CN113204794A - Transaction record safe storage method, device, equipment and storage medium - Google Patents

Transaction record safe storage method, device, equipment and storage medium Download PDF

Info

Publication number
CN113204794A
CN113204794A CN202110748819.6A CN202110748819A CN113204794A CN 113204794 A CN113204794 A CN 113204794A CN 202110748819 A CN202110748819 A CN 202110748819A CN 113204794 A CN113204794 A CN 113204794A
Authority
CN
China
Prior art keywords
transaction
data
transaction record
identity information
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110748819.6A
Other languages
Chinese (zh)
Other versions
CN113204794B (en
Inventor
胡富云
彭海丰
甄永峰
杨娜
王汀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Shenzhentong Co ltd
Original Assignee
Shenzhen Shenzhentong Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Shenzhentong Co ltd filed Critical Shenzhen Shenzhentong Co ltd
Priority to CN202110748819.6A priority Critical patent/CN113204794B/en
Publication of CN113204794A publication Critical patent/CN113204794A/en
Application granted granted Critical
Publication of CN113204794B publication Critical patent/CN113204794B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention belongs to the technical field of information security, and discloses a transaction record security storage method, a device, equipment and a storage medium. When a transaction record is generated, a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record are obtained; determining target splicing data according to a preset transaction tracing requirement and a transaction record, and encrypting user identity information according to a preset device public key and a preset first encryption algorithm to obtain ciphertext identity information; determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information; and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side. Because the transaction record is stored according to the transaction inquiry code generated by the user identity information and the target splicing data, the inquiry is simple and convenient, and the ciphertext identity information is used instead of the user identity information during uploading, so that the safety of the user privacy information in the uploading process is ensured.

Description

Transaction record safe storage method, device, equipment and storage medium
Technical Field
The invention relates to the technical field of information security, in particular to a transaction record security storage method, a device, equipment and a storage medium.
Background
In the field of subways or buses, when a user swipes a card to enter a station or swipes the card to take a bus, an equipment end (such as a bus card swiping machine or a subway station gate) can generate a transaction record, if the transaction record is directly stored, sensitive information (such as name, mobile phone number and identity number) of the user in the transaction record can be easily acquired by a person due to non-encryption, and the transaction record is not safe. However, if the asymmetric key is used for encryption protection, although the security is high, the results protected by the asymmetric algorithm each time are different, which may result in non-uniqueness of the result after the personal sensitive information is encrypted, so that when record tracing (such as personal query, public security query, etc.) is required, historical record tracing cannot be performed at the device end according to the user information, and the query can be performed after the server end decrypts the user information, which is inconvenient to use.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a transaction record safe storage method, a transaction record safe storage device, transaction record safe storage equipment and a transaction record safe storage medium, and aims to solve the technical problem that the prior art cannot ensure the convenience of historical record tracing on the premise of ensuring the safety of sensitive information in a transaction record.
In order to achieve the above object, the present invention provides a method for securely storing transaction records, comprising the steps of:
when a transaction record is generated, acquiring a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record;
determining target splicing data according to the preset transaction tracing requirement and the transaction record, and encrypting the user identity information according to the preset equipment public key and a preset first encryption algorithm to obtain ciphertext identity information;
determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information;
and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side.
Optionally, the step of determining the transaction query code corresponding to the transaction record according to the target splicing data and the user identity information includes:
performing data splicing on the user identity information and the target splicing data to obtain spliced ciphertext data;
determining a user identity key according to the spliced ciphertext data;
and encrypting preset calibration data through the user identity key and a preset second encryption algorithm to obtain the transaction inquiry code.
Optionally, before the step of performing data concatenation on the user identity information and the target concatenation data to obtain the concatenation ciphertext data, the method further includes:
binary coding the user identity information to obtain coded identity information;
carrying out binary coding on the target splicing data to obtain coded splicing data;
correspondingly, the step of performing data splicing on the user identity information and the target splicing data to obtain spliced ciphertext data includes:
and performing data splicing on the coded identity information and the coded splicing data to obtain spliced ciphertext data.
Optionally, the step of determining the user identity key according to the concatenated ciphertext data includes:
acquiring the data size of the spliced ciphertext data, and comparing the data size with a preset size threshold value;
and when the data size is larger than or equal to the preset size threshold value, using the spliced ciphertext data as a user identity key.
Optionally, after the step of obtaining the data size of the concatenated ciphertext data and comparing the data size with a preset size threshold, the method further includes:
when the data size is smaller than the preset size threshold, acquiring a data difference value between the data size and the preset size threshold;
generating completion data according to a preset completion data generation rule and the data difference value;
and splicing the spliced ciphertext data and the completion data to obtain a user identity key.
Optionally, before the step of obtaining the preset transaction tracing requirement, the preset device public key, and the user identity information corresponding to the transaction record when the transaction record is generated, the method further includes:
acquiring an equipment identification code, and generating a key acquisition request according to the equipment identification code;
sending the key acquisition request to a server side so that the server side feeds back a public key certificate according to the key acquisition request;
and when the public key certificate fed back by the server is received, analyzing the public key certificate to obtain a preset equipment public key.
Optionally, after the step of storing the transaction record according to the transaction query code and uploading the ciphertext identity information and the transaction record to a server, the method further includes:
when a record query request sent by a user is received, determining query user identity information and transaction tracing conditions according to the record query request;
generating a transaction tracing inquiry code according to the inquiry user identity information and the transaction tracing condition;
and searching a corresponding historical transaction record according to the transaction tracing inquiry code, and displaying the historical transaction record.
In addition, in order to achieve the above object, the present invention further provides a transaction record security storage device, which includes the following modules:
the information acquisition module is used for acquiring a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record when the transaction record is generated;
the information encryption module is used for determining target splicing data according to the preset transaction tracing requirement and the transaction record and encrypting the user identity information according to the preset equipment public key and a preset first encryption algorithm to obtain ciphertext identity information;
the data splicing module is used for determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information;
and the data storage module is used for storing the transaction record according to the transaction inquiry code and uploading the ciphertext identity information and the transaction record to a server.
In addition, in order to achieve the above object, the present invention further provides a transaction record security storage device, including: a processor, a memory and a transaction record secure storage program stored on the memory and operable on the processor, the transaction record secure storage program when executed by the processor implementing the steps of the transaction record secure storage method as described above.
In addition, in order to achieve the above object, the present invention further provides a computer-readable storage medium, on which a transaction record safe storage program is stored, and when the transaction record safe storage program is executed, the steps of the transaction record safe storage method as described above are implemented.
When a transaction record is generated, a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record are obtained; determining target splicing data according to a preset transaction tracing requirement and a transaction record, and encrypting user identity information according to a preset device public key and a preset first encryption algorithm to obtain ciphertext identity information; determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information; and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side. Because the transaction inquiry code generated according to the user identity information and the target splicing data stores the transaction record, when the user needs to inquire, the transaction inquiry code is generated in the same mode according to the user identity information and the date needing to inquire, the corresponding transaction record can be searched at the equipment end according to the generated transaction inquiry code, the inquiry process is very simple and convenient, ciphertext identity information rather than the user identity information is used during uploading, the ciphertext identity information is obtained by encrypting according to a preset equipment public key and a preset first encryption algorithm, and the ciphertext identity information is not easy to crack because the preset first encryption algorithm is an asymmetric encryption algorithm, so that the safety is extremely high, and the safety of the user privacy information in the uploading process is ensured.
Drawings
Fig. 1 is a schematic structural diagram of an electronic device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a method for securely storing transaction records according to the present invention;
FIG. 3 is a flowchart illustrating a transaction record security storage method according to a second embodiment of the present invention;
fig. 4 is a block diagram of a first embodiment of a transaction record security storage device according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic diagram of a transaction record secure storage device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the electronic device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in fig. 1 does not constitute a limitation of the electronic device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a transaction record security storage program.
In the electronic apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the electronic device of the present invention may be disposed in a transaction record security storage device, and the electronic device calls the transaction record security storage program stored in the memory 1005 through the processor 1001 and executes the transaction record security storage method provided by the embodiment of the present invention.
An embodiment of the present invention provides a method for securely storing a transaction record, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of a method for securely storing a transaction record according to the present invention.
In this embodiment, the transaction record secure storage method includes the following steps:
step S10: when a transaction record is generated, a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record are obtained.
It should be noted that, the execution main body of this embodiment may be the transaction record secure storage device, and the transaction record secure storage device may be a bus card swiping machine, a subway entrance gate, or other devices with the same or similar functions.
It should be noted that the transaction record may be a record generated by the transaction record secure storage device when the user swipes a card into a station or when the user swipes a card into a car. The preset transaction tracing requirement may be a query requirement preset by a manager, for example: and carrying out query tracing according to the transaction date, the transaction month or the transaction year. The preset device public key may be a unique public key allocated by the server to the transaction record secure storage device when the transaction record secure storage device is put into use, wherein the preset device public key is an asymmetric key, and the server stores a private key corresponding to the preset device public key. The user identity information corresponding to the transaction record may be the identity information corresponding to the user who generated the transaction record, for example: in this embodiment, the information such as the identification number and the mobile phone number is described by taking the identification number as an example.
Further, because the number of the transaction record secure storage devices is extremely large in practical use, if the administrator sets the preset device public key one by one, a large amount of labor cost is consumed, and a phenomenon such as setting error may occur, and in order to quickly and correctly obtain the preset device public key, the labor cost is saved, before step S10 of this embodiment, the method may further include:
acquiring an equipment identification code, and generating a key acquisition request according to the equipment identification code; sending the key acquisition request to a server side so that the server side feeds back a public key certificate according to the key acquisition request; and when the public key certificate fed back by the server is received, analyzing the public key certificate to obtain a preset equipment public key.
It should be noted that the device identification code may be a unique identification code of the transaction record security storage device, and the device identification code may be a machine identification code recorded in hardware of the transaction record security storage device when the transaction record security storage device is produced, or may be another unique identification code. Before the transaction record safety storage device is put into use, the server side can record the device identification code of the transaction record safety storage device to be put into use, when the server side receives a key acquisition request, the device identification code in the key acquisition request can be extracted and matched with the device identification code recorded by the server side, when the matching is successful, a public and private key pair is generated for the transaction record safety storage device, a public key certificate is generated according to a public key in the public and private key pair by a prearranged encryption rule, the public key certificate is sent to the transaction record safety storage device, and when the transaction record safety storage device receives the public key certificate, the public key certificate can be decrypted according to a decryption mode corresponding to the encryption rule, so that a preset device public key is obtained.
Step S20: and determining target splicing data according to the preset transaction tracing requirement and the transaction record, and encrypting the user identity information according to the preset equipment public key and a preset first encryption algorithm to obtain ciphertext identity information.
It should be noted that there is a record generation time when the transaction record is generated, and according to the difference of the preset transaction tracing requirements, different information can be extracted from the record generation time as the target splicing data, for example: when the preset transaction tracing requirement is to perform tracing query by using transaction years, extracting the years in the generation time of the record as target splicing data; when the preset transaction tracing requirement is to perform tracing query by using a transaction month, picking up the year and month in the generation moment of the record as target splicing data; and when the preset transaction tracing requirement is to perform tracing query by using the transaction date, picking the year, month and date in the record generation moment as target splicing data.
It should be noted that, the preset first encryption algorithm may be an asymmetric encryption algorithm, for example: according to the SM2 algorithm issued by the State crypto-administration, the ciphertext identity information can be decrypted only by using a private key corresponding to the preset device public key, so that the user identity information is obtained, namely, the server side holding the private key corresponding to the preset device public key can decrypt the ciphertext identity information, and the user identity information is obtained.
Step S30: and determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information.
It should be noted that, the determining of the transaction query code corresponding to the transaction record according to the target splicing data and the user identity information may be to splice the target splicing data and the user identity information to obtain the corresponding transaction query code.
Further, if the spliced data is directly used as the transaction inquiry code corresponding to the transaction record, and the transaction inquiry code is finally stored in the transaction record secure storage device, since the transaction inquiry code generation rule is too simple, if the transaction record secure storage device is attacked, the user information is still easily acquired, and in order to reduce the possibility of acquiring the user information, step S30 in this embodiment may include:
performing data splicing on the user identity information and the target splicing data to obtain spliced ciphertext data; determining a user identity key according to the spliced ciphertext data; and encrypting preset calibration data through the user identity key and a preset second encryption algorithm to obtain the transaction inquiry code.
It should be noted that the preset second encryption algorithm may be an SM4 algorithm issued by the national crypto authority, or may be another symmetric encryption algorithm. The preset calibration data may be fixed constant data preset by a manager. Determining the user identity key according to the spliced ciphertext data may be directly using the spliced ciphertext data as the user identity key.
In the in-service use, can be with presetting comparatively complicated of calibration data setting, can improve to a certain extent and be cracked the degree of difficulty, for example: "53H 68H 65H 6EH 5AH 68H 65H 6EH 54H 6FH 6EH 67H 2EH 50H 41H 59H" is used as the preset calibration data.
It can be understood that, since the spliced ciphertext data obtained by splicing the user identity information and the target spliced data is not directly used as the transaction query code, the user identity key is generated by splicing the ciphertext data, and then the preset calibration data is encrypted by the user identity key and the preset second encryption algorithm to obtain the transaction query code, the association between the transaction query code and the user identity information is extremely difficult to find, and the possibility of obtaining the user information can be greatly reduced. And because the transaction inquiry code is generated according to the SM4 algorithm, the accuracy of the SM4 algorithm can ensure that the transaction inquiry code is not repeated, and the transaction inquiry code has uniqueness, so that the corresponding transaction record can be inquired conveniently according to the transaction inquiry code.
Further, in order to further reduce the possibility of obtaining user information, in this embodiment, before the step of performing data concatenation on the user identity information and the target concatenation data to obtain the concatenated ciphertext data, the method may further include:
binary coding the user identity information to obtain coded identity information; and carrying out binary coding on the target splicing data to obtain coded splicing data.
Correspondingly, the step of performing data concatenation on the user identity information and the target concatenation data to obtain the concatenation ciphertext data may include:
and performing data splicing on the coded identity information and the coded splicing data to obtain spliced ciphertext data.
It should be noted that the Binary code may adopt BCD (Binary-Coded deterministic ‎) coding, Binary coding is performed on the user identity information and the target concatenation data, the user identity information is converted into Binary Coded identity information, the target concatenation data is converted into Binary Coded concatenation data, and then the Coded concatenation data is concatenated with the Coded identity information, so that the concatenation ciphertext data is obtained, the resolution complexity of the concatenation ciphertext data can be further improved, and the possibility of obtaining the user information is further reduced.
Further, if the data of the user identity key is too small, the transaction query code obtained by encrypting the preset calibration data according to the user identity key and the preset second encryption algorithm may have insufficient complexity, which may reduce the security, and in order to ensure the complexity of the transaction query code, the step of determining the user identity key according to the concatenated ciphertext data in this embodiment may include:
acquiring the data size of the spliced ciphertext data, and comparing the data size with a preset size threshold value; and when the data size is larger than or equal to the preset size threshold value, using the spliced ciphertext data as a user identity key.
It should be noted that the preset size threshold may be set by a manager in advance according to actual needs, for example: the preset size threshold is set to 16 bytes.
It can be understood that, if the data size of the concatenated ciphertext data is greater than or equal to the preset size threshold, it indicates that the data size of the concatenated ciphertext data is sufficient, and using the concatenated ciphertext data as the user identity key does not cause the user identity key to be too short, and can trade the complexity of the query code, so that the concatenated ciphertext data can be directly used as the user identity key without additional processing.
Further, in order to ensure the complexity of the transaction query code, after the step of obtaining the data size of the concatenated cipher text data and comparing the data size with a preset size threshold, the method may further include:
when the data size is smaller than the preset size threshold, acquiring a data difference value between the data size and the preset size threshold; generating completion data according to a preset completion data generation rule and the data difference value; and splicing the spliced ciphertext data and the completion data to obtain a user identity key.
It can be understood that the data size of the spliced ciphertext data is smaller than the preset size threshold, which indicates that the data size of the spliced ciphertext data is complemented, and if the spliced ciphertext data is used as the user identity key, the user identity key is too short, which reduces the complexity of the transaction query code.
It should be noted that the preset completion data generation rule may be preset by a manager, for example: the completion data is generated with the rules of 01H, 02H, 03H.. 0 FH. The obtaining of the data difference value between the data size and the preset size threshold may be subtracting the data size of the concatenated ciphertext data from the preset size threshold to obtain the data difference value. The generating of the completion data according to the preset completion data generation rule and the data difference value may be generating completion data having the same data size as the data difference value according to the preset completion data generation rule.
Step S40: and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side.
It should be noted that, when the transaction record is stored according to the transaction inquiry code, the user identity information of the original record in the transaction record may be cleared, and then the transaction inquiry code is associated with the transaction record and then stored in the storage space of the transaction record security storage device. Uploading the ciphertext identity information and the transaction record to the server side can also be clearing the user identity information in the transaction record, and uploading the transaction record and the ciphertext identity information to the server side after clearing so that the server side can store the transaction record and the ciphertext identity information in the storage space of the server side.
It can be understood that the transaction record and the ciphertext identity information are uploaded to the server side to be stored, the corresponding transaction record can be inquired at the server side when needed, and the transaction record stored at the server side can be compared with the transaction record stored in the transaction record safety storage device to determine whether the transaction record in the transaction record safety storage device is tampered.
In the embodiment, when a transaction record is generated, a preset transaction tracing requirement, a preset device public key and user identity information corresponding to the transaction record are acquired; determining target splicing data according to a preset transaction tracing requirement and a transaction record, and encrypting user identity information according to a preset device public key and a preset first encryption algorithm to obtain ciphertext identity information; determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information; and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side. Because the transaction inquiry code generated according to the user identity information and the target splicing data stores the transaction record, when the user needs to inquire, the transaction inquiry code is generated in the same mode according to the user identity information and the date needing to inquire, the corresponding transaction record can be searched at the equipment end according to the generated transaction inquiry code, the inquiry process is very simple and convenient, ciphertext identity information rather than the user identity information is used during uploading, the ciphertext identity information is obtained by encrypting according to a preset equipment public key and a preset first encryption algorithm, and the ciphertext identity information is not easy to crack because the preset first encryption algorithm is an asymmetric encryption algorithm, so that the safety is extremely high, and the safety of the user privacy information in the uploading process is ensured.
Referring to fig. 3, fig. 3 is a flowchart illustrating a transaction record security storage method according to a second embodiment of the present invention.
Based on the first embodiment, after step S40, the method for securely storing transaction records in this embodiment further includes:
step S50: when a record query request sent by a user is received, determining to query user identity information and transaction tracing conditions according to the record query request.
It should be noted that when a user needs to query a historical transaction record, the user may send a record query request to the transaction record security storage device, where the record query request may include query user identity information and a transaction tracing condition, where the query user identity information may be an identity card number or a mobile phone number of the user, and the transaction tracing condition may be a query year, a query month, or a query date.
Step S60: and generating a transaction tracing inquiry code according to the inquiry user identity information and the transaction tracing condition.
It should be noted that, the generating of the transaction tracing query code according to the query user identity information and the transaction tracing condition may be the generating of the transaction tracing query code in the same manner as the generating of the transaction query code when the transaction record is stored.
Step S70: and searching a corresponding historical transaction record according to the transaction tracing inquiry code, and displaying the historical transaction record.
It can be understood that, the searching for the corresponding historical transaction record according to the transaction tracing query code may be to match the transaction tracing query code with the transaction query code corresponding to each transaction record stored in the transaction record security storage device, and use the successfully matched transaction record as the historical transaction record. The displaying of the historical transaction record may be sending the historical transaction record to the user terminal for displaying, or displaying on a display device of the transaction record security storage device, which is not limited in this embodiment.
In the embodiment, when a record query request sent by a user is received, identity information of the queried user and a transaction tracing condition are determined according to the record query request; generating a transaction tracing inquiry code according to the inquiry user identity information and the transaction tracing condition; and searching a corresponding historical transaction record according to the transaction tracing inquiry code, and displaying the historical transaction record. Because the record query request can comprise the query user identity information and the transaction tracing condition, the corresponding historical transaction record can be quickly searched by generating the transaction tracing query code according to the query user identity information and the transaction tracing condition in the same way as the transaction query code generated when the transaction record is stored, so that the historical transaction record can be quickly traced at the equipment end.
Furthermore, an embodiment of the present invention further provides a storage medium, where the storage medium stores a transaction record security storage program, and the transaction record security storage program, when executed by a processor, implements the steps of the transaction record security storage method as described above.
Referring to fig. 4, fig. 4 is a block diagram illustrating a first embodiment of a transaction record security storage device according to the present invention.
As shown in fig. 4, the transaction record security storage device according to the embodiment of the present invention includes:
the information obtaining module 401 is configured to obtain a preset transaction tracing requirement, a preset device public key, and user identity information corresponding to a transaction record when the transaction record is generated;
an information encryption module 402, configured to determine target splicing data according to the preset transaction tracing requirement and the transaction record, and encrypt the user identity information according to the preset device public key and a preset first encryption algorithm to obtain ciphertext identity information;
a data splicing module 403, configured to determine, according to the target splicing data and the user identity information, a transaction query code corresponding to the transaction record;
and the data storage module 404 is configured to store the transaction record according to the transaction query code, and upload the ciphertext identity information and the transaction record to a server.
In the embodiment, when a transaction record is generated, a preset transaction tracing requirement, a preset device public key and user identity information corresponding to the transaction record are acquired; determining target splicing data according to a preset transaction tracing requirement and a transaction record, and encrypting user identity information according to a preset device public key and a preset first encryption algorithm to obtain ciphertext identity information; determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information; and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side. Because the transaction inquiry code generated according to the user identity information and the target splicing data stores the transaction record, when the user needs to inquire, the transaction inquiry code is generated in the same mode according to the user identity information and the date needing to inquire, the corresponding transaction record can be searched at the equipment end according to the generated transaction inquiry code, the inquiry process is very simple and convenient, ciphertext identity information rather than the user identity information is used during uploading, the ciphertext identity information is obtained by encrypting according to a preset equipment public key and a preset first encryption algorithm, and the ciphertext identity information is not easy to crack because the preset first encryption algorithm is an asymmetric encryption algorithm, so that the safety is extremely high, and the safety of the user privacy information in the uploading process is ensured.
Further, the data splicing module 403 is further configured to perform data splicing on the user identity information and the target spliced data to obtain spliced ciphertext data; determining a user identity key according to the spliced ciphertext data; and encrypting preset calibration data through the user identity key and a preset second encryption algorithm to obtain the transaction inquiry code.
Further, the information encryption module 402 is configured to perform binary encoding on the user identity information to obtain encoded identity information; carrying out binary coding on the target splicing data to obtain coded splicing data;
the data splicing module 403 is further configured to perform data splicing on the encoded identity information and the encoded splicing data to obtain spliced ciphertext data.
Further, the data splicing module 403 is further configured to obtain a data size of the spliced ciphertext data, and compare the data size with a preset size threshold; and when the data size is larger than or equal to the preset size threshold value, using the spliced ciphertext data as a user identity key.
Further, the data splicing module 403 is further configured to obtain a data difference between the data size and the preset size threshold when the data size is smaller than the preset size threshold; generating completion data according to a preset completion data generation rule and the data difference value; and splicing the spliced ciphertext data and the completion data to obtain a user identity key.
Further, the information obtaining module 401 is further configured to obtain an equipment identifier, and generate a key obtaining request according to the equipment identifier; sending the key acquisition request to a server side so that the server side feeds back a public key certificate according to the key acquisition request; and when the public key certificate fed back by the server is received, analyzing the public key certificate to obtain a preset equipment public key.
Further, the data storage module 404 is further configured to determine, when receiving a record query request sent by a user, to query user identity information and a transaction tracing condition according to the record query request; generating a transaction tracing inquiry code according to the inquiry user identity information and the transaction tracing condition; and searching a corresponding historical transaction record according to the transaction tracing inquiry code, and displaying the historical transaction record.
It should be understood that the above is only an example, and the technical solution of the present invention is not limited in any way, and in a specific application, a person skilled in the art may set the technical solution as needed, and the present invention is not limited thereto.
It should be noted that the above-described work flows are only exemplary, and do not limit the scope of the present invention, and in practical applications, a person skilled in the art may select some or all of them to achieve the purpose of the solution of the embodiment according to actual needs, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment may refer to the transaction record security storage method provided in any embodiment of the present invention, and are not described herein again.
Further, it is to be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention or portions thereof that contribute to the prior art may be embodied in the form of a software product, where the computer software product is stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk), and includes several instructions for enabling a terminal device (e.g. a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A transaction record safe storage method is characterized by comprising the following steps:
when a transaction record is generated, acquiring a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record;
determining target splicing data according to the preset transaction tracing requirement and the transaction record, and encrypting the user identity information according to the preset equipment public key and a preset first encryption algorithm to obtain ciphertext identity information;
determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information;
and storing the transaction record according to the transaction inquiry code, and uploading the ciphertext identity information and the transaction record to a server side.
2. The method for securely storing transaction records according to claim 1, wherein the step of determining the transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information comprises:
performing data splicing on the user identity information and the target splicing data to obtain spliced ciphertext data;
determining a user identity key according to the spliced ciphertext data;
and encrypting preset calibration data through the user identity key and a preset second encryption algorithm to obtain the transaction inquiry code.
3. The method for securely storing transaction records according to claim 2, wherein before the step of data-splicing the user identity information and the target splicing data to obtain the spliced ciphertext data, the method further comprises:
binary coding the user identity information to obtain coded identity information;
carrying out binary coding on the target splicing data to obtain coded splicing data;
correspondingly, the step of performing data splicing on the user identity information and the target splicing data to obtain spliced ciphertext data includes:
and performing data splicing on the coded identity information and the coded splicing data to obtain spliced ciphertext data.
4. The method for securely storing transaction records according to claim 2, wherein the step of determining a user identity key based on the concatenated ciphertext data comprises:
acquiring the data size of the spliced ciphertext data, and comparing the data size with a preset size threshold value;
and when the data size is larger than or equal to the preset size threshold value, using the spliced ciphertext data as a user identity key.
5. The method for securely storing transaction records according to claim 4, wherein after the step of obtaining the data size of the concatenated ciphertext data and comparing the data size with a preset size threshold, the method further comprises:
when the data size is smaller than the preset size threshold, acquiring a data difference value between the data size and the preset size threshold;
generating completion data according to a preset completion data generation rule and the data difference value;
and splicing the spliced ciphertext data and the completion data to obtain a user identity key.
6. The method for securely storing transaction records according to any one of claims 1 to 5, wherein before the step of obtaining the preset transaction tracing back requirement, the preset device public key and the user identity information corresponding to the transaction record when the transaction record is generated, the method further comprises:
acquiring an equipment identification code, and generating a key acquisition request according to the equipment identification code;
sending the key acquisition request to a server side so that the server side feeds back a public key certificate according to the key acquisition request;
and when the public key certificate fed back by the server is received, analyzing the public key certificate to obtain a preset equipment public key.
7. The method for securely storing transaction records according to any one of claims 1 to 5, wherein after the steps of storing the transaction record according to the transaction inquiry code and uploading the ciphertext identity information and the transaction record to the server, the method further comprises:
when a record query request sent by a user is received, determining query user identity information and transaction tracing conditions according to the record query request;
generating a transaction tracing inquiry code according to the inquiry user identity information and the transaction tracing condition;
and searching a corresponding historical transaction record according to the transaction tracing inquiry code, and displaying the historical transaction record.
8. A transaction record secure storage device, comprising:
the information acquisition module is used for acquiring a preset transaction tracing requirement, a preset equipment public key and user identity information corresponding to the transaction record when the transaction record is generated;
the information encryption module is used for determining target splicing data according to the preset transaction tracing requirement and the transaction record and encrypting the user identity information according to the preset equipment public key and a preset first encryption algorithm to obtain ciphertext identity information;
the data splicing module is used for determining a transaction inquiry code corresponding to the transaction record according to the target splicing data and the user identity information;
and the data storage module is used for storing the transaction record according to the transaction inquiry code and uploading the ciphertext identity information and the transaction record to a server.
9. A transaction record secure storage device, the transaction record secure storage device comprising: a processor, a memory and a transaction record secure storage program stored on the memory and executable on the processor, the transaction record secure storage program when executed by the processor implementing the steps of the transaction record secure storage method of any one of claims 1 to 7.
10. A computer-readable storage medium, having a transaction record secure storage program stored thereon, which when executed performs the steps of the transaction record secure storage method of any one of claims 1-7.
CN202110748819.6A 2021-07-02 2021-07-02 Transaction record safe storage method, device, equipment and storage medium Active CN113204794B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110748819.6A CN113204794B (en) 2021-07-02 2021-07-02 Transaction record safe storage method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110748819.6A CN113204794B (en) 2021-07-02 2021-07-02 Transaction record safe storage method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113204794A true CN113204794A (en) 2021-08-03
CN113204794B CN113204794B (en) 2021-10-15

Family

ID=77022709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110748819.6A Active CN113204794B (en) 2021-07-02 2021-07-02 Transaction record safe storage method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113204794B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070080204A1 (en) * 2005-10-12 2007-04-12 David Mulcahy Electronic receipt delivery method
US20080219597A1 (en) * 2007-03-07 2008-09-11 Sharp Kabushiki Kaisha Search device, search system, search device control method, search device control program, and computer-readable recording medium
CN101493841A (en) * 2009-02-23 2009-07-29 深圳市中科新业信息科技发展有限公司 Searching method and device
US20090234845A1 (en) * 2006-02-22 2009-09-17 Desantis Raffaele Lawful access; stored data handover enhanced architecture
CN102592094A (en) * 2012-02-24 2012-07-18 泉州天地星电子有限公司 Novel data encryption storage and exchange system
CN103119622A (en) * 2010-09-21 2013-05-22 株式会社购买战略研究所 Method of assisting purchase, device and system
CN103914541A (en) * 2014-04-03 2014-07-09 小米科技有限责任公司 Information search method and device
US20140289033A1 (en) * 2013-03-19 2014-09-25 Ricardo Alonso Ortigoza Methods and Systems for Uploading, Trading and Exchanging Loyalty Points on Social Media Websites
CN104268298A (en) * 2014-10-27 2015-01-07 中电海康集团有限公司 Method for creating database index and inquiring data
CN104392405A (en) * 2014-11-14 2015-03-04 杭州银江智慧医疗集团有限公司 Electronic medical record safety system
US20160140213A1 (en) * 2014-03-07 2016-05-19 Rakuten, Inc. Search device, search method, program, and storage medium
CN107276754A (en) * 2017-07-10 2017-10-20 北京云知科技有限公司 A kind of method and device that private key is largely generated based on block chain
RU2016147412A (en) * 2016-12-05 2018-06-05 Общество с ограниченной ответственностью "Новые страховые технологии" Method for recording and authenticating recorded video data
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
CN111914291A (en) * 2020-07-28 2020-11-10 广州市百果园信息技术有限公司 Message processing method, device, equipment and storage medium

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070080204A1 (en) * 2005-10-12 2007-04-12 David Mulcahy Electronic receipt delivery method
US20090234845A1 (en) * 2006-02-22 2009-09-17 Desantis Raffaele Lawful access; stored data handover enhanced architecture
US20080219597A1 (en) * 2007-03-07 2008-09-11 Sharp Kabushiki Kaisha Search device, search system, search device control method, search device control program, and computer-readable recording medium
CN101493841A (en) * 2009-02-23 2009-07-29 深圳市中科新业信息科技发展有限公司 Searching method and device
CN103119622A (en) * 2010-09-21 2013-05-22 株式会社购买战略研究所 Method of assisting purchase, device and system
CN102592094A (en) * 2012-02-24 2012-07-18 泉州天地星电子有限公司 Novel data encryption storage and exchange system
US20140289033A1 (en) * 2013-03-19 2014-09-25 Ricardo Alonso Ortigoza Methods and Systems for Uploading, Trading and Exchanging Loyalty Points on Social Media Websites
US20160140213A1 (en) * 2014-03-07 2016-05-19 Rakuten, Inc. Search device, search method, program, and storage medium
CN103914541A (en) * 2014-04-03 2014-07-09 小米科技有限责任公司 Information search method and device
CN104268298A (en) * 2014-10-27 2015-01-07 中电海康集团有限公司 Method for creating database index and inquiring data
CN104392405A (en) * 2014-11-14 2015-03-04 杭州银江智慧医疗集团有限公司 Electronic medical record safety system
RU2016147412A (en) * 2016-12-05 2018-06-05 Общество с ограниченной ответственностью "Новые страховые технологии" Method for recording and authenticating recorded video data
CN107276754A (en) * 2017-07-10 2017-10-20 北京云知科技有限公司 A kind of method and device that private key is largely generated based on block chain
CN109150923A (en) * 2018-11-06 2019-01-04 江苏怡通数码科技有限公司 Transmitted data on network security processing based on Hybrid Encryption
CN111914291A (en) * 2020-07-28 2020-11-10 广州市百果园信息技术有限公司 Message processing method, device, equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
B.K. JEEVITHA ET AL: "SSEIM: An Efficient Search Scheme over Encrypted Data with Indexing on Mobile Cloud", 《2019 FIFTEENTH INTERNATIONAL CONFERENCE ON INFORMATION PROCESSING (ICINPRO)》 *
周彦伟 等: "抵抗泄露攻击的可撤销IBE机制", 《计算机学报》 *
钟诚 等: "《电子商务安全》", 30 June 2004 *

Also Published As

Publication number Publication date
CN113204794B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN110324143B (en) Data transmission method, electronic device and storage medium
EP1489551B1 (en) Biometric authentication system employing various types of biometric data
CN109587162B (en) Login verification method, device, terminal, password server and storage medium
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN108965222B (en) Identity authentication method, system and computer readable storage medium
US11163867B2 (en) Method and system for authorizing acquisition of attack alarm information log of terminal
CN108833361B (en) Identity authentication method and device based on virtual account
CN113221128B (en) Account and password storage method and registration management system
CN110830471B (en) OTP (one time password) verification method, server, client and computer-readable storage medium
CN108667784B (en) System and method for protecting internet identity card verification information
CN111327629B (en) Identity verification method, client and server
CN108494783A (en) The guard method of high in the clouds data
CN113282944B (en) Intelligent lock unlocking method and device, electronic equipment and storage medium
CN105553980A (en) Safety fingerprint identification system and method based on cloud computing
CN111739200B (en) Fingerprint electronic lock and encryption and decryption authentication method thereof
CN111404892B (en) Data supervision method and device and server
CN109039997B (en) Secret key obtaining method, device and system
CN115982761A (en) Sensitive information processing method and device, electronic equipment and storage medium
CN113204794B (en) Transaction record safe storage method, device, equipment and storage medium
CN104102858A (en) Application program encryption processing method, application program encryption processing device and terminal
CN116366289A (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle
CN113946862A (en) Data processing method, device and equipment and readable storage medium
US11088824B2 (en) Method and apparatus for use in information processing
CN114245374A (en) Security authentication method, system and related equipment
CN111859423A (en) Information security encryption method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant