CN114626944A - Service processing method and device - Google Patents
Service processing method and device Download PDFInfo
- Publication number
- CN114626944A CN114626944A CN202210118949.6A CN202210118949A CN114626944A CN 114626944 A CN114626944 A CN 114626944A CN 202210118949 A CN202210118949 A CN 202210118949A CN 114626944 A CN114626944 A CN 114626944A
- Authority
- CN
- China
- Prior art keywords
- key
- signature
- service platform
- transaction information
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The specification discloses a business processing method and a device, wherein a public key distributed to a collection device by a service platform when the collection device leaves a factory and a signature secret key distributed by the service platform in each business period are stored in the collection device, the collection device can encrypt transaction information of a user based on the public key when monitoring a transaction request to obtain encrypted transaction information, determine a digital signature corresponding to the encrypted transaction information according to the signature secret key in the current business period, send the encrypted transaction information and the digital signature to the service platform, the service platform can receive the encrypted transaction information and the digital signature, verify the signature of the digital signature according to the signature secret key in the current business period, and decrypt the encrypted transaction information based on the public key corresponding to the private key after passing the verification, and transaction information is obtained, so that the safety of communication between the money receiving equipment and the service platform is improved.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for processing a service.
Background
With the continuous improvement of the technological level, people can conveniently carry out offline transaction in the form of online payment of code scanning payment, thereby greatly improving the convenience of offline transaction of people.
In the prior art, for a service platform for maintaining a code scanning payment service, after people perform code scanning payment based on a collection device, the collection device needs to send transaction information to the service platform, but certain information safety hazards may exist when the transaction information is sent to the service platform.
Therefore, how to improve the information security is an urgent problem to be solved.
Disclosure of Invention
The present specification provides a service processing method and apparatus, so as to partially solve the above problems in the prior art.
The technical scheme adopted by the specification is as follows:
the present specification provides a service processing method, including:
when monitoring a transaction request of a user, a collection device encrypts transaction information of the user based on a pre-stored public key distributed by a service platform after accessing the service platform to obtain encrypted transaction information, and determines a digital signature corresponding to the encrypted transaction information according to a signature secret key distributed by the service platform in a current service period;
and sending the encrypted transaction information and the digital signature to the service platform so that the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, and after the verification is passed, decrypting the encrypted transaction information based on a private key which is stored in the service platform in advance and corresponds to the public key to obtain the transaction information, and performing service processing according to the transaction information.
Optionally, after accessing the service platform based on the storage, the public key distributed by the service platform encrypts the transaction information of the user to obtain encrypted transaction information, and the method specifically includes:
randomly generating a symmetric secret key, encrypting the transaction information according to the symmetric secret key to obtain encrypted transaction information, and encrypting the symmetric secret key according to the public key to obtain an encrypted secret key;
determining a digital signature corresponding to the encrypted transaction information according to a signature key distributed by the service platform in the current service period, wherein the method specifically comprises the following steps:
signing the encrypted secret key and the encrypted transaction information according to a signature secret key distributed by the service platform in the current service period to obtain the digital signature;
sending the encrypted transaction information and the digital signature to the service platform, specifically comprising:
and sending the encrypted transaction information, the encrypted secret key and the digital signature to the service platform, so that the service platform performs signature verification on the digital signature according to the signature secret key in the current service period, decrypts the encrypted secret key based on a private key which is stored in the service platform in advance and corresponds to the public key after the verification is passed, so as to obtain a symmetric secret key, and decrypts the encrypted transaction information according to the symmetric secret key, so as to obtain the transaction information.
Optionally, sending, to the service platform, an obtaining request for obtaining a signature key in a current service period according to the factory key, where the obtaining request specifically includes:
encrypting the equipment information of the money receiving equipment based on the public key to obtain encrypted equipment information, and determining a digital signature corresponding to the encrypted equipment information according to the factory secret key;
and sending an acquisition request for acquiring a signature key in the current service period to the service platform according to the encrypted device information and the digital signature corresponding to the encrypted device information, so that the service platform performs signature verification on the digital signature of the acquisition request according to the encrypted device information carried in the acquisition request and based on the factory key of the money receiving device after receiving the acquisition request, and after the verification is passed, returning the generated signature key of the money receiving device in the current service period to the money receiving device.
Optionally, the cash collecting device further stores a factory serial number issued by the service platform when the cash collecting device is shipped;
according to the encrypted device information and the digital signature corresponding to the encrypted device information, sending an acquisition request for acquiring a signature key in the current service period to the service platform, specifically comprising:
sending an obtaining request for obtaining a signature key in the current service period to the service platform according to the encrypted device information, the digital signature corresponding to the encrypted device information and the factory serial number, so that the service platform queries the factory key of the money collecting device according to the factory serial number carried in the obtaining request, and performs signature verification on the digital signature in the obtaining request based on the queried factory key of the money collecting device.
Optionally, the factory-leaving key is generated by the service platform when the money collecting apparatus leaves the factory, and is sent to a service party corresponding to the money collecting apparatus, so that the service party burns the public key and the factory-leaving key in the money collecting apparatus.
The present specification provides a service processing method, including:
the method comprises the steps that a service platform receives encrypted transaction information and a digital signature sent by a collection device, wherein the encrypted transaction information is obtained by encrypting the transaction information of a user based on a public key distributed by the service platform after the collection device accesses the service platform and stored, and the digital signature is a digital signature corresponding to the encrypted transaction information obtained according to a signature secret key distributed by the service platform in a current service period;
and after the verification is passed, decrypting the encrypted secret key according to a private key corresponding to the public key stored in the service platform to obtain a symmetric secret key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric secret key to obtain the transaction information of the user, and performing service processing according to the transaction information.
Optionally, the cash collecting device further stores a factory secret key which is issued by the service platform to the cash collecting device for digital signature when the cash collecting device leaves the factory;
the method further comprises the following steps:
after receiving an obtaining request sent by the collection equipment according to the factory secret key for obtaining the signature secret key in the current business period, verifying the collection equipment based on the stored factory secret key of the collection equipment, generating the signature secret key for the collection equipment in the current business period after the verification is passed, and returning the signature secret key to the collection equipment.
Optionally, the cash collecting device further stores a factory serial number issued by the service platform when the cash collecting device is shipped;
after receiving an obtaining request, sent by the collection device according to the factory leaving key, for obtaining the signature key in the current service period, the collection device is verified based on the stored factory leaving key of the collection device, and the method specifically includes:
after the obtaining request is received, according to a factory serial number carried in the obtaining request, a factory secret key which is issued to the money collecting equipment for signature when the money collecting equipment is factory is inquired, and the money collecting equipment is verified based on the factory secret key.
Optionally, after the verification is passed, a signature key for the collection device in the current service period is generated and returned to the collection device, which specifically includes:
after the verification is passed, sending a product serial number of the collection equipment in the current business period and a signature key in the current business period to the collection equipment, wherein the product serial number of the collection equipment in the current period corresponds to the signature key of the collection equipment in the current business period one to one;
receiving encrypted transaction information and digital signature sent by a collection device, specifically comprising:
receiving encrypted transaction information, digital signature and product serial number sent by the collection device;
before the signature verification is performed on the digital signature according to the signature key allocated to the money receiving device in the current service period, the method further includes:
and inquiring a signature key distributed for the collection equipment in the current service period according to the product serial number.
Optionally, a factory secret key corresponding to each piece of money receiving equipment is stored in the service platform;
the method further comprises the following steps:
when the collection equipment leaves a factory, a factory secret key used for digital signature by the collection equipment is generated, and the factory secret key is encrypted and sent to a service party corresponding to the collection equipment, so that the service party burns the factory secret key in the collection equipment.
This specification provides a service processing apparatus, including:
the monitoring module is used for encrypting the transaction information of the user based on a stored public key distributed by the service platform after accessing the service platform when monitoring the transaction request of the user to obtain encrypted transaction information, and determining a digital signature corresponding to the encrypted transaction information according to a signature secret key distributed by the service platform in the current service period;
and the sending module is used for sending the encrypted transaction information and the digital signature to the service platform so that the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, decrypts the encrypted transaction information based on a private key which is pre-stored in the service platform and corresponds to the public key after the verification is passed, obtains the transaction information, and performs service processing according to the transaction information.
This specification provides a service processing apparatus, including:
the receiving module is used for receiving encrypted transaction information and a digital signature which are sent by a money receiving device, wherein the encrypted transaction information is obtained by encrypting the transaction information of the user based on a public key which is stored and distributed by the money receiving device after the money receiving device is accessed to the service platform, and the digital signature is a digital signature corresponding to the encrypted transaction information and is obtained according to a signature secret key distributed by the service platform in the current service period;
and the processing module is used for carrying out signature verification on the digital signature according to a signature key distributed to the collection equipment in the current business period, decrypting the encrypted key according to a private key corresponding to the public key stored in the service platform after the verification is passed to obtain a symmetric key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric key to obtain the transaction information of the user, and carrying out business processing according to the transaction information.
The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described service processing method.
The present specification provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the service processing method is implemented.
The technical scheme adopted by the specification can achieve the following beneficial effects:
it can be seen from the above-mentioned business processing method that the public key that is distributed to the collection device by the service platform when the collection device leaves the factory and the signature key that is distributed by the service platform in each business period are stored in the collection device, the collection device can encrypt the transaction information of the user based on the public key when monitoring the transaction request of the user to obtain the encrypted transaction information, and determine the digital signature corresponding to the encrypted transaction information according to the signature key that is distributed by the service platform in the current business period, and send the encrypted transaction information and the digital signature to the service platform, the service platform can receive the encrypted transaction information and the digital signature, check the signature of the digital signature according to the signature key in the current business period, and after the check is passed, based on the private key that is stored in the service platform in advance and corresponds to the public key, and decrypting the encrypted transaction information to obtain the transaction information, and performing service processing according to the transaction information.
As can be seen from the above, the service processing method in this specification can encrypt the transaction information when the collection device communicates with the service platform, and sign the whole information sent to the service platform by using the signature key updated in each service period, thereby improving the security of communication between the collection device and the service platform.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
FIG. 1 is a schematic flow chart illustrating the interaction logic between a service platform and a payment receiving device according to the present disclosure;
fig. 2 is a schematic diagram illustrating a key issuing process when the cash collecting apparatus leaves a factory according to the present specification;
fig. 3 is a schematic flow chart of updating a signature key at each service period according to the present disclosure;
FIG. 4 is a schematic flow chart of a transaction message sent to a transaction platform during a transaction according to the present disclosure;
fig. 5 is a schematic flowchart of a service processing method provided in this specification;
fig. 6 is a schematic flow chart of a service processing method provided in this specification;
fig. 7 is a schematic diagram of a service processing apparatus provided in the present specification;
fig. 8 is a schematic diagram of a service processing apparatus provided in the present specification;
fig. 9 is a schematic diagram of an electronic device corresponding to fig. 5 or fig. 6 provided in the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of an interaction logic between a service platform and a payment apparatus in this specification, which specifically includes the following steps:
s101: when monitoring a transaction request of a user, a money receiving device encrypts transaction information of the user based on a public key to obtain encrypted transaction information, and determines a digital signature corresponding to the encrypted transaction information according to a signature secret key distributed by a service platform in a current service period.
S102: and the payment receiving equipment sends the encrypted transaction information and the digital signature to the service platform.
S103: and the service platform receives the encrypted transaction information and the digital signature.
S104: and the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, decrypts the encrypted transaction information based on a private key which is stored in the service platform in advance and corresponds to the public key after the verification is passed, obtains the transaction information, and performs service processing according to the transaction information.
In this specification, a collection device and a service platform may be regarded as an integrated business processing system, where the collection device stores a public key that is allocated to the collection device by the service platform when the collection device leaves a factory and a signature key that is allocated by the service platform in each business cycle, and when the collection device monitors a transaction request of a user, the collection device may encrypt transaction information of the user based on the public key to obtain encrypted transaction information, determine a digital signature corresponding to the encrypted transaction information according to the signature key that is allocated by the service platform in a current business cycle, and send the encrypted transaction information and the digital signature to the service platform.
When a transaction request of a user is monitored, the receiving device may be a code scanning receiving device when a Digital Object Identifier (DOI) of the user (e.g., a two-dimensional code, a barcode, etc.) is scanned.
The service platform can issue the public key to the collection device in advance when the collection device leaves a factory, wherein when the collection device leaves the factory, the service platform can encrypt the public key which needs to be issued to the collection device and transmit the public key to a manufacturer of the collection device, and then the manufacturer burns the public key into the collection device.
After receiving the encrypted transaction information and the digital signature, the service platform may perform signature verification on the digital signature based on a signature key stored in the service platform in a current service period, decrypt the encrypted transaction information according to a private key corresponding to the public key stored in the service platform in advance after the verification is passed, obtain transaction information, perform service processing for a user according to the transaction information, obtain a service result after the service processing, and encrypt the transaction information and return the encrypted transaction information to the collection equipment.
That is to say, when the service platform needs to access a collection device, the service platform may define a key required by the collection device by itself, and issue the key to the collection device, and the service platform may store a corresponding key therein, and may be configured to decrypt data sent by the collection device, and check a digital signature of the collection device.
When encrypting the transaction information, the money receiving device may randomly generate a symmetric key, encrypt the transaction information according to the symmetric key to obtain encrypted transaction information, encrypt the randomly generated symmetric key according to the public key to obtain an encrypted key, and sign the encrypted key and the encrypted transaction information according to a signature key distributed by the service platform in the current service period to determine the digital signature, and send the encrypted key, the encrypted transaction information, and the digital signature to the service platform.
Correspondingly, after the service platform receives the encrypted transaction information, the encrypted secret key and the digital signature, the transaction information may be encrypted based on the encrypted transaction information and the encrypted key, and based on the signed key assigned to the payee device during the current transaction period, the digital signature is verified, after the verification is passed, according to the private key corresponding to the public key stored in the service platform, decrypting the encrypted key to obtain a symmetric key generated by the collecting device, and according to the symmetric key, decrypting the encrypted transaction information to obtain the transaction information of the user for subsequent service processing, obtaining a service processing result, the data returned by the service platform can be decrypted by the collection device directly through the generated symmetric key, so that a service processing result of the service platform is obtained.
As can be seen from the above, when the transaction information is sent to the service platform, not only the transaction information may be encrypted, but also the encrypted transaction information needs to be digitally signed (if the sent transaction information includes the encrypted key in addition to the encrypted transaction information, the two transaction information need to be digitally signed as a whole).
It should be further noted that, when the collection device obtains the signature key of the current period from the service platform, certain security also needs to be ensured, so that the collection device also stores a factory key that is issued by the service platform to the collection device for digital signature when the collection device is shipped from the factory.
The collection device may send, for each service period, an acquisition request for acquiring a signature key in a current service period to the service platform according to the factory key, and after receiving the acquisition request, the service platform may verify the collection device based on the stored factory key of the collection device, and after the verification passes, generate the signature key for the collection device in the current service period, and return the signature key to the collection device.
That is, for each business cycle, the receiving device may send an acquisition request for acquiring the signing key in the current business cycle to the service platform, and after receiving the acquisition request, the service platform may generate the signing key in the current business cycle for the receiving device and return the signing key to the receiving device.
For example, if the service period is 1 day, the receiving device may send an acquisition request for acquiring the signature key in the current service period to the service platform every day, and after receiving the acquisition request, the service platform may generate the signature key for the receiving device in the current service period and return the signature key to the receiving device.
The cashing device may store the factory secret key, and may also store a factory serial number issued by the service platform when the cashing device is factory, where the factory serial number and the factory secret key may be in one-to-one correspondence, and after receiving the acquisition request, the service platform may query a factory secret key issued to the cashing device for signature when the cashing device is factory according to the factory serial number carried in the acquisition request, and verify the cashing device based on the factory secret key, that is, when the cashing device sends the acquisition request, the factory serial number may be carried in the acquisition request.
When the collection device obtains the signature key in the current service period, the service platform needs to authenticate the collection device, that is, the collection device is authenticated to be a collection device which is pre-accessed to the service platform, so that the collection device can encrypt device information (such as a device name and a device mac address) of the collection device based on a public key issued by the service platform when the collection device leaves a factory, obtain encrypted device information, determine a digital signature corresponding to the encrypted device information according to the delivery key, and send an obtaining request for obtaining the signature key in the current service period to the service platform according to the encrypted device information and the digital signature corresponding to the encrypted device information.
After receiving the acquisition request, the service platform may perform signature verification on the digital signature in the acquisition request with respect to the encrypted device information carried in the acquisition request, and after the verification is passed, return the generated signature key for the collection device in the current service period to the collection device.
Of course, the encryption process of the money receiving device may also be similar to the above-mentioned encryption process of the transaction information, that is, the device information may be encrypted by a symmetric key generated randomly, and the symmetric key is encrypted by a public key to obtain an encrypted key, then, the digital signature may be obtained by signing the encrypted device information and the encrypted key together, after the encrypted key, the encrypted device information, and the digital signature are received by the service platform, the digital signature may be verified first, and after the verification is passed, the device information is obtained by decryption, and then the money receiving device is verified as a device that is pre-accessed to the service platform based on the device information, and then, the generated signature key for the money receiving device in the current service period may be encrypted by the decrypted symmetric key and returned to the money receiving device,
that is to say, the receiving device may request the service platform to acquire the signature key in the current service period through the device information of the receiving device and the factory key that the service platform sends to the receiving device when the receiving device is initially connected, and thus, the service platform may verify the receiving device through the factory key issued in advance or through the device information, so as to determine whether the signature key in the current service period may be sent to the receiving device.
The collection device may further store a factory serial number issued by the service platform when the collection device leaves a factory, the collection device may send an acquisition request for acquiring a signature key in a current service period to the service platform according to the factory serial number, encrypted device information, and a digital signature corresponding to the encrypted device information, after receiving the acquisition request, the service platform may determine a factory key issued to the collection device for signature when the collection device leaves the factory according to the factory serial number carried in the received acquisition request, perform signature verification on the digital signature in the acquisition request according to the factory key and the encrypted device information carried in the acquisition request, and send the signature key in the current service period to the collection device after the verification is passed.
After the verification is passed, the service platform may further send the product serial number of the collection device generated in the current business period and the signature key in the current business period to the collection device, where the product serial numbers of different collection devices are different, and the product serial number of the collection device in the current period corresponds to the signature key of the collection device in the current business period one to one.
When the collection device monitors a transaction request, the product serial number, the encrypted transaction information and the digital signature can be all sent to the service platform, and the service platform can inquire a signature key generated for the collection device in the current business period according to the product serial number and carry out signature verification according to the inquired signature key.
When the collection device leaves the factory, the service platform may generate a factory secret key used by the collection device for digital signature, and encrypt and send the factory secret key to a service party corresponding to the collection device, so that the service party burns and records the product secret key in the collection device (the factory serial number mentioned above and a public key allocated to the collection device by the service platform may also be sent together, and the service party burns and records the factory serial number and the public key in the collection device).
It should be noted that the service platform may include a monitoring platform, a transaction platform, and the like, where the monitoring platform may be mainly used to store state information of the cash collecting apparatus and store a factory secret key of the cash collecting apparatus (and may also store a private key corresponding to a public key sent to the cash collecting apparatus), as shown in fig. 2.
Fig. 2 is a schematic diagram of a key issuing process when the cash register leaves the factory, provided in this specification.
The transaction platform may be mainly configured to receive a request of the payment receiving device, and when the transaction platform needs to check the delivery key, the transaction platform may query the monitoring platform and determine whether the payment receiving device is a device that has previously accessed the service platform, as shown in fig. 3 and 4.
Fig. 3 is a schematic flow chart of updating a signing key at each service cycle according to the present disclosure.
Fig. 4 is a schematic flow chart of sending transaction information to a transaction platform during a transaction according to the present disclosure.
As can be seen from fig. 3, at the beginning of each service cycle, the receiving device may send a request for obtaining a signature key in the current service cycle to the transaction platform, and the transaction platform queries, to the monitoring platform, whether the receiving device is a device that has access to the service platform (e.g., determines whether a factory serial number of the receiving device is stored in the monitoring platform), and if so, may send the generated signature key and the generated product serial number in the current service cycle to the receiving device.
As can be seen from fig. 4, when a transaction is required each time, the money receiving device may sign the sent encrypted information (the encrypted transaction information and the encrypted key) by using the signature key in the current service period to obtain a digital signature, and send the digital signature and the encrypted information to the transaction system, and after the transaction system receives the digital signature, if the decrypted transaction information is obtained, the corresponding service processing may be performed, and the processing result is encrypted (encrypted by using the symmetric key obtained by decryption) and returned to the money receiving device.
Based on the above, the present specification provides a service processing method corresponding to a service platform and a payment receiving device, as shown in fig. 5 and 6.
Fig. 5 is a schematic flow chart of a service processing method provided in this specification, which specifically includes the following steps:
s501: when monitoring a transaction request of a user, a money receiving device encrypts transaction information of the user based on a pre-stored public key distributed by the service platform after accessing the service platform to obtain encrypted transaction information, and determines a digital signature corresponding to the encrypted transaction information according to a signature key distributed by the service platform in a current service period.
S502: and sending the encrypted transaction information and the digital signature to the service platform so that the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, and after the verification is passed, decrypting the encrypted transaction information based on a private key which is stored in the service platform in advance and corresponds to the public key to obtain the transaction information, and performing service processing according to the transaction information.
Fig. 6 is a schematic flow chart of a service processing method provided in this specification, which specifically includes the following steps:
s601: the method comprises the steps that a service platform receives encrypted transaction information and a digital signature sent by a collection device, wherein the encrypted transaction information is obtained by encrypting the transaction information of a user by the collection device based on a pre-stored public key distributed by the service platform after the collection device is accessed to the service platform, and the digital signature is obtained according to a signature secret key distributed by the service platform in a current service period and corresponds to the encrypted transaction information.
S602: and after the verification is passed, decrypting the encrypted secret key according to a private key corresponding to the public key stored in the service platform to obtain a symmetric secret key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric secret key to obtain the transaction information of the user, and performing service processing according to the transaction information.
Since the steps that the service platform and the payment receiving apparatus need to perform respectively have been described in detail in the above, detailed description thereof is omitted here.
The service platform verifies the signature key, and then sends the signature key which can effectively carry out the transaction to the collection equipment, so that the safety of communication between the collection equipment and the service platform is improved.
It should be noted that all actions of acquiring signals, information or data in the present invention are performed under the premise of complying with the corresponding data protection regulation policy of the country of the location and obtaining the authorization given by the owner of the corresponding device.
Based on the same idea, the service processing method provided above for one or more embodiments of the present specification further provides a corresponding service processing apparatus, as shown in fig. 7 and fig. 8.
Fig. 7 is a schematic diagram of a service processing apparatus provided in this specification, which specifically includes:
the monitoring module 701 is configured to encrypt transaction information of a user based on a public key allocated by the service platform after the service platform is accessed and stored when a transaction request of the user is monitored, obtain encrypted transaction information, and determine a digital signature corresponding to the encrypted transaction information according to a signature secret key allocated by the service platform in a current service period;
a sending module 702, configured to send the encrypted transaction information and the digital signature to the service platform, so that the service platform performs signature verification on the digital signature according to a signature key in a current service period, and after the verification is passed, decrypts the encrypted transaction information based on a private key that is pre-stored in the service platform and corresponds to the public key, to obtain transaction information, and performs service processing according to the transaction information.
Optionally, the monitoring module 701 is specifically configured to randomly generate a symmetric key, encrypt the transaction information according to the symmetric key to obtain encrypted transaction information, and encrypt the symmetric key according to the public key to obtain an encrypted key;
the monitoring module 701 is specifically configured to sign the encrypted secret key and the encrypted transaction information according to a signature secret key distributed by the service platform in a current service period, so as to obtain the digital signature;
the sending module 702 is specifically configured to send the encrypted transaction information, the encrypted secret key, and the digital signature to the service platform, so that the service platform performs signature verification on the digital signature according to the signature secret key in the current service period, and after the verification is passed, decrypts the encrypted secret key based on a private key that is pre-stored in the service platform and corresponds to the public key to obtain a symmetric secret key, and decrypts the encrypted transaction information according to the symmetric secret key to obtain the transaction information.
Optionally, the cash collecting device further stores a factory secret key which is issued by the service platform to the cash collecting device for digital signature when the cash collecting device leaves the factory;
the device further comprises:
an obtaining module 703 is configured to send, for each service period, an obtaining request for obtaining a signature key in the current service period to the service platform according to the factory key, so that after the service platform receives the obtaining request, the service platform verifies the money collecting apparatus based on the stored factory key of the money collecting apparatus, and after the verification passes, generates a signature key for the money collecting apparatus in the current service period, and returns the signature key to the money collecting apparatus.
Optionally, the obtaining module 703 is specifically configured to encrypt the device information of the receiving device based on the public key to obtain encrypted device information, determine a digital signature corresponding to the encrypted device information according to the factory secret key, send an obtaining request for obtaining a signature secret key in a current service period to the service platform according to the encrypted device information and the digital signature corresponding to the encrypted device information, so that after the service platform receives the obtaining request, the service platform performs signature verification on the digital signature in the obtaining request according to the encrypted device information carried in the obtaining request, and after the verification is passed, returns the generated signature secret key for the receiving device in the current service period to the receiving device.
Optionally, the money receiving device further stores a factory serial number issued by the service platform when the money receiving device is shipped;
the obtaining module 703 is specifically configured to send an obtaining request for obtaining a signature key in a current service period to the service platform according to the factory serial number, the encrypted device information, and the digital signature corresponding to the encrypted device information, so that the service platform determines, according to the factory serial number carried in the received obtaining request, the factory key that is sent to the money collecting device for signature when the money collecting device leaves the factory, performs signature verification on the digital signature in the obtaining request according to the factory key and the encrypted device information carried in the obtaining request, and sends the signature key in the current service period to the money collecting device after the verification passes.
Optionally, after the verification is passed, the service platform sends the product serial number for the collection device in the current business period and the signature key of the current business period to the collection device;
the obtaining module 703 is specifically configured to, when a transaction request is monitored, send the product serial number, the encrypted transaction information, and the digital signature to the service platform, so that the service platform queries a signature key in a current service period for the money collecting apparatus according to the product serial number sent by the money collecting apparatus.
Fig. 8 is a schematic diagram of a service processing apparatus provided in this specification, specifically including:
a receiving module 801, configured to receive encrypted transaction information and a digital signature sent by a receiving device, where the encrypted transaction information is obtained by encrypting the transaction information of the user based on a public key allocated by a service platform after the receiving device accesses the service platform based on storage, and the digital signature is a digital signature corresponding to the encrypted transaction information obtained according to a signature secret key allocated by the service platform in a current service period;
the processing module 802 is configured to perform signature verification on the digital signature according to a signature key allocated to the money receiving apparatus in a current service period, decrypt the encrypted key according to a private key corresponding to the public key stored in the service platform after the verification is passed, obtain a symmetric key generated by the money receiving apparatus, decrypt the encrypted transaction information according to the symmetric key, obtain the transaction information of the user, and perform service processing according to the transaction information.
Optionally, the receiving module 801 is specifically configured to receive encrypted transaction information, the encrypted key, and the digital signature;
the processing module 802 is specifically configured to perform signature verification on the digital signature, and after the verification is passed, according to a private key corresponding to the public key stored in the service platform, decrypting the encrypted secret key to obtain a symmetric secret key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric secret key to obtain the transaction information of the user, wherein the encrypted transaction information is obtained by the random generation of a symmetric key by the collection device and the encryption of the transaction information according to the symmetric key, the encrypted key is obtained according to the public key, and encrypting the symmetric secret key, wherein the digital signature is obtained by signing the encrypted secret key and the encrypted transaction information according to a signature secret key distributed by the service platform in the current service period.
Optionally, the cash collecting device further stores a factory secret key which is issued by the service platform to the cash collecting device for digital signature when the cash collecting device leaves the factory;
the device further comprises:
the period generating module 803 is configured to receive an obtaining request that a receiving device sends a signing key in a current service period to the service platform according to the factory key in each service period, verify the receiving device based on the stored factory key of the receiving device, generate the signing key in the current service period for the receiving device after the verification is passed, and return the signing key to the receiving device.
Optionally, the money receiving device further stores a factory serial number issued by the service platform when the money receiving device is shipped;
the period generating module 803 is specifically configured to, after receiving the acquisition request, query, according to a factory serial number carried in the acquisition request, a factory key that is issued to the money collecting apparatus for signature when the money collecting apparatus leaves the factory, and verify the money collecting apparatus based on the factory key.
Optionally, the period generating module 803 is specifically configured to, after receiving the acquisition request, perform signature verification on a digital signature in the acquisition request according to encrypted device information carried in the acquisition request, and after the verification passes, return a generated signature key for the collection device in a current service period to the collection device, where the encrypted device information is obtained by encrypting the device information of the collection device based on the public key by the collection device, the digital signature corresponding to the encrypted device information is obtained according to the factory key, and the acquisition request of the signature key in the current service period is sent to the service platform by the collection device according to the encrypted device information and the digital signature corresponding to the encrypted device information.
Optionally, the cash collecting device further stores a factory serial number issued by the service platform when the cash collecting device is shipped;
the period generating module 803 is specifically configured to, according to a factory serial number carried in the received acquisition request, determine a factory key for signature issued to the collection device when the collection device is shipped from the factory, perform signature verification on the digital signature in the acquisition request according to the factory key and encrypted device information carried in the acquisition request, and after the signature verification is passed, send the signature key in the current service period to the collection device, where the acquisition request for acquiring the signature key in the current service period is sent by the collection device to the service platform according to the factory serial number, the encrypted device information, and the digital signature corresponding to the encrypted device information.
Optionally, the period generating module 803 is specifically configured to, after the verification passes, send a product serial number of the money receiving device in the current service period and a signature key in the current service period to the money receiving device, where the product serial number of the money receiving device in the current period corresponds to the signature key of the money receiving device in the current service period in a one-to-one manner, so that when the money receiving device monitors a transaction request, the product serial number, the encrypted transaction information, and the digital signature are sent to the service platform, and the service platform queries the signature key in the current service period for the money receiving device according to the product serial number sent by the money receiving device.
Optionally, the apparatus further comprises:
a sending module 804, configured to generate a factory-leaving key used by the money receiving apparatus for digital signature when the money receiving apparatus leaves a factory, and encrypt and send the factory-leaving key to a service party corresponding to the money receiving apparatus, so that the service party burns the factory-leaving key in the money receiving apparatus.
The present specification also provides a computer-readable storage medium storing a computer program, which is operable to execute the above-described service processing method.
This specification also provides a schematic block diagram of the electronic device shown in fig. 9. As shown in fig. 9, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, but may also include hardware required for other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to realize the service processing method. Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
In the 90's of the 20 th century, improvements to a technology could clearly distinguish between improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements to process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD) (e.g., a Field Programmable Gate Array (FPGA)) is an integrated circuit whose Logic functions are determined by a user programming the Device. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present disclosure, and is not intended to limit the present disclosure. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.
Claims (15)
1. A method for processing a service, comprising:
when monitoring a transaction request of a user, a money receiving device encrypts transaction information of the user based on a pre-stored public key distributed by a service platform after accessing the service platform to obtain encrypted transaction information, and determines a digital signature corresponding to the encrypted transaction information according to a signature key distributed by the service platform in a current service period;
and sending the encrypted transaction information and the digital signature to the service platform so that the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, and after the verification is passed, decrypting the encrypted transaction information based on a private key which is stored in the service platform in advance and corresponds to the public key to obtain the transaction information, and performing service processing according to the transaction information.
2. The method according to claim 1, wherein encrypting the transaction information of the user based on a pre-stored public key allocated by the service platform after accessing the service platform to obtain encrypted transaction information specifically comprises:
randomly generating a symmetric secret key, encrypting the transaction information according to the symmetric secret key to obtain encrypted transaction information, and encrypting the symmetric secret key according to the public key to obtain an encrypted secret key;
determining a digital signature corresponding to the encrypted transaction information according to a signature key distributed by the service platform in the current service period, specifically comprising:
signing the encrypted secret key and the encrypted transaction information according to a signature secret key distributed by the service platform in the current service period to obtain the digital signature;
sending the encrypted transaction information and the digital signature to the service platform, which specifically includes:
and sending the encrypted transaction information, the encrypted secret key and the digital signature to the service platform, so that the service platform performs signature verification on the digital signature according to the signature secret key in the current service period, decrypts the encrypted secret key based on a private key which is stored in the service platform in advance and corresponds to the public key after the verification is passed, so as to obtain a symmetric secret key, and decrypts the encrypted transaction information according to the symmetric secret key, so as to obtain the transaction information.
3. The method according to claim 1, wherein the collection device further stores a factory key issued by the service platform to the collection device for digital signature when the collection device is shipped;
the method further comprises the following steps:
and sending an acquisition request for acquiring the signature key in the current service period to the service platform according to the factory-leaving key in each service period, so that the service platform verifies the collection equipment based on the stored factory-leaving key of the collection equipment after receiving the acquisition request, generates the signature key of the collection equipment in the current service period after the verification is passed, and returns the signature key to the collection equipment.
4. The method according to claim 3, wherein sending, according to the factory key, an acquisition request for acquiring the signing key in the current service period to the service platform includes:
encrypting the equipment information of the cash register equipment based on the public key to obtain encrypted equipment information, and determining a digital signature corresponding to the encrypted equipment information according to the factory secret key;
and sending an acquisition request for acquiring a signature key in the current service period to the service platform according to the encrypted device information and the digital signature corresponding to the encrypted device information, so that the service platform performs signature verification on the digital signature of the acquisition request according to the encrypted device information carried in the acquisition request and based on the factory key of the money receiving device after receiving the acquisition request, and after the verification is passed, returning the generated signature key of the money receiving device in the current service period to the money receiving device.
5. The method of claim 4, wherein the checkout device further stores a factory serial number issued by the service platform when the checkout device is shipped;
sending an obtaining request for obtaining a signature key in the current service period to the service platform according to the encrypted device information and the digital signature corresponding to the encrypted device information, specifically comprising:
sending an acquisition request for acquiring a signature key in a current service period to the service platform according to the encrypted device information, the digital signature corresponding to the encrypted device information and the factory serial number, so that the service platform inquires the factory key of the collection device according to the factory serial number carried in the acquisition request, and performs signature verification on the digital signature in the acquisition request based on the inquired factory key of the collection device.
6. The method according to claim 3, wherein the factory key is generated by the service platform when the collection device leaves a factory, and is sent to a service party corresponding to the collection device, so that the service party burns the public key and the factory key in the collection device.
7. A method for processing a service, comprising:
the method comprises the steps that a service platform receives encrypted transaction information and a digital signature sent by a money receiving device, wherein the encrypted transaction information is obtained by encrypting the transaction information of a user by the money receiving device based on a pre-stored public key distributed by the service platform after the money receiving device accesses the service platform, and the digital signature is obtained according to a signature secret key distributed by the service platform in a current service period and corresponds to the encrypted transaction information;
and after the verification is passed, decrypting the encrypted secret key according to a private key corresponding to the public key stored in the service platform to obtain a symmetric secret key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric secret key to obtain the transaction information of the user, and performing service processing according to the transaction information.
8. The method according to claim 7, wherein the collection device further stores a factory key that is issued by the service platform to the collection device for digital signature when the collection device is shipped;
the method further comprises the following steps:
after receiving an obtaining request sent by the collection equipment according to the factory secret key for obtaining the signature secret key in the current business period, verifying the collection equipment based on the stored factory secret key of the collection equipment, generating the signature secret key for the collection equipment in the current business period after the verification is passed, and returning the signature secret key to the collection equipment.
9. The method of claim 8, wherein the checkout device further stores a factory serial number issued by the service platform when the checkout device is shipped;
after receiving an obtaining request sent by the collection device according to the factory secret key for obtaining the signature secret key in the current service period, verifying the collection device based on the stored factory secret key of the collection device, specifically including:
after the acquisition request is received, a factory secret key used for signing and issued to the collection equipment when the collection equipment leaves a factory is inquired according to a factory serial number carried in the acquisition request, and the collection equipment is verified based on the inquired factory secret key.
10. The method as claimed in claim 8, wherein after the verification is passed, generating a signature key for the collecting device in a current service period, and returning the signature key to the collecting device, specifically comprising:
after the verification is passed, sending a product serial number of the collection equipment in the current business period and a signature key in the current business period to the collection equipment, wherein the product serial number of the collection equipment in the current period corresponds to the signature key of the collection equipment in the current business period one to one;
receiving encrypted transaction information and digital signature sent by a collection device, specifically comprising:
receiving encrypted transaction information, digital signature and product serial number sent by the collection device;
before the signature verification is performed on the digital signature according to the signature key allocated to the money receiving device in the current service period, the method further includes:
and inquiring a signature key distributed for the collection equipment in the current service period according to the product serial number.
11. The method according to claim 8, wherein the service platform stores a factory key corresponding to each cash collecting device;
the method further comprises the following steps:
when the collection equipment leaves a factory, a factory-leaving secret key used for digital signature by the collection equipment is generated, and the factory-leaving secret key is encrypted and sent to a service party corresponding to the collection equipment, so that the service party burns the factory-leaving secret key into the collection equipment.
12. A traffic processing apparatus, comprising:
the monitoring module is used for encrypting the transaction information of the user based on a pre-stored public key distributed by a service platform after the service platform is accessed when the transaction request of the user is monitored, obtaining the encrypted transaction information, and determining a digital signature corresponding to the encrypted transaction information according to a signature secret key distributed by the service platform in the current service period;
and the sending module is used for sending the encrypted transaction information and the digital signature to the service platform so that the service platform performs signature verification on the digital signature according to a signature secret key in the current service period, and after the verification is passed, the encrypted transaction information is decrypted based on a private key which is stored in the service platform in advance and corresponds to the public key to obtain the transaction information, and service processing is performed according to the transaction information.
13. A traffic processing apparatus, comprising:
the receiving module is used for receiving encrypted transaction information and digital signatures sent by a money receiving device, wherein the encrypted transaction information is obtained by encrypting the transaction information of a user by a public key distributed by a service platform after the money receiving device accesses the service platform based on pre-stored information, and the digital signatures are obtained by the digital signatures corresponding to the encrypted transaction information according to signature secret keys distributed by the service platform in the current service period;
and the processing module is used for carrying out signature verification on the digital signature according to a signature key distributed to the collection equipment in the current business period, decrypting the encrypted key according to a private key corresponding to the public key stored in the service platform after the verification is passed to obtain a symmetric key generated by the collection equipment, decrypting the encrypted transaction information according to the symmetric key to obtain the transaction information of the user, and carrying out business processing according to the transaction information.
14. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 1 to 6 or 7 to 11.
15. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1 to 6 or 7 to 11 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210118949.6A CN114626944A (en) | 2022-02-08 | 2022-02-08 | Service processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210118949.6A CN114626944A (en) | 2022-02-08 | 2022-02-08 | Service processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114626944A true CN114626944A (en) | 2022-06-14 |
Family
ID=81898820
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210118949.6A Pending CN114626944A (en) | 2022-02-08 | 2022-02-08 | Service processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114626944A (en) |
-
2022
- 2022-02-08 CN CN202210118949.6A patent/CN114626944A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN107862215B (en) | Data storage method, data query method and device | |
| CN111401902B (en) | Service processing method, device and equipment based on block chain | |
| CN113012008B (en) | Identity management method, device and equipment based on trusted hardware | |
| US10917394B2 (en) | Data operations using a proxy encryption key | |
| KR101712784B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| CN111047313B (en) | Code scanning payment, information sending and key management method, device and equipment | |
| CN112818380A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| US8495383B2 (en) | Method for the secure storing of program state data in an electronic device | |
| CN111062715B (en) | Method, device and equipment for code scanning payment, information sending and collection code generation | |
| CN111191268A (en) | Storage method, device and equipment capable of verifying statement | |
| CN111680305A (en) | Data processing method, device and equipment based on block chain | |
| CN111814196B (en) | Data processing method, device and equipment | |
| CN108241974B (en) | Writing-in and payment method and device of NFC portable device and NFC portable device | |
| GB2543096A (en) | Data Processing Device | |
| CN111193597A (en) | Transmission method, device, equipment and system capable of verifying statement | |
| CN111415143B (en) | Payment device and payment method and device thereof | |
| WO2024046121A1 (en) | Service processing method and apparatus | |
| CN101539890B (en) | Data processing system, cryptogram management method and data reading and writing method | |
| CN109191122B (en) | Method and device for acquiring transaction information certificate | |
| CN113037764B (en) | System, method and device for executing service | |
| CN114626944A (en) | Service processing method and device | |
| CN113497710A (en) | Data decryption method and device | |
| CN113761496B (en) | Identity verification method and device based on blockchain and electronic equipment | |
| CN116455657A (en) | Service providing method, device, equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |