CN103701606B - Enterprise information processing method and system on basis of bank safety certificate - Google Patents
Enterprise information processing method and system on basis of bank safety certificate Download PDFInfo
- Publication number
- CN103701606B CN103701606B CN201310726782.2A CN201310726782A CN103701606B CN 103701606 B CN103701606 B CN 103701606B CN 201310726782 A CN201310726782 A CN 201310726782A CN 103701606 B CN103701606 B CN 103701606B
- Authority
- CN
- China
- Prior art keywords
- service
- information processing
- user
- company information
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an enterprise information processing method and an enterprise information processing system on the basis of a bank safety certificate, which are applied to the technical field of safety and authentication in enterprise information processing and bank business data transmission. The method comprises the following steps that: an enterprise information processing server generates a signature page request message; a security control server establishes an SSL (Security Socket Layer) channel by an enterprise certificate medium and a bank business system and receives a returned signature page code; an enterprise information processing terminal displays a signature page; a personnel certificate medium is used for carrying out digital signing on online transaction data to be processed; the security control server sends the digital signature and the online transaction data to the bank business system, receives a returned processing result and transmits the processing result to the enterprise information processing server and the enterprise information processing terminal. According to the invention, criminals are effectively prevented from intercepting data; authenticity and non-repudiation of online transactions are ensured; both the online transactions and batch transactions are considered and security of the online transactions and the batch transactions is ensured.
Description
Technical field
The present invention relates to company information is processed and the safety in banking business data transmission, authentication techniques field, specifically,
It is related to a kind of company information processing method based on bank safety certificate and system.
Background technology
Development with network data treatment technology and the needs of business finance process, current company information processing system
System is established with banking system and is directly connected to, and enterprise easily can carry out finance and accounting processing, but in enterprise and silver
In the actual online transaction of row, simply in data transmission procedure, encryption is carried out to packet, this results in and lacks as follows
Fall into and potential safety hazard:
1)Because data is transmitted by Internet network, and the level of security encrypted is relatively low, in transmitting procedure, number
There is a possibility that to be trapped according to bag and distort, threaten business capital safety;
2)The online transaction data that banking system sends for Enterprise information processing system(As paid, transferring accounts)'s
Authenticity cannot accomplish effectively to differentiate, when Enterprise information processing system suffers from illegal invasion, offender can arbitrarily initiate
, there is potential safety hazard in false online transaction;
3)All Enterprise information processing system users of service having operating right(Hereinafter referred to as user of service)All can submit to
Online transaction instructs, and online transaction cannot position specific initiation personnel it is difficult to review after occurring.
Content of the invention
The main purpose of the embodiment of the present invention is to provide a kind of company information processing method based on bank safety certificate
And system, to solve current enterprise and safety problem present in interbank data transmission procedure.
To achieve these goals, the embodiment of the present invention provides a kind of company information process side based on bank safety certificate
Method, including:
Company information processing terminal generates online transaction request according to the online transaction order that currently used personnel input and disappears
Cease and be sent to company information processing server, described online transaction order comprises pending online transaction data;
Company information processing server generates signature page request information and sending according to described online transaction request message
To safety control server;
It is logical that described safety control server sets up SSL SSL by enterprise's credential media and banking system
Road, and described signature page request message is sent to by banking system by described SSL passage, and by described
The signature page code of SSL channel reception banking system return is simultaneously transmitted to described company information processing server;
Described company information processing server generates the signature page and is sent to described enterprise according to described signature page code
The industry information processing terminal is shown;
User of service's credential media according to described company information processing terminal show signature the page to described pending
Online transaction data is digitally signed;
Digital signature that described user of service's credential media is generated by described company information processing terminal and described wait to locate
The online transaction data of reason is sent to described safety control server;
The digital signature that described user of service's credential media is generated by described safety control server by described SSL passage
It is sent to banking system with described pending online transaction data, so that banking system is demonstrate,proved to described user of service
The digital signature that book medium generates is verified and described pending online transaction data is processed;
The result that described safety control server is returned by described SSL channel reception banking system, and will
Described result is transmitted to described company information processing server and described company information processing terminal
Accordingly, the present invention provides a kind of Enterprise information processing system based on bank safety certificate, including:Company information
Processing terminal, company information processing server, safety governor, enterprise's credential media and user of service's credential media;Wherein, institute
State company information processing server and described company information processing terminal and described safety governor are connected respectively by corporate intranet;
Described safety control server connects banking system by internet;Described enterprise credential media connects described company information
Processing server;Described user of service's credential media connects described company information processing terminal;
Described company information processing terminal is used for:
Generate online transaction request message and be sent to described enterprise according to the online transaction order of currently used personnel input
Industry netscape messaging server Netscape, described online transaction order comprises pending online transaction data;
The digital signature that generate described user of service's credential media and described pending online transaction data send
To described safety control server;
Described company information processing server is used for:
Signature page request information and sending is generated to described security control service according to described online transaction request message
Device;
Generate to sign the page and be sent to described company information processing terminal according to signature page code and shown;
Described safety control server is used for:
SSL SSL passage is set up by enterprise's credential media and banking system, and is led to by described SSL
Described signature page request message is sent to banking system by road, and by described SSL channel reception banking system
The signature page code of system return is simultaneously transmitted to described company information processing server;
The digital signature that described user of service's credential media generated by described SSL passage and described pending online
Transaction Information is sent to banking system, so that the numeral label that banking system generates to described user of service's credential media
Name is verified and described pending online transaction data is processed;
The result being returned by described SSL channel reception banking system, and described result is transmitted to
Described company information processing server and described company information processing terminal;
Described user of service's credential media is used for:
According to the signature page that described company information processing terminal shows, described pending online transaction data is carried out
Digital signature.
The present invention provides another kind of company information processing method based on bank safety certificate it is characterised in that including:
Company information processing server initiates batch affairs according to the default time, and judges the signature of described batch affairs
Grade, described batch transaction packet contains pending batch Transaction Information;
If described company information processing server judges that the signature level of described batch affairs is enterprise's certificate signature, hold
Row following steps A1~A5:
Step A1, described pending batch Transaction Information is sent to security control by described company information processing server
Server;
Step A2, described safety control server sets up SSL by enterprise's credential media and banking system
SSL passage;
Step A3, described enterprise credential media is digitally signed to described pending batch Transaction Information;
Step A4, the numeral that described enterprise credential media is generated by described safety control server by described SSL passage
Signature and described pending batch Transaction Information are sent to banking system, so that banking system is to described enterprise
The digital signature that credential media generates is verified and described pending batch Transaction Information is processed;
Step A5, described safety control server is tied by the process that described SSL channel reception banking system returns
Really, and by described result it is transmitted to described company information processing server;
If judging, the signature level of described batch affairs is user of service's certificate signature, executes following steps B1~B7:
Step B1, it is concurrent that described company information processing server generates signature page request message according to described batch affairs
Give safety control server;
Step B2, described safety control server sets up SSL by enterprise's credential media and banking system
SSL passage, and described signature page request message is sent to by banking system by described SSL passage, and pass through
The signature page code of described SSL channel reception banking system return is simultaneously transmitted to described company information processing server;
Step B3, described company information processing server generates the signature page and is sent to according to described signature page code
Company information processing terminal is shown;
Step B4, user of service's credential media is treated to described according to the signature page that described company information processing terminal shows
The batch Transaction Information processing is digitally signed;
Step B5, digital signature and institute that described user of service's credential media is generated by described company information processing terminal
State pending batch Transaction Information and be sent to described safety control server;
Step B6, described user of service's credential media is generated by described safety control server by described SSL passage
Digital signature data and described pending batch Transaction Information are sent to banking system, so that banking system is to institute
The digital signature stating the generation of user of service's credential media is verified and described pending batch Transaction Information is processed;
Step B7, described safety control server is tied by the process that described SSL channel reception banking system returns
Really, and by described result it is transmitted to described company information processing server and described company information processing terminal.
Accordingly, the present invention provides another kind of Enterprise information processing system based on bank safety certificate, including:Enterprise believes
Breath processing terminal, company information processing server, safety governor, enterprise's credential media and user of service's credential media;Wherein,
Described company information processing server connects described company information processing terminal and described security control respectively by corporate intranet
Device;Described safety control server connects banking system by internet;Described enterprise credential media connects described enterprise
Netscape messaging server Netscape;Described user of service's credential media connects described company information processing terminal;
Described company information processing server is used for:
Initiate batch affairs according to the default time, and judge the signature level of described batch affairs, described batch affairs
Comprise pending batch Transaction Information;
If judging, the signature level of described batch affairs is enterprise's certificate signature, by described pending batch number of transactions
According to being sent to safety control server;
If judging, the signature level of described batch affairs is user of service's certificate signature, is generated according to described batch affairs
Signature page request information and sending, to safety control server, generates the signature page and is sent to enterprise according to signature page code
The industry information processing terminal is shown;
Described safety control server is used for:
SSL SSL passage is set up by described enterprise credential media and banking system;
When the signature level of described batch affairs is enterprise's certificate signature, by described SSL passage, described enterprise is demonstrate,proved
The digital signature that book medium generates and described pending batch Transaction Information are sent to banking system, so that banking
The digital signature that business system generates to described enterprise credential media is verified and described pending batch Transaction Information is entered
Row is processed, the result being returned by described SSL channel reception banking system, and described result is transmitted to institute
State company information processing server;
When the signature level of described batch affairs is user of service's certificate signature, by described SSL passage by described label
Name page request message is sent to banking system, and the label returning by described SSL channel reception banking system
Name page code is simultaneously transmitted to described company information processing server, by described SSL passage, described user of service's certificate is situated between
The digital signature data that matter generates and described pending batch Transaction Information are sent to banking system, so that banking
The digital signature that system generates to described user of service's credential media is verified and to described pending batch Transaction Information
Processed, the result being returned by described SSL channel reception banking system, and described result is transmitted to
Described company information processing server and described company information processing terminal;
Described enterprise credential media is used for:
When the signature level of described batch affairs is enterprise's certificate signature, described pending batch Transaction Information is entered
Row digital signature;
Described user of service's credential media is used for:
When the signature level of described batch affairs is user of service's certificate signature, according to described company information processing terminal
The signature page of display is digitally signed to described pending batch Transaction Information;
Described company information processing terminal is used for:
When the signature level of described batch affairs is user of service's certificate signature, described user of service's credential media is given birth to
The digital signature becoming and described pending batch Transaction Information are sent to described safety control server.
By means of technique scheme, the present invention adopts Digital Certificate Security mechanism, provides two-stage signature authentication to enterprise
Means, provide digital certificate respectively to enterprise and user of service, realize the signature to online transaction and batch affairs;Signature school
Test and just carry out issued transaction by rear, effectively prevent lawless person's stealing and distorting to data in data transmission procedure;
Online transaction and specifically used personnel are bound it is ensured that the authenticity of online transaction and non repudiation, it is to avoid illegal
Online transaction data sends to banking system;Take into account online transaction and batch affairs, online transaction is processed from company information
Terminal is initiated, and needs the signature authentication by using staff credentials, and batch affairs are initiated from company information processing server, needs
By the signature authentication of enterprise's certificate, may also further require signature authentication by using staff credentials if necessary it is ensured that
Online transaction and the security of batch affairs.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, embodiment will be described below
In required use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Accompanying drawing obtains other accompanying drawings.
Fig. 1 is the block diagram of the Enterprise information processing system based on bank safety certificate that the present invention provides;
Fig. 2 is a kind of schematic flow sheet of company information processing method based on bank safety certificate that the present invention provides;
Fig. 3 be the present invention provide another kind based on the company information processing method of bank safety certificate flow process illustrate
Figure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of not making creative work
Embodiment, broadly falls into the scope of protection of the invention.
The present invention provides a kind of Enterprise information processing system based on bank safety certificate, as shown in figure 1, this system bag
Include:Company information processing terminal 11, company information processing server 12, safety governor, enterprise's credential media 14 and use people
Member's credential media 15;Wherein, company information processing server 12 connects company information processing terminal 11 respectively by corporate intranet
And safety governor;Safety control server 13 connects banking system by internet;Enterprise's credential media 14 connects enterprise
Industry netscape messaging server Netscape 12;User of service's credential media 15 connects company information processing terminal 11.
The present invention provides a kind of company information processing method based on bank safety certificate, and the method is using as shown in Figure 1
System execution, and mainly for online transaction, as shown in Fig. 2 the method comprises the following steps:
Step S201, company information processing terminal 11 generates online according to the online transaction order that currently used personnel input
Transaction request message is simultaneously sent to company information processing server 12, and online transaction order comprises pending online transaction number
According to;
Step S202, company information processing server 12 generates signature page request message according to online transaction request message
And it is sent to safety control server 13;
Step S203, safety control server 13 sets up SSL by enterprise's credential media 14 and banking system
(Secure Sockets Layer, SSL)Passage, and by SSL passage, page request message of signing is sent to
Banking system, and pass through the signature page code of SSL channel reception banking system return and be transmitted to enterprise's letter
Breath processing server 12;
Step S204, company information processing server 12 generates the signature page and is sent to enterprise according to signature page code
The information processing terminal 11 is shown;
Step S205, user of service's credential media 15 treats place according to the signature page that company information processing terminal 11 shows
The online transaction data of reason is digitally signed;
Step S206, the digital signature that user of service's credential media 15 is generated by company information processing terminal 11 and wait to locate
The online transaction data of reason is sent to safety control server 13;
Step S207, safety control server 13 passes through the numeral label that user of service's credential media 15 is generated by SSL passage
Name and pending online transaction data are sent to banking system, so that banking system is to user of service's credential media
The digital signature of 15 generations is verified and pending online transaction data is processed;
Step S208, safety control server 13 passes through the result that SSL channel reception banking system returns, and
Result is transmitted to company information processing server 12 and company information processing terminal 11.
The present invention is based on digital certificate mechanism, provides enterprise's certificate and user of service's card respectively to enterprise and user of service
Book, two parts certificate has the function of signature authentication, encryption and decryption.When processing online transaction, enterprise's certificate is used for identifying enterprise's body
Part, realization is shaken hands with bank, sets up SSL passage, basically ensure that the security of online transaction transmission;User of service demonstrate,proves
Book is used for carrying out signature authentication to online transaction, online transaction and specifically used personnel is bound it is ensured that online transaction number
According to authenticity and non repudiation.
Enterprise's certificate and user of service's certificate are signed and issued by bank, therebetween and there is corresponding, subordinate relation, an enterprise
Industry certificate can correspond to multiple user of service's certificates, and its corresponding relation is recorded and stored by bank end.Enterprise's certificate and user of service
Certificate is stored by enterprise's credential media and user of service's credential media respectively, and each certificate has a unique certificate ID
Code, with holder(Enterprise or user of service)Binding.Enterprise's credential media is positioned over safety control server by enterprise, keeps
It is connected with safety control server;User of service's credential media is uniquely held by affiliated user of service, as this user of service
Identity in online transaction.
Enterprise's credential media is similar with USB flash disk with user of service's credential media profile, and medium built-in chip is stored with for knowing
The digital certificate of other holder's identity.The form of certificate follows ITUT X.509 international standard, comprises herein below:The version of certificate
This information;The id number of certificate;The PIN of certificate(Personal Identification Number, PIN);Certificate
The signature algorithm being used;Issuer's title of certificate;The term of validity of certificate;The title of holder of certificate;Holder of certificate
Public-key cryptography;The signature to certificate for the certificate issuers;The private key of holder of certificate(Private key can not from medium quilt
Derive).
The digital certificate signature technology utilizing in the present invention and digital certificate signature validation technology are current ecommerce industry
The accurate digital certificate signature technology of boundary mark and digital certificate signature technical identification technology, this technology ensure that online in transmit process
Transaction information cannot be trapped and distort, and only signature verification just carries out Transaction Processing by rear.
In the present invention, safety control server using setting up SSL passage between enterprise's certificate and banking system, from
And be that company information processing server provides the network trading with enterprise identity discriminating and security feature with banking system
Environment, by using enterprise's certificate, the present invention basically ensure that the security of information transfer between bank and enterprise, effectively anti-
Stop lawless person's stealing and distorting to data in data transmission procedure, further, by using user of service's certificate,
The present invention is bound online transaction and specifically used personnel it is ensured that the authenticity of online transaction and non repudiation, it is to avoid
Illegal online transaction data sends to banking system.
In a kind of preferred embodiment, user of service's credential media 15 basis in step S205 of the method shown in Fig. 2
Before the signature page of company information processing terminal 11 display is digitally signed to pending online transaction data, also wrap
Include:
Step S205_1, company information processing terminal 11 obtains id number and user of service's certificate of currently used personnel
The built-in id number of medium 15;And according to the corresponding pass between default user of service's id number and user of service's certificate id number
System, judges whether the id number id number built-in with user of service's credential media 15 of currently used personnel be corresponding, if it is not, then end
Only current online transaction.
The effect of above-mentioned steps is added to be to ensure that the use people of user of service and its current application in flow process shown in Fig. 2
Corresponding relation between member's certificate is legal, that is, ensure that the current user of service logging in Enterprise information processing system believes with being connected enterprise
Corresponding relation between the user of service of breath processing terminal is consistent with the corresponding relation of bank's end record, if inconsistent, says
Bright user of service not corresponding with user of service's certificate it is impossible to reaching the purpose reviewing online transaction operating personnel and existing illegal
The danger of operation online transaction, is now accomplished by terminating current online transaction.
In another kind of preferred embodiment, in step S205_1, company information processing terminal 11 judges currently used personnel
The id number id number built-in with user of service's credential media 15 corresponding after, also include:
Step S205_2, company information processing terminal 11 obtains the PIN PIN of currently used personnel's input and turns
Issue user of service's credential media 15;User of service's credential media 15 judges that the PIN of currently used personnel's input uses people with this
Whether the built-in PIN of member's credential media 15 is consistent, if it is not, then terminating current online transaction.
The premise that just can be known based on the user of service belonging to the built-in PIN of user of service's credential media only its, in Fig. 2
Add in shown flow process above-mentioned steps effect be the current user of service logging in Enterprise information processing system be connected enterprise
In the case that corresponding relation between the user of service of the industry information processing terminal is consistent with the corresponding relation of bank end record, enter
One step guarantees user of service's having and using being legal effective to user of service's certificate, using this step, even if juridical-person
The login account that member usurps certain legal user of service logs in Enterprise information processing system, and usurps corresponding user of service's certificate and enter
Row online transaction operates, then as long as it is unaware of the built-in PIN of this user of service's credential media, also cannot be successfully completed connection
Machine transaction operation.Therefore, if the PIN of the currently used personnel input PIN built-in with user of service's credential media is inconsistent, will
Terminate current online transaction.
The present invention provides another kind of company information processing method based on bank safety certificate, and the method is using as Fig. 1 institute
The system execution shown, and mainly for batch affairs, as shown in figure 3, the method comprises the following steps:
Step S300, company information processing server 12 initiates batch affairs according to the default time.
Step S301, company information processing server 12 judges the signature level of batch affairs, and batch transaction packet contains to be waited to locate
The batch Transaction Information of reason;If company information processing server 12 judges that the signature level of batch affairs is enterprise's certificate signature,
Then execute following steps S302~S306;If judging, the signature level of batch affairs is user of service's certificate signature, execute with
Lower step S307~S313.
Step S302, pending batch Transaction Information is sent to security control service by company information processing server 12
Device 13.
Step S303, safety control server 13 sets up SSL passage by enterprise's credential media 14 and banking system.
Step S304, enterprise's credential media 14 is digitally signed to pending batch Transaction Information.
Step S305, safety control server 13 pass through digital signature that enterprise's credential media 14 generates by SSL passage with
And pending batch Transaction Information is sent to banking system, so that banking system generates to enterprise's credential media 14
Digital signature verified and pending batch Transaction Information processed.
Step S306, safety control server 13 passes through the result that SSL channel reception banking system returns, and
Result is transmitted to company information processing server 12, terminates batch issued transaction.
Step S307, company information processing server 12 generates signature page request information and sending according to batch affairs and gives
Safety control server 13.
Step S308, safety control server 13 sets up safe socket by enterprise's credential media 14 and banking system
Layer SSL passage, and page request message of signing is sent to by banking system by SSL passage, and pass through SSL passage
Receive the signature page code of banking system return and be transmitted to company information processing server 12.
Step S309, company information processing server 12 generates the signature page and is sent to enterprise according to signature page code
The information processing terminal 11 is shown.
Step S310, user of service's credential media 15 treats place according to the signature page that company information processing terminal 11 shows
The batch Transaction Information of reason is digitally signed.
Step S311, the digital signature that user of service's credential media 15 is generated by company information processing terminal 11 and wait to locate
The batch Transaction Information of reason is sent to safety control server 13.
Step S312, safety control server 13 passes through the numeral label that user of service's credential media 15 is generated by SSL passage
Name data and pending batch Transaction Information are sent to banking system, so that banking system is to user of service's certificate
The digital signature that medium 15 generates is verified and pending batch Transaction Information is processed.
Step S313, safety control server 13 passes through the result that SSL channel reception banking system returns, and
Result is transmitted to company information processing server 12 and company information processing terminal 11, terminates batch issued transaction.
The present invention provides two kinds for the treatment of mechanisms to batch affairs, and one kind only needs to enterprise's certificate signature certification, separately
One kind be then set up SSL passage using enterprise's certificate on the basis of in addition it is also necessary to user of service's certificate signature certification.In the first machine
In system, enterprise's certificate is except for identifying enterprise identity, setting up SSL and leading between assistance safety control server and banking system
Outside road, it is additionally operable to carry out signature authentication to the batch affairs that company information processing server automatically initiates it is ensured that batch affairs
Just can be smoothed out automatically processing without using authorizing personnel.In mechanism in second, enterprise's certificate is used for identifying enterprise's body
Part, assist to set up SSL passage between safety control server and banking system, basically ensure that batch business transmission
Security, and user of service's certificate is used for carrying out signature authentication to batch affairs, and batch affairs are carried out with specifically used personnel
Binding, it is ensured that the authenticity of batch Transaction Information and non repudiation, further increases the level of security of batch issued transaction.
In a kind of preferred embodiment, user of service's credential media 15 basis in step S310 of the method shown in Fig. 3
The signature page of described company information processing terminal 11 display is digitally signed it to described pending batch Transaction Information
Before, also include:
Step S310_1, described company information processing terminal 11 obtains the id number of currently used personnel and described use
The built-in id number of staff credentials' medium 15;According between default user of service's id number and user of service's certificate id number
Corresponding relation, judges whether the id number id number built-in with described user of service's credential media 15 of currently used personnel be right
Should, if it is not, then terminating current batch affairs.
The effect of above-mentioned steps is added to be to ensure that the use people of user of service and its current application in flow process shown in Fig. 3
Corresponding relation between member's certificate is legal, that is, ensure that the current user of service logging in Enterprise information processing system believes with being connected enterprise
Corresponding relation between the user of service of breath processing terminal is consistent with the corresponding relation of bank's end record, if inconsistent, says
Bright user of service not corresponding with user of service's certificate it is impossible to reaching the purpose reviewing batch transaction operation personnel and existing illegal
The danger of operation batch affairs, is now accomplished by terminating current batch affairs.
In another kind of preferred embodiment, in step S310_1, company information processing terminal 11 judges currently used personnel
The id number id number built-in with described user of service's credential media 15 corresponding after, also include:
Step S310_2, described company information processing terminal 11 obtains the PIN PIN of currently used personnel's input
And it is transmitted to described user of service's credential media 15;Described user of service's credential media 15 judges the institute of currently used personnel's input
Whether consistent state the PIN PIN built-in with this user of service's credential media 15, if it is not, then terminating current batch affairs.
The premise that just can be known based on the user of service belonging to the built-in PIN of user of service's credential media only its, in Fig. 2
Add in shown flow process above-mentioned steps effect be the current user of service logging in Enterprise information processing system be connected enterprise
In the case that corresponding relation between the user of service of the industry information processing terminal is consistent with the corresponding relation of bank end record, enter
One step guarantees user of service's having and using being legal effective to user of service's certificate, using this step, even if juridical-person
The login account that member usurps certain legal user of service logs in Enterprise information processing system, and usurps corresponding user of service's certificate and enter
Row batch transaction operation, then as long as it is unaware of the built-in PIN of this user of service's credential media, also cannot be successfully completed and criticize
Amount transaction operation.Therefore, if the PIN of the currently used personnel input PIN built-in with user of service's credential media is inconsistent, will
Terminate current batch affairs.
The present invention adopts Digital Certificate Security mechanism, provides two-stage signature authentication means to enterprise, that is, to enterprise and use
Personnel provide digital certificate respectively, realize the signature to online transaction and batch affairs;Signature check just carries out affairs by rear
Process, effectively prevent lawless person's stealing and distorting to data in data transmission procedure;By online transaction with specifically make
Bound it is ensured that the authenticity of online transaction and non repudiation with personnel, it is to avoid illegal online transaction data send to
Banking system;Take into account online transaction and batch affairs, online transaction is initiated from company information processing terminal, need by making
With the signature authentication of staff credentials, batch affairs are initiated from company information processing server, need the signature by enterprise's certificate
Certification, may also further require signature authentication by using staff credentials if necessary it is ensured that online transaction and batch affairs
Security.
Embodiment one
The company information processing method based on bank safety certificate being provided based on the present invention, the present embodiment provides a kind of connection
The idiographic flow of machine issued transaction, comprises the steps:
S401:User of service logs in company information processing terminal and inputs online transaction order, company information processing terminal
Generate online transaction request message and be sent to company information processing server, wherein, online transaction order comprises pending
Online transaction data.
S402:Company information processing server generates online transaction mark according to online transaction request message(Including online
Transaction code, version information etc.), and be assemblied into signature page request message on deliver to safety control server.
S403:Safety control server uses enterprise's certificate to initiate SSL handshake request to banking system.
S404:Banking system receives handshake request, verifies enterprise identity, sets up SSL with safety control server and leads to
Road.
S405:Banking system generates and signs according to the online transaction code in signature page request message, version information
Name key element;Signature control, endorsement method are generated according to enterprise's certificate type, certificate serial number;According to signature key element, signature control,
Endorsement method generates signature page code, returns signature page code by SSL escape way.
S406:Company information processing server parses the signature page according to signature page code.
S407:The page of signing is shown to user of service by company information processing terminal by company information processing server,
And point out user of service that user of service's credential media is inserted the connectivity port of company information processing terminal.
S408:Company information processing terminal verifies the id number of currently used personnel(Log in enterprise's letter for user of service
Breath processing system)And whether the built-in id number of user of service's credential media of being currently inserted into corresponds to, if so, then continue next
Step, if it is not, then terminate current online transaction.
S409:Company information processing terminal prompting user of service's input PIN code, the CSP journey in user of service's credential media
The PIN code whether PIN code of sequence verification currently used personnel input is built-in with user of service's credential media is consistent, if so, then continues
Continuous next step is processed, if it is not, then terminating current online transaction.
S410:User of service's credential media carries out numeral label using digital certificate to currently pending online transaction data
, its process is:The endorsement method comprising first with the signature page(As RSA signature, Hash signature)Obtain digital signature, so
Using user of service's certificate private key, digital signature is encrypted afterwards, and the digital signature after encryption is attached to pending connection
After machine Transaction Information.
S411:Digital signature that user of service's credential media is generated by company information processing terminal and pending online
Transaction Information sends to company information processing server, is sent to bank by safety control server by SSL passage further
Operation system.
S412:Banking system receives the digital signature of user of service's credential media generation and pending online
Transaction Information, tests the digital signature to user of service's certificates constructing and verifies, and its process is:Open using corresponding user of service
Key is decrypted to digital signature, obtains the plaintext of digital signature;Using the plaintext obtaining and identical endorsement method again
Calculate digital signature, and contrasted with the digital signature after deciphering, if two digital signature are identicals, sign test is passed through.
S413:Banking system is processed to online transaction, and result is returned to safety by SSL passage
Control server, and be further forwarded to company information processing server and company information processing terminal, Transaction Processing is tied
Bundle.
Embodiment two
The company information processing method based on bank safety certificate being provided based on the present invention, the present embodiment provides a kind of batch
The idiographic flow of amount issued transaction, comprises the steps:
S501:Company information processing server initiates batch affairs according to the default time.
S502:Judge the signature level of described batch affairs, if judged result is enterprise's certificate signature, execution S503~
S506, if judged result is user of service's certificate signature, executes S507~S515.
S503:Described pending batch Transaction Information is sent to security control service by company information processing server
Device, safety control server sets up SSL passage by enterprise's credential media and banking system.
S504:Enterprise's credential media is digitally signed to described pending batch Transaction Information.
S505:The digital signature that described enterprise credential media is generated by safety control server by described SSL passage with
And described pending batch Transaction Information is sent to banking system, so that banking system is situated between to described enterprise certificate
The digital signature that matter generates is verified and described pending batch Transaction Information is processed.
S506:The result that safety control server is returned by described SSL channel reception banking system, and will
Described result is transmitted to described company information processing server, batch end of transaction.
S507:Company information processing server generates signature page request information and sending to peace according to described batch affairs
Full control server.
S508:Safety control server sets up SSL passage by enterprise's credential media and banking system, and passes through
Described signature page request message is sent to banking system by described SSL passage, and by described SSL channel reception silver
The signature page code of row operation system return is simultaneously transmitted to described company information processing server.
S509:Company information processing server generates the signature page according to described signature page code and is sent to enterprise's letter
Breath processing terminal is shown, and points out user of service that user of service's credential media is inserted the connection of company information processing terminal
Port.
S510:Company information processing terminal verifies the id number of currently used personnel(Log in enterprise's letter for user of service
Breath processing system)And whether the built-in id number of user of service's credential media of being currently inserted into corresponds to, if so, then continue next
Step, if it is not, then terminate current batch affairs.
S511:Company information processing terminal prompting user of service's input PIN code, the CSP journey in user of service's credential media
The PIN code whether PIN code of sequence verification currently used personnel input is built-in with user of service's credential media is consistent, if so, then continues
Continuous next step is processed, if it is not, then terminating current batch affairs.
S512:User of service's credential media is waited to locate to described according to the signature page that described company information processing terminal shows
The batch Transaction Information of reason is digitally signed.
S513:Digital signature that described user of service's credential media is generated by company information processing terminal and described wait to locate
The batch Transaction Information of reason is sent to described safety control server.
S514:Safety control server passes through the numeral label that described user of service's credential media is generated by described SSL passage
Name data and described pending batch Transaction Information are sent to banking system, so that banking system is to described use
The digital signature that staff credentials' medium generates is verified and described pending batch Transaction Information is processed;
S515:The result that safety control server is returned by described SSL channel reception banking system, and will
Described result is transmitted to described company information processing server and described company information processing terminal, and batch issued transaction is tied
Bundle.
Particular embodiments described above, has carried out detailed further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail bright, be should be understood that the specific embodiment that the foregoing is only the present invention, the guarantor being not intended to limit the present invention
Shield scope, all any modification, equivalent substitution and improvement within the spirit and principles in the present invention, done etc., should be included in this
Within the protection domain of invention.
Claims (12)
1. a kind of company information processing method based on bank safety certificate is it is characterised in that include:
Company information processing terminal generates online transaction request message simultaneously according to the online transaction order that currently used personnel input
It is sent to company information processing server, described online transaction order comprises pending online transaction data;
Company information processing server generates signature page request information and sending to peace according to described online transaction request message
Full control server;
Described safety control server sets up SSL SSL passage by enterprise's credential media and banking system, and
And described signature page request message is sent to by banking system by described SSL passage, and pass through described SSL passage
Receive the signature page code of banking system return and be transmitted to described company information processing server;
Described company information processing server generates the signature page according to described signature page code and is sent to described enterprise letter
Breath processing terminal is shown;
The id number of the described company information processing terminal currently used personnel of acquisition and described user of service's credential media are built-in
Id number;According to the corresponding relation between default user of service's id number and user of service's certificate id number, judge current
Whether the id number of the user of service id number built-in with described user of service's credential media be corresponding;
When the id number of the described currently used personnel id number built-in with described user of service's credential media to corresponding when using people
Member's credential media enters to described pending online transaction data according to the signature page that described company information processing terminal shows
Row digital signature;
Digital signature that described user of service's credential media is generated by described company information processing terminal and described pending
Online transaction data is sent to described safety control server;
Digital signature and institute that described user of service's credential media is generated by described safety control server by described SSL passage
State pending online transaction data and be sent to banking system, so that banking system is situated between to described user of service's certificate
The digital signature that matter generates is verified and described pending online transaction data is processed;
The result that described safety control server is returned by described SSL channel reception banking system, and will be described
Result is transmitted to described company information processing server and described company information processing terminal.
2. method according to claim 1 is it is characterised in that methods described also includes:
When the id number of the described currently used personnel id number built-in with described user of service's credential media not to corresponding when terminate
Current online transaction.
3. method according to claim 2 is it is characterised in that described company information processing terminal judges currently used personnel
The id number id number built-in with described user of service's credential media corresponding after, also include:
Described company information processing terminal obtains the PIN PIN of currently used personnel's input and is transmitted to described use people
Member's credential media;
Described user of service's credential media judges that the described PIN of currently used personnel's input is built-in with this user of service's credential media
PIN whether consistent, if it is not, then terminating current online transaction.
4. a kind of Enterprise information processing system based on bank safety certificate is it is characterised in that include:Company information is processed eventually
End, company information processing server, safety governor, enterprise's credential media and user of service's credential media;Wherein, described enterprise
Netscape messaging server Netscape connects described company information processing terminal and described safety governor respectively by corporate intranet;Described peace
Full control server connects banking system by internet;Described enterprise credential media connects described company information and processes clothes
Business device;Described user of service's credential media connects described company information processing terminal;
Described company information processing terminal is used for:
Online transaction request message is generated according to the online transaction order of currently used personnel input and is sent to described enterprise letter
Breath processing server, described online transaction order comprises pending online transaction data;
The digital signature that generate described user of service's credential media and described pending online transaction data are sent to institute
State safety control server;
Described company information processing server is used for:
Signature page request information and sending is generated to described safety control server according to described online transaction request message;
Generate to sign the page and be sent to described company information processing terminal according to signature page code and shown;
Described safety control server is used for:
SSL SSL passage is set up by enterprise's credential media and banking system, and will by described SSL passage
Described signature page request message is sent to banking system, and is returned by described SSL channel reception banking system
Return signature page code and be transmitted to described company information processing server;
The digital signature described user of service's credential media being generated by described SSL passage and described pending online transaction
Data is activation is to banking system, so that the digital signature that banking system generates to described user of service's credential media is entered
Row verifies and described pending online transaction data is processed;
The result being returned by described SSL channel reception banking system, and described result is transmitted to described
Company information processing server and described company information processing terminal;
Described company information processing terminal is additionally operable to:Obtain the id number of currently used personnel and described user of service's certificate is situated between
The built-in id number of matter, and according to the corresponding relation between default user of service's id number and user of service's certificate id number,
Judge whether the id number id number built-in with described user of service's credential media of currently used personnel be corresponding;
Described user of service's credential media is used for:
When the id number of the described currently used personnel id number built-in with described user of service's credential media to corresponding when according to institute
State the signature page that company information processing terminal shows described pending online transaction data is digitally signed.
5. system according to claim 4 is it is characterised in that described company information processing terminal is additionally operable to:Work as when described
The id number of the front user of service id number built-in with described user of service's credential media not to corresponding when terminate current online thing
Business.
6. system according to claim 5 is it is characterised in that described company information processing terminal is additionally operable to:Judging to work as
After the id number of the front user of service id number built-in with described user of service's credential media is corresponding, obtain currently used personnel
The PIN PIN of input is simultaneously transmitted to described user of service's credential media;
Described user of service's credential media is additionally operable to:Judge described PIN and this user of service's certificate of currently used personnel's input
Whether the built-in PIN of medium is consistent, if it is not, then terminating current online transaction.
7. a kind of company information processing method based on bank safety certificate is it is characterised in that include:
Company information processing server initiates batch affairs according to the default time, and judge the signature of described batch affairs etc.
Level, described batch transaction packet contains pending batch Transaction Information;
If described company information processing server judges that the signature level of described batch affairs is enterprise's certificate signature, execute with
Lower step A1~A5:
Step A1, described pending batch Transaction Information is sent to security control service by described company information processing server
Device;
Step A2, described safety control server sets up SSL SSL by enterprise's credential media and banking system
Passage;
Step A3, described enterprise credential media is digitally signed to described pending batch Transaction Information;
Step A4, the digital signature that described enterprise credential media is generated by described safety control server by described SSL passage
And described pending batch Transaction Information is sent to banking system, so that banking system is to described enterprise certificate
The digital signature that medium generates is verified and described pending batch Transaction Information is processed;
Step A5, the result that described safety control server is returned by described SSL channel reception banking system, and
Described result is transmitted to described company information processing server;
If judging, the signature level of described batch affairs is user of service's certificate signature, executes following steps B1~B7:
Step B1, described company information processing server generates signature page request information and sending according to described batch affairs and gives
Safety control server;
Step B2, described safety control server sets up SSL SSL by enterprise's credential media and banking system
Passage, and described signature page request message is sent to by banking system by described SSL passage, and by described
The signature page code of SSL channel reception banking system return is simultaneously transmitted to described company information processing server;
Step B3, described company information processing server generates the signature page and is sent to enterprise according to described signature page code
The information processing terminal is shown;
Step B4, the signature page that user of service's credential media shows according to described company information processing terminal is to described pending
Batch Transaction Information be digitally signed;
Step B5, the digital signature that described user of service's credential media is generated by described company information processing terminal and described treat
The batch Transaction Information processing is sent to described safety control server;
Step B6, the numeral that described user of service's credential media is generated by described safety control server by described SSL passage
Signed data and described pending batch Transaction Information are sent to banking system, so that banking system makes to described
Verified with the digital signature that personnel's credential media generates and described pending batch Transaction Information is processed;
Step B7, the result that described safety control server is returned by described SSL channel reception banking system, and
Described result is transmitted to described company information processing server and described company information processing terminal.
8. method according to claim 7 is it is characterised in that described user of service's credential media is according to described company information
Before the signature page that processing terminal shows is digitally signed to described pending batch Transaction Information, also include:
The id number of the described company information processing terminal currently used personnel of acquisition and described user of service's credential media are built-in
Id number;According to the corresponding relation between default user of service's id number and user of service's certificate id number, judge current
Whether the id number of the user of service id number built-in with described user of service's credential media be corresponding, if it is not, then terminating current
Batch affairs.
9. method according to claim 8 is it is characterised in that described company information processing terminal judges currently used personnel
The id number id number built-in with described user of service's credential media corresponding after, also include:
Described company information processing terminal obtains the PIN PIN of currently used personnel's input and is transmitted to described use people
Member's credential media;
Described user of service's credential media judges that the described PIN of currently used personnel's input is built-in with this user of service's credential media
PIN whether consistent, if it is not, then terminating current batch affairs.
10. a kind of Enterprise information processing system based on bank safety certificate is it is characterised in that include:Company information is processed eventually
End, company information processing server, safety governor, enterprise's credential media and user of service's credential media;Wherein, described enterprise
Netscape messaging server Netscape connects described company information processing terminal and described safety governor respectively by corporate intranet;Described peace
Full control server connects banking system by internet;Described enterprise credential media connects described company information and processes clothes
Business device;Described user of service's credential media connects described company information processing terminal;
Described company information processing server is used for:
Initiate batch affairs according to the default time, and judge the signature level of described batch affairs, described batch transaction packet contains
Pending batch Transaction Information;
If judging, the signature level of described batch affairs is enterprise's certificate signature, and described pending batch Transaction Information is sent out
Give safety control server;
If judging, the signature level of described batch affairs is user of service's certificate signature, generates signature according to described batch affairs
Page request information and sending, to safety control server, generates the signature page according to signature page code and is sent to enterprise's letter
Breath processing terminal is shown;
Described safety control server is used for:
SSL SSL passage is set up by described enterprise credential media and banking system;
When the signature level of described batch affairs is enterprise's certificate signature, by described SSL passage, described enterprise certificate is situated between
The digital signature that matter generates and described pending batch Transaction Information are sent to banking system, so that banking system
The digital signature that system generates to described enterprise credential media verified and to described pending batch Transaction Information at
Reason, the result being returned by described SSL channel reception banking system, and described result is transmitted to described enterprise
Industry netscape messaging server Netscape;
When the signature level of described batch affairs is user of service's certificate signature, by described SSL passage by described signature page
Face request message is sent to banking system, and the signature page returning by described SSL channel reception banking system
Face code is simultaneously transmitted to described company information processing server, is given birth to described user of service's credential media by described SSL passage
The digital signature data becoming and described pending batch Transaction Information are sent to banking system, so that banking system
The digital signature that described user of service's credential media is generated is verified and described pending batch Transaction Information is carried out
Process, the result being returned by described SSL channel reception banking system, and described result is transmitted to described
Company information processing server and described company information processing terminal;
Described enterprise credential media is used for:
When the signature level of described batch affairs is enterprise's certificate signature, line number is entered to described pending batch Transaction Information
Word is signed;
Described user of service's credential media is used for:
When the signature level of described batch affairs is user of service's certificate signature, shown according to described company information processing terminal
Signature the page described pending batch Transaction Information is digitally signed;
Described company information processing terminal is used for:
When the signature level of described batch affairs is user of service's certificate signature, described user of service's credential media is generated
Digital signature and described pending batch Transaction Information are sent to described safety control server.
11. systems according to claim 10 are it is characterised in that described company information processing terminal is additionally operable to:Described
User of service's credential media according to described company information processing terminal show signature the page to described pending batch affairs
Before data is digitally signed, obtain the id number of currently used personnel and the ID that described user of service's credential media is built-in
Number, and according to the corresponding relation between default user of service's id number and user of service's certificate id number, judge currently to make
Whether corresponding with the id number of the personnel id number built-in with described user of service's credential media, if it is not, then terminating current criticizing
Amount affairs.
12. systems according to claim 11 are it is characterised in that described company information processing terminal is additionally operable to:Judging
After the id number of the currently used personnel id number built-in with described user of service's credential media is corresponding, obtain currently used people
The PIN PIN of member's input is simultaneously transmitted to described user of service's credential media;
Described user of service's credential media is additionally operable to:Judge described PIN and this user of service's certificate of currently used personnel's input
Whether the built-in PIN of medium is consistent, if it is not, then terminating current batch affairs.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310726782.2A CN103701606B (en) | 2013-12-25 | 2013-12-25 | Enterprise information processing method and system on basis of bank safety certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310726782.2A CN103701606B (en) | 2013-12-25 | 2013-12-25 | Enterprise information processing method and system on basis of bank safety certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103701606A CN103701606A (en) | 2014-04-02 |
| CN103701606B true CN103701606B (en) | 2017-02-15 |
Family
ID=50363012
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310726782.2A Active CN103701606B (en) | 2013-12-25 | 2013-12-25 | Enterprise information processing method and system on basis of bank safety certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103701606B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682363B (en) * | 2017-11-02 | 2021-02-02 | 苏州国芯科技股份有限公司 | Intelligent household product safety communication method, system and computer readable storage medium |
| CN118074927A (en) * | 2022-11-23 | 2024-05-24 | 华为技术有限公司 | Electronic signature verification method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102971760A (en) * | 2010-06-29 | 2013-03-13 | 瑞典爱立信有限公司 | Methods, server, merchant device, computer programs and computer program products for setting up communication |
| CN102999838A (en) * | 2011-09-19 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Processing method and processing system for order data in internet payment system |
| CN103200176A (en) * | 2013-02-27 | 2013-07-10 | 中国工商银行股份有限公司 | Identification method, identification device and identification system based on bank independent communication channel |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7743254B2 (en) * | 2005-03-23 | 2010-06-22 | Microsoft Corporation | Visualization of trust in an address bar |
-
2013
- 2013-12-25 CN CN201310726782.2A patent/CN103701606B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102971760A (en) * | 2010-06-29 | 2013-03-13 | 瑞典爱立信有限公司 | Methods, server, merchant device, computer programs and computer program products for setting up communication |
| CN102999838A (en) * | 2011-09-19 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Processing method and processing system for order data in internet payment system |
| CN103200176A (en) * | 2013-02-27 | 2013-07-10 | 中国工商银行股份有限公司 | Identification method, identification device and identification system based on bank independent communication channel |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103701606A (en) | 2014-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6012125B2 (en) | Enhanced 2CHK authentication security through inquiry-type transactions | |
| CN102789607B (en) | A kind of network trading method and system | |
| CA2701055C (en) | Method of providing assured transactions using secure transaction appliance and watermark verification | |
| EP1245008B1 (en) | Method and system for secure authenticated payment on a computer network | |
| KR102222230B1 (en) | Secure remote payment transaction processing using a secure element | |
| JP6105721B2 (en) | Start of corporate trigger type 2CHK association | |
| CN102801710B (en) | A kind of network trading method and system | |
| CN103905204B (en) | The transmission method and Transmission system of data | |
| JP6072734B2 (en) | Reliable transaction provision method with watermarked document display certification | |
| CN202210326U (en) | Personal payment terminal with keyboard | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| US20130054461A1 (en) | Methods, systems, and computer-readable media for electronic financial transfers | |
| WO2012155644A1 (en) | Bill entrustment payment management method, device, and system | |
| JP2017530586A (en) | System and method for authenticating a client to a device | |
| CN111277597A (en) | Apparatus, system and method for protecting identity in authenticated transactions | |
| WO2018166359A1 (en) | Mobile payment sublicensing method and payment system implemented by using same | |
| CN104935441B (en) | A kind of authentication method and relevant apparatus, system | |
| KR20170005400A (en) | System and method for encryption | |
| CN101335754B (en) | Method for information verification using remote server | |
| CN104618307A (en) | Online banking transaction authentication system based on trusted computing platform | |
| CN103701606B (en) | Enterprise information processing method and system on basis of bank safety certificate | |
| CN102724180A (en) | Method and system for preventing signature information of universal serial bus (USB) key from being falsified | |
| CN102819799A (en) | Multi-channel safety authenticating system and authenticating method based on U-Key | |
| CN107395600A (en) | Business datum verification method, service platform and mobile terminal | |
| CN106559215A (en) | A kind of apparatus and method of Network Bank security transaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |