[go: up one dir, main page]

WO2020073715A1 - Two-dimensional code anti-counterfeiting method, device and system based on security application - Google Patents

Two-dimensional code anti-counterfeiting method, device and system based on security application Download PDF

Info

Publication number
WO2020073715A1
WO2020073715A1 PCT/CN2019/097095 CN2019097095W WO2020073715A1 WO 2020073715 A1 WO2020073715 A1 WO 2020073715A1 CN 2019097095 W CN2019097095 W CN 2019097095W WO 2020073715 A1 WO2020073715 A1 WO 2020073715A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
security application
dimensional code
dimensional
management server
Prior art date
Application number
PCT/CN2019/097095
Other languages
French (fr)
Chinese (zh)
Inventor
孙曦
落红卫
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2020073715A1 publication Critical patent/WO2020073715A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisions for transferring data to distant stations, e.g. from a sensing device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud

Definitions

  • This application relates to the field of security, and in particular to a method, equipment and system for anti-counterfeiting of two-dimensional codes based on security applications.
  • QR codes have been widely used, such as scanning codes to open shared bicycles, scanning payments, etc.
  • some companies also provide dynamic two-dimensional codes.
  • the data in the dynamic two-dimensional codes will be updated over time to show the changed two-dimensional codes.
  • the two-dimensional code information itself does not have anti-counterfeiting capability, that is, after the two-dimensional code is parsed by the decoding device, the two-dimensional code data in clear text is directly obtained, Consistent, the barcode scanning device cannot verify the legality of the QR code information locally.
  • the QR code information In order to verify the legitimacy of the QR code information, the QR code information needs to be sent to the back-end server, relying on the risk control capabilities of the back-end server for security protection. However, in this process, it is possible that the legality of the information in the QR code cannot be recognized, resulting in access to a malicious website or execution of a malicious program, which in turn causes damage to the user.
  • the embodiments of the present application provide a security application-based two-dimensional code anti-counterfeiting method, device and system, which are used to solve the problem of low security of two-dimensional codes.
  • An embodiment of the present application provides a security application-based two-dimensional code anti-counterfeiting method.
  • the method includes:
  • the QR code security application receives a request to generate QR code information data
  • the QR code security application signs the QR code business information according to the private key of the QR code security application
  • QR code security application sends QR code information data
  • the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  • An embodiment of the present application provides a two-dimensional code reading method.
  • the method includes:
  • This application provides a two-dimensional code anti-counterfeiting method based on security applications.
  • the method includes:
  • the QR code display module sends a request to generate QR code information data
  • the QR code security application receives a request to generate QR code information data
  • the QR code security application signs the QR code business information according to the private key of the QR code security application
  • QR code securely sends QR code information data to the QR code display module
  • the two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code
  • the QR code reading device scans the QR code to obtain the QR code service information and the signature of the QR code service application on the QR code service information;
  • the two-dimensional code reading device verifies the signature of the two-dimensional code business information, and confirms the two-dimensional code business information
  • the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  • This application provides a two-dimensional code anti-counterfeiting device, which includes a two-dimensional code security module;
  • the QR code security module is also used to receive the request to generate QR code information data; sign the QR code business information according to the private key of the QR code security application; send the QR code information data;
  • the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  • An embodiment of the present application provides a two-dimensional code anti-counterfeiting device, which includes a security chip and a memory, and a two-dimensional code security program is stored on the memory;
  • the security chip is used to execute the two-dimensional code security program to implement the method according to claim 1.
  • An embodiment of the present application provides a two-dimensional code anti-counterfeiting device.
  • the device includes a processor and a memory, and the memory stores a two-dimensional code security program;
  • the processor is configured to execute the two-dimensional code security program to implement the method.
  • An embodiment of the present application provides a two-dimensional code anti-counterfeiting device.
  • the device includes:
  • Request receiving module which is used to receive the request to generate QR code information data
  • the QR code business information signature module is used to sign the QR code business information according to the private key of the QR code security application
  • QR code information data sending module used to send QR code information data
  • the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  • An embodiment of the present application provides a two-dimensional code reading device.
  • the two-dimensional code reading device includes:
  • a scanning module configured to scan a two-dimensional code to obtain two-dimensional code business information and a signature of the two-dimensional code business information by a two-dimensional code security application;
  • a verification module is used to verify the signature of the QR code service information and confirm the QR code service information.
  • An embodiment of the present application provides a two-dimensional code reading device, characterized in that the device includes a processor and a memory, and a program is stored on the memory;
  • the processor is configured to execute the program to implement the method.
  • An embodiment of the present application provides a two-dimensional code anti-counterfeiting system.
  • the system includes the device and the two-dimensional code reading device.
  • the embodiments of the present application sign the business data of the two-dimensional code through a security chip or a trusted execution environment, thereby improving the security of the two-dimensional code, and through the use of the certificate, the two-dimensional code reading device can locally perform two-dimensional code reading. Verification of the legality of the dimension code reduces the probability of risk occurrence.
  • FIG. 2 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a second embodiment of this application;
  • FIG. 3 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a third embodiment of this application.
  • FIG. 4 is a schematic diagram of a two-dimensional code display process according to a fourth embodiment of the application.
  • FIG. 5 is a schematic diagram of a two-dimensional code reading process according to the fifth embodiment of the present application.
  • FIG. 6 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a sixth embodiment of this application.
  • FIG. 7 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a seventh embodiment of this application.
  • FIG. 8 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eighth embodiment of this application.
  • FIG. 9 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a ninth embodiment of this application.
  • FIG. 10 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a tenth embodiment of this application.
  • FIG. 11 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eleventh embodiment of this application.
  • FIG. 12 is a schematic diagram of a two-dimensional code generation and display system according to a twelfth embodiment of this application.
  • FIG. 13 is a schematic diagram of a two-dimensional code anti-counterfeiting system according to a thirteenth embodiment of the present application.
  • the implementation of this application discloses a certificate distribution method for a two-dimensional code, which specifically includes:
  • Step S11 the QR code management server generates an asymmetric key, including the QR code management server public key Public_Key_Server and the QR code management server private key Private_Key_Server; in the actual application process, if the RSA algorithm is used to generate the key, its It is generally composed of a public key and a modulus value, and a private key and a modulus value.
  • the modulus value generally selects 1024 bits or 2048 bits.
  • Step S12 the QR code management server distributes the QR code management server public key to several terminal devices, such as smart phones, tablets, computers, etc.
  • the terminal device can use the received QR code management server public key Public_Key_Server to encrypt data or Verify the signature; the public key of the QR code management server Public_Key_Server can be transmitted without the establishment of the QR code management server and the terminal device secure channel, for example, the QR code management server directly manages the QR code according to the request of the terminal device
  • the public key of the server, Public_Key_Server is returned to the terminal device. You can also establish a secure channel before returning the QR code management server public key Public_Key_Server to the terminal device.
  • the Secure Sockets Layer (SSL) protocol is used to establish the secure channel, and then the second The public key Public_Key_Server of the dimension code management server is returned to the terminal device.
  • SSL Secure Sockets Layer
  • the public key is used to encrypt data and verify the signature
  • the private key is used to decrypt and sign.
  • Step S13 the QR code security application in the terminal device generates an asymmetric key, including the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client; the QR code security application generated QR code security application
  • the public key Public_Key_Client can be used for the QR code management server to generate a certificate
  • the QR code security application private key Private_Key_Client can be used to generate a signature
  • the certificate can be based on the X.509v3 certificate standard, and the information contained in the certificate generally includes: public key value, public Key owner's identifier information, validity period, certificate issuer's identifier information, certificate issuer's digital signature, etc.
  • Step S14 the QR code security application sends the public key Public_Key_Client of the QR code security application to the QR code management server; similarly, the public key Public_Key_Client of the QR code security application can be sent without establishing the terminal device and the QR code Transmit in the case of a secure channel between management servers, for example, the terminal device directly sends the public key of the QR code security application Public_Key_Client to the QR code management server, or can send the QR code security application to the QR code management server
  • the public key of the Public_Key_Client is established before, for example, the SSL protocol is used to establish a secure channel, and then the public key of the QR code security application Public_Key_Client is sent to the QR code management server.
  • Step S15 the QR code management server uses the private key Private_Key_Server of the QR code management server to sign the security application public key Public_Key_Client of the QR code to generate a certificate; during the process of generating the certificate, the QR code security application public key can be directly applied Public_Key_Client sign to generate a certificate (public key certificate, PKC), you can also hash the QR code security application public key Public_Key_Client to calculate the hash value, and then use the QR code management server's private key Private_Key_Server to sign the hash value Generate a certificate PKC; as an example, the certificate includes: the security application public key (m, d) of the QR code, the security application ID 1001, the validity period is January 1, 2019, the QR code management server ID 0001, the QR code The signature of the secure application public key (m ', d').
  • (m, d) is obtained by the key algorithm
  • (m ', d') is obtained by computing the security application public key (m, d) of the QR code by the private key of the QR code management server, for example, ( m, d)
  • After performing the hash operation use the private key of the dimension code management server to perform power exponential operation and modular operation on it, and use the result of the modular operation as the signature.
  • Step S16 the QR code management server sends the certificate to the QR code security application; similarly, the QR code management server can transmit without establishing the QR code management server and the terminal device secure channel, such as the QR code
  • the management server directly returns the certificate PKC to the terminal device, and can also establish a secure channel before returning the certificate PKC to the terminal device, for example, using a Secure Sockets Layer (SSL) protocol to establish a secure channel, and then return the certificate PKC to the terminal device.
  • SSL Secure Sockets Layer
  • the two-dimensional code management server can distribute the certificate to the terminal device that needs the certificate, thereby attaching the certificate when the secure two-dimensional code is generated for the terminal device to complete the preparation work.
  • the terminal device can use the certificate as the carrier of the public key of the QR code security application Public_Key_Client.
  • the QR code reading device can obtain the QR code security application by verifying the certificate Public key Public_Key_Client, so that you can further verify the signature made by using the QR code secure application private key Private_Key_Client. It should be noted that the QR code reading device stores the public key of the QR code management server distributed by the QR code management server.
  • the private key can be used to decrypt or sign
  • the public key can be used to encrypt or verify the signature.
  • the asymmetric key algorithm may include any one of RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC.
  • the following uses RSA algorithm as an example to explain the process of public key, private key, signature certificate and signature generation.
  • the process of the QR code management server generating the QR code management server public key Public_Key_Server and the QR code management server private key Private_Key_Server includes:
  • Step (3) let e ⁇ d ⁇ 1mod f (n), that is 3 ⁇ d ⁇ 1mod20, select d by the following table:
  • d 7 can be selected to satisfy 3 ⁇ d ⁇ 1mod20.
  • Step (4) therefore, the public key Public_Key_Server of the QR code management server can be (3, 33), and the private key Private_Key_Server of the QR code management server can be (7, 33).
  • QR code management server public key Public_Key_Server and QR code management server private key Private_Key_Server you can send the QR code management server public key Public_Key_Server to the terminal device, and the QR code management server retains the QR code management server private key Private_Key_Server.
  • the process of generating the QR code security application public key Public_Key_Client and QR code security application private key Private_Key_Client by the QR code security application includes:
  • Step (C) let e ⁇ d ⁇ 1mod f (n), namely 7 ⁇ d ⁇ 1mod72, 7 ⁇ d can be 73,145,217, etc.
  • Step (D) therefore, the public key of the QR code security application Public_Key_Client can be (7,72), and the private key of the QR code security application Private_Key_Client can be (31,72).
  • the QR code security application After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
  • the process of generating a certificate by the QR code management server can be as follows:
  • Step (I) the QR code security application sends the QR code security application public key Public_Key_Client to the QR code management server, for example, the QR code security application public key Public_Key_Client is (7,72);
  • step (II) the QR code management server receives the QR code security application public key Public_Key_Client (7,72), and then uses the QR code management server's Private_Key_Server (7,33) to generate a certificate.
  • the QR code reading device can confirm that the public key is (7,72), the ID of the QR code security application is 1001, and the validity period of the public key is January 1, 2019. QR code management The server's identity is 0001, and the public key's signature is (28,30).
  • you can also hash the public key Public_Key_Client (7, 72) of the QR code security application, for example, combine 7 and 72 in the public key to 772, and then modulo 16, get 4. After that, you can use Private_Key_Server (7,33) of the QR code management server to calculate 4, 4 ⁇ 7mod33 16, and get the array (7,72,1001,20190101,0001,16) as the content of the certificate.
  • Step (III) the QR code management server sends the certificate containing the array to the security application of the terminal device, for example, the content of the certificate is the array (7,72,1001,20190101,0001,28,30) or (7,72, 1001,20190101,0001,16).
  • the QR code management server may further use the QR code management server private key Private_Key_Server to further sign the certificate, Send the certificate and the signature of the certificate to the security application.
  • the security application can further use the QR code to manage the server's public key Public_Key_Server to verify the authenticity of the certificate.
  • all terminal devices can receive and store the public key Public_Key_Server of the two-dimensional code management server. If the terminal device is installed with a QR code security application, it can be used to generate a QR code or read a QR code. If the terminal device is not installed with a QR code security application, it is used to read the QR code, but it cannot be used to generate the QR code according to the technical solution provided by the embodiments of the present application.
  • it can generate and display two-dimensional codes in a traditional manner, for example, two-dimensional codes can be generated and displayed through a two-dimensional code generation and display module built in the application itself. It should be noted that the application built-in two-dimensional code generation and display module to generate and display two-dimensional codes is an existing technology, and will not be repeated here.
  • two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios.
  • the following uses a payment scenario as an example to describe the QR code generation process.
  • the barcode scanner of the convenience store can settle the customer by scanning the barcode on the goods purchased by the customer. After the settlement, the QR code can be displayed, and the user can scan the QR code to pay.
  • the QR code display module in the terminal device will send a QR code information data generation request to the QR code security application, and the request will include relevant information about settlement, such as payment collection Party account number, amount and other information
  • the QR code security application can use the QR code security application private key Private_Key_Client to sign the information, and attach the convention certificate to the QR code display module for the QR code display module according to the two-dimensional
  • the code display rules display the QR code containing the information sent by the QR code security application.
  • the settlement information may include date information
  • the QR code security application may also add some dynamic information, such as random number information.
  • FIG. 2 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes:
  • Step S21 the QR code security application receives a request to generate QR code information data; the request may come from a QR code display module; the QR code display module may be a built-in module of the merchant billing system, or may The external module of the application of the dimensional code is mainly to obtain the information related to the settlement (such as the QR code business information), such as the order information, after the user confirms the settlement amount, and send it to the QR code security application; and Information related to settlement includes but is not limited to the amount, merchant account identification, etc., and may even include the details of the user's purchase of goods, the date of purchase, etc .;
  • Step S22 the QR code security application signs the order information according to the private key of the QR code security application; wherein the QR code security application has a public key of the QR code security application and a private key of the QR code security application Asymmetric key; after receiving the QR code information data generation request sent by the QR code display module, the QR code security application can use the QR code security application private key Private_Key_Client to sign the order information.
  • the QR code service information and the signature certificate of the QR code security application may be collectively referred to as QR code information data.
  • the two-dimensional code information data may also contain a certificate.
  • Step S23 the QR code security application sends QR code information data;
  • the QR code information data includes QR code service information and the signature of the order information by the QR code security application; optionally, the QR code Certificates are also included in the information data.
  • the certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application.
  • the embodiment of the present application simplifies the QR code service information sent by the QR code display module to include only amount data, for example, 2.
  • the security application can generate the following two-dimensional Code information data:
  • the QR code security application may send the above-mentioned QR code information data to the QR code display module.
  • the QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
  • the above process can realize the generation of a two-dimensional code in a payment scenario, where the two-dimensional code includes two-dimensional code business information, a secure application signature, and a certificate.
  • the two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
  • two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios.
  • the following describes the QR code generation process by taking an instant communication scenario as an example.
  • Instant messaging software based on wireless Internet technology is emerging, such as WeChat and Dingding.
  • Instant messaging software generally provides the function of adding friends by scanning QR codes or joining groups by scanning QR codes.
  • the QR code display module in the terminal device used by the other user will send the QR code to the QR code security application Information data generation request.
  • the request may be just a request to display a QR code, may not contain any information, or may include a user's logo; if the request is only a request to display a QR code, the QR code security application You can interact with the instant messaging software beforehand to obtain the user's identification.
  • the QR code security application can use the QR code security application private key Private_Key_Client to sign the user's identification; if the request contains The user's identification (may be called QR code service information).
  • the QR code security application can use the QR code security application private key Private_Key_Client to sign the information; after the QR code security application signs, the QR code service Information, signatures and convention certificates are sent to the QR code display module for the QR code display module to follow the QR code
  • the display shows regular two-dimensional code contains a two-dimensional code security applications to send information.
  • FIG. 3 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes:
  • Step S31 the QR code security application receives a request to generate QR code information data; the request may come from a QR code display module; the QR code display module may be a QR code display module in instant messaging software, such as two
  • the QR code business card module is mainly to obtain the user's identity (for example, QR code service information) after the user clicks, and send it to the QR code security application; of course, you can also just send an empty request, the user's identity is in advance Stored in the QR code security application;
  • Step S32 the QR code security application signs the user identification according to the private key of the QR code security application; wherein the QR code security application has a public key of the QR code security application and a private key of the QR code security application Asymmetric key
  • Step S33 the QR code security application sends QR code information data;
  • the QR code information data includes the QR code service information and the signature of the user identification by the QR code security application; optionally, the QR code Certificates are also included in the information data.
  • the certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application.
  • the embodiment of the present application sets the user's identifier to 2.
  • the security application can generate the following two-dimensional Code information data:
  • the QR code security application may send the above-mentioned QR code information data to the QR code display module.
  • the QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
  • the above process can realize the generation of a two-dimensional code in an instant communication scenario, where the two-dimensional code contains the user's logo.
  • the two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
  • two-dimensional codes can contain more information.
  • two-dimensional codes have been widely used.
  • QR code quick response
  • Two-dimensional codes generally include: code positioning patterns, functional data, data codes and error correction codes.
  • the function of the code positioning pattern is mainly used to correct the position of the two-dimensional code.
  • the QR positioning pattern can be used to correct the QR code, which facilitates the analysis of each pixel in the QR code.
  • the functional data mainly includes some formatted data and the information of the QR code version.
  • Data codes are mainly used to store QR code information data.
  • the error correction code is mainly used to store the forward error correction code for the two-dimensional code information data.
  • FIG. 4 shows a two-dimensional code display process provided by an embodiment of the present application, which specifically includes:
  • Step S41 the QR code display module sends a QR code information data generation request to the security application
  • the two-dimensional code display module may be a two-dimensional code display module in instant messaging software, such as a two-dimensional code business card module, which mainly obtains the user's identity (for example, may be called two-dimensional code business information) after the user clicks and sends Go to the QR code security application; of course, you can also just send an empty request, and the user's logo is pre-stored in the QR code security application; or
  • the QR code display module can be a built-in module of the merchant billing system or an external module for QR code application, mainly after the user confirms the settlement amount, to obtain information related to settlement (for example, it can be called QR code business information), and sent to the QR code security application; information related to settlement includes but not limited to the amount, merchant account identification, etc., and may even include the details of the user's purchase of goods, the date of purchase, etc .;
  • Step S42 The two-dimensional code display module receives the two-dimensional code information data sent by the two-dimensional code security application, and displays the two-dimensional code corresponding to the two-dimensional code information data according to the two-dimensional code encoding rules.
  • the QR code security application can use the QR code security application private key Private_Key_Client to sign the QR code business information, attach the certificate and send it to the QR code display module.
  • the QR code business information, the signature of the QR code security application and the certificate can be collectively called QR code information data.
  • the embodiment of the present application sets the QR code service information to 2.
  • the security application can generate the following two-dimensional Code information data:
  • the QR code security application may send the above-mentioned QR code information data to the QR code display module.
  • the QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
  • the two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
  • the QR code reading device needs to scan the QR code and verify whether the QR code service information in the QR code is true.
  • FIG. 5 shows a two-dimensional code reading process provided by an embodiment of the present application, which specifically includes:
  • Step S51 the QR code reading device scans the QR code to obtain the QR code information data.
  • the QR code reading device can analyze the QR code to analyze the QR code information data contained in the QR code, for example (2,56,7,72,1001,20190101,0001, 28,30) or (2,56,7,72,1001,20190101,0001,16).
  • Step S53 after the verification of the QR code business information is passed, the subsequent business process can be completed according to the QR code business information.
  • a friend addition request may be sent to the instant communication server, and the instant communication server sends the friend addition request to the user. After the user agrees to the request, both parties become friends.
  • the anti-counterfeiting method of the QR code based on the security application provided in this application is shown in FIG. 6 and specifically includes:
  • Step S61 the two-dimensional code display module sends a request to generate two-dimensional code information data;
  • the request may include two-dimensional code business information, such as order information, or an empty request, for example, the two-dimensional code may be pre-stored with, for example QR code business information such as user identification;
  • Step S62 the QR code security application receives a request to generate QR code information data
  • Step S63 the QR code security application signs the QR code service information according to the private key of the QR code security application
  • Step S64 the QR code securely sends QR code information data to the QR code display module
  • Step S65 the two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code
  • Step S66 The QR code reading device scans the QR code to obtain the QR code service information and the signature of the QR code service application by the QR code security application;
  • Step S67 the QR code reading device verifies the signature of the QR code service information, and confirms the QR code service information
  • the QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  • the security application may also store a certificate sent by the QR code management server, which is a signature certificate generated by the QR code management server for the public key of the security application.
  • the certificate can be sent to the QR code display module together.
  • the QR code reading device can pre-store the public key sent by the QR code management server, which can be used to verify the authenticity of the certificate; after the QR code reading device verifies the authenticity of the QR code, the certificate can be used
  • the public key of the QR code security application in is used to verify the authenticity of the QR code business information signature. After double verification, the QR code business information can be processed and the subsequent process can be performed.
  • the public key of the security application can also be sent to the QR code reading device in other ways for the authenticity of the QR code service information signature.
  • An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 7, it may be an independent entity, such as a two-dimensional code security module located in a security chip, or may be capable of generating two-dimensional code information data Chip. Preferably, it also includes a two-dimensional code display module.
  • the QR code security module can be implemented using the QR code security application located in the security chip.
  • the QR code security application can generate the security QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client. I will not repeat them here.
  • the QR code security application After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
  • the QR code security application can use the QR code security application Private_Key_Client to sign the QR code business information, preferably, it can be attached with a certificate to send To the QR code display module.
  • the QR code service information and the signature of the QR code security application can be collectively referred to as QR code information data.
  • the QR code information data may also include certificates.
  • the QR code security application can send the QR code information data to the QR code display module.
  • An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 8, it may be an independent entity, such as a two-dimensional code security module. Preferably, it also includes a two-dimensional code display module.
  • the QR code security module can be implemented using a QR code security application located in a trusted execution environment.
  • the QR code security application can generate a secure QR code security application public key Public_Key_Client and a QR code security application private key Private_Key_Client, specifically generated The process will not be repeated here.
  • the QR code security application After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
  • the QR code security application can use the QR code security application private key Private_Key_Client for signature.
  • a certificate can be attached and sent to the QR code display module.
  • the QR code service information and the signature of the QR code security application can be collectively referred to as QR code information data.
  • the QR code information data may also include certificates.
  • the QR code security application can send the QR code information data to the QR code display module.
  • the two-dimensional code display module can be implemented by a two-dimensional code display application, for example, it can be a module in an accounting system or instant messaging software, or a module independent of an accounting system or instant messaging software.
  • the device includes: a request receiving module, a QR code service information signature module, and a QR code information data sending module.
  • the device may further include a public key sending module and a certificate receiving module; preferably, it may also include a two-dimensional code display module.
  • QR code business information signature module used to sign QR code business information according to the private key of the QR code security application; QR code information data transmission A module for sending QR code information data; wherein the QR code security application has an asymmetric key composed of the QR code security application public key and the QR code security application private key; the QR code information data It includes the QR code service information and the signature of the QR code security application on the QR code service information.
  • the public key sending module is used to send the public key of the QR code security application to the QR code management server; the certificate receiving module is used to receive the certificate of the QR code security application; wherein the QR code information data also includes Certificate of the QR code security application.
  • a two-dimensional code information data sending module used to send the two-dimensional code information data to the two-dimensional code display module; the two-dimensional code display module, used to display the two-dimensional code in the form of a two-dimensional code Information data.
  • the two-dimensional code information data generation device disclosed in this application may be an independent physical entity. As shown in FIG. 10, the device includes a processor and a memory.
  • the memory may be divided into two parts, such as a first memory and a second memory.
  • a two-dimensional code security program is stored on the first memory, such as a two-dimensional code security application, and the second memory stores a two-dimensional code display application program.
  • the processor may execute the two-dimensional code security program on the first memory to implement the two-dimensional code anti-counterfeiting method based on the security application provided by the embodiments of the present application.
  • the two-dimensional code information data generation device disclosed in this application may be an independent physical entity.
  • the device includes a security chip and a first memory, and the first memory stores a two-dimensional code security program, such as two Dimension code security application; preferably, the device further includes a processor and a second memory, and a two-dimensional code display program is stored on the second memory.
  • the security chip may execute a two-dimensional code security program on the first memory to implement the security application-based two-dimensional code anti-counterfeiting method provided by the embodiments of the present application.
  • a schematic diagram of a two-dimensional code reading device provided by an embodiment of the present application, as shown in FIG. 12, the device includes: a scanning module and a verification module.
  • the scanning module is used to scan the QR code to obtain the QR code business information and the QR code security application's signature on the QR code business information;
  • the verification module is used to verify the signature of the QR code business information and confirm The QR code business information.
  • the embodiment of the present application also provides another schematic diagram of a two-dimensional code reading device, as shown in FIG. 10, which includes a processor and a memory, and the memory stores a program, such as a two-dimensional code reading application program;
  • the processor is configured to execute a two-dimensional code reading application program to implement the two-dimensional code reading method provided by the embodiment of the present application.
  • the above two-dimensional code reading device is a mobile intelligent terminal or a computer.
  • the two-dimensional code system provided by the embodiment of the present application includes a two-dimensional code anti-counterfeiting device and a two-dimensional code reading device; preferably, the system further includes a two-dimensional code management server;
  • the anti-counterfeiting device may be any two-dimensional code anti-counterfeiting device provided by the embodiments of the present application, and the two-dimensional reading device may be any two-dimensional code reading device provided by the examples of the present application.
  • the public key of the QR code management server can be distributed through the QR code management server, and the private key of the QR code management server can be used to sign the public key of the QR code security application, and the security chip or trusted execution environment can be used.
  • the scheme for protecting the private key of the QR code security application allows the QR code reading device to effectively verify the legality of the QR code security application locally, reducing the probability of risk occurrence.
  • the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
  • computer usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device
  • the instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
  • the computing device includes one or more processors (CPUs), input / output interfaces, network interfaces, and memory.
  • processors CPUs
  • input / output interfaces output interfaces
  • network interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory, random access memory (RAM) and / or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
  • RAM random access memory
  • ROM read only memory
  • flash RAM flash memory
  • Computer-readable media including permanent and non-permanent, removable and non-removable media, can store information by any method or technology.
  • the information may be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
  • computer usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a two-dimensional code anti-counterfeiting method, device and system based on a security application. The method comprises: a two-dimensional code security application receiving a request for generating two-dimensional code information data (S62); the two-dimensional code security application signing two-dimensional code service information according to a private key of the two-dimensional code security application (S63); and the two-dimensional code security application sending the two-dimensional information data (S64), wherein the two-dimensional code security application has asymmetrical secret keys composed of a public key of the two-dimensional code security application and the private key of the two-dimensional code security application, and the two-dimensional code information data includes the two-dimensional code service information and a signature of the two-dimensional code service information by the two-dimensional code security application.

Description

基于安全应用的二维码防伪方法、设备及系统Two-dimensional code anti-counterfeiting method, equipment and system based on security application 技术领域Technical field
本申请涉及安全领域,尤其涉及基于安全应用的二维码防伪方法、设备及系统。This application relates to the field of security, and in particular to a method, equipment and system for anti-counterfeiting of two-dimensional codes based on security applications.
背景技术Background technique
随着移动互联网的发展,二维码得到了广泛的应用,例如扫码打开共享单车、扫描支付等等。为了提高二维码的安全性,也有些企业提供动态的二维码,动态二维码中的数据随着时间会进行更新,展示变化的二维码。但是,目前市场上的二维码验证解决方案,二维码信息本身没有防伪能力,即通过解码设备解析二维码以后,直接得到明文的二维码数据,该二维码数据和业务信息数据一致,扫码设备无法在本地验证二维码信息的合法性。为了验证二维码信息的合法性,需要将二维码信息发送到后台服务器,依赖于后台服务器的风险控制能力进行安全防护。但在此过程中,有可能因为无法识别二维码中信息的合法性,导致访问恶意网站或者执行了恶意程序,进而对用户造成损害。With the development of mobile Internet, QR codes have been widely used, such as scanning codes to open shared bicycles, scanning payments, etc. In order to improve the security of two-dimensional codes, some companies also provide dynamic two-dimensional codes. The data in the dynamic two-dimensional codes will be updated over time to show the changed two-dimensional codes. However, the current two-dimensional code verification solutions on the market, the two-dimensional code information itself does not have anti-counterfeiting capability, that is, after the two-dimensional code is parsed by the decoding device, the two-dimensional code data in clear text is directly obtained, Consistent, the barcode scanning device cannot verify the legality of the QR code information locally. In order to verify the legitimacy of the QR code information, the QR code information needs to be sent to the back-end server, relying on the risk control capabilities of the back-end server for security protection. However, in this process, it is possible that the legality of the information in the QR code cannot be recognized, resulting in access to a malicious website or execution of a malicious program, which in turn causes damage to the user.
发明内容Summary of the invention
本申请实施例提供一种基于安全应用的二维码防伪方法、设备及系统,用于解决二维码安全性低的问题。The embodiments of the present application provide a security application-based two-dimensional code anti-counterfeiting method, device and system, which are used to solve the problem of low security of two-dimensional codes.
本申请实施例采用下述技术方案:The embodiments of the present application adopt the following technical solutions:
本申请实施例提供了一种基于安全应用的二维码防伪方法,所述方法包括:An embodiment of the present application provides a security application-based two-dimensional code anti-counterfeiting method. The method includes:
二维码安全应用接收生成二维码信息数据的请求;The QR code security application receives a request to generate QR code information data;
二维码安全应用根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code security application signs the QR code business information according to the private key of the QR code security application;
二维码安全应用发送二维码信息数据;QR code security application sends QR code information data;
其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
本申请实施例提供了一种二维码读取方法,所述方法包括:An embodiment of the present application provides a two-dimensional code reading method. The method includes:
扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的 签名;Scanning the QR code to obtain the QR code business information and the signature of the QR code security application on the QR code business information;
验证所述二维码业务信息的签名,确认所述二维码业务信息。Verify the signature of the QR code business information, and confirm the QR code business information.
本申请提供了一种基于安全应用的二维码防伪方法,所述方法包括:This application provides a two-dimensional code anti-counterfeiting method based on security applications. The method includes:
二维码展示模块发送生成二维码信息数据的请求;The QR code display module sends a request to generate QR code information data;
二维码安全应用接收生成二维码信息数据的请求;The QR code security application receives a request to generate QR code information data;
二维码安全应用根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code security application signs the QR code business information according to the private key of the QR code security application;
二维码安全向所述二维码展示模块发送二维码信息数据;QR code securely sends QR code information data to the QR code display module;
所述二维码展示模块以二维码的方式展示所述二维码信息数据;The two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code;
二维码读取设备扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;The QR code reading device scans the QR code to obtain the QR code service information and the signature of the QR code service application on the QR code service information;
二维码读取设备验证所述二维码业务信息的签名,确认所述二维码业务信息;The two-dimensional code reading device verifies the signature of the two-dimensional code business information, and confirms the two-dimensional code business information;
其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
本申请提供了一种二维码防伪设备,该设备包括二维码安全模块;This application provides a two-dimensional code anti-counterfeiting device, which includes a two-dimensional code security module;
二维码安全模块,还用于接收生成二维码信息数据的请求;根据二维码安全应用的私钥对二维码业务信息进行签名;发送二维码信息数据;The QR code security module is also used to receive the request to generate QR code information data; sign the QR code business information according to the private key of the QR code security application; send the QR code information data;
其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
本申请实施例提供了一种二维码防伪设备,该设备包括安全芯片和存储器,所述存储器上存储有二维码安全程序;An embodiment of the present application provides a two-dimensional code anti-counterfeiting device, which includes a security chip and a memory, and a two-dimensional code security program is stored on the memory;
所述安全芯片,用于执行所述二维码安全程序以实现根据权利要求1所述的方法。The security chip is used to execute the two-dimensional code security program to implement the method according to claim 1.
本申请实施例提供了一种二维码防伪设备,该设备包括处理器和存储器,所述存储器存储有二维码安全程序;An embodiment of the present application provides a two-dimensional code anti-counterfeiting device. The device includes a processor and a memory, and the memory stores a two-dimensional code security program;
所述处理器,用于执行所述二维码安全程序以实现所述的方法。The processor is configured to execute the two-dimensional code security program to implement the method.
本申请实施例提供了一种二维码防伪设备,所述设备包括:An embodiment of the present application provides a two-dimensional code anti-counterfeiting device. The device includes:
请求接收模块,用于接收生成二维码信息数据的请求;Request receiving module, which is used to receive the request to generate QR code information data;
二维码业务信息签名模块,用于根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code business information signature module is used to sign the QR code business information according to the private key of the QR code security application;
二维码信息数据发送模块,用于发送二维码信息数据;QR code information data sending module, used to send QR code information data;
其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
本申请实施例提供了一种二维码读取设备,该二维码读取设备包括:An embodiment of the present application provides a two-dimensional code reading device. The two-dimensional code reading device includes:
扫描模块,用于扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;A scanning module, configured to scan a two-dimensional code to obtain two-dimensional code business information and a signature of the two-dimensional code business information by a two-dimensional code security application;
验证模块,用于验证所述二维码业务信息的签名,确认所述二维码业务信息。A verification module is used to verify the signature of the QR code service information and confirm the QR code service information.
本申请实施例提供了一种二维码读取设备,其特征在于,所述设备包括处理器和存储器,所述存储器上存储有程序;An embodiment of the present application provides a two-dimensional code reading device, characterized in that the device includes a processor and a memory, and a program is stored on the memory;
所述处理器,用于执行所述程序以实现所述的方法。The processor is configured to execute the program to implement the method.
本申请实施例提供了一种二维码防伪系统,该系统包括所述的设备以及所述的二维码读取设备。An embodiment of the present application provides a two-dimensional code anti-counterfeiting system. The system includes the device and the two-dimensional code reading device.
本申请实施例采用的上述至少一个技术方案能够达到以下有益效果:The above at least one technical solution adopted in the embodiments of the present application can achieve the following beneficial effects:
本申请实施例通过安全芯片或者可信执行环境对二维码的业务数据进行签名,提高了二维码的安全性,并通过证书的使用可以使得二维码读取设备可以在在本地对二维码的合法性进行验证,降低了风险发生的概率。The embodiments of the present application sign the business data of the two-dimensional code through a security chip or a trusted execution environment, thereby improving the security of the two-dimensional code, and through the use of the certificate, the two-dimensional code reading device can locally perform two-dimensional code reading. Verification of the legality of the dimension code reduces the probability of risk occurrence.
附图说明BRIEF DESCRIPTION
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the present application and form a part of the present application. The schematic embodiments and descriptions of the present application are used to explain the present application and do not constitute an undue limitation on the present application. In the drawings:
图1为本申请第一实施例提供的证书分发流程图;1 is a flow chart of certificate distribution provided by the first embodiment of this application;
图2为本申请第二实施例的二维码防伪方法示意图;2 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a second embodiment of this application;
图3为本申请第三实施例的二维码防伪方法示意图;3 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a third embodiment of this application;
图4为本申请第四实施例的二维码展示流程示意图;4 is a schematic diagram of a two-dimensional code display process according to a fourth embodiment of the application;
图5为本申请第五实施例的二维码读取流程示意图;5 is a schematic diagram of a two-dimensional code reading process according to the fifth embodiment of the present application;
图6为本申请第六实施例的二维码防伪方法示意图;6 is a schematic diagram of a two-dimensional code anti-counterfeiting method according to a sixth embodiment of this application;
图7为本申请第七实施例的二维码防伪设备示意图;7 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a seventh embodiment of this application;
图8为本申请第八实施例的二维码防伪设备示意图;8 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eighth embodiment of this application;
图9为本申请第九实施例的二维码防伪设备示意图;9 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a ninth embodiment of this application;
图10为本申请第十实施例的二维码防伪设备示意图;10 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to a tenth embodiment of this application;
图11为本申请第十一实施例的二维码防伪设备示意图;11 is a schematic diagram of a two-dimensional code anti-counterfeiting device according to an eleventh embodiment of this application;
图12为本申请第十二实施例的二维码生成和展示系统示意图;12 is a schematic diagram of a two-dimensional code generation and display system according to a twelfth embodiment of this application;
图13为本申请第十三实施例的二维码防伪系统示意图。13 is a schematic diagram of a two-dimensional code anti-counterfeiting system according to a thirteenth embodiment of the present application.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the present application more clear, the technical solutions of the present application will be described clearly and completely in conjunction with specific embodiments of the present application and corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all the embodiments. Based on the embodiments in this application, all other embodiments obtained by a person of ordinary skill in the art without creative work fall within the scope of protection of this application.
以下结合附图,详细说明本申请实施例提供的技术方案。The technical solutions provided by the embodiments of the present application will be described in detail below with reference to the drawings.
第一实施例First embodiment
如图1所示,本申请实施公开了一种用于二维码的证书分发方法,具体包括:As shown in FIG. 1, the implementation of this application discloses a certificate distribution method for a two-dimensional code, which specifically includes:
步骤S11,二维码管理服务器生成非对称密钥,包括二维码管理服务器公钥Public_Key_Server和二维码管理服务器私钥Private_Key_Server;在实际应用的过程中,如果使用RSA算法来生成密钥,其一般由公钥和模值,以及私钥和模值组成,模值一般选择1024比特或者2048比特。Step S11, the QR code management server generates an asymmetric key, including the QR code management server public key Public_Key_Server and the QR code management server private key Private_Key_Server; in the actual application process, if the RSA algorithm is used to generate the key, its It is generally composed of a public key and a modulus value, and a private key and a modulus value. The modulus value generally selects 1024 bits or 2048 bits.
步骤S12,二维码管理服务器将二维码管理服务器公钥分发至若干终端设备,例如智能手机、平板电脑、计算机等,终端设备可以使用接收的二维码管理服务器公钥Public_Key_Server来加密数据或者验证签名;二维码管理服务器公钥Public_Key_Server 的发送可以在没有建立二维码管理服务器和终端设备安全通道的情况下进行传输,例如二维码管理服务器直接根据终端设备的请求将二维码管理服务器公钥Public_Key_Server返回至终端设备,也可以在向终端设备返回二维码管理服务器公钥Public_Key_Server之前建立安全通道,例如采用安全套接层(Secure Sockets Layer,SSL)协议建立安全通道,然后再将二维码管理服务器公钥Public_Key_Server返回至终端设备。对于非对称密钥,公钥用来加密数据和验证签名,私钥用来解密和签名。Step S12, the QR code management server distributes the QR code management server public key to several terminal devices, such as smart phones, tablets, computers, etc. The terminal device can use the received QR code management server public key Public_Key_Server to encrypt data or Verify the signature; the public key of the QR code management server Public_Key_Server can be transmitted without the establishment of the QR code management server and the terminal device secure channel, for example, the QR code management server directly manages the QR code according to the request of the terminal device The public key of the server, Public_Key_Server, is returned to the terminal device. You can also establish a secure channel before returning the QR code management server public key Public_Key_Server to the terminal device. For example, the Secure Sockets Layer (SSL) protocol is used to establish the secure channel, and then the second The public key Public_Key_Server of the dimension code management server is returned to the terminal device. For asymmetric keys, the public key is used to encrypt data and verify the signature, and the private key is used to decrypt and sign.
步骤S13,终端设备中的二维码安全应用生成非对称密钥,包括,二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client;二维码安全应用生成的二维码安全应用公钥Public_Key_Client可以用于供二维码管理服务器生成证书,二维码安全应用私钥Private_Key_Client可以用于生成签名;证书可以基于X.509v3证书标准,证书包含的信息一般包括:公钥值,公钥所有者的标识符信息,有效期,证书颁发者的标识符信息,证书颁发者的数字签名等。Step S13, the QR code security application in the terminal device generates an asymmetric key, including the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client; the QR code security application generated QR code security application The public key Public_Key_Client can be used for the QR code management server to generate a certificate, the QR code security application private key Private_Key_Client can be used to generate a signature; the certificate can be based on the X.509v3 certificate standard, and the information contained in the certificate generally includes: public key value, public Key owner's identifier information, validity period, certificate issuer's identifier information, certificate issuer's digital signature, etc.
步骤S14,二维码安全应用将二维码安全应用的公钥Public_Key_Client发送到二维码管理服务器;同样地,二维码安全应用的公钥Public_Key_Client的发送可以在没有建立终端设备和二维码管理服务器之间的安全通道的情况下进行传输,例如终端设备直接将二维码安全应用的公钥Public_Key_Client发送至二维码管理服务器,也可以在向二维码管理服务器发送二维码安全应用的公钥Public_Key_Client之前建立安全通道,例如采用SSL协议建立安全通道,然后再将二维码安全应用的公钥Public_Key_Client发送至二维码管理服务器。Step S14, the QR code security application sends the public key Public_Key_Client of the QR code security application to the QR code management server; similarly, the public key Public_Key_Client of the QR code security application can be sent without establishing the terminal device and the QR code Transmit in the case of a secure channel between management servers, for example, the terminal device directly sends the public key of the QR code security application Public_Key_Client to the QR code management server, or can send the QR code security application to the QR code management server The public key of the Public_Key_Client is established before, for example, the SSL protocol is used to establish a secure channel, and then the public key of the QR code security application Public_Key_Client is sent to the QR code management server.
步骤S15,二维码管理服务器使用二维码管理服务器的私钥Private_Key_Server对二维码的安全应用公钥Public_Key_Client进行签名生成证书;在生成证书的过程中,可以直接对二维码安全应用公钥Public_Key_Client进行签名生成证书(public key certificate,PKC),也可以对二维码安全应用公钥Public_Key_Client进行哈希计算得到哈希值,再使用二维码管理服务器的私钥Private_Key_Server将该哈希值签名生成证书PKC;作为示例,证书包括:二维码的安全应用公钥(m,d),安全应用的标识1001,有效期2019年1月1日,二维码管理服务器标识0001,二维码的安全应用公钥的签名(m’,d’)。(m,d)是通过密钥算法得到,(m’,d’)是通过二维码管理服务器的私钥对二维码的安全应用公钥(m,d)进行运算得到,例如对(m,d)进行哈希运算之后再使用维码管理服务器的私钥对其进行幂指数运算和模运算,将模运算的结果作为签名。Step S15, the QR code management server uses the private key Private_Key_Server of the QR code management server to sign the security application public key Public_Key_Client of the QR code to generate a certificate; during the process of generating the certificate, the QR code security application public key can be directly applied Public_Key_Client sign to generate a certificate (public key certificate, PKC), you can also hash the QR code security application public key Public_Key_Client to calculate the hash value, and then use the QR code management server's private key Private_Key_Server to sign the hash value Generate a certificate PKC; as an example, the certificate includes: the security application public key (m, d) of the QR code, the security application ID 1001, the validity period is January 1, 2019, the QR code management server ID 0001, the QR code The signature of the secure application public key (m ', d'). (m, d) is obtained by the key algorithm, (m ', d') is obtained by computing the security application public key (m, d) of the QR code by the private key of the QR code management server, for example, ( m, d) After performing the hash operation, use the private key of the dimension code management server to perform power exponential operation and modular operation on it, and use the result of the modular operation as the signature.
步骤S16,二维码管理服务器将证书发送到二维码安全应用;同样地,二维码管理 服务器可以在没有建立二维码管理服务器和终端设备安全通道的情况下进行传输,例如二维码管理服务器直接将证书PKC返回至终端设备,也可以在向终端设备返回证书PKC之前建立安全通道,例如采用安全套接层(Secure Sockets Layer,SSL)协议建立安全通道,然后再将证书PKC返回至终端设备。Step S16, the QR code management server sends the certificate to the QR code security application; similarly, the QR code management server can transmit without establishing the QR code management server and the terminal device secure channel, such as the QR code The management server directly returns the certificate PKC to the terminal device, and can also establish a secure channel before returning the certificate PKC to the terminal device, for example, using a Secure Sockets Layer (SSL) protocol to establish a secure channel, and then return the certificate PKC to the terminal device.
通过上述的步骤,二维码管理服务器可以将证书分发至需要该证书的终端设备,从而为终端设备生成具有安全性的二维码时附上该证书完成了准备工作。终端设备可以使用证书作为二维码安全应用公钥Public_Key_Client的载体,在终端设备使用二维码安全应用私钥Private_Key_Client签名数据时,二维码读取设备可以通过对证书验证获得二维码安全应用公钥Public_Key_Client,从而可以对使用二维码安全应用私钥Private_Key_Client所做的签名进行进一步的验证。需要说明的是,二维码读取设备保存有二维码管理服务器分发的二维码管理服务器的公钥。Through the above steps, the two-dimensional code management server can distribute the certificate to the terminal device that needs the certificate, thereby attaching the certificate when the secure two-dimensional code is generated for the terminal device to complete the preparation work. The terminal device can use the certificate as the carrier of the public key of the QR code security application Public_Key_Client. When the terminal device uses the QR code security application private key Private_Key_Client to sign the data, the QR code reading device can obtain the QR code security application by verifying the certificate Public key Public_Key_Client, so that you can further verify the signature made by using the QR code secure application private key Private_Key_Client. It should be noted that the QR code reading device stores the public key of the QR code management server distributed by the QR code management server.
对于非对称密钥而言,用私钥可以用来解密或者签名,公钥可以用来加密或者验证签名。非对称密钥的算法可以包括RSA、Elgamal、背包算法、Rabin、D-H、ECC中的任一种。下面以RSA算法为例,分别说明公钥、私钥、签名证书以及签名生成的过程。For asymmetric keys, the private key can be used to decrypt or sign, and the public key can be used to encrypt or verify the signature. The asymmetric key algorithm may include any one of RSA, Elgamal, knapsack algorithm, Rabin, D-H, ECC. The following uses RSA algorithm as an example to explain the process of public key, private key, signature certificate and signature generation.
二维码管理服务器生成二维码管理服务器公钥Public_Key_Server和二维码管理服务器私钥Private_Key_Server的过程,具体包括:The process of the QR code management server generating the QR code management server public key Public_Key_Server and the QR code management server private key Private_Key_Server includes:
步骤(1),令素数p=3,素数q=11,得到n=p×q=33,f(n)=(p-1)×(q-1)=20;Step (1), let prime number p = 3, prime number q = 11, get n = p × q = 33, f (n) = (p-1) × (q-1) = 20;
步骤(2),令e=3,e与d互质;Step (2), let e = 3, e and d are relatively prime;
步骤(3),令e×d≡1mod f(n),即3×d≡1mod20,通过下表来选择d:Step (3), let e × d≡1mod f (n), that is 3 × d≡1mod20, select d by the following table:
Figure PCTCN2019097095-appb-000001
Figure PCTCN2019097095-appb-000001
因此,可以选择d=7,满足3×d≡1mod20。Therefore, d = 7 can be selected to satisfy 3 × d≡1mod20.
步骤(4),因此,二维码管理服务器公钥Public_Key_Server可以为(3,33),二维码管理服务器私钥Private_Key_Server可以为(7,33)。Step (4), therefore, the public key Public_Key_Server of the QR code management server can be (3, 33), and the private key Private_Key_Server of the QR code management server can be (7, 33).
在获得上述的二维码管理服务器公钥Public_Key_Server和二维码管理服务器私钥Private_Key_Server之后,可以将二维码管理服务器公钥Public_Key_Server发送到终端设备,二维码管理服务器保留维码管理服务器私钥Private_Key_Server。After obtaining the above-mentioned QR code management server public key Public_Key_Server and QR code management server private key Private_Key_Server, you can send the QR code management server public key Public_Key_Server to the terminal device, and the QR code management server retains the QR code management server private key Private_Key_Server.
二维码安全应用生成安全二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client的过程,具体包括:The process of generating the QR code security application public key Public_Key_Client and QR code security application private key Private_Key_Client by the QR code security application includes:
步骤(A),令素数p=13,素数q=7,得到n=p×q=91,f(n)=(p-1)×(q-1)=72;Step (A), let prime number p = 13, prime number q = 7, get n = p × q = 91, f (n) = (p-1) × (q-1) = 72;
步骤(B),令e=7,e与d互质;Step (B), let e = 7, e and d are relatively prime;
步骤(C),令e×d≡1mod f(n),即7×d≡1mod72,7×d可以是73,145,217等。Step (C), let e × d≡1mod f (n), namely 7 × d≡1mod72, 7 × d can be 73,145,217, etc.
因此,为了满足上述恒等式,可以选择d=31,满足7×d≡1mod72。Therefore, in order to satisfy the above identities, d = 31 can be selected to satisfy 7 × d≡1mod72.
步骤(D),因此,二维码安全应用公钥Public_Key_Client可以为(7,72),二维 码安全应用私钥Private_Key_Client可以为(31,72)。Step (D), therefore, the public key of the QR code security application Public_Key_Client can be (7,72), and the private key of the QR code security application Private_Key_Client can be (31,72).
在二维码安全应用在生成二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client以后,可以将二维码安全应用公钥Public_Key_Client发送至二维码管理服务器,由二维码管理服务器生成证书PKC,并发送至安装有二维码安全应用的终端设备。After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
二维码管理服务器生成证书的过程可以如下:The process of generating a certificate by the QR code management server can be as follows:
步骤(I),二维码安全应用将二维码安全应用公钥Public_Key_Client发送至二维码管理服务器,例如二维码安全应用公钥Public_Key_Client为(7,72);Step (I), the QR code security application sends the QR code security application public key Public_Key_Client to the QR code management server, for example, the QR code security application public key Public_Key_Client is (7,72);
步骤(II),二维码管理服务器收到二维码安全应用公钥Public_Key_Client(7,72)以后,使用二维码管理服务器的Private_Key_Server(7,33)来生成证书。In step (II), the QR code management server receives the QR code security application public key Public_Key_Client (7,72), and then uses the QR code management server's Private_Key_Server (7,33) to generate a certificate.
例如,通过计算7^7mod 33=28以及72^7mod 33=30得到证书中包含的证书内容为(7,72,1001,20190101,0001,28,30)。二维码读取设备在收到该证书以后,可以确认公钥为(7,72),二维码安全应用的标识为1001,公钥的有效期为2019年1月1日,二维码管理服务器的标识为0001,公钥的签名为(28,30)。For example, by calculating 7 ^ 7mod 33 = 28 and 72 ^ 7mod 33 = 30, the content of the certificate contained in the certificate is (7,72,1001,20190101,0001,28,30). After receiving the certificate, the QR code reading device can confirm that the public key is (7,72), the ID of the QR code security application is 1001, and the validity period of the public key is January 1, 2019. QR code management The server's identity is 0001, and the public key's signature is (28,30).
可选地,还可以对二维码安全应用公钥Public_Key_Client(7,72)进行散列,例如将公钥中的7和72组合为772,然后模16后,得到4。此后,可以使用二维码管理服务器的Private_Key_Server(7,33)来对4进行运算,4^7mod 33=16,得到数组(7,72,1001,20190101,0001,16),作为证书的内容。Optionally, you can also hash the public key Public_Key_Client (7, 72) of the QR code security application, for example, combine 7 and 72 in the public key to 772, and then modulo 16, get 4. After that, you can use Private_Key_Server (7,33) of the QR code management server to calculate 4, 4 ^ 7mod33 = 16, and get the array (7,72,1001,20190101,0001,16) as the content of the certificate.
步骤(III),二维码管理服务器将包含数组的证书发送至终端设备的安全应用,例如证书的内容为数组(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101,0001,16)。Step (III), the QR code management server sends the certificate containing the array to the security application of the terminal device, for example, the content of the certificate is the array (7,72,1001,20190101,0001,28,30) or (7,72, 1001,20190101,0001,16).
可选地,在安装有二维码安全应用的终端设备保存有二维码管理服务器公钥Public_Key_Server的情况下,二维码管理服务器还可以使用二维码管理服务器私钥Private_Key_Server对证书进一步签名,将证书以及对证书的签名发送到安全应用,安全应用可以进一步使用二维码管理服务器公钥Public_Key_Server验证证书的真实性。Optionally, in the case where the terminal device installed with the QR code security application stores the public key Public_Key_Server of the QR code management server, the QR code management server may further use the QR code management server private key Private_Key_Server to further sign the certificate, Send the certificate and the signature of the certificate to the security application. The security application can further use the QR code to manage the server's public key Public_Key_Server to verify the authenticity of the certificate.
通过上述的步骤,可以完成证书的分发。Through the above steps, certificate distribution can be completed.
需要说明的是,对于终端设备而言,均可以接收并保存二维码管理服务器公钥Public_Key_Server。如果终端设备安装有二维码安全应用,则其既可以用来生成二维码, 也可以用来读取二维码。如果终端设备未安装有二维码安全应用,则其用来来读取二维码,但不能用来按照本申请实施例提供的技术方案生成二维码,在其需要生成二维码时,其可以采用传统的方式来生成和展示二维码,例如可以通过应用程序本身内置的二维码生成和展示模块来生成和展示二维码。需要说明的是,应用程序内置二维码生成和展示模块来生成和展示二维码是现有技术,在此不再赘述。It should be noted that all terminal devices can receive and store the public key Public_Key_Server of the two-dimensional code management server. If the terminal device is installed with a QR code security application, it can be used to generate a QR code or read a QR code. If the terminal device is not installed with a QR code security application, it is used to read the QR code, but it cannot be used to generate the QR code according to the technical solution provided by the embodiments of the present application. When it needs to generate the QR code, It can generate and display two-dimensional codes in a traditional manner, for example, two-dimensional codes can be generated and displayed through a two-dimensional code generation and display module built in the application itself. It should be noted that the application built-in two-dimensional code generation and display module to generate and display two-dimensional codes is an existing technology, and will not be repeated here.
第二实施例Second embodiment
在现实生活中,二维码可以应用于很多的场景,例如支付场景或者即时通信场景。下面以支付场景为例对二维码生成流程进行说明。In real life, two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios. The following uses a payment scenario as an example to describe the QR code generation process.
随着社会的进步,便利店越来越多,方便了人们的生活。便利店的扫码机可以通过扫描客户购买的商品上的条码来为客户结算,结算之后可以通过二维码展示,用户可以扫描该二维码进行支付。With the progress of society, more and more convenience stores have facilitated people's lives. The barcode scanner of the convenience store can settle the customer by scanning the barcode on the goods purchased by the customer. After the settlement, the QR code can be displayed, and the user can scan the QR code to pay.
商家在收费的终端设备上确认结算之后,该终端设备中的二维码展示模块会向二维码安全应用发送二维码信息数据生成请求,该请求中会包括结算的有关信息,例如收款方账号,金额等信息,二维码安全应用可以使用二维码安全应用私钥Private_Key_Client对该信息进行签名,并附上公约证书发送到二维码展示模块,供二维码展示模块按照二维码展示的规则展示包含二维码安全应用所发送信息的二维码。可选地,结算信息中可以包含日期信息,二维码安全应用还可以增加一些动态信息,例如随机数之类的信息。After the merchant confirms the settlement on the charging terminal device, the QR code display module in the terminal device will send a QR code information data generation request to the QR code security application, and the request will include relevant information about settlement, such as payment collection Party account number, amount and other information, the QR code security application can use the QR code security application private key Private_Key_Client to sign the information, and attach the convention certificate to the QR code display module for the QR code display module according to the two-dimensional The code display rules display the QR code containing the information sent by the QR code security application. Optionally, the settlement information may include date information, and the QR code security application may also add some dynamic information, such as random number information.
图2示出了本申请实施例提供的二维码生成流程,具体包括:FIG. 2 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes:
步骤S21,二维码安全应用接收生成二维码信息数据的请求;该请求可以来自于二维码展示模块;该二维码展示模块可以为商家计费系统内置的模块,也可以是针对二维码的应用外置的模块,主要是在用户确认结算金额之后,获取与结算有关的信息(例如可以称为二维码业务信息),例如订单信息,并发送到二维码安全应用;与结算有关的信息包括但不限于金额、商家账户标识等,甚至还可以包括用户购买商品的明细,购买日期等等;Step S21, the QR code security application receives a request to generate QR code information data; the request may come from a QR code display module; the QR code display module may be a built-in module of the merchant billing system, or may The external module of the application of the dimensional code is mainly to obtain the information related to the settlement (such as the QR code business information), such as the order information, after the user confirms the settlement amount, and send it to the QR code security application; and Information related to settlement includes but is not limited to the amount, merchant account identification, etc., and may even include the details of the user's purchase of goods, the date of purchase, etc .;
步骤S22,二维码安全应用根据二维码安全应用的私钥对订单信息进行签名;其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;二维码安全应用在收到二维码展示模块发送的二维码信息数据生成请求之后,可以使用二维码安全应用私钥Private_Key_Client签名订单信息。二维码业务信息以及二维 码安全应用的签名证书可以合称为二维码信息数据。可选地,二维码信息数据还可以包含证书。二维码安全应用使用私钥Private_Key_Client签名订单信息时,可以将订单信息进行哈希运算,然后对哈希运算得到的结果进行幂指数运算和取模运算,将取模的结果作为签名。Step S22, the QR code security application signs the order information according to the private key of the QR code security application; wherein the QR code security application has a public key of the QR code security application and a private key of the QR code security application Asymmetric key; after receiving the QR code information data generation request sent by the QR code display module, the QR code security application can use the QR code security application private key Private_Key_Client to sign the order information. The QR code service information and the signature certificate of the QR code security application may be collectively referred to as QR code information data. Optionally, the two-dimensional code information data may also contain a certificate. When the QR code security application uses the private key Private_Key_Client to sign the order information, the order information can be hashed, and then the result of the hash operation can be exponentiated and modulo, and the modulo result is used as the signature.
步骤S23,二维码安全应用发送二维码信息数据;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述订单信息的签名;可选地,该二维码信息数据中还包含证书。证书可以是由二维码管理服务器提供的证书,是二维码管理服务器对二维码安全应用发送的公钥的签名证书。Step S23, the QR code security application sends QR code information data; the QR code information data includes QR code service information and the signature of the order information by the QR code security application; optionally, the QR code Certificates are also included in the information data. The certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application.
为了便于说明,本申请实施例将二维码展示模块发送的二维码业务信息简化为仅包括金额数据,例如2。For convenience of description, the embodiment of the present application simplifies the QR code service information sent by the QR code display module to include only amount data, for example, 2.
在二维码安全应用收到二维码业务信息之后,需要使用二维码安全应用私钥Private_Key_Client(31,72)对二维码业务信息进行签名,例如通过计算2^31mod 72=56。After the QR code security application receives the QR code service information, the QR code security application private key Private_Key_Client (31,72) needs to be used to sign the QR code service information, for example, by calculating 2 ^ 31mod72 = 56.
如上所述,证书的内容为数组可以为(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101,0001,16),因此安全应用可以生成如下的二维码信息数据:As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101,0001,16), so the security application can generate the following two-dimensional Code information data:
(2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72,1001,20190101,0001,16)。(2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16).
二维码安全应用可以将上述的二维码信息数据发送到二维码展示模块,二维码展示模块按照编码规则,将二维码信息数据展示为二维码,例如QR码。The QR code security application may send the above-mentioned QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
上述的流程可以实现支付场景下的二维码生成,该二维码中包含了二维码业务信息、安全应用签名以及证书。The above process can realize the generation of a two-dimensional code in a payment scenario, where the two-dimensional code includes two-dimensional code business information, a secure application signature, and a certificate.
二维码读取设备可以读取二维码,获取二维码信息数据,并可以通过对签名进行验证,从而确认二维码业务数据是否真实。The two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
第三实施例Third embodiment
在现实生活中,二维码可以应用于很多的场景,例如支付场景或者即时通信场景。下面以即时通信场景为例对二维码生成流程进行说明。In real life, two-dimensional codes can be applied to many scenarios, such as payment scenarios or instant messaging scenarios. The following describes the QR code generation process by taking an instant communication scenario as an example.
随着移动互联网的发展,基于无线互联网技术的即时通信软件层出不穷,例如微信,钉钉等。即时通信软件一般都会提供通过扫描二维码来添加好友或者通过扫描二维码来加入群的功能。With the development of the mobile Internet, instant messaging software based on wireless Internet technology is emerging, such as WeChat and Dingding. Instant messaging software generally provides the function of adding friends by scanning QR codes or joining groups by scanning QR codes.
现有技术中,二维码读取设备在扫描二维码获得相关数据时,不对其真实性进行 验证,存在安全隐患。In the prior art, when a two-dimensional code reading device scans a two-dimensional code to obtain relevant data, it does not verify its authenticity, and there are hidden safety risks.
本申请中,用户在同意另一用户通过扫描自身的二维码来加为好友时,该另一用户所使用的终端设备中的二维码展示模块会向二维码安全应用发送二维码信息数据生成请求,该请求可以仅仅是一个展示二维码的请求,可以不包含任何信息,也可以包含用户的标识;如果该请求仅仅是一个展示二维码的请求,则二维码安全应用可以之前预先与即时通信软件进行交互获得用户的标识,在收到该请求之后,二维码安全应用可以使用二维码安全应用私钥Private_Key_Client对该用户的标识来进行签名;如果请求中包含有用户的标识(可以称为二维码业务信息),二维码安全应用可以使用二维码安全应用私钥Private_Key_Client对该信息进行签名;二维码安全应用在签名之后,可以将二维码业务信息、签名以及公约证书发送到二维码展示模块,供二维码展示模块按照二维码展示的规则展示包含二维码安全应用所发送信息的二维码。In this application, when a user agrees to add another user as a friend by scanning their own QR code, the QR code display module in the terminal device used by the other user will send the QR code to the QR code security application Information data generation request. The request may be just a request to display a QR code, may not contain any information, or may include a user's logo; if the request is only a request to display a QR code, the QR code security application You can interact with the instant messaging software beforehand to obtain the user's identification. After receiving the request, the QR code security application can use the QR code security application private key Private_Key_Client to sign the user's identification; if the request contains The user's identification (may be called QR code service information). The QR code security application can use the QR code security application private key Private_Key_Client to sign the information; after the QR code security application signs, the QR code service Information, signatures and convention certificates are sent to the QR code display module for the QR code display module to follow the QR code The display shows regular two-dimensional code contains a two-dimensional code security applications to send information.
图3示出了本申请实施例提供的二维码生成流程,具体包括:FIG. 3 shows a two-dimensional code generation process provided by an embodiment of the present application, which specifically includes:
步骤S31,二维码安全应用接收生成二维码信息数据的请求;该请求可以来自于二维码展示模块;该二维码展示模块可以为即时通信软件中的二维码展示模块,例如二维码名片模块,主要是在用户点击之后获取用户的标识(例如可以称为二维码业务信息),并发送到二维码安全应用;当然,也可以仅发送空的请求,用户的标识预先保存在二维码安全应用中;Step S31, the QR code security application receives a request to generate QR code information data; the request may come from a QR code display module; the QR code display module may be a QR code display module in instant messaging software, such as two The QR code business card module is mainly to obtain the user's identity (for example, QR code service information) after the user clicks, and send it to the QR code security application; of course, you can also just send an empty request, the user's identity is in advance Stored in the QR code security application;
步骤S32,二维码安全应用根据二维码安全应用的私钥对用户标识进行签名;其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;Step S32, the QR code security application signs the user identification according to the private key of the QR code security application; wherein the QR code security application has a public key of the QR code security application and a private key of the QR code security application Asymmetric key
步骤S33,二维码安全应用发送二维码信息数据;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述用户标识的签名;可选地,该二维码信息数据中还包含证书。证书可以是由二维码管理服务器提供的证书,是二维码管理服务器对二维码安全应用发送的公钥的签名证书。Step S33, the QR code security application sends QR code information data; the QR code information data includes the QR code service information and the signature of the user identification by the QR code security application; optionally, the QR code Certificates are also included in the information data. The certificate may be a certificate provided by the QR code management server, or a signature certificate of the public key sent by the QR code management server to the QR code security application.
为了便于说明,本申请实施例将用户的标识设为2。For ease of description, the embodiment of the present application sets the user's identifier to 2.
在二维码安全应用收到二维码信息数据生成请求之后,需要使用二维码安全应用私钥Private_Key_Client(31,72)对二维码业务信息(即用户的标识)进行签名,例如通过计算2^31mod 72=56。After the QR code security application receives the QR code information data generation request, it is necessary to use the QR code security application private key Private_Key_Client (31,72) to sign the QR code business information (that is, the user's logo), for example, by calculating 2 ^ 31mod 72 = 56.
如上所述,证书的内容为数组可以为(7,72,1001,20190101,0001,28,30)或者(7,72, 1001,20190101,0001,16),因此安全应用可以生成如下的二维码信息数据:As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101,0001,16), so the security application can generate the following two-dimensional Code information data:
(2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72,1001,20190101,0001,16)。(2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16).
二维码安全应用可以将上述的二维码信息数据发送到二维码展示模块,二维码展示模块按照编码规则,将二维码信息数据展示为二维码,例如QR码。The QR code security application may send the above-mentioned QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
上述的流程可以实现即时通信场景下的二维码生成,该二维码中包含了用户的标识。The above process can realize the generation of a two-dimensional code in an instant communication scenario, where the two-dimensional code contains the user's logo.
二维码读取设备可以读取二维码,获取二维码信息数据,并可以通过对签名进行验证,从而确认二维码业务数据是否真实。The two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
第四实施例Fourth embodiment
相对于条形码,二维码能包含更多的信息,随着智能手机的普及,二维码得到了广泛的应用。Compared with bar codes, two-dimensional codes can contain more information. With the popularity of smart phones, two-dimensional codes have been widely used.
比较常用的二维码是快速响应(quick response,QR)。二维码中一般包含:码定位图案、功能性数据、数据码和纠错码等几个部分。The more commonly used QR code is quick response (QR). Two-dimensional codes generally include: code positioning patterns, functional data, data codes and error correction codes.
码定位图案的功能主要用于矫正二维码的位置。用户使用智能手机在扫描二维码时,可能无法对准,可以通过码定位图案将二维码矫正,从而便于解析出二维码中的各个像素。The function of the code positioning pattern is mainly used to correct the position of the two-dimensional code. When using a smart phone to scan a QR code, the user may not be able to align it. The QR positioning pattern can be used to correct the QR code, which facilitates the analysis of each pixel in the QR code.
功能性数据主要包括存放一些格式化数据,以及二维码版本的信息。The functional data mainly includes some formatted data and the information of the QR code version.
数据码主要用于存放二维码信息数据。Data codes are mainly used to store QR code information data.
纠错码主要用于存放对于二维码信息数据的前向纠错码。The error correction code is mainly used to store the forward error correction code for the two-dimensional code information data.
图4示出了本申请实施例提供的二维码展示流程,具体包括:FIG. 4 shows a two-dimensional code display process provided by an embodiment of the present application, which specifically includes:
步骤S41,二维码展示模块向安全应用发送二维码信息数据生成请求;Step S41, the QR code display module sends a QR code information data generation request to the security application;
该二维码展示模块可以为即时通信软件中的二维码展示模块,例如二维码名片模块,主要是在用户点击之后获取用户的标识(例如可以称为二维码业务信息),并发送到二维码安全应用;当然,也可以仅发送空的请求,用户的标识预先保存在二维码安全应用中;或者The two-dimensional code display module may be a two-dimensional code display module in instant messaging software, such as a two-dimensional code business card module, which mainly obtains the user's identity (for example, may be called two-dimensional code business information) after the user clicks and sends Go to the QR code security application; of course, you can also just send an empty request, and the user's logo is pre-stored in the QR code security application; or
该二维码展示模块可以为商家计费系统内置的模块,也可以是针对二维码的应用外置的模块,主要是在用户确认结算金额之后,获取与结算有关的信息(例如可以称为 二维码业务信息),并发送到二维码安全应用;与结算有关的信息包括但不限于金额、商家账户标识等,甚至还可以包括用户购买商品的明细,购买日期等等;The QR code display module can be a built-in module of the merchant billing system or an external module for QR code application, mainly after the user confirms the settlement amount, to obtain information related to settlement (for example, it can be called QR code business information), and sent to the QR code security application; information related to settlement includes but not limited to the amount, merchant account identification, etc., and may even include the details of the user's purchase of goods, the date of purchase, etc .;
步骤S42,二维码展示模块接收二维码安全应用发送的二维码信息数据,并根据二维码编码规则展示二维码信息数据对应的二维码。Step S42: The two-dimensional code display module receives the two-dimensional code information data sent by the two-dimensional code security application, and displays the two-dimensional code corresponding to the two-dimensional code information data according to the two-dimensional code encoding rules.
二维码安全应用在收到二维码展示模块发送的请求之后,可以使用二维码安全应用私钥Private_Key_Client对二维码业务信息进行签名,并附上证书发送至二维码展示模块。二维码业务信息,二维码安全应用的签名以及证书可以合称为二维码信息数据。After receiving the request sent by the QR code display module, the QR code security application can use the QR code security application private key Private_Key_Client to sign the QR code business information, attach the certificate and send it to the QR code display module. The QR code business information, the signature of the QR code security application and the certificate can be collectively called QR code information data.
为了便于说明,本申请实施例将二维码业务信息设为2。For ease of description, the embodiment of the present application sets the QR code service information to 2.
在二维码安全应用收到二维码信息数据生成请求之后,需要使用二维码安全应用私钥Private_Key_Client(31,72)对二维码业务信息(用户的标识或商家的结算信息)进行签名,例如通过计算2^31mod 72=56。After the QR code security application receives the QR code information data generation request, it is necessary to use the QR code security application private key Private_Key_Client (31,72) to sign the QR code business information (user's logo or merchant's settlement information) , For example, by calculating 2 ^ 31mod 72 = 56.
如上所述,证书的内容为数组可以为(7,72,1001,20190101,0001,28,30)或者(7,72,1001,20190101,0001,16),因此安全应用可以生成如下的二维码信息数据:As mentioned above, the content of the certificate is that the array can be (7,72,1001,20190101,0001,28,30) or (7,72,1001,20190101,0001,16), so the security application can generate the following two-dimensional Code information data:
(2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72,1001,20190101,0001,16)。(2,56,7,72,1001,20190101,0001,28,30) or (2,56,7,72,1001,20190101,0001,16).
二维码安全应用可以将上述的二维码信息数据发送到二维码展示模块,二维码展示模块按照编码规则,将二维码信息数据展示为二维码,例如QR码。The QR code security application may send the above-mentioned QR code information data to the QR code display module. The QR code display module displays the QR code information data as a QR code, such as a QR code, according to the encoding rules.
二维码读取设备可以读取二维码,获取二维码信息数据,并可以通过对签名进行验证,从而确认二维码业务数据是否真实。The two-dimensional code reading device can read the two-dimensional code to obtain the two-dimensional code information data, and can verify the signature to confirm whether the two-dimensional code business data is authentic.
第五实施例Fifth embodiment
在终端设备展示二维码之后,二维码读取设备需要对二维码进行扫描,并验证二维码中的二维码业务信息是否真实。After the terminal device displays the QR code, the QR code reading device needs to scan the QR code and verify whether the QR code service information in the QR code is true.
图5示出了本申请实施例提供的二维码读取流程,具体包括:FIG. 5 shows a two-dimensional code reading process provided by an embodiment of the present application, which specifically includes:
步骤S51,二维码读取设备扫描二维码,获取二维码信息数据。具体而言,二维码读取设备可以通过对二维码进行图像分析,解析出二维码中包含的二维码信息数据,例如(2,56,7,72,1001,20190101,0001,28,30)或者(2,56,7,72,1001,20190101,0001,16)。Step S51, the QR code reading device scans the QR code to obtain the QR code information data. Specifically, the QR code reading device can analyze the QR code to analyze the QR code information data contained in the QR code, for example (2,56,7,72,1001,20190101,0001, 28,30) or (2,56,7,72,1001,20190101,0001,16).
步骤S52,二维码读取设备使用其存储的二维码管理服务器公钥Public_Key_Server(3,33)来验证证书,例如通过计算28^3mod 33=7,30^3mod 33=72,从而验证二维码安全应用公钥Public_Key_Client可以为(7,72),与证书中的二维码安全应用公钥 Public_Key_Client相同,从而验证二维码安全应用的公钥为(7,72);或者通过计算16^3mod 33=4,772mod 16=4,从而验证二维码安全应用的公钥为(7,72)。Step S52, the QR code reading device uses its stored QR code management server public key Public_Key_Server (3, 33) to verify the certificate, for example, by calculating 28 ^ 3mod33 = 7, 30 ^ 3mod33 = 72, thereby verifying the second The public key of the QR code security application Public_Key_Client can be (7,72), which is the same as the public key of the QR code security application Public_Key_Client in the certificate, so that the public key of the QR code security application is (7,72); or by calculation 16 ^ 3mod33 = 4, 772mod16 = 4, so that the public key for verifying the security application of the QR code is (7,72).
进一步地,二维码读取设备使用二维码安全应用公钥Public_Key_Client验证签名,例如通过计算2^7mod 72=56,从而验证了二维码业务信息2的真实性。Further, the QR code reading device uses the QR code security application public key Public_Key_Client to verify the signature, for example, by calculating 2 ^ 7mod 72 = 56, thereby verifying the authenticity of the QR code service information 2.
步骤S53,在对二维码业务信息验证通过以后,可以根据二维码业务信息完成后续业务流程。Step S53, after the verification of the QR code business information is passed, the subsequent business process can be completed according to the QR code business information.
例如,在支付场景下,可以向账务系统发起扣款请求,账务系统扣款后通知用户,并将所扣款项打入商家的账户;For example, in a payment scenario, you can initiate a deduction request to the accounting system, notify the user after the accounting system deducts the money, and charge the deducted money to the merchant's account;
又如,在即时通信场景下,可以向即时通信服务器发送好友添加请求,即时通信服务器将该好友添加请求发送到用户,用户同意该请求后,双方成为好友。For another example, in an instant communication scenario, a friend addition request may be sent to the instant communication server, and the instant communication server sends the friend addition request to the user. After the user agrees to the request, both parties become friends.
第六实施例Sixth embodiment
本申请提供的基于安全应用的二维码防伪方法如图6所示,具体包括:The anti-counterfeiting method of the QR code based on the security application provided in this application is shown in FIG. 6 and specifically includes:
步骤S61,二维码展示模块发送生成二维码信息数据的请求;该请求中可以包括例如订单信息之类的二维码业务信息,也可以为空请求,例如二维码可以预先存储有例如用户标识之类的二维码业务信息;Step S61, the two-dimensional code display module sends a request to generate two-dimensional code information data; the request may include two-dimensional code business information, such as order information, or an empty request, for example, the two-dimensional code may be pre-stored with, for example QR code business information such as user identification;
步骤S62,二维码安全应用接收生成二维码信息数据的请求;Step S62, the QR code security application receives a request to generate QR code information data;
步骤S63,二维码安全应用根据二维码安全应用的私钥对二维码业务信息进行签名;Step S63, the QR code security application signs the QR code service information according to the private key of the QR code security application;
步骤S64,二维码安全向所述二维码展示模块发送二维码信息数据;Step S64, the QR code securely sends QR code information data to the QR code display module;
步骤S65,二维码展示模块以二维码的方式展示所述二维码信息数据;Step S65, the two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code;
步骤S66,二维码读取设备扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;Step S66: The QR code reading device scans the QR code to obtain the QR code service information and the signature of the QR code service application by the QR code security application;
步骤S67,二维码读取设备验证所述二维码业务信息的签名,确认所述二维码业务信息;Step S67, the QR code reading device verifies the signature of the QR code service information, and confirms the QR code service information;
其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
需要说明的是,安全应用还可以保存有二维码管理服务器发送的证书,该证书是 二维码管理服务器针对安全应用的公钥生成的签名证书。在安全应用发送二维码信息数据的时候,可以将该证书一并发送至二维码展示模块。相应地,二维码读取设备可以预先存储有二维码管理服务器发送的公钥,可以用来验证证书的真实性;在二维码读取设备验证二维码真实性以后,可以利用证书中的二维码安全应用的公钥来验证二维码业务信息签名的真实性,通过双重验证以后,可以对二维码业务信息进行处理,进行后续流程。可选地,也可以通过其他方式将安全应用的公钥发送到二维码读取设备,用来二维码业务信息签名的真实性。It should be noted that the security application may also store a certificate sent by the QR code management server, which is a signature certificate generated by the QR code management server for the public key of the security application. When the security application sends the QR code information data, the certificate can be sent to the QR code display module together. Correspondingly, the QR code reading device can pre-store the public key sent by the QR code management server, which can be used to verify the authenticity of the certificate; after the QR code reading device verifies the authenticity of the QR code, the certificate can be used The public key of the QR code security application in is used to verify the authenticity of the QR code business information signature. After double verification, the QR code business information can be processed and the subsequent process can be performed. Optionally, the public key of the security application can also be sent to the QR code reading device in other ways for the authenticity of the QR code service information signature.
第七实施例Seventh embodiment
本申请实施例提供了一种二维码信息数据生成设备,如图7所示,其可以为独立的实体,例如位于安全芯片中的二维码安全模块,或者为能够生成二维码信息数据的芯片。优选地,还包括二维码展示模块。An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 7, it may be an independent entity, such as a two-dimensional code security module located in a security chip, or may be capable of generating two-dimensional code information data Chip. Preferably, it also includes a two-dimensional code display module.
二维码安全模块可以利用位于安全芯片中的二维码安全应用来实现,二维码安全应用可以生成安全二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client,具体生成的过程在此不再赘述。The QR code security module can be implemented using the QR code security application located in the security chip. The QR code security application can generate the security QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client. I will not repeat them here.
在二维码安全应用在生成二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client以后,可以将二维码安全应用公钥Public_Key_Client发送至二维码管理服务器,由二维码管理服务器生成证书PKC,并发送至安装有二维码安全应用的终端设备。After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
二维码安全应用在收到二维码展示模块发送的二维码信息数据生成请求之后,可以使用二维码安全应用私钥Private_Key_Client进行签名二维码业务信息,优选地,可以附上证书发送至二维码展示模块。二维码业务信息,以及二维码安全应用的签名可以合称为二维码信息数据。二维码信息数据还可以包括证书。二维码安全应用可以将二维码信息数据发送至二维码展示模块。After receiving the QR code information data generation request sent by the QR code display module, the QR code security application can use the QR code security application Private_Key_Client to sign the QR code business information, preferably, it can be attached with a certificate to send To the QR code display module. The QR code service information and the signature of the QR code security application can be collectively referred to as QR code information data. The QR code information data may also include certificates. The QR code security application can send the QR code information data to the QR code display module.
第八实施例Eighth embodiment
本申请实施例提供了一种二维码信息数据生成设备,如图8所示,其可以为独立的实体,例如二维码安全模块。优选地,还包括二维码展示模块。An embodiment of the present application provides a two-dimensional code information data generation device. As shown in FIG. 8, it may be an independent entity, such as a two-dimensional code security module. Preferably, it also includes a two-dimensional code display module.
二维码安全模块可以利用位于可信执行环境中的二维码安全应用来实现,二维码安全应用可以生成安全二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client,具体生成的过程在此不再赘述。The QR code security module can be implemented using a QR code security application located in a trusted execution environment. The QR code security application can generate a secure QR code security application public key Public_Key_Client and a QR code security application private key Private_Key_Client, specifically generated The process will not be repeated here.
在二维码安全应用在生成二维码安全应用公钥Public_Key_Client和二维码安全应用私钥Private_Key_Client以后,可以将二维码安全应用公钥Public_Key_Client发送至二维码管理服务器,由二维码管理服务器生成证书PKC,并发送至安装有二维码安全应用的终端设备。After the QR code security application generates the QR code security application public key Public_Key_Client and the QR code security application private key Private_Key_Client, the QR code security application public key Public_Key_Client can be sent to the QR code management server, which is managed by the QR code The server generates the certificate PKC and sends it to the terminal device with the QR code security application installed.
二维码安全应用在收到二维码展示模块发送的二维码业务信息之后,可以使用二维码安全应用私钥Private_Key_Client进行签名,优选地,可以附上证书发送至二维码展示模块。二维码业务信息,以及二维码安全应用的签名可以合称为二维码信息数据。二维码信息数据还可以包括证书。二维码安全应用可以将二维码信息数据发送至二维码展示模块。After receiving the QR code service information sent by the QR code display module, the QR code security application can use the QR code security application private key Private_Key_Client for signature. Preferably, a certificate can be attached and sent to the QR code display module. The QR code service information and the signature of the QR code security application can be collectively referred to as QR code information data. The QR code information data may also include certificates. The QR code security application can send the QR code information data to the QR code display module.
二维码展示模块可以通过二维码展示应用程序实现,例如可以是账务系统或即时通信软件中的模块,或者是独立于账务系统或即时通信软件的模块。The two-dimensional code display module can be implemented by a two-dimensional code display application, for example, it can be a module in an accounting system or instant messaging software, or a module independent of an accounting system or instant messaging software.
第九实施例Ninth embodiment
本申请实施例提供的信息数据生成设备,如图9所示,该设备包括:请求接收模块,二维码业务信息签名模块,二维码信息数据发送模块。优选地,该设备还可以包括公钥发送模块和证书接收模块;优选地,还可以包括二维码展示模块。请求接收模块,用于接收生成二维码信息数据的请求;二维码业务信息签名模块,用于根据二维码安全应用的私钥对二维码业务信息进行签名;二维码信息数据发送模块,用于发送二维码信息数据;其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。公钥发送模块,用于将二维码安全应用的公钥发送至二维码管理服务器;证书接收模块,用于接收二维码安全应用的证书;其中,所述二维码信息数据还包含所述二维码安全应用的证书。二维码信息数据发送模块,用于将所述二维码信息数据发送至所述二维码展示模块;所述二维码展示模块,用于以二维码的方式展示所述二维码信息数据。The information data generating device provided by the embodiment of the present application, as shown in FIG. 9, the device includes: a request receiving module, a QR code service information signature module, and a QR code information data sending module. Preferably, the device may further include a public key sending module and a certificate receiving module; preferably, it may also include a two-dimensional code display module. Request receiving module, used to receive the request to generate QR code information data; QR code business information signature module, used to sign QR code business information according to the private key of the QR code security application; QR code information data transmission A module for sending QR code information data; wherein the QR code security application has an asymmetric key composed of the QR code security application public key and the QR code security application private key; the QR code information data It includes the QR code service information and the signature of the QR code security application on the QR code service information. The public key sending module is used to send the public key of the QR code security application to the QR code management server; the certificate receiving module is used to receive the certificate of the QR code security application; wherein the QR code information data also includes Certificate of the QR code security application. A two-dimensional code information data sending module, used to send the two-dimensional code information data to the two-dimensional code display module; the two-dimensional code display module, used to display the two-dimensional code in the form of a two-dimensional code Information data.
第十实施例Tenth embodiment
本申请公开的二维码信息数据生成设备,其可以为独立的物理实体,如图10所示,该设备包括处理器和存储器,存储器可以分为两部分,例如第一存储器和第二存储器,优选地,第一存储器上存储有二维码安全程序,例如二维码安全应用,第二存储器存储有二维码展示应用程序。The two-dimensional code information data generation device disclosed in this application may be an independent physical entity. As shown in FIG. 10, the device includes a processor and a memory. The memory may be divided into two parts, such as a first memory and a second memory. Preferably, a two-dimensional code security program is stored on the first memory, such as a two-dimensional code security application, and the second memory stores a two-dimensional code display application program.
处理器,可以执行第一存储器上的二维码安全程序,实现本申请实施例提供的基于安全应用的二维码防伪方法。The processor may execute the two-dimensional code security program on the first memory to implement the two-dimensional code anti-counterfeiting method based on the security application provided by the embodiments of the present application.
第十一实施例Eleventh embodiment
本申请公开的二维码信息数据生成设备,其可以为独立的物理实体,如图11所示,该设备包括安全芯片和第一存储器,第一存储器上存储有二维码安全程序,例如二维码安全应用;优选地,该设备还包括处理器和第二存储器,第二存储器上存储有二维码展示程序。The two-dimensional code information data generation device disclosed in this application may be an independent physical entity. As shown in FIG. 11, the device includes a security chip and a first memory, and the first memory stores a two-dimensional code security program, such as two Dimension code security application; preferably, the device further includes a processor and a second memory, and a two-dimensional code display program is stored on the second memory.
安全芯片,可以执行第一存储器上的二维码安全程序,实现本申请实施例提供的基于安全应用的二维码防伪方法。The security chip may execute a two-dimensional code security program on the first memory to implement the security application-based two-dimensional code anti-counterfeiting method provided by the embodiments of the present application.
第十二实施例Twelfth embodiment
本申请实施例提供的二维码读取设备示意图,如图12所示,该设备包括:扫描模块以及验证模块。扫描模块,用于扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;验证模块,用于验证所述二维码业务信息的签名,确认所述二维码业务信息。A schematic diagram of a two-dimensional code reading device provided by an embodiment of the present application, as shown in FIG. 12, the device includes: a scanning module and a verification module. The scanning module is used to scan the QR code to obtain the QR code business information and the QR code security application's signature on the QR code business information; the verification module is used to verify the signature of the QR code business information and confirm The QR code business information.
优选地,本申请实施例还提供了另一种二维码读取设备示意图,如图10所示,包括处理器和存储器,所述存储器上存储有程序,例如二维码读取应用程序;处理器,用于执行二维码读取应用程序实现本申请实施例提供的二维码读取方法。Preferably, the embodiment of the present application also provides another schematic diagram of a two-dimensional code reading device, as shown in FIG. 10, which includes a processor and a memory, and the memory stores a program, such as a two-dimensional code reading application program; The processor is configured to execute a two-dimensional code reading application program to implement the two-dimensional code reading method provided by the embodiment of the present application.
优选地,上述二维码读取设备为移动智能终端或者计算机。Preferably, the above two-dimensional code reading device is a mobile intelligent terminal or a computer.
第十三实施例Thirteenth embodiment
本申请实施例提供的二维码系统,如图13所示,该系统包括二维码防伪设备和二维码读取设备;优选地,该系统还包括二维码管理服务器;该二维码防伪设备可以是本申请实施例提供的任何一种二维码防伪设备,二维读取设备可以是本申请示例提供的任何一种二维码读取设备。As shown in FIG. 13, the two-dimensional code system provided by the embodiment of the present application includes a two-dimensional code anti-counterfeiting device and a two-dimensional code reading device; preferably, the system further includes a two-dimensional code management server; The anti-counterfeiting device may be any two-dimensional code anti-counterfeiting device provided by the embodiments of the present application, and the two-dimensional reading device may be any two-dimensional code reading device provided by the examples of the present application.
本申请实施例可以通过二维码管理服务器分发二维码管理服务器的公钥,并使用二维码管理服务器的私钥签名二维码安全应用的公钥,以及使用安全芯片或可信执行环境对二维码安全应用的私钥进行保护的方案,可以让二维码读取设备在本地就可以有效的对二维码安全应用的合法性进行验证,降低了风险发生的概率。In the embodiment of the present application, the public key of the QR code management server can be distributed through the QR code management server, and the private key of the QR code management server can be used to sign the public key of the QR code security application, and the security chip or trusted execution environment can be used. The scheme for protecting the private key of the QR code security application allows the QR code reading device to effectively verify the legality of the QR code security application locally, reducing the probability of risk occurrence.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程 序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and / or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each flow and / or block in the flowchart and / or block diagram and a combination of the flow and / or block in the flowchart and / or block diagram may be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, special-purpose computer, embedded processing machine, or other programmable data processing device to produce a machine that enables the generation of instructions executed by the processor of the computer or other programmable data processing device A device for realizing the functions specified in one block or multiple blocks of one flow or multiple blocks of a flowchart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer readable memory that can guide a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer readable memory produce an article of manufacture including an instruction device, the instructions The device implements the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, so that a series of operating steps are performed on the computer or other programmable device to produce computer-implemented processing, which is executed on the computer or other programmable device The instructions provide steps for implementing the functions specified in one block or multiple blocks of the flowchart one flow or multiple flows and / or block diagrams.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input / output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory, random access memory (RAM) and / or non-volatile memory in computer-readable media, such as read only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他 内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media, including permanent and non-permanent, removable and non-removable media, can store information by any method or technology. The information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, read-only compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variant thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device that includes a series of elements not only includes those elements, but also includes Other elements not explicitly listed, or include elements inherent to such processes, methods, goods, or equipment. Without more restrictions, the element defined by the sentence "include one ..." does not exclude that there are other identical elements in the process, method, commodity, or equipment that includes the element.
本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer usable program code.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above is only an embodiment of the present application, and is not intended to limit the present application. For those skilled in the art, the present application may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims of this application.

Claims (40)

  1. 一种基于安全应用的二维码防伪方法,其特征在于,所述方法包括:A security application-based two-dimensional code anti-counterfeiting method, characterized in that the method includes:
    二维码安全应用接收生成二维码信息数据的请求;The QR code security application receives a request to generate QR code information data;
    二维码安全应用根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code security application signs the QR code business information according to the private key of the QR code security application;
    二维码安全应用发送二维码信息数据;QR code security application sends QR code information data;
    其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  2. 如权利要求1所述的方法,其特征在于,该方法还包括:The method according to claim 1, wherein the method further comprises:
    二维码安全应用将二维码安全应用的公钥发送至二维码管理服务器;The QR code security application sends the public key of the QR code security application to the QR code management server;
    二维码安全应用接收二维码安全应用的证书;The QR code security application receives the certificate of the QR code security application;
    其中,所述二维码信息数据还包含所述二维码安全应用的证书。Wherein, the QR code information data also includes the certificate of the QR code security application.
  3. 如权利要求1所述的方法,其特征在于,所述生成二维码信息数据的请求包含所述二维码业务信息;或者在所述二维码安全应用具有所述二维码业务信息的情况下,所述生成二维码信息数据的请求为空请求。The method according to claim 1, wherein the request for generating two-dimensional code information data includes the two-dimensional code service information; or in the two-dimensional code security application with the two-dimensional code service information In this case, the request to generate two-dimensional code information data is an empty request.
  4. 如权利要求1-3任意一项所述的方法,其特征在于,所述发送二维码信息数据包括:The method according to any one of claims 1 to 3, wherein the sending the QR code information data includes:
    将所述二维码信息数据发送至所述二维码展示模块;Sending the QR code information data to the QR code display module;
    该方法还包括:The method also includes:
    所述二维码展示模块以二维码的方式展示所述二维码信息数据。The two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code.
  5. 如权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    所述二维码管理服务器生成二维码管理服务器使用的非对称密钥,包括二维码管理服务器的公钥和二维码管理服务器的私钥;和/或The QR code management server generates an asymmetric key used by the QR code management server, including the public key of the QR code management server and the private key of the QR code management server; and / or
    所述二维码管理服务器生成二维码管理服务器使用的对称密钥。The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server.
  6. 如权利要求5所述的方法,其特征在于,所述方法还包括:The method of claim 5, wherein the method further comprises:
    所述二维码管理服务器将二维码管理服务器的公钥分发至二维码读取设备和/或二维码安全应用。The QR code management server distributes the public key of the QR code management server to the QR code reading device and / or the QR code security application.
  7. 如权利要求1所述的方法,其特征在于,所述二维码安全应用根据二维码安全应用的私钥签名二维码业务信息包括:The method according to claim 1, wherein the QR code security application signs the QR code service information according to the private key of the QR code security application, including:
    所述二维码安全应用结合动态信息和所述业务信息得到更新后的业务信息;The QR code security application combines updated dynamic information and the business information to obtain updated business information;
    所述二维码安全应用根据二维码安全应用的私钥签名所述更新的二维码业务信息。The QR code security application signs the updated QR code service information according to the private key of the QR code security application.
  8. 一种二维码读取方法,其特征在于,所述方法包括:A two-dimensional code reading method, characterized in that the method includes:
    扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;Scanning the QR code to obtain the QR code service information and the QR code security application's signature on the QR code service information;
    验证所述二维码业务信息的签名,确认所述二维码业务信息。Verify the signature of the QR code business information, and confirm the QR code business information.
  9. 如权利要求8所述的方法,其特征在于,所述验证所述二维码业务信息的签名包括:The method according to claim 8, wherein the signature for verifying the service information of the two-dimensional code comprises:
    利用二维码安全应用的公钥验证所述二维码业务信息的签名。Use the public key of the QR code security application to verify the signature of the QR code service information.
  10. 如权利要求8所述的方法,其特征在于,该方法还包括:The method of claim 8, wherein the method further comprises:
    扫描二维码以获得二维码安全应用的证书;Scan the QR code to obtain the certificate of the QR code security application;
    利用二维码管理服务器生成的密钥验证所述证书,确认所述证书包含的二维码安全应用的公钥;Verify the certificate with the key generated by the QR code management server, and confirm the public key of the QR code security application contained in the certificate;
    所述验证所述签名,确认所述二维码业务信息包括:The verifying the signature and confirming the QR code service information includes:
    利用证书包含的二维码安全应用的公钥验证所述二维码业务信息的签名,确认所述二维码业务信息。Use the public key of the QR code security application contained in the certificate to verify the signature of the QR code service information, and confirm the QR code service information.
  11. 如权利要求8所述的方法,其特征在于,该方法还包括:The method of claim 8, wherein the method further comprises:
    二维安全应用将二维安全应用的公钥发送至二维码读取设备;或者The two-dimensional security application sends the public key of the two-dimensional security application to the QR code reading device; or
    二维码管理服务器将二维安全应用的公钥发送至二维码读取设备;或者二维码管理服务器将二维码管理服务器生成的密钥发送至二维码读取设备,其中二维码管理服务器生成的密钥为非对称密钥或对称密钥。The QR code management server sends the public key of the two-dimensional security application to the QR code reading device; or the QR code management server sends the key generated by the QR code management server to the QR code reading device, where the two-dimensional code The key generated by the code management server is an asymmetric key or a symmetric key.
  12. 一种基于安全应用的二维码防伪方法,其特征在于,所述方法包括:A security application-based two-dimensional code anti-counterfeiting method, characterized in that the method includes:
    二维码展示模块发送生成二维码信息数据的请求;The QR code display module sends a request to generate QR code information data;
    二维码安全应用接收生成二维码信息数据的请求;The QR code security application receives a request to generate QR code information data;
    二维码安全应用根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code security application signs the QR code business information according to the private key of the QR code security application;
    二维码安全向所述二维码展示模块发送二维码信息数据;QR code securely sends QR code information data to the QR code display module;
    所述二维码展示模块以二维码的方式展示所述二维码信息数据;The two-dimensional code display module displays the two-dimensional code information data in the form of a two-dimensional code;
    二维码读取设备扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;The QR code reading device scans the QR code to obtain the QR code service information and the signature of the QR code service application on the QR code service information;
    二维码读取设备验证所述二维码业务信息的签名,确认所述二维码业务信息;The two-dimensional code reading device verifies the signature of the two-dimensional code business information, and confirms the two-dimensional code business information;
    其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  13. 如权利要求12所述的方法,其特征在于,该方法还包括:The method of claim 12, wherein the method further comprises:
    二维码安全应用将二维码安全应用的公钥发送至二维码管理服务器;The QR code security application sends the public key of the QR code security application to the QR code management server;
    二维码安全应用接收二维码安全应用的证书;The QR code security application receives the certificate of the QR code security application;
    其中,所述二维码信息数据还包含所述二维码安全应用的证书。Wherein, the QR code information data also includes the certificate of the QR code security application.
  14. 如权利要求12所述的方法,其特征在于,所述生成二维码信息数据的请求包含所述二维码业务信息;或者在所述二维码安全应用具有所述二维码业务信息的情况下,所述生成二维码信息数据的请求为空请求。The method according to claim 12, wherein the request for generating two-dimensional code information data includes the two-dimensional code business information; or the two-dimensional code security application has the two-dimensional code business information In this case, the request to generate two-dimensional code information data is an empty request.
  15. 如权利要求12所述的方法,其特征在于,所述方法还包括:The method of claim 12, wherein the method further comprises:
    所述二维码管理服务器生成二维码管理服务器使用的非对称密钥,包括二维码管理服务器的公钥和二维码管理服务器的私钥;和/或The QR code management server generates an asymmetric key used by the QR code management server, including the public key of the QR code management server and the private key of the QR code management server; and / or
    所述二维码管理服务器生成二维码管理服务器使用的对称密钥。The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server.
  16. 如权利要求15所述的方法,其特征在于,所述方法还包括:The method of claim 15, wherein the method further comprises:
    所述二维码管理服务器将二维码管理服务器的公钥分发至二维码读取设备和/或二维码安全应用。The QR code management server distributes the public key of the QR code management server to the QR code reading device and / or the QR code security application.
  17. 如权利要求12所述的方法,其特征在于,所述二维码安全应用根据二维码安全应用的私钥签名二维码业务信息包括:The method according to claim 12, wherein the two-dimensional code security application signs the two-dimensional code service information according to the private key of the two-dimensional code security application comprises:
    所述二维码安全应用结合动态信息和所述业务信息得到更新后的业务信息;The QR code security application combines updated dynamic information and the business information to obtain updated business information;
    所述二维码安全应用根据二维码安全应用的私钥签名所述更新的二维码业务信息。The QR code security application signs the updated QR code service information according to the private key of the QR code security application.
  18. 如权利要求12或13所述的方法,其特征在于,所述二维码读取设备验证所述二维码业务信息的签名包括:The method according to claim 12 or 13, wherein the verification of the signature of the QR code service information by the QR code reading device includes:
    二维码读取设备利用二维码安全应用的公钥验证所述二维码业务信息的签名。The two-dimensional code reading device uses the public key of the two-dimensional code security application to verify the signature of the two-dimensional code service information.
  19. 如权利要求18所述的方法,其特征在于,该方法还包括:The method of claim 18, further comprising:
    扫描二维码以获得二维码安全应用的证书;Scan the QR code to obtain the certificate of the QR code security application;
    利用二维码管理服务器生成的密钥验证所述证书,确认所述证书包含的二维码安全应用的公钥。Use the key generated by the QR code management server to verify the certificate and confirm the public key of the QR code security application contained in the certificate.
  20. 如权利要求12所述的方法,其特征在于,该方法还包括:The method of claim 12, wherein the method further comprises:
    二维安全应用将二维安全应用的公钥发送至二维码读取设备;或者The two-dimensional security application sends the public key of the two-dimensional security application to the QR code reading device; or
    二维码管理服务器将二维安全应用的公钥发送至二维码读取设备;或者二维码管理服务器将二维码管理服务器生成的密钥发送至二维码读取设备,其中二维码管理服务器生成的密钥为非对称密钥或对称密钥。The QR code management server sends the public key of the two-dimensional security application to the QR code reading device; or the QR code management server sends the key generated by the QR code management server to the QR code reading device, where the two-dimensional code The key generated by the code management server is an asymmetric key or a symmetric key.
  21. 一种二维码防伪设备,其特征在于,该设备包括二维码安全模块;A two-dimensional code anti-counterfeiting device, characterized in that the device includes a two-dimensional code security module;
    二维码安全模块,还用于接收生成二维码信息数据的请求;根据二维码安全应用的私钥对二维码业务信息进行签名;发送二维码信息数据;The QR code security module is also used to receive the request to generate QR code information data; sign the QR code business information according to the private key of the QR code security application; send the QR code information data;
    其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  22. 如权利要求21所述的设备,其特征在于,二维码安全模块,还用于将二维码安全模块的公钥发送至二维码管理服务器;接收二维码安全模块的证书;The device according to claim 21, wherein the QR code security module is further used to send the public key of the QR code security module to the QR code management server; receive the certificate of the QR code security module;
    其中,所述二维码信息数据还包含所述二维码安全模块的证书。Wherein, the QR code information data also includes the certificate of the QR code security module.
  23. 如权利要求21所述的设备,其特征在于,所述生成二维码信息数据的请求包含所述二维码业务信息;或者在所述二维码安全应用具有所述二维码业务信息的情况下,所述生成二维码信息数据的请求为空请求。The device according to claim 21, wherein the request for generating two-dimensional code information data includes the two-dimensional code service information; or the two-dimensional code security application has the two-dimensional code service information In this case, the request to generate two-dimensional code information data is an empty request.
  24. 如权利要求21-23任意一项所述的设备,其特征在于,二维码安全模块,还用于将所述二维码信息数据发送至所述二维码展示模块;以二维码的方式展示所述二维码信息数据。The device according to any one of claims 21 to 23, wherein the two-dimensional code security module is further used to send the two-dimensional code information data to the two-dimensional code display module; Display the two-dimensional code information data in a manner.
  25. 如权利要求22所述的设备,其特征在于,所述二维码管理服务器,用于生成二维码管理服务器使用的非对称密钥,包括二维码管理服务器的公钥和二维码管理服务器的私钥;和/或The device according to claim 22, wherein the two-dimensional code management server is used to generate an asymmetric key used by the two-dimensional code management server, including the public key and the two-dimensional code management of the two-dimensional code management server The server's private key; and / or
    所述二维码管理服务器,用于生成二维码管理服务器使用的对称密钥。The two-dimensional code management server is used to generate a symmetric key used by the two-dimensional code management server.
  26. 如权利要求25所述的设备,其特征在于,所述二维码管理服务器,还用于将二维码管理服务器的公钥分发至二维码读取设备和/或二维码安全模块。The device according to claim 25, wherein the two-dimensional code management server is further used to distribute the public key of the two-dimensional code management server to the two-dimensional code reading device and / or the two-dimensional code security module.
  27. 如权利要求21所述的设备,其特征在于,所述二维码安全模块,还用于结合动态信息和所述业务信息得到更新后的业务信息;根据二维码安全模块的私钥签名所述更新的二维码业务信息。The device according to claim 21, wherein the two-dimensional code security module is further used to obtain updated business information by combining dynamic information and the business information; the signature key is signed according to the private key of the two-dimensional code security module The updated QR code business information.
  28. 一种二维码防伪设备,其特征在于,该设备包括安全芯片和存储器,所述存储器上存储有二维码安全程序;A two-dimensional code anti-counterfeiting device, characterized in that the device includes a security chip and a memory, and a two-dimensional code security program is stored on the memory;
    所述安全芯片,用于执行所述二维码安全程序以实现根据权利要求1所述的方法。The security chip is used to execute the two-dimensional code security program to implement the method according to claim 1.
  29. 一种二维码防伪设备,其特征在于,该设备包括处理器和存储器,所述存储器存储有二维码安全程序;A two-dimensional code anti-counterfeiting device, characterized in that the device includes a processor and a memory, and the memory stores a two-dimensional code security program;
    所述处理器,用于执行所述二维码安全程序以实现根据权利要求1所述的方法。The processor is configured to execute the two-dimensional code security program to implement the method according to claim 1.
  30. 一种二维码防伪设备,其特征在于,所述设备包括:A two-dimensional code anti-counterfeiting device, characterized in that the device includes:
    请求接收模块,用于接收生成二维码信息数据的请求;Request receiving module, which is used to receive the request to generate QR code information data;
    二维码业务信息签名模块,用于根据二维码安全应用的私钥对二维码业务信息进行签名;The QR code business information signature module is used to sign the QR code business information according to the private key of the QR code security application;
    二维码信息数据发送模块,用于发送二维码信息数据;QR code information data sending module, used to send QR code information data;
    其中,二维码安全应用具有二维码安全应用的公钥和二维码安全应用的私钥构成的非对称密钥;所述二维码信息数据包含二维码业务信息以及二维码安全应用对所述二维码业务信息的签名。The QR code security application has an asymmetric key composed of the public key of the QR code security application and the private key of the QR code security application; the QR code information data includes QR code service information and QR code security The application signs the service information of the two-dimensional code.
  31. 如权利要求30所述的设备,其特征在于,该设备还包括:The device of claim 30, wherein the device further comprises:
    公钥发送模块,用于将二维码安全应用的公钥发送至二维码管理服务器;Public key sending module, used to send the public key of the QR code security application to the QR code management server;
    证书接收模块,用于接收二维码安全应用的证书;Certificate receiving module, used to receive the certificate of QR code security application;
    其中,所述二维码信息数据还包含所述二维码安全应用的证书。Wherein, the QR code information data also includes the certificate of the QR code security application.
  32. 如权利要求30所述的设备,其特征在于,所述生成二维码信息数据的请求包含所述二维码业务信息;或者在所述二维码安全应用具有所述二维码业务信息的情况下,所述生成二维码信息数据的请求为空请求。The device according to claim 30, wherein the request for generating two-dimensional code information data includes the two-dimensional code service information; or the two-dimensional code security application has the two-dimensional code service information In this case, the request to generate two-dimensional code information data is an empty request.
  33. 如权利要求30-32任意一项所述的设备,其特征在于,该设备还包括二维码展示模块;The device according to any one of claims 30 to 32, wherein the device further comprises a two-dimensional code display module;
    所述二维码信息数据响应发送模块,用于将所述二维码信息数据发送至所述二维码展示模块;The two-dimensional code information data response sending module is used to send the two-dimensional code information data to the two-dimensional code display module;
    所述二维码展示模块,用于以二维码的方式展示所述二维码信息数据。The two-dimensional code display module is used to display the two-dimensional code information data in the form of a two-dimensional code.
  34. 如权利要求31所述的设备,其特征在于,所述二维码管理服务器生成二维码管理服务器使用的非对称密钥,包括二维码管理服务器的公钥和二维码管理服务器的私钥;和/或The device according to claim 31, wherein the QR code management server generates an asymmetric key used by the QR code management server, including the public key of the QR code management server and the private key of the QR code management server Key; and / or
    所述二维码管理服务器生成二维码管理服务器使用的对称密钥。The two-dimensional code management server generates a symmetric key used by the two-dimensional code management server.
  35. 如权利要求34所述的设备,其特征在于,所述二维码管理服务器将二维码管理服务器的公钥分发至二维码读取设备和/或二维码安全应用。The device according to claim 34, wherein the QR code management server distributes the public key of the QR code management server to the QR code reading device and / or the QR code security application.
  36. 如权利要求30所述的设备,其特征在于,二维码业务信息签名模块,还用于结合动态信息和所述业务信息得到更新后的业务信息;根据二维码安全应用的私钥签名所述更新的二维码业务信息。The device according to claim 30, wherein the two-dimensional code business information signature module is further used to combine the dynamic information and the business information to obtain updated business information; and sign the office according to the private key of the two-dimensional code security application The updated QR code business information.
  37. 一种二维码读取设备,其特征在于,该二维码读取设备包括:A two-dimensional code reading device, characterized in that the two-dimensional code reading device includes:
    扫描模块,用于扫描二维码以获得二维码业务信息以及二维码安全应用对所述二维码业务信息的签名;A scanning module, configured to scan a two-dimensional code to obtain two-dimensional code business information and a signature of the two-dimensional code business information by a two-dimensional code security application;
    验证模块,用于验证所述二维码业务信息的签名,确认所述二维码业务信息。A verification module is used to verify the signature of the QR code service information and confirm the QR code service information.
  38. 一种二维码读取设备,其特征在于,所述设备包括处理器和存储器,所述存储器上存储有程序;A two-dimensional code reading device, characterized in that the device includes a processor and a memory, and a program is stored on the memory;
    所述处理器,用于执行所述程序以实现根据权利要求8所述的方法。The processor is configured to execute the program to implement the method according to claim 8.
  39. 一种二维码防伪系统,其特征在于,该系统包括根据权利要求21-36任意一项所述的设备以及根据权利要求37或38所述的二维码读取设备。A two-dimensional code anti-counterfeiting system, characterized in that the system includes the device according to any one of claims 21-36 and the two-dimensional code reading device according to claim 37 or 38.
  40. 根据权利要求39所述的系统,其特征在于,该系统还包括二维码管理服务器;The system according to claim 39, characterized in that the system further comprises a two-dimensional code management server;
    所述二维码管理服务器,用于向二维码读取设备发送密钥和/或生成证书并向根据权利要求21-36任意一项所述的设备发送所述证书。The two-dimensional code management server is configured to send a key and / or generate a certificate to a two-dimensional code reading device and send the certificate to the device according to any one of claims 21-36.
PCT/CN2019/097095 2018-10-12 2019-07-22 Two-dimensional code anti-counterfeiting method, device and system based on security application WO2020073715A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811187031.7A CN109615030A (en) 2018-10-12 2018-10-12 Dimension code anti-counterfeit method, equipment and system based on security application
CN201811187031.7 2018-10-12

Publications (1)

Publication Number Publication Date
WO2020073715A1 true WO2020073715A1 (en) 2020-04-16

Family

ID=66001696

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/097095 WO2020073715A1 (en) 2018-10-12 2019-07-22 Two-dimensional code anti-counterfeiting method, device and system based on security application

Country Status (3)

Country Link
CN (1) CN109615030A (en)
TW (1) TWI748209B (en)
WO (1) WO2020073715A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112612843A (en) * 2021-01-07 2021-04-06 重庆泛美新程航空服务有限公司 Method, system, equipment and medium for counting and displaying business data of inquiry counter
CN112862488A (en) * 2021-03-29 2021-05-28 中信银行股份有限公司 Data signature method and device, electronic equipment and computer readable storage medium
CN115484224A (en) * 2022-09-16 2022-12-16 北京奇艺世纪科技有限公司 Information association method, two-dimensional code generation method, device, electronic equipment and medium
WO2024082866A1 (en) * 2022-10-17 2024-04-25 华为云计算技术有限公司 Two-dimensional code anti-counterfeiting system and method, and related device

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application
CN110677261B (en) * 2019-09-29 2023-05-12 四川虹微技术有限公司 Trusted two-dimensional code generation method and device, electronic equipment and storage medium
CN112862466A (en) * 2019-12-17 2021-05-28 中国银联股份有限公司 Resource transfer method, account settling terminal and server node
CN111709506B (en) * 2020-06-12 2023-07-11 北京思特奇信息技术股份有限公司 Custom label generation method and system
CN114565342A (en) * 2022-03-01 2022-05-31 上海中通吉网络技术有限公司 Card type asset management method and device based on asymmetric encryption algorithm
CN114897112B (en) * 2022-04-18 2023-07-18 上海美的茵信息技术有限公司 Diagnostic data transmission method based on two-dimension code, computer equipment and storage medium
CN115150126B (en) * 2022-05-24 2024-04-19 从法信息科技有限公司 A method, device and electronic device for remote processing of legal services
CN115204340A (en) * 2022-09-14 2022-10-18 北京紫光青藤微系统有限公司 Method and device for generating two-dimensional code, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201100A (en) * 2011-05-10 2011-09-28 朱清明 Object anti-counterfeiting method and system
CN102932148A (en) * 2012-10-25 2013-02-13 成都市易恒信科技有限公司 System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication
CN103824202A (en) * 2014-03-21 2014-05-28 成都市易恒信科技有限公司 CPK (Combined Public Key) identification authentication technology based RFID (Radio Frequency Identification Device) and two-dimensional code composite truth-identification and anti-fake source-tracing method
CN104408502A (en) * 2014-10-22 2015-03-11 全联斯泰克科技有限公司 Two-dimension code generation method, two-dimension code generation device, two-dimension code verification method and two-dimension code verification device based on CPK (Combined Public Key)
US9338164B1 (en) * 2014-04-14 2016-05-10 Symantec Corporation Two-way authentication using two-dimensional codes
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102129589A (en) * 2011-02-10 2011-07-20 谢仁康 Asymmetric encryption two-dimension code anti-counterfeiting method
CN102999770B (en) * 2011-09-14 2017-10-10 尤星 Dynamic two-dimension code system and method
KR101579603B1 (en) * 2012-06-27 2016-01-04 네이버 주식회사 System, method and computer readable recording medium for linking a television and a smart phone using an image authentication key
CN105024824B (en) * 2014-11-05 2018-12-21 浙江码博士防伪科技有限公司 The generation and verification method and system of credible label based on rivest, shamir, adelman
CN105205664A (en) * 2015-09-25 2015-12-30 中城智慧科技有限公司 Novel offline payment method
CN107835079A (en) * 2017-11-02 2018-03-23 广州佳都数据服务有限公司 A kind of two-dimentional code authentication method and equipment based on digital certificate

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102201100A (en) * 2011-05-10 2011-09-28 朱清明 Object anti-counterfeiting method and system
CN102932148A (en) * 2012-10-25 2013-02-13 成都市易恒信科技有限公司 System and method for preventing safety two-dimensional code counterfeiting on basis of combination of public key (CPK) authentication
CN103824202A (en) * 2014-03-21 2014-05-28 成都市易恒信科技有限公司 CPK (Combined Public Key) identification authentication technology based RFID (Radio Frequency Identification Device) and two-dimensional code composite truth-identification and anti-fake source-tracing method
US9338164B1 (en) * 2014-04-14 2016-05-10 Symantec Corporation Two-way authentication using two-dimensional codes
CN104408502A (en) * 2014-10-22 2015-03-11 全联斯泰克科技有限公司 Two-dimension code generation method, two-dimension code generation device, two-dimension code verification method and two-dimension code verification device based on CPK (Combined Public Key)
CN109615030A (en) * 2018-10-12 2019-04-12 阿里巴巴集团控股有限公司 Dimension code anti-counterfeit method, equipment and system based on security application

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112612843A (en) * 2021-01-07 2021-04-06 重庆泛美新程航空服务有限公司 Method, system, equipment and medium for counting and displaying business data of inquiry counter
CN112612843B (en) * 2021-01-07 2023-08-04 重庆泛美新程航空服务有限公司 Query counter business data statistics and display method, system, equipment and medium
CN112862488A (en) * 2021-03-29 2021-05-28 中信银行股份有限公司 Data signature method and device, electronic equipment and computer readable storage medium
CN115484224A (en) * 2022-09-16 2022-12-16 北京奇艺世纪科技有限公司 Information association method, two-dimensional code generation method, device, electronic equipment and medium
CN115484224B (en) * 2022-09-16 2023-09-29 北京奇艺世纪科技有限公司 Information association method, two-dimensional code generation method, device, electronic equipment and medium
WO2024082866A1 (en) * 2022-10-17 2024-04-25 华为云计算技术有限公司 Two-dimensional code anti-counterfeiting system and method, and related device

Also Published As

Publication number Publication date
TW202014931A (en) 2020-04-16
CN109615030A (en) 2019-04-12
TWI748209B (en) 2021-12-01

Similar Documents

Publication Publication Date Title
WO2020073715A1 (en) Two-dimensional code anti-counterfeiting method, device and system based on security application
US20230360040A1 (en) Quantum-safe payment system
US20240275773A1 (en) Decentralized processing of interactions on delivery
WO2022154789A1 (en) Token-based off-chain interaction authorization
CN111222178B (en) Data signature method and device
CN110070357B (en) Data processing method, device and system
US20230020190A1 (en) Techniques For Performing Secure Operations
CN111178840A (en) Service processing method, device, system, electronic equipment and storage medium
US20240283659A1 (en) Integrating identity tokens and privacy-preserving identity attribute attest
US20230325791A1 (en) Proxied cross-ledger authentication
TW201317911A (en) Cloud credit card transaction system and transaction method thereof
CN110910109A (en) Electronic resource transfer method and device based on block chain
CN115456613A (en) Digital collection transaction method and equipment
US20240078522A1 (en) Interaction channel balancing
CN111861462B (en) Financial product transaction method and device based on blockchain
KR20120087788A (en) System and method for authentication using barcodes
WO2021147296A1 (en) Qr code payment method and system employing mobile phone business card
US12238209B2 (en) Conditional offline interaction system and method
WO2024108143A1 (en) Systems and methods for secure payments via an alternative communication protocol
CN117078247A (en) Payment medium opening method, device, equipment and storage medium
Chang et al. A highly efficient and secure electronic cash system based on secure sharing in cloud environment
Maña et al. GSM-ticket: generic secure mobile ticketing service
Akande et al. ADAPTATION AND USABILITY OF QUICK RESPONSE CODES FOR SUBSCRIPTION TO MOBILE NETWORK OPERATORS’SERVICES
CN112837063B (en) Electronic receipt storage method and device based on block chain
WO2025006875A1 (en) Off-chain interaction for on-chain processing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19871890

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19871890

Country of ref document: EP

Kind code of ref document: A1