Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of method that realizes batch electronic transaction, can improve the security of batch electronic transaction, and be user-friendly to.
Another object of the present invention is to provide a kind of system that realizes batch electronic transaction, can improve the security of batch electronic transaction, and be user-friendly to.
Another purpose of the present invention is to provide a kind of device of realizing batch electronic transaction, can improve the security of batch electronic transaction, and be user-friendly to.
A further object of the present invention is to provide a kind of electric signing tools, can improve the security of batch electronic transaction, and be user-friendly to.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that realizes batch electronic transaction, this method comprises:
Network side receives the Transaction Information of user's input, generates transaction message, and extracts the doubtful point record in the described transaction message, sends to electric signing tools; The transaction record that comprises one or more in the described transaction message;
Described electric signing tools writes down the doubtful point that receives demonstration and/or plays to the user, and determines whether to receive user's affirmation information, if then described doubtful point is write down the processing of signing, and send to described network side; Otherwise, end this transaction;
Whether described network side signature verification is correct, if then finish this transaction; Otherwise, end this transaction.
Wherein, described network side receives the Transaction Information of user's input, generates transaction message, and extracts the doubtful point record in the described transaction message, sends to electric signing tools and comprises:
Personal computer PC receives the Transaction Information of user's input, generates transaction message and sends to background server according to described Transaction Information; Doubtful point in the transaction message that described background server extraction receives writes down and sends to described electric signing tools by described PC;
Whether described network side signature verification correctly comprises:
Data after described PC will be signed send to described background server, and whether described background server signature verification is correct.
Perhaps, described network side receives the Transaction Information of user's input, generates transaction message, and extracts the doubtful point record in the described transaction message, sends to electric signing tools and comprises:
PC receives the Transaction Information of user's input, generates transaction message according to described Transaction Information and sends to background server, and simultaneously, the doubtful point record that described PC extracts in the described transaction message sends to electric signing tools;
Whether described network side signature verification correctly comprises:
Data after described PC will be signed send to described background server, and described background server is according to the doubtful point record that extracts in the transaction message that receives, and whether signature verification is correct.
Preferably, the record of the doubtful point in the described extraction transaction message comprises:
Compare item according to predefined transaction record, transaction record in the described transaction message is compared with known Reference Transactions record one by one, determine whether to exist in the described transaction message transaction record that is different from described Reference Transactions record, if determine that then this transaction record is the doubtful point record.
Described transaction record comparison item is: transaction number of the account or negotiator's name, or transaction number of the account and negotiator's name.
Perhaps, the record of the doubtful point in the described extraction transaction message comprises:
Search the N bar transaction record that dealing money is the highest in the described transaction message, with this N bar transaction record as the doubtful point record; Described N is a positive integer, and its value is for preestablishing.
Preferably, the doubtful point record in the described transaction message of described extraction sends to electric signing tools and comprises:
Whenever extract a doubtful point record, then send to described electric signing tools;
Perhaps, after extracting all doubtful point records, unification sends to described electric signing tools.
A kind of system that realizes batch electronic transaction comprises: network side subsystem and electric signing tools;
Described network side subsystem is used to receive the Transaction Information that the user imports, and generates transaction message, extracts the doubtful point record in the described transaction message, sends to electric signing tools, comprises the transaction record of one or more in the described transaction message; And receive from the data behind the signature of described electric signing tools, whether signature verification is correct, if then finish this transaction; Otherwise, end this transaction;
Described electric signing tools, be used for the doubtful point record demonstration that will receive and/or play to the user, and determine whether to receive user's affirmation information, if, then described doubtful point is write down the processing of signing, and the data after will signing send to described network side; Otherwise, end this transaction.
Preferably, described network side subsystem comprises: personal computer PC and background processor;
Described PC is used to receive the Transaction Information that the user imports, and generates transaction message and sends to described background server according to described Transaction Information, and transmit the data of coming and going before described background server and the described electric signing tools;
Described background server is used for extracting the doubtful point record of the transaction message that is received from described PC, sends to described electric signing tools by described PC; And receive from the data behind the signature of described electric signing tools by described PC, whether signature verification is correct, if, then finish this transaction, otherwise, this transaction ended.
Perhaps, described network side subsystem comprises: PC and background processor;
Described PC is used to receive the Transaction Information that the user imports, and generates transaction message according to described Transaction Information and sends to described background server, and the doubtful point record that extracts simultaneously in the described transaction message sends to described electric signing tools; And transmit the data of contact before described background server and the described electric signing tools;
Described background server, be used for extracting the doubtful point record of the transaction message that is received from described PC, and receive from the data behind the signature of described electric signing tools by described PC, whether the doubtful point record signature verification that extracts according to self is correct, if, then finish this transaction, otherwise, this transaction ended.
A kind of device of realizing batch electronic transaction comprises: receiving element, extraction transmitting element and verification unit;
Described receiving element is used to receive the Transaction Information that the user imports, and generates transaction message;
Described extraction transmitting element is used for extracting the doubtful point record of described transaction message, and sends to electric signing tools; The transaction record that comprises one or more in the described transaction message;
Described verification unit is used to receive the data from behind the signature of described electric signing tools, and whether signature verification is correct, if, then finish this transaction, otherwise, this transaction ended.
Preferably, described extraction transmitting element comprises:
Extract subelement, be used for comparing item according to predefined transaction record, transaction record in the described transaction message is compared with known Reference Transactions record one by one, determine whether to exist in the described transaction message transaction record that is different from described Reference Transactions record, if determine that then this transaction record is the doubtful point record; Perhaps, be used for searching the highest N bar transaction record of described transaction message dealing money, as the doubtful point record, described N is a positive integer with this N bar transaction record, and its value is for preestablishing;
Send subelement, the doubtful point record that is used for determining sends to described electric signing tools.
Described transaction record comparison item is: transaction number of the account or negotiator's name, or transaction number of the account and negotiator's name.
A kind of electric signing tools comprises: general-purpose serial bus USB interface, the unit that displays the play, judging unit and performance element;
Described USB interface is used to connect personal computer PC;
The described unit that displays the play is used for will being received from the doubtful point record demonstration of described PC and/or playing to the user;
Described judging unit is used to judge whether to receive the affirmation information of user at described doubtful point record, and judged result is notified to described performance element;
Described performance element, be used for when judged result be when receiving user's affirmation information, to the processing of signing of described doubtful point data, and the data after will signing send to described PC; Otherwise, end this transaction.
As seen, adopt technical scheme of the present invention, when carrying out batch electronic transaction, do not need the All Activity record that batch electronic transaction is included all to show and/or play to the user, but only the doubtful point of determining is write down demonstration and/or plays to the user, determine for the user, need user's established data amount thereby not only can significantly reduce, and can guarantee the security of batch electronic transaction; Have again, doubtful point record extraction work in the scheme of the present invention need not to be finished by electric signing tools, but by network equipment, as PC or background server the doubtful point record that extracts is sent to electric signing tools, like this, incompatible and situation that electric signing tools that cause can't be discerned is convenient for users with regard to having avoided occurring the transaction form.
Embodiment
At problems of the prior art, propose a kind of scheme of brand-new realization batch electronic transaction among the present invention, promptly network side receives the Transaction Information of user's input, generates transaction message, and the doubtful point record in the extraction transaction message, send to electric signing tools; The transaction record that comprises one or more in the described transaction message; Electric signing tools writes down the doubtful point that receives demonstration and/or plays to the user, and determines whether to receive user's affirmation information, if then doubtful point is write down the processing of signing, and the data after will signing send to network side; Otherwise, end this transaction; Whether the network side signature verification is correct, if then finish this transaction; Otherwise, end this transaction.
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is described in further detail.
Embodiment one
Suppose that the network side described in the present embodiment comprises PC and background server, i.e. the pairing server of bank of actual treatment transaction, electric signing tools is USB Key, and USB Key links to each other with PC by USB interface.Fig. 1 realizes the process flow diagram of method first embodiment of batch electronic transaction for the present invention.As shown in Figure 1, may further comprise the steps:
Step 101:PC machine receives the Transaction Information of user's input, generates transaction message and sends to background server according to described Transaction Information.
In this step, the user fills in Transaction Information on PC, and PC generates transaction message according to the Transaction Information that receives, and sends to background server then.Usually, at least comprise a transaction record in the pairing transaction message of batch electronic transaction, every transaction record correspondence electronic transaction wherein generally includes following transaction data: type of transaction, transaction number of the account, negotiator's name and dealing money etc.
Step 102: background server extracts the doubtful point record in the transaction message that receives, and sends to USB Key by PC.
In this step, the mode that background server extracts the doubtful point record in the transaction message that receives can be:
Compare item according to predefined transaction record, transaction record in the transaction message is compared with known Reference Transactions record one by one, determine whether to exist in the transaction message transaction record that is different from the Reference Transactions record, if determine that then this transaction record is the doubtful point record; Here the transaction record comparison item of being mentioned can be meant transaction number of the account or negotiator's name, or transaction number of the account and negotiator's name etc.;
Perhaps, also can find out the N bar transaction record that dealing money is the highest in the transaction message, with this N bar transaction record as the doubtful point record; Described N is a positive integer, and its value is for preestablishing.
Be that 100 employees in the company pay wages and are example in the mode of A company by batch electronic transaction below, the specific implementation of this step be described in further detail:
After background server receives transaction message from PC, compare item according to predefined transaction record, suppose to be in this example the transaction number of the account, 100 transaction records in the transaction message are compared with known Reference Transactions record one by one, determine whether the transaction number of the account in every transaction record all is documented in the Reference Transactions record.Here the Reference Transactions record of being mentioned can be meant pairing transaction record when A company paid out wages for the employee by the mode of batch electronic transaction last time, also can be meant the All Activity record of preserving when A company pays out wages for the employee by the mode of batch electronic transaction before at every turn; In addition, the content of Reference Transactions record can comprise all transaction data, as type of transaction, transaction number of the account and dealing money etc., but for this example, when background server extracts the doubtful point record, only utilizes transaction account information wherein; Perhaps, the content of Reference Transactions record also can directly be reduced to and only comprise the transaction account information.The transaction number of the account of determining some or some transaction record in the transaction message that receives when background server is not documented in the Reference Transactions record, when promptly having found new transaction number of the account, the transaction record of the number of the account correspondence of can will concluding the business sends to USB Key (because the electronic transaction assailant may increase the number of the account of self in this batch electronic transaction) as the doubtful point record, so that the user confirms; If do not find new transaction number of the account, then thinking does not have the doubtful point record.
Need to prove that above-mentioned is that example describes with the transaction number of the account only, in actual applications, transaction record comparison item can also be transaction data such as negotiator's name or dealing money, perhaps can also be the combination of above-mentioned two or more transaction data.
, directly the N bar transaction record that dealing money is the highest in the transaction message is write down as doubtful point and send to USB Key by comparing to determine not compare the mode of doubtful point record except that above-mentioned with Reference Transactions records.Such as, the transaction record of 10 employee's correspondences that the amount of wages is the highest in the A company is sent to USB Key as the doubtful point record.
In addition, in this step, background server also can extract Hash (HASH) result of the transaction message that receives simultaneously, and sends to USB Key.Specifically purposes is follow-up will introduce.
Step 103:USB Key writes down the doubtful point that receives demonstration and/or plays to the user.
How to show and/or play to be prior art, repeat no more.
Step 104:USB Key determines whether to receive user's affirmation information, if then execution in step 105; Otherwise, execution in step 108.
For " otherwise " this situation, can be meant to surpass the affirmation information that preset time does not receive the user yet, also can be meant the command information of this transaction of termination that receives the user etc.
Step 105:USB Key writes down the processing of signing to doubtful point, and the data after will signing send to background server by PC.
In this step, USB Key writes down the processing of signing to HASH result and the doubtful point that is received from background server respectively, specifically how to be embodied as prior art, repeats no more; Perhaps,, merge the doubtful point record and calculate the final HASH result processing of signing, specifically how to be embodied as prior art, repeat no more the intermediate result that the HASH result of background server calculates as HASH.
Step 106: whether the background server signature verification is correct, if then execution in step 107; Otherwise, execution in step 108.
How whether signature verification correctly is similarly prior art to background server, repeats no more.
For there not being doubtful point to write down this situation, background server also can be notified to USB Key usually, confirms for the user, treat that the user confirms after, USB Key directly utilizes HASH result to sign and gets final product.
Step 107: finish this transaction, process ends.
Step 108: end this transaction, process ends.
So far, promptly finished the batch electronic transaction process one time.
In addition, embodiment illustrated in fig. 1 in, in order to guarantee safety of data transmission, background server can also send it to the data of USB Key, promptly the HASH result of doubtful point record and transaction message etc. carries out encryption; After USB Key receives these data, need at first be decrypted, could continue the processing of back then.Such as, can in USB Key, deposit a symmetric key in advance, background server uses the symmetric key encryption data distributing corresponding with USB Key; Perhaps, deposit the unsymmetrical key of a background server in advance in USB Key, background server uses the encrypted private key data distributing, and deciphering uses public-key in the USB Key; Perhaps, deposit the unsymmetrical key on a backstage in advance in USB Key, background server uses private key that the data signature is issued, and uses public-key in the USB Key signature is verified; Again or, in USB Key, deposit asymmetric public key and an asymmetric privacy keys of a background server in advance, background server generates an interim symmetric cryptographic key, use the public key encryption of USB Key, and issue after the private key signature of use background server, after USB Key uses the public key verifications signature of background server correct, use the private key deciphering of self to obtain interim symmetric cryptographic key, after, background server will issue after will utilizing interim symmetric cryptographic key that data are encrypted, and USB Key utilizes interim symmetric cryptographic key deciphering acquisition data to carry out subsequent treatment.In a word, specific implementation is not limit.
Have again, embodiment illustrated in fig. 1 in, background server can be about to it and send to USB Key after whenever extract doubtful point record, USB Key correspondingly shows and/or plays, to wait for user's affirmation; Also can more all doubtful point records be sent to USB Key together after extracting all doubtful point records, like this, the user only need confirm once to get final product, in case find wherein to have problematic doubtful point record, then can end this transaction.
Embodiment two
Suppose that the network side in the present embodiment comprises PC and background server, electric signing tools is USBKey, and USB Key links to each other with PC by USB interface.Fig. 2 realizes the process flow diagram of method second embodiment of batch electronic transaction for the present invention.As shown in Figure 2, may further comprise the steps:
Step 201:PC machine receives the Transaction Information of user's input, generate transaction message according to described Transaction Information and send to background server, and the doubtful point record that extracts in this transaction message sends to USB Key.
In this step, the mode that PC extracts the doubtful point record is described identical with step 102, repeats no more.
Step 202:USB Key writes down the doubtful point that receives demonstration and/or plays to the user.
Step 203:USB Key determines whether to receive user's affirmation information, if then execution in step 204; Otherwise, execution in step 207.
Step 204:USB Key writes down the processing of signing to doubtful point, and the data after will signing send to background server by PC.
Whether step 205: background server extracts the doubtful point record in the transaction message, and correct at the signature of the data check behind the signature that receives in view of the above, if then execution in step 206; Otherwise, execution in step 207.
Need to prove that it is not to carry out in this step that the doubtful point in the background server extraction transaction message writes down this operation, only for illustrating, before also can being placed on step 202, carry out herein.
In this step, the mode that background server extracts the doubtful point record in the transaction message is described identical with step 102, and in addition, how whether signature verification is prior art correctly to background server, so all repeat no more.
Step 206: finish this transaction, process ends.
Step 207: end this transaction, process ends.
Equally, in the present embodiment, PC can be about to it and send to USB Key after whenever extract a doubtful point record, also can more all doubtful point records be sent to USB Key together after extracting all doubtful point records.
Based on said method, Fig. 3 realizes the composition structural representation of the system embodiment of batch electronic transaction for the present invention.As shown in Figure 3, this system comprises: network side subsystem 31 and electric signing tools 32;
Network side subsystem 31 is used to receive the Transaction Information that the user imports, and generates transaction message, extracts the doubtful point record in the described transaction message, sends to electric signing tools 32, comprises the transaction record of one or more in the described transaction message; And receive from the data behind the signature of electric signing tools 32, whether signature verification is correct, if, then finish this transaction, otherwise, this transaction ended;
Electric signing tools 32 is used for the doubtful point record demonstration that will receive and/or plays to the user, and determine whether to receive user's affirmation information, if then doubtful point is write down the processing of signing, and the data after will signing send to network side 31; Otherwise, end this transaction.
Wherein, network side subsystem 31 can specifically comprise: PC 311 and background processor 312;
PC 311 is used to receive the Transaction Information of user's input, generates transaction message and sends to background server 312 according to described Transaction Information, and be responsible for transmitting the data of contact before background server 312 and the electric signing tools 32;
Background server 312 is used for extracting the doubtful point record of the transaction message that is received from PC 311, sends to electric signing tools 32 by PC 311; And pass through PC 311 receptions from the data behind the signature of electric signing tools 32, whether signature verification is correct, if, then finish this transaction, otherwise, this transaction ended.
Perhaps,
PC 311 is used to receive the Transaction Information that the user imports, and generates transaction message according to described Transaction Information and sends to background server 312, and the doubtful point record that extracts simultaneously in the transaction message sends to electric signing tools 32; And the responsible data of coming and going before background server 312 and the electric signing tools 32 of transmitting;
Background server 312, be used for extracting the doubtful point record of the transaction message that is received from PC 311, and pass through PC 311 receptions from the data behind the signature of electric signing tools 32, whether the doubtful point record signature verification that extracts according to self is correct, if, then finish this transaction, otherwise, this transaction ended.
Fig. 4 realizes the composition structural representation of the device embodiment of batch electronic transaction for the present invention.As shown in Figure 4, this device comprises:
Receiving element 41 is used to receive the Transaction Information of user's input, and generates transaction message;
Extract transmitting element 42, be used for extracting the doubtful point record of described transaction message, send to electric signing tools 32; The transaction record that comprises one or more in the described transaction message;
Verification unit 43 is used to receive the data from behind the signature of electric signing tools 32, and whether signature verification is correct, if, then finish this transaction, otherwise, this transaction ended.
Wherein, extract in the transmitting element 42 and can specifically comprise:
Extract subelement 421, be used for comparing item according to predefined transaction record, transaction record in the transaction message is compared with known Reference Transactions record one by one, determine whether to exist in the transaction message transaction record that is different from the Reference Transactions record, if determine that then this transaction record is the doubtful point record; Perhaps, be used for searching the highest N bar transaction record of transaction message dealing money, as the doubtful point record, N is a positive integer with this N bar transaction record, and its value is for preestablishing;
Send subelement 422, the doubtful point record that is used for determining sends to electric signing tools 32.
Usually, above-mentioned transaction record comparison item is: transaction number of the account or negotiator's name, or transaction number of the account and negotiator's name.
In actual applications, each unit in the device shown in Figure 4 can lay respectively in the different equipment, such as, receiving element 41 can be arranged in PC 311, and extraction transmitting element 42 and verification unit 43 can be arranged in background server 312; Perhaps, receiving element 41 and extraction transmitting element 42 can be arranged in PC 311, and verification unit 43 is arranged in background server 312.
Fig. 5 is the composition structural representation of electric signing tools embodiment of the present invention.As shown in Figure 5, comprising:
USB interface 51 is used to connect PC 311;
The unit 52 that displays the play, the doubtful point record that is used for being received from PC 311 show and/or play to the user;
Judging unit 53 is used to judge whether to receive user's affirmation information, and judged result is notified to performance element 54;
Performance element 54, be used for when judged result be when receiving user's affirmation information, to the processing of signing of doubtful point data, and the data after will signing send to PC 311 by USB interface 51; Otherwise, end this transaction.
The concrete workflow of system shown in Fig. 3,4 and 5 and device embodiment please refer to the respective description among the embodiment of method shown in Fig. 1 and 2, repeats no more herein.
In a word, adopt technical scheme of the present invention, when carrying out batch electronic transaction, do not need the All Activity record that batch electronic transaction is included all to show and/or play to the user, but only the doubtful point of determining is write down demonstration and/or plays to the user, determine for the user, need user's established data amount thereby not only can significantly reduce, and can guarantee the security of batch electronic transaction; And, doubtful point record extraction work in the scheme of the present invention need not to be finished by electric signing tools, but by network equipment, as PC or background server the doubtful point record that extracts is sent to electric signing tools, like this, incompatible and situation that electric signing tools that cause can't be discerned is convenient for users with regard to having avoided occurring the transaction form; Have again, scheme of the present invention need not to change the existing structure of batch electronic transaction system when realizing, only need the software of corresponding adjustment USB Key, PC and background server to get final product, and a lot of technology in implementation procedure are existing mature technology, are convenient to popularize.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.