CN102956000A - Method and device for payment intermediation transaction data processing and payment intermediation network system - Google Patents
Method and device for payment intermediation transaction data processing and payment intermediation network system Download PDFInfo
- Publication number
- CN102956000A CN102956000A CN2011102374335A CN201110237433A CN102956000A CN 102956000 A CN102956000 A CN 102956000A CN 2011102374335 A CN2011102374335 A CN 2011102374335A CN 201110237433 A CN201110237433 A CN 201110237433A CN 102956000 A CN102956000 A CN 102956000A
- Authority
- CN
- China
- Prior art keywords
- transaction
- bank
- signature
- client
- exchange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title abstract description 12
- 238000012545 processing Methods 0.000 title abstract description 5
- 238000013475 authorization Methods 0.000 claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 15
- 238000001629 sign test Methods 0.000 claims description 19
- 238000007689 inspection Methods 0.000 claims description 10
- 238000012546 transfer Methods 0.000 claims description 7
- 238000005538 encapsulation Methods 0.000 claims description 6
- 239000000284 extract Substances 0.000 claims description 6
- 238000010200 validation analysis Methods 0.000 claims description 6
- 230000002123 temporal effect Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 abstract 1
- 241000209094 Oryza Species 0.000 description 6
- 235000007164 Oryza sativa Nutrition 0.000 description 6
- 235000009566 rice Nutrition 0.000 description 6
- 230000000295 complement effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003203 everyday effect Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a method and a device for payment intermediation transaction data processing and a payment intermediation network system. The method includes the steps of client side login: generating digital signatures by the aid of a U-KEY digital certificate and a digital certificate security control loaded on an exchange client side, verifying user identity by means of bank identity verification or digital signature verification by an authorization server, and issuing and authorizing a TOKEN when verification passes; transaction message signature: after client side login, when each transaction is submitted to the exchange client side through the U-KEY digital certificate, using the digital certificate security control for digital signature and packaging of a transaction message as required, generating a secure transaction massage, and storing the secure transaction massage in an exchange core transaction system; and transaction message verification: transmitting the transaction massages to a payment intermediation system in batches in regular time by the exchange core transaction system, checking the digital signatures in the transaction massages in batches by the exchange core transaction system and operating. Safety performance and use efficiency of a computer system are improved greatly.
Description
Technical field
The present invention relates to a kind of payment meta network system that pays disposal route and the device of intermediary's transaction data and carry out this disposal route.
Background technology
In the process of processing electronic transaction request, security is most important.The internet provides the service channel that surmounts time and space for processing electronic transaction, and people just can finish bank account on the net and inquire about, transfer accounts, pay and the process of exchange such as shopping.The internet provides very convenient a, platform efficiently for the user processes transaction request, but the platform of this opening but has the hidden danger of security.Because there are huge interests to order about, virus and wooden horse fabricator usually utilize the leak of electronic trading system to steal user's personal information and accounts information, thereby the fund security on the user account is constituted a threat to.In order to improve the security of electronic transaction; Adopts measure mainly is to increase aid at client, network and server end at present; such as being set, password authentification instrument or accounts information protection module rice stop user profile stolen; but; the security of the complementary tool of no matter developing height how; the offender can find the leak of these complementary tools all the time, cracks.So it is limited that the effect that user account information is stolen is taken precautions against in this complementary measure, and the offender to crack the most basic instrument of use namely be the internet.
And when carrying out value-added service, in the time of for example stock exchange transaction, staple commodities transactional services, there is higher requirement in traditional commercial bank to the security of computing machine and network system.And as the common customer of bank, no matter be the individual client, or the institutional client, wish that but bank can provide convenient package solution.For example, certain bank now and certain cultural and artistic products exchange set up the staple commodities trade market cooperatively, its objective is and utilize the network communication means to provide timely, carry out the e-commerce platform of spot transaction for the trader, and the staple commodities wholesale business of supporting logistics service can be provided.
Bank is as the payment intermediary of transaction, and the safety of being responsible for the client trading fund changes over to and produces.Bank is as the intermediary of member and exchange's fund remittance and transfer, is responsible for registration member client's the detailed account of fund, and the managing transaction fund is also carried out capital settlement according to exchange's settlement data.Because transaction system is the third-party software systems of cultural and artistic products exchange, and transaction system is that it entrusts the system development merchant of appointment to be responsible for developing, and the system of non-banking independent development, operation maintenance.Transaction system at present towards the target customer be the client of exchange, be again personal customer of commercial bank or enterprise/institutional client.In order to guarantee the safety of bank client funds transfer, be responsible for providing the U-KEY digital certificate to the client by bank.The U-KEY digital certificate that the client must use bank to provide, secure log on the exchange's client that has loaded the safe control of bank's special digital certificate could be carried out the transaction operation.All relate to the transaction of exchange's end all must carry out digital signature.
Yet, if banking system is fully nested with the system of exchange, carry out online operation, owing to the system of exchange and non-banking, can cause the problem of security.How designing the communication mode of banking system and system of exchange, is urgent problem.
Summary of the invention
In order to overcome the shortcoming of above-mentioned technology, the present invention discloses a kind of disposal route of the payment intermediary transaction data that can carry out Secure Transaction between banking system and system of exchange and the treating apparatus of transaction data, also disclose simultaneously above-mentioned data processing method based on payment meta network system.
A kind of disposal route of paying intermediary's transaction data, comprise the steps: the client login: produce digital signature by U-KEY digital certificate and the Digital Certificate Security control that is carried on exchange's client, then bank's authentication or authorization server pass through certifying digital signature, mandate TOKEN is verified by and issued to the rice identifying user identity; Transaction message signature: after the client login, by the U-KEY digital certificate in every submission one transaction of exchange's client, by the Digital Certificate Security control transaction message is carried out digital signature and encapsulation on request, generate the Secure Transaction message, and be stored in the core transaction system of exchange; The transaction message checking: at a fixed time, core transaction system of exchange passes to the payment intermediary system in batches to transaction message, and the payment intermediary system is checked the digital signature in the transaction message, the line operate of going forward side by side in batches.
Described disposal route: wherein " client login " comprise the steps: again to connect the U-KEY digital certificate, input U-KEY password in safe control password box, safe control is inputted password in client validation; Client loads the safe control of bank's special digital certificate, produces digital signature, and the signature key element comprises subscriber identity information, temporal information, random number information; Authentication/authorization server identifying user identity comprises subscriber identity information and user state information, signing messages; If the verification passes, server will produce a TOKEN with server signature and return to the safe control of bank's special digital certificate; Whether the TOKEN information that the safe control checking of bank's special digital certificate bank authentication/authorization server returns is effective, if effectively will be encrypted and be kept in the bank safety control TOKEN, for use in following trading signature computing.
Described disposal route, described " transaction message signature " step comprises again: the transaction client is participated in the business factor data transmission of signature computing to need to the bank safety control according to the data layout of consulting in advance; The bank safety control carries out the data validity inspection to the business factor data, will refuse signature if find invalid data; Whether the login TOKEN information that bank safety control inspection encryption is left in the safe control is consistent with current U-KEY digital certificate for signature, if inconsistent will the refusal signed; Bank safety control display business factor data, the user confirms element of transaction, if the element of transaction data are had objection, the bank safety control will be refused signature; The bank safety control produces trading signature, and the key element that participates in signature comprises: business factor data, login TOKEN information and guarantee the long random number of every transaction signature uniqueness.
Described disposal route: wherein said business factor data comprise: the key element of need signing during trust and the time signature key element of removing list, and the signature key element comprises type of transaction, dealing sign, transaction account, entrusts price, quotation mode, entrusts quantity, date, time one or a combination set of when wherein entrusting; Removing Dan Shixu signature key element comprises type of transaction, dealing sign, transaction account, trust price, quotation mode, entrusts quantity, date, time, trust numbering one or a combination set of.
Described disposal route, described " transaction message checking " step comprises again: the bank paying intermediary system is submitted transaction message to bank transaction authentication of message signature server; Whether TOKEN information is effective in the bank transaction authentication of message signature server checking transaction message, if invalid, the disabled user that is who participates in signature is described, returns the sign test failure; Whether bank transaction authentication of message signature server certifying digital signature is the significant figure signatures, if it is invalid to sign, will return the sign test failure; Bank transaction authentication of message signature server extracts the long random number that is used for guaranteeing every transaction signature uniqueness from signing messages, and this random number is returned to the bank paying intermediary system; The bank paying intermediary system verifies whether this long random number is unique, if not uniquely namely return the sign test failure.
A kind for the treatment of apparatus of paying intermediary's transaction data, comprise with lower unit: client login unit: be used for producing digital signature by U-KEY digital certificate and the Digital Certificate Security control that is carried on exchange's client, then bank's authentication or authorization server pass through certifying digital signature, mandate TOKEN and status information are verified by and issued to the rice identifying user identity; Transaction message signature unit: after being used for the client login, by the U-KEY digital certificate in every submission one transaction of exchange's client, by the Digital Certificate Security control transaction message is carried out digital signature and encapsulation on request, generate the Secure Transaction message, and be stored in the core transaction system of exchange; The transaction message authentication unit: be used at a fixed time, core transaction system of exchange passes to the payment intermediary system in batches to transaction message, and the payment intermediary system is checked the digital signature in the transaction message, the line operate of going forward side by side in batches.
Described treating apparatus: wherein " client login unit " comprises again following subelement: the first subelement: be used for connecting upper U-KEY digital certificate, input U-KEY password in safe control password box, safe control is at the password of client validation user input; The second subelement: be used for client and load the safe control of bank's special digital certificate, produce digital signature, the signature key element comprises subscriber identity information, temporal information, random number information; The 3rd subelement: be used for authentication/authorization server identifying user identity, comprise subscriber identity information, user state information, signing messages; If the verification passes, server will produce a TOKEN with server signature and return to the safe control of bank's special digital certificate; The 4th subelement: whether the TOKEN information of returning for the safe control checking of bank's special digital certificate bank authentication/authorization server is effective, if effectively will be encrypted and be kept in the bank safety control TOKEN, for use in following trading signature computing.
Described treating apparatus, described " transaction message signature " unit comprises again following subelement: the 5th subelement: be used for the transaction client and according to the data layout of consulting in advance the business factor data (unit) of need participation signature computing be transferred to the bank safety control; The 6th subelement: be used for the bank safety control business factor data are carried out the data validity inspection, will refuse signature if find invalid data; The 7th subelement: whether the login TOKEN information that leaves safe control for bank safety control inspection encryption in is consistent with current U-KEY digital certificate for signature, if inconsistent will the refusal signed; The 8th subelement: be used for bank safety control display business factor data, the user confirms element of transaction, if the element of transaction data are had objection, the bank safety control will refuse to sign; The 9th subelement: be used for the bank safety control and produce trading signature, the key element that participates in signature comprises: business factor data, login TOKEN information and guarantee the long random number of every transaction signature uniqueness.
Described treating apparatus: wherein said business factor data cell comprises: the key element of need signing during trust and the time signature key element of removing list, and the signature key element comprises type of transaction, dealing sign, transaction account, entrusts price, quotation mode, entrusts quantity, date, time one or a combination set of when wherein entrusting; Removing Dan Shixu signature key element comprises type of transaction, dealing sign, transaction account, trust price, quotation mode, entrusts quantity, date, time, trust numbering one or a combination set of.
Described treating apparatus, described " transaction message checking " unit comprises again following subelement: the tenth subelement: be used for the bank paying intermediary system transaction message is submitted to bank transaction authentication of message signature server; The 11 subelement: whether TOKEN information is effective in the bank transaction authentication of message signature server checking transaction message, if invalid, the disabled user that is who participates in signature is described, returns the sign test failure; The 12 subelement: whether bank transaction authentication of message signature server certifying digital signature is the significant figure signatures, if it is invalid to sign, will return the sign test failure; The 13 subelement: bank transaction authentication of message signature server extracts the long random number that is used for guaranteeing every transaction signature uniqueness from signing messages, and this random number is returned to the bank paying intermediary system; The 14 subelement: the bank paying intermediary system verifies whether this long random number is unique, if not uniquely namely return the sign test failure.
A kind of payment meta network system, comprise core banking system and core transaction system of exchange, core banking system, for the treatment of various bank transaction data, and process the request of data that exchange's client or bank client transmit, and the request of data of exchange's client is by exchange's core system or directly enter core banking system; Exchange's core system, for the treatment of various exchanges data, and the request of data that transmits for the treatment of transaction core banking system or exchange client; With exchange's client of bank safety control, be used for obtaining the client requests data and be sent to core system of exchange afterwards or directly be sent to core banking system; With the normal client end of bank safety control, be used for obtaining the client requests data and be sent to core banking system, then transfer to exchange's core system.
Described payment meta network system, the mode that described normal client end or exchange's client are connected with core transaction system of exchange or core banking system is wired internet, wireless Internet, special line or LAN (Local Area Network).
Described payment meta network system, wherein said core banking system comprises again: the bank paying intermediary system, for the treatment of the bank paying intermediate business; Bank's authentication/login authorization server is used for exchange's client and please carries out authentication for token rice to bank's authentication/login authorization server; Bank individual/to public CA certificate system is used for the individual or to the CA certificate checking of public affairs; With bank transaction authentication of message signature server, be used for transaction message is carried out certifying signature; Wherein, bank's authentication/login authorization server and bank paying intermediary system and bank individual/public CA certificate system is linked to each other, bank transaction authentication of message signature server and bank paying intermediary system and bank individual/public CA certificate system is linked to each other, and the bank paying intermediary system links to each other with core transaction system of exchange.
Beneficial effect of the present invention is as follows:
1. transaction separates with the payment clearance, greatly improves security performance and the service efficiency of transaction system.General transaction system all is on-line signature, online sign test; What native system adopted is off line signature, afterwards sign test.After every day, exchange stopped business, core transaction system of exchange passed to the bank paying intermediary system in batches with transaction message, and day is checked signature in batches by bank eventually.
2. by the online validation user identity and issue TOKEN, guarantee to only have the client by authentication could produce trading signature, prevent that the disabled user from participating in business.
3. prevent effectively that the element of transaction data are tampered, guarantee that the transaction critical data that participates in signing all must could participate in the signature computing after obtaining customer's approval.
4.. guarantee the uniqueness of every transaction signature by long random number, prevent the transaction message Replay Attack.
5. provide a cover perfect end to end solution, guaranteed client's fund and transaction security.Assurance all is to be initiated by the true legal client of bank from the login of transaction system, to the execution of concluding the business; Changing over to of backstage client trading fund produced, and also carries out under the safeguard protection of bank.Both guarantee client's transaction security, protected again client's funds transfer safety.
Description of drawings
Fig. 1 is technology payment meta network system diagram of the present invention.
A kind of disposal route figure that pays intermediary's transaction data of Fig. 2.
Embodiment
See also Fig. 1, this is payment meta network system diagram.Wherein, bank paying intermediary system 101 is used for connecting core transaction system of exchange 105, bank transaction authentication of message signature server 102 is used for whether the checking transaction message up to specification, bank individual/to public CA certificate system 103 for generation of with checking U-KEY digital certificate, bank's authentication/login authorization server 104 is used for identity verification, and issues TOKEN.They all belong to the core system of bank.On layout, except the bank paying intermediary system with the exchange core system directly is connected, other server separates with the exchange core system.The design of this separate type has just guaranteed the security of core banking system.Simultaneously, as be the client of exchange be again the client 107 of bank, iff the business of processing bank, can be by the normal client end 111 with the bank safety control, then directly login the server of bank by internet channel 110, process by Web bank's professional version; If what process is the transaction business of exchange, can by internet channel 109 login exchange core systems, also can process by internet channel 108.
See also Fig. 2, the below tells about disposal route and the device of paying intermediary's transaction data as an example of certain bank example.At first, for the client, a guy client or institutional client, the individual client can ask digital certificate in Web bank of bank professional version, and the institutional client asks digital certificate in bank counter.This disposal route of paying intermediary's transaction data mainly comprises three steps: client login step 200, transaction message signature step 300, transaction message verification step 400.
Wherein, client login step 200 comprises: by the client at the U-KEY digital certificate that inserts with exchange's client 106 of safe control, the safe control of bank's special digital certificate produces user's signature, pass through the internet, bank's authentication/authorization server 104 identifying user identities, and issue and authorize TOKEN.
Detailed process is as follows:
1. the user inserts the U-KEY digital certificate, input U-KEY password in safe control password box, and safe control is at the password of local verification user input
2. bank's Digital Certificate Security control of exchange's client produces user's signature, and the signature key element comprises subscriber identity information, temporal information, random number information.
3. bank's authentication/authorization server 104 identifying user identities comprise subscriber identity information, user state information, signing messages; If the verification passes, server will produce the Digital Certificate Security control that a TOKEN with server signature returns to client.
4. whether the TOKEN information returned of Digital Certificate Security control checking bank authentication/authorization server is effective, if effectively, will be encrypted and be kept in the Digital Certificate Security control TOKEN, for use in following trading signature computing.
Note, this secure log process is that on-line real-time is tested, and rice confirms whether User Status is effective.Prevent inactive users and disabled user login, the operation operational staff that guarantees to conclude the business is true legal bank client really.
Transaction message signature step 300 comprises again: the safety of transaction message generates and encapsulation, is finished by U-KEY digital certificate and the safe control combination of bank's special digital certificate rice that the client inserts.Bank and exchange consult the data packet format of transaction message.The client is in every submission one transaction of exchange's client, and client all must be submitted to transaction message the safe control of bank's special digital certificate, by safe control transaction message is carried out digital signature and encapsulation on request, generates the Secure Transaction message.
Concrete signature step is as follows:
The transaction client need are participated in the signature computing according to the data layout of consulting in advance the business factor data transmission to the bank safety control, the business factor data comprise need sign when entrusting key element with remove Dan Shixu signature key element.Wherein, the key element of need signing during trust comprises type of transaction, dealing sign, transaction account, entrusts price, quotation mode, entrusts quantity, date, time etc.; Removing Dan Shixu signature key element comprises type of transaction, dealing sign, transaction account, trust price, quotation mode, entrusts quantity, date, time, trust numbering etc.
2. the capable safe control of bank's digital certificate carries out the data validity inspection to the business factor data, will refuse signature if find invalid data.
3. whether the inspection of bank safety control to encrypt the login TOKEN information leave in the safe control consistent with current U-KEY digital certificate for signature, if inconsistent will the refusal signed.
4. the bank safety control is to user's display business factor data, and the user confirms element of transaction, if the user has objection to the element of transaction data, the bank safety control will be refused signature.
5. the bank safety control produces trading signature, and the key element that participates in signature comprises: the long random number of business factor data, login TOKEN information, the every transaction signature of assurance uniqueness.
Can prevent that like this element of transaction data from illegally being distorted.The element of transaction data are referred to by illegally distorting: if exchange's client that the client installs is illegally modified, when the client submits transaction to, after transaction message is under the table distorted, submit to the safe control of bank's special digital certificate again.The bank safety control data of signing not are the data of the real input of client as a result, have the potential safety hazard of transaction deception.
Therefore, to the plaintext element of transaction data that the transaction client is submitted to, the bank safety control therefrom extracts some crucial transaction field, form with the dialog box demonstration, submit to the client to reaffirm, the client confirm errorless after, safe control is just signed to the plaintext transaction message and is encapsulated; If the client checks wrong, then report an error, transaction stops.So just can prevent effectively that the element of transaction data are tampered, guarantee the element of transaction data and the being seen data consistent of user that participate in signing.
Can also prevent the transaction message Replay Attack.The transaction message Replay Attack refers to: if exchange's client that the client installs is illegally modified, client's a transaction signing messages is repeated repeatedly to submit to, i.e. the Replay Attack problem of transaction message.
Therefore, in order to prevent that transaction message is repeated to submit to, some Security mechanisms have been designed at the signature of transaction message.Namely to every transaction, when the bank safety control is signed to Transaction Information, the bank safety control can automatically generate and add a unique long random number of the overall situation and participate in the signature computing, the overall situation of transaction allocation that is each client is unique, that can't be tampered, participate in the variable of safe computing, thereby prevents the Replay Attack of transaction message.
Transaction message verification step 400 comprises again: holds the authenticity of the content of transacting business in exchange for confirming the client, thereby thoroughly ensures clients fund safety, must use bank's digital certificate that transaction data is carried out digital signature, but real-time signature verification.After every day, exchange stopped business, core transaction system of exchange passed to the bank paying intermediary system in batches with transaction message, and the bank paying intermediary system is checked user's signature in batches.Before signature did not obtain confirmation, the client can not produce fund.
Concrete transaction message verification step 400 is as follows:
1. behind the Fixed Time Interval, the bank paying intermediary system is submitted transaction message to bank transaction authentication of message signature server.
2. whether TOKEN information is effective in the bank transaction authentication of message signature server checking transaction message, if invalid, the disabled user that is who participates in signature is described, returns the sign test failure.
3. whether bank transaction authentication of message signature server authentication of users signature is the validated user signature, if it is invalid to sign, will return the sign test failure.
4. bank transaction authentication of message signature server extracts the long random number that is used for guaranteeing every transaction signature uniqueness from signing messages, and this random number is returned to the bank paying intermediary system.
5. the bank paying intermediary system verifies whether this long random number is unique, if not uniquely namely return the sign test failure.
Sum up the technical characterstic of safety approach
1. transaction separates with the payment clearance, greatly improves performance and the service efficiency of transaction system.General transaction system all is on-line signature, online sign test; What native system adopted is off line signature, afterwards sign test.After every day, exchange stopped business, core transaction system of exchange passed to the bank paying intermediary system in batches with transaction message, and day is checked signature in batches by bank eventually.
2. by the online validation user identity and issue TOKEN, guarantee to only have the client by authentication could produce trading signature, prevent that the disabled user from participating in business
3. prevent effectively that the element of transaction data are tampered, guarantee that the transaction critical data that participates in signing all must could participate in the signature computing after obtaining customer's approval
4.. guarantee the uniqueness of every transaction signature by long random number, prevent the transaction message Replay Attack
5. provide a cover perfect end to end solution, guaranteed client's fund and transaction security.Assurance all is to be initiated by the true legal client of bank from the login of transaction system, to the execution of concluding the business; Changing over to of backstage client trading fund produced, and also carries out under the safeguard protection of bank.Both guarantee client's transaction security, protected again client's funds transfer safety.
It should be noted that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although with reference to preferred embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (13)
1. a disposal route of paying intermediary's transaction data comprises the steps:
Client login: produce digital signature by U-KEY digital certificate and the Digital Certificate Security control that is carried on exchange's client, then bank's authentication or authorization server pass through certifying digital signature, come identifying user identity, verify by and issue mandate TOKEN;
Transaction message signature: after the client login, by the U-KEY digital certificate in every submission one transaction of exchange's client, by the Digital Certificate Security control transaction message is carried out digital signature and encapsulation on request, generate the Secure Transaction message, and be stored in the core transaction system of exchange;
The transaction message checking: at a fixed time, core transaction system of exchange passes to the payment intermediary system in batches to transaction message, and the payment intermediary system is checked the digital signature in the transaction message, the line operate of going forward side by side in batches.
2. disposal route according to claim 1: wherein " client login " comprise the steps: again
U-KEY digital certificate in the connection, input U-KEY password in safe control password box, safe control is inputted password in client validation;
Client loads the safe control of bank's special digital certificate, produces digital signature, and the signature key element comprises subscriber identity information, temporal information, random number information;
Authentication/authorization server identifying user identity comprises subscriber identity information and user state information, signing messages; If the verification passes, server will produce a TOKEN with server signature and return to the safe control of bank's special digital certificate;
Whether the TOKEN information that the safe control checking of bank's special digital certificate bank authentication/authorization server returns is effective, if effectively will be encrypted and be kept in the bank safety control TOKEN, for use in following trading signature computing.
3. disposal route according to claim 1, described " transaction message signature " step comprises again:
The transaction client is participated in the business factor data transmission of signature computing to need to the bank safety control according to the data layout of consulting in advance;
The bank safety control carries out the data validity inspection to the business factor data, will refuse signature if find invalid data;
Whether the login TOKEN information that bank safety control inspection encryption is left in the safe control is consistent with current U-KEY digital certificate for signature, if inconsistent will the refusal signed;
Bank safety control display business factor data, the user confirms element of transaction, if the element of transaction data are had objection, the bank safety control will be refused signature;
The bank safety control produces trading signature, and the key element that participates in signature comprises: business factor data, login TOKEN information and guarantee the long random number of every transaction signature uniqueness.
4. disposal route according to claim 3: wherein said business factor data comprise: the key element of need signing during trust is the signature key element when removing list, and the signature key element comprises type of transaction, dealing sign, transaction account, entrusts price, quotation mode, entrusts quantity, date, time one or a combination set of when wherein entrusting; Removing Dan Shixu signature key element comprises type of transaction, dealing sign, transaction account, trust price, quotation mode, entrusts quantity, date, time, trust numbering one or a combination set of.
5. disposal route according to claim 1, described " transaction message checking " step comprises again:
The bank paying intermediary system is submitted transaction message to bank transaction authentication of message signature server;
Whether TOKEN information is effective in the bank transaction authentication of message signature server checking transaction message, if invalid, the disabled user that is who participates in signature is described, returns the sign test failure;
Whether bank transaction authentication of message signature server certifying digital signature is the significant figure signatures, if it is invalid to sign, will return the sign test failure;
Bank transaction authentication of message signature server extracts the long random number that is used for guaranteeing every transaction signature uniqueness from signing messages, and this random number is returned to the bank paying intermediary system;
The bank paying intermediary system verifies whether this long random number is unique, if not uniquely namely return the sign test failure.
6. treating apparatus of paying intermediary's transaction data comprises with lower unit:
Client login unit: be used for producing digital signature by U-KEY digital certificate and the Digital Certificate Security control that is carried on exchange's client, then bank's authentication or authorization server pass through certifying digital signature, come identifying user identity, verify by and issue mandate TOKEN and status information;
Transaction message signature unit: after being used for the client login, by the U-KEY digital certificate in every submission one transaction of exchange's client, by the Digital Certificate Security control transaction message is carried out digital signature and encapsulation on request, generate the Secure Transaction message, and be stored in the core transaction system of exchange;
The transaction message authentication unit: be used at a fixed time, core transaction system of exchange passes to the payment intermediary system in batches to transaction message, and the payment intermediary system is checked the digital signature in the transaction message, the line operate of going forward side by side in batches.
7. treating apparatus according to claim 1: wherein " client login unit " comprises again following subelement:
The first subelement: be used for connecting upper U-KEY digital certificate, input U-KEY password in safe control password box, safe control is at the password of client validation user input;
The second subelement: be used for client and load the safe control of bank's special digital certificate, produce digital signature, the signature key element comprises subscriber identity information, temporal information, random number information;
The 3rd subelement: be used for authentication/authorization server identifying user identity, comprise subscriber identity information, user state information, signing messages; If the verification passes, server will produce a TOKEN with server signature and return to the safe control of bank's special digital certificate;
The 4th subelement: whether the TOKEN information of returning for the safe control checking of bank's special digital certificate bank authentication/authorization server is effective, if effectively will be encrypted and be kept in the bank safety control TOKEN, for use in following trading signature computing.
8. treating apparatus according to claim 1, described " transaction message signature " unit comprises again following subelement:
The 5th subelement: be used for the transaction client and according to the data layout of consulting in advance the business factor data (unit) of need participation signature computing be transferred to the bank safety control;
The 6th subelement: be used for the bank safety control business factor data are carried out the data validity inspection, will refuse signature if find invalid data;
The 7th subelement: whether the login TOKEN information that leaves safe control for bank safety control inspection encryption in is consistent with current U-KEY digital certificate for signature, if inconsistent will the refusal signed;
The 8th subelement: be used for bank safety control display business factor data, the user confirms element of transaction, if the element of transaction data are had objection, the bank safety control will refuse to sign;
The 9th subelement: be used for the bank safety control and produce trading signature, the key element that participates in signature comprises: business factor data, login TOKEN information and guarantee the long random number of every transaction signature uniqueness.
9. treating apparatus according to claim 3: wherein said business factor data cell comprises:
The key element of need signing during trust and the time signature key element of removing list, the signature key element comprises type of transaction, dealing sign, transaction account, entrusts price, quotation mode, entrusts quantity, date, time one or a combination set of when wherein entrusting; Removing Dan Shixu signature key element comprises type of transaction, dealing sign, transaction account, trust price, quotation mode, entrusts quantity, date, time, trust numbering one or a combination set of.
10. treating apparatus according to claim 1, described " transaction message checking " unit comprises again following subelement:
The tenth subelement: be used for the bank paying intermediary system transaction message is submitted to bank transaction authentication of message signature server;
The 11 subelement: whether TOKEN information is effective in the bank transaction authentication of message signature server checking transaction message, if invalid, the disabled user that is who participates in signature is described, returns the sign test failure;
The 12 subelement: whether bank transaction authentication of message signature server certifying digital signature is the significant figure signatures, if it is invalid to sign, will return the sign test failure;
The 13 subelement: bank transaction authentication of message signature server extracts the long random number that is used for guaranteeing every transaction signature uniqueness from signing messages, and this random number is returned to the bank paying intermediary system;
The 14 subelement: the bank paying intermediary system verifies whether this long random number is unique, if not uniquely namely return the sign test failure.
11. a payment meta network system comprises core banking system and core transaction system of exchange,
Core banking system for the treatment of various bank transaction data, and is processed the request of data that exchange's client or bank client transmit, and the request of data of exchange's client is by exchange's core system or directly enter core banking system;
Exchange's core system, for the treatment of various exchanges data, and the request of data that transmits for the treatment of transaction core banking system or exchange client;
With exchange's client of bank safety control, be used for obtaining the client requests data and be sent to core system of exchange afterwards or directly be sent to core banking system;
With the normal client end of bank safety control, be used for obtaining the client requests data and be sent to core banking system, then transfer to exchange's core system.
12. payment meta network according to claim 11 system, the mode that described normal client end or exchange's client are connected with core transaction system of exchange or core banking system is wired internet, wireless Internet, special line or LAN (Local Area Network).
13. payment meta network according to claim 11 system, wherein said core banking system comprises again:
The bank paying intermediary system is for the treatment of the bank paying intermediate business;
Bank's authentication/login authorization server is used for exchange's client and please carries out authentication by token to bank's authentication/login authorization server;
Bank individual/to public CA certificate system is used for the individual or to the CA certificate checking of public affairs;
With bank transaction authentication of message signature server, be used for transaction message is carried out certifying signature;
Wherein, bank's authentication/login authorization server and bank paying intermediary system and bank individual/public CA certificate system is linked to each other, bank transaction authentication of message signature server and bank paying intermediary system and bank individual/public CA certificate system is linked to each other, and the bank paying intermediary system links to each other with core transaction system of exchange.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102374335A CN102956000A (en) | 2011-08-18 | 2011-08-18 | Method and device for payment intermediation transaction data processing and payment intermediation network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102374335A CN102956000A (en) | 2011-08-18 | 2011-08-18 | Method and device for payment intermediation transaction data processing and payment intermediation network system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102956000A true CN102956000A (en) | 2013-03-06 |
Family
ID=47764783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102374335A Pending CN102956000A (en) | 2011-08-18 | 2011-08-18 | Method and device for payment intermediation transaction data processing and payment intermediation network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102956000A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303721A (en) * | 2015-11-19 | 2016-02-03 | 中国建设银行股份有限公司 | Transaction data processing method and system based on queue and ATM front-end system |
| CN105991284A (en) * | 2015-02-15 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and apparatus for sending to-be-verified data, and data receiving verification method and apparatus |
| CN106790106A (en) * | 2016-12-26 | 2017-05-31 | 贵州电网有限责任公司信息中心 | A kind of digital authenticating of electricity transaction system and electronic seal system and implementation method |
| CN107437222A (en) * | 2017-08-03 | 2017-12-05 | 中国银行股份有限公司 | The processing method and system of online business data based on bank counter front end |
| CN108288162A (en) * | 2018-01-15 | 2018-07-17 | 安趣盈(上海)投资咨询有限公司 | A kind of security authentication systems and method |
| WO2018137316A1 (en) * | 2017-01-24 | 2018-08-02 | 上海亿账通区块链科技有限公司 | Secure transaction method based on block chain, electronic device, system, and storage medium |
| CN108762950A (en) * | 2018-05-23 | 2018-11-06 | 山东浪潮商用系统有限公司 | A kind of standardization RESTful micro services exchange methods |
| TWI642007B (en) * | 2017-07-27 | 2018-11-21 | 財金資訊股份有限公司 | 2D barcode scanning code transfer system |
| CN110827150A (en) * | 2019-11-11 | 2020-02-21 | 成都三泰智能设备有限公司 | Digital asset storage and management system |
| CN110956461A (en) * | 2018-09-27 | 2020-04-03 | 深圳市中数信技术开发有限公司 | Method and system for trusteeship electronic signature and verification |
| CN111314315A (en) * | 2020-01-20 | 2020-06-19 | 重庆富民银行股份有限公司 | Open platform multi-dimensional safety control system and method |
| CN112669152A (en) * | 2020-12-31 | 2021-04-16 | 深圳市辰宝信息服务有限公司 | Bulk commodity delivery management method, system and computer readable storage medium |
| CN113392417A (en) * | 2021-06-30 | 2021-09-14 | 上海和数软件有限公司 | Digital signature method for digital asset exchange |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020029200A1 (en) * | 1999-09-10 | 2002-03-07 | Charles Dulin | System and method for providing certificate validation and other services |
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| CN201266385Y (en) * | 2008-09-26 | 2009-07-01 | 上海合康科技发展实业有限公司 | System for reckoning bankroll |
| CN101593338A (en) * | 2009-07-13 | 2009-12-02 | 招商银行股份有限公司 | A kind of method and system of handling electronic transaction request |
| CN101616146A (en) * | 2009-07-28 | 2009-12-30 | 西安电子科技大学 | Digital signature authentication system and authentication method based on third party |
| CN101706935A (en) * | 2009-12-01 | 2010-05-12 | 中国建设银行股份有限公司 | Method, device and system for acting deposit and management service of third party |
| CN201716767U (en) * | 2010-03-23 | 2011-01-19 | 苏州德融嘉信信用管理技术有限公司 | Preposed business platform of bank |
| CN102065088A (en) * | 2010-12-16 | 2011-05-18 | 中国建设银行股份有限公司 | Methods for automatically loading internet bank security assembly and authenticating internet bank security |
-
2011
- 2011-08-18 CN CN2011102374335A patent/CN102956000A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020029200A1 (en) * | 1999-09-10 | 2002-03-07 | Charles Dulin | System and method for providing certificate validation and other services |
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| CN201266385Y (en) * | 2008-09-26 | 2009-07-01 | 上海合康科技发展实业有限公司 | System for reckoning bankroll |
| CN101593338A (en) * | 2009-07-13 | 2009-12-02 | 招商银行股份有限公司 | A kind of method and system of handling electronic transaction request |
| CN101616146A (en) * | 2009-07-28 | 2009-12-30 | 西安电子科技大学 | Digital signature authentication system and authentication method based on third party |
| CN101706935A (en) * | 2009-12-01 | 2010-05-12 | 中国建设银行股份有限公司 | Method, device and system for acting deposit and management service of third party |
| CN201716767U (en) * | 2010-03-23 | 2011-01-19 | 苏州德融嘉信信用管理技术有限公司 | Preposed business platform of bank |
| CN102065088A (en) * | 2010-12-16 | 2011-05-18 | 中国建设银行股份有限公司 | Methods for automatically loading internet bank security assembly and authenticating internet bank security |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991284A (en) * | 2015-02-15 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Method and apparatus for sending to-be-verified data, and data receiving verification method and apparatus |
| CN105991284B (en) * | 2015-02-15 | 2019-08-09 | 阿里巴巴集团控股有限公司 | A kind of data transmission, data receiver verification method and device to be verified |
| CN105303721A (en) * | 2015-11-19 | 2016-02-03 | 中国建设银行股份有限公司 | Transaction data processing method and system based on queue and ATM front-end system |
| CN106790106B (en) * | 2016-12-26 | 2019-12-03 | 贵州电网有限责任公司信息中心 | A kind of digital authenticating of electricity transaction system and electronic seal system and implementation method |
| CN106790106A (en) * | 2016-12-26 | 2017-05-31 | 贵州电网有限责任公司信息中心 | A kind of digital authenticating of electricity transaction system and electronic seal system and implementation method |
| WO2018137316A1 (en) * | 2017-01-24 | 2018-08-02 | 上海亿账通区块链科技有限公司 | Secure transaction method based on block chain, electronic device, system, and storage medium |
| TWI642007B (en) * | 2017-07-27 | 2018-11-21 | 財金資訊股份有限公司 | 2D barcode scanning code transfer system |
| CN107437222A (en) * | 2017-08-03 | 2017-12-05 | 中国银行股份有限公司 | The processing method and system of online business data based on bank counter front end |
| CN107437222B (en) * | 2017-08-03 | 2021-05-25 | 中国银行股份有限公司 | Processing method and system of online business data based on front end of bank counter |
| CN108288162A (en) * | 2018-01-15 | 2018-07-17 | 安趣盈(上海)投资咨询有限公司 | A kind of security authentication systems and method |
| CN108762950A (en) * | 2018-05-23 | 2018-11-06 | 山东浪潮商用系统有限公司 | A kind of standardization RESTful micro services exchange methods |
| CN110956461A (en) * | 2018-09-27 | 2020-04-03 | 深圳市中数信技术开发有限公司 | Method and system for trusteeship electronic signature and verification |
| CN110956461B (en) * | 2018-09-27 | 2023-09-12 | 深圳市中数信技术开发有限公司 | Method and system for hosting electronic signature and verification |
| CN110827150A (en) * | 2019-11-11 | 2020-02-21 | 成都三泰智能设备有限公司 | Digital asset storage and management system |
| CN111314315A (en) * | 2020-01-20 | 2020-06-19 | 重庆富民银行股份有限公司 | Open platform multi-dimensional safety control system and method |
| CN111314315B (en) * | 2020-01-20 | 2022-07-08 | 重庆富民银行股份有限公司 | Open platform multi-dimensional safety control system and method |
| CN112669152A (en) * | 2020-12-31 | 2021-04-16 | 深圳市辰宝信息服务有限公司 | Bulk commodity delivery management method, system and computer readable storage medium |
| CN113392417A (en) * | 2021-06-30 | 2021-09-14 | 上海和数软件有限公司 | Digital signature method for digital asset exchange |
| CN113392417B (en) * | 2021-06-30 | 2022-06-03 | 上海和数软件有限公司 | Digital signature method for digital asset exchange |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102956000A (en) | Method and device for payment intermediation transaction data processing and payment intermediation network system | |
| CN108428122B (en) | Trade financing method and system on distributed account book | |
| CN101211436B (en) | Electronic commerce safe trading platform and its method | |
| US10311433B2 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| US9569776B2 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| TWI302067B (en) | ||
| CN105243313B (en) | For the method whenever confirmed to verifying token | |
| JP6497834B2 (en) | Payment methods and associated payment gateway servers, mobile terminals, and time certificate issuing servers | |
| US7069252B2 (en) | Electronic transaction server, client for seller, client for buyer and electronic transaction method | |
| US20020023054A1 (en) | Method and system for protecting credit card transactions | |
| US9558492B2 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| CA2731160C (en) | System and method for providing a secure network on another secure network | |
| CN108352021A (en) | Method and system for authentication data collection and reporting associated with online transactions | |
| US10325260B2 (en) | System, method and computer program product for secure peer-to-peer transactions | |
| US20120254041A1 (en) | One-time credit card numbers | |
| CN107256484A (en) | Mobile payment sublicense method and the payment system realized using this method | |
| CN112232828A (en) | Power grid data transaction method and system | |
| CN101616146A (en) | Digital signature authentication system and authentication method based on third party | |
| WO2016195764A1 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| CA2892457C (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| CN112950178B (en) | B2B proxy payment method and system based on license chain | |
| CN114565467A (en) | Financial service system for bidding process | |
| KR20180023749A (en) | Mutual authentication and secure processing system and a method of execution for fraud prevention of direct transactions between online and offline users | |
| CN115170132B (en) | Payment method suitable for high-speed post network member system | |
| CN119539809B (en) | A method and system for simulating a real payment process in a test environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130306 |
|
| RJ01 | Rejection of invention patent application after publication |