CN106339939A - Tamper-proofing distributed bill system based on safety hardware and transaction processing method - Google Patents

Tamper-proofing distributed bill system based on safety hardware and transaction processing method Download PDF

Info

Publication number
CN106339939A
CN106339939A CN201610736004.5A CN201610736004A CN106339939A CN 106339939 A CN106339939 A CN 106339939A CN 201610736004 A CN201610736004 A CN 201610736004A CN 106339939 A CN106339939 A CN 106339939A
Authority
CN
China
Prior art keywords
transaction
bill unit
secure hardware
bill
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610736004.5A
Other languages
Chinese (zh)
Other versions
CN106339939B (en
Inventor
文武
杨伟献
胡刚
胡昌盛
聂鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Hi Mara Cloud Information Technology Co Ltd
Original Assignee
Nanjing Hi Mara Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Hi Mara Cloud Information Technology Co Ltd filed Critical Nanjing Hi Mara Cloud Information Technology Co Ltd
Priority to CN201610736004.5A priority Critical patent/CN106339939B/en
Publication of CN106339939A publication Critical patent/CN106339939A/en
Application granted granted Critical
Publication of CN106339939B publication Critical patent/CN106339939B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • G06F21/645Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention discloses a tamper-proofing distributed bill system based on safety hardware and a transaction processing method. The system comprises a bill unit module, which is stored in the safety hardware and is used for keeping at least one bill unit in the form of data structure; an access module, which is used for receiving a transaction request of a service system and returning the response result to the service system; and a transaction maintenance module, which is used for processing the bill unit in the bill unit module after receiving the transaction request to update and generate a new bill unit, and carrying out encryption processing on the new bill unit to obtain the response result and returning the response result to the service system, wherein a secret key for encryption is generated based on a safety hardware initialization preset algorithm and through a key deriving mechanism. The secret key of the bill unit in the safety hardware realizes non-repudiation/ no-tampering of data encryption and data operation in the transaction process, and all transactions are supervised under centralized supervision, thereby ensuring uniqueness, authority and security of transaction bottom-level data processing.

Description

Distributed Billing System and transaction processing method can not be distorted based on secure hardware
Technical field
The present invention relates to financial transaction control field, especially, it is related to a kind of to distort distribution based on secure hardware Formula Billing System and transaction processing method.
Background technology
The popularization of the Internet, particularly mobile Internet, the subversiveness of digital revolution is taken to various traditional industries.These The example of great change can be found everywhere: retail business is overturned by netting business, and the communications industry is overturned by social networking application, and it industry is overturned by cloud computing. In financial field, retail pays industry, is also overturned by the huge consumption network system of net business and social type.One of them is very Important common ground is it is simply that traditional industries are overturned in terms of efficiency, customer service etc. by inter-trade technology.
As the bank finance system of national financial subject, also it is in storm eve.But with front chat overturn case Some different places, case above, it is substantially and just is summarised out after traditional industries are overturned, overturned Industry is overturned not recognizing at that time, or does not expect the speed overturned and fierce degree, until recognize When overturned completely.Current before the tempest that traditional financial system is overturned, Ge great Central Bank of the world, and bank with All kinds of financial institutions, all the very first time unconditional embrace distributed bill, the inter-trade concept such as block chain it would be desirable to This guides the direction of this revolution during overturning.
The inter-trade technology such as information security and big data is considered as the technology being hopeful to overturn current financial system most, But this revolution by be as bit coin several years ago is in fashion when intermediary and the supervision function of removing these Central Banks and bank advertised Revolution, or a kind of can be used to improve these functional instruments?Central Bank of each big country of the world and each big bank obviously think It is the latter.But up to the present, how effectively application message safety, the technology such as distributed bill is promoting financial sector Reform, most Central Bank and bank and other financial mechanism, are in the stage that learning concept and sandbox are deduced.A lot of this respects Trial all concentrate in the efficiency improving current payment system, the t+2 problem of such as clearing, the authentication question of assets, but All do not touch the basic of financial technology.
In prior art, in the following electronic transaction pattern of financial transaction field presence:
Electronic money: electronic money electronic money refers to store in electronic mode (include magnetic stripe mode) Represent to publisher a kind of monetary value of the right of asking for, it is to issue, by removing after the fund that publisher receives for the purpose of paying Other physical or juridical persons outside publisher accept, and are a kind of par issues, the mode that par is redeemed.
Electronic invoice: electronic invoice is the product of information age, the same with common invoice, using tax bureau's unified payment Form uses to businessman, and invoice number, using national Unified coding, using unified anti-counterfeiting technology, is distributed to businessman, sent out in electronics The signature mechanism of electronics tax office is had on ticket.
Pay wallet: it is the software application developed by Third-party payment company, a kind of mobile payment platform, it is that user is whole Close multiple bank cards, payment process is removed from the complicated procedures of each bank docking;It is as one kind independent of buyer and seller Individuality, be the guarantee that both sides provide Transaction Information and transaction funds, and there is extremely strong exploration, can be used to also believe With card, transfer accounts, charge filling, the payment funding paying water power coal, call a taxi etc..
But there is following defect in above-mentioned prior art:
1), there is flow risk, electronic money may produce unexpected demand and increase severely, and the issuer of electronic money is not The conventional currency that the single-candidate for redeeming electronic money may be kept prepares, and this may result in electronic banking service organization and sends out Raw liquidity run.
2), can only to pass through the means such as cryptographic digital signature in addition false proof for electronic money, electronic invoice.If key technology and Data is grasped, and the currency of forgery and invoice can emerge in multitude and will bring heavy losses to issuer.
3), the formation of net connection scheme, effectively can supervise Third-party payment really, however it is necessary that being related to every transaction, do not have Using bank's existing business systemic-function, there is no final solve problem.
4) although, current financial sector have a digitized of very high level, most finance data, including paying And clearance etc. it is necessary to ensure the integrity between these data and legitimacy by way of postaudit.Big in today Seem very powerless under data and the Internet financial innovation system continuing to bring out.The not only finance data based on paying itself Complete and can be supervisory, invoice and the tax etc. must be based on completely derivative instrument of correct payment data etc. will not had yet Standby complete and can be supervisory.That is, the financial technology (fintech) continuing to bring out and regulator (Central Bank, the tax, Exchange control etc.) between will appear from increasing gap.Supervision function mechanism and the audit process falling behind do not catch up with financial section The change that skill innovation brings.
Additionally, as the block chain of bit coin Floor layer Technology, gradually having begun with some other applications, particularly having existed Financial field.Block chain (blockchain) refer to by decentration and go trust by way of collective safeguard an infallible data The technical scheme in storehouse, but because the distributed nature of its non-stop layer is it is impossible to play the function of central regulatory mechanism, lead to it to answer With limited;And the multiple affirmation mechanism of transaction record, lead to confirm that efficiency comparison is low it is impossible to adapt to rapid payment application;Simultaneously The partition type distribution storage of transaction record, leads to transaction data Multiple storage, waste of resource.
Content of the invention
The invention provides a kind of distributed Billing System and transaction processing method can not be distorted based on secure hardware, with Solve the asset monitor of existing finance class system and safeguard technical problem that is to be improved and improving.
The technical solution used in the present invention is as follows:
According to an aspect of the present invention, a kind of distributed Billing System of can not distorting based on secure hardware is provided, makees Centered on change supervision the asset management system first floor system, for interacting with operation system with the data processing of response service layer Ask and generate transaction record;Included based on the distributed Billing System of can not distorting of secure hardware:
Bill unit module, is stored in for preserving at least one bill unit with data structure form in secure hardware, Bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules, as the access interface carrying out data interaction with operation system hardware, for receiving operation system Response results are simultaneously returned to operation system by transaction request;
Transaction maintenance module, is processed for receiving the bill unit in statement unit module after transaction request with more Newly-generated new bill unit, returns to operation system to be formed to after the new encrypted process of bill unit as response results Corresponding mirror image data;Wherein, encryption key is based on secure hardware initialization Predistribution Algorithm and adopts the generation of cipher key derivative mechanism.
Further, secure hardware is multiple, corresponding to the different levels of the asset management system of centralization supervision, each Corresponding one or more bill unit of storage, the supervisor authoritative institution that secure hardware unification is supervised by centralization on secure hardware Master key in initialization and cipher key derivative mechanism is possessed by being responsible for authoritative institution, the pool of keys in the secure hardware of next level It is subordinated to the pool of keys in the secure hardware of last layer level.
Further, the data structure of bill unit at least includes: serial number, reference address, quantity and key, wherein, Serial No. is used for identifying the corresponding transaction of bill unit dynamically dynamic id, and reference address is for identifying the unique of bill unit Access id, quantity is used for characterizing numerical value corresponding with the service attribute of operation system, it is pre- that key is based on initialization by secure hardware Put algorithm dynamically to update.
Further, transaction maintenance module includes:
Authentication submodule, for sending supreme one by after corresponding for local bill unit transaction request key-encrypted The corresponding secure hardware of level carry out authentication and next level is sended over encrypted after transaction request carry out body Part checking;
Trading processing submodule is for the authentication result treatment transaction request according to last layer level, more newly-generated new Bill unit;
Receipt generates from module, for returning business system to after the new encrypted process of bill unit as response results System.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Trades record module, comprises at least to characterize bill unit renewal correspondence for being generated according to the transaction request receiving Trading processing record bill information.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Cloud data storing platform, receives the bill information that simultaneously store transaction logging modle generates.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Export module, for the bill unit preserving in bill unit module is derived after its corresponding key encryption to Third party's operation system.
According to a further aspect in the invention, also provide a kind of transaction in assets processing method, based on above-mentioned hard based on safety Part can not distort distributed Billing System, the bottom system of the transaction request as response service system for the distributed Billing System System, the bill unit that transaction is related to synchronizes renewal.
Further, transaction in assets processing method of the present invention also includes:
Bill unit in secure hardware is derived supplies it to sign to third party's operation system, to realize two or two The transaction based on same secure hardware for the above regulator is supervised.
Further, the corresponding asset management system of transaction in assets of the present invention is banking system, tax system, security system Electronic data interchange system in system, enterprise.
The method have the advantages that
The present invention can not distort distributed Billing System and transaction processing method based on secure hardware, by by bill list Unit is stored in secure hardware, and the transaction request that response is derived from operation layer that updates through the bill unit in secure hardware, in fact Now the bill unit after transaction circulation, and renewal returns to operation system, safety after the key encryption in secure hardware Key in hardware by initialize Predistribution Algorithm adopt cipher key derivative mechanism generate so that in secure hardware bill unit key Realize the non-repudiation of data encryption and data manipulation/can not distort in process of exchange, and All Activity is all supervised in centralization The management of pipe lower it is ensured that transaction bottom data process uniqueness, authoritative and safety, additionally, the present invention can not distort Distributed Billing System need not change existing operation layer transaction system, only need to by secure hardware directly with operation system hardware phase It is connected through network even or with operation system hardware, the secure hardware that bill unit is located is existed with backstage form, to business system The transaction of system is responded, and compatibility is good, easy to utilize.
In addition to objects, features and advantages described above, the present invention also has other objects, features and advantages. Below with reference to accompanying drawings, the present invention is further detailed explanation.
Brief description
The accompanying drawing constituting the part of the application is used for providing a further understanding of the present invention, the schematic reality of the present invention Apply example and its illustrate, for explaining the present invention, not constituting inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is that the preferred embodiment of the present invention is shown based on the principle square frame that can not distort distributed Billing System of secure hardware It is intended to;
Fig. 2 is the structural representation of preferred embodiment of the present invention bill unit;
The bill cellular construction schematic diagram that Tu3Shi preferred embodiment of the present invention Central Bank opens an account;
The structural representation that Tu4Shi preferred embodiment of the present invention Central Bank bill unit updates;
Tu5Shi preferred embodiment of the present invention Central Bank distributes the bill cellular construction schematic diagram of Hou Ge bank to more banks;
Fig. 6 is the structural representation of bank a newly-built bill unit after opening an account in the preferred embodiment of the present invention;
Fig. 7 is the structural representation of bank b newly-built bill unit after opening an account in the preferred embodiment of the present invention;
Fig. 8 is the bill cellular construction schematic diagram of bank c in the preferred embodiment of the present invention;
Fig. 9 is the bill cellular construction schematic diagram in the preferred embodiment of the present invention with bank transfer;
Figure 10 is one of bill cellular construction schematic diagram that in the preferred embodiment of the present invention, inter-bank is transferred accounts;
Figure 11 is the two of the bill cellular construction schematic diagram that in the preferred embodiment of the present invention, inter-bank is transferred accounts;
Figure 12 is the structural representation of transaction maintenance module in the preferred embodiment of the present invention.
Specific embodiment
It should be noted that in the case of not conflicting, the embodiment in the application and the feature in embodiment can phases Mutually combine.To describe the present invention below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
In order to reduce traditional note issue, the sky high cost that leads to of circulation, and avoid market confusion that counterfeit money circulation leads to, And traditional banking supervision system such as cannot prevent money laundering, evade taxation at the infringement, the embodiment of the present invention provides a kind of being based on to pacify Devices at full hardware can not distort distributed Billing System, as centralization supervision the asset management system first floor system, for Operation system interaction with the data processing request of response service layer and generates transaction record;With reference to Fig. 1, the present embodiment is based on safety The distributed Billing System of can not distorting of hardware includes:
Bill unit module 100, is stored in secure hardware for preserving at least one bill list with data structure form Unit, bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules 200, as the access interface carrying out data interaction with operation system hardware, for receiving operation system Transaction request and response results are returned to operation system;
Transaction maintenance module 300, is processed for receiving the bill unit in statement unit module after transaction request With more newly-generated new bill unit, encrypted to new bill unit process after as response results return to operation system with Form corresponding mirror image data;Wherein, encryption key is based on secure hardware initialization Predistribution Algorithm and adopts cipher key derivative mechanism Generate.
In the present embodiment, the asset management system of centralization supervision taking banking system as a example illustrates, banking system bag Include the Duo Jia business bank under the People's Bank of China (hereinafter referred to as Central Bank) as centralization regulator, and Central Bank's supervision, Each business bank is divided into branch, subbranch by hierarchical relationship again from top to bottom, forms the multi-level architecture system of centralization supervision.
The secure hardware (hsm) that the present embodiment is related to is the dedicated encrypted aiming at protection encryption key life cycle and designing Processor.Secure hardware module is passed through safely to manage in reliable and anti-tamper equipment, is processed and preserve encryption key, leads to Cross and provide protection encryption key and configuration encryption, deciphering, authentication and digital Digital signature service for being widely applied program, for handing over Easily, identifying data and application program provide protection, are typically commonly called as encryption equipment, here is not to its hardware configuration and concrete structure in industry One-tenth elaborates.
In the present embodiment, secure hardware is multiple, the different levels of the asset management system supervising corresponding to centralization, often Corresponding one or more bill unit of storage on individual secure hardware, supervisor's authority's machine that secure hardware unification is supervised by centralization Master key in structure initialization and cipher key derivative mechanism is possessed by being responsible for authoritative institution, the key in the secure hardware of next level Pond is subordinated to the pool of keys in the secure hardware of last layer level, forms the layered distribution type structure based on centralization, relationship trading Data multilamellar supervision with operating system in store.
In the present embodiment, with reference to Fig. 2, the data structure of bill unit at least includes: serial number, reference address, quantity and Key, wherein, Serial No. is used for identifying the corresponding transaction of bill unit dynamically dynamic id;Reference address is for identifying bill Unique access id of unit;Quantity is used for characterizing numerical value corresponding with the service attribute of operation system, such as, in banking system This corresponding quantity of numerical value representative money, in securities exchange system, this numerical value represents stock quantity, this number in tax system Value represents tax, is only for example herein, is not limited thereto;Key is based on initialization Predistribution Algorithm by secure hardware and moves State updates, and is derived and gone out by the master key of issuer.
The basic operation that the present embodiment is stored in the bill unit in secure hardware is as follows:
A) (can be, the peace in same secure hardware or in different physical locations in different bill units Between devices at full hardware) between can carry out the payment transfer of optional network specific digit assets, related transfer is synchronous between two bill units Carry out, the quantity in two bill units is synchronously increased and decreased it is ensured that the total amount before and after assets transfer is constant;
B), the operation of above-mentioned assets transfer is true in the identity of the integrity having carried out bill cell data and both parties Carry out after reality;
C), transfer operation data related above encryption (computing) is all to carry out in secure hardware.
Below taking digital cash as a example, distributed Billing System can not be distorted in conjunction with the present embodiment and it is carried out illustrating Bright:
Such as, Central Bank has issued 100 yuan of digital cash, then in hsm secure hardware, a newly-built bill unit is as shown in Figure 3.
Center regulator can distribute a pool of keys to the corresponding hsm of Central Bank, and key 1 is to generate from this pool of keys , and key automatically generates distribution in hsm hardware, the algorithm of key, by authoritative institution's voluntarily initializing set, props up herein Hold the algorithm of any digital signature, including symmetrically or non-symmetrically signature, massage authentication code (mac) etc..
1st, there are three business banks below Central Bank, distribute to a bank 40, b bank 30, c bank 20, receiving operation layer After sending instruction, the interface that hsm is docked with Central Bank can receive an instruction, the bill in the hsm secure hardware on Central Bank backstage Unit will update, as shown in figure 4, wherein, key 2 is that Central Bank's pool of keys is redistributed to the corresponding bill unit of the Central Bank after renewal A sub-key, the bill unit of key 1 originally is updated.To distribute to three, three banks right for Central Bank's pool of keys simultaneously The pool of keys answered: bank's a pool of keys, bank's b pool of keys, bank's c pool of keys.
The payment information (information transferred accounts respectively to three banks) that the present embodiment Billing System returns according to bank simultaneously Update bill unit, new bill cell data is encrypted to a string character string and returns to banking system, in business after bank validation The layer corresponding mirror image data of formation (remaining sum), hsm upload payment instruction (three simple bill informations, such as 100-40,60-30, 30-20) arrive cloud device.Carrying out practically process is as follows:
(1), (bill unit is more by each account number currency values on api up-on command change hsm hardware for service layer Newly);
(2), hsm passes through api downlink command (i.e. serial number+address+quantity+unit is then encryption digital cash document A string character string with key encryption) give payment system;
(3), hsm passes to the storage of long-distance cloud data center payment instruction (simple bill information).
Then the corresponding generation that the bill unit in the hsm secure hardware on three bank backstages also can be synchronous, as Fig. 5 institute Show, wherein, key 3 is that bank's a pool of keys is randomly assigned, and key 4 is that bank's b pool of keys is randomly assigned, by that analogy.
2nd, assume that bank a has carried out two clients 1 and 2 and opened an account, client 1 deposits 25 yuan, and client 2 deposits 10 yuan;Bank b has come one Client 3 opens an account, and client 3 deposits 17, and the transaction request according to operation layer is updated by the corresponding bill unit of three banks, its In, as shown in fig. 6, wherein, key 6,7,8 is that bank's a pool of keys is randomly assigned to the structure after the bill unit renewal of bank a , the corresponding bill unit of original cipher key 3 is updated, and in the same manner, hsm also generates corresponding simple bill information and is uploaded to high in the clouds and sets Standby;As shown in fig. 7, wherein, key 9,10 is that bank's b pool of keys is randomly assigned to structure after the bill unit renewal of bank b, The corresponding bill unit of original cipher key 4 is updated, and in the same manner, hsm also generates corresponding simple bill information and is uploaded to cloud device;Silver The bill unit of row c keeps constant, and structure is as shown in Figure 8.
3rd, same to bank transfer:
Client 1 transfers accounts 6 yuan to client 2, and now the structure after the bill unit variation of bank a is as shown in figure 9, key before 7th, 8 corresponding bill units are updated, and send simple bill information (25-6,10+6) to cloud device simultaneously, other bills Unit is constant.
4th, inter-bank is transferred accounts:
Client 1 transfers accounts 4 yuan to client 3, and the structure after the bill unit variation of bank a is as shown in Figure 10, the bill of bank b Structure after unit variation is as shown in figure 11.The corresponding bill unit of key 11 is updated before, sends a simple account simultaneously Single information (19-4) gives cloud device;The corresponding bill unit of key 10 is updated before, sends a simple bill letter simultaneously Breath (17+4) gives cloud device.
In the distributed Billing System that the present embodiment provides, digital cash is that to be stored in hsm in the form of data structure hard In part, there is uniqueness, and the present embodiment need not change existing financial payment systems, hsm is accessed after financial sector, finance In system, the amount of money of display is mirror image, and all of transaction is both needed to online verification.The block chain technology of the present embodiment and bit coin is deposited In essential difference, block chain is scattered, when New Transaction produces, needs all participation nodes of whole network are tested Card, and each node will use block chain data structure, the present embodiment only need to access in banking system hsm api or Hsm is directly connected by person with operation system hardware, you can be traded circulating by instruction, and operation system itself will not be subject to Impact.
Specifically, with reference to Figure 12, the present embodiment transaction maintenance module 300 includes:
Authentication submodule 310, for by send after corresponding for local bill unit transaction request key-encrypted to The corresponding secure hardware of last layer level carry out authentication and next level is sended over encrypted after transaction request enter Row authentication;
Trading processing submodule 320, for the authentication result treatment transaction request according to last layer level, more newly-generated New bill unit;
Receipt generates submodule 330, for returning business to after the new encrypted process of bill unit as response results System.
When the present embodiment is implemented, each secure hardware implements initialization by being responsible for authoritative institution, including the calculation of various encryption and decryption Method and initial parameter etc., the transactions demand of service layer after the pretreatment of operation system, is generating transaction request instruction To the corresponding secure hardware of bottom, it is traded required cipher key derivative, the encryption and decryption of transaction data in secure hardware, concluding the business disappears Payment transfer in the certification of breath, transaction (i.e. it is readable, not writeable under numerical value routine in the rewriting of data value, such as bill unit, On the premise of authentication, this data is writeable, realizes the plus-minus of quantitative attribute in different bill units), return implementing result and give Operation layer.The security mechanism of operation layer by operation system or mechanism for implementing, not in the elaboration scope of the present invention.The present embodiment Secure hardware realizes the authentication to transaction request through authentication submodule 310 so that transaction circulation is after online verification Carry out, and return after being digitally signed through its corresponding key by the hsm of last layer level, to ensure the reliability supervised and not The property denied;The instruction that trading processing submodule 320 returns according to last layer level, reconciliation single unit is written over updating to generate New bill unit, includes the rewriting of logarithm value herein, the renewal through add algorithm renewal and key for the serial number;Receipt generates son New bill unit is returned to operation system using generation character string after key encryption by module 330, is formed in operation layer Corresponding mirror image data.
Preferably, the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware:
Trades record module, comprises at least to characterize bill unit renewal correspondence for being generated according to the transaction request receiving Trading processing record bill information.Preferably, this bill information returns to operation system with response results, with operation layer Form transaction complete documentation.It is highly preferred that the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware: Cloud data storing platform, receives the bill information that simultaneously store transaction logging modle generates, to deposit to transaction record beyond the clouds Deposit part, is easy to subsequent query.
Preferably, the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware:
Export module, for the bill unit preserving in bill unit module is derived after its corresponding key encryption to Third party's operation system.The data of the bill unit in hsm becomes single character string after encryption, as third party's numeral money Produce the mark of payment system, and then realize and the existing or following third party's digital asset payment system (as to class wallet) Docking.Preferably, the bill element string derived from hsm (host security modules), is storable in terminal unit (mobile phone, electricity Brain etc.) and financial technology platform (stored value card, tax system etc.) in, online character string is verified at any time.
In the present embodiment, the derivative algorithm of the key in secure hardware is designed by issuer, such as by Central Bank, tax bureau etc. Authoritative issuer master key derives, and derivative algorithm executes in hsm and generates specific key, key do not go out hsm it is ensured that Key and the data safety of this key encryption.And data block is encrypted to character string when exporting to character string from hsm, really Protect the integrity of character string representing bill unit and can verify that, and the data security in process of exchange.
The present invention can not distort distributed Billing System based on secure hardware, hard by bill unit is stored in safety In part, and the transaction request that response is derived from operation layer that updates through the bill unit in secure hardware, realization transaction circulation, and more Bill unit after new returns to operation system after the key encryption in secure hardware, and the key in secure hardware is by first Beginningization Predistribution Algorithm adopts cipher key derivative mechanism to generate so that the key of bill unit is realized in process of exchange in secure hardware The non-repudiation of data encryption and data manipulation/can not distort, and All Activity all centralization supervision management under it is ensured that Uniqueness that transaction bottom data is processed, authoritative and safety, additionally, the present invention can not distort distributed Billing System need not Change existing operation layer transaction system, only secure hardware directly need to be connected with operation system hardware or through network and business System hardware is connected, and the secure hardware that bill unit is located is existed with backstage form, and the transaction to operation system responds, and Capacitive is good, easy to utilize.
According to a further aspect in the invention, a kind of transaction in assets processing method is also provided, based on above-described embodiment based on Secure hardware can not distort distributed Billing System, the bottom of the transaction request as response service system for the distributed Billing System Layer system, the bill unit that transaction is related to synchronizes renewal.
The present embodiment transaction in assets processing method also includes:
Bill unit in secure hardware is derived supplies it to sign to third party's operation system, to realize two or two The transaction based on same secure hardware for the above regulator is supervised.Two supervision can be realized on same secure hardware device The key management function of mechanism's (such as currency and tax), management and control strategy and equipment Initialize installation by authoritative institution's sets itself, Voluntarily control, that realizes data can not tamper.
It should be understood that the embodiment of the present invention, with the citing of digital cash, only readily appreciates, do not constitute to this Shen Please claims restriction, the distributed Billing System of the present embodiment can also be used in bank, the tax, foreign exchange, stock Etc. field, payment system, banking system, tax system, intra-company edi (electric data can be used in Interchange) it is only necessary to make the data structure of correspondence system needs into.In addition, the account of these different regulators encryptions Single, can be signed mutually, so, a certain tax reciept can correspond to a certain payment (of course not all be required for), such many Supervision unit, the complexity " distributed bill " of multiple supervision data.
The corresponding asset management system of transaction in assets of the present invention can be banking system, tax system, securities system or enterprise Electronic data interchange system in the industry.
It should be noted that the step that illustrates of flow process in accompanying drawing can be in such as one group of computer executable instructions Execute in computer system, and although showing logical order in flow charts, but in some cases, can be with not It is same as the step shown or described by order execution herein.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general Computing device realizing, they can concentrate on single computing device, or be distributed in multiple computing devices and formed Network on, alternatively, they can be realized with the executable program code of computing device, it is thus possible to they are stored To be executed by computing device in the storage device, or they be fabricated to each integrated circuit modules respectively, or by they In multiple modules or step be fabricated to single integrated circuit module to realize.So, the present invention be not restricted to any specific Hardware and software combines.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made any repair Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (10)

1. a kind of based on secure hardware can not distort distributed Billing System it is characterised in that as centralization supervision money Produce the first floor system of management system, for interacting with the data processing request of response service layer with operation system and generating transaction note Record;Described included based on the distributed Billing System of can not distorting of secure hardware:
Bill unit module, is stored in for preserving at least one bill unit with data structure form in described secure hardware, Described bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules, as the access interface carrying out data interaction with operation system hardware, for receiving the transaction of operation system Response results are simultaneously returned to operation system by request;
Transaction maintenance module, is processed to the bill unit in described bill unit module after described transaction request for receiving With more newly-generated new bill unit, after process encrypted to described new bill unit, return to described industry as response results Business system is to form corresponding mirror image data;Wherein, described encryption key is based on described secure hardware and initializes Predistribution Algorithm Generated using cipher key derivative mechanism.
2. according to claim 1 based on secure hardware can not distort distributed Billing System it is characterised in that
Described secure hardware is multiple, corresponding to the different levels of the asset management system of centralization supervision, each described safety Corresponding one or more bill unit of storage, the supervisor authoritative institution that described secure hardware unification is supervised by centralization on hardware Master key in initialization and described cipher key derivative mechanism is possessed by described supervisor authoritative institution, in the secure hardware of next level Pool of keys be subordinated to the pool of keys in the secure hardware of last layer level.
3. according to claim 2 based on secure hardware can not distort distributed Billing System it is characterised in that
The data structure of described bill unit at least includes: serial number, reference address, quantity and key, wherein, described serial number It is that described reference address is for identifying described bill unit for identifying the corresponding transaction of described bill unit dynamically dynamic id Unique access id, described quantity be used for characterize numerical value corresponding with the service attribute of operation system, described key is by described peace Devices at full hardware is based on initialization Predistribution Algorithm and dynamically updates.
4. according to claim 3 based on secure hardware can not distort distributed Billing System it is characterised in that
Described transaction maintenance module includes:
Authentication submodule, for sending a supreme level by after corresponding for local bill unit transaction request key-encrypted Corresponding secure hardware carry out authentication and next level is sended over encrypted after transaction request carry out identity and test Card;
Trading processing submodule, for the authentication result treatment transaction request according to last layer level, more newly-generated new account Single unit;
Receipt generates from module, returns business system for after process encrypted to described new bill unit as response results System.
5. according to claim 1 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware Include:
Trades record module, comprises at least to characterize described bill unit renewal for being generated according to the described transaction request receiving The bill information of corresponding trading processing record.
6. according to claim 5 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware Include:
Cloud data storing platform, receives and stores the bill information that described trades record module generates.
7. according to claim 3 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware Include:
Export module, for deriving to the 3rd the bill unit preserving in bill unit module after its corresponding key encryption Square operation system.
8. a kind of transaction in assets processing method is it is characterised in that arbitrary described hard based on safety based on such as claim 1 to 7 Part can not distort distributed Billing System, the bottom of the transaction request as response service system for the described distributed Billing System System, the bill unit that transaction is related to synchronizes renewal.
9. transaction in assets processing method according to claim 8 is it is characterised in that also include:
Bill unit in described secure hardware is derived supplies it to sign to third party's operation system, to realize two or two The transaction based on same secure hardware for the above regulator is supervised.
10. transaction in assets processing method according to claim 8 it is characterised in that
The corresponding asset management system of described transaction in assets is the electricity in banking system, tax system, securities system or enterprise Subdata exchange system.
CN201610736004.5A 2016-08-26 2016-08-26 Non-tamper-able distributed bill system based on secure hardware and transaction processing method Active CN106339939B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610736004.5A CN106339939B (en) 2016-08-26 2016-08-26 Non-tamper-able distributed bill system based on secure hardware and transaction processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610736004.5A CN106339939B (en) 2016-08-26 2016-08-26 Non-tamper-able distributed bill system based on secure hardware and transaction processing method

Publications (2)

Publication Number Publication Date
CN106339939A true CN106339939A (en) 2017-01-18
CN106339939B CN106339939B (en) 2020-05-15

Family

ID=57823021

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610736004.5A Active CN106339939B (en) 2016-08-26 2016-08-26 Non-tamper-able distributed bill system based on secure hardware and transaction processing method

Country Status (1)

Country Link
CN (1) CN106339939B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107103471A (en) * 2017-03-28 2017-08-29 上海瑞麒维网络科技有限公司 The method and device of transaction legitimacy is determined based on block chain
CN107633390A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet management method and server
CN108564369A (en) * 2018-04-18 2018-09-21 常州大学 A kind of decentralization moneytary operations method based on region chain
WO2018177124A1 (en) * 2017-03-30 2018-10-04 腾讯科技(深圳)有限公司 Service processing method and device, data sharing system and storage medium
CN108717659A (en) * 2018-04-03 2018-10-30 中电科大数据研究院有限公司 A kind of measures of tax collection and framework based on block chain
CN108881163A (en) * 2017-05-16 2018-11-23 江峰 A kind of multicenter block catenary system with block issue mechanism
CN108876579A (en) * 2018-07-05 2018-11-23 江苏恒宝智能系统技术有限公司 A kind of tax declaration management method and system based on block chain
CN109165957A (en) * 2018-08-14 2019-01-08 海南高灯科技有限公司 Invoice data method of charging out, system and relevant device based on block chain
WO2019015232A1 (en) * 2017-07-19 2019-01-24 招商银行股份有限公司 Remittance processing method and system, and computer-readable storage medium
GB2569207A (en) * 2017-07-19 2019-06-12 China Merchants Bank Company Remittance processing method and system, and computer-readable storage medium
CN110490700A (en) * 2019-08-08 2019-11-22 上海源庐加佳信息科技有限公司 A kind of staple commodities spot business system based on block chain intelligence contract
CN111488399A (en) * 2020-05-06 2020-08-04 北京俩撇科技有限公司 Block chain system, transaction processing method and device
CN111587434A (en) * 2018-01-02 2020-08-25 惠普发展公司,有限责任合伙企业 Adjustment of modifications
CN111669377A (en) * 2020-05-27 2020-09-15 国家广播电视总局广播电视规划院 Safety control method for block chain chaining information
CN111932255A (en) * 2020-08-12 2020-11-13 中国工商银行股份有限公司 Method and device for realizing transaction reconciliation based on cryptocurrency
CN117094722A (en) * 2023-10-19 2023-11-21 深圳薪汇科技有限公司 Security supervision method and system for online payment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102496112A (en) * 2011-11-24 2012-06-13 烽火通信科技股份有限公司 Three-screen payment system based on intelligent SD card and realization method thereof
CN104376493A (en) * 2014-10-29 2015-02-25 中国建设银行股份有限公司 Safe processing system and method based on encryption equipment
CN105162607A (en) * 2015-10-12 2015-12-16 武汉瑞纳捷电子技术有限公司 Authentication method and system of payment bill voucher
CN106327184A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102496112A (en) * 2011-11-24 2012-06-13 烽火通信科技股份有限公司 Three-screen payment system based on intelligent SD card and realization method thereof
CN104376493A (en) * 2014-10-29 2015-02-25 中国建设银行股份有限公司 Safe processing system and method based on encryption equipment
CN105162607A (en) * 2015-10-12 2015-12-16 武汉瑞纳捷电子技术有限公司 Authentication method and system of payment bill voucher
CN106327184A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李晓敦: "建设银行新疆区分行应用安全控管系统方案设计", 《中国优秀硕士学位论文全文数据库》 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107103471B (en) * 2017-03-28 2020-06-30 上海瑞麒维网络科技有限公司 Method and device for determining transaction validity based on block chain
CN107103471A (en) * 2017-03-28 2017-08-29 上海瑞麒维网络科技有限公司 The method and device of transaction legitimacy is determined based on block chain
TWI672648B (en) * 2017-03-30 2019-09-21 大陸商騰訊科技(深圳)有限公司 Business process method and device, data share system, and storage medium
WO2018177124A1 (en) * 2017-03-30 2018-10-04 腾讯科技(深圳)有限公司 Service processing method and device, data sharing system and storage medium
CN110365491A (en) * 2017-03-30 2019-10-22 腾讯科技(深圳)有限公司 Method for processing business, device, equipment, storage medium and data-sharing systems
CN108881163A (en) * 2017-05-16 2018-11-23 江峰 A kind of multicenter block catenary system with block issue mechanism
WO2019015232A1 (en) * 2017-07-19 2019-01-24 招商银行股份有限公司 Remittance processing method and system, and computer-readable storage medium
GB2569207A (en) * 2017-07-19 2019-06-12 China Merchants Bank Company Remittance processing method and system, and computer-readable storage medium
TWI694396B (en) * 2017-07-19 2020-05-21 大陸商招商銀行股份有限公司 Remittance processing method, system and computer readable storage medium
CN107633390A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet management method and server
CN111587434A (en) * 2018-01-02 2020-08-25 惠普发展公司,有限责任合伙企业 Adjustment of modifications
CN108717659A (en) * 2018-04-03 2018-10-30 中电科大数据研究院有限公司 A kind of measures of tax collection and framework based on block chain
CN108564369A (en) * 2018-04-18 2018-09-21 常州大学 A kind of decentralization moneytary operations method based on region chain
CN108564369B (en) * 2018-04-18 2021-07-27 常州大学 Decentralized currency transaction method based on regional chain
CN108876579A (en) * 2018-07-05 2018-11-23 江苏恒宝智能系统技术有限公司 A kind of tax declaration management method and system based on block chain
CN109165957A (en) * 2018-08-14 2019-01-08 海南高灯科技有限公司 Invoice data method of charging out, system and relevant device based on block chain
CN110490700A (en) * 2019-08-08 2019-11-22 上海源庐加佳信息科技有限公司 A kind of staple commodities spot business system based on block chain intelligence contract
CN111488399A (en) * 2020-05-06 2020-08-04 北京俩撇科技有限公司 Block chain system, transaction processing method and device
CN111669377A (en) * 2020-05-27 2020-09-15 国家广播电视总局广播电视规划院 Safety control method for block chain chaining information
CN111669377B (en) * 2020-05-27 2023-02-03 国家广播电视总局广播电视规划院 Safety control method for block chain chaining information
CN111932255A (en) * 2020-08-12 2020-11-13 中国工商银行股份有限公司 Method and device for realizing transaction reconciliation based on cryptocurrency
CN111932255B (en) * 2020-08-12 2023-11-03 中国人民银行数字货币研究所 Method and device for realizing transaction reconciliation based on encrypted currency
CN117094722A (en) * 2023-10-19 2023-11-21 深圳薪汇科技有限公司 Security supervision method and system for online payment
CN117094722B (en) * 2023-10-19 2024-01-30 深圳薪汇科技有限公司 Security supervision method and system for online payment

Also Published As

Publication number Publication date
CN106339939B (en) 2020-05-15

Similar Documents

Publication Publication Date Title
CN106339939A (en) Tamper-proofing distributed bill system based on safety hardware and transaction processing method
Oh et al. A case study on business model innovations using Blockchain: focusing on financial institutions
KR102656597B1 (en) Systems and methods for controlling digital assets
Bollen The Legal Status of Online Currencies–Are Bitcoins the Future?
WO2018226868A1 (en) Linked multiple blockchain system
US20190303886A1 (en) System and method for multi-tiered distributed network transactional database
CN101140648A (en) Method for bank bill online authorisation and off line trading
Dudin et al. Mitigation of cyber risks in the field of electronic payments: organizational and legal measures
Bhattacharya et al. A blockchain based peer-to-peer framework for exchanging leftover foreign currency
Palihapitiya Blockchain Revolution in Banking Industry
Vaz et al. Money without institutions, how can cryptocurrencies be trusted
Alamsyah et al. A Taxonomy on Blockchain-Based Technology in the Financial Industry: Drivers, Applications, Benefits, and Threats
Van Hee et al. A new digital currency system
WO2019140247A2 (en) Multi-partner regional or national blockchain transaction system
Clark et al. Why private cryptocurrencies cannot serve as international reserves but central bank digital currencies can
Gupta et al. A blockchain-backed central bank cryptocurrency
Thakur et al. Regulation of Cryptocurrency in India: Issues and Challenges
Zaidi Blockchain: Emerging Trends, Applications, and Challenges
Ashfaq et al. Central Bank Digital Currencies and the Global Financial System: Theory and Practice
Hassan Blockchain technology and its potential effect on the banking industry (China Case Study)
Joy The Future of Crypto-Currency in the Absence of Regulation, Social and Legal Impact
KR20200129799A (en) Banking service providing system and method using cryptocurrency
Chen et al. The present and future of China’s Internet finance—the trend of FinTech innovation in China
Loginov et al. Concept of the сryptoruble market formation in Russia
Zhao et al. Challenges of Blockchain adoption in financial services in China's Greater Bay Area

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant