CN114549206A - Transaction anti-repudiation method, system, electronic equipment and readable storage medium - Google Patents

Transaction anti-repudiation method, system, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN114549206A
CN114549206A CN202210174631.XA CN202210174631A CN114549206A CN 114549206 A CN114549206 A CN 114549206A CN 202210174631 A CN202210174631 A CN 202210174631A CN 114549206 A CN114549206 A CN 114549206A
Authority
CN
China
Prior art keywords
information
client
server
request message
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210174631.XA
Other languages
Chinese (zh)
Inventor
曹建锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CITIC Aibank Corp Ltd
Original Assignee
CITIC Aibank Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CITIC Aibank Corp Ltd filed Critical CITIC Aibank Corp Ltd
Priority to CN202210174631.XA priority Critical patent/CN114549206A/en
Publication of CN114549206A publication Critical patent/CN114549206A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computing Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a method, a system, electronic equipment and a readable storage medium for resisting repudiation of a transaction, wherein the method comprises the steps that a client encrypts plaintext information by using a symmetric encryption algorithm agreed by two parties to generate ciphertext information which is arranged in a request message body; the client signs the plaintext information by using an asymmetric algorithm and a client private key certificate to generate signature information which is arranged in a request message header; the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and the request message header; the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two sides to generate ciphertext information, and the ciphertext information is placed in the request message body; and the server uses an asymmetric algorithm and a server private key certificate to sign the plaintext information to generate signature information, and the signature information is placed in a request message header. The method ensures confidentiality and integrity of the transmission message and realizes anti-repudiation of the transaction.

Description

Transaction anti-repudiation method, system, electronic equipment and readable storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, a system, an electronic device, and a readable storage medium for resisting repudiation in a transaction.
Background
In the process of popularization of application of the internet, more sites open own resources to developers for calling. API calls provided externally enable content relevance among sites to be stronger, and meanwhile, the open platforms bring greater values to users, developers and small and medium websites.
Openness is a development trend, and more products tend to be open. Commercial banks also continuously expose mature products to cooperation institutions or users for calling in the form of API interfaces, so that the user viscosity is increased, meanwhile, higher-quality financial services are provided, and convenience and value are brought to larger customer groups.
At present, a set of external connection platforms are generally adopted for information interaction between a traditional commercial bank and an external partner for access, and access is verified by setting a network white list mechanism. In order to ensure the data interaction tamper resistance and the transaction tamper resistance, the SSL channel is established on the transmission channel layer, the confidentiality of the transmission channel is ensured, and the bank-enterprise direct connection identity authentication, the transmission integrity, the transmission message confidentiality and the like are realized, so that the safe transmission of the transaction request is realized. In summary, the traditional API service needs more powerful security protection and reinforcement capability in many aspects such as security and stability, so as to reduce the transaction risk and reduce unnecessary property loss.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides a transaction anti-repudiation method, a transaction anti-repudiation system, electronic equipment and a readable storage medium, which can effectively realize the integrity and confidentiality of message transmission and ensure the anti-tampering of data interaction and the transaction anti-repudiation.
In order to achieve the above purpose, the technical scheme adopted by the invention comprises the following steps:
the invention discloses a first aspect of a transaction anti-repudiation method, which comprises the following steps:
the client side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two parties to generate ciphertext information which is placed in the request message body;
the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and the request message header;
the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two sides to generate ciphertext information, and the ciphertext information is placed in the request message body;
the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
and the client receives the response information of the server, decrypts the ciphertext information by using the client key to generate plaintext information, and meanwhile, checks the signature by using the server public key certificate and the request message header.
Further, before the client encrypts plaintext information by using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the steps that the client applies for opening an account at the server, uploads user name and password information, and the server generates a client symmetric key and sends the client symmetric key to the client.
Further, before the client encrypts plaintext information by using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the step of exchanging public key information between the client and the server.
Further, the method further comprises the step that the client encrypts the password information.
Further, the method also comprises the step that the client encrypts plaintext information by using a symmetric encryption algorithm agreed by both parties on the user name and the encrypted password information to generate ciphertext information, and the ciphertext information is placed in the request message body.
Further, the client encrypting the password information includes the client generating a dynamic password to encrypt the password information.
Further, before the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by both sides to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the step that the server side verifies the correctness of the password information.
Further, before the client encrypts plaintext information by using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the step of establishing an SSL channel between the client and the server to ensure the confidentiality of a transmission channel.
Further, the method further comprises:
step N1, the client transmits the version number of the SSL protocol of the client, the encryption algorithm kind and the generated random number to the server;
step N2, the server transmits the version number of the SSL protocol of the client, the encryption algorithm kind, the generated random number and other related information to the client, and meanwhile, the server transmits a server public key certificate to the client;
step N3, the client verifies the legality of the server; if the validity verification is not passed, the communication is disconnected; if the validity verification is passed, the next step is continuously executed;
step N4, the client randomly generates a client symmetric key for subsequent communication, encrypts the client symmetric key by using the public key certificate of the server, and transmits the encrypted client symmetric key to the server; the symmetric key is used for encryption and decryption processing of secure data communication of an SSL protocol;
step N5, the client and the server communicate with each other, and the handshake process is finished;
and step N6, starting data communication of the SSL channel, and starting data communication between the client and the server by using the same symmetric key, and simultaneously carrying out communication integrity verification.
The second aspect of the invention discloses a trade anti-repudiation system, which comprises:
the client side encrypts plaintext information by using a symmetric encryption algorithm agreed by both sides to generate ciphertext information, and the ciphertext information is placed in the request message body; the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
the server receives a request of the client, decrypts the ciphertext information by using a client key to generate plaintext information, and verifies and signs by using a client public key certificate and a request message header;
the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two parties to generate ciphertext information, and the ciphertext information is placed in the request message body; the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
and the second verification module is used for receiving the response information of the server by the client, decrypting the ciphertext information by using the client key to generate plaintext information, and verifying and signing by using the server public key certificate and the request message header.
A third aspect of the invention discloses a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method described above.
The fourth aspect of the invention discloses an electronic device, comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method by calling the operation instruction.
A fourth aspect of the invention discloses a computer program product comprising a computer program and/or instructions which, when executed by a processor, performs the steps of the method as described above.
The invention has the beneficial effects that:
by adopting the method, the system, the electronic equipment and the readable storage medium for resisting the repudiation of the transaction, the system carries out data analysis in the process of processing message transmission by setting the parameter information of the request message based on the method, and completes the operations of user identification and authentication, transaction data decryption, signature verification and the like according to different transaction types. On the basis of meeting the basic requirements of low loss, high performance and the like of the traditional message transmission request, the identity identification of a requesting user is realized, the confidentiality and the integrity of the transmission message are guaranteed, and the true anti-repudiation and anti-tampering of the transaction are achieved.
Drawings
Fig. 1 is a schematic flow chart of a transaction anti-repudiation method according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a transmission channel encryption method according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a transaction anti-repudiation system according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
The invention relates to a transaction anti-repudiation method with a step flow shown in figure 1, which comprises the following steps:
step S1, the client uses the symmetric encryption algorithm agreed by both parties to encrypt the plaintext information, generates the ciphertext information, and places the ciphertext information in the request message body (body. msg _ content); the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signed information, and the signed information is placed in a request message header (head.sign);
step S2, the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and a request message header (head.sign) to ensure that the data is not tampered;
step S3, the server side encrypts the plaintext information by using the symmetric encryption algorithm agreed by both sides, generates the ciphertext information, and places the ciphertext information in the request message body (body. msg _ content); the server side uses an asymmetric algorithm and a server side private key certificate to sign plaintext information, signature information is generated and is placed in a request message header (head.sign);
step S4, the client receives the response information of the server, decrypts the ciphertext information using the client key, generates plaintext information, and verifies the signature using the server public key certificate and the request header (head.sign) to ensure that the data is not tampered.
And circularly repeating the steps S1-S4 until the service is ended.
Optionally, before the step S1, the method further includes the client applying for opening an account at the server, uploading user name and password information, and the server generating a client symmetric key and sending the client symmetric key to the client.
Optionally, before the step S1, the method further includes that the client exchanges public key information with the server.
In this embodiment, after the symmetric key is generated for the first time, it is not actively generated under normal conditions, and a new symmetric key is generated again after the interface is reinitialized or called, so as to control the life cycle of the symmetric key accordingly.
In this embodiment, the client and the server encrypt plaintext information by a symmetric algorithm (e.g., SM4/3DES), generate ciphertext information to be placed in a request message body (body.msg _ content), ensure integrity of a transmission message, sign by using an asymmetric algorithm through a local private key certificate (e.g., MD5WithRSA/SM3WithSM2), generate a signature to be placed in a request message header (head.sign), and ensure confidentiality of the transmission message.
In an actual business scenario, through the method shown in the above embodiment, a user may perform some basic services with low requirements on security, such as browsing general information and financial news that are not related to security.
Example two
On the basis of the first embodiment, an identity authentication process is added according to actual business requirements, and particularly, before a client initiates business transaction for the first time, user authorization login is required.
The invention relates to another transaction anti-repudiation method, which comprises the following steps:
step P1, the client encrypts the password information;
step P2, the client encrypts the plaintext information by using the symmetric encryption algorithm agreed by both parties for the user name and the encrypted password information to generate ciphertext information, and places the ciphertext information in a request message body (body.msg _ content); the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signed information, and the signed information is placed in a request message header (head.sign);
step P3, the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and a request message header (head.sign) to ensure that the data is not tampered;
step P4, the server side verifies the correctness of the password information, in order to prevent the client side application from repeatedly obtaining the authorized Token, each client side generates no more than 10 keys at any time for issuing, and the keys are placed in a return message header (head. App _ Auth _ Token);
step P5, the server side uses the symmetric encryption algorithm agreed by both sides to encrypt the plaintext information, generates the ciphertext information, and places the ciphertext information in the request message body (body. msg _ content); the server side uses an asymmetric algorithm and a server side private key certificate to sign plaintext information, signature information is generated and is placed in a request message header (head.sign);
step P6, the client receives the response information of the server, decrypts the ciphertext information by using the client key to generate plaintext information, and meanwhile checks the signature by using the server public key certificate and a request message header (head.sign) to ensure that the data is not tampered;
step P7, the client caches a request message header (head. app _ Auth _ Token), and sets the request message header (head. app _ Auth _ Token) for the server to perform user authorization authentication when a subsequent normal service request is made.
In an actual business scenario, through the method shown in the above embodiment, a user may perform some core services with high requirements on security, such as performing financial transactions, purchasing financial service products, and the like. And the safety of the transaction is improved through the user identity authentication.
EXAMPLE III
On the basis of the first embodiment, the method further includes that the client establishes an SSL channel with the server, so as to ensure confidentiality of the transmission channel.
The invention relates to another step flow, which is shown in the flow diagram of the transmission channel encryption method shown in fig. 2, and the method comprises the following steps:
step N1, the client transmits the version number of the SSL protocol of the client, the encryption algorithm kind and the generated random number to the server;
step N2, the server transmits the version number of the SSL protocol of the client, the encryption algorithm kind, the generated random number and other related information to the client, and meanwhile, the server transmits a server public key certificate to the client;
step N3, the client verifies the legality of the server; if the validity verification is not passed, the communication is disconnected; if the validity verification is passed, the next step is continuously executed;
step N4, the client randomly generates a client symmetric key for subsequent communication, encrypts the client symmetric key by using the public key certificate of the server, and transmits the encrypted client symmetric key to the server; the symmetric key is used for encryption and decryption processing of secure data communication of an SSL protocol;
step N5, the client sends a message to the server indicating that the symmetric key is used for subsequent data communication, and notifies the server that the handshake process is finished;
step N6, the server sends a message to the client indicating that the symmetric key is used for subsequent data communication, and notifies the client that the handshake process is finished;
and step N7, starting data communication of the SSL channel, and starting data communication between the client and the server by using the same symmetric key, and simultaneously carrying out communication integrity verification.
The embodiment of the application provides a method for resisting repudiation of a transaction, which comprises the steps that a client side encrypts plaintext information by using a symmetric encryption algorithm agreed by two parties to generate ciphertext information, and the ciphertext information is placed in a request message body; the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header; the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and the request message header; the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two sides to generate ciphertext information, and the ciphertext information is placed in the request message body; the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header; and the client receives the response information of the server, decrypts the ciphertext information by using the client key to generate plaintext information, and meanwhile, checks the signature by using the server public key certificate and the request message header. The method is applied to a commercial bank financial service platform, the financial service platform simultaneously serves an inline business party and an external partner mechanism, and the financial service platform is a financial system software which packages inline financial capacity to meet the requirement of the offline through a technical means. The method realizes the identification of the requesting user on the basis of meeting the basic requirements of low loss, high performance and the like of the traditional message transmission request, ensures the confidentiality and integrity of the transmission message and achieves the purposes of true repudiation resistance and tamper resistance of transaction.
Another aspect of the present invention also relates to a transaction anti-repudiation system, which is structured as shown in fig. 3, and includes:
the client side encrypts plaintext information by using a symmetric encryption algorithm agreed by both sides to generate ciphertext information, and the ciphertext information is placed in the request message body; the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
the server receives a request of the client, decrypts the ciphertext information by using a client key to generate plaintext information, and verifies and signs by using a client public key certificate and a request message header;
the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two parties to generate ciphertext information, and the ciphertext information is placed in the request message body; the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
and the second verification module is used for receiving the response information of the server by the client, decrypting the ciphertext information by using the client key to generate plaintext information, and verifying and signing by using the server public key certificate and the request message header.
By using this system, the above-described arithmetic processing method can be executed and a corresponding technical effect can be achieved.
Embodiments of the present invention also provide a computer-readable storage medium capable of implementing all the steps of the method in the above embodiments, the computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements all the steps of the method in the above embodiments.
Embodiments of the present invention also provide an electronic device for executing the method, as an implementation apparatus of the method, the electronic device at least has a processor and a memory, in particular, the memory stores data required for executing the method and related computer programs, such as the like, and all steps of the implementation method are executed by calling the data and programs in the memory by the processor, and corresponding technical effects are obtained.
Preferably, the electronic device may comprise a bus architecture, which may include any number of interconnected buses and bridges linking together various circuits including one or more processors and memory. The bus may also link various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the receiver and transmitter. The receiver and transmitter may be the same element, i.e., a transceiver, providing a means for communicating with various other systems over a transmission medium. The processor is responsible for managing the bus and general processing, while the memory may be used for storing data used by the processor in performing operations.
Additionally, the electronic device may further include a communication module, an input unit, an audio processor, a display, a power source, and the like. The processor (or controller, operation control) may include a microprocessor or other processor device and/or logic device, which receives input and controls the operation of various components of the electronic device; the memory may be one or more of a buffer, a flash memory, a hard drive, a removable medium, a volatile memory, a non-volatile memory or other suitable devices, and may store the above related data information, and may further store a program for executing the related information, and the processor may execute the program stored in the memory to realize information storage or processing, etc.; the input unit is used for providing input to the processor, and can be a key or a touch input device; the power supply is used for supplying power to the electronic equipment; the display is used for displaying display objects such as images and characters, and may be an LCD display, for example. The communication module is a transmitter/receiver that transmits and receives signals via an antenna. The communication module (transmitter/receiver) is coupled to the processor to provide an input signal and receive an output signal, which may be the same as in the case of a conventional mobile communication terminal. Based on different communication technologies, a plurality of communication modules, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be disposed in the same electronic device. The communication module (transmitter/receiver) is also coupled to a speaker and a microphone via an audio processor to provide audio output via the speaker and receive audio input from the microphone to implement the usual telecommunication functions. The audio processor may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor is also coupled to the central processor, so that recording on the local machine can be realized through the microphone, and sound stored on the local machine can be played through the loudspeaker.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create a system for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including an instruction system which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (13)

1. A method of transaction anti-repudiation, comprising:
the client side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two parties to generate ciphertext information which is placed in the request message body;
the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
the server receives the request of the client, decrypts the ciphertext information by using the client key to generate plaintext information, and verifies the signature by using the client public key certificate and the request message header;
the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two sides to generate ciphertext information, and the ciphertext information is placed in the request message body;
the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
and the client receives the response information of the server, decrypts the ciphertext information by using the client key to generate plaintext information, and meanwhile, checks the signature by using the server public key certificate and the request message header.
2. The method according to claim 1, wherein before the client encrypts plaintext information using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the client applying for opening an account at the server, uploading user name and password information, and the server generating a client symmetric key and sending the client symmetric key to the client.
3. The method according to claim 2, wherein before the client encrypts plaintext information using a symmetric encryption algorithm agreed by both parties to generate ciphertext information to be placed in a request message body, the method further comprises the client and the server interchanging public key information.
4. The method of claim 2, further comprising the client encrypting the cryptographic information.
5. The method of claim 4, further comprising the step of encrypting plaintext information by the client through a symmetric encryption algorithm agreed by both parties for the user name and the encrypted password information to generate ciphertext information, and placing the ciphertext information in the request message body.
6. The method of claim 4, wherein the client encrypting the cryptographic information comprises the client generating a dynamic password to encrypt the cryptographic information.
7. The method as claimed in claim 5, wherein, before the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the server side verifying the correctness of the password information.
8. The method as claimed in any one of claims 1 to 7, wherein before the client encrypts plaintext information using a symmetric encryption algorithm agreed by both parties to generate ciphertext information and places the ciphertext information in a request message body, the method further comprises the client establishing an SSL channel with the server to ensure confidentiality of a transmission channel.
9. The method of claim 8, wherein the method further comprises:
step N1, the client transmits the version number of the SSL protocol of the client, the encryption algorithm kind and the generated random number to the server;
step N2, the server transmits the version number of the SSL protocol of the client, the encryption algorithm kind, the generated random number and other related information to the client, and meanwhile, the server transmits a server public key certificate to the client;
step N3, the client verifies the legality of the server; if the validity verification is not passed, the communication is disconnected; if the validity verification is passed, the next step is continuously executed;
step N4, the client randomly generates a client symmetric key for subsequent communication, encrypts the client symmetric key by using the public key certificate of the server, and transmits the encrypted client symmetric key to the server; the symmetric key is used for encryption and decryption processing of secure data communication of an SSL protocol;
step N5, the client and the server communicate with each other, and the handshake process is finished;
and step N6, starting data communication of the SSL channel, and starting data communication between the client and the server by using the same symmetric key, and simultaneously carrying out communication integrity verification.
10. A transaction anti-repudiation system, comprising:
the client side encrypts plaintext information by using a symmetric encryption algorithm agreed by both sides to generate ciphertext information, and the ciphertext information is placed in the request message body; the client uses an asymmetric algorithm and a client private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
the server receives a request of the client, decrypts the ciphertext information by using a client key to generate plaintext information, and verifies and signs by using a client public key certificate and a request message header;
the server side encrypts plaintext information by using a symmetric encryption algorithm agreed by the two parties to generate ciphertext information, and the ciphertext information is placed in the request message body; the server uses an asymmetric algorithm and a server private key certificate to sign plaintext information to generate signature information, and the signature information is placed in a request message header;
and the second verification module is used for receiving the response information of the server by the client, decrypting the ciphertext information by using the client key to generate plaintext information, and verifying and signing by using the server public key certificate and the request message header.
11. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 9.
12. An electronic device comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method of any one of claims 1 to 9 by calling the operation instruction.
13. A computer program product comprising a computer program and/or instructions, characterized in that the computer program and/or instructions, when executed by a processor, implement the steps of the method of any one of claims 1 to 9.
CN202210174631.XA 2022-02-24 2022-02-24 Transaction anti-repudiation method, system, electronic equipment and readable storage medium Pending CN114549206A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210174631.XA CN114549206A (en) 2022-02-24 2022-02-24 Transaction anti-repudiation method, system, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210174631.XA CN114549206A (en) 2022-02-24 2022-02-24 Transaction anti-repudiation method, system, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114549206A true CN114549206A (en) 2022-05-27

Family

ID=81680361

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210174631.XA Pending CN114549206A (en) 2022-02-24 2022-02-24 Transaction anti-repudiation method, system, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114549206A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things

Similar Documents

Publication Publication Date Title
CN108965230B (en) Secure communication method, system and terminal equipment
CN111314274B (en) Vehicle-mounted terminal and center platform bidirectional authentication method and system
CN107358441B (en) Payment verification method and system, mobile device and security authentication device
CN110380852A (en) Mutual authentication method and communication system
CN110417750A (en) File based on block chain technology is read and method, terminal device and the storage medium of storage
CN105027107A (en) Secure virtual machine migration
CN105007279A (en) Authentication method and authentication system
CN104170312A (en) Method and device for secure communications over a network using a hardware security engine
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
CN103036681B (en) A kind of password safety keyboard device and system
US9438595B2 (en) Network resource access control methods and systems using transactional artifacts
CN109741068A (en) Internetbank inter-bank contracting method, apparatus and system
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN111429138A (en) Block link point data safety interaction method and first interaction node
CN111949958B (en) Authorization authentication method and device in Oauth protocol
CN112235294B (en) Block chain cooperative authority control method and device
CN113364597A (en) Privacy information proving method and system based on block chain
CN110445840A (en) A method of file storage and reading based on block chain technology
CN111949959B (en) Authorization authentication method and device in Oauth protocol
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN111931209A (en) Contract information verification method and device based on zero knowledge certification
CN106656507B (en) A kind of digital certificate method and device based on mobile terminal
CN111464295B (en) Bank card making method and device
CN110335040A (en) Resource transfers method, apparatus, electronic equipment and storage medium
CN114549206A (en) Transaction anti-repudiation method, system, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination