CN107301545B - Transaction verification method based on timestamp - Google Patents
Transaction verification method based on timestamp Download PDFInfo
- Publication number
- CN107301545B CN107301545B CN201710245368.8A CN201710245368A CN107301545B CN 107301545 B CN107301545 B CN 107301545B CN 201710245368 A CN201710245368 A CN 201710245368A CN 107301545 B CN107301545 B CN 107301545B
- Authority
- CN
- China
- Prior art keywords
- issuer
- timestamp
- operator
- key
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a transaction verification method based on a timestamp, which comprises the following steps: initializing a system, wherein an issuer acquires a system clock from an operator to complete time synchronization, the operator generates an operator timestamp master key, and the issuer generates an issuer timestamp master key; the operator timestamp sub-keys obtained by dispersing the operator timestamp master keys are issued to the issuer, and the user obtains the operator timestamp sub-keys and the issuer timestamp sub-keys obtained by dispersing the issuer timestamp master keys from the issuer; in the transaction process, a user operates to complete an order and submits the order to an operator, and the order is doubly encrypted by an operator timestamp sub-key and an account issuer timestamp sub-key; the operator verifies the order by using the operator timestamp master key, and submits the order to the issuer after the order passes; the issuer verifies the order with the issuer timestamp and completes the payment if passed. The invention can realize double verification and further improve the safety and the effectiveness of payment verification.
Description
Technical Field
The invention relates to the technical field of transaction verification, in particular to a transaction verification method based on a timestamp.
Background
With the development of mobile payment methods, higher requirements are put on the verification of payment. The payment verification requires safety and effectiveness, most verification methods at present adopt a unilateral verification method of an operator, the verification of an issuer is lacked, and the counterfeit transaction of the operator can cause the loss of the issuer.
Disclosure of Invention
The invention aims at the problems and provides a transaction verification method based on time stamps, which adopts a double time stamp mechanism, wherein one time stamp key is controlled by a terminal operator and is used for preventing duplication and retransmission, and the other time stamp key is controlled by an account issuer and is used for preventing the terminal operator from forging transactions.
In order to solve the above problems, the present invention intends to adopt the following technical solution, and a transaction verification method based on a timestamp includes the following steps:
1) initializing the system, acquiring a system clock from an operator by an issuer to complete time synchronization, generating an operator timestamp master key by the operator, and generating an issuer timestamp master key by the issuer;
2) the operator timestamp sub-keys obtained by dispersing the operator timestamp main keys are issued to the issuer, and the user obtains the operator timestamp sub-keys and the issuer timestamp sub-keys obtained by dispersing the issuer timestamp main keys from the issuer;
3) in the transaction process, the user operates to complete an order and submits the order to the operator, and the order is doubly encrypted by the operator timestamp sub-key and the account issuer timestamp sub-key;
4) the operator verifies the order by using the operator timestamp master key, and submits the order to the issuer after the order passes;
5) and the issuer verifies the order by using the issuer timestamp, and if the order passes, the payment is completed.
Furthermore, the operator timestamp master key is produced by two modes, one mode is that a random number key mode is adopted, and the operator generates a key corresponding to the date every day and sends the key down through a protocol; and secondly, a fixed key mode is adopted, and the key is stored in a security verification module arranged in an operator.
Further, the issuer timestamp master key is generated by a random number method, the issuer generates a root key corresponding to a date every day, and the root key is stored in the secure device of the issuer.
Further, the system clock is synchronously acquired by the operator server through the internet NTP.
Further, the transaction verification method adopts a two-dimensional code verification mode, and the operator timestamp sub-key and the account issuer timestamp sub-key serve as components of the two-dimensional code data.
The invention can realize double verification, further improve the safety and effectiveness of payment verification; meanwhile, the method can prevent an operator from forging the transaction order, so that the transaction order has non-repudiation.
Drawings
FIG. 1 is a schematic block diagram of transaction verification according to an embodiment of the present invention;
fig. 2 is a block diagram of MAC computation in accordance with an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the present invention provides a transaction verification method based on time stamp, which implements dual verification of an operator and an issuer, and includes the following steps:
1) initializing the system, acquiring a system clock from an operator by an issuer to complete time synchronization, generating an operator timestamp master key by the operator, and generating an issuer timestamp master key by the issuer;
2) the operator timestamp sub-keys obtained by dispersing the operator timestamp main keys are issued to the issuer, and the user obtains the operator timestamp sub-keys and the issuer timestamp sub-keys obtained by dispersing the issuer timestamp main keys from the issuer;
3) in the transaction process, the user operates to complete an order and submits the order to the operator, and the order is doubly encrypted by the operator timestamp sub-key and the account issuer timestamp sub-key;
4) the operator verifies the order by using the operator timestamp master key, and submits the order to the issuer after the order passes;
5) and the issuer verifies the order by using the issuer timestamp, and if the order passes, the payment is completed.
In a preferred embodiment, the cipher types of the operator timestamp master key and the issuer timestamp master key are both 16 byte 3DES keys. The operator timestamp master key adopts a random number key mode, and the operator generates a key corresponding to the date every day and sends the key down through a protocol; the issuer timestamp master key is generated by means of random numbers, the issuer generates a root key for each day, the root key being stored in the issuer's secure device.
Before transaction, a user firstly initiates an account application to an issuer, and applies for issuing a certificate through giving the user, wherein the certificate comprises user information and time information, a timestamp master key (an operator or the issuer) takes the user information and the time information as dispersion factors to obtain a timestamp subkey, and a specific algorithm is as follows: the timestamp master key takes 16 bytes obtained by adding the 8-byte dispersion factor and the negation value of the 8-byte dispersion factor to calculate 3des as a timestamp subkey.
In the transaction process, the user APP encrypts data by using the operator timestamp subkey and the issuer timestamp subkey to generate a two-dimensional code. The operator scans the two-dimensional code, verifies the timestamp of the operator, and generates an order and submits the order to the issuer after the verification is passed; and the issued order is subjected to issuer timestamp verification, and the order is completed if the verification is successful.
The verification method of the timestamp (operator or issuer) is that the timestamp sub-key calculates the MAC for the preset time and the verification data, such as the timestamp sub-key calculates the MAC for the certificate issuing date (4 bytes) + the two-dimensional code generation time (4 bytes) + the payment type (3 bytes).
The MAC calculation steps are as follows:
1. taking 8 16-system numbers 00,00,00,00,00,00,00 and 00 as initial values;
2. the authentication data needed to compute the MAC is divided into data blocks in units of 8 bytes, labeled D1, D2., Dn. The last data block Dn may be 1-8 bytes;
3. if the length of the last data block is 8, adding 16-system numbers 80,00,00,00, 00; if the last data block length is equal to 7, then add a 16-ary number 80; if the last data block is less than 7, adding a 16-system number 80, and repeatedly adding a 16-system number 00 until 8 bytes are reached;
4. encrypting the verification data with corresponding key, calculating by using 8-byte initial value and 8-byte initial value as shown in FIG. 2
Carrying out XOR operation on the data blocks to obtain 8-byte data, and then encrypting the 8-byte data by utilizing a left half part DES (same as 8 bytes) of a 16-byte key; the resulting encrypted 8-byte data and
carrying out XOR operation on the data blocks to obtain new 8-byte data, and then encrypting the new 8-byte data by utilizing the left half part DES of the 16-byte key; and so on until and
carrying out exclusive or operation on the data blocks, and encrypting the finally obtained 8-byte data by using a 16-byte left half part DES; the encrypted 8-byte data is decrypted by using a 16-byte right half part DES (which is also 8 bytes) to obtain decrypted data (8 bytes); then, encrypting the decrypted data by using the left half part DES of the 16-byte key to obtain 8-byte encrypted data, and taking the first four bytes of the encrypted data as a result; and comparing the obtained result with the verification value, if the result is consistent with the verification value, the verification is successful, and otherwise, the verification fails.
The transaction verification method based on the timestamp can realize double verification and further improve the safety and the effectiveness of payment verification; meanwhile, the method can prevent an operator from forging the transaction order, so that the transaction order has non-repudiation.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention, and the scope of the present invention is not limited thereto, and any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (3)
1. A method for time stamp based transaction verification, comprising the steps of:
1) initializing the system, acquiring a system clock from an operator by an issuer to complete time synchronization, generating an operator timestamp master key by the operator, and generating an issuer timestamp master key by the issuer;
2) the operator timestamp sub-keys obtained by dispersing the operator timestamp main keys are issued to the issuer, and the user obtains the operator timestamp sub-keys and the issuer timestamp sub-keys obtained by dispersing the issuer timestamp main keys from the issuer;
3) in the transaction process, the user operates to complete an order and submits the order to the operator, and the order is doubly encrypted by the operator timestamp sub-key and the account issuer timestamp sub-key;
4) the operator verifies the order by using the operator timestamp master key, and submits the order to the issuer after the order passes;
5) the issuer verifies the order with the issuer timestamp, and payment is completed if the order passes;
the operator timestamp master key is produced by two modes, namely, a random number key mode is adopted, and the operator generates a key corresponding to the date every day and sends the key down through a protocol; secondly, a fixed key mode is adopted, and a key is stored in a security verification module arranged in an operator;
the issuer timestamp master key is generated by a random number mode, the issuer generates a root key corresponding to the date every day, and the root key is stored in the secure device of the issuer.
2. The timestamp based transaction verification method of claim 1, wherein said system clock is synchronously acquired by the operator server through the internet NTP.
3. A method as claimed in any one of claims 1 to 2, wherein the transaction verification method uses a two-dimensional code verification method, and the operator timestamp sub-key and the account issuer timestamp sub-key are part of the two-dimensional code data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710245368.8A CN107301545B (en) | 2017-04-14 | 2017-04-14 | Transaction verification method based on timestamp |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710245368.8A CN107301545B (en) | 2017-04-14 | 2017-04-14 | Transaction verification method based on timestamp |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107301545A CN107301545A (en) | 2017-10-27 |
| CN107301545B true CN107301545B (en) | 2020-09-01 |
Family
ID=60137537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710245368.8A Active CN107301545B (en) | 2017-04-14 | 2017-04-14 | Transaction verification method based on timestamp |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107301545B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111654367B (en) * | 2018-08-31 | 2023-05-12 | 创新先进技术有限公司 | Method for cryptographic operation and creation of working key, cryptographic service platform and device |
| CN111160915B (en) * | 2018-11-08 | 2024-01-09 | 腾讯科技(深圳)有限公司 | Riding code verification method and device, traffic code scanning equipment and terminal equipment |
| CN112073188B (en) * | 2020-08-31 | 2023-01-24 | 北京市商汤科技开发有限公司 | Authentication method, device, equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
| CN103888264A (en) * | 2014-04-08 | 2014-06-25 | 北京爱创科技股份有限公司 | Inter-mobile-phone data transferring method based on background data exchange, terminal and system |
| CN105868981A (en) * | 2016-04-11 | 2016-08-17 | 万集融合信息技术(北京)有限公司 | Mobile payment method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10063374B2 (en) * | 2015-05-31 | 2018-08-28 | Massachusetts Institute Of Technology | System and method for continuous authentication in internet of things |
-
2017
- 2017-04-14 CN CN201710245368.8A patent/CN107301545B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102842081A (en) * | 2011-06-23 | 2012-12-26 | 上海易悠通信息科技有限公司 | Method for generating two-dimensional code and implementing mobile payment by mobile phone |
| CN103888264A (en) * | 2014-04-08 | 2014-06-25 | 北京爱创科技股份有限公司 | Inter-mobile-phone data transferring method based on background data exchange, terminal and system |
| CN105868981A (en) * | 2016-04-11 | 2016-08-17 | 万集融合信息技术(北京)有限公司 | Mobile payment method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107301545A (en) | 2017-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11856104B2 (en) | Methods for secure credential provisioning | |
| US20220224551A1 (en) | Mutual authentication of confidential communication | |
| US9806889B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| US9647845B2 (en) | Key downloading method, management method, downloading management method, device and system | |
| CN103729945B (en) | A kind of method and system of secure download terminal master key | |
| CN102307096B (en) | Data cryption system for Pseudo-Rivest, Shamir and Adleman (RSA)-key-based recently public key cryptography algorithm | |
| WO2019166001A1 (en) | Token generation and verification method and smart terminal | |
| WO2015161683A1 (en) | Unified apk signing method and system thereof | |
| CN101262341A (en) | A mixed encryption method in session system | |
| CN105553662A (en) | Dynamic digital right management method and system based on identification password | |
| CN107301545B (en) | Transaction verification method based on timestamp | |
| CN111526007B (en) | Random number generation method and system | |
| CN110969431A (en) | Safe trusteeship method, equipment and system of block chain digital currency private key | |
| CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
| CN110545169B (en) | Block chain method and system based on asymmetric key pool and implicit certificate | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| CN103905196A (en) | PIN switch encryption method | |
| CN112738051A (en) | Data information encryption method, system and computer readable storage medium | |
| CN101651538A (en) | Method for safe transmission of data based on creditable password module | |
| CN101808100B (en) | Method and system for solving replay of remote update of information safety device | |
| CN112737783B (en) | Decryption method and device based on SM2 elliptic curve | |
| CN114139177A (en) | Token generation method, system and device | |
| EP3185504A1 (en) | Security management system for securing a communication between a remote server and an electronic device | |
| CN112398647A (en) | Consumable dynamic encryption method for channel distribution management | |
| CN116886317B (en) | Method, system and equipment for distributing secret key between server and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |