating the central server electronic signature may include: the plaintext password 666 is encrypted using the central server private key to generate a central server electronic signature.

In one embodiment, integrating the face amount, the electronic cash coupon serial number, the coupon information, and the central server electronic signature, obtaining the electronic cash coupon may include: and integrating the 1000 yuan of the ticket amount, the serial number 001 of the electronic cash coupon, the 1000 yuan of the encrypted ticket amount, the serial number 001 of the encrypted electronic cash coupon and the electronic signature of the central server together to obtain the electronic cash coupon.

In one embodiment, a certificate is generated using a central server private key; the sending of the electronic cash coupon and the certificate to the first client may include: generating a certificate through OpenSSL (Open Secure Sockets Layer, open secure socket layer protocol) by using a private key of a central server; and sending the electronic cash coupon and the certificate to the first mobile phone.

In one embodiment, sending the request to the central server may include: before off-line transaction, the first mobile phone generates an electronic cash coupon of 1000 yuan according to 1000 yuan of information input by the first user, and sends the electronic cash coupon to the central server.

In one embodiment, an electronic cash coupon and a certificate are received; decrypting the central server electronic signature in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the first client private key, and generating the first client electronic signature may include: the first mobile phone receives the electronic cash coupon and the certificate sent by the bank server; the first mobile phone decrypts the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password 666, encrypts the plaintext password 666 by using the private key of the first mobile phone, and generates a first electronic signature.

In one embodiment, replacing the central server electronic signature in the electronic cash coupon with the first client electronic signature, deriving the first client electronic cash coupon may include: and replacing the electronic signature of the central server in the electronic cash coupon by using the first mobile phone electronic signature to obtain the electronic cash coupon with the electronic signature being the first mobile phone electronic signature, namely the first client electronic cash coupon.

In one embodiment, performing offline transaction with the second client, generating transaction running water, encrypting the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writing the transaction running water and the transaction running water ciphertext into the first client electronic cash coupon, and sending the first client electronic cash coupon and the certificate to the second client may include: the first mobile phone and the second mobile phone conduct offline transaction, the first mobile phone generates transaction running water, transaction running water content can comprise that both transaction sides are the first mobile phone and the second mobile phone, the private key of the first mobile phone is used for encrypting the transaction running water, encrypted transaction running water ciphertext is obtained, the transaction running water and the transaction running water ciphertext are written into the first mobile phone electronic cash register, the first mobile phone electronic cash register comprises the transaction running water and the transaction running water ciphertext, the first mobile phone electronic cash register and a bank server transmit certificates of the first mobile phone to the second mobile phone, and the certificates are sent to the second mobile phone.

In one embodiment, verifying that the certificate of the first client is legitimate using the central server public key may include: the second mobile phone uses the public key of the bank server to verify whether the certificate sent by the first mobile phone is issued by the bank server, namely whether the certificate is legal or not.

To further enhance the humanized design of the offline transaction, the second client 103 may specifically be configured to: decrypting the certificate of the first client by using the public key of the central server to obtain a certificate authentication mechanism of the first client, and decrypting the certificate of the second client by using the public key of the central server to obtain the certificate authentication mechanism of the second client; comparing the certificate authority of the first client with the certificate authority of the second client; if the comparison is consistent, the certificate of the first client is legal; if the comparison is inconsistent, the certificate of the first client is illegal, and the user is prompted that the certificate is wrong and the transaction is ended.

In one embodiment, decrypting the certificate of the first client using the central server public key, verifying that the first client identity is correct may include: the second mobile phone uses the bank server public key to decrypt whether the holder information included in the certificate sent by the first mobile phone is the first mobile phone, to verify whether the first mobile phone is correct.

To further enhance the humanized design of the offline transaction, the second client 103 may specifically be configured to: decrypting the certificate of the first client by using the public key of the central server to obtain holder information; comparing the holder information with first client identity information, wherein the first client electronic cash coupon comprises the first client identity information; if the comparison is consistent, the identity of the first client is correct; if the comparison is inconsistent, the first client identity is incorrect, and the user is prompted that the first client identity is wrong and the transaction is ended.

In one embodiment, verifying that the first client electronic cash coupon is authentic based on the coupon information, the face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key may include: and the second mobile phone uses the public key of the bank server to decrypt the ticket information in the first mobile phone electronic cash register, and after decryption, the ticket amount and the serial number of the electronic cash register are compared and consistent, and the verification result is that the first mobile phone electronic cash register is true.

To further enhance the humanized design of the offline transaction, the second client 103 may specifically be configured to: decrypting the ticket information in the first client electronic cash coupon by using the public key of the central server to obtain decrypted ticket amount and an electronic cash coupon serial number, and comparing the decrypted ticket amount with the electronic cash coupon serial number, the ticket amount in the first client electronic cash coupon and the electronic cash coupon serial number to verify the ticket information; if the comparison is consistent, the electronic cash coupon of the first client is true; if the comparison is inconsistent, the electronic cash coupon of the first client is false, and the user is prompted to make mistakes and end the transaction.

In one embodiment, verifying that the transaction pipeline in the first client electronic cash coupon is correct using the public key of the first client may include: the second mobile phone uses the public key of the first mobile phone to decrypt the transaction flow cipher text in the first mobile phone electronic cash register, and then compares the transaction flow cipher text with the transaction flow, and the verification result is that the transaction flow is correct.

To further enhance the humanized design of the offline transaction, the second client 103 may specifically be configured to: verifying the transaction flow ciphertext by using the public key of the first client to obtain decrypted transaction flow; comparing the decrypted transaction running water with the transaction running water; if the comparison is consistent, the transaction flow is correct; if the comparison is inconsistent, the transaction flow is incorrect, the user is prompted to make a transaction flow error, and the transaction is ended.

In one embodiment, decrypting the first client electronic signature in the first client electronic cash coupon using the public key of the first client to obtain a plaintext password, encrypting the plaintext password using the second client private key, and generating the second client electronic signature may include: the second mobile phone uses the public key of the first mobile phone to decrypt the first mobile phone electronic signature in the first mobile phone electronic cash coupon to obtain a plaintext password 666, and uses the private key of the second mobile phone to encrypt the plaintext password 666 to generate a second mobile phone electronic signature.

In one embodiment, replacing the first client electronic signature with the second client electronic signature to obtain the second client electronic cash coupon, and implementing the offline transaction authentication may include: and the second mobile phone uses the second mobile phone electronic signature to replace the first mobile phone electronic signature in the first mobile phone electronic cash register to obtain the second mobile phone electronic cash register, and at the moment, the transaction from the first mobile phone to the second mobile phone is completed, so that the offline transaction authentication is realized.

To further increase the security of transactions, implementing online verification of offline transactions, the central server 101 may also be configured to: receiving an electronic cash coupon authenticity verification request sent by a second client, wherein the electronic cash coupon authenticity verification request comprises the electronic cash coupon of the second client; decrypting the ticket information in the second client electronic cash coupon by using the public key to obtain decrypted ticket amount and electronic cash coupon serial number, and comparing the decrypted ticket amount and electronic cash coupon serial number with the ticket amount and electronic cash coupon serial number in the second client electronic cash coupon to verify whether the ticket information is correct or not; decrypting the transaction flow ciphertext in the electronic cash register of the second client by using the public key of the first client to obtain decrypted transaction flow, and comparing the decrypted transaction flow with the transaction flow in the electronic cash register to verify whether the transaction flow is correct or not; and decrypting the second client electronic signature in the second client electronic cash coupon by using the second client public key to obtain a plaintext password of the second client, and comparing the plaintext password of the second client with the plaintext password generated by the central server to verify the second client electronic signature.

In an embodiment of the present invention, a central server is provided, and fig. 2 is a schematic diagram of a central server in an embodiment of the present invention, as shown in fig. 2, the central server may include:

An amount generation module 201, configured to determine a ticket amount according to a request of a first client;

a serial number password generation module 202 for generating an electronic cash coupon serial number and a plaintext password;

an encryption module 203, configured to encrypt the ticket amount and the serial number of the electronic cash ticket by using a private key of the central server, so as to obtain ticket information;

a signature module 204, configured to encrypt the plaintext password using a central server private key, and generate a central server electronic signature;

the integration module 205 is configured to integrate the ticket amount, the serial number of the electronic cash coupon, the coupon information, and the electronic signature of the central server to obtain the electronic cash coupon;

A certificate generation module 206 for generating a certificate using the central server private key;

A sending module 207 for sending the electronic cash coupon and the certificate to the first client.

In an embodiment of the present invention, a specific example of a central server is provided, and fig. 3 is a schematic diagram of a specific example of a central server in an embodiment of the present invention, as shown in fig. 3, where the central server may further include:

a receiving module 301, configured to receive an electronic cash coupon authenticity verification request sent by a second client, where the electronic cash coupon authenticity verification request includes the second client electronic cash coupon;

The ticket information verification module 302 decrypts the ticket information in the second client electronic cash ticket by using the public key to obtain the decrypted ticket amount and the electronic cash ticket serial number, and compares the decrypted ticket amount and the electronic cash ticket serial number with the ticket amount and the electronic cash ticket serial number in the second client electronic cash ticket to verify whether the ticket information is correct;

The transaction flow verification module 303 is configured to decrypt the transaction flow ciphertext in the second client electronic cash coupon using the first client public key, obtain a decrypted transaction flow, and compare the decrypted transaction flow with the transaction flow in the electronic cash coupon to verify whether the transaction flow is correct;

The second client verification module 304 is configured to decrypt the second client electronic signature in the second client electronic cash coupon by using the second client public key, obtain a plaintext password of the second client, and perform second client electronic signature verification by comparing the plaintext password of the second client with the plaintext password generated by the central server.

In an embodiment of the present invention, a first client is provided, and fig. 4 is a schematic diagram of a first client in an embodiment of the present invention, where as shown in fig. 4, the first client may include:

a sending request module 401, configured to send a request to a central server;

a receiving module 402 for receiving electronic coupons and certificates;

The first client signature module 403 is configured to decrypt the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypt the plaintext password using the first client private key, and generate a first client electronic signature;

The first label replacing module 404 is configured to replace a central server electronic signature in the electronic cash coupon with a first client electronic signature to obtain a first client electronic cash coupon;

the transaction flow module 405 performs offline transaction with the second client, generates transaction flow, encrypts the transaction flow by using the private key of the first client to obtain transaction flow ciphertext, writes the transaction flow and the transaction flow ciphertext into the first client electronic cash coupon, and sends the first client electronic cash coupon and the certificate to the second client.

In an embodiment of the present invention, a second client is provided, and fig. 5 is a schematic diagram of the second client in the embodiment of the present invention, where as shown in fig. 5, the second client may include:

a certificate verification module 501 configured to verify that a certificate of the first client is legal using a central server public key;

The first client identity module 502 is verified, the certificate of the first client is decrypted by using the public key of the central server, and the identity of the first client is verified to be correct;

A first client electronic cash coupon verification module 503, configured to verify that the first client electronic cash coupon is authentic based on the coupon information, the ticket amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key;

a verification transaction pipelining module 504, configured to verify that the transaction pipelining in the first client electronic cash coupon is correct using the public key of the first client;

A second client signature module 505, configured to decrypt a first client electronic signature in the first client electronic cash coupon using a public key of the first client to obtain a plaintext password, encrypt the plaintext password using a second client private key, and generate a second client electronic signature;

The second label changing module 506 replaces the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, and realizes offline transaction authentication.

In one embodiment, the verification certificate module 501 may be specifically configured to:

Decrypting the certificate of the first client by using the public key of the central server to obtain a certificate authentication mechanism of the first client, and decrypting the certificate of the second client by using the public key of the central server to obtain the certificate authentication mechanism of the second client; comparing the certificate authority of the first client with the certificate authority of the second client; if the comparison is consistent, the certificate of the first client is legal; if the comparison is inconsistent, the certificate of the first client is illegal, and the user is prompted that the certificate is wrong and the transaction is ended.

In one embodiment, verifying the first client identity module 502 may be specifically used to:

Decrypting the certificate of the first client by using the public key of the central server to obtain holder information; comparing the holder information with first client identity information, wherein the first client electronic cash coupon comprises the first client identity information; if the comparison is consistent, the identity of the first client is correct; if the comparison is inconsistent, the first client identity is incorrect, and the user is prompted that the first client identity is wrong and the transaction is ended.

In one embodiment, the verification first client electronic coupon module 503 may be specifically configured to:

Decrypting the ticket information in the first client electronic cash coupon by using the public key of the central server to obtain decrypted ticket amount and an electronic cash coupon serial number, and comparing the decrypted ticket amount with the electronic cash coupon serial number, the ticket amount in the first client electronic cash coupon and the electronic cash coupon serial number to verify the ticket information; if the comparison is consistent, the electronic cash coupon of the first client is true; if the comparison is inconsistent, the electronic cash coupon of the first client is false, and the user is prompted to make mistakes and end the transaction.

In one embodiment, the verification transaction pipelining module 504 may be specifically configured to:

verifying the transaction flow ciphertext by using the public key of the first client to obtain decrypted transaction flow; comparing the decrypted transaction running water with the transaction running water; if the comparison is consistent, the transaction flow is correct; if the comparison is inconsistent, the transaction flow is incorrect, the user is prompted to make a transaction flow error, and the transaction is ended.

An embodiment of the present invention provides an offline transaction authentication method, and fig. 6 is a flowchart of an offline transaction authentication method in an embodiment of the present invention, where as shown in fig. 6, the offline transaction authentication method may include:

step 601, a first client sends a request to a central server;

Step 602, the central server determines the amount of the ticket according to the request of the first client; generating an electronic cash coupon serial number and a plaintext password; encrypting the ticket amount and the electronic cash ticket serial number by using a private key of a central server to obtain ticket information; encrypting the plaintext password by using a private key of the central server to generate an electronic signature of the central server; integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain an electronic cash coupon; generating a certificate by using a private key of a central server; transmitting the electronic cash coupon and the certificate to a first client;

Step 603, the first client receives an electronic cash coupon and a certificate; decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature; replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client; the method comprises the steps of conducting offline transaction with a second client, generating transaction running water, encrypting the transaction running water by using a private key of the first client to obtain transaction running water ciphertext, writing the transaction running water ciphertext and the transaction running water ciphertext into a first client electronic cash coupon, and sending the first client electronic cash coupon and a certificate to the second client;

Step 604, the second client verifies that the certificate of the first client is legal by using the public key of the central server; decrypting the certificate of the first client by using the public key of the central server, and verifying that the identity of the first client is correct; verifying that the first client electronic cash coupon is authentic based on the coupon information, the ticket face amount, and the electronic cash coupon serial number in the first client electronic cash coupon using the central server public key; verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client; decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature; and replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, so as to realize offline transaction authentication.

An embodiment of an offline transaction authentication method is provided in the present invention, and fig. 7 is a flowchart of an embodiment of an offline transaction authentication method in the present invention, as shown in fig. 7, where the offline transaction authentication method may include:

Step 701, the central server receives an electronic cash coupon authenticity verification request sent by a second client, wherein the electronic cash coupon authenticity verification request comprises the electronic cash coupon of the second client;

Step 702, the central server decrypts the ticket information in the second client electronic cash coupon by using the public key to obtain decrypted ticket amount and electronic cash coupon serial number, and compares the decrypted ticket amount and electronic cash coupon serial number with the ticket amount and electronic cash coupon serial number in the second client electronic cash coupon to verify whether the ticket information is correct;

Step 703, the central server decrypts the transaction flow ciphertext in the second client electronic cash coupon by using the first client public key to obtain a decrypted transaction flow, and compares the decrypted transaction flow with the transaction flow in the electronic cash coupon to verify whether the transaction flow is correct;

step 704, the central server decrypts the second client electronic signature by using the public key of the second client to obtain a plaintext password of the second client, and performs verification of the second client electronic signature by comparing the plaintext password of the second client with the plaintext password generated by the central server.

An embodiment of the present invention provides an offline transaction authentication method, and fig. 8 is a flowchart of an offline transaction authentication method in an embodiment of the present invention, where as shown in fig. 8, the offline transaction authentication method may include:

Step 801, determining a ticket amount according to a request of a first client;

Step 802, generating an electronic cash coupon serial number and a plaintext password;

step 803, encrypting the ticket amount and the serial number of the electronic cash ticket by using a private key of the central server to obtain ticket information;

step 804, encrypting the plaintext password by using the private key of the central server to generate an electronic signature of the central server;

Step 805, integrating the ticket amount, the electronic cash coupon serial number, the coupon information and the electronic signature of the central server to obtain the electronic cash coupon;

step 806, generating a certificate by using the private key of the central server;

step 807, sending the electronic cash coupon and the certificate to the first client.

An embodiment of the present invention provides an offline transaction authentication method, and fig. 9 is a flowchart of an offline transaction authentication method in an embodiment of the present invention, where as shown in fig. 9, the offline transaction authentication method may include:

Step 901, sending a request to a central server;

Step 902, receiving an electronic cash coupon and a certificate;

Step 903, decrypting the electronic signature of the central server in the electronic cash coupon according to the public key of the central server to obtain a plaintext password, encrypting the plaintext password by using the private key of the first client, and generating a first client electronic signature;

Step 904, replacing the electronic signature of the central server in the electronic cash coupon with the electronic signature of the first client to obtain the electronic cash coupon of the first client;

Step 905, performing offline transaction with the second client, generating transaction running water, encrypting the transaction running water by using the private key of the first client to obtain transaction running water ciphertext, writing the transaction running water ciphertext and the transaction running water ciphertext into the first client electronic cash coupon, and sending the first client electronic cash coupon and the certificate to the second client.

An embodiment of the present invention provides an offline transaction authentication method, and fig. 10 is a flowchart of an offline transaction authentication method in an embodiment of the present invention, where as shown in fig. 10, the offline transaction authentication method may include:

step 1001, verifying that the certificate of the first client is legal by using the public key of the central server;

step 1002, decrypting a certificate of the first client by using a public key of the central server, and verifying that the identity of the first client is correct;

step 1003, verifying that the first client electronic cash coupon is true based on the coupon information, the ticket amount and the electronic cash coupon serial number in the first client electronic cash coupon by using the public key of the central server;

step 1004, verifying that the transaction flow in the first client electronic cash coupon is correct by using the public key of the first client;

Step 1005, decrypting the first client electronic signature in the first client electronic cash coupon by using the public key of the first client to obtain a plaintext password, encrypting the plaintext password by using the private key of the second client, and generating a second client electronic signature;

And 1006, replacing the first client electronic signature with the second client electronic signature to obtain a second client electronic cash coupon, and realizing offline transaction authentication.

In one embodiment, the step 1001 may include the following steps:

decrypting the certificate of the first client by using the public key of the central server to obtain a certificate authentication mechanism of the first client, and decrypting the certificate of the second client by using the public key of the central server to obtain the certificate authentication mechanism of the second client;

Comparing the certificate authority of the first client with the certificate authority of the second client;

if the comparison is consistent, the certificate of the first client is legal;

if the comparison is inconsistent, the certificate of the first client is illegal, and the user is prompted that the certificate is wrong and the transaction is ended.

In one embodiment, the step 1002 may include the following steps:

decrypting the certificate of the first client by using the public key of the central server to obtain holder information;

Comparing the holder information with first client identity information, wherein the first client electronic cash coupon comprises the first client identity information;

If the comparison is consistent, the identity of the first client is correct;

If the comparison is inconsistent, the first client identity is incorrect, and the user is prompted that the first client identity is wrong and the transaction is ended.

In one embodiment, the step 1003 may include the following steps:

decrypting the ticket information in the first client electronic cash coupon by using the public key of the central server to obtain decrypted ticket amount and an electronic cash coupon serial number, and comparing the decrypted ticket amount with the electronic cash coupon serial number, the ticket amount in the first client electronic cash coupon and the electronic cash coupon serial number to verify the ticket information;

If the comparison is consistent, the electronic cash coupon of the first client is true;

If the comparison is inconsistent, the electronic cash coupon of the first client is false, and the user is prompted to make mistakes and end the transaction.

In one embodiment, the step 1004 may include the following steps:

verifying the transaction flow ciphertext by using the public key of the first client to obtain decrypted transaction flow;

Comparing the decrypted transaction running water with the transaction running water;

If the comparison is consistent, the transaction flow is correct;

If the comparison is inconsistent, the transaction flow is incorrect, the user is prompted to make a transaction flow error, and the transaction is ended.

FIG. 11 is a general flowchart of an offline transaction authentication method according to an embodiment of the present invention, as shown in FIG. 11, the general flowchart includes:

1. the basic process of the system comprises the following steps:

1. The system has a central server, the server stores the public key pubKey-center and the private key PriKey-center, and the server stores the public keys pubKey-x of all users at the same time. Customer A, B, C is a registered customer, A has the public and private key PubKey-A, priKey-A. B has public and private key PubKey-B, priKey-B. C has public and private key PubKey-C, priKey-C. Each client stores the public key PubKey-center of the server at the same time

2. Customer a has a 1000-yuan denomination electronic cash coupon issued directly by the central system. As shown in fig. 12, the electronic cash coupon data structure contains the following information: ① Electronic Signature-center ③ electronic coupon serial number SerialNo ④ electronic Signature-a ⑤ of current owner (a client) of the ticket amount 1000-element Balance (1000) ② center server is other related information of center private key encrypted ticket information Sec-center (Balance (1000) + SerialNo) ⑥.

2. Transaction procedure I (a pays full 1000 yuan to B):

B user verifies the public key certificate and electronic signature of A user. The B user verifies that the a user certificate is legitimate (confirming that the certificate was issued by the central server) using the central public key PubKey-center. And verifying that the identity of the user A is correct.

And B, verifying the authenticity of the bill by the user. The user B uses the center public key to decrypt the ticket information Sec-center (Balance (1000) + SerialNo), and the obtained amount matches the ticket serial number with the plain text, and the authenticity verification is passed.

A user generates transaction flow Tran (A- > B). And encrypts the content using the private key of a to generate transaction stream Sec-a (Tran (a- > B)). B uses the public key of A to verify that the transaction stream is correct.

B user removes the electronic Signature Signature-A using A's public key, and then signs Signature-B for the received electronic coupon itself.

3. Transaction Process II (B pays 500 Yuan to C)

C, the user verifies the public key certificate and the electronic signature of the user B. The C user verifies that the B user certificate is legitimate (confirming that the certificate was issued by the central server) using the central public key PubKey-center. And verifying the identity of the user B.

And C, verifying the authenticity of the bill by the user. And C, the user uses the central public key to decrypt the ticket information Sec-center (Basance (1000) + SerialNo), the obtained amount is consistent with the ticket serial number and the plaintext, and the authenticity verification is passed.

B user generates trade stream Tran (B- > C). And encrypts the content using the private key of B, generating transaction stream Sec-B (Tran (B- > C)).

The B user will Tran (A- > B), tran (B- > C), sec-A (Tran (A- > B)), sec-B (Tran (B- > C)). C uses the public key of B to verify that the last transaction stream is correct.

C the user removes the electronic Signature Signature-B using the public key of B, and then signs Signature-C for the received electronic coupon itself.

4. Online authentication Process I (B user online authentication of genuine)

And B, after the user is connected with the network, the authenticity of the remaining 500-element electronic cash coupon can be verified. The cash coupon held by the B user at this time includes: initial coupon information Sec-center (Balance (1000) + SerialNo); plain text transaction pipeline Tran (A- > B); ciphertext transaction stream Sec-A (Tran (A- > B)); b own electronic Signature-B.

2. After receiving the verification request, the central server first checks the initial ticket information Sec-center (Balance (1000) + SerialNo), which is an electronic cash ticket with 1000 yuan of denomination issued to a by the central system.

3. The central server verifies the transaction pipeline Tran (A- > B) while decrypting Sec-A (Tran (A- > B)) using the public key of A. And the match of the two indicates that A pays 500 yuan to B by using the cash coupon.

4. The central server verifies Signature-B and validates that this 500-element is owned by B.

5. After verification is completed, the central server recognizes that the transaction is valid, and then subsequent operations (500 yuan can be drawn from the A real account to B) can be completed.

5. Online verification Process II (C user online verification of authenticity)

C, after the user is connected with the network, the user can verify the authenticity of the 500-element electronic cash coupon in the hand. The cash coupon of the C user contains the following information: initial coupon information Sec-center (Balance (1000) + SerialNo); plain text transaction flow Tran (A- > B), tran (B- > C); ciphertext transaction flows Sec-A (Tran (A- > B)), sec-B (Tran (B- > C)); c own electronic Signature-C.

3. The central server verifies the transaction pipeline Tran (A- > B) while decrypting Sec-A (Tran (A- > B)) using A's public key, which is consistent, indicating that A paid 500 yuan to B using the cash coupon. Again, tran (B- > C) was verified, and Sec-B (Tran (B- > C)) was decrypted using B's public key, which in turn, indicated that B paid 500 yuan to C using the cash coupon.

4. The central server verifies Signature-C and validates that this 500-element is owned by C.

5. After verification is completed, the central server recognizes that the transaction is valid, and then subsequent operations can be completed (500 elements can be transferred from the A real account to the B).

6. Design of anti-fake mechanism

1. Initial coupon information Sec-center (Balance (1000) + SerialNo). The plaintext content is the initial denomination + random serial number. The information is encrypted using the private key of the central server. Everyone can read out the plain content using the public key of the central server, but cannot forge the encrypted data (since the private key for encryption is owned by the central server only).

2. A digital signature file. The server randomly generates a plaintext password SignPassWord-P and stores it in the server database, and then encrypts the password using the server public key to generate encrypted password SignPassWord-E. A signs encrypted password SignPassWord-E using the private key to form Signature-A. When the ticket is traded to B or C, B and C can obtain SignPassWord-P using the original owner's public key, and then encrypt with their own private key to obtain ownership. When verification is needed, the server can obtain SignPassWord-E by using the public key of the final owner X, then uses the private key of the server to solve SignPassWord-P, and finally verifies that the signature is valid, wherein X is the legal owner of the ticket.

3. And (5) recording chain type transaction.

The first running water is Tran (A- > B) and contains information such as time and amount of transaction. When encrypting using the private key of a, a hash code of the package encryption Tran (a- > B) and the initial ticket information Sec-center (Balance (1000) + SerialNo) is required. Namely, sec-A (Tran (A- > B))=Sec-A (Tran (A- > B) +Hash (Sec-center (Balance (1000) + SerialNo))).

The second transaction pipeline is Tran (B- > C), and the hash codes of Tran (B- > C) and Sec-A (Tran (A- > B)) are required to be encrypted by using the private key of B in encryption.

Namely, sec-B (Tran (B- > C))=Sec-B (Tran (B- > C) +Hash (Sec-A (Tran (A- > B))).

It can be seen that each ring in the chain encryption structure contains the digital index information of the last ring. The design ensures that the transactor in each transaction link can only verify that the transaction information of the link is correct, but cannot change the previous transaction, and can only faithfully transmit. The central server can verify the authenticity of all transactions from the back to the front by having the public keys of all clients (the central server can only verify the authenticity of all transactions and cannot deny and modify any ring transaction as well). If any user tampers with the data in the whole transaction chain, the central server can also find the user according to the decryption chain process.

It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims

1. An offline transaction authentication system, comprising: the system comprises a central server, a first client and a second client;

2. The system of claim 1, wherein the central server is further configured to:

Receiving an electronic cash coupon authenticity verification request sent by a second client, wherein the electronic cash coupon authenticity verification request comprises the electronic cash coupon of the second client;

Decrypting the ticket information in the second client electronic cash coupon by using the public key to obtain decrypted ticket amount and electronic cash coupon serial number, and comparing the decrypted ticket amount and electronic cash coupon serial number with the ticket amount and electronic cash coupon serial number in the second client electronic cash coupon to verify whether the ticket information is correct or not;

Decrypting the transaction flow ciphertext in the electronic cash register of the second client by using the public key of the first client to obtain decrypted transaction flow, and comparing the decrypted transaction flow with the transaction flow in the electronic cash register to verify whether the transaction flow is correct or not;

And decrypting the second client electronic signature in the second client electronic cash coupon by using the second client public key to obtain a plaintext password of the second client, and comparing the plaintext password of the second client with the plaintext password generated by the central server to verify the second client electronic signature.

3. The system of claim 1, wherein the second client is specifically configured to:

if the comparison is consistent, the certificate of the first client is legal;

4. The system of claim 1, wherein the second client is specifically configured to:

If the comparison is consistent, the identity of the first client is correct;

5. The system of claim 1, wherein the second client is specifically configured to:

6. The system of claim 1, wherein the second client is further to:

If the comparison is consistent, the transaction flow is correct;

7. An offline transaction authentication method, comprising:

the first client sends a request to a central server;

8. The method as recited in claim 7, further comprising:

The method comprises the steps that a center server receives an electronic cash coupon authenticity verification request sent by a second client, wherein the electronic cash coupon authenticity verification request comprises the electronic cash coupon of the second client;

The central server decrypts the ticket information in the second client electronic cash coupon by using the public key to obtain decrypted ticket amount and electronic cash coupon serial number, and compares the decrypted ticket amount and electronic cash coupon serial number with the ticket amount and electronic cash coupon serial number in the second client electronic cash coupon to verify whether the ticket information is correct;

The central server uses the public key of the first client to decrypt the transaction flow ciphertext in the electronic cash register of the second client to obtain decrypted transaction flow, and compares the decrypted transaction flow with the transaction flow in the electronic cash register to verify whether the transaction flow is correct or not;

the center server decrypts the second client electronic signature by using the public key of the second client to obtain a plaintext password of the second client, and the second client electronic signature verification is performed by comparing the plaintext password of the second client with the plaintext password generated by the center server.

9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 7 to 8 when executing the computer program.

10. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 7 to 8.