However, there is not much explanation for the "double-line" payment white paper that is widely concerned in the industry. It just means that it is cooperating with mobile phone manufacturers to study and provide new mobile payment experiences including dual offline transactions. It is possible to bridge the "digital divide" by testing the hard wallet payment mode based on smart vision card and separated from mobile phone.
In this regard, the mobile payment network introduces in detail the possible performance and influence of digital RMB "double offline" payment (can digital RMB guarantee payment when the network is disconnected and power is cut off? ), this time we will look at some technical details of "double offline" payment from the perspective of patents.
Method and system for offline payment using digital currency chip card
In 20 16, the Institute of Printing Science and Technology of the People's Bank of China applied for a patent named "Method and System for Offline Payment with digital currency Chip Card", which is also one of the few patent layouts directly related to "Double Offline" in the central bank system.
The Institute of Printing Science and Technology of the People's Bank of China, which belongs to the head office of the People's Bank of China, is a professional research unit of banknote printing, focusing on application development and research, taking into account basic application research. From the perspective of patent layout, it is also the only institution in the Central Bank that provides patent layout related to chip cards in digital currency.
According to this patent, when the digital currency chip card is used for offline payment, the terminal equipment accepts the transaction amount without establishing a network connection with the digital currency system of the commercial bank; The user terminal equipment obtains the transaction amount from the accepting terminal equipment through short-distance wireless connection, and sends the transaction information to the accepting terminal equipment; After the acceptance terminal equipment establishes network connection with the digital currency system of the commercial bank, the acceptance terminal equipment sends transaction information to the digital currency system of the commercial bank; After receiving the transaction information, the digital currency system of the commercial bank sends the ownership change request to the digital currency system of the central bank; After receiving the request to change the owner, the digital currency system of the central bank changes the owner of digital currency to the merchant code corresponding to the terminal equipment.
In fact, the whole transaction logic is very clear, that is, when the user makes offline payment in digital currency through the "card-type hardware wallet", the receiving end will confirm whether the transaction information (card information and transaction amount) and the account are used normally after receiving the information. After the acceptance terminal establishes a network connection with the digital currency system, the transaction information will be sent to the digital currency system of commercial banks. After receiving the transaction information, the digital currency system of a commercial bank will send a request for changing the ownership to the banknote counting system of the central bank.
In the offline payment process, the receiving user can verify the authenticity of the digital currency received at that time, but it is still necessary to verify whether digital currency has made repeated payments in the background. The design idea is that digital currency, which needs repeated payment verification, will be marked as "pending repeated payment verification" in the client e-wallet program (such as POS machine), and once the POS machine is networked, it will automatically apply for repeated payment verification to digital currency system. After receiving the verification application, the system will take corresponding actions, record the transaction process in the registration center, and update the owner of digital currency. If the payee is not a registered user of the system, the system will also record the withdrawal password reserved by the payee.
Among them, the patent also introduces encryption and decryption of public and private keys, digital certificates, PKI and IBC security authentication systems. At that time, the patent also introduced the currency value and change of digital currency in detail, but from the later development, the digital RMB system did not adopt this fixed denomination form.
In fact, according to the patent book, a key problem of the patent at that time was that the receiving end could not receive the money normally without networking after completing the offline payment transaction. As for the details of this issue, the patent did not discuss it.
Offline payment method, terminal and agent delivery device based on digital currency
Since then, China Industrial and Commercial Bank Co., Ltd. (hereinafter referred to as "ICBC") has also applied for a patent named "Off-line payment method, terminal and agent delivery equipment based on digital currency" on 20 18, and introduced the digital currency payment method under the condition of dual off-line. This is also one of the few patent layouts of banks in digital currency's "double-line" payment.
According to the patent book, the method is applied to the payment terminal, and comprises the following steps: verifying the digital certificate of the payment user, and obtaining the transaction information signed by the private key of the payment user from the payment terminal if the digital certificate of the payment user is within the validity period; Verify the legitimacy of the transaction information with the public key of the paying user, decrypt the offline digital currency with the private key of the receiving user, and compare the amount of the offline digital currency with the transaction amount; If the transaction information is legal, and the amount of offline digital currency is the same as the transaction amount, the payment terminal is notified to deduct the money; When receiving the notification of successful deduction sent by the payment terminal, register the offline transaction record and increase the offline digital currency number in the account.
Among them, digital currency's release management equipment 10 1 was deployed in the People's Bank of China to manage the digital currency release quota of each institution, and digital currency's release management equipment 10 1 set the digital currency release quota according to the institution's release demand, and freeze the deposit reserve of the institution's corresponding quota. Digital currency delivery management equipment 10 1 generates delivery currency according to the delivery quota of digital currency, and sends the delivery currency information to the agent delivery equipment deployed in each agent delivery institution in the form of messages 102.
The agent delivery equipment 102 receives the delivery information sent by digital currency delivery management equipment 10 1, and according to the users' demand of importing into digital currency, makes the corresponding amount of digital currency for users, manages the account books of digital currency, and provides users with services such as related account balance inquiry, online transaction entry and offline amount.
The payment terminal 103 and the payment terminal 104 can be network devices supporting mobile payment, such as mobile phones, tablet computers or smart wearable devices.
In the offline payment scenario, information is exchanged offline between the payment terminal 103 and the payment terminal 104. The communication between the terminal and the proxy transmission device 102 is through the network.
According to this patent, in the case of dual offline payment, although the number of offline digital currency in the receiving user's terminal account has increased, the receiving user's account has not changed in the agency delivery mechanism, that is, the money stored by the receiving user in the agency delivery mechanism has not increased at this time, so the offline digital currency currently received by the receiving terminal cannot be used for external payment. So offline digital currency can be frozen; When connected to the network, sending an offline transaction record to the agent delivery device, so that the agent delivery device can change the digital currency count in the account according to the offline transaction record; Unfreeze the offline digital currency, and the unfrozen offline digital currency can be used to pay other users.
As mentioned in the patent, the off-line digital currency quota in this scheme is generated through application according to the deposit amount of the user in the agency. Although it is an offline transaction, the user's public key is paid to verify the legitimacy of the transaction information, and the user's private key is received to decrypt the offline digital currency. The amount of offline digital currency is compared with the transaction amount. However, it is worth noting that in addition to the validity period of the digital certificate, the offline digital currency issued by the agency to users also has a certain validity period, during which users can use the offline digital currency; If it exceeds the validity period, the terminal needs to re-apply for offline digital currency to the agent delivery equipment. In the embodiment of the application, the payment terminal can also verify whether the offline digital currency used by the paying user for payment is within the validity period, so as to determine whether the paying user can use the offline digital currency for payment.
From the above description, in the view of mobile payment network, the "double offline" payment described in this patent may not be the "hardware wallet" scheme adopted by digital RMB at present, but more like a "soft" scheme based on digital RMB wallet account, and its currency string is not really stored locally in the hardware wallet. Therefore, the key problem of this scheme is that before the next online synchronization, offline payment digital currency can only be "frozen" and cannot be traded again.
Digital currency double offline payment method and payment system
Tianyi Electronic Commerce Co., Ltd. is a wholly-owned subsidiary of China Telecom. It is an important part of internet finance and financial technology, and it is also a third-party payment institution approved by the central bank. In August, 2020, an invention patent named "digital currency Double Offline Payment Method and Payment System" was applied.
The patent provides a dual offline payment method and a digital currency payment system, wherein the dual offline payment method comprises the following steps: establishing an alliance blockchain between commercial banks and/or third-party payment institutions; Digital currency offline trading users apply for digital currency deposits from the equipment end of commercial banks through the equipment end; When a double offline transaction occurs, both parties are offline, and the security domain of the receiving and paying parties' devices conducts offline transactions through handshake protocol, and signs and authenticates the transaction results; When one of the two parties touches the net, it initiates online settlement to the equipment end of the commercial bank/third-party payment institution.
In terms of implementation, dual offline payment is still a process in which the payer and the receiver complete transaction verification through encryption and decryption of digital certificates and public and private keys, and it is a process in which the payment equipment side synchronizes the transaction results and realizes settlement after networking with the equipment side system of commercial banks.
The biggest difference between this patent and the previous one is that it has established an alliance blockchain between commercial banks and third-party payment institutions, which is supervised by the equipment side of the central bank. As a blockchain node with the same function as the commercial bank node and the third-party payment institution node in the alliance blockchain, the device end of the central bank holds the private key of the privacy transaction in the alliance blockchain for decrypting the privacy transaction.
The advantages are that the digital certificate mechanism based on blockchain and the security domain operation based on trusted hardware execution environment TEE ensure the security and reliability of the transaction; At the same time, the use of blockchain ensures that even if the bank account system is attacked, the transaction certificate service can still be trusted, and malicious transactions can be identified to the greatest extent, and the whole transaction process is safe and credible.
However, from the description of the patent, the patent also adopts the operation of freezing the funds in the original account, that is, before offline payment, the device side deposits a certain amount of digital currency from its own fund account and deposits it in its own device security domain, while the device side of the commercial bank freezes the digital currency in the user's fund account accordingly. When the off-line payment is completed, when the equipment ends of the payer and the payee are online, the transaction license certificate and the off-line transaction result are sent to the equipment end of the commercial bank, and the equipment end of the commercial bank performs clearing and settlement operation on the user's fund account according to the transaction state data in the transaction result, and unfreezes the funds frozen in the user's fund account when the clearing and settlement are completed.
Therefore, under this premise, we don't know whether digital currency under offline payment can make a second transfer before it is settled.
label
Judging from several major patents at present, the basic realization of dual offline payment of digital RMB has jumped to the fore, but many technical details are not clear enough, especially the secondary circulation of digital currency under the "offline state".
A long time ago, we discussed the possible form of central bank digital currency. Is it based on account or token? Is it UTXO or balance model? (Link: Account number or token? UTXO or balance model? Now, DCEP answer to this question is relatively clear. Generally speaking, digital RMB must be based on the account system, but how to solve the problems existing in the account system under dual offline payment needs to be observed.