CN118229288A

CN118229288A - Offline withdrawal method, device, electronic card, system, electronic equipment and medium

Info

Publication number: CN118229288A
Application number: CN202410367687.6A
Authority: CN
Inventors: 欧少焕
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2024-03-28
Filing date: 2024-03-28
Publication date: 2024-06-21

Abstract

The present disclosure provides an offline withdrawal method, which can be used in the technical field of data security, and the method includes: acquiring a first public key certificate under the network available state of the withdrawal unit and the card making unit, wherein the first public key certificate is provided with an associated first private key; obtaining authorization of a withdrawer, responding to a withdrawal instruction input by the withdrawer, and obtaining withdrawal information of the withdrawer; signing the second public key certificate in the electronic card according to the first public key certificate to generate a first signing verification result; when the first signature verification result is that the signature verification passes, carrying out signature verification on target verification information contained in the electronic card according to the second public key certificate, and generating a second signature verification result; and when the second signature verification result is that the signature verification passes, comparing the encrypted deposit information and the withdrawal information from the electronic card, and executing the withdrawal operation when the comparison result meets the set condition. An offline cash withdrawal device, system, electronic device and medium are also provided.

Description

Offline withdrawal method, device, electronic card, system, electronic equipment and medium

Technical Field

The present disclosure relates to the field of information security technology, and more particularly, to an offline withdrawal method, apparatus, electronic card, system, electronic device, computer-readable storage medium, and computer program product.

Background

The application of the digitizing technology is becoming more and more popular, for example, including digital payment, banking digitizing, etc., and the business data are all stored in the form of electronic data in the data center or the data backup center. In general, data centers and data backup centers are located in different locations or areas to increase the risk resistance of the data. However, when natural disasters, armed collisions, or war etc. occur in a plurality of areas, there may be cases where data loss occurs in both the data center and the data backup center. For example, when data loss occurs in a data center such as a bank, a finance and the like, the property of a user cannot realize operations such as embodiment, transfer and the like, and immeasurable loss is caused to multiple parties such as the user, the bank, the finance and the like.

Disclosure of Invention

In view of the foregoing, the present disclosure provides offline withdrawal methods, apparatus, electronic cards, systems, electronic devices, and readable storage media and computer program products that can be used offline to improve the ability of withdrawal services to resist risks.

One aspect of the present disclosure provides an offline withdrawal method, the method comprising: acquiring a first public key certificate through a withdrawal unit in a network available state of the withdrawal unit and a card making unit, wherein the first public key certificate is provided with an associated first private key; obtaining authorization of a withdrawer through the withdrawing unit; after the authorization of the teller is obtained, the teller unit responds to a teller instruction input by the teller to obtain the teller information of the teller; signing a second public key certificate according to the first public key certificate through the withdrawal unit to generate a first signing verification result, wherein the second public key certificate is generated by encrypting a second public key in an electronic card according to the first private key in the card making unit, and the second public key is provided with an associated second private key which is stored in the electronic card and is unreadable; when the first signature verification result is that the signature verification passes, the target verification information from the electronic card is verified through the withdrawal unit according to the second public key certificate, a second signature verification result is generated, and the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key; and when the second signature verification result is that the signature verification passes, comparing the withdrawal information with the encrypted deposit information from the electronic card through the withdrawal unit, and executing the withdrawal operation through the withdrawal unit when the comparison result meets the set condition, wherein the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

In some exemplary embodiments of the present disclosure, the deposit information includes depositor characteristic information, and the withdrawal information includes withdrawer characteristic information; comparing the withdrawal information with the encrypted deposit information from the electronic card through the withdrawal unit, and executing the withdrawal operation through the withdrawal unit when the comparison result meets the set condition, wherein the method comprises the following steps: the withdrawal unit responds to a withdrawal instruction as a deposit person withdrawal instruction, and decrypts the encrypted deposit information according to the first public key certificate to obtain the deposit information; and comparing whether the face feature of the deposit person in the feature information of the deposit person and the identity mark of the deposit person are consistent with the face feature of the withdrawal person in the feature information of the withdrawal person or not through the withdrawal unit, and if so, executing withdrawal operation.

In some exemplary embodiments of the present disclosure, the deposit information includes depositor characteristic information, and the withdrawal information includes withdrawer characteristic information; comparing the withdrawal information with the encrypted deposit information from the electronic card through the withdrawal unit, and executing the withdrawal operation through the withdrawal unit when the comparison result meets the set condition, wherein the method comprises the following steps: the withdrawal unit responds to a withdrawal instruction for a deposit person associated object withdrawal instruction, and decrypts the encrypted deposit information according to the first public key certificate to obtain the deposit information; and comparing whether the face features of the deposit person related objects in the deposit person feature information and the identity marks of the deposit person related objects in the deposit person feature information are consistent with the face features of the withdrawal person in the withdrawal person feature information and the identity marks of the withdrawal person, and if so, executing withdrawal operation.

In some exemplary embodiments of the present disclosure, after the first verification result is verification, a random verification code is sent to an electronic card through the withdrawal unit in response to a withdrawal instruction input by the withdrawal person.

In some exemplary embodiments of the present disclosure, before the withdrawal unit performs the withdrawal operation, the withdrawal unit determines whether the identification original of the payee is true, if true, performs the withdrawal operation, and otherwise, refuses the withdrawal operation.

In another aspect of the present disclosure, there is provided an offline withdrawal method, the method comprising: receiving a random verification code through an electronic card in response to a withdrawal instruction, and encrypting the random verification code and card information of the electronic card according to a second private key to generate target verification information, wherein the second private key is provided with an associated second public key, and the second private key is stored in the electronic card and is unreadable; the method comprises the steps that a stored second public key certificate is sent through the electronic card, the second public key certificate is used for generating a first signing verification result, the first signing verification result is obtained by a withdrawal unit through signing the second public key certificate according to a first public key certificate, the second public key certificate is generated by encrypting a second public key through a first private key, and the first public key certificate is associated with the first private key and is generated by a card manufacturing unit; responding to the instruction that the first signature verification result is passed, sending target verification information through the electronic card, wherein the target verification information is used for generating a second signature verification result, and the second signature verification result is generated by a withdrawal unit through the second public key certificate for verifying the target verification information; and responding to the instruction that the second signature verification result is passed, sending the encrypted deposit information through the electronic card, wherein the encrypted deposit information is used for generating a comparison result, the comparison result is generated by a withdrawal unit comparing the encrypted deposit information with the withdrawal information, the comparison result is used for executing withdrawal operation when the set condition is met, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit through a first private key.

In some exemplary embodiments of the present disclosure, the method further comprises: and responding to a deposit information writing instruction of a depositor, generating a second private key and a second public key through the electronic card, wherein the second public key is used for generating a second public key certificate, and the second public key certificate is generated by encrypting the second public key through the first private key by the card making unit.

In some exemplary embodiments of the present disclosure, the method further comprises: and receiving and storing the second public key certificate and the encrypted deposit information of the depositor through the electronic card, wherein the encrypted deposit information is generated by encrypting deposit information in a set format through a first private key by a card making unit.

In another aspect of the disclosed embodiments, an offline withdrawal method is provided, including: in a network available state of a withdrawal unit and a card making unit, the withdrawal unit acquires a first public key certificate from the card making unit, wherein the first public key certificate has an associated first private key; the withdrawal unit obtains authorization of a withdrawal person; after the authorization of the teller is obtained, the teller unit responds to a teller instruction input by the teller to obtain teller information; the withdrawal unit performs signature verification on a second public key certificate in the electronic card according to the first public key certificate to generate a first signature verification result, the second public key certificate is generated by encrypting a second public key in the electronic card according to the first private key in the card making unit, and the second public key is provided with an associated second private key which is stored in the electronic card and is unreadable; when the first signature verification result is that the signature verification passes, the withdrawal unit verifies the target verification information from the electronic card according to the second public key certificate to generate a second signature verification result, and the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key; and when the second signature verification result is that the signature verification passes, the withdrawal unit compares the withdrawal information with the encrypted deposit information written in the electronic card by the card making unit, and when the comparison result meets the set condition, the withdrawal unit executes the withdrawal operation, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

In some exemplary embodiments of the present disclosure, the method further comprises: the card making unit responds to the deposit information writing instruction to obtain deposit information of a depositor, generates the encrypted deposit information and stores the encrypted deposit information in the electronic card.

In some exemplary embodiments of the present disclosure, the card manufacturing unit obtains deposit information of a depositor in response to a deposit information writing instruction, generates the encrypted deposit information and stores the encrypted deposit information in an electronic card, and includes: the card making unit responds to a deposit information writing instruction to acquire deposit information of a deposit person and convert the deposit information into a preset format; the card making unit encrypts the deposit information in a preset format according to the first private key so as to generate the encrypted deposit information; the card making unit stores the encrypted deposit information into an electronic card.

In some exemplary embodiments of the present disclosure, the method further comprises: the electronic card responds to a deposit information writing instruction of the card making unit to generate the second public key and the second private key; the card making unit obtains the second public key of the electronic card, encrypts the second public key according to the first private key, and generates the second public key certificate.

In some exemplary embodiments of the present disclosure, the method further comprises: after the first signature verification result is that the signature verification passes, the withdrawal unit responds to a withdrawal instruction input by the withdrawer and sends a random verification code to the electronic card; and the electronic card encrypts card information of the electronic card and the random verification code according to the second private key to generate the target verification information.

In some exemplary embodiments of the present disclosure, the deposit information includes depositor characteristic information and deposit characteristic information; the depositor characteristic information includes: the face feature of the deposit person, the identity mark of the deposit person, the face feature of the deposit person associated object and the identity mark of the deposit person associated object; the deposit characteristic information includes: deposit date, deposit deadline, deposit site, deposit line, deposit bank name, deposit income, deposit bank authentication information.

In another aspect of the disclosed embodiments, there is provided an offline cash withdrawal device, including: the first acquisition module is configured to acquire a first public key certificate under the network available state of the withdrawal unit and the card making unit, wherein the first public key certificate is provided with an associated first private key; a second acquisition module configured to obtain authorization of the payee; the third acquisition module is configured to respond to the withdrawal instruction input by the withdrawer after the authorization of the withdrawer is obtained, and acquire the withdrawal information of the withdrawer; the first generation module is configured to sign a second public key certificate according to the first public key certificate, generate a first sign checking result, and encrypt a second public key in an electronic card according to the first private key in a card making unit, wherein the second public key has an associated second private key, and the second private key is stored in the electronic card and is unreadable; the second generation module is configured to perform signature verification on target verification information from the electronic card according to the second public key certificate when the first signature verification result is that the signature verification passes, and generate a second signature verification result, wherein the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key; and the comparison module is configured to compare the withdrawal information with the encrypted deposit information from the electronic card when the second verification result is verification passing, and execute the withdrawal operation when the comparison result meets the set condition, wherein the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

In another aspect of the disclosed embodiments, there is provided an electronic card comprising: the first response module is configured to respond to the withdrawal instruction, receive the random verification code, encrypt the random verification code and card information of the electronic card according to a second private key, and generate target verification information, wherein the second private key is provided with an associated second public key, and the second private key is stored in the electronic card and is unreadable; the system comprises a sending module, a first signing module and a second signing module, wherein the sending module is configured to send a stored second public key certificate, the second public key certificate is used for generating a first signing verification result, the first signing verification result is obtained by signing the second public key certificate according to a first public key certificate by a withdrawal unit, the second public key certificate is generated by encrypting a second public key through a first private key, and the first public key certificate is related to the first private key and is generated by a card making unit; the second response module is configured to respond to the instruction that the first verification result is passed, send the target verification information, wherein the target verification information is used for generating a second verification result, and the second verification result is generated by the withdrawal unit through verification of the target verification information by the second public key certificate; and the third response module is configured to respond to the instruction that the second verification result is passed, send the encrypted deposit information, and the encrypted deposit information is used for generating a comparison result, wherein the comparison result is generated by the withdrawal unit comparing the encrypted deposit information with the withdrawal information, and the comparison result is used for executing the withdrawal operation when the set condition is met, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

In another aspect of the disclosed embodiments, an offline cash withdrawal system is provided, including the offline cash withdrawal device and electronic card described above.

In another aspect of the present disclosure, there is provided an electronic device including: one or more processors; storage means for storing one or more computer programs for execution by the one or more processors to implement the steps of the method according to the above.

In another aspect of the present disclosure, a computer readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, implements the steps according to the method described above.

In another aspect of the present disclosure, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method according to the above.

According to an embodiment of the present disclosure, by setting a second public key and an unreadable second private key in an electronic card, and signing the second public key certificate encrypted via the first private key by the first public key certificate, it is ensured that the second public key certificate is issued by the card making unit. And further checking the target verification information in the electronic card through the second public key certificate so as to ensure that the electronic card is a true card and prevent the electronic card from being counterfeited. In addition, the second private key is unreadable, so that the generated target verification information cannot be forged, and the security of card data is improved. The method for generating the target verification information based on the random verification code through the twice verification process can effectively verify and process the withdrawal transaction, improves the usability and reduces the withdrawal error risk.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates a schematic diagram of a system architecture to which an offline cash withdrawal method of an embodiment of the present disclosure may be applied;

FIG. 2 schematically illustrates a flow chart of an offline withdrawal method according to one embodiment of the present disclosure;

FIG. 3 schematically illustrates a flow of an offline withdrawal method in generating encrypted deposit information according to one embodiment of the present disclosure;

FIG. 4 schematically illustrates a flow diagram of an offline withdrawal method in generating encrypted deposit information according to one embodiment of the present disclosure;

FIG. 5 schematically illustrates a flow diagram of an offline withdrawal method in generating a second public key certificate according to one embodiment of the present disclosure;

FIG. 6 schematically illustrates a flow diagram of an offline withdrawal method in generating target verification information in accordance with one embodiment of the present disclosure;

FIG. 7 schematically illustrates a flow diagram of an offline withdrawal method according to one embodiment of the present disclosure at operation S260;

FIG. 8 schematically illustrates a flow diagram of an offline withdrawal method according to another embodiment of the present disclosure at operation S260;

FIG. 9 schematically illustrates a flow chart of an offline withdrawal method according to another embodiment of the present disclosure;

FIG. 10 schematically illustrates a flow of sending a random verification code for a withdrawal unit in an offline withdrawal method according to another embodiment of the present disclosure;

FIG. 11 schematically illustrates a flow of a withdrawal unit of an offline withdrawal method determining a payee identity identification element according to another embodiment of the present disclosure;

FIG. 12 schematically illustrates a flow chart of an offline withdrawal method according to yet another embodiment of the present disclosure;

FIG. 13 schematically illustrates a flow of generating a second private key and a second public key by an electronic card of an offline withdrawal method according to yet another embodiment of the present disclosure;

FIG. 14 schematically illustrates a flow of an electronic card receiving and storing information for an offline withdrawal method according to yet another embodiment of the present disclosure;

FIG. 15 schematically illustrates a block diagram of an offline withdrawal system according to an embodiment of the present disclosure;

FIG. 16 schematically illustrates a block diagram of an offline cash device in accordance with an embodiment of the present disclosure;

FIG. 17 schematically illustrates a block diagram of an electronic card according to an embodiment of the disclosure; and

Fig. 18 schematically illustrates a block diagram of an electronic device according to an embodiment of the disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). The terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more features.

In the technical solution of the present disclosure, the related user information (including, but not limited to, user personal information, user image information, user equipment information, such as location information, etc.) and data (including, but not limited to, data for analysis, stored data, displayed data, etc.) are information and data authorized by the user or sufficiently authorized by each party, and the related data is collected, stored, used, processed, transmitted, provided, disclosed, applied, etc. in compliance with relevant laws and regulations and standards, necessary security measures are taken, no prejudice to the public order colloquia is provided, and corresponding operation entries are provided for the user to select authorization or rejection.

In the scenario of using personal information to make an automated decision, the method, the device and the system provided by the embodiment of the disclosure provide corresponding operation inlets for users, so that the users can choose to agree or reject the automated decision result; if the user selects refusal, the expert decision flow is entered. The expression "automated decision" here refers to an activity of automatically analyzing, assessing the behavioral habits, hobbies or economic, health, credit status of an individual, etc. by means of a computer program, and making a decision. The expression "expert decision" here refers to an activity of making a decision by a person who is specializing in a certain field of work, has specialized experience, knowledge and skills and reaches a certain level of expertise.

In the related art, service data are stored in a data center or a data backup center in the form of electronic data, and when the data in the data center and the data backup center are damaged, the service cannot be effectively performed. In order to solve the above-mentioned problems, embodiments of the present disclosure provide an offline withdrawal method, apparatus, electronic device, computer readable storage medium, and computer program product, so that even when service data of a data center and a data backup center are not available, operation of a withdrawal service can still be performed normally, and risk resistance of the service is effectively improved.

Embodiments of the present disclosure provide an offline withdrawal method including, but not limited to: in a network available state of a withdrawal unit and a card making unit, the withdrawal unit acquires a first public key certificate from the card making unit, wherein the first public key certificate has an associated first private key; the withdrawal unit obtains authorization of a withdrawal person; after the authorization of the teller is obtained, the teller unit responds to a teller instruction input by the teller to obtain teller information; the withdrawal unit performs signature verification on a second public key certificate in the electronic card according to the first public key certificate to generate a first signature verification result, the second public key certificate is generated by encrypting a second public key in the electronic card according to the first private key in the card making unit, and the second public key is provided with an associated second private key which is stored in the electronic card and is unreadable; when the first signature verification result is that the signature verification passes, the withdrawal unit verifies the target verification information from the electronic card according to the second public key certificate to generate a second signature verification result, and the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key; and when the second signature verification result is that the signature verification passes, the withdrawal unit compares the withdrawal information with the encrypted deposit information written in the electronic card by the card making unit, and when the comparison result meets the set condition, the withdrawal unit executes the withdrawal operation, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

FIG. 1 schematically illustrates a schematic diagram of a system architecture to which an offline withdrawal method of an embodiment of the present disclosure may be applied. It should be noted that fig. 1 is only an example of a system architecture to which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios. It should be noted that, the offline withdrawal method provided by the embodiment of the present disclosure may be used in the information security technical field, the related aspect of the financial field in the information security field, and any field other than the financial field, and the application field of the offline withdrawal method and the device provided by the embodiment of the present disclosure is not limited.

As shown in fig. 1, an exemplary system architecture 100, to which an offline withdrawal method may be applied, may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as mail client applications, file processing class applications, shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the terminal devices 101, 102, 103, as just examples.

The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting functions of data input, file transmission, data analysis, data processing, web browsing, etc., including but not limited to smartphones, tablet computers, laptop and desktop computers, etc.

The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for a user to utilize data acquired by the terminal devices 101, 102, 103 or a browsed website. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device. The file or the like transmitted by the user may be analyzed or processed, and the terminal device may be controlled based on the processing result, for example, access to the terminal device may be restricted.

It should be noted that the offline withdrawal method provided by the embodiments of the present disclosure may be generally performed by the terminal devices 101, 102, 103 and the server 105. Accordingly, the offline cash withdrawal device provided in the embodiments of the present disclosure may be generally disposed in the terminal devices 101, 102, 103 and the server 105. The offline withdrawal method provided by the embodiments of the present disclosure may also be performed by a terminal device that is different from the terminal devices 101, 102, 103 and that is capable of communicating with the terminal devices 101, 102, 103. Accordingly, the offline cash withdrawal device provided by the embodiments of the present disclosure may also be provided in a terminal device different from the terminal devices 101, 102, 103 and capable of communicating with the terminal devices 101, 102, 103.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

The offline withdrawal method of the embodiment of the present disclosure will be described in detail with reference to fig. 2 to 14.

FIG. 2 schematically illustrates a flow chart of an offline withdrawal method according to one embodiment of the present disclosure.

As shown in fig. 2, the flow 200 of the offline cash withdrawal method of the present embodiment includes operations S210 to S260.

In this embodiment, the offline withdrawal method is commonly executed by the card making unit, the electronic card, and the withdrawal unit. Illustratively, the card making unit is configured to generate deposit information based on a deposit deposited by a depositor into a target bank. The deposit information may be stored, for example, in the data center and/or in the backup data center. In addition, the card making unit encrypts deposit information and writes the deposit information into the card making unit, so that the card making unit can conveniently withdraw money offline. The electronic card is, for example, a card having a memory chip and a processor for storing deposit information and processing the received information. The withdrawal unit may be, for example, a device or apparatus that reads deposit information in the electronic card according to a withdrawal operation by a payee to perform the withdrawal operation.

Illustratively, the deposit information includes depositor characteristic information and deposit characteristic information. For example, the depositor characteristic information refers to information associated with characteristics of the depositor, which facilitates authentication of the identity of the depositor. For example, the depositor characteristic information includes a depositor face characteristic, a depositor identity, a depositor associated object face characteristic, and a depositor associated object identity.

In this embodiment, the face feature information of the deposit person is obtained by, for example, collecting face features of the deposit person, and the identity of the deposit person is obtained by, for example, collecting identity information of the deposit person, including, for example, identity card information of the deposit person.

In the present embodiment, the depositor-associated object refers to a person associated with the depositor, including, for example, a person of inheritance, a principal, and the like. The face features of the deposit person associated object are acquired aiming at the face features of the person associated with the deposit person. The identity of the deposit person associated object is acquired according to the identity information of the person associated with the deposit person, and for example, the identity information is included.

Illustratively, the deposit characteristic information includes: information such as date of deposit, term of deposit, point of deposit, line of deposit, name of deposit bank, income of deposit, authentication information of deposit bank, etc. The deposit characteristic information is used for verifying deposit information when a payee withdraws, and performing a withdrawal operation based on the deposit characteristic information to pay the payee.

In operation S210, in a network-available state of the withdrawal unit and the card manufacturing unit, the withdrawal unit acquires a first public key certificate from the card manufacturing unit, the first public key certificate having an associated first private key.

In an embodiment of the present disclosure, the card making unit is a device or apparatus for writing deposit information to an electronic card of a financial institution such as a bank. The card making unit further comprises an encryption system for generating encrypted information, e.g. comprising a private key, a public key or a public key certificate, etc.

The connection network of the withdrawal unit and the card making unit under the normal condition belongs to an available state, so that the interaction between deposit information and withdrawal information between the withdrawal unit and the card making unit is facilitated. The encryption system in the card making unit comprises a first private key and a first public key for performing encryption and decryption operations. The card-making bank to which the card-making unit belongs signs the first public key to obtain a first public key certificate, and the first public key certificate is associated with the first private key.

When the network between the withdrawal unit and the card making unit is unavailable after the withdrawal unit acquires the first public key certificate, the withdrawal unit can still execute withdrawal operation without being influenced by the network connection state between the withdrawal unit and the card making unit, thereby realizing offline withdrawal and effectively improving the risk resistance of the offline withdrawal system.

In operation S220, the withdrawal unit obtains authorization of the payee. For example, the payee's consent or authorization may be obtained prior to obtaining the payee's withdrawal information. The request for the withdrawal information of the payee may be issued to the payee, and the following operation S230 is performed in case the payee agrees or authorizes that the withdrawal information may be acquired.

In operation S230, after the authorization of the payee is obtained, the payee unit obtains the payee' S payee information in response to the payee instruction input by the payee.

When the withdrawer needs to withdraw money, the withdrawer inputs a withdrawal instruction in a withdrawal unit, and the withdrawal unit acquires withdrawal information of the withdrawer.

For example, the withdrawal information includes withdrawal person characteristic information. The payee characteristic information includes: the face characteristics of the withdrawer and the identity identification of the withdrawer.

In operation S240, the withdrawal unit performs signature verification on a second public key certificate in the electronic card according to the first public key certificate, and generates a first signature verification result, the second public key certificate is generated by encrypting the second public key in the electronic card according to a first private key in the card making unit, the second public key has an associated second private key, and the second private key is stored in the electronic card and is unreadable.

In an embodiment of the disclosure, the second private key and the second public key are stored in the electronic card, and the second private key is not readable by an external device or apparatus, and the second private key in the electronic card can only be used by the electronic card for encryption calculation.

According to the embodiment of the disclosure, the second private key is set to be unreadable, so that the security of the data encrypted by the second private key in the electronic card can be ensured, and the possibility of data counterfeiting is effectively avoided.

In the embodiment of the disclosure, the second public key certificate is generated by encrypting the second public key in the electronic card through the first private key in the card making unit, and the first public key certificate is generated by the card making unit of the card making bank, so that the second public key certificate is ensured to be generated by the card making unit of the card making bank by checking the signature of the second public key certificate through the first public key certificate, the situation that data are forged is avoided, and the safety of offline withdrawal is improved.

Illustratively, if the first verification result is that the verification passes, it indicates that the second public key certificate is generated by a card making unit of the card making bank. If the first signature verification result is that the signature verification is not passed, the second public key certificate is not generated by a card making unit of a card making bank, and the second public key certificate is forged or wrong.

In operation S250, when the first verification result is that the verification passes, the withdrawal unit verifies the target verification information from the electronic card according to the second public key certificate to generate a second verification result, and the target verification information is generated by encrypting the card information of the electronic card and the random verification code sent by the withdrawal unit according to the second private key.

In the embodiment of the disclosure, the electronic card stores the target verification information, and the target verification information is used for verifying whether the information in the electronic card is written by the card making unit of the card making bank, namely, ensuring whether the electronic card is issued by the card making bank, improving the safety through twice signature verification, effectively avoiding the situation that the electronic card is forged, and reducing the risk of off-line withdrawal errors.

The target verification information is generated by encrypting card information of the electronic card and a random verification code sent to the electronic card by the withdrawal unit through a second private key stored in the electronic card. The card information of the electronic card may be, for example, a card unique identification of the electronic card for distinguishing between different electronic cards.

In this embodiment, since the second private key is stored in the electronic card and is not readable, when the withdrawal unit sends the random verification code to the electronic card, the electronic card encrypts the received random verification code and card information through the second private key which is stored internally and cannot be read by the external device, and generates the target verification information. Therefore, the generated target verification information can be guaranteed to be not forged in time, and the real-time performance and the safety of offline withdrawal are guaranteed.

In the embodiment of the disclosure, since the target verification information has certain timeliness and randomness, and the target verification data is necessarily associated with the withdrawal unit and the electronic card, the target verification information contained in the electronic card is checked according to the second public key certificate, so that the safety of offline withdrawal can be further improved.

According to an embodiment of the present disclosure, if the second verification result is verification pass, it indicates that the electronic card is generated by a card making unit of a card making bank, and a withdrawal operation between a withdrawal unit in the electronic card and the electronic card is continuous. If the second signature verification result is that the signature verification is not passed, the electronic card is not generated by a card making unit of a card making bank, or the withdrawal operation between the withdrawal unit and the electronic card is abnormal.

In operation S260, when the second verification result is that the verification is passed, the withdrawal unit compares withdrawal information with encrypted deposit information written in the electronic card by the card making unit, and when the comparison result satisfies the set condition, the withdrawal unit performs a withdrawal operation, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

In the embodiment of the disclosure, since the electronic card stores the encrypted deposit information, and the deposit information is encrypted by the first private key to generate the encrypted deposit information, the withdrawal unit is ensured to obtain the original deposit information under the offline state of the withdrawal unit and the card making unit, and the offline withdrawal effect is realized.

The deposit information is generated by a card making unit according to the account entry condition of a depositor, and is encrypted by a first private key after the deposit information is acquired to generate encrypted deposit information.

By comparing the encrypted deposit information with the withdrawal information, it is determined whether at least part of the contents in the deposit information are identical to at least part of the contents in the withdrawal information, thereby performing different operations according to different situations.

In some embodiments of the present disclosure, the payee may be the depositor himself, and the payee may also be a depositor-associated object, e.g., an inheriter of whom the payee is a depositor or an agent of whom the payee is a depositor.

Operation S260 will be described in detail below.

Fig. 3 schematically illustrates a flow of an offline withdrawal method in generating encrypted deposit information according to one embodiment of the present disclosure. FIG. 4 schematically illustrates a flow diagram of an offline withdrawal method in generating encrypted deposit information according to one embodiment of the present disclosure.

As shown in fig. 3, the offline cash withdrawal method of the present embodiment further includes a process S300 of generating encrypted deposit information: the card making unit obtains deposit information of the depositor in response to the deposit information writing instruction, generates encrypted deposit information and stores the encrypted deposit information in the electronic card.

The deposit information is written into the electronic card through the card making unit, and the encrypted deposit information is generated, so that the deposit information can still be obtained from the electronic card by the withdrawal unit when the network of the card making unit and the withdrawal unit is in an unavailable state. Meanwhile, the deposit information is encrypted to generate encrypted deposit information, so that the problem that the information is forged or leaked is effectively avoided.

In some embodiments of the present disclosure, the electronic card may be, for example, a contact card that makes electrical connection by making contact with the card making unit and the withdrawal unit, thereby completing the data exchange or reading operation. The electronic card may be, for example, a contactless card, and the data exchange or reading operation, such as NFC, may be performed by contactless means such as wireless transmission.

As shown in fig. 4, the process S300 includes operations S310 to S330.

In operation S310, the card manufacturing unit acquires deposit information of a depositor in response to the deposit information writing instruction, and converts the deposit information into a preset format.

For example, the depositor clicks the deposit instruction on the card making unit and inputs the responsive deposit information, and the card making unit obtains the deposit information of the depositor in response to the deposit information writing instruction.

Next, the card making unit converts the acquired deposit information into a preset format, for example, converts the deposit information into BCD code, so that the storage is facilitated.

In operation S320, the card manufacturing unit encrypts deposit information in a preset format according to the first private key to generate encrypted deposit information.

For example, the first private key is stored in an encryption system of the card making unit, and by encrypting deposit information, the problem that the deposit information is tampered or leaked is avoided, and the security is improved.

In operation S330, the card manufacturing unit stores the encrypted deposit information in the electronic card. The encrypted deposit information is used for being acquired by the withdrawal unit during the offline withdrawal operation, so that the offline withdrawal operation can still be performed under the condition that the card making unit and the withdrawal unit are not available in the network.

FIG. 5 schematically illustrates a flow diagram of an offline withdrawal method in generating a second public key certificate according to one embodiment of the present disclosure.

As shown in fig. 5, the offline withdrawal method of the present embodiment further includes a flow 400, and the flow 400 includes operations S410 to S420.

In operation S410, the electronic card generates a second public key and a second private key in response to the deposit information writing instruction of the card making unit.

When the card making unit is to write deposit information into the electronic card, the electronic card responds to a deposit information writing instruction of the card making unit to generate a second public key and a second private key, so that the written data is convenient to encrypt, and as the second private key cannot be read by other equipment or devices, the data written into the electronic card can be effectively prevented from being tampered, and the safety of the data in the electronic card is improved.

In operation S420, the card manufacturing unit obtains a second public key of the electronic card, encrypts the second public key according to the first private key, and generates a second public key certificate.

According to embodiments of the present disclosure, by encrypting the second public key using the first private key, it may be ensured that only the first public key associated with the first private key can decrypt and use the second public key, thereby serving to verify the identity and integrity of the message between the card making unit and the electronic card, ensuring that the message is from the intended sender and has not been tampered with during transmission.

FIG. 6 schematically illustrates a flow diagram of an offline withdrawal method in generating target verification information according to one embodiment of the disclosure.

As shown in fig. 6, the offline withdrawal method of the present embodiment further includes a flow 500, and the flow 500 includes operations S510 to S520.

In operation S510, after the first verification result is that the verification is passed, the withdrawal unit sends a random verification code to the electronic card in response to the withdrawal instruction input by the payee.

In embodiments of the present disclosure, by sending a random verification code to an electronic card, it is used to increase randomness and complexity, increase the security of offline withdrawals and the ability to resist attacks.

In operation S520, the electronic card encrypts the card information and the random verification code of the electronic card according to the second private key to generate target verification information.

In the embodiment of the disclosure, the second private key is stored in the electronic card, and the second private key cannot be read by external equipment or devices, so that the security of the generated target verification information can be further improved, and the uniqueness of the target verification information in the electronic card is ensured.

FIG. 7 schematically illustrates a flow diagram of an offline withdrawal method according to one embodiment of the present disclosure at operation S260. Fig. 8 schematically illustrates a flow diagram of an offline withdrawal method according to another embodiment of the present disclosure at operation S260.

In some embodiments of the present disclosure, the deposit information includes depositor characteristic information and deposit characteristic information; the depositor characteristic information includes: the face feature of the deposit person, the identity mark of the deposit person, the face feature of the deposit person associated object and the identity mark of the deposit person associated object; the deposit characteristic information includes: deposit date, deposit deadline, deposit site, deposit line, deposit bank name, deposit income, deposit bank authentication information.

The withdrawal information includes withdrawal person feature information including: the face characteristics of the withdrawer and the identity identification of the withdrawer.

In one embodiment of the present disclosure, as shown in fig. 7, operation S260: the withdrawal unit compares the withdrawal information with the encrypted deposit information from the electronic card, and when the comparison result meets the set condition, the withdrawal unit executes the withdrawal operation.

The operation S260 specifically includes operations S261 to S262.

In operation S261, the deposit information is obtained by decrypting the encrypted deposit information according to the first public key certificate by the withdrawal unit in response to the withdrawal instruction as a depositor withdrawal instruction.

In an embodiment of the present disclosure, since the encrypted deposit information is encrypted by the first private key. The information encrypted by the first private key may be decrypted by the first public key included in the first public key certificate. Accordingly, the withdrawal unit decrypts the encrypted deposit information through the first public key certificate, and can obtain the deposit information.

The deposit information contains deposit person characteristic information and deposit characteristic information, and specifically includes: the method comprises the steps of a face feature of a deposit person, an identity mark of the deposit person, a face feature of a relevant object of the deposit person, an identity mark of the relevant object of the deposit person, a deposit date, a deposit deadline, a deposit site, a deposit amount, a deposit bank name, a deposit income and deposit bank authentication information.

In operation S262, whether the face feature of the deposit person in the deposit person feature information and the identity of the deposit person are identical to the face feature of the withdrawal person in the withdrawal person feature information or not is compared by the withdrawal unit, and if so, the withdrawal operation is performed.

In this embodiment, the withdrawal instruction which the payee can select when withdrawing is the original depositor. After the instruction is selected by the withdrawer, the face feature of the deposit and the identity of the deposit in the deposit information are obtained and compared with the face feature of the withdrawer and the identity of the withdrawer in the withdrawal information.

For example, whether the face features of the deposit person and the face features of the withdrawal person are consistent is compared, if so, whether the identity of the deposit person is consistent with the identity of the withdrawal person is compared, and if so, the current withdrawal person is the original deposit person.

In embodiments of the present disclosure, the original depositor may not be able to perform the withdrawal operation for other reasons, such as the depositor dying, unexpected or inconvenient to act, and the depositor's inheritor agent may perform the withdrawal operation. I.e. the current payee may be an associated object of the depositor, for example, an inheritor or agent, etc.

In another embodiment of the present disclosure, as shown in fig. 8, operation S260 includes operations S263 to S264.

In operation S263, the deposit information is obtained by decrypting the encrypted deposit information according to the first public key certificate in response to the withdrawal instruction by the withdrawal unit for the deposit person-associated object withdrawal instruction.

In this embodiment, the payee is not an original depositor, but a depositor-related object. The problem that the original depositor cannot withdraw money to cause account abnormity can be avoided.

In operation S264, whether the face feature of the deposit person related object in the deposit person feature information and the identity of the deposit person related object in the deposit person feature information are consistent with the face feature of the withdrawal person in the withdrawal person feature information and the identity of the withdrawal person is compared by the withdrawal unit, and if so, the withdrawal operation is performed.

In this embodiment, the characteristic information of the depositor includes the face characteristic of the relevant object of the depositor and the identity of the relevant object of the depositor. When the withdrawal person withdraws money, firstly comparing whether the face features of the deposit person associated object are consistent with the face features of the withdrawal person, if so, continuously comparing whether the identity of the deposit person associated object is consistent with the identity of the withdrawal person, and if so, indicating that the withdrawal person is the deposit person associated object currently.

In the embodiment of the disclosure, before the withdrawal unit executes the withdrawal operation, whether the identification original of the withdrawal person is true is judged, if true, the withdrawal operation is executed, and otherwise, the withdrawal operation is refused.

For example, before the withdrawal unit performs the withdrawal operation, it needs to determine an identification original (for example, an identification card, a driver license, etc.) of the withdrawal person, if true, the withdrawal operation is permitted to be performed, and if false, the withdrawal operation is refused. Thus, the safety of the offline withdrawal can be further improved.

In an embodiment of the present disclosure, the authorization of the depositor is obtained before the depositor's depositor information is obtained, and the depositor information, such as the depositor characteristic information in the depositor information, is obtained after the depositor's authorization is obtained.

FIG. 9 schematically illustrates a flow chart of an offline withdrawal method according to another embodiment of the present disclosure.

As shown in fig. 9, the flow 600 of the offline withdrawal method includes operations S610 to S660. The offline withdrawal method of the present embodiment is performed by a withdrawal unit.

In operation S610, in a network-available state of a withdrawal unit and a card manufacturing unit, a first public key certificate is acquired by the withdrawal unit, the first public key certificate having an associated first private key.

In operation S620, authorization of the payee is obtained through the withdrawal unit.

In operation S630, after the authorization of the payee is obtained, the payee' S withdrawal information is obtained by the withdrawal unit in response to the withdrawal instruction input by the payee.

In operation S640, a second public key certificate is signed by the withdrawal unit according to the first public key certificate, and a first signing result is generated, where the second public key certificate is generated by encrypting a second public key in an electronic card according to the first private key in the card making unit, and the second public key has an associated second private key, and the second private key is stored in the electronic card and is unreadable.

In operation S650, when the first verification result is verification, the withdrawal unit verifies the target verification information from the electronic card according to the second public key certificate to generate a second verification result, where the target verification information is generated by encrypting the card information of the electronic card and the random verification code sent by the withdrawal unit according to the second private key.

In operation S660, when the second verification result is verification, the withdrawal information is compared with the encrypted deposit information from the electronic card by the withdrawal unit, and when the comparison result satisfies the set condition, the withdrawal operation is performed by the withdrawal unit, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card manufacturing unit according to the first private key.

In this embodiment, the specific process of operation S660 is the same as operations S261, S262, S263, and S264 included in operation S260, and the technical effects are the same, which is not described herein.

Fig. 10 schematically illustrates a flow of sending a random verification code for a withdrawal unit in an offline withdrawal method according to another embodiment of the present disclosure.

As shown in fig. 10, the offline teller method of the present embodiment further includes a flow S641: after the first signature verification result is that the signature verification passes, a random verification code is sent to the electronic card through a withdrawal unit in response to a withdrawal instruction input by a withdrawal person.

The random verification code is sent to the electronic card, so that randomness and complexity are improved, and the safety of offline withdrawal and the capability of resisting attacks are improved.

Fig. 11 schematically illustrates a flow of a withdrawal unit in an offline withdrawal method to determine the identity of a payee as an original according to another embodiment of the present disclosure.

As shown in fig. 11, the offline cash withdrawal method of the present embodiment further includes a flow S6601: before the withdrawal unit executes the withdrawal operation, judging whether the identity mark original of the withdrawer is true or not through the withdrawal unit, if true, executing the withdrawal operation, otherwise, refusing the withdrawal operation.

The safety of the offline withdrawal is improved by judging whether the identity identification element of the withdrawer is true or not.

FIG. 12 schematically illustrates a flow chart of an offline withdrawal method according to yet another embodiment of the present disclosure.

As shown in fig. 12, the flow 700 of the offline cash withdrawal method of the present embodiment includes operations S710 to S740. The offline withdrawal method of the present embodiment is performed by an electronic card.

In operation S710, in response to the withdrawal instruction, the random verification code is received by the electronic card, the random verification code and card information of the electronic card are encrypted according to a second private key, the target verification information is generated, the second private key has an associated second public key, and the second private key is stored in the electronic card and is unreadable.

In operation S720, the stored second public key certificate is sent through the electronic card, the second public key certificate is used for generating a first signing verification result, the first signing verification result is obtained by the withdrawal unit signing the second public key certificate according to the first public key certificate, the second public key certificate is generated by encrypting the second public key through the first private key, and the first public key certificate is associated with the first private key and is generated by the card making unit.

In operation S730, in response to the instruction that the first verification result is passed, the electronic card is used to send target verification information, where the target verification information is used to generate a second verification result, and the second verification result is generated by the withdrawal unit through verification of the target verification information by using the second public key certificate.

In operation S740, in response to the instruction that the second verification result is passed, encrypted deposit information is transmitted through the electronic card, the encrypted deposit information being used to generate a comparison result that the withdrawal unit compares the encrypted deposit information with the withdrawal information, the comparison result being used to perform the withdrawal operation when the set condition is satisfied, the encrypted deposit information being generated by encrypting the deposit information acquired by the card making unit with the first private key.

Fig. 13 schematically illustrates a flow of generating a second private key and a second public key by an electronic card of an offline withdrawal method according to yet another embodiment of the present disclosure.

In this embodiment, the offline withdrawal method further includes a process S810: and responding to a deposit information writing instruction of a depositor, generating a second private key and a second public key through the electronic card, wherein the second public key is used for generating a second public key certificate, and the second public key certificate is generated by encrypting the second public key through the first private key by the card making unit.

Fig. 14 schematically illustrates a flow of receiving and storing information by an electronic card of an offline withdrawal method according to yet another embodiment of the present disclosure.

In this embodiment, the offline withdrawal method further includes a flow S820: the second public key certificate and the encrypted deposit information of the depositor are received and stored by the electronic card, and the encrypted deposit information is generated by encrypting the deposit information in a set format by the card making unit through the first private key.

Fig. 15 schematically illustrates a block diagram of an offline withdrawal system according to an embodiment of the present disclosure. Fig. 16 schematically illustrates a block diagram of an offline cash device in accordance with an embodiment of the present disclosure. Fig. 17 schematically illustrates a block diagram of an electronic card according to an embodiment of the disclosure.

As shown in fig. 15-17, the offline cash system 900 includes an offline cash device 910 and an electronic card 920.

The offline teller device 910 includes a first obtaining module 911, a second obtaining module 912, a third obtaining module 913, a first generating module 914, a second generating module 915, and a comparing module 916.

The first obtaining module 911 is configured to obtain a first public key certificate in a network available state of the withdrawal unit and the card making unit, the first public key certificate having an associated first private key. In an embodiment, the first obtaining module 911 may be used to perform the operation S610 described above, which is not described herein.

A second acquisition module 912 is configured to obtain authorization of the payee. In an embodiment, the second obtaining module 912 may be configured to perform the operation S620 described above, which is not described herein.

The third obtaining module 913 is configured to obtain the withdrawal information of the withdrawer in response to the withdrawal instruction input by the withdrawer after obtaining the authorization of the withdrawer. In an embodiment, the third obtaining module 913 may be configured to perform the operation S630 described above, which is not described herein.

A first generating module 914 configured to sign a second public key certificate according to the first public key certificate, and generate a first sign-checking result, where the second public key certificate is generated by encrypting a second public key in an electronic card according to the first private key in a card making unit, and the second public key has an associated second private key, and the second private key is stored in the electronic card and is not readable. In an embodiment, the first generating module 914 may be used to perform the operation S640 described above, which is not described herein.

And the second generating module 915 is configured to perform signature verification on target verification information from the electronic card according to the second public key certificate when the first signature verification result is that the signature verification passes, so as to generate a second signature verification result, wherein the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key. In an embodiment, the second generating module 915 may be used to perform the operation S650 described above, which is not described herein.

And a comparison module 916 configured to compare the withdrawal information with the encrypted deposit information from the electronic card when the second verification result is verification, and execute the withdrawal operation when the comparison result meets the set condition, wherein the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key. In an embodiment, the comparison module 916 may be configured to perform the operation S660 described above, which is not described herein.

The electronic card 920 includes a first response module 921, a transmission module 922, a second response module 923, and a third response module 924.

The first response module 921 is configured to respond to the withdrawal instruction, receive the random verification code, encrypt the random verification code and card information of the electronic card according to a second private key, and generate target verification information, where the second private key has an associated second public key, and the second private key is stored in the electronic card and is unreadable. In an embodiment, the first response module 921 may be used to perform the operation S710 described above, which is not described herein.

The sending module 922 is configured to send a stored second public key certificate, where the second public key certificate is used to generate a first signing verification result, where the first signing verification result is obtained by signing the second public key certificate according to a first public key certificate by a withdrawal unit, the second public key certificate is generated by encrypting a second public key by a first private key, and the first public key certificate is associated with the first private key and is generated by the card making unit. In an embodiment, the sending module 922 may be used to perform the operation S720 described above, which is not described herein.

The second response module 923 is configured to respond to the instruction that the first signature verification result is passed, send the target verification information, where the target verification information is used to generate a second signature verification result, and the second signature verification result is generated by the withdrawal unit through the second public key certificate to verify the target verification information. In an embodiment, the second response module 923 may be used to perform the operation S730 described above, which is not described herein.

And a third response module 924 configured to send the encrypted deposit information in response to an instruction that the second verification result is passed, where the encrypted deposit information is used to generate a comparison result that is generated by the withdrawal unit comparing the encrypted deposit information and the withdrawal information, and the comparison result is used to perform a withdrawal operation when a set condition is satisfied, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key. In an embodiment, the third response module 924 may be configured to perform the operation S740 described above, which is not described herein.

In some embodiments of the present disclosure, the offline cash recycling device further includes an encryption module configured to: and responding to a deposit information writing instruction, obtaining deposit information of a depositor, and writing the deposit information into the electronic card to generate the encrypted deposit information.

In some embodiments of the present disclosure, the encryption module further comprises an encryption sub-module configured to: obtaining deposit information of a deposit person and converting the deposit information into a preset format; encrypting the deposit information in a preset format through the first private key to generate the encrypted deposit information.

In an alternative embodiment of the present disclosure, the offline withdrawal system further comprises a card making device.

The card manufacturing device is configured to acquire deposit information of a depositor in response to a deposit information writing instruction, generate the encrypted deposit information, and store the encrypted deposit information in the electronic card.

The card making device comprises a card making module which is configured to enable the card making unit to respond to a deposit information writing instruction, acquire deposit information of a deposit person and convert the deposit information into a preset format; the card making unit encrypts the deposit information in a preset format according to the first private key so as to generate the encrypted deposit information; the card making unit stores the encrypted deposit information into an electronic card.

According to embodiments of the present disclosure, any of the offline cash device 910, the electronic card 920, the first obtaining module 911, the second obtaining module 912, the third obtaining module 913, the first generating module 914, the second generating module 915, the comparing module 916, the first responding module 921, the sending module 922, the second responding module 923, and the third responding module 924 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the present disclosure, at least one of the offline cash device 910, the electronic card 920, the first acquisition module 911, the second acquisition module 912, the third acquisition module 913, the first generation module 914, the second generation module 915, the comparison module 916, the first response module 921, the sending module 922, the second response module 923, and the third response module 924 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Or at least one of the offline cash device 910, the electronic card 920, the first obtaining module 911, the second obtaining module 912, the third obtaining module 913, the first generating module 914, the second generating module 915, the comparing module 916, the first responding module 921, the sending module 922, the second responding module 923, and the third responding module 924 may be at least partially implemented as a computer program module that, when executed, may perform the corresponding functions.

Fig. 18 schematically illustrates a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 18 is merely an example, and should not impose any limitation on the functionality and scope of use of the embodiments of the present disclosure.

As shown in fig. 18, an electronic device 1000 according to an embodiment of the present disclosure includes a processor 1001 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. The processor 1001 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1001 may also include on-board memory for caching purposes. The processor 1001 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.

In the RAM 1003, various programs and data necessary for the operation of the electronic apparatus 1000 are stored. The processor 1001, the ROM 1002, and the RAM 1003 are connected to each other by a bus 1004. The processor 1001 performs various operations of the method flow according to the embodiment of the present disclosure by executing programs in the ROM 1002 and/or the RAM 1003. Note that the program may be stored in one or more memories other than the ROM 1002 and the RAM 1003. The processor 1001 may also perform various operations of the method flow according to the embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the disclosure, the electronic device 1000 may also include an input/output (I/O) interface 1005, the input/output (I/O) interface 1005 also being connected to the bus 1004. The electronic device 1000 may also include one or more of the following components connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 1002 and/or RAM 1003 and/or one or more memories other than ROM 1002 and RAM 1003 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of signals on a network medium, distributed, and downloaded and installed via the communication section 1009, and/or installed from the removable medium 1011. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. An offline cash withdrawal method, the method comprising:

Acquiring a first public key certificate through a withdrawal unit in a network available state of the withdrawal unit and a card making unit, wherein the first public key certificate is provided with an associated first private key;

obtaining authorization of a withdrawer through the withdrawing unit;

After the authorization of the teller is obtained, the teller unit responds to a teller instruction input by the teller to obtain the teller information of the teller;

Signing a second public key certificate according to the first public key certificate through the withdrawal unit to generate a first signing verification result, wherein the second public key certificate is generated by encrypting a second public key in an electronic card according to the first private key in the card making unit, and the second public key is provided with an associated second private key which is stored in the electronic card and is unreadable;

When the first signature verification result is that the signature verification passes, the target verification information from the electronic card is verified through the withdrawal unit according to the second public key certificate, a second signature verification result is generated, and the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key;

And when the second signature verification result is that the signature verification passes, comparing the withdrawal information with the encrypted deposit information from the electronic card through the withdrawal unit, and executing the withdrawal operation through the withdrawal unit when the comparison result meets the set condition, wherein the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

2. The method of claim 1, wherein the step of determining the position of the substrate comprises,

The deposit information comprises deposit person characteristic information, and the withdrawal information comprises withdrawal person characteristic information;

comparing the withdrawal information with the encrypted deposit information from the electronic card through the withdrawal unit, and executing the withdrawal operation through the withdrawal unit when the comparison result meets the set condition, wherein the method comprises the following steps:

the withdrawal unit responds to a withdrawal instruction as a deposit person withdrawal instruction, and decrypts the encrypted deposit information according to the first public key certificate to obtain the deposit information;

And comparing whether the face feature of the deposit person in the feature information of the deposit person and the identity mark of the deposit person are consistent with the face feature of the withdrawal person in the feature information of the withdrawal person or not through the withdrawal unit, and if so, executing withdrawal operation.

3. The method of claim 1, wherein the step of determining the position of the substrate comprises,

the withdrawal unit responds to a withdrawal instruction for a deposit person associated object withdrawal instruction, and decrypts the encrypted deposit information according to the first public key certificate to obtain the deposit information;

and comparing whether the face features of the deposit person related objects in the deposit person feature information and the identity marks of the deposit person related objects in the deposit person feature information are consistent with the face features of the withdrawal person in the withdrawal person feature information and the identity marks of the withdrawal person, and if so, executing withdrawal operation.

4. The method of claim 1, wherein the step of determining the position of the substrate comprises,

And after the first signature verification result is that the signature verification passes, a random verification code is sent to the electronic card through the withdrawal unit in response to a withdrawal instruction input by the withdrawer.

5. The method of claim 1, wherein the step of determining the position of the substrate comprises,

Before the withdrawal unit executes the withdrawal operation, the withdrawal unit judges whether the identification original of the withdrawal person is true or not,

If true, the withdrawal operation is performed,

Otherwise, the withdrawal operation is denied.

6. An offline cash withdrawal method, the method comprising:

Receiving a random verification code through an electronic card in response to a withdrawal instruction, and encrypting the random verification code and card information of the electronic card according to a second private key to generate target verification information, wherein the second private key is provided with an associated second public key, and the second private key is stored in the electronic card and is unreadable;

The method comprises the steps that a stored second public key certificate is sent through the electronic card, the second public key certificate is used for generating a first signing verification result, the first signing verification result is obtained by a withdrawal unit through signing the second public key certificate according to a first public key certificate, the second public key certificate is generated by encrypting a second public key through a first private key, and the first public key certificate is associated with the first private key and is generated by a card manufacturing unit;

Responding to the instruction that the first signature verification result is passed, sending target verification information through the electronic card, wherein the target verification information is used for generating a second signature verification result, and the second signature verification result is generated by a withdrawal unit through the second public key certificate for verifying the target verification information;

and responding to the instruction that the second signature verification result is passed, sending the encrypted deposit information through the electronic card, wherein the encrypted deposit information is used for generating a comparison result, the comparison result is generated by a withdrawal unit comparing the encrypted deposit information with the withdrawal information, the comparison result is used for executing withdrawal operation when the set condition is met, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit through a first private key.

7. The method as recited in claim 6, further comprising:

And responding to a deposit information writing instruction of a depositor, generating a second private key and a second public key through the electronic card, wherein the second public key is used for generating a second public key certificate, and the second public key certificate is generated by encrypting the second public key through the first private key by the card making unit.

8. The method as recited in claim 7, further comprising:

And receiving and storing the second public key certificate and the encrypted deposit information of the depositor through the electronic card, wherein the encrypted deposit information is generated by encrypting deposit information in a set format through a first private key by a card making unit.

9. An offline cash withdrawal method, comprising:

in a network available state of a withdrawal unit and a card making unit, the withdrawal unit acquires a first public key certificate from the card making unit, wherein the first public key certificate has an associated first private key;

the withdrawal unit obtains authorization of a withdrawal person;

After the authorization of the teller is obtained, the teller unit responds to a teller instruction input by the teller to obtain teller information;

The withdrawal unit performs signature verification on a second public key certificate in the electronic card according to the first public key certificate to generate a first signature verification result, the second public key certificate is generated by encrypting a second public key in the electronic card according to the first private key in the card making unit, and the second public key is provided with an associated second private key which is stored in the electronic card and is unreadable;

When the first signature verification result is that the signature verification passes, the withdrawal unit verifies the target verification information from the electronic card according to the second public key certificate to generate a second signature verification result, and the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key;

and when the second signature verification result is that the signature verification passes, the withdrawal unit compares the withdrawal information with the encrypted deposit information written in the electronic card by the card making unit, and when the comparison result meets the set condition, the withdrawal unit executes the withdrawal operation, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

10. The method as recited in claim 9, further comprising:

The card making unit responds to the deposit information writing instruction to obtain deposit information of a depositor, generates the encrypted deposit information and stores the encrypted deposit information in the electronic card.

11. The method of claim 10, wherein the step of determining the position of the first electrode is performed,

The card making unit responds to the deposit information writing instruction to obtain deposit information of a deposit person, generates the encrypted deposit information and stores the encrypted deposit information into the electronic card, and comprises the following steps:

the card making unit responds to a deposit information writing instruction to acquire deposit information of a deposit person and convert the deposit information into a preset format;

The card making unit encrypts the deposit information in a preset format according to the first private key so as to generate the encrypted deposit information;

The card making unit stores the encrypted deposit information into an electronic card.

12. The method as recited in claim 9, further comprising:

The electronic card responds to a deposit information writing instruction of the card making unit to generate the second public key and the second private key;

The card making unit obtains the second public key of the electronic card, encrypts the second public key according to the first private key, and generates the second public key certificate.

13. The method as recited in claim 9, further comprising:

after the first signature verification result is that the signature verification passes, the withdrawal unit responds to a withdrawal instruction input by the withdrawer and sends a random verification code to the electronic card;

And the electronic card encrypts card information of the electronic card and the random verification code according to the second private key to generate the target verification information.

14. The method of claim 9, wherein the step of determining the position of the substrate comprises,

The deposit information includes depositor characteristic information and deposit characteristic information;

The depositor characteristic information includes: the face feature of the deposit person, the identity mark of the deposit person, the face feature of the deposit person associated object and the identity mark of the deposit person associated object;

The deposit characteristic information includes: deposit date, deposit deadline, deposit site, deposit line, deposit bank name, deposit income, deposit bank authentication information.

15. An offline cash withdrawal device, comprising:

The first acquisition module is configured to acquire a first public key certificate under the network available state of the withdrawal unit and the card making unit, wherein the first public key certificate is provided with an associated first private key;

a second acquisition module configured to obtain authorization of the payee;

the third acquisition module is configured to respond to the withdrawal instruction input by the withdrawer after the authorization of the withdrawer is obtained, and acquire the withdrawal information of the withdrawer;

The first generation module is configured to sign a second public key certificate according to the first public key certificate, generate a first sign checking result, and encrypt a second public key in an electronic card according to the first private key in a card making unit, wherein the second public key has an associated second private key, and the second private key is stored in the electronic card and is unreadable;

The second generation module is configured to perform signature verification on target verification information from the electronic card according to the second public key certificate when the first signature verification result is that the signature verification passes, and generate a second signature verification result, wherein the target verification information is generated by encrypting card information of the electronic card and a random verification code sent by the withdrawal unit according to the second private key;

And the comparison module is configured to compare the withdrawal information with the encrypted deposit information from the electronic card when the second verification result is verification passing, and execute the withdrawal operation when the comparison result meets the set condition, wherein the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

16. An electronic card, comprising:

The first response module is configured to respond to the withdrawal instruction, receive the random verification code, encrypt the random verification code and card information of the electronic card according to a second private key, and generate target verification information, wherein the second private key is provided with an associated second public key, and the second private key is stored in the electronic card and is unreadable;

The system comprises a sending module, a first signing module and a second signing module, wherein the sending module is configured to send a stored second public key certificate, the second public key certificate is used for generating a first signing verification result, the first signing verification result is obtained by signing the second public key certificate according to a first public key certificate by a withdrawal unit, the second public key certificate is generated by encrypting a second public key through a first private key, and the first public key certificate is related to the first private key and is generated by a card making unit;

the second response module is configured to respond to the instruction that the first verification result is passed, send the target verification information, wherein the target verification information is used for generating a second verification result, and the second verification result is generated by the withdrawal unit through verification of the target verification information by the second public key certificate;

And the third response module is configured to respond to the instruction that the second verification result is passed, send the encrypted deposit information, and the encrypted deposit information is used for generating a comparison result, wherein the comparison result is generated by the withdrawal unit comparing the encrypted deposit information with the withdrawal information, and the comparison result is used for executing the withdrawal operation when the set condition is met, and the encrypted deposit information is generated by encrypting the deposit information acquired by the card making unit according to the first private key.

17. An offline withdrawal system, comprising:

an offline cash device as claimed in claim 15, and

The electronic card of claim 16.

18. An electronic device, comprising:

one or more processors;

Storage means for storing one or more computer programs,

Characterized in that the one or more processors execute the one or more computer programs to implement the steps of the method according to any one of claims 1 to 14.

19. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, realizes the steps of the method according to any one of claims 1-14.

20. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method according to any one of claims 1-14.