[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113393239A - Transaction processing method, system, device, electronic equipment and storage medium - Google Patents

Transaction processing method, system, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN113393239A
CN113393239A CN202110669046.2A CN202110669046A CN113393239A CN 113393239 A CN113393239 A CN 113393239A CN 202110669046 A CN202110669046 A CN 202110669046A CN 113393239 A CN113393239 A CN 113393239A
Authority
CN
China
Prior art keywords
transaction
user
request
server
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110669046.2A
Other languages
Chinese (zh)
Inventor
秦湘清
马蕾
刘意
耿少羽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110669046.2A priority Critical patent/CN113393239A/en
Publication of CN113393239A publication Critical patent/CN113393239A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The disclosure provides a transaction processing method, a transaction processing device, electronic equipment and a transaction processing medium for a first service end, and relates to the field of information security or finance and the like. The transaction processing method comprises the following steps: receiving a transaction request sent by a first user side in the N user sides, wherein the transaction request comprises at least one of transaction data and a digital certificate; sending the transaction request to a transaction verification server in M second servers so that the transaction verification server outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1; and acquiring the verification result and sending the verification result to the first user side so that the first user side carries out transaction processing based on the verification result. The disclosure also provides a transaction processing method, a device, an electronic device and a medium for the user side.

Description

Transaction processing method, system, device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of information security or the field of finance, and the like, and more particularly, to a transaction processing method, system, apparatus, device, medium, and program product.
Background
In the course of conducting transaction processing, the identity of the transaction party is usually first confirmed to ensure the security of the transaction. For example, when a user of a financial institution initiates a transaction such as registration, transfer, loan or purchase of financial products, the financial institution confirms the identity of the user first and then performs transaction processing after confirming the identity of the user.
In the related art, the financial institution may confirm the user identity by directly performing multiple interactions between multiple service terminals and the user terminal used by the user. For example, the plurality of servers include a server for generating a key for a user, a server for applying for a digital certificate, a server for managing a digital certificate, a server for verifying a password, and the like.
In the course of implementing the disclosed concept, the inventors found that there are at least the following problems in the prior art:
the number of users of the financial institution is large, the multiple service terminals generally perform interaction processes with the multiple user terminals, wherein the functions of the interaction processes are the same, so that the purpose of confirming the identities of the corresponding users is achieved, the multiple service terminals can be realized based on different technical architectures, the interaction modes, the communication formats and the like are different, repeated system construction work is increased in the interaction process with the multiple user terminals, and the reusability of the interaction function is low.
Disclosure of Invention
In view of the above, the present disclosure provides a transaction processing method, apparatus, device, medium, and program product that promote reusability of functions and avoid system duplication problems.
In one aspect of the embodiments of the present disclosure, a transaction processing method for a first service end is provided, including: receiving a transaction request sent by a first user side in the N user sides, wherein the transaction request comprises at least one of transaction data and a digital certificate; sending the transaction request to a transaction verification server in M second servers so that the transaction verification server outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1; and acquiring the verification result and sending the verification result to the first user side so that the first user side carries out transaction processing based on the verification result.
According to an embodiment of the present disclosure, the M second servers include a cloud certificate server, the transaction data includes transaction information and a first signature component, the first signature component is obtained by the first user by signing the transaction information based on a first private key component, and before the transaction request is sent to a transaction verification server, the method further includes: sending the transaction data to the cloud certificate server, so that the cloud certificate server signs the transaction data based on a second private key component to obtain a second signature component; receiving the second signature component sent by the cloud certificate server; and obtain a first transaction signature for the transaction data based on the first signature component and the second signature component.
According to an embodiment of the present disclosure, the M second servers include a password verification server, and before the sending the transaction data to the cloud certificate server, the method further includes: receiving a user password sent by the first user terminal; sending the user password to the password authentication server, so that the password authentication server outputs a password authentication result based on the user password; and when the password verification result is that the transaction data are passed, determining to send the transaction data to the cloud certificate server.
According to an embodiment of the present disclosure, when the verification result is a failure, the method further includes: obtaining a second transaction signature for the transaction data based on the first signature component and the second signature component; sending the transaction request to the cloud certificate server, so that the cloud certificate server outputs a check result based on the transaction request, wherein the transaction request comprises the second transaction signature; and acquiring the checking result and sending the checking result to the first user terminal.
According to an embodiment of the present disclosure, before the receiving a transaction request sent by a user side, the method further includes: obtaining first user data of the first user terminal; and verifying the digital certificate based on the first user data and obtaining a verification result.
According to an embodiment of the present disclosure, the M second servers include a cloud certificate server, and when the verification result is that the verification result is passed, the method further includes: sending a preprocessing request to the cloud certificate server, so that the cloud certificate server generates initialization data based on the preprocessing request; and acquiring the initialization data and sending the initialization data to the first user side, so that the first user side generates the transaction request based on the initialization data.
According to an embodiment of the present disclosure, the M second servers include a cloud certificate server, and before the receiving the transaction request sent by the user side, the method further includes: receiving a first request sent by the first user terminal, wherein the first request comprises a first public key component; sending the first request to the cloud certificate server, so that the cloud certificate server generates public key information based on the first public key component; and sending the public key information to the first user terminal.
According to an embodiment of the present disclosure, the M second servers include a CA certificate authority, and the method further includes: receiving a second request sent by the first user terminal, wherein the second request comprises second user data and the public key information; sending the second request to the CA certificate authority so that the CA certificate authority generates the digital certificate based on the second user data and the public key information; and obtaining the digital certificate sent by the CA authentication center.
Another aspect of the embodiments of the present disclosure provides a transaction processing method applied to a first user side of N user sides, including: sending a transaction request to a first service end so that the first service end sends the transaction request to a transaction verification service end in M second service ends, wherein the transaction request comprises at least one of transaction data and a digital certificate, and N and M are integers greater than or equal to 1; receiving a verification result sent by the first service end, wherein the transaction verification service end outputs the verification result based on at least one of the transaction data and the digital certificate; and processing the transaction based on the verification result.
According to an embodiment of the present disclosure, the first user side comprises a first application program, the first application program comprises an authentication platform SDK, wherein before the sending of the transaction request to the first service side, the method further comprises: based on the first application program, receiving transaction operation of a user; and responding to the transaction operation and calling the checking platform SDK to obtain the transaction request through the checking platform SDK.
Another aspect of the disclosed embodiments provides a transaction processing system. The transaction processing system comprises N user terminals, M second service terminals and a first service terminal, wherein N and M are integers which are larger than or equal to 1. The method specifically comprises the following steps: a first client, wherein the N clients comprise the first client, and the first client is configured to send a transaction request, wherein the transaction request comprises at least one of transaction data and a digital certificate; the first server is used for receiving the transaction request and sending the transaction request to a transaction verification server in the M second servers; the transaction verification server is used for outputting a verification result based on the transaction request, so that the first server sends the verification result to the first user side, and the first user side carries out transaction processing based on the verification result.
Another aspect of the disclosed embodiments provides a transaction processing apparatus for a first server, including: the system comprises a request receiving module, a request forwarding module and a verification forwarding module. The request receiving module is used for receiving a transaction request sent by a first user side in the N user sides, wherein the transaction request comprises at least one of transaction data and a digital certificate; the request forwarding module is used for sending the transaction request to a transaction verification server in M second servers so that the transaction verification server outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1; and the verification forwarding module is used for acquiring the verification result and sending the verification result to the first user terminal so that the first user terminal performs transaction processing based on the verification result.
Another aspect of the disclosed embodiments provides a transaction processing apparatus for a first user side of N user sides, including: the system comprises a request sending module, a verification receiving module and a transaction processing module. The request sending module is used for sending a transaction request to a first service end so that the first service end sends the transaction request to a transaction verification service end in M second service ends, wherein the transaction request comprises at least one of transaction data and a digital certificate, and N and M are integers greater than or equal to 1; the verification receiving module is used for receiving a verification result sent by the first service end, wherein the verification result is obtained by verifying the transaction request through the transaction verification service end; and the transaction processing module is used for processing the transaction based on the verification result.
Another aspect of the present disclosure provides an electronic device including: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method as described above.
Another aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the method as described above.
Another aspect of the disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the method as described above.
One or more of the embodiments described above have the following advantages or benefits: the problems of more repeated system construction work and lower reusability of an interaction function can be at least partially solved, and by receiving the transaction request sent by the user side, sending the transaction request to the transaction verification service side in the M second service sides, sending the transaction request to the user side after obtaining the verification result, and carrying out transaction processing on the user side, the N user sides and the first service side are enabled to interact, and the M second service sides and the first service side also interact, repeated system construction work can be reduced, and reusability of the interaction function is improved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically shows an application scenario diagram of a transaction processing method according to an embodiment of the present disclosure;
FIG. 2 schematically shows a design flow diagram of a transaction processing service according to an embodiment of the present disclosure;
fig. 3 schematically shows a flow chart of a transaction processing method for a first service according to an embodiment of the present disclosure;
fig. 4 schematically shows a flow chart for sending public key information to a first user terminal according to an embodiment of the disclosure;
FIG. 5 schematically illustrates a flow diagram for obtaining a digital certificate according to an embodiment of the disclosure;
FIG. 6 schematically illustrates a flow chart for verifying a digital certificate according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow chart for obtaining initialization data according to an embodiment of the disclosure;
fig. 8 schematically shows a flow chart of a transaction processing method for a first service according to another embodiment of the present disclosure;
FIG. 9 schematically shows a flow diagram for verifying a user password according to an embodiment of the disclosure;
FIG. 10 schematically shows a flow diagram of reconciling transaction requests according to an embodiment of the present disclosure;
fig. 11 schematically shows a flow chart of a transaction processing method for a first user terminal according to an embodiment of the present disclosure;
FIG. 12 schematically shows a flow diagram for obtaining a transaction request according to an embodiment of the disclosure;
FIG. 13 schematically shows an architecture diagram of a transaction processing system according to an embodiment of the present disclosure;
FIG. 14 schematically illustrates an architecture diagram of a transaction processing system according to another embodiment of the present disclosure;
15A and 15B schematically illustrate a flow diagram of a transaction processing system providing transaction processing services according to an embodiment of the present disclosure;
fig. 16 schematically shows a block diagram of a structure of a transaction processing apparatus for a first service according to an embodiment of the present disclosure;
fig. 17 schematically shows a block diagram of a transaction processing arrangement for a first user terminal according to an embodiment of the present disclosure; and
fig. 18 schematically shows a block diagram of an electronic device adapted to implement a transaction processing method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The user identity can typically be confirmed from the user's private key signature and digital certificate. In the whole signature and signature verification process (for example, including verifying the private key signature of the user and the digital certificate), the system also includes a CA authentication center, a transaction verification server, a cloud certificate server or a digital certificate management server, and the like, which participate together. Meanwhile, according to different transaction security control levels, if necessary, a password verification link (such as static passwords, fingerprint identification and face identification) can be supplemented during actual transaction authentication.
Under the condition that different users use a plurality of user terminals or one user uses a plurality of user terminals, if each user terminal is synchronously interacted with a plurality of service terminals respectively, on one hand, each user terminal is simultaneously connected with a plurality of service terminals, the service terminals can be realized based on different technical architectures, the interaction modes, the communication formats and the like are different, and higher working complexity is generated for the development of the user terminals or the function realization, the system management and the like of each service terminal to the user terminals. On the other hand, when a multi-user end initiates transaction operation and performs identity authentication, repeated system construction work is added, and reusability of an interactive function is low.
The embodiment of the disclosure provides a transaction processing method for a first service end. The transaction processing method comprises the following steps: receiving a transaction request sent by a first user side in the N user sides, wherein the transaction request comprises at least one of transaction data and a digital certificate. And sending the transaction request to a transaction verification server in the M second servers so that the transaction verification server outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1. And acquiring the verification result and sending the verification result to the first user side so that the first user side carries out transaction processing based on the verification result.
According to the embodiment of the disclosure, by receiving the transaction request sent by the user side, sending the transaction request to the transaction verification service side in the M second service sides, sending the transaction request to the user side after obtaining the verification result, and carrying out transaction processing on the user side, the N user sides and the first service side are enabled to interact, and the M second service sides and the first service side also interact, repeated system construction work can be reduced, and reusability of an interaction function is improved.
It should be noted that the transaction processing method, the apparatus, the system and the electronic device provided in the embodiments of the present disclosure may be used in the field of information security, and may also be used in various fields other than the field of information security, such as the financial field. The application fields of the transaction processing method, the transaction processing device, the transaction processing system and the electronic equipment provided by the embodiment of the disclosure are not limited.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision or application of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
Fig. 1 schematically shows an application scenario diagram of a transaction processing method according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment includes R terminal devices (e.g., 111, 112 … … 11R), a first server 120, and S second servers (e.g., 131, 132 … … 13S), where R and S are integers greater than or equal to 1. Here, a medium for providing communication links between the R terminal devices and the first server 120 may be used by a network (not shown in the figure), and a medium for providing communication links between the first server 120 and the S second servers may be used by a network. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
Different users or one user may interact with the first server 120 over the network using any one or more of the R terminal devices to receive or send messages, etc. Each of the R terminal devices may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only).
The R terminal devices may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The first server 120 and the S second servers may be servers providing various services, such as a background management server (for example only) providing support for websites browsed by users using R terminal devices. The background management server can analyze and process the received data such as the user request, and feed back the processing result (for example, a webpage, information, or data obtained or generated according to the user request) to the terminal device.
According to the embodiment of the present disclosure, the N user terminals may be N terminal devices among the R terminal devices, and the first user terminal is any one of the terminal devices. The N user terminals may also be N applications in any one of the R terminal devices, and the first user terminal is any one of the applications. The present disclosure is not limited thereto.
According to an embodiment of the present disclosure, the first server 120 may be provided with a first service end, and the M second server may be provided with any one or more of the S second servers. For example, the first server is deployed in the first server 120, and the M second servers are deployed in M servers of the S second servers.
In some embodiments of the present disclosure, the transaction processing method applied to the first server may be generally performed by the first server 120. Accordingly, the transaction processing device applied to the first server provided by the embodiment of the present disclosure may be generally disposed in the server 120. The transaction processing method applied to the first server provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 120 and is capable of communicating with R terminal devices and/or S second servers. Correspondingly, the transaction processing device applied to the first server provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 120 and is capable of communicating with R terminal devices and/or S second servers.
In some embodiments of the present disclosure, the transaction processing method applied to the user terminal may be generally executed by any terminal device. Accordingly, the transaction processing device applied to the user side provided by the embodiment of the disclosure can be generally disposed in any terminal device.
It should be understood that the number of terminal devices, first servers and S second servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
First, to clearly clarify the concept of the transaction processing method, apparatus, system, device, medium and program product according to the embodiments of the present disclosure, the following describes in detail a flow of the closed-loop transaction processing service capable of providing full functionality according to the embodiments of the present disclosure with reference to fig. 2 based on the scenario described in fig. 1.
FIG. 2 schematically shows a design flow diagram of a transaction processing service according to an embodiment of the present disclosure.
As shown in fig. 2, the full-function transaction processing service includes operations S210 to S250.
In operation S210, in response to the user applying for opening operation, the user end submits user-related information (such as a user ID, personal information, a device ID, and the like), applies for opening a digital certificate, and performs a validity check.
In operation S220, a key is generated. The user side and the second server side (for example, a cloud certificate server side of the M second server sides) respectively generate public and private key pair components required for forming the digital certificate, and store the public and private key pair components in the user side and the second server side respectively.
In order to ensure the storage security and the use security of the public and private keys, for example, according to a key dispersion and collaborative signature technique of the national secret SM2 algorithm (for example only), a public and private key pair may be generated at the user side and the second server side, respectively, that is, the complete public and private key is split into a plurality of user side components and server side components, no direct logical relationship exists between the components, and other components cannot be derived according to part of the components.
In operation S230, based on the generated key component, the user side and the second server side form a complete public key, and then generate a corresponding digital certificate through a ca (certificate authority) certificate authority, and then store the digital certificate.
In operation S240, first, signature preprocessing is performed, before initiating a transaction signature, a digital certificate availability check is performed, and a signature initial value is obtained. Then, the transaction data is harmoniously signed to obtain a transaction signature.
In operation S250, a transaction request is submitted for transaction verification to confirm the validity of the user identity.
In operation S260, for the scenario of transaction verification failure, the first user side, the first service side and the second service side are supported to perform verification confirmation (e.g., verification of digital certificate) so as to locate and analyze the problem.
The transaction processing method according to the embodiment of the present disclosure will be described in detail below with reference to fig. 3 to 12 based on the scenario described in fig. 1.
Fig. 3 schematically shows a flow chart of a transaction processing method for a first service according to an embodiment of the present disclosure.
As shown in fig. 3, the transaction processing method of the embodiment of the present disclosure includes operations S310 to S330.
In operation S310, a transaction request sent by a first user terminal of the N user terminals is received, wherein the transaction request includes at least one of transaction data and a digital certificate.
According to an embodiment of the present disclosure, referring to fig. 1, for example, a user initiates a payment operation using a terminal device 111 (i.e., a first user side), and a transaction request may be sent to a first service side in a form of a message. The transaction data in the transaction request may include information of a payer, information of a payee, a collection amount, or a transaction target.
In operation S320, the transaction request is sent to a transaction verification server of the M second servers, so that the transaction verification server outputs a verification result based on the transaction request (e.g., based on at least one of transaction data and a digital certificate), where N and M are integers greater than or equal to 1.
In some embodiments of the present disclosure, the transaction request may include transaction data but not include a digital certificate, for example, the digital certificate is stored in the first server, so that the first server may retrieve the corresponding digital certificate after receiving the transaction request, and send the transaction request and the digital certificate to the transaction verification server together.
In other embodiments of the present disclosure, such as when performing authentication-type operations that do not involve the transfer of property, the transaction request may include a digital certificate instead of transaction data. So that the authentication result of the digital certificate by the transaction authentication server can be used to confirm the identity of the user.
In other embodiments of the present disclosure, transaction data and a digital certificate may be included in the transaction request. And then the transaction request is sent to a transaction verification server side through the first server side for verification.
In operation S330, a verification result is obtained and sent to the first user side, so that the first user side performs transaction processing based on the verification result.
In the related art, when a user uses a first user to perform a transaction, the user may directly interact with M second servers, so that a financial institution determines the identity of the user initiating the transaction, and then performs transaction processing. The M second servers may have different service architectures and communication rules, so that no matter one ue interacts with the M second servers at the same time, or the M second servers directly interact with the N ues to provide the authentication service, the complexity is high. For example, each transaction request sent by N clients may be encrypted, and different clients have different encryption rules, then M second servers may store multiple decryption tools or data in advance to call different tools for decryption during each identity verification process.
According to an embodiment of the present disclosure, referring to fig. 2, the first service can call the relevant interfaces of the M second services on a per flow basis according to the full-function transaction processing service. Specific interaction details can be shielded from the user side under the condition of encapsulating and realizing corresponding functions. The method can also realize information maintenance of the digital certificate of the user, synchronously manage the state, the opening time, the validity period and the like of the certificate, and is convenient for checking the validity of the certificate in the process of using the digital certificate.
According to the embodiments of the present disclosure, according to the requirement of the N ues to interact with the first server, the development can be performed based on the service architecture and the communication rule of the party representing the first server, without considering a plurality of servers as in the prior art. In addition, the M second servers can be docked with the party representing the first server without adding redundant system reconstruction work.
According to the embodiment of the disclosure, by receiving the transaction request sent by the user side, sending the transaction request to the transaction verification service side in the M second service sides, sending the transaction request to the user side after obtaining the verification result, and carrying out transaction processing on the user side, the N user sides and the first service side are enabled to interact, and the M second service sides and the first service side also interact, the complexity can be reduced, repeated system construction work is reduced, and the reusability of interaction functions is improved.
Fig. 4 schematically shows a flowchart for sending public key information to a first user end according to an embodiment of the disclosure.
As shown in fig. 4, the embodiment of the present disclosure may send the public key information to the first user end before operation S310, specifically including operation S410 to operation S430.
In operation S410, a first request sent by a first user is received, where the first request includes a first public key component.
In operation S420, the first request is sent to the cloud certificate server, so that the cloud certificate server generates public key information based on the first public key component.
According to embodiments of the present disclosure, secure processing during a transaction may be performed by two independent parties based on the SM2 algorithm. First, a first user side and a cloud certificate server side respectively and independently generate a private key component. The first user side generates a first public key component and a first private key component, and the cloud certificate server side generates a second private key component. Then, after the cloud certificate server receives the first public key component of the first user, complete public key information is generated based on the first public key component and the second private key component.
In operation S430, the public key information is transmitted to the first user terminal.
According to the embodiment of the disclosure, the first user side and the cloud certificate server side respectively generate a private key component independently, and finally the first server side carries out collaborative signing, so that the security of transaction can be ensured.
Fig. 5 schematically illustrates a flow diagram for obtaining a digital certificate according to an embodiment of the present disclosure.
As shown in fig. 5, the embodiment of the present disclosure may obtain the digital certificate after operation S430, specifically including operation S510 to operation S530.
In operation S510, a second request sent by the first user is received, where the second request includes second user data and public key information.
In operation S520, the second request is transmitted to the CA certificate authority so that the CA certificate authority generates a digital certificate based on the second user data and the public key information.
In operation S530, a digital certificate transmitted by a CA certificate authority is obtained.
According to the embodiment of the disclosure, the first server sends the digital certificate to the first user side after obtaining the digital certificate. The first service end can also manage the times, time and the like of obtaining the digital certificate by each user end, so that the safety management of transaction is enhanced.
In some embodiments, the first server may store the digital certificate locally, and create a digital certificate management file to store a correspondence between data (e.g., a device ID, a user account, or user information of the first user) of different users and the digital certificate, so that the first server provides a certificate management function, thereby reducing development work of the first user.
Fig. 6 schematically illustrates a flow chart for verifying a digital certificate according to an embodiment of the present disclosure.
As shown in fig. 6, before operation S210, the embodiment of the present disclosure may perform availability check on the digital certificate, specifically including operations S610 to S620.
In operation S610, first user data of a first user is obtained.
According to an embodiment of the present disclosure, the first user data may include a device ID, user personal information, or information of the first user side, and the like.
In operation S620, the digital certificate is verified based on the first user data, and a verification result is obtained.
According to the embodiment of the disclosure, after the first user data is acquired, the corresponding digital certificate can be called through the preset certificate management file. And comparing the information in the certificate management file with the information in the digital certificate to check the validity of the digital certificate, such as checking the validity period of the digital certificate, or comparing the personal information (which can be dynamically updated) of the user with the corresponding information in the digital certificate. If the verification fails, the transaction request does not need to be continuously generated, so that the transaction processing efficiency is improved, and the pressure of the back end is reduced.
According to an embodiment of the present disclosure, referring to fig. 1, for example, a user uses the same application in the terminal devices 111 and 112, which is considered to use two user terminals. The first server may store the digital certificate information generated by the user at both user terminals in the certificate management file.
In some embodiments, when the user uses the terminal device 111 to perform a corresponding operation, if the digital certificate in the terminal device 111 expires, the digital certificate in the terminal device 112 may be invoked for use on the premise of confirming the personal information of the user. In other embodiments, the number of times a user applies for a digital certificate may be managed, abusing system resources may be prevented, or an attack by an illegal person through multiple applications may be prevented.
FIG. 7 schematically shows a flow chart for obtaining initialization data according to an embodiment of the disclosure.
As shown in fig. 7, when the digital certificate is verified and the verification result is passed, the initialization data may be obtained through operations S710 to S720.
In operation S710, a preprocessing request is sent to the cloud certificate server, so that the cloud certificate server generates initialization data based on the preprocessing request.
In operation S720, the initialization data is obtained and transmitted to the first user side, so that the first user side generates a transaction request based on the initialization data.
According to an embodiment of the present disclosure, for example, the initialization data may be signature auxiliary data generated by a cloud certificate server, and the first user obtains the transaction request by signing the transaction data based on the first private key component and the signature auxiliary data. In some embodiments of the present disclosure, the pre-processing request may include information such as transaction category, and the initialization data may be transaction request instructions generated for the transaction category. And the first user terminal generates a transaction request according to the instruction and a preset corresponding rule. The content of the initialization data is not particularly limited by the present disclosure.
Fig. 8 schematically shows a flow chart of a transaction processing method for a first service according to another embodiment of the present disclosure.
As shown in fig. 8, the transaction processing method of the embodiment of the present disclosure may include operations S310 to S330, and may further include operations S810 to S830 before operation S320. The contents of operations S310 to S330 can refer to fig. 3, and are not described herein again. And the transaction data comprises transaction information and a first signature component, the first signature component is obtained by the first user terminal by signing the transaction information based on the first private key component,
in operation S810, the transaction data is sent to the cloud certificate server, so that the cloud certificate server signs the transaction data based on the second private key component to obtain a second signature component.
According to the embodiment of the disclosure, the first user end may initiate a preprocessing request to obtain initialization data. The first user terminal signs the transaction data by utilizing the initialization data and the first private key component to obtain a first signature component.
In operation S820, a second signature component sent by the cloud certificate server is received.
In operation S830, a first transaction signature of the transaction data is obtained based on the first signature component and the second signature component.
According to an embodiment of the present disclosure, the transaction request sent to the transaction verification service may include the digital certificate, the transaction data, and the first transaction signature (which may no longer include the first signature component). For example, the transaction verification service side simultaneously verifies the digital certificate, the transaction data and the first transaction signature, and first, verifies the signature of the CA certificate authority on the digital certificate based on the public key information of the CA certificate authority. The first transaction signature is then verified using the public key information of the first client. After the verification is passed, the verification result is passed.
In some embodiments of the present disclosure, after the cloud certificate server signs the transaction data based on the second private key component to obtain the second signature component, the cloud certificate server may directly perform a collaborative signature operation instead of the first server to obtain the first transaction signature. And finally, returning the first transaction signature to the first server.
According to the embodiment of the disclosure, on the basis that the first user side and the cloud certificate server side respectively store the private key components, the auxiliary signature tools are interactively transmitted through the first user side and the cloud certificate server side in the signature process, so that the signature components are respectively obtained. And finally, the first server performs collaborative signing to obtain a first transaction signature. Thereby enabling to improve the security of the transaction verification.
Fig. 9 schematically shows a flow diagram for verifying a user password according to an embodiment of the present disclosure.
As shown in fig. 9, before operation S810, the embodiment of the present disclosure may further perform authentication on the user password, specifically including operations S910 to S930.
In operation S910, a user password transmitted by a first user is received.
In operation S920, the user password is sent to the password authentication server, so that the password authentication server outputs a password authentication result based on the user password.
In operation S930, when the password verification result is pass, it is determined that the transaction data is transmitted to the cloud certificate server.
According to the embodiment of the disclosure, password verification is performed on the user, and a subsequent transaction processing flow is performed after the password verification is passed, so that the transaction processing efficiency and the security are improved.
FIG. 10 schematically shows a flow diagram for reconciling transaction requests according to an embodiment of the present disclosure.
As shown in fig. 10, when the authentication result obtained in operation S310 is a failure, the embodiment of the present disclosure may perform operations S1010 to S1030 to check the consistency of the digital certificate.
In operation S1010, a second transaction signature of the transaction data is obtained based on the first signature component and the second signature component.
In operation S1020, the transaction request is sent to the cloud certificate server, so that the cloud certificate server outputs a verification result based on the transaction request, where the transaction request includes the second transaction signature.
In operation S1030, the checking result is acquired and transmitted to the first user terminal.
According to the embodiment of the disclosure, for example, the first user sends the check application to the first server, and the first server may include transaction data, the first transaction signature, the second transaction signature, the digital certificate, and public key information of the first user in the transaction request (for example, the public key information may be obtained again with reference to operations S410 to S420).
On one hand, the cloud certificate server can compare whether the second transaction signature is the same as the first transaction signature, so as to detect the problem in the collaborative signature stage. In yet another aspect, the cloud certificate server may validate the transaction request using the same steps as the transaction validation server. For example, first, the digital certificate is verified using public key information of the CA certificate authority. Then, the public key information of the first user side is compared with the public key information recorded on the digital certificate. And then, when the first transaction signature is the same as the second transaction signature, the public key information of the first user end is used for verifying any transaction signature. Or when the first transaction signature is different from the second transaction signature, the two transaction signatures are respectively verified.
The cloud certificate server checks the existing problems through the comparison or verification results of all the links to output the checking result. And finally, the first server side sends the checking result to the first user side so as to help the user to locate and analyze the problem.
Fig. 11 schematically shows a flow chart of a transaction processing method for a first user terminal according to an embodiment of the present disclosure.
As shown in fig. 11, the transaction processing method according to the embodiment of the disclosure may be applied to a first user side of the N user sides, and specifically includes operations S1110 to S1130.
In operation S1110, a transaction request is sent to a first server, so that the first server sends the transaction request to a transaction verification server in M second servers, where the transaction request includes at least one of transaction data and a digital certificate, where N and M are integers greater than or equal to 1.
In operation S1120, a verification result sent by the first server is received, wherein the verification result is obtained by the transaction verification server verifying the transaction request.
In operation S1130, transaction processing is performed based on the verification result.
FIG. 12 schematically shows a flow diagram for obtaining a transaction request according to an embodiment of the disclosure.
As shown in fig. 12, before the transaction request is sent to the first service in operation S1110, operations S1210 to S1220 may be performed based on the first application. The first user side comprises a first application program, and the first application program comprises a signature verification platform (SDK) (Software Development Kit).
In operation S1210, a transaction operation of a user is received.
In operation S1220, a checkstand SDK is invoked in response to the transaction operation to obtain a transaction request through the checkstand SDK.
According to the embodiment of the disclosure, the SDK is, for example, a development kit provided to the third-party application software for authentication of user identity in financial transactions, and supports one or more identity authentication methods, such as digital certificate, static password, fingerprint, short message, medium authentication, and the like. Based on the SDK, the authentication platform can output the identity authentication use function to a third party (such as an application program developer), and the development difficulty and the technical threshold for popularizing the identity authentication service (such as a digital certificate product) are reduced.
According to an embodiment of the present disclosure, the first application may further include a secure SDK. The security SDK is embedded in a first application program using a digital certificate and provides support for functions of public and private key generation, key storage, transaction message signature and the like of the first application program.
In the embodiment of the disclosure, the signature verification platform SDK may have the same communication mode, calling method, and the like as the first service end, and the secure SDK may be embedded in the signature verification platform SDK. When a user uses a first application program to perform transaction operation, the first application program calls the checking and signing platform SDK, and then the checking and signing platform SDK interacts with the safety SDK and the first server side. Besides the user personal information, transaction information and other transaction data, in the transaction operation process, for example, relevant information (such as hardware, APP information and the like) required by using a digital certificate can be acquired by calling a corresponding method through an SDK (security verification platform) so as to simplify the development workload of the mobile application APP.
Based on the transaction processing method, the disclosure also provides a transaction processing system.
Fig. 13 schematically illustrates an architecture diagram of a transaction processing system 1300 according to an embodiment of the present disclosure.
As shown in fig. 13, the transaction processing system of the embodiment of the disclosure may include N user terminals, M second service terminals, and a first service terminal, where N and M are integers greater than or equal to 1. The details are as follows.
The first user end may be any one of user end 1, user end 2 … …, user end N, the first user end configured to send a transaction request, wherein the transaction request includes at least one of transaction data and a digital certificate. Each user side may be an Application (App), and each App has a secure SDK embedded therein.
The first server is used for receiving the transaction request and sending the transaction request to a transaction verification server in the M second servers.
The transaction verification server is used for outputting a verification result based on the transaction request, so that the first server sends the verification result to the first user side, and the first user side carries out transaction processing based on the verification result.
According to an embodiment of the present disclosure, the transaction processing system further includes a cloud certificate server. The cloud certificate server side can be used for storing the server side key pair, executing corresponding signature calculation and the like. For example, the cloud certificate server is configured to generate initialization data in response to a preprocessing request initiated by the first server. And means for signing the transaction data based on the second private key component to obtain a second signature component. Or generating public key information based on the first public key component stored at the user terminal.
According to embodiments of the present disclosure, the transaction processing system may further include a CA certificate authority. The CA authentication center is used for generating and dispatching the digital certificate, for example, generating the digital certificate based on the second user data and the public key information, and sending the digital certificate to the first service terminal.
According to the embodiment of the disclosure, in order to adapt to the use of the identity authentication service in a complex scene, the first service end can provide the service to the outside in the form of cloud services such as public cloud.
Fig. 14 schematically illustrates an architecture diagram of a transaction processing system 1400 according to another embodiment of the present disclosure. Transaction processing system 1400 is one embodiment of transaction processing system 1300.
As shown in fig. 14, the transaction processing system 1400 of the embodiment of the disclosure may include N clients, M second servers, and a first server, where N and M are integers greater than or equal to 1.
According to the embodiment of the disclosure, the check and sign platform SDK is embedded in each user end in the N user ends, namely each application program, and the safety SDK is embedded in the check and sign platform SDK. When a user uses a first application program to perform transaction operation, the first application program calls the checking and signing platform SDK, and then the checking and signing platform SDK interacts with the safety SDK and the first server side. Specifically, reference may be made to operations S1210 and S1220. The integrated signature verification platform SDK based on full-function service can more efficiently output the digital certificate function to a third party, and reduces the development difficulty and technical threshold for popularizing identity authentication products.
The first service end, the transaction verification service end, the cloud certificate service end, or the CA authentication center in the transaction processing system 1400 are the same as the transaction processing system 1300, and are not described herein again.
Fig. 15A and 15B schematically show a flow chart of a transaction processing system providing transaction processing services according to an embodiment of the present disclosure.
As shown in fig. 15A and 15B, the transaction processing system 1300 providing the transaction processing service may include operations S1510 through S1560. The details are as follows.
As shown in fig. 15A, in operation S1510, the user terminal applies for opening the digital certificate, which includes operation S1511 to operation S1514.
In operation S1511, the user side submits the related information to the first service side, and applies for opening the digital certificate.
In operation S1512, after receiving the relevant information, the first service end may store the relevant information locally and send the relevant information to the cloud certificate service end, so that the cloud certificate service end adds an opening record.
In operation S1513, the cloud certificate server notifies the first server after adding the opening record. In some embodiments, the cloud certificate server may pre-store relevant records of all users, and may perform validity check after receiving the provisioning application, so as to determine whether the application user has an authority to apply. For example, if the application user is found to be a blacklist user, the application user may be rejected from being opened.
In operation S1514, the first service end may record the newly added opening in a local record and return to the user end.
As shown in fig. 15A, in operation S1520, a key component is obtained, including operations S1521 to S1525.
In operation S1521, the user terminal first generates a user terminal public-private key pair, i.e., a first private key component and a first public key component, based on, for example, the SM2 algorithm.
In operation S1522, the user side sends the first public key component to the first service side.
In operation S1523, the first service side sends the first public key component to the cloud certificate service side.
In operation S1524, after receiving the first public key component, the cloud certificate server performs preprocessing. For example, a digital certificate used in the authentication process conforms to the PKCS #10 standard, and P10 preprocessing can be performed. In addition, the cloud certificate server side can generate a second private key component, obtain complete public key information based on the second private key component and the first public key component, and then store the complete public key information locally. And finally, returning the data preprocessed by the P10 and the public key information to the first server.
In operation S1525, the first service end returns the data to the user end.
As shown in fig. 15A, in operation S1530, the digital certificate is obtained, including operations S1531 through S15310.
In operation S1531, the user terminal signs the content, such as the user personal information, the device ID, and the like, requesting generation of the digital certificate using the first private key component.
In operation S1532, the user end may put the signature data into a certificate request packet and submit the certificate request packet to the first service end to apply for the digital certificate.
In operation S1533, the first service requests acquisition of request data for transmitting a CA certificate authority, for example, a P10 data file, from the cloud certificate service.
In operation S1534, taking the generation of the P10 data request as an example, the cloud certificate server may parse the certificate request packet. And then, signing the analyzed signature data by using the second private key component to obtain complete private key signature data. Then, the public key information and the data file are put into a structure defined by P10, thereby generating a P10 data file. And finally, sending the P10 data file to the first service end.
In operation S1535, the first server sends a request including the P10 data file to the CA certificate authority.
In operation S1536, the CA certificate authority generates a digital certificate and returns the digital certificate to the first service. It should be noted that, the CA certificate authority may generate the digital certificate based on the existing technology or the technology to be developed in the future, and the request sent by the first server to the CA certificate authority is filled with data meeting the requirement, which is not limited by the present disclosure.
In operation S1537, the first server sends the digital certificate to the cloud certificate server, and requests to verify the digital certificate.
In operation S1538, the cloud certificate service end verifies the digital certificate, and finally returns the verification result to the first service end.
In operation S1539, the first server may store the digital certificate locally, and fill the related information into the digital certificate management file, such as the state, the activation time, the validity period, and the like of the certificate, so as to facilitate subsequent information maintenance on the digital certificate of the user, and facilitate checking the validity of the certificate in the process of using the digital certificate. And finally, returning the digital certificate to the user side.
In operation S15310, the user stores the digital certificate.
Although the various operations of the methods are described above in a particular order, embodiments of the disclosure are not so limited, and the operations described above may be performed in other orders as desired. For example, step S1520 may be executed after step S1530, or may be executed simultaneously. In some embodiments, the cloud service may generate the second private key component and the second public key component without obtaining public key information in operation S1524. The complete public key information is then obtained (e.g., based on the first public key component and the second public key component) in operation S1534, and a P10 data file is generated. Then in operation S1539, the first server may send the public key information to the user side so that the user side can save in operation S15310, wherein the first server may send only the public key information, and the digital certificate is saved locally, so as to relieve the storage pressure of the user side.
As shown in fig. 15B, if the user initiates a transaction using the user terminal, in operation S1540, a signature initialization process may be performed, including operations S1541 to S1545.
In operation S1541, the user terminal invokes public key information, for example, the application invokes secure SDK acquisition. When the check-signing platform SDK is embedded into the application program, the check-signing platform SDK and the safety SDK can be interacted by calling the check-signing platform SDK, and public key information is obtained.
In operation S1542, the user terminal sends the public key information and the user personal information to the first service terminal.
In operation S1543, the first service checks validity of the digital certificate according to the public key information and the user personal information. In some embodiments, the first service end may check according to the information in the digital certificate management file to determine whether the public key information, the user personal information, and the information in the digital certificate are consistent. And after the verification is passed, initiating a signature preprocessing request to the cloud certificate.
In operation S1544, the cloud certificate server performs a signature preprocessing operation, generates initialization data, and sends the initialization data to the first server.
In operation S1545, the first service end transmits the initialization data to the user end.
As shown in fig. 15B, in operation S1550, transaction validity verification is performed, including operations S1551 to S1559.
In operation S1551, the user side signs the transaction information using the first private key component to obtain a first signature component.
In operation S1552, the user side sends a transaction request to the first service side, where the transaction request includes transaction data, and the transaction data includes transaction information and a first signature component. In some embodiments, the user terminal may send a user password to the first service terminal, where the user password may include a number and character password, or a biometric password (e.g., biometric data such as a fingerprint, a voiceprint, an eye, or a face).
In operation S1553, the first service sends the user password to the password authentication service to initiate password authentication.
In operation S1554, the password authentication server performs authentication based on a password pre-registered by the user, and returns an authentication result to the first server.
In operation S1555, when the password is verified, the first server sends the transaction data to the cloud certificate server to request the server to sign a signature.
In operation S1556, the cloud certificate server signs the transaction data using the second signature private key and returns the signed transaction data to the first server.
In operation S1557, the first service end sends the transaction request to the transaction verification service end.
In operation S1558, the transaction verification service verifies the transaction request. Such as when the transaction request includes transaction data and a digital certificate. The digital certificate may first be validated, for example, by verifying the signature of the CA certificate authority on the digital certificate using the public key of the CA certificate authority. Then, after the digital certificate passes verification, the first transaction signature of the transaction data may be verified based on the public key information of the user, where obtaining the first transaction signature may refer to operation S830, which is not described herein. And finally, sending the transaction verification result to the first service end.
In operation S1559, the first service end sends the transaction verification result to the user end, so that the user end performs transaction processing according to the verification result. For example, when the verification result is passed, the user terminal continues to execute the transaction. If the verification result is not passed, the execution is stopped, and the user is prompted that the transaction fails.
As shown in fig. 15B, in operation S1560, when the verification result is failure, a verification application is made, including operations S1561 to S1565.
In operation S1561, the user terminal obtains the first public key component.
In operation S1562, the user terminal submits a check application to the first service terminal, wherein the check application may include the first public key component.
In operation S1563, the first server may send the digital certificate and the verification application to the cloud certificate server.
In operation S1564, the cloud certificate server recalculates to obtain the public key information, and checks the public key information with the public key information on the digital certificate. And finally, sending the check result to the first service end.
In operation S1565, the first server transmits the verification result to the user terminal.
Although the operations of the method are described in a specific order, embodiments of the present disclosure are not limited thereto, and the operations may be performed in other orders as needed, or may be performed selectively, for example, step S1553 and step S1554 are to enhance transaction security control, a password verification server is added to perform identity authentication, and in some embodiments, step S1553 and step S1554 may be omitted. In some other embodiments, each of operations S1510 through S1560 may be an interactive flow encapsulated in the first service end.
Based on the transaction processing method, the disclosure also provides a transaction processing device for the first server and a transaction processing device for the user. The above-described apparatus will be described in detail below with reference to fig. 16 and 17.
Fig. 16 schematically shows a block diagram of a transaction processing device 1600 for a first service according to an embodiment of the disclosure.
As shown in fig. 16, the transaction processing device 1600 of this embodiment includes a request receiving module 1610, a request forwarding module 1620 and an authentication forwarding module 1630.
The request receiving module 1610 may perform operation S310, for example, to receive a transaction request sent by a first user end of the N user ends, where the transaction request includes at least one of transaction data and a digital certificate.
The request forwarding module 1620 may perform operation S320, for example, to send the transaction request to a transaction verification server in the M second servers, so that the transaction verification server outputs a verification result based on the transaction request, where N and M are integers greater than or equal to 1. And
the verification forwarding module 1630 may perform operation S330, for example, to obtain a verification result and send the verification result to the first user end, so that the first user end performs transaction processing based on the verification result.
Fig. 17 schematically shows a block diagram of a transaction processing device 1700 for a first user terminal according to an embodiment of the present disclosure.
As shown in fig. 17, the transaction processing apparatus 1700 of this embodiment includes a request sending module 1710, an authentication receiving module 1720, and a transaction processing module 1730.
The request sending module 1710 may perform operation S1110, for example, to send a transaction request to a first server, so that the first server sends the transaction request to a transaction verification server in M second servers, where the transaction request includes at least one of transaction data and a digital certificate, where N and M are integers greater than or equal to 1.
The verification receiving module 1720 may perform operation S1120, for example, and is configured to receive a verification result sent by the first service end, where the verification result is obtained by verifying the transaction request through the transaction verification service end. And
the transaction processing module 1730 may perform operation S1130, for example, for performing transaction processing based on the verification result.
Any of the modules in the transaction processing device 1600 or the transaction processing device 1700 may be combined into one module or any one of the modules may be split into multiple modules according to embodiments of the present disclosure. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one module in the transaction processing device 1600 or the transaction processing device 1700 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware by any other reasonable manner of integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware. Alternatively, at least one of the modules in the transaction processing arrangement 1600 or the transaction processing arrangement 1700 may be implemented at least partly as a computer program module, which when executed, may perform a corresponding function.
Fig. 18 schematically shows a block diagram of an electronic device adapted to implement a transaction processing method according to an embodiment of the present disclosure.
As shown in fig. 18, an electronic device 1800 according to an embodiment of the present disclosure includes a processor 1801, which may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)1802 or a program loaded from a storage portion 1808 into a Random Access Memory (RAM) 1803. The processor 1801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1801 may also include onboard memory for caching purposes. The processor 1801 may include a single processing unit or multiple processing units for performing the different actions of the method flows in accordance with embodiments of the present disclosure.
In the RAM 1803, various programs and data necessary for the operation of the electronic apparatus 1800 are stored. The processor 1801, ROM 1802, and RAM 1803 are connected to one another by a bus 1804. The processor 1801 performs various operations of the method flows according to embodiments of the present disclosure by executing programs in the ROM 1802 and/or the RAM 1803. Note that the programs may also be stored in one or more memories other than ROM 1802 and RAM 1803. The processor 1801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 1800 may also include an input/output (I/O) interface 1805, the input/output (I/O) interface 1805 also being connected to the bus 1804. The electronic device 1800 may also include one or more of the following components connected to the I/O interface 1805: an input portion 1806 including a keyboard, mouse, and the like. Including an output portion 1807 such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker and the like. A storage section 1808 including a hard disk and the like. And a communication section 1809 including a network interface card such as a LAN card, a modem, or the like. The communication section 1809 performs communication processing via a network such as the internet. A driver 1810 is also connected to the I/O interface 1805 as needed. A removable medium 1811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1810 as necessary, so that a computer program read out therefrom is mounted in the storage portion 1808 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the devices/apparatuses/systems described in the above embodiments. Or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include ROM 1802 and/or RAM 1803 and/or one or more memories other than ROM 1802 and RAM 1803 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. The program code is for causing a computer system to carry out the method according to the embodiments of the disclosure, when the computer program product is run on the computer system.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 1801. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication section 1809, and/or installed from a removable media 1811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1809, and/or installed from the removable media 1811. The computer program, when executed by the processor 1801, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (16)

1. A transaction processing method is applied to a first service end and comprises the following steps:
receiving a transaction request sent by a first user side in the N user sides, wherein the transaction request comprises at least one of transaction data and a digital certificate;
sending the transaction request to a transaction verification server in M second servers so that the transaction verification server outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1; and
and acquiring the verification result and sending the verification result to the first user side so that the first user side carries out transaction processing based on the verification result.
2. The transaction processing method of claim 1, wherein the M second servers include a cloud certificate server, the transaction data includes transaction information and a first signature component, the first signature component obtained by the first client signing the transaction information based on a first private key component, wherein prior to sending the transaction request to a transaction verification server, the method further comprises:
sending the transaction data to the cloud certificate server, so that the cloud certificate server signs the transaction data based on a second private key component to obtain a second signature component;
receiving the second signature component sent by the cloud certificate server; and
obtaining a first transaction signature of the transaction data based on the first signature component and the second signature component.
3. The transaction processing method according to claim 2, wherein the M second servers include a password authentication server, and before the sending the transaction data to a cloud certificate server, further comprising:
receiving a user password sent by the first user terminal;
sending the user password to the password authentication server, so that the password authentication server outputs a password authentication result based on the user password; and
and when the password verification result is that the transaction data are passed, determining to send the transaction data to the cloud certificate server.
4. The transaction processing method of claim 2, wherein when the verification result is a failure, the method further comprises:
obtaining a second transaction signature for the transaction data based on the first signature component and the second signature component;
sending the transaction request to the cloud certificate server, so that the cloud certificate server outputs a check result based on the transaction request, wherein the transaction request comprises the second transaction signature; and
and acquiring the checking result and sending the checking result to the first user end.
5. The transaction processing method according to claim 1, wherein before the receiving the transaction request sent by the user side, the method further comprises:
obtaining first user data of the first user terminal; and
and verifying the digital certificate based on the first user data, and obtaining a verification result.
6. The transaction processing method of claim 5, wherein the M second servers comprise cloud certificate servers, and when the verification result is passed, the method further comprises:
sending a preprocessing request to the cloud certificate server, so that the cloud certificate server generates initialization data based on the preprocessing request; and
and acquiring the initialization data and sending the initialization data to the first user side, so that the first user side generates the transaction request based on the initialization data.
7. The transaction processing method according to claim 1, wherein the M second servers include a cloud certificate server, and before the receiving the transaction request sent by the user side, the method further includes:
receiving a first request sent by the first user terminal, wherein the first request comprises a first public key component;
sending the first request to the cloud certificate server, so that the cloud certificate server generates public key information based on the first public key component; and
and sending the public key information to the first user terminal.
8. The transaction processing method of claim 7, wherein the M second servers comprise CA certificate authorities, the method further comprising:
receiving a second request sent by the first user terminal, wherein the second request comprises second user data and the public key information;
sending the second request to the CA certificate authority so that the CA certificate authority generates the digital certificate based on the second user data and the public key information; and
and obtaining the digital certificate sent by the CA authentication center.
9. A transaction processing method is applied to a first user side in N user sides and comprises the following steps:
sending a transaction request to a first service end so that the first service end sends the transaction request to a transaction verification service end in M second service ends, wherein the transaction request comprises at least one of transaction data and a digital certificate, and N and M are integers greater than or equal to 1;
receiving a verification result sent by the first service terminal, wherein the transaction verification service terminal outputs the verification result based on the transaction request; and
and processing the transaction based on the verification result.
10. The transaction processing method of claim 9, wherein the first user comprises a first application comprising a checkstand SDK, wherein prior to said sending the transaction request to the first service, the method further comprises:
performing the following operations based on the first application,
receiving a transaction operation of a user; and
and responding to the transaction operation and calling the checking platform SDK to obtain the transaction request through the checking platform SDK.
11. A transaction processing system comprises N user terminals, M second service terminals and a first service terminal, wherein N and M are integers greater than or equal to 1, and the transaction processing system specifically comprises:
a first client, wherein the N clients comprise the first client, and the first client is configured to send a transaction request, wherein the transaction request comprises at least one of transaction data and a digital certificate;
the first server is used for receiving the transaction request and sending the transaction request to a transaction verification server in the M second servers;
the transaction verification server is configured to output a verification result based on the transaction request, so that the first server sends the verification result to the first user side, and the first user side performs transaction processing based on the verification result.
12. A transaction processing device applied to a first service end comprises:
the system comprises a request receiving module, a transaction processing module and a processing module, wherein the request receiving module is used for receiving a transaction request sent by a first user side in N user sides, and the transaction request comprises at least one of transaction data and a digital certificate;
the request forwarding module is used for sending the transaction request to a transaction verification server side in M second server sides so that the transaction verification server side outputs a verification result based on the transaction request, wherein N and M are integers greater than or equal to 1; and
and the verification forwarding module is used for acquiring the verification result and sending the verification result to the first user side so that the first user side carries out transaction processing based on the verification result.
13. A transaction processing device applied to a first user side of N user sides comprises:
the system comprises a request sending module, a transaction verification module and a verification module, wherein the request sending module is used for sending a transaction request to a first service end so that the first service end sends the transaction request to a transaction verification service end in M second service ends, the transaction request comprises at least one of transaction data and a digital certificate, and N and M are integers which are greater than or equal to 1;
the verification receiving module is used for receiving a verification result sent by the first service end, wherein the verification result is obtained by verifying the transaction request through the transaction verification service end; and
and the transaction processing module is used for processing the transaction based on the verification result.
14. An electronic device, comprising:
one or more memories storing executable instructions; and
one or more processors executing the executable instructions to implement the method of any one of claims 1-10.
15. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 10.
16. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 10.
CN202110669046.2A 2021-06-16 2021-06-16 Transaction processing method, system, device, electronic equipment and storage medium Pending CN113393239A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110669046.2A CN113393239A (en) 2021-06-16 2021-06-16 Transaction processing method, system, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110669046.2A CN113393239A (en) 2021-06-16 2021-06-16 Transaction processing method, system, device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN113393239A true CN113393239A (en) 2021-09-14

Family

ID=77621578

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110669046.2A Pending CN113393239A (en) 2021-06-16 2021-06-16 Transaction processing method, system, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113393239A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500019A (en) * 2022-01-17 2022-05-13 中国工商银行股份有限公司 Signature method and device, electronic equipment and processor
CN117768104A (en) * 2023-12-22 2024-03-26 中国人寿保险股份有限公司山东省分公司 Secure transaction transmission method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110213711A1 (en) * 2010-03-01 2011-09-01 Entrust, Inc. Method, system and apparatus for providing transaction verification
CN105827412A (en) * 2016-03-14 2016-08-03 中金金融认证中心有限公司 Authentication method, server and client
CN110659897A (en) * 2019-09-20 2020-01-07 中国工商银行股份有限公司 Method, system, computing device and medium for transaction verification
CN112202794A (en) * 2020-09-30 2021-01-08 中国工商银行股份有限公司 Transaction data protection method and device, electronic equipment and medium
CN112633884A (en) * 2020-12-30 2021-04-09 标信智链(杭州)科技发展有限公司 Local private key recovery method and device for transaction main body identity certificate

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110213711A1 (en) * 2010-03-01 2011-09-01 Entrust, Inc. Method, system and apparatus for providing transaction verification
CN105827412A (en) * 2016-03-14 2016-08-03 中金金融认证中心有限公司 Authentication method, server and client
CN110659897A (en) * 2019-09-20 2020-01-07 中国工商银行股份有限公司 Method, system, computing device and medium for transaction verification
CN112202794A (en) * 2020-09-30 2021-01-08 中国工商银行股份有限公司 Transaction data protection method and device, electronic equipment and medium
CN112633884A (en) * 2020-12-30 2021-04-09 标信智链(杭州)科技发展有限公司 Local private key recovery method and device for transaction main body identity certificate

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500019A (en) * 2022-01-17 2022-05-13 中国工商银行股份有限公司 Signature method and device, electronic equipment and processor
CN117768104A (en) * 2023-12-22 2024-03-26 中国人寿保险股份有限公司山东省分公司 Secure transaction transmission method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
US11121873B2 (en) System and method for hardening security between web services using protected forwarded access tokens
CN112866225A (en) Authentication method, authentication device, electronic device, and storage medium
CN110740136B (en) Network security control method for open bank and open bank platform
CN111698312B (en) Service processing method, device, equipment and storage medium based on open platform
CN114826733B (en) File transmission method, device, system, equipment, medium and program product
CN113918904A (en) Data processing method and device, electronic equipment and computer readable storage medium
CN113393239A (en) Transaction processing method, system, device, electronic equipment and storage medium
CN113553302A (en) Credit report acquisition method, system, equipment and storage medium
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
CN115277855A (en) Request processing method and device, electronic equipment and storage medium
CN113094190A (en) Micro-service calling method, calling device, electronic equipment and storage medium
CN114785560B (en) Information processing method, device, equipment and medium
CN114584378B (en) Data processing method, device, electronic equipment and medium
CN109191116B (en) Resource management method and system and payment management method and system
CN114491489A (en) Request response method and device, electronic equipment and storage medium
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN113656782A (en) Method for aggregating identification codes, device for aggregating identification codes and electronic equipment
US20230308432A1 (en) Authenticating and authorizing api calls with multiple factors
US20240305635A1 (en) System and Method for Authenticating Client Devices Communicating with an Enterprise System
CN109146476A (en) A kind of method of payment, server-side, application end and payment system
CN118101215A (en) U-shield login method, device, equipment and medium
CN117349821A (en) Cross-system account association management method, device, equipment, medium and program product
CN117422416A (en) Block chain-based business handling method, device, equipment, medium and product
CN115147101A (en) Secure payment method, apparatus, electronic device, medium, and program product
CN117575762A (en) Method, system, equipment and medium for transacting banking business based on outgoing equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination