CN106339939A - Tamper-proofing distributed bill system based on safety hardware and transaction processing method - Google Patents
Tamper-proofing distributed bill system based on safety hardware and transaction processing method Download PDFInfo
- Publication number
- CN106339939A CN106339939A CN201610736004.5A CN201610736004A CN106339939A CN 106339939 A CN106339939 A CN 106339939A CN 201610736004 A CN201610736004 A CN 201610736004A CN 106339939 A CN106339939 A CN 106339939A
- Authority
- CN
- China
- Prior art keywords
- transaction
- bill unit
- secure hardware
- bill
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention discloses a tamper-proofing distributed bill system based on safety hardware and a transaction processing method. The system comprises a bill unit module, which is stored in the safety hardware and is used for keeping at least one bill unit in the form of data structure; an access module, which is used for receiving a transaction request of a service system and returning the response result to the service system; and a transaction maintenance module, which is used for processing the bill unit in the bill unit module after receiving the transaction request to update and generate a new bill unit, and carrying out encryption processing on the new bill unit to obtain the response result and returning the response result to the service system, wherein a secret key for encryption is generated based on a safety hardware initialization preset algorithm and through a key deriving mechanism. The secret key of the bill unit in the safety hardware realizes non-repudiation/ no-tampering of data encryption and data operation in the transaction process, and all transactions are supervised under centralized supervision, thereby ensuring uniqueness, authority and security of transaction bottom-level data processing.
Description
Technical field
The present invention relates to financial transaction control field, especially, it is related to a kind of to distort distribution based on secure hardware
Formula Billing System and transaction processing method.
Background technology
The popularization of the Internet, particularly mobile Internet, the subversiveness of digital revolution is taken to various traditional industries.These
The example of great change can be found everywhere: retail business is overturned by netting business, and the communications industry is overturned by social networking application, and it industry is overturned by cloud computing.
In financial field, retail pays industry, is also overturned by the huge consumption network system of net business and social type.One of them is very
Important common ground is it is simply that traditional industries are overturned in terms of efficiency, customer service etc. by inter-trade technology.
As the bank finance system of national financial subject, also it is in storm eve.But with front chat overturn case
Some different places, case above, it is substantially and just is summarised out after traditional industries are overturned, overturned
Industry is overturned not recognizing at that time, or does not expect the speed overturned and fierce degree, until recognize
When overturned completely.Current before the tempest that traditional financial system is overturned, Ge great Central Bank of the world, and bank with
All kinds of financial institutions, all the very first time unconditional embrace distributed bill, the inter-trade concept such as block chain it would be desirable to
This guides the direction of this revolution during overturning.
The inter-trade technology such as information security and big data is considered as the technology being hopeful to overturn current financial system most,
But this revolution by be as bit coin several years ago is in fashion when intermediary and the supervision function of removing these Central Banks and bank advertised
Revolution, or a kind of can be used to improve these functional instruments?Central Bank of each big country of the world and each big bank obviously think
It is the latter.But up to the present, how effectively application message safety, the technology such as distributed bill is promoting financial sector
Reform, most Central Bank and bank and other financial mechanism, are in the stage that learning concept and sandbox are deduced.A lot of this respects
Trial all concentrate in the efficiency improving current payment system, the t+2 problem of such as clearing, the authentication question of assets, but
All do not touch the basic of financial technology.
In prior art, in the following electronic transaction pattern of financial transaction field presence:
Electronic money: electronic money electronic money refers to store in electronic mode (include magnetic stripe mode)
Represent to publisher a kind of monetary value of the right of asking for, it is to issue, by removing after the fund that publisher receives for the purpose of paying
Other physical or juridical persons outside publisher accept, and are a kind of par issues, the mode that par is redeemed.
Electronic invoice: electronic invoice is the product of information age, the same with common invoice, using tax bureau's unified payment
Form uses to businessman, and invoice number, using national Unified coding, using unified anti-counterfeiting technology, is distributed to businessman, sent out in electronics
The signature mechanism of electronics tax office is had on ticket.
Pay wallet: it is the software application developed by Third-party payment company, a kind of mobile payment platform, it is that user is whole
Close multiple bank cards, payment process is removed from the complicated procedures of each bank docking;It is as one kind independent of buyer and seller
Individuality, be the guarantee that both sides provide Transaction Information and transaction funds, and there is extremely strong exploration, can be used to also believe
With card, transfer accounts, charge filling, the payment funding paying water power coal, call a taxi etc..
But there is following defect in above-mentioned prior art:
1), there is flow risk, electronic money may produce unexpected demand and increase severely, and the issuer of electronic money is not
The conventional currency that the single-candidate for redeeming electronic money may be kept prepares, and this may result in electronic banking service organization and sends out
Raw liquidity run.
2), can only to pass through the means such as cryptographic digital signature in addition false proof for electronic money, electronic invoice.If key technology and
Data is grasped, and the currency of forgery and invoice can emerge in multitude and will bring heavy losses to issuer.
3), the formation of net connection scheme, effectively can supervise Third-party payment really, however it is necessary that being related to every transaction, do not have
Using bank's existing business systemic-function, there is no final solve problem.
4) although, current financial sector have a digitized of very high level, most finance data, including paying
And clearance etc. it is necessary to ensure the integrity between these data and legitimacy by way of postaudit.Big in today
Seem very powerless under data and the Internet financial innovation system continuing to bring out.The not only finance data based on paying itself
Complete and can be supervisory, invoice and the tax etc. must be based on completely derivative instrument of correct payment data etc. will not had yet
Standby complete and can be supervisory.That is, the financial technology (fintech) continuing to bring out and regulator (Central Bank, the tax,
Exchange control etc.) between will appear from increasing gap.Supervision function mechanism and the audit process falling behind do not catch up with financial section
The change that skill innovation brings.
Additionally, as the block chain of bit coin Floor layer Technology, gradually having begun with some other applications, particularly having existed
Financial field.Block chain (blockchain) refer to by decentration and go trust by way of collective safeguard an infallible data
The technical scheme in storehouse, but because the distributed nature of its non-stop layer is it is impossible to play the function of central regulatory mechanism, lead to it to answer
With limited;And the multiple affirmation mechanism of transaction record, lead to confirm that efficiency comparison is low it is impossible to adapt to rapid payment application;Simultaneously
The partition type distribution storage of transaction record, leads to transaction data Multiple storage, waste of resource.
Content of the invention
The invention provides a kind of distributed Billing System and transaction processing method can not be distorted based on secure hardware, with
Solve the asset monitor of existing finance class system and safeguard technical problem that is to be improved and improving.
The technical solution used in the present invention is as follows:
According to an aspect of the present invention, a kind of distributed Billing System of can not distorting based on secure hardware is provided, makees
Centered on change supervision the asset management system first floor system, for interacting with operation system with the data processing of response service layer
Ask and generate transaction record;Included based on the distributed Billing System of can not distorting of secure hardware:
Bill unit module, is stored in for preserving at least one bill unit with data structure form in secure hardware,
Bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules, as the access interface carrying out data interaction with operation system hardware, for receiving operation system
Response results are simultaneously returned to operation system by transaction request;
Transaction maintenance module, is processed for receiving the bill unit in statement unit module after transaction request with more
Newly-generated new bill unit, returns to operation system to be formed to after the new encrypted process of bill unit as response results
Corresponding mirror image data;Wherein, encryption key is based on secure hardware initialization Predistribution Algorithm and adopts the generation of cipher key derivative mechanism.
Further, secure hardware is multiple, corresponding to the different levels of the asset management system of centralization supervision, each
Corresponding one or more bill unit of storage, the supervisor authoritative institution that secure hardware unification is supervised by centralization on secure hardware
Master key in initialization and cipher key derivative mechanism is possessed by being responsible for authoritative institution, the pool of keys in the secure hardware of next level
It is subordinated to the pool of keys in the secure hardware of last layer level.
Further, the data structure of bill unit at least includes: serial number, reference address, quantity and key, wherein,
Serial No. is used for identifying the corresponding transaction of bill unit dynamically dynamic id, and reference address is for identifying the unique of bill unit
Access id, quantity is used for characterizing numerical value corresponding with the service attribute of operation system, it is pre- that key is based on initialization by secure hardware
Put algorithm dynamically to update.
Further, transaction maintenance module includes:
Authentication submodule, for sending supreme one by after corresponding for local bill unit transaction request key-encrypted
The corresponding secure hardware of level carry out authentication and next level is sended over encrypted after transaction request carry out body
Part checking;
Trading processing submodule is for the authentication result treatment transaction request according to last layer level, more newly-generated new
Bill unit;
Receipt generates from module, for returning business system to after the new encrypted process of bill unit as response results
System.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Trades record module, comprises at least to characterize bill unit renewal correspondence for being generated according to the transaction request receiving
Trading processing record bill information.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Cloud data storing platform, receives the bill information that simultaneously store transaction logging modle generates.
Further, the present invention is also included based on the distributed Billing System of can not distorting of secure hardware:
Export module, for the bill unit preserving in bill unit module is derived after its corresponding key encryption to
Third party's operation system.
According to a further aspect in the invention, also provide a kind of transaction in assets processing method, based on above-mentioned hard based on safety
Part can not distort distributed Billing System, the bottom system of the transaction request as response service system for the distributed Billing System
System, the bill unit that transaction is related to synchronizes renewal.
Further, transaction in assets processing method of the present invention also includes:
Bill unit in secure hardware is derived supplies it to sign to third party's operation system, to realize two or two
The transaction based on same secure hardware for the above regulator is supervised.
Further, the corresponding asset management system of transaction in assets of the present invention is banking system, tax system, security system
Electronic data interchange system in system, enterprise.
The method have the advantages that
The present invention can not distort distributed Billing System and transaction processing method based on secure hardware, by by bill list
Unit is stored in secure hardware, and the transaction request that response is derived from operation layer that updates through the bill unit in secure hardware, in fact
Now the bill unit after transaction circulation, and renewal returns to operation system, safety after the key encryption in secure hardware
Key in hardware by initialize Predistribution Algorithm adopt cipher key derivative mechanism generate so that in secure hardware bill unit key
Realize the non-repudiation of data encryption and data manipulation/can not distort in process of exchange, and All Activity is all supervised in centralization
The management of pipe lower it is ensured that transaction bottom data process uniqueness, authoritative and safety, additionally, the present invention can not distort
Distributed Billing System need not change existing operation layer transaction system, only need to by secure hardware directly with operation system hardware phase
It is connected through network even or with operation system hardware, the secure hardware that bill unit is located is existed with backstage form, to business system
The transaction of system is responded, and compatibility is good, easy to utilize.
In addition to objects, features and advantages described above, the present invention also has other objects, features and advantages.
Below with reference to accompanying drawings, the present invention is further detailed explanation.
Brief description
The accompanying drawing constituting the part of the application is used for providing a further understanding of the present invention, the schematic reality of the present invention
Apply example and its illustrate, for explaining the present invention, not constituting inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is that the preferred embodiment of the present invention is shown based on the principle square frame that can not distort distributed Billing System of secure hardware
It is intended to;
Fig. 2 is the structural representation of preferred embodiment of the present invention bill unit;
The bill cellular construction schematic diagram that Tu3Shi preferred embodiment of the present invention Central Bank opens an account;
The structural representation that Tu4Shi preferred embodiment of the present invention Central Bank bill unit updates;
Tu5Shi preferred embodiment of the present invention Central Bank distributes the bill cellular construction schematic diagram of Hou Ge bank to more banks;
Fig. 6 is the structural representation of bank a newly-built bill unit after opening an account in the preferred embodiment of the present invention;
Fig. 7 is the structural representation of bank b newly-built bill unit after opening an account in the preferred embodiment of the present invention;
Fig. 8 is the bill cellular construction schematic diagram of bank c in the preferred embodiment of the present invention;
Fig. 9 is the bill cellular construction schematic diagram in the preferred embodiment of the present invention with bank transfer;
Figure 10 is one of bill cellular construction schematic diagram that in the preferred embodiment of the present invention, inter-bank is transferred accounts;
Figure 11 is the two of the bill cellular construction schematic diagram that in the preferred embodiment of the present invention, inter-bank is transferred accounts;
Figure 12 is the structural representation of transaction maintenance module in the preferred embodiment of the present invention.
Specific embodiment
It should be noted that in the case of not conflicting, the embodiment in the application and the feature in embodiment can phases
Mutually combine.To describe the present invention below with reference to the accompanying drawings and in conjunction with the embodiments in detail.
In order to reduce traditional note issue, the sky high cost that leads to of circulation, and avoid market confusion that counterfeit money circulation leads to,
And traditional banking supervision system such as cannot prevent money laundering, evade taxation at the infringement, the embodiment of the present invention provides a kind of being based on to pacify
Devices at full hardware can not distort distributed Billing System, as centralization supervision the asset management system first floor system, for
Operation system interaction with the data processing request of response service layer and generates transaction record;With reference to Fig. 1, the present embodiment is based on safety
The distributed Billing System of can not distorting of hardware includes:
Bill unit module 100, is stored in secure hardware for preserving at least one bill list with data structure form
Unit, bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules 200, as the access interface carrying out data interaction with operation system hardware, for receiving operation system
Transaction request and response results are returned to operation system;
Transaction maintenance module 300, is processed for receiving the bill unit in statement unit module after transaction request
With more newly-generated new bill unit, encrypted to new bill unit process after as response results return to operation system with
Form corresponding mirror image data;Wherein, encryption key is based on secure hardware initialization Predistribution Algorithm and adopts cipher key derivative mechanism
Generate.
In the present embodiment, the asset management system of centralization supervision taking banking system as a example illustrates, banking system bag
Include the Duo Jia business bank under the People's Bank of China (hereinafter referred to as Central Bank) as centralization regulator, and Central Bank's supervision,
Each business bank is divided into branch, subbranch by hierarchical relationship again from top to bottom, forms the multi-level architecture system of centralization supervision.
The secure hardware (hsm) that the present embodiment is related to is the dedicated encrypted aiming at protection encryption key life cycle and designing
Processor.Secure hardware module is passed through safely to manage in reliable and anti-tamper equipment, is processed and preserve encryption key, leads to
Cross and provide protection encryption key and configuration encryption, deciphering, authentication and digital Digital signature service for being widely applied program, for handing over
Easily, identifying data and application program provide protection, are typically commonly called as encryption equipment, here is not to its hardware configuration and concrete structure in industry
One-tenth elaborates.
In the present embodiment, secure hardware is multiple, the different levels of the asset management system supervising corresponding to centralization, often
Corresponding one or more bill unit of storage on individual secure hardware, supervisor's authority's machine that secure hardware unification is supervised by centralization
Master key in structure initialization and cipher key derivative mechanism is possessed by being responsible for authoritative institution, the key in the secure hardware of next level
Pond is subordinated to the pool of keys in the secure hardware of last layer level, forms the layered distribution type structure based on centralization, relationship trading
Data multilamellar supervision with operating system in store.
In the present embodiment, with reference to Fig. 2, the data structure of bill unit at least includes: serial number, reference address, quantity and
Key, wherein, Serial No. is used for identifying the corresponding transaction of bill unit dynamically dynamic id;Reference address is for identifying bill
Unique access id of unit;Quantity is used for characterizing numerical value corresponding with the service attribute of operation system, such as, in banking system
This corresponding quantity of numerical value representative money, in securities exchange system, this numerical value represents stock quantity, this number in tax system
Value represents tax, is only for example herein, is not limited thereto;Key is based on initialization Predistribution Algorithm by secure hardware and moves
State updates, and is derived and gone out by the master key of issuer.
The basic operation that the present embodiment is stored in the bill unit in secure hardware is as follows:
A) (can be, the peace in same secure hardware or in different physical locations in different bill units
Between devices at full hardware) between can carry out the payment transfer of optional network specific digit assets, related transfer is synchronous between two bill units
Carry out, the quantity in two bill units is synchronously increased and decreased it is ensured that the total amount before and after assets transfer is constant;
B), the operation of above-mentioned assets transfer is true in the identity of the integrity having carried out bill cell data and both parties
Carry out after reality;
C), transfer operation data related above encryption (computing) is all to carry out in secure hardware.
Below taking digital cash as a example, distributed Billing System can not be distorted in conjunction with the present embodiment and it is carried out illustrating
Bright:
Such as, Central Bank has issued 100 yuan of digital cash, then in hsm secure hardware, a newly-built bill unit is as shown in Figure 3.
Center regulator can distribute a pool of keys to the corresponding hsm of Central Bank, and key 1 is to generate from this pool of keys
, and key automatically generates distribution in hsm hardware, the algorithm of key, by authoritative institution's voluntarily initializing set, props up herein
Hold the algorithm of any digital signature, including symmetrically or non-symmetrically signature, massage authentication code (mac) etc..
1st, there are three business banks below Central Bank, distribute to a bank 40, b bank 30, c bank 20, receiving operation layer
After sending instruction, the interface that hsm is docked with Central Bank can receive an instruction, the bill in the hsm secure hardware on Central Bank backstage
Unit will update, as shown in figure 4, wherein, key 2 is that Central Bank's pool of keys is redistributed to the corresponding bill unit of the Central Bank after renewal
A sub-key, the bill unit of key 1 originally is updated.To distribute to three, three banks right for Central Bank's pool of keys simultaneously
The pool of keys answered: bank's a pool of keys, bank's b pool of keys, bank's c pool of keys.
The payment information (information transferred accounts respectively to three banks) that the present embodiment Billing System returns according to bank simultaneously
Update bill unit, new bill cell data is encrypted to a string character string and returns to banking system, in business after bank validation
The layer corresponding mirror image data of formation (remaining sum), hsm upload payment instruction (three simple bill informations, such as 100-40,60-30,
30-20) arrive cloud device.Carrying out practically process is as follows:
(1), (bill unit is more by each account number currency values on api up-on command change hsm hardware for service layer
Newly);
(2), hsm passes through api downlink command (i.e. serial number+address+quantity+unit is then encryption digital cash document
A string character string with key encryption) give payment system;
(3), hsm passes to the storage of long-distance cloud data center payment instruction (simple bill information).
Then the corresponding generation that the bill unit in the hsm secure hardware on three bank backstages also can be synchronous, as Fig. 5 institute
Show, wherein, key 3 is that bank's a pool of keys is randomly assigned, and key 4 is that bank's b pool of keys is randomly assigned, by that analogy.
2nd, assume that bank a has carried out two clients 1 and 2 and opened an account, client 1 deposits 25 yuan, and client 2 deposits 10 yuan;Bank b has come one
Client 3 opens an account, and client 3 deposits 17, and the transaction request according to operation layer is updated by the corresponding bill unit of three banks, its
In, as shown in fig. 6, wherein, key 6,7,8 is that bank's a pool of keys is randomly assigned to the structure after the bill unit renewal of bank a
, the corresponding bill unit of original cipher key 3 is updated, and in the same manner, hsm also generates corresponding simple bill information and is uploaded to high in the clouds and sets
Standby;As shown in fig. 7, wherein, key 9,10 is that bank's b pool of keys is randomly assigned to structure after the bill unit renewal of bank b,
The corresponding bill unit of original cipher key 4 is updated, and in the same manner, hsm also generates corresponding simple bill information and is uploaded to cloud device;Silver
The bill unit of row c keeps constant, and structure is as shown in Figure 8.
3rd, same to bank transfer:
Client 1 transfers accounts 6 yuan to client 2, and now the structure after the bill unit variation of bank a is as shown in figure 9, key before
7th, 8 corresponding bill units are updated, and send simple bill information (25-6,10+6) to cloud device simultaneously, other bills
Unit is constant.
4th, inter-bank is transferred accounts:
Client 1 transfers accounts 4 yuan to client 3, and the structure after the bill unit variation of bank a is as shown in Figure 10, the bill of bank b
Structure after unit variation is as shown in figure 11.The corresponding bill unit of key 11 is updated before, sends a simple account simultaneously
Single information (19-4) gives cloud device;The corresponding bill unit of key 10 is updated before, sends a simple bill letter simultaneously
Breath (17+4) gives cloud device.
In the distributed Billing System that the present embodiment provides, digital cash is that to be stored in hsm in the form of data structure hard
In part, there is uniqueness, and the present embodiment need not change existing financial payment systems, hsm is accessed after financial sector, finance
In system, the amount of money of display is mirror image, and all of transaction is both needed to online verification.The block chain technology of the present embodiment and bit coin is deposited
In essential difference, block chain is scattered, when New Transaction produces, needs all participation nodes of whole network are tested
Card, and each node will use block chain data structure, the present embodiment only need to access in banking system hsm api or
Hsm is directly connected by person with operation system hardware, you can be traded circulating by instruction, and operation system itself will not be subject to
Impact.
Specifically, with reference to Figure 12, the present embodiment transaction maintenance module 300 includes:
Authentication submodule 310, for by send after corresponding for local bill unit transaction request key-encrypted to
The corresponding secure hardware of last layer level carry out authentication and next level is sended over encrypted after transaction request enter
Row authentication;
Trading processing submodule 320, for the authentication result treatment transaction request according to last layer level, more newly-generated
New bill unit;
Receipt generates submodule 330, for returning business to after the new encrypted process of bill unit as response results
System.
When the present embodiment is implemented, each secure hardware implements initialization by being responsible for authoritative institution, including the calculation of various encryption and decryption
Method and initial parameter etc., the transactions demand of service layer after the pretreatment of operation system, is generating transaction request instruction
To the corresponding secure hardware of bottom, it is traded required cipher key derivative, the encryption and decryption of transaction data in secure hardware, concluding the business disappears
Payment transfer in the certification of breath, transaction (i.e. it is readable, not writeable under numerical value routine in the rewriting of data value, such as bill unit,
On the premise of authentication, this data is writeable, realizes the plus-minus of quantitative attribute in different bill units), return implementing result and give
Operation layer.The security mechanism of operation layer by operation system or mechanism for implementing, not in the elaboration scope of the present invention.The present embodiment
Secure hardware realizes the authentication to transaction request through authentication submodule 310 so that transaction circulation is after online verification
Carry out, and return after being digitally signed through its corresponding key by the hsm of last layer level, to ensure the reliability supervised and not
The property denied;The instruction that trading processing submodule 320 returns according to last layer level, reconciliation single unit is written over updating to generate
New bill unit, includes the rewriting of logarithm value herein, the renewal through add algorithm renewal and key for the serial number;Receipt generates son
New bill unit is returned to operation system using generation character string after key encryption by module 330, is formed in operation layer
Corresponding mirror image data.
Preferably, the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware:
Trades record module, comprises at least to characterize bill unit renewal correspondence for being generated according to the transaction request receiving
Trading processing record bill information.Preferably, this bill information returns to operation system with response results, with operation layer
Form transaction complete documentation.It is highly preferred that the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware:
Cloud data storing platform, receives the bill information that simultaneously store transaction logging modle generates, to deposit to transaction record beyond the clouds
Deposit part, is easy to subsequent query.
Preferably, the present embodiment is also included based on the distributed Billing System of can not distorting of secure hardware:
Export module, for the bill unit preserving in bill unit module is derived after its corresponding key encryption to
Third party's operation system.The data of the bill unit in hsm becomes single character string after encryption, as third party's numeral money
Produce the mark of payment system, and then realize and the existing or following third party's digital asset payment system (as to class wallet)
Docking.Preferably, the bill element string derived from hsm (host security modules), is storable in terminal unit (mobile phone, electricity
Brain etc.) and financial technology platform (stored value card, tax system etc.) in, online character string is verified at any time.
In the present embodiment, the derivative algorithm of the key in secure hardware is designed by issuer, such as by Central Bank, tax bureau etc.
Authoritative issuer master key derives, and derivative algorithm executes in hsm and generates specific key, key do not go out hsm it is ensured that
Key and the data safety of this key encryption.And data block is encrypted to character string when exporting to character string from hsm, really
Protect the integrity of character string representing bill unit and can verify that, and the data security in process of exchange.
The present invention can not distort distributed Billing System based on secure hardware, hard by bill unit is stored in safety
In part, and the transaction request that response is derived from operation layer that updates through the bill unit in secure hardware, realization transaction circulation, and more
Bill unit after new returns to operation system after the key encryption in secure hardware, and the key in secure hardware is by first
Beginningization Predistribution Algorithm adopts cipher key derivative mechanism to generate so that the key of bill unit is realized in process of exchange in secure hardware
The non-repudiation of data encryption and data manipulation/can not distort, and All Activity all centralization supervision management under it is ensured that
Uniqueness that transaction bottom data is processed, authoritative and safety, additionally, the present invention can not distort distributed Billing System need not
Change existing operation layer transaction system, only secure hardware directly need to be connected with operation system hardware or through network and business
System hardware is connected, and the secure hardware that bill unit is located is existed with backstage form, and the transaction to operation system responds, and
Capacitive is good, easy to utilize.
According to a further aspect in the invention, a kind of transaction in assets processing method is also provided, based on above-described embodiment based on
Secure hardware can not distort distributed Billing System, the bottom of the transaction request as response service system for the distributed Billing System
Layer system, the bill unit that transaction is related to synchronizes renewal.
The present embodiment transaction in assets processing method also includes:
Bill unit in secure hardware is derived supplies it to sign to third party's operation system, to realize two or two
The transaction based on same secure hardware for the above regulator is supervised.Two supervision can be realized on same secure hardware device
The key management function of mechanism's (such as currency and tax), management and control strategy and equipment Initialize installation by authoritative institution's sets itself,
Voluntarily control, that realizes data can not tamper.
It should be understood that the embodiment of the present invention, with the citing of digital cash, only readily appreciates, do not constitute to this Shen
Please claims restriction, the distributed Billing System of the present embodiment can also be used in bank, the tax, foreign exchange, stock
Etc. field, payment system, banking system, tax system, intra-company edi (electric data can be used in
Interchange) it is only necessary to make the data structure of correspondence system needs into.In addition, the account of these different regulators encryptions
Single, can be signed mutually, so, a certain tax reciept can correspond to a certain payment (of course not all be required for), such many
Supervision unit, the complexity " distributed bill " of multiple supervision data.
The corresponding asset management system of transaction in assets of the present invention can be banking system, tax system, securities system or enterprise
Electronic data interchange system in the industry.
It should be noted that the step that illustrates of flow process in accompanying drawing can be in such as one group of computer executable instructions
Execute in computer system, and although showing logical order in flow charts, but in some cases, can be with not
It is same as the step shown or described by order execution herein.
Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general
Computing device realizing, they can concentrate on single computing device, or be distributed in multiple computing devices and formed
Network on, alternatively, they can be realized with the executable program code of computing device, it is thus possible to they are stored
To be executed by computing device in the storage device, or they be fabricated to each integrated circuit modules respectively, or by they
In multiple modules or step be fabricated to single integrated circuit module to realize.So, the present invention be not restricted to any specific
Hardware and software combines.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, made any repair
Change, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (10)
1. a kind of based on secure hardware can not distort distributed Billing System it is characterised in that as centralization supervision money
Produce the first floor system of management system, for interacting with the data processing request of response service layer with operation system and generating transaction note
Record;Described included based on the distributed Billing System of can not distorting of secure hardware:
Bill unit module, is stored in for preserving at least one bill unit with data structure form in described secure hardware,
Described bill unit is used for characterizing numerical value corresponding with the service attribute of operation system to meet settlement of transactions demand;
Access modules, as the access interface carrying out data interaction with operation system hardware, for receiving the transaction of operation system
Response results are simultaneously returned to operation system by request;
Transaction maintenance module, is processed to the bill unit in described bill unit module after described transaction request for receiving
With more newly-generated new bill unit, after process encrypted to described new bill unit, return to described industry as response results
Business system is to form corresponding mirror image data;Wherein, described encryption key is based on described secure hardware and initializes Predistribution Algorithm
Generated using cipher key derivative mechanism.
2. according to claim 1 based on secure hardware can not distort distributed Billing System it is characterised in that
Described secure hardware is multiple, corresponding to the different levels of the asset management system of centralization supervision, each described safety
Corresponding one or more bill unit of storage, the supervisor authoritative institution that described secure hardware unification is supervised by centralization on hardware
Master key in initialization and described cipher key derivative mechanism is possessed by described supervisor authoritative institution, in the secure hardware of next level
Pool of keys be subordinated to the pool of keys in the secure hardware of last layer level.
3. according to claim 2 based on secure hardware can not distort distributed Billing System it is characterised in that
The data structure of described bill unit at least includes: serial number, reference address, quantity and key, wherein, described serial number
It is that described reference address is for identifying described bill unit for identifying the corresponding transaction of described bill unit dynamically dynamic id
Unique access id, described quantity be used for characterize numerical value corresponding with the service attribute of operation system, described key is by described peace
Devices at full hardware is based on initialization Predistribution Algorithm and dynamically updates.
4. according to claim 3 based on secure hardware can not distort distributed Billing System it is characterised in that
Described transaction maintenance module includes:
Authentication submodule, for sending a supreme level by after corresponding for local bill unit transaction request key-encrypted
Corresponding secure hardware carry out authentication and next level is sended over encrypted after transaction request carry out identity and test
Card;
Trading processing submodule, for the authentication result treatment transaction request according to last layer level, more newly-generated new account
Single unit;
Receipt generates from module, returns business system for after process encrypted to described new bill unit as response results
System.
5. according to claim 1 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware
Include:
Trades record module, comprises at least to characterize described bill unit renewal for being generated according to the described transaction request receiving
The bill information of corresponding trading processing record.
6. according to claim 5 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware
Include:
Cloud data storing platform, receives and stores the bill information that described trades record module generates.
7. according to claim 3 distributed Billing System can not be distorted it is characterised in that also wrapping based on secure hardware
Include:
Export module, for deriving to the 3rd the bill unit preserving in bill unit module after its corresponding key encryption
Square operation system.
8. a kind of transaction in assets processing method is it is characterised in that arbitrary described hard based on safety based on such as claim 1 to 7
Part can not distort distributed Billing System, the bottom of the transaction request as response service system for the described distributed Billing System
System, the bill unit that transaction is related to synchronizes renewal.
9. transaction in assets processing method according to claim 8 is it is characterised in that also include:
Bill unit in described secure hardware is derived supplies it to sign to third party's operation system, to realize two or two
The transaction based on same secure hardware for the above regulator is supervised.
10. transaction in assets processing method according to claim 8 it is characterised in that
The corresponding asset management system of described transaction in assets is the electricity in banking system, tax system, securities system or enterprise
Subdata exchange system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610736004.5A CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610736004.5A CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106339939A true CN106339939A (en) | 2017-01-18 |
CN106339939B CN106339939B (en) | 2020-05-15 |
Family
ID=57823021
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610736004.5A Active CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106339939B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107103471A (en) * | 2017-03-28 | 2017-08-29 | 上海瑞麒维网络科技有限公司 | The method and device of transaction legitimacy is determined based on block chain |
CN107633390A (en) * | 2017-08-25 | 2018-01-26 | 中积有限公司 | A kind of cloud wallet management method and server |
CN108564369A (en) * | 2018-04-18 | 2018-09-21 | 常州大学 | A kind of decentralization moneytary operations method based on region chain |
WO2018177124A1 (en) * | 2017-03-30 | 2018-10-04 | 腾讯科技(深圳)有限公司 | Service processing method and device, data sharing system and storage medium |
CN108717659A (en) * | 2018-04-03 | 2018-10-30 | 中电科大数据研究院有限公司 | A kind of measures of tax collection and framework based on block chain |
CN108881163A (en) * | 2017-05-16 | 2018-11-23 | 江峰 | A kind of multicenter block catenary system with block issue mechanism |
CN108876579A (en) * | 2018-07-05 | 2018-11-23 | 江苏恒宝智能系统技术有限公司 | A kind of tax declaration management method and system based on block chain |
CN109165957A (en) * | 2018-08-14 | 2019-01-08 | 海南高灯科技有限公司 | Invoice data method of charging out, system and relevant device based on block chain |
WO2019015232A1 (en) * | 2017-07-19 | 2019-01-24 | 招商银行股份有限公司 | Remittance processing method and system, and computer-readable storage medium |
GB2569207A (en) * | 2017-07-19 | 2019-06-12 | China Merchants Bank Company | Remittance processing method and system, and computer-readable storage medium |
CN110490700A (en) * | 2019-08-08 | 2019-11-22 | 上海源庐加佳信息科技有限公司 | A kind of staple commodities spot business system based on block chain intelligence contract |
CN111488399A (en) * | 2020-05-06 | 2020-08-04 | 北京俩撇科技有限公司 | Block chain system, transaction processing method and device |
CN111587434A (en) * | 2018-01-02 | 2020-08-25 | 惠普发展公司,有限责任合伙企业 | Adjustment of modifications |
CN111669377A (en) * | 2020-05-27 | 2020-09-15 | 国家广播电视总局广播电视规划院 | Safety control method for block chain chaining information |
CN111932255A (en) * | 2020-08-12 | 2020-11-13 | 中国工商银行股份有限公司 | Method and device for realizing transaction reconciliation based on cryptocurrency |
CN117094722A (en) * | 2023-10-19 | 2023-11-21 | 深圳薪汇科技有限公司 | Security supervision method and system for online payment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102496112A (en) * | 2011-11-24 | 2012-06-13 | 烽火通信科技股份有限公司 | Three-screen payment system based on intelligent SD card and realization method thereof |
CN104376493A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Safe processing system and method based on encryption equipment |
CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
-
2016
- 2016-08-26 CN CN201610736004.5A patent/CN106339939B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102496112A (en) * | 2011-11-24 | 2012-06-13 | 烽火通信科技股份有限公司 | Three-screen payment system based on intelligent SD card and realization method thereof |
CN104376493A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Safe processing system and method based on encryption equipment |
CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
Non-Patent Citations (1)
Title |
---|
李晓敦: "建设银行新疆区分行应用安全控管系统方案设计", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107103471B (en) * | 2017-03-28 | 2020-06-30 | 上海瑞麒维网络科技有限公司 | Method and device for determining transaction validity based on block chain |
CN107103471A (en) * | 2017-03-28 | 2017-08-29 | 上海瑞麒维网络科技有限公司 | The method and device of transaction legitimacy is determined based on block chain |
TWI672648B (en) * | 2017-03-30 | 2019-09-21 | 大陸商騰訊科技(深圳)有限公司 | Business process method and device, data share system, and storage medium |
WO2018177124A1 (en) * | 2017-03-30 | 2018-10-04 | 腾讯科技(深圳)有限公司 | Service processing method and device, data sharing system and storage medium |
CN110365491A (en) * | 2017-03-30 | 2019-10-22 | 腾讯科技(深圳)有限公司 | Method for processing business, device, equipment, storage medium and data-sharing systems |
CN108881163A (en) * | 2017-05-16 | 2018-11-23 | 江峰 | A kind of multicenter block catenary system with block issue mechanism |
WO2019015232A1 (en) * | 2017-07-19 | 2019-01-24 | 招商银行股份有限公司 | Remittance processing method and system, and computer-readable storage medium |
GB2569207A (en) * | 2017-07-19 | 2019-06-12 | China Merchants Bank Company | Remittance processing method and system, and computer-readable storage medium |
TWI694396B (en) * | 2017-07-19 | 2020-05-21 | 大陸商招商銀行股份有限公司 | Remittance processing method, system and computer readable storage medium |
CN107633390A (en) * | 2017-08-25 | 2018-01-26 | 中积有限公司 | A kind of cloud wallet management method and server |
CN111587434A (en) * | 2018-01-02 | 2020-08-25 | 惠普发展公司,有限责任合伙企业 | Adjustment of modifications |
CN108717659A (en) * | 2018-04-03 | 2018-10-30 | 中电科大数据研究院有限公司 | A kind of measures of tax collection and framework based on block chain |
CN108564369A (en) * | 2018-04-18 | 2018-09-21 | 常州大学 | A kind of decentralization moneytary operations method based on region chain |
CN108564369B (en) * | 2018-04-18 | 2021-07-27 | 常州大学 | Decentralized currency transaction method based on regional chain |
CN108876579A (en) * | 2018-07-05 | 2018-11-23 | 江苏恒宝智能系统技术有限公司 | A kind of tax declaration management method and system based on block chain |
CN109165957A (en) * | 2018-08-14 | 2019-01-08 | 海南高灯科技有限公司 | Invoice data method of charging out, system and relevant device based on block chain |
CN110490700A (en) * | 2019-08-08 | 2019-11-22 | 上海源庐加佳信息科技有限公司 | A kind of staple commodities spot business system based on block chain intelligence contract |
CN111488399A (en) * | 2020-05-06 | 2020-08-04 | 北京俩撇科技有限公司 | Block chain system, transaction processing method and device |
CN111669377A (en) * | 2020-05-27 | 2020-09-15 | 国家广播电视总局广播电视规划院 | Safety control method for block chain chaining information |
CN111669377B (en) * | 2020-05-27 | 2023-02-03 | 国家广播电视总局广播电视规划院 | Safety control method for block chain chaining information |
CN111932255A (en) * | 2020-08-12 | 2020-11-13 | 中国工商银行股份有限公司 | Method and device for realizing transaction reconciliation based on cryptocurrency |
CN111932255B (en) * | 2020-08-12 | 2023-11-03 | 中国人民银行数字货币研究所 | Method and device for realizing transaction reconciliation based on encrypted currency |
CN117094722A (en) * | 2023-10-19 | 2023-11-21 | 深圳薪汇科技有限公司 | Security supervision method and system for online payment |
CN117094722B (en) * | 2023-10-19 | 2024-01-30 | 深圳薪汇科技有限公司 | Security supervision method and system for online payment |
Also Published As
Publication number | Publication date |
---|---|
CN106339939B (en) | 2020-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106339939A (en) | Tamper-proofing distributed bill system based on safety hardware and transaction processing method | |
Oh et al. | A case study on business model innovations using Blockchain: focusing on financial institutions | |
KR102656597B1 (en) | Systems and methods for controlling digital assets | |
Bollen | The Legal Status of Online Currencies–Are Bitcoins the Future? | |
WO2018226868A1 (en) | Linked multiple blockchain system | |
US20190303886A1 (en) | System and method for multi-tiered distributed network transactional database | |
CN101140648A (en) | Method for bank bill online authorisation and off line trading | |
Dudin et al. | Mitigation of cyber risks in the field of electronic payments: organizational and legal measures | |
Bhattacharya et al. | A blockchain based peer-to-peer framework for exchanging leftover foreign currency | |
Palihapitiya | Blockchain Revolution in Banking Industry | |
Vaz et al. | Money without institutions, how can cryptocurrencies be trusted | |
Alamsyah et al. | A Taxonomy on Blockchain-Based Technology in the Financial Industry: Drivers, Applications, Benefits, and Threats | |
Van Hee et al. | A new digital currency system | |
WO2019140247A2 (en) | Multi-partner regional or national blockchain transaction system | |
Clark et al. | Why private cryptocurrencies cannot serve as international reserves but central bank digital currencies can | |
Gupta et al. | A blockchain-backed central bank cryptocurrency | |
Thakur et al. | Regulation of Cryptocurrency in India: Issues and Challenges | |
Zaidi | Blockchain: Emerging Trends, Applications, and Challenges | |
Ashfaq et al. | Central Bank Digital Currencies and the Global Financial System: Theory and Practice | |
Hassan | Blockchain technology and its potential effect on the banking industry (China Case Study) | |
Joy | The Future of Crypto-Currency in the Absence of Regulation, Social and Legal Impact | |
KR20200129799A (en) | Banking service providing system and method using cryptocurrency | |
Chen et al. | The present and future of China’s Internet finance—the trend of FinTech innovation in China | |
Loginov et al. | Concept of the сryptoruble market formation in Russia | |
Zhao et al. | Challenges of Blockchain adoption in financial services in China's Greater Bay Area |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |