CN107958551B - Business-extensible bank full-channel remote centralized authorization system - Google Patents

Business-extensible bank full-channel remote centralized authorization system Download PDF

Info

Publication number
CN107958551B
CN107958551B CN201711481389.6A CN201711481389A CN107958551B CN 107958551 B CN107958551 B CN 107958551B CN 201711481389 A CN201711481389 A CN 201711481389A CN 107958551 B CN107958551 B CN 107958551B
Authority
CN
China
Prior art keywords
authorization
transaction
core
authorized
application end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711481389.6A
Other languages
Chinese (zh)
Other versions
CN107958551A (en
Inventor
陈茂
马胜蓝
林婉霞
吴金聪
王桐森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Province Rural Credit Cooperatives Association
Original Assignee
Fujian Province Rural Credit Cooperatives Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Province Rural Credit Cooperatives Association filed Critical Fujian Province Rural Credit Cooperatives Association
Priority to CN201711481389.6A priority Critical patent/CN107958551B/en
Publication of CN107958551A publication Critical patent/CN107958551A/en
Application granted granted Critical
Publication of CN107958551B publication Critical patent/CN107958551B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/211Software architecture within ATMs or in relation to the ATM network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Development Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a business-extensible bank full-channel remote centralized authorization system, which comprises an application end and an authorization end, wherein the application end comprises a client and a webpage end, and the client and the webpage end are respectively communicated with the authorization end through a network; the application terminal is used for recording transaction elements, submitting transaction requests, triggering authorization judgment to execute corresponding operations, and transmitting the transaction elements to a database in a rich text form for processing by the authorization terminal when the authorization judgment is remote authorization; the authorization end is used for acquiring the transaction elements from the database to analyze and restore, storing an authorization processing result after authorization processing, feeding the authorization processing result back to the corresponding application end to display, and realizing a unified authorization processing mode by setting a pre-verification rule and optimizing an authorization rule, wherein the pre-verification is extensible, and the authorization rule service is extensible.

Description

Business-extensible bank full-channel remote centralized authorization system
Technical Field
The invention relates to a bank remote authorization system, in particular to a bank full-channel remote centralized authorization system with expandable business.
Background
The remote centralized authorization system is supported by network communication and camera technology, innovating a bank business authorization working mode, centralizing businesses which are determined to need remote authorization in business to a background authorization center, reproducing the business situation of a network counter in the authorization center, realizing that authorization businesses are efficiently and intensively audited by an authorization center teller and finish authorization processing, further realizing physical isolation between the teller foreground and the authorization teller, effectively reducing operation risks, optimizing human resource configuration, solving the problem of busy and uneven authorization business volume, improving the business processing efficiency and improving the overall target of customer satisfaction.
At present, the remote centralized authorization system mainly has the following defects:
(1) and a unified authorization mode is lacked, and most of the prior art adopts a counter mode for access, so that access support for non-counter channels (such as electronic channels) in future bank transformation is insufficient. The existing documents such as thinking about remote authorization service of commercial bank, china trade (23 rd), development and thinking of remote authorization service in bank transformation, and development and thinking of remote authorization service in china financial computer (6 th) propose the possibility of full channel access in the future, but do not describe the specific technical implementation details, and the unified authorization mode needs to consider the processing parallel mode of original core system authorization, counter authorization, electronic channel authorization and the exception handling mechanism of the authorization system. Moreover, when a new channel is accessed, a new access mode needs to be developed again (the access modes of the B/S, C/S mode are different, and the interface analysis mode under the C/S mode is different), and the expansibility is poor. Meanwhile, the authorized user roles are single-user roles, single-user composite use cannot be achieved, and the permission can be switched only by continuously configuring the roles of the users in the background.
(2) Invalid grant and duplicate grant processing are insufficient. Especially, after the access to the whole channel, the authorization amount is greatly increased, the complexity of the authorization system processing is high, and the problems of efficiency improvement and expansibility need to be comprehensively considered. In the existing document, "development and thinking of remote authorization service in bank transformation, china financial computer (phase 6)", it is proposed to completely separate authorization rules from an authorization system, and there is a certain amount of modification to the separated system, especially authorization inside the core needs to be comprehensively considered, but the referential property to different banks is low. Meanwhile, the core proposed in the document separately develops the pre-verification function, and a large amount of pre-verification (query codes) needs to be developed because of continuously increasing authorized verification transactions, so that the system variation is increased, and when the corresponding business transaction logic is changed, the pre-verification codes need to be equally changed to ensure the consistency of the rules, so that the expansibility is poor.
(3) The interface recovery is used for analyzing the element mode of the transaction interface, if the screenshot mode is adopted, the transmission bandwidth consumption of the system is large, and the original transaction interface is reconstructed, so that the wrong transaction interface is easily reconstructed under the condition that the element of the transaction interface changes every time, particularly under the condition that the analysis rule changes. The existing literature 'design and implementation of a banking operation remote authorization system, university of great courseware' only talks about access of network points and is limited to use of webpage development, so that the access to a client is limited, and the consideration of high availability extension is not mentioned; the existing Chinese patent 'commercial bank remote authorization management system' with application number 200920307709.0 proposes a server for storing business chain information, which respectively receives storage certificates, checks, identity cards, client head portraits, and voice and accounting information of authorized personnel and teller, but the development is troublesome independently and is limited to counter channels, and the better method is to conduct a complete interface to the back end for uniform analysis; the existing chinese patent with application number 201010233650.2, "a bank teller terminal remote authorization method, server and system", describes an authorization method based on a counter front desk, and adopts acquisition of transaction picture information of a teller terminal to perform transaction element display, and this only adopts a screenshot mode at the teller terminal, which may cause some functions that need to be bolded and specially marked, and the like, to be unusable.
(4) Although the authorization rules support configuration, the lack of a hierarchical management mode, especially with the increasing number of authorization rules, results in a large number of iterations of authorization elements and entries, resulting in a reduction in maintenance and query efficiency.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a bank full-channel remote centralized authorization system with extensible service, which realizes a unified authorization processing mode, is extensible in pre-verification and is extensible in authorization rule service.
The invention is realized by the following steps: a bank full-channel remote centralized authorization system with expandable service comprises an application end and an authorization end, wherein the application end comprises a client and a webpage end, and the client and the webpage end are respectively communicated with the authorization end through a network;
the application terminal is used for recording transaction elements, submitting transaction requests, triggering authorization judgment to execute corresponding operations, and transmitting the transaction elements to a database in a rich text form for processing by the authorization terminal when the authorization judgment is remote authorization;
and the authorization end is used for acquiring the transaction elements from the database to analyze and restore, storing an authorization processing result after authorization processing, and feeding back the authorization processing result to the corresponding application end for display.
Further, the "the authorization terminal obtains the transaction elements from the database for analysis and reduction" specifically includes: if the transaction element is generated by the client, reducing and displaying by adopting a homologous counter technical framework, if the transaction element is generated by the webpage end, reducing and displaying by adopting a webpage plug-in, wherein the reducing and displaying of the transaction element by the authorization end comprises marking the information which needs highlighting marking.
Further, the "triggering the authorization judgment to execute the corresponding operation" specifically includes: if the authorization is local authorization, entering local authorization, and submitting a core system account after the local authorization is passed; if the authorization is not authorized, directly submitting the core system accounting; if the authorization is remote authorization, the transaction elements are transmitted to a database in a rich text form for processing by an authorization end, and are submitted to a core system for accounting after the authorization is passed.
Further, the authorization end is provided with an exception handling module, and the exception handling module includes:
providing an authorization result query interface for the application terminal to query the authorized processing result at regular time, and if the processing result is 'running', indicating that the authorization task is not processed yet, and the application terminal continues to wait; if the processing result is 'authorization pass', automatically quitting the transaction of the application end, and prompting 'whether to continue submitting after remote authorization pass' on a transaction interface? "; if the processing result is 'authorization rejection', popping up rejection prompt information at the application end, clicking 'determination' by the application end to withdraw the application end, and submitting the application end again after modifying the transaction interface elements; if the processing result is 'local conversion', popping up a local audit interface on the application end interface; if the processing result is 'supervisor termination', the application end pops up a prompt word 'the task is authorized to be terminated by the supervisor', and the application end clicks 'determination' to withdraw from the application end;
when the processing time of the authorization terminal exceeds a preset value, the task is automatically released;
when a pass button, a reject button or a local transfer button is selected in the operation of the authorization terminal to report an error, an authorized task state query interface is called, if the task state is authorized rejection, authorized completion (local transfer), authorized completion, authorized automatic termination, network point cancellation or center termination, corresponding prompt information of the application terminal is prompted, and the authorization terminal transaction is quitted;
and under the condition that the authorization end normally processes, when the authorization processing result is fed back to the corresponding application end, if the application end is abnormally closed, the authorization end automatically terminates the authorization task.
Further, the system includes a pre-verification module: the method is used for performing core uploading requests twice by using the same accounting message, specifically, pre-verification before transaction is executed when a first transaction request is uploaded to a core system, transaction is finished if the transaction is rejected, accounting rollback is performed by the core system if the transaction is successful, authorization judgment is triggered, a second transaction request is initiated to be uploaded to the core system for core accounting after a response message of remote authorization is finished, the transaction requests uploaded twice are distinguished by different marks from the core, service messages are the same, and the processed accounting flows are the same.
Further, the transaction flow of the remote centralized authorization system comprising the pre-verification module is specifically as follows: after the application end submits the transaction request, firstly, internal verification is carried out, and then the internal verification is sent to the core for pre-verification before transaction, which specifically comprises the following steps: the method comprises the following steps that core transaction begins, a sub-transaction program with authorized transaction is entered, a transaction point is set, a check message is judged to be pre-checked, the state is set to be an authorized state, financial transaction is executed, whether the financial transaction is abnormal or not is judged, if yes, the state is set to be an abnormal state, when a main control judges to be the authorized state or the abnormal state, financial transaction rollback is carried out, and when the state is authorized, message downloading is forbidden, and pre-checking before core transaction is completed; if the application end is found to have abnormal phenomena in the pre-checking process, ending the transaction;
after the pre-verification is passed, triggering authorization judgment and executing corresponding operations as follows:
if the authorization judgment result is local authorization, foreground authorization is carried out, then whether background transaction is required is judged, if the background transaction is not required, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is no authorization, judging whether background transaction exists, and if the background transaction is not needed, directly executing foreground transaction logic to finish the transaction; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is remote authorization, whether background transaction is carried out is judged, if the background transaction is not needed, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction.
Furthermore, the system also comprises a user authority configuration module which is used for uniformly managing the user authority through an administrator, temporarily multiplexing a plurality of role authorities of a single user, and realizing rapid cross-role switching and multiplexing, wherein the role of the authorization end comprises an authorizer and a rechecker, and the role authority comprises a management end function menu, an authorization end service processing function and an authorization system inquiry authority.
Further, the system comprises an authorization rule grading module, which is used for designing an authorization rule mode with five levels of authorization elements, authorization conditions, authorization items, authorization services and authorization versions:
the authorization element is the finest dimension in the authorization rule and is a transaction element of an application end, and the transaction element comprises account customer properties and account properties;
the authorization condition is used for listing rules of authorization elements under different conditions;
the authorization entry is used for combining different authorization conditions into one authorization rule under a certain service, and meanwhile, a corresponding authorization auditing key element rule is configured according to the service type.
The authorization service is used for collecting all authorization items under the same service type to form a complete service authorization rule;
the authorization version is used for copying authorization business in version management, and individual maintenance is carried out on personalized authorization business to realize that different websites of a bank have different authorization rules for different businesses.
The invention has the following advantages:
1. the method has the advantages that a unified authorization processing mode is realized, the unified authorization processing mode is designed by combining two modes (client access and webpage access) of an access system, the modes of analyzing authorization interface elements and highlighting key elements are supported, a unified exception handling mechanism is provided, various channels can be conveniently accessed through the mode, and all-round authorization management of a bank is realized;
2. the pre-verification mode is expandable, and a pre-verification mode of the fidelity core accounting system is designed by combining the flow of remote centralized authorization of a bank, so that the fidelity accounting pre-verification can be performed on the basis of not adding a pre-verification code, and the condition of invalid authorization caused by failure of accounting processing after authorization is reduced, the mode not only improves the effective authorization rate of an authorizer, but also can dynamically expand the pre-verification function of newly added accounting transaction when the core accounting transaction is not changed; the unified authority configuration realizes the flexible configuration of multiple authorities of one user, and covers the service type selection (an authorizer or an auditor), the inquiry authority (data granularity) and the authority of a management interface.
3. The authorization rule grading mode designs a five-level authorization rule mode which is divided into authorization elements, authorization conditions, authorization items, authorization services and authorization versions. The authorization elements and authorization conditions with lower granularity can ensure that the authorization elements and authorization conditions can be multiplexed in different services, and the authorization version with higher granularity can support the personalized requirements of different website tellers, so that the authorization rules are not redundant and the services can be expanded.
Drawings
The invention will be further described with reference to the following examples with reference to the accompanying drawings.
FIG. 1 is a diagram of remote centralized authorization communication in the system of the present invention.
Fig. 2 is a schematic diagram of a transaction flow of the business-extensible bank full-channel remote centralized authorization system of the present invention.
FIG. 3 is a flow chart illustrating the privilege configuration of the present invention.
FIG. 4 is a schematic diagram of a pre-verification process introduced in the present invention.
Detailed Description
The invention relates to a business-extensible bank full-channel remote centralized authorization system, which comprises an application end and an authorization end, wherein the application end comprises a client and a webpage end, and the client and the webpage end are respectively communicated with the authorization end through a network;
the application terminal is used for recording transaction elements, submitting transaction requests, triggering authorization judgment to execute corresponding operations, and transmitting the transaction elements to a database in a rich text form for processing by the authorization terminal when the authorization judgment is remote authorization;
and the authorization end is used for acquiring the transaction elements from the database to analyze and restore, storing an authorization processing result after authorization processing, and feeding back the authorization processing result to the corresponding application end for display.
Preferably, the step of the authorization end obtaining the transaction element from the database for analysis and restoration includes: if the transaction element is generated by the client, reducing and displaying by adopting a homologous counter technical framework, if the transaction element is generated by the webpage end, reducing and displaying by adopting a webpage plug-in, wherein the reducing and displaying of the transaction element by the authorization end comprises marking the information which needs highlighting marking.
Preferably, the "triggering the authorization judgment to execute the corresponding operation" specifically includes: if the authorization is local authorization, entering local authorization, and submitting a core system account after the local authorization is passed; if the authorization is not authorized, directly submitting the core system accounting; if the authorization is remote authorization, the transaction elements are transmitted to a database in a rich text form for processing by an authorization end, and are submitted to a core system for accounting after the authorization is passed.
Preferably, the authorization end is provided with an exception handling module, and the exception handling module includes:
providing an authorization result query interface for the application terminal to query the authorized processing result at regular time, and if the processing result is 'running', indicating that the authorization task is not processed yet, and the application terminal continues to wait; if the processing result is 'authorization pass', automatically quitting the transaction of the application end, and prompting 'whether to continue submitting after remote authorization pass' on a transaction interface? "; if the processing result is 'authorization rejection', popping up rejection prompt information at the application end, clicking 'determination' by the application end to withdraw the application end, and submitting the application end again after modifying the transaction interface elements; if the processing result is 'local conversion', popping up a local audit interface on the application end interface; if the processing result is 'supervisor termination', the application end pops up a prompt word 'the task is authorized to be terminated by the supervisor', and the application end clicks 'determination' to withdraw from the application end;
when the processing time of the authorization terminal exceeds a preset value, the task is automatically released;
when a pass button, a reject button or a local transfer button is selected in the operation of the authorization terminal to report an error, an authorized task state query interface is called, if the task state is authorized rejection, authorized completion (local transfer), authorized completion, authorized automatic termination, network point cancellation or center termination, corresponding prompt information of the application terminal is prompted, and the authorization terminal transaction is quitted;
and under the condition that the authorization end normally processes, when the authorization processing result is fed back to the corresponding application end, if the application end is abnormally closed, the authorization end automatically terminates the authorization task.
Preferably, the system includes a pre-verification module: the method is used for performing core uploading requests twice by using the same accounting message, specifically, pre-verification before transaction is executed when a first transaction request is uploaded to a core system, transaction is finished if the transaction is rejected, accounting rollback is performed by the core system if the transaction is successful, authorization judgment is triggered, a second transaction request is initiated to be uploaded to the core system for core accounting after a response message of remote authorization is finished, the transaction requests uploaded twice are distinguished by different marks from the core, service messages are the same, and the processed accounting flows are the same.
Preferably, the system further comprises a user authority configuration module, configured to manage user authorities uniformly through an administrator, and temporarily multiplex a plurality of role authorities of a single user to implement fast cross-role switching and multiplexing, where the role of the authorization end includes an authorizer and a rechecker, and the role authorities include inquiry authorities for a management end function menu, an authorization end service processing function, and an authorization system.
Preferably, the system comprises an authorization rule grading module, which is used for designing an authorization rule mode with five levels of authorization elements, authorization conditions, authorization items, authorization services and authorization versions:
the authorization element is the finest dimension in the authorization rule and is a transaction element of an application end, and the transaction element comprises account customer properties and account properties;
the authorization condition is used for listing rules of authorization elements under different conditions;
the authorization entry is used for combining different authorization conditions into one authorization rule under a certain service, and meanwhile, a corresponding authorization auditing key element rule is configured according to the service type.
The authorization service is used for collecting all authorization items under the same service type to form a complete service authorization rule;
the authorization version is used for copying authorization business in version management, and individual maintenance is carried out on personalized authorization business to realize that different websites of a bank have different authorization rules for different businesses.
The invention is further illustrated below with reference to a specific embodiment:
referring to fig. 1, a communication relationship diagram of an authorization end in a remote centralized authorization system is shown, a business system in the diagram is an application end of the present invention, i.e., a party needing authorization is initiated, an authorization service system is an authorization system server and an authorization end of the present invention, a workflow engine is a flow management system inherent in the authorization system and ensuring normal operation of an authorization flow, a communication front-end is responsible for analyzing a third-party message and other functions, the communication with the authorization end is socket communication interaction, the authorization end is mainly responsible for task scheduling, authorization processing, business auditing and authorization judgment, the communication between the authorization end and the workflow engine is interface message communication, a routing function is controlled by the authorization end, and a service bus connecting the authorization end can support channel routing through F5.
The general transaction flow of the system is shown in fig. 2, the application end firstly submits transactions, performs pre-verification, performs authorization judgment after the pre-verification is passed, enters local authorization if the pre-verification is 'local authorization', and submits the core system for accounting after the local authorization is passed; if the authorization is not authorized, directly submitting the core system accounting; if the authorization is remote authorization, the remote authorization is carried out, and the core system accounting is submitted after the authorization is passed.
The application end is an access system, the access mode of the application end is provided with a client (such as a counter front-end system) and a webpage end (such as an electronic channel system), and the authorization end adopts a technical framework unified with the counter front-end system.
In the remote authorization process, for two different access modes, a unified authorization processing mode is adopted, and different modes are adopted only when the reduction is displayed, specifically as follows:
after the application end records the transaction elements, clicking a 'submit' button to trigger the main control process to the authorization judgment; wherein the interface elements are all transmitted in rich text form to the database of the remote centralized authorization system (i.e., the authorization service database in fig. 1);
the authorization end obtains the interface elements of the application end reserved in the database, and for the client access, the self homologous counter technical architecture is adopted for reduction display (namely when the counter front-end system initiates authorization, the transaction interface is displayed by the counter front-end system, if the authorization end is also the counter system, the same technical framework can be used for realizing when the transaction interface is reduced, and the cross-system display analysis is not needed again); for the access of the webpage end, a webpage plug-in (similar to browser plug-ins such as webview) is adopted for reduction display; when the authorization end analyzes the transaction interface elements, the information needing highlighting and bold marking is specially marked.
The invention also provides an exception handling module, because the authorization server is used as a server, a unified exception handling mechanism is required to be adopted at the application end, and the exception handling mode comprises the following steps:
(1) after the authorization end successfully processes, informing the processing mode when the counter fails: in order to prevent the authorization end from notifying the application end of failure due to network and other reasons, the application end adopts an authorization result query interface provided by a timed call authorization system to query an authorized processing result after an authorization task is acquired, if the processing result is 'running', the authorization task is not processed yet, and the application end continues to wait; if the processing result is 'authorization pass', automatically quitting the transaction of the application end, and prompting 'whether to continue submitting after remote authorization pass' on a transaction interface? "; if the processing result is 'authorization rejection', popping up rejection prompt information at the application end, clicking 'determination' by the application end to withdraw the application end, and submitting again after the application end can modify the transaction interface elements; if the processing result is 'local conversion', popping up a local audit interface on the application end interface; if the processing result is 'supervisor termination', the application end pops up a prompt word 'the task is authorized to be terminated by the supervisor', and the application end clicks 'determination' to withdraw from the application end;
(2) the authorization end is successfully processed, finds that the application end is abnormally closed when the authorization end notifies the application end, and automatically terminates the authorization task;
(3) in order to prevent the processing time from being too long after the authorization task is acquired, the authorization end sets a post overtime mechanism of the transaction, and automatically releases the task after overtime;
(4) and (4) performing exception processing on the authorization terminal, calling an authorization task state query interface when the teller of the authorization terminal clicks a pass button, a reject button and a local transfer button to report an error, and prompting corresponding prompt information of the application terminal and quitting the transaction of the authorization terminal if the task state is authorization reject, authorization completion (local transfer), authorization completion, authorization automatic termination, network node cancellation and center termination.
Because the authority is determined by the traditional role, and the changed role needs the examination and approval of the management layer, wherein some fine-grained authorities need to be switched temporarily, the operation is inconvenient, the user authority configuration module arranged in the invention is as shown in figure 3, a configuration manager finishes the unified management of the user authority through the user authority configuration module, synchronizes and initializes the user information through the configuration authority, then the user can obtain tasks with different authorities according to different role authorities, or the configuration manager can independently modify the authority of the cross-user role and refresh the authority for use, the main authority is divided into a management end function menu, an authorization end service processing function and an authorization system inquiry authority, wherein, the user logs in the management end, the management end menu authority is displayed through the user inquiry, and the authorization end service processing function checks the user authority through a function interface, and the query service queries the user authority to obtain a corresponding query result when executing the query logic. Because the work tasks of the single role in a certain time period may be unsaturated due to single roles such as an authorizer, a rechecker and the like, different from the traditional role configuration, the multi-authority configuration of the user can temporarily multiplex a plurality of role authorities of a single user, and the rapid cross-role switching and multiplexing are realized.
The invention adds a pre-check module in a unified authorization mode, comprising: the access system (namely an application end) uses the same accounting message to carry out two times of core loading requests, pre-verification before transaction is carried out when the first transaction is sent to the core, if the transaction is rejected, the transaction is ended, if the transaction is successful, the core carries out accounting rollback, the two times of core loading requests are distinguished by different marks, but the service messages are the same, and the processed accounting flows are the same; the access system (namely the application end) considers that the pre-verification is successful when receiving the normal response message, and initiates authorization judgment; after remote authorization, the access system (namely an application end) initiates a second transaction to the core system after receiving a remote authorization end response message, and the core accounts;
the flow chart of the execution of the bank transaction after the introduction of the pre-verification is shown in fig. 4:
after the application end submits the transaction request, firstly, internal verification (mainly including local verification of message data of the application end, such as legalization verification of an identity card number) is performed, and then the internal verification is sent to a core for pre-verification before transaction, specifically including: the method comprises the following steps that core transaction begins, a sub-transaction program with authorized transaction is entered, a transaction point is set, a check message is judged to be pre-checked, the state is set to be an authorized state, financial transaction is executed, whether the financial transaction is abnormal or not is judged, if yes, the state is set to be an abnormal state, when a main control judges to be the authorized state or the abnormal state, financial transaction rollback is carried out, and when the state is authorized, message downloading is forbidden, and pre-checking before core transaction is completed; if the application end is found to have abnormal phenomena in the pre-checking process, ending the transaction;
after the pre-verification is passed, triggering authorization judgment and executing corresponding operations as follows:
if the authorization judgment result is local authorization, foreground authorization is carried out, then whether background transaction is required is judged, if the background transaction is not required, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is no authorization, judging whether background transaction exists, and if the background transaction is not needed, directly executing foreground transaction logic to finish the transaction; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is remote authorization, whether background transaction is carried out is judged, if the background transaction is not needed, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction.
Therefore, the interaction between the remote authorization system (namely the authorization end) and the access system (namely the application end) and the core system is less, the access system only needs to care about the whole authorization result after calling the authorization system, the remote authorization system can also keep excellent independence, only needs to care about the authorization result when any system is accessed into the remote authorization system, and in the core system, in order to reduce code development of authorization verification during each newly added transaction and ensure that the verification of accounting can be advanced, the same process as the original core authorization transaction process is adopted, but accounting requests of the same accounting transaction message are initiated on the access system twice. The core system adds a remote authorization application mark, when the mark is pre-check, the core system can roll back after executing the program, and when finding the service rejection information, the core system returns to the application system according to the normal flow; when the authorization is not the pre-check mark, the authorization is executed according to the normal accounting flow, the original flow can be used for the authorization in the core, and the repeated authorization is automatically skipped to prevent during the pre-check, so that the mode of remote centralized authorization, core authorization and local authorization of the access system can coexist.
In order to ensure that the authorization judgment supports version diversification and ensures that the authorization rules can be maximally reused, the system of the invention also designs a five-level authorization rule mode which is divided into authorization elements, authorization conditions, authorization items, authorization services and authorization versions, and the five-level authorization rule mode is explained:
the authorization elements, the finest dimension in the authorization rule, are mainly elements that need to be determined in the access system, taking the payment account as an example, as shown in table 1, the authorization elements in the payment account include the payment account client property, the account property, and the like.
TABLE 1
Figure BDA0001533894740000121
Figure BDA0001533894740000131
The authorization conditions are listed mainly in rules of different conditions of authorization elements, as shown in table 2.
TABLE 2
Payment account client Properties Is equal to Savings client Payment accountThe nature of the customer being equal to that of the savings customer
Payment account client Properties Is equal to To public client Payment account customer property equals to public customer
Payment account client Properties Is equal to Financial clients Payment account customer property equals financial customer
Payment account client Properties Is not equal to Savings client Payment account customer property not equal to savings customer
The authorization entry combines different authorization conditions into one authorization rule under a certain service, and different services use the same authorization condition, so that higher reusability and expandability are realized in the authorization entry, such as one authorization entry shown in table 3.
TABLE 3
Figure BDA0001533894740000132
And meanwhile, corresponding authorization auditing key element rules are configured according to the service types.
And authorizing the service, wherein the authorizing service is to collect all authorization items under the same service type to form a complete service authorization rule.
The authorization version is copied for authorization service in version management, and individual maintenance is carried out for personalized authorization service, so that different authorization rules can be realized for different services at different branches of a bank.
When the authorization system judges the authorization mode, the authorization rule of the business type authorization version of the corresponding mechanism is used.
The invention firstly designs a unified authorization mode, takes remote centralized authorization as a main body of authorization service, provides interface restoration, core high-fidelity verification and an exception handling mechanism under full channel access, and improves authorization efficiency and access convenience; the provided one-user multi-authority function enables the user to work under multiple posts, and the problem of low work caused by frequently switching and configuring post roles is reduced; the provided authorization rule is managed in a grading way, so that authorization elements and authorization items can be utilized to the maximum extent, personalized use of different organizations can be facilitated through version management, and the management capability of bank authorization is improved.
Although specific embodiments of the invention have been described above, it will be understood by those skilled in the art that the specific embodiments described are illustrative only and are not limiting upon the scope of the invention, and that equivalent modifications and variations can be made by those skilled in the art without departing from the spirit of the invention, which is to be limited only by the appended claims.

Claims (8)

1. A business extensible bank full-channel remote centralized authorization system is characterized in that: the system comprises an application end and an authorization end, wherein the application end comprises a client and a webpage end, and the client and the webpage end are respectively communicated with the authorization end through a network;
the application terminal is used for recording transaction elements, submitting transaction requests, triggering authorization judgment to execute corresponding operations, and transmitting the transaction elements to a database in a rich text form for processing by the authorization terminal when the authorization judgment is remote authorization;
the authorization end is used for acquiring the transaction elements from the database to analyze and restore, if the transaction elements are generated by a client, restoring and displaying by adopting a homologous counter technical architecture, if the transaction elements are generated by a webpage end, restoring and displaying by adopting a webpage plug-in, storing an authorization processing result after authorization processing, and feeding back the authorization processing result to a corresponding application end to display.
2. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the restoring presentation includes marking information in which highlighting is desired.
3. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the step of triggering the authorization judgment to execute the corresponding operation specifically comprises the following steps: if the authorization is local authorization, entering local authorization, and submitting a core system account after the local authorization is passed; if the authorization is not authorized, directly submitting the core system accounting; if the authorization is remote authorization, the transaction elements are transmitted to a database in a rich text form for processing by an authorization end, and are submitted to a core system for accounting after the authorization is passed.
4. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the authorization end is provided with an exception handling module, the exception handling module comprises:
providing an authorization result query interface for the application terminal to query the authorized processing result at regular time, and if the processing result is 'running', indicating that the authorization task is not processed yet, and the application terminal continues to wait; if the processing result is 'authorization pass', automatically quitting the transaction of the application end, and prompting 'whether to continue submitting after remote authorization pass' on a transaction interface? "; if the processing result is 'authorization rejection', popping up rejection prompt information at the application end, clicking 'determination' by the application end to withdraw the application end, and submitting the application end again after modifying the transaction interface elements; if the processing result is 'local conversion', popping up a local audit interface on the application end interface; if the processing result is 'supervisor termination', the application end pops up a prompt word 'the task is authorized to be terminated by the supervisor', and the application end clicks 'determination' to withdraw from the application end;
when the processing time of the authorization terminal exceeds a preset value, the task is automatically released;
when a pass button, a reject button or a local transfer button is selected to report an error in the operation of the authorization terminal, an authorized task state query interface is called, and if the task state is authorized rejection, authorized completion is transferred to the local, authorized completion, authorized automatic termination, network point cancellation or central termination, corresponding prompt information of the application terminal is prompted, and the authorization terminal transaction is quitted;
and under the condition that the authorization end normally processes, when the authorization processing result is fed back to the corresponding application end, if the application end is abnormally closed, the authorization end automatically terminates the authorization task.
5. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the system includes a pre-verification module: the method is used for performing core uploading requests twice by using the same accounting message, specifically, pre-verification before transaction is executed when a first transaction request is uploaded to a core system, transaction is finished if the transaction is rejected, accounting rollback is performed by the core system if the transaction is successful, authorization judgment is triggered, a second transaction request is initiated to be uploaded to the core system for core accounting after a response message of remote authorization is finished, the transaction requests uploaded twice are distinguished by different marks from the core, service messages are the same, and the processed accounting flows are the same.
6. The business-expandable banking full-channel remote centralized authorization system according to claim 5, characterized in that: the transaction process of the remote centralized authorization system comprising the pre-verification module specifically comprises the following steps: after the application end submits the transaction request, firstly, internal verification is carried out, and then the internal verification is sent to the core for pre-verification before transaction, which specifically comprises the following steps: the method comprises the following steps that core transaction begins, a sub-transaction program with authorized transaction is entered, a transaction point is set, a check message is judged to be pre-checked, the state is set to be an authorized state, financial transaction is executed, whether the financial transaction is abnormal or not is judged, if yes, the state is set to be an abnormal state, when a main control judges to be the authorized state or the abnormal state, financial transaction rollback is carried out, and when the state is authorized, message downloading is forbidden, and pre-checking before core transaction is completed; if the application end is found to have abnormal phenomena in the pre-checking process, ending the transaction;
after the pre-verification is passed, triggering authorization judgment and executing corresponding operations as follows:
if the authorization judgment result is local authorization, foreground authorization is carried out, then whether background transaction is required is judged, if the background transaction is not required, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is no authorization, judging whether background transaction exists, and if the background transaction is not needed, directly executing foreground transaction logic to finish the transaction; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction;
if the authorization judgment result is remote authorization, whether background transaction is carried out is judged, if the background transaction is not needed, foreground transaction logic is directly executed, and the transaction is completed; if the background transaction is needed, the transaction is sent to the core, and the operation of the core transaction under non-pre-verification is carried out: starting a core transaction, entering a sub-transaction program with authorized transaction, setting a transaction point, judging whether a check message is non-pre-checked, executing the financial transaction, judging whether the financial transaction is abnormal or not, rolling back the financial transaction if the financial transaction is abnormal, and ending the process, namely the core transaction fails; otherwise, if the core transaction is normal, returning to continue executing the subsequent transaction logic of the foreground to complete the transaction.
7. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the system also comprises a user authority configuration module which is used for uniformly managing the user authority through an administrator, temporarily multiplexing a plurality of role authorities of a single user and realizing rapid cross-role switching and multiplexing, wherein the role of the authorization end comprises an authorizer and a rechecker, and the role authorities comprise inquiry authorities for a management end function menu, an authorization end service processing function and an authorization system.
8. The business-expandable banking full-channel remote centralized authorization system according to claim 1, characterized in that: the system comprises an authorization rule grading module, which is used for designing an authorization rule mode with five levels of authorization elements, authorization conditions, authorization items, authorization services and authorization versions:
the authorization element is the finest dimension in the authorization rule and is a transaction element of an application end, and the transaction element comprises account customer properties and account properties;
the authorization condition is used for listing rules of authorization elements under different conditions;
the authorization entry is used for combining different authorization conditions into one authorization rule under a certain service, and meanwhile, corresponding authorization auditing key element rules are configured aiming at the service type;
the authorization service is used for collecting all authorization items under the same service type to form a complete service authorization rule;
the authorization version is used for copying authorization business in version management, and individual maintenance is carried out on personalized authorization business to realize that different websites of a bank have different authorization rules for different businesses.
CN201711481389.6A 2017-12-29 2017-12-29 Business-extensible bank full-channel remote centralized authorization system Active CN107958551B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711481389.6A CN107958551B (en) 2017-12-29 2017-12-29 Business-extensible bank full-channel remote centralized authorization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711481389.6A CN107958551B (en) 2017-12-29 2017-12-29 Business-extensible bank full-channel remote centralized authorization system

Publications (2)

Publication Number Publication Date
CN107958551A CN107958551A (en) 2018-04-24
CN107958551B true CN107958551B (en) 2020-11-03

Family

ID=61957210

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711481389.6A Active CN107958551B (en) 2017-12-29 2017-12-29 Business-extensible bank full-channel remote centralized authorization system

Country Status (1)

Country Link
CN (1) CN107958551B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971572A (en) * 2018-09-29 2020-04-07 北京华为数字技术有限公司 Authentication method, server and client
CN109447806B (en) * 2018-11-01 2021-06-01 中国银行股份有限公司 Front-end control method and device, storage medium and electronic equipment
CN110458705A (en) * 2019-08-15 2019-11-15 中国银行股份有限公司 A kind of processing system and method for authorization message
CN111178850B (en) * 2019-12-31 2023-07-21 中国银行股份有限公司 Transaction method, device and system
CN111951017B (en) * 2020-08-17 2023-08-22 中国银行股份有限公司 Counter transaction authorization method, system, computer equipment and readable storage medium
CN112396522A (en) * 2020-11-19 2021-02-23 中国建设银行股份有限公司 Transaction processing method and device
CN113297549B (en) * 2021-06-16 2024-03-05 中国农业银行股份有限公司 Authority control method, device, equipment and computer readable storage medium
CN113537995A (en) * 2021-07-15 2021-10-22 中国工商银行股份有限公司 Method, apparatus, device and medium for remote authorization in a business transaction
CN115689706A (en) * 2022-10-21 2023-02-03 广州市玄武无线科技股份有限公司 One-stop type banking business signing system

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265273A1 (en) * 2008-04-18 2009-10-22 Ncr Corporation Transaction authorization
CN201477682U (en) * 2009-08-10 2010-05-19 深圳市银之杰科技股份有限公司 Remote authorization management system of commercial bank
CN101877158A (en) * 2010-03-23 2010-11-03 苏州德融嘉信信用管理技术有限公司 Front service platform of bank and operation processing method thereof
CN101916477B (en) * 2010-07-19 2012-12-05 中国工商银行股份有限公司 Bank teller terminal remote-authorization system
CN201853288U (en) * 2010-10-09 2011-06-01 湖北泰信科技信息发展有限责任公司 Bank remote business authorization collector system
CN202373038U (en) * 2011-12-28 2012-08-08 郑州银盾科技有限公司 Concentrated authoring system of commercial banks
US8606696B1 (en) * 2012-09-11 2013-12-10 Simplexity, Inc. Assessing consumer purchase behavior in making a financial contract authorization decision
US20150032623A1 (en) * 2013-07-29 2015-01-29 Mastercard International Incorporated Systems and methods to enable payments in the absence of a point of sale device
CN107464098A (en) * 2017-08-10 2017-12-12 成都牵牛草信息技术有限公司 The checking method of form data operation

Also Published As

Publication number Publication date
CN107958551A (en) 2018-04-24

Similar Documents

Publication Publication Date Title
CN107958551B (en) Business-extensible bank full-channel remote centralized authorization system
US8332917B2 (en) Providing secure dynamic role selection and managing privileged user access from a client device
CN109087431B (en) Business scheduling processing method, equipment and storage medium for bank outlets
CN109783581A (en) Right management method, device, electronic equipment and storage medium
US9542433B2 (en) Quality assurance checks of access rights in a computing system
US7702613B1 (en) System and methods for validating and distributing test data
CN105302862A (en) Self-service configuration for data environment
CN107527222B (en) Information processing method, device and system
CN110032886A (en) The method and apparatus of access authorization for resource management
CN101777148A (en) Management method, management system for bill receiving commercial customers and management server equipment for commercial customers
CN105119886B (en) Account ownership determines method and device
US20200311298A1 (en) Dynamic security controls for data sharing between systems
US11373006B2 (en) Processing system using natural language processing for performing dataset filtering and sanitization
US20100049573A1 (en) Automated security provisioning for outsourced operations
CN109583615B (en) Conference room booking method, conference room booking system, conference room booking server and computer readable storage medium
CN110968851A (en) Service authority control method, service authority control system and computer readable medium
CN105354787A (en) Communication real-name system based communication money management system
CN107688585B (en) Document information input method and device
CN108170860A (en) Data query method, apparatus, electronic equipment and computer readable storage medium
CN112597511A (en) Remote government affair service cooperation method and device
CN116911952A (en) Financial service pushing method and device
US8229946B1 (en) Business rules application parallel processing system
CN110930238A (en) Method, device, equipment and computer readable medium for improving audit task efficiency
CN113986941A (en) Transaction batch processing method and device
CN108121730A (en) A kind of device and method by data update Fast synchronization to operation system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant