Today’s recommendation | Detailed explanation of digital renminbi hardware wallet and dual offline payment


 109 total views

Author: She Yunfeng

Original title: “Explain the “hardware wallet” and “dual offline payment” of digital renminbi”

On October 30, at the domestic press conference of Huawei’s Mate 40 series mobile phones, Huawei’s consumer business CEO Yu Chengdong announced that the Mate 40 series mobile phones support the “Digital RMB Hardware Wallet” function in accordance with the unified standards of the People’s Bank of China Digital Currency Research Institute. This is the first domestic smartphone that supports digital RMB hardware wallets.

Judging from the currently known pilot information, digital renminbi has two forms: software wallet and hardware wallet. The software wallet is the “digital renminbi” wallet that was experienced in previous activities and exists in the form of a mobile app; the hardware wallet is based on the “chip “Wallets that exist in the form of smart cards, mobile eSE, etc.

Therefore, it is certain that for consumers, in addition to being able to exchange and use digital renminbi through mobile apps in the future, digital renminbi can also be used in the form of the above hardware wallets. However, as the R&D and application of digital renminbi are constantly updated and developed, the following descriptions are only extrapolated based on current market conditions and patent descriptions, and do not represent the final specific form of digital renminbi, and are for your reference only.

About “Digital Currency Chip Card”

The mobile payment network summarizes the hardware wallet as a “digital currency chip card” (hereinafter, “digital currency” refers to the central bank’s digital currency, that is, the digital renminbi) based on its recent understanding of industry participants and the patent details previously announced by the central bank. Currency chip cards can specifically include five forms: visual Bluetooth IC cards, IC cards, mobile eSE cards, mobile SD cards, and mobile SIM cards.

The above divisions are summarized in a series of patents such as the central bank “Method and System for Offline Payment Using Digital Currency Chip Cards”. Therefore, in the view of mobile payment networks, the form of hardware wallet means that the carrier carrying digital currency is a physical device that is different from software, whether it is a smart card chip or a mobile phone chip.

Judging from the above-mentioned five forms, visible Bluetooth IC cards and IC cards are mainly smart card forms, while mobile eSE cards, mobile SD cards, and mobile SIM cards are mobile phones.

A visual Bluetooth card generally refers to a smart card that has a screen that displays information such as transaction amount and balance, and interacts with the smart phone through Bluetooth or other methods, and can cooperate with the mobile phone App for query and account information synchronization. IC cards include ordinary smart cards, ultra-thin cards and other forms. They have no active interaction capabilities and need to interact with the receiving terminal before they can be used.

今日推荐 | 详解数字人民币的硬件钱包和双离线支付 An institution is testing a digital RMB visual card

Mobile phone eSE card, mobile phone SD card, and mobile phone SIM card usually refer to a solution based on three different modes of NFC, such as the full terminal of the mobile phone, NFC-SD, and NFC-SIM card. The security information is stored in different SE chips, and then passed The mobile phone uses NFC to interact with the receiving terminal. Of course, it may also interact through Bluetooth or other methods.

The hardware wallet supported by Huawei Mate 40 series mobile phones is the aforementioned mobile phone eSE form.

About the transfer and liquidation of funds

The central bank’s digital currency system includes one currency, two banks, and three centers. The digital currency registration center needs to verify the legality of the transaction digital currency, record the transaction flow, correct the new owner of the corresponding digital currency, and register other required information.

The two libraries refer to the central bank’s digital currency issuing library and the digital currency commercial bank library. Commercial banks pay an equal amount of reserve funds to the central bank in exchange for digital currency to be stored in the commercial bank library and recorded in the central bank’s registration center.

When a user opens a digital currency wallet and exchanges a certain amount of digital currency from a commercial bank deposit account, the commercial bank first needs to check whether there is enough digital currency in the digital currency bank library, and provide users with deposits if sufficient The operation of exchanging digital currency. After the commercial bank feeds back the operational information to the central bank, the central bank registration center records the transaction and changes the corresponding digital currency owner from the commercial bank to the user.

When the digital currency in the wallet is used for transactions, taking the carrier as a “digital chip card” as an example, first enter the transaction amount on the acceptance terminal, and the user takes out the card to interact with the acceptance terminal in a non-contact manner, and then obtains the transaction Based on the amount, the transaction information is sent to the acceptance terminal (the transaction information includes the digital chip card information and the digital currency equivalent to the transaction amount).

今日推荐 | 详解数字人民币的硬件钱包和双离线支付

Subsequently, the receiving terminal establishes a network connection with the digital currency system of the commercial bank, and the terminal sends the transaction information to the digital currency system of the commercial bank. After receiving the transaction information, the digital currency system of the commercial bank sends a request to change the owner to the digital currency system of the central bank. After the central bank digital currency system receives the owner change request, it changes the owner of the digital currency to the merchant code corresponding to the terminal device.

The above is the basic flow of central bank digital currency in the transaction process learned through patents. In fact, this method of “changing the owner of digital currency” is similar to the form of cash transactions, which is the Token-based UTXO model we discussed earlier. But at the same time, they are also facing the problems of “currency value” and “change”. However, in the previous pilot digital RMB red envelope experience, we did not find this problem, so we can conclude that the central bank’s previous test did not fully adopt the UTXO model, or the central bank’s original “currency value” and “change” The problem is optimized so that users do not perceive it. Regarding this issue, we will discuss it in detail below.

Regardless of the basic circulation path of digital currency, there is a problem involved in this. If the digital currency wallet account opened by the merchant and the user’s digital currency wallet account are not an operating institution, what about the fund flow behind? For example, user A uses a digital currency wallet opened in the Bank of China and exchanges 100 yuan from an ICBC personal bank account to deposit it, and then pays to merchant B through the digital wallet, and the digital wallet that merchant B receives is opened at ICBC , And was exchanged back to B’s personal bank account in ICBC.

Then the specific capital flow may be that Bank of China first confirms the fund inventory in its digital currency bank library, and after reporting the information to the central bank registration center, the central bank changes the owner of the 100 yuan digital currency from the Bank of China Capital Library to user A; user A will When 100 yuan is paid to B, ICBC, the operator of B’s wallet, first confirms its digital currency bank treasury inventory and feeds back information to the central bank registration center. The registration center changes the owner of the 100 yuan digital currency from user A to user B. B When depositing 100 yuan into an ICBC bank account, ICBC feedbacks information to the central bank registration center, and then the central bank cancels and records the 100 yuan digital currency from the ICBC digital currency bank library, and restores ICBC’s 100 yuan digital currency exchange quota.

Due to the cross-bank circulation of digital currencies, there will naturally be “clearing” issues. Judging from the current information, mobile payment networks speculate that this “clearing” role is played by the central bank itself. Of course, judging from the recent signing of strategic cooperation agreements between the Central Bank’s Digital Currency Research Institute and other clearing institutions such as City Bank Clearing and Rural Credit Bank, small and medium-sized banks will not be responsible for exchange operations in the future, but they must participate in the circulation of digital RMB and subsequent capital Circulation may require these clearing institutions to achieve interconnection capabilities.

About dual offline payment?

We have exemplified the payment process of the digital chip card above, but in fact it is only based on the single offline payment under the networked state of the accepting terminal. The accepting terminal needs to interact with the digital currency system of the commercial bank before it can feed back to the central bank and change the digital currency. Owner.

So when the acceptance terminal and the payment device are both offline, how to solve it?

In fact, the entire transaction process has not undergone essential changes, but the networking process has been appropriately delayed. According to the patent, the offline payment defined in the digital renminbi system refers to near-field payment, during which the receiver needs to confirm the payment online afterwards.

Similar to the transaction process above, the receiving terminal accepting the digital currency can verify the authenticity of the received digital currency through the form of “plug-in” and verify the identity of the user, but it cannot verify whether it has made repeated payments. “Flower” problem, so you must wait for it to be verified after going online.

According to the patent description, the design idea is that the digital currency that requires repeated payment verification is marked as “Pending Repeat Payment Verification” in the client e-wallet program (such as POS machine). Once the POS machine is connected to the network, it will automatically send it to the digital currency system. Repeat payment verification application. The digital currency system receives the verification application to perform corresponding operations, supplements the transaction flow in the registration center, and updates the owner of the digital currency.

In other words, after the dual offline payment, the transaction funds “to be verified for repeated payments” cannot be circulated to the market before online verification. For example, A transfers 100 yuan to B through digital RMB dual offline payment. Although B receives 100 yuan of transaction information, the 100 yuan will be marked as “Pending Repeat Payment Verification” and cannot be spent by B again , You can only resume use after the verification is completed on the Internet.

However, according to an industry insider, the secondary transfer in offline state is also possible, and at least local verification must be passed without network verification, so that the secondary transfer can also be achieved. However, it is still unclear how the application of digital renminbi will be realized.

Based on the above information, the mobile payment network infers that there will be many restrictions on the “dual offline” payment of digital RMB.

The first is that both parties to the dual offline payment transaction must be hardware wallets, and the SE security chip must be built-in to achieve a certain level of security encryption. Hardware wallets include smart cards and mobile phones. They are not necessarily used for dual offline payment, but as long as it is dual offline payment, it must be a hardware wallet.

Secondly, since dual offline payment requires a built-in SE, the accepting terminal must also be modified accordingly. According to the mobile payment network, in the previous digital renminbi online payment trial, the acceptance terminal only needs to be supported by software upgrades.

Finally, from the current point of view, dual offline payment only supports NFC form of interaction, but it does not rule out other solutions.

In addition, according to a person who participated in the internal test of the mobile payment network, the “dual offline” payment will have corresponding “offline transaction time” and “offline transaction times” restrictions. According to the dual offline payment in the NFC-SIM card mode of the internal test, the time limit for offline transactions is 24 hours, and the number of transactions is 10 times. In addition, according to the patent, it is possible to set the dual offline payment as a small payment, such as less than 1,000 yuan, and set it in a range acceptable to individual users.

At the same time, a post-event accountability mechanism must be adopted to record bad records into the credit investigation system for punishment. If the system determines that the hardware wallet has counterfeit coins or double spends during the currency verification process after networking, the wallet can be blacklisted, the wallet status can be set to disabled status, and the hard wallet media can be disabled through emergency processing.

About currency value and change issues

Above we talked about the capital flow and ownership change of the digital renminbi. This will face the problems of “currency” and “change”. In fact, the central bank also has related descriptions in the patent.

The digital renminbi is established and issued into circulation by the People’s Bank of China as legal tender, and the People’s Bank of China is the ultimate lender to provide guarantees to participate in the exchange, exchange and consumption within the national standard framework. It is a string of codes that has the same currency meaning as the “face value” in actual circulation. Digital currency simulates the issuance and management process of paper currency in the central bank, and generates digital currency in the digital currency issuance library according to the central bank’s current digital currency issuance.

In the digital currency system design, the currency value can be generated according to the minimum unit denomination, according to the user’s specific withdrawal amount, or according to the actual currency denomination in circulation. The specific method can be generated by the system parameters in the initial process Set up. In order to get closer to reality, the patent description uniformly uses the form of “fixed denomination in circulation” to explain, that is, the digital currency in the issuance library completely simulates the denomination in circulation, and “printing” produces the digital representation of “one yuan, five dollars”. “Yuan, Shi Yuan, Two Shi Yuan, Wu Shi Yuan, One Hundred Yuan” etc., an encrypted text represents a digital currency of denomination.

The digital renminbi generated in this form will inevitably face the problem of “change”, although it can be automatically matched through software tools to optimize the best change method, and even if the merchant cannot make change, it can even connect the digital one after another. The currency system splits and exchanges the change and matches it, but it may be difficult for the user experience to reach the ideal state. Of course, it can also take the form of “currency value based on the smallest unit denomination”, that is, all currency values ​​are 1 point, which can also avoid the problem of change, but whether there will be other problems in the system and experience is unknown.

Therefore, the mobile payment network speculates that the previous Shenzhen digital RMB red envelope online payment pilot may not adopt the form of “fixed denomination” currency, or even the UTXO model, but directly adopt the Token-based account balance model. The advantage of this is that there is no problem of currency value and change, just change the balance under the corresponding wallet account directly through the digital currency system.

However, “dual offline” payment may be different. Dual offline payment faces higher security requirements, and requires “repetitive payment verification” for each offline payment. In this way, the UTXO-based model seems more Suitable for dual offline payment.


No matter what form or even multiple forms are adopted at the same time, the overall transaction process will not change much. The transaction information of the digital renminbi needs to be recorded through the digital currency registration center of the central bank. The problem is nothing more than a double-spending problem that may be caused by delayed verification.

As described in the patent, in the current case of dual offline transactions, almost all the repeated payment checks performed by electronic cash systems are delayed, that is, the repeated payment checks are performed after the payment process is completed. Therefore, it is only possible to discover and hold accountable through delayed repeated payment inspections, or to limit the form of payment rules to improve the entire process.

Of course, as the mobile Internet is becoming more and more developed today, the Internet is already ubiquitous. “Dual offline” payment will not be a normal payment method, but an indispensable supplement under certain special circumstances and special circumstances. Therefore, I also hope that the industry and the general public can take a calm look and avoid excessive exaggeration and hype.