CN115001828A - Secure access method, system, electronic device and medium for transaction data - Google Patents
Secure access method, system, electronic device and medium for transaction data Download PDFInfo
- Publication number
- CN115001828A CN115001828A CN202210627466.9A CN202210627466A CN115001828A CN 115001828 A CN115001828 A CN 115001828A CN 202210627466 A CN202210627466 A CN 202210627466A CN 115001828 A CN115001828 A CN 115001828A
- Authority
- CN
- China
- Prior art keywords
- data
- service layer
- key
- request
- access service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 88
- 238000004422 calculation algorithm Methods 0.000 claims description 31
- 238000004590 computer program Methods 0.000 claims description 23
- 238000012545 processing Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 15
- 238000013475 authorization Methods 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 12
- 230000015654 memory Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 8
- 238000010276 construction Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 4
- 238000005538 encapsulation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The disclosure provides a secure access method of transaction data executed by a terminal device, and relates to the field of network security and financial science and technology. The method comprises the following steps: responding to an access request initiated by an internal application program of the terminal equipment to user transaction data, and generating a one-time dynamic key; loading a public key issued by a security access service layer, encrypting the one-time dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving the transaction number fed back by the secure access service layer. The present disclosure also provides a secure access method of transaction data performed by a secure access service layer, a secure access method of transaction data performed by an application server, a secure access system of transaction data, an electronic device, and a computer-readable storage medium.
Description
Technical Field
The present disclosure relates to the field of network security and financial technology, and in particular, to a method, system, electronic device, storage medium, and program product for secure access to transaction data.
Background
With the development of mobile internet, the security requirement on the user transaction access process is higher and higher, and in order to ensure the security of the transaction access data of the user, the user access process is generally encrypted and transmitted, so that the key data leakage caused by eavesdropping in the user access process is avoided. However, the attacker still tampers with the encrypted data, so that the application terminal cannot analyze the access request after decryption, and cannot perform normal transaction. Meanwhile, after an attacker eavesdrops the user request, the user request is not changed, and the user request is continuously retransmitted, so that the transaction data of the user is abnormal if the application end does not carry out uniqueness verification; or an attacker sends a fragmented transaction request to fulfill the aim of data processing of chaotic application services.
At present, the pressure of security challenges faced by applications is getting bigger and bigger, the processing mode is also getting more and more complex, each different application repeatedly establishes its own security access capability, there is also a lot of investment and waste, meanwhile, each application has different security capabilities, most application security functions only concern one or a part of confidentiality, integrity, uniqueness, tamper resistance and repudiation resistance, so that the security access services are uneven, and only encryption transmission is performed on the application access transaction process, or the current situation of the mode of performing security processing on different application terminals respectively cannot face the security challenges and large concurrent data access challenges brought by the mobile internet.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, system, electronic device, storage medium and program product for secure access to transaction data, so as to at least partially solve the current secure data access requirement of an application in the process of accessing transaction requests by a large number of users.
According to a first aspect of the present disclosure, there is provided a method of secure access to transaction data performed by a terminal device, comprising: responding to an access request initiated by an internal application program of the terminal equipment to user transaction data, and generating a one-time dynamic key; loading a public key issued by the security access service layer, encrypting the disposable dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving the transaction number fed back by the secure access service layer.
According to an embodiment of the present disclosure, generating a one-time dynamic key includes: and generating a one-time dynamic key corresponding to the access request by using a random number algorithm.
According to the embodiment of the present disclosure, after receiving the transaction number fed back by the security access service layer, the method further includes: acquiring relevant data of the access request, and packaging the relevant data; signing the packaged related data to generate a request data packet; calculating an integrity additional value of the request data packet by using an integrity algorithm, and adding the integrity additional value to the tail part of the request data packet to obtain an updated request data packet; and encrypting the updated request data packet by using the one-time dynamic key to generate an encrypted data packet, and sending the encrypted data packet to the security access service layer.
According to an embodiment of the present disclosure, accessing the relevant data of the request includes: access request content, transaction number, timestamp and unique signature of the terminal device.
According to the embodiment of the disclosure, before responding to the access request for the user transaction data initiated by the internal application program of the terminal device, the method further comprises the following steps: obtaining the authorization of a user to the user transaction data; after authorization, a request for access to the user transaction data is initiated at the application.
A second aspect of the present disclosure provides a method of secure access of transaction data performed by a secure access service layer, comprising: generating a public key and a private key in a pair by using an asymmetric encryption algorithm, storing the private key, and issuing the public key to the terminal equipment; receiving an encryption key from the terminal equipment, decrypting the encryption key by using a private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from the terminal equipment, and decrypting the encrypted data packet by using a one-time dynamic key to obtain plaintext request data and an original integrity added value; and calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value, and if so, judging that the plaintext request data is not tampered.
According to the embodiment of the present disclosure, the plaintext request data includes original signature information, and after it is determined that the plaintext request data has not been tampered with, the method further includes: carrying out signature verification on the original signature information, and if the verification is passed, adding signature information of a security access service layer to the original signature information to obtain updated signature information; extracting relevant data of an access request in the plaintext request data, performing uniqueness verification on the relevant data, and determining that the plaintext request data has transaction uniqueness if the relevant data passes the uniqueness verification; and sending the plaintext request data to the application server.
According to an embodiment of the present disclosure, accessing the relevant data of the request includes: access request content, transaction number, timestamp and unique signature of the terminal device.
A third aspect of the present disclosure provides a method of secure access to transaction data performed by an application server, comprising: and receiving the plaintext request data from the security access service layer, and processing the plaintext request data to obtain an access request result.
According to an embodiment of the disclosure, the method further comprises: and transmitting the access request result to the security access service layer in a reverse direction.
A fourth aspect of the present disclosure provides a system for secure access to transaction data, comprising: the terminal equipment is used for responding to an access request initiated by an internal application program of the terminal equipment for user transaction data and generating a one-time dynamic key; loading a public key issued by the security access service layer, encrypting the disposable dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving a transaction number fed back by the secure access service layer; the security access service layer is used for generating a public key and a private key in pair by using an asymmetric encryption algorithm, storing the private key and issuing the public key to the terminal equipment; receiving an encryption key from the terminal equipment, decrypting the encryption key by using a private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from the terminal equipment, and decrypting the encrypted data packet by using the one-time dynamic key to obtain plaintext request data and an original integrity added value; calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value or not, and if so, judging that the plaintext request data is not tampered; and the application server is used for receiving the plaintext request data from the security access service layer, processing the plaintext request data and obtaining an access request result.
A fifth aspect of the present disclosure provides an electronic device, comprising: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the secure access method of transaction data described above.
A sixth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method of secure access to transaction data.
A seventh aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described method of secure access to transaction data.
Compared with the prior art, the transaction data secure access method, the transaction data secure access system, the electronic device, the storage medium and the program product have the following advantages:
(1) the safe data access network which can effectively prevent eavesdropping, replay, tampering and repudiation in the transaction access process of the user is provided;
(2) a uniform security access service layer is established, the repeated resource investment of respectively establishing a security access system by each application is reduced, and the application online difficulty is reduced;
(3) a uniform security access service layer is established, the problem that most application security functions only pay attention to one or part of confidentiality, integrity, uniqueness, tamper resistance and repudiation resistance, so that security access services are uneven is solved, and the security access level of application is greatly improved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario suitable for implementing a secure access method and system for transaction data according to an embodiment of the present disclosure;
fig. 2 schematically shows a flow chart of a method of secure access of transaction data performed by a terminal device according to a first embodiment of the present disclosure;
fig. 3 schematically shows a flow chart of a terminal device performing a process after receiving a transaction number according to a first embodiment of the present disclosure;
FIG. 4 schematically shows a flow chart of a method of secure access of transaction data performed by a secure access service layer according to a second embodiment of the present disclosure;
FIG. 5 schematically shows a flow diagram of a secure access service layer execution process after data has not been tampered with according to a second embodiment of the disclosure;
FIG. 6 schematically illustrates an operational flow diagram of a data flow process between a terminal device and a secure access service layer according to an embodiment of the disclosure;
figure 7 schematically shows a flow chart of a method of secure access of transaction data performed by an application server according to a third embodiment of the present disclosure;
fig. 8 schematically shows a flow chart of an application server execution process after processing plaintext request data according to a third embodiment of the disclosure;
FIG. 9 schematically illustrates an overall operational flow diagram of a method of secure access to transaction data according to an embodiment of the disclosure;
FIG. 10 is a flow chart that schematically illustrates operations of a method in accordance with an embodiment of the present disclosure for full link service capability detection of application traffic;
fig. 11 schematically shows a block diagram of a secure access system for transaction data according to a fourth embodiment of the present disclosure;
fig. 12 schematically shows a block diagram of an electronic device adapted to implement a method of secure access to transaction data according to a fifth embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flowcharts are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure, application and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations, necessary confidentiality measures are taken, and the customs of the public order is not violated.
In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
The embodiment of the disclosure provides a secure access method of transaction data and a secure access system of the transaction data capable of applying the method, and relates to the field of network security and financial science and technology. The method is performed by the terminal device, the secure access service layer and the application server, respectively. Firstly, a terminal device responds to an access request initiated by an internal application program for user transaction data to generate a one-time dynamic key; loading a public key issued by the security access service layer, encrypting the disposable dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving the transaction number fed back by the secure access service layer. Then, the security access service layer generates a public key and a private key in pair by using an asymmetric encryption algorithm, stores the private key and issues the public key to the terminal equipment; receiving an encryption key from the terminal equipment, decrypting the encryption key by using a private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from the terminal equipment, and decrypting the encrypted data packet by using a one-time dynamic key to obtain plaintext request data and an original integrity added value; and calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value, and if so, judging that the plaintext request data is not tampered. And finally, the application server receives the plaintext request data from the security access service layer, processes the plaintext request data and obtains an access request result.
Fig. 1 schematically illustrates an application scenario suitable for implementing a secure access method and system for transaction data according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of an application scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, an application scenario 100 according to an embodiment of the present disclosure includes terminal devices 101, 102, a secure access service layer 103, and an application server 104. The network is used, among other things, to provide a medium for a communication link between the terminal devices 101, 102 and the secure access service layer 103, and also to provide a medium for a communication link between the secure access service layer 103 and the application server 104. The network may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal device 101, 102 to interact with the secure access service layer 103 over a network to receive or send messages or the like. Internet users can use the terminal devices 101, 102 to access the network where the application server 104 is located through the secure access service layer 103 to interact with the application server 104.
Various messaging client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102. The terminal devices 101, 102 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The application server 104 is used for processing application access requests, and may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101 and 102. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
The terminal device 101, 102 may be configured to generate a one-time dynamic key in response to an access request initiated by an internal application for user transaction data; loading a public key issued by the security access service layer 103, encrypting the one-time dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer 103; and receiving the transaction number fed back by the secure access service layer.
The security access service layer 103 may be configured to generate a public key and a private key in a pair using an asymmetric encryption algorithm, store the private key, and issue the public key to the terminal device; receiving an encryption key from the terminal equipment, decrypting the encryption key by using a private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from the terminal equipment, and decrypting the encrypted data packet by using a one-time dynamic key to obtain plaintext request data and an original integrity added value; and calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value, and if so, judging that the plaintext request data is not tampered.
The application server 104 may be configured to receive the plaintext request data from the security access service layer, process the plaintext request data, and obtain an access request result.
It should be understood that the number of terminal devices, secure access service layers and application servers in fig. 1 are merely illustrative. There may be any number of terminal devices, secure access service layers and application servers, as desired for implementation.
The secure access method of transaction data of the disclosed embodiment will be described in detail through fig. 2 to 10 based on the application scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a method of secure access of transaction data performed by a terminal device according to a first embodiment of the present disclosure.
As shown in fig. 2, the secure access method of transaction data performed by a terminal device of this embodiment may include operations S210 to S230.
In operation S210, a one-time dynamic key is generated in response to an access request for user transaction data initiated by an internal application of a terminal device.
When a user initiates an access request for user transaction data at an operating application on a terminal device, a one-time dynamic key is generated. Illustratively, a one-time dynamic key corresponding to the access request is generated using a random number algorithm.
In operation S220, the public key issued by the security access service layer is loaded, the one-time dynamic key is encrypted by using the public key, an encryption key is generated, and the encryption key is sent to the security access service layer.
And the public key is issued by the security access service layer and is loaded in advance, and the public key is used for encrypting the generated one-time dynamic secret key and then is sent to the security access service layer.
In operation S230, a transaction number fed back by the secure access service layer is received.
When the security access service layer receives the encryption key, the terminal equipment receives a transaction number returned by the security access service layer, wherein the transaction number corresponds to the access request.
Through the embodiment of the disclosure, the negotiation of the one-time dynamic key accessed in the transaction is completed.
In the first embodiment of the present disclosure, before the operation of responding to the access request of the transaction data of the user initiated by the internal application program of the terminal device, the consent or authorization of the user can be obtained. For example, before operation S210, it may further include: obtaining the authorization of a user to the user transaction data; after authorization, an access request for user transaction data is initiated at the application.
Thus, a request for access to the user transaction data thereof may be issued to the user, and the operation S210 is performed in case the user agrees or authorizes to obtain the user transaction data thereof.
Fig. 3 schematically shows a flow chart of a terminal device performing a process after receiving a transaction number according to a first embodiment of the present disclosure.
As shown in fig. 3, in the first embodiment of the present disclosure, after the operation S230, operations S240 to S270 may be further included.
In operation S240, relevant data of the access request is obtained and encapsulated.
Specifically, the relevant data of the access request may include, for example: access request content, transaction number, timestamp and unique signature of the terminal device. Thus, the terminal device encapsulates the access request content, the transaction number, the timestamp and the unique feature code of the terminal device generated by the access request.
In operation S250, the encapsulated related data is signed, and a request packet is generated.
And the internal application program of the terminal equipment is installed in advance and is internally provided with a signature algorithm, and the signature algorithm is used for carrying out signature verification on the whole data to form a complete request data packet.
In operation S260, an integrity additional value of the request packet is calculated using an integrity algorithm, and the integrity additional value is added to the tail of the request packet to obtain an updated request packet.
And an application program in the terminal equipment is installed in advance and is internally provided with an integrity algorithm, the integrity algorithm is used for carrying out integrity verification on the request data packet, a corresponding integrity additional value is calculated, and the integrity additional value is loaded at the tail part of the request data packet. The updated request packet includes the original request packet and the integrity added value.
In operation S270, the updated request packet is encrypted using the one-time dynamic key to generate an encrypted packet, and the encrypted packet is sent to the security access service layer.
And after the one-time dynamic key is negotiated in advance, the one-time dynamic key is used for encrypting the updated request data packet, and the terminal equipment sends the encrypted data packet to the security access service layer after the encryption is finished.
In the first embodiment of the disclosure, the security access service layer adopts distributed deployment to meet the requirement of highly concurrent access requests.
Fig. 4 schematically shows a flow chart of a method of secure access of transaction data performed by a secure access service layer according to a second embodiment of the present disclosure.
As shown in fig. 4, the secure access method of transaction data performed by the secure access service layer of this embodiment may include operations S410 to S440.
In operation S410, a pair of a public key and a private key is generated using an asymmetric encryption algorithm, the private key is stored, and the public key is issued to the terminal device.
The security access service layer generates a public key and a private key by using an asymmetric encryption algorithm, wherein the public key and the private key are paired, namely, only the private key can unlock data encrypted by using the public key, otherwise, only the public key can unlock data encrypted by using the private key. The public key can be published and issued, for example, the public key can be issued to the terminal device, and the private key is stored in the full access service layer in an encrypted manner.
In operation S420, an encryption key from the terminal device is received, the encryption key is decrypted by using a private key, a one-time dynamic key is obtained, and a transaction number is generated and fed back to the terminal device.
After the security access service layer receives the encryption key encrypted by the terminal device by using the public key, the encryption key is decrypted by the private key stored in the security access service layer, the original one-time dynamic key can be restored, and the transaction number of the transaction is established. And feeding back the transaction number to the terminal equipment, and storing the one-time dynamic key.
In operation S430, the encrypted data packet from the terminal device is received, and the encrypted data packet is decrypted using the one-time dynamic key to obtain the plaintext request data and the original integrity added value.
And after a real user access request is received, decrypting the encrypted data packet by using the stored one-time dynamic key to obtain decrypted plaintext request data, and disassembling the original integrity added value.
In operation S440, the integrity additional value of the plaintext request data is calculated using an integrity algorithm, whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value is determined, and if yes, it is determined that the plaintext request data is not tampered.
And calculating the plaintext request data through an integrity algorithm built in the security access service layer, comparing the obtained integrity added value with the disassembled original integrity added value, and determining whether the whole plaintext request data is tampered or not so as to ensure the integrity of the plaintext request data.
Fig. 5 schematically shows a flow chart of a security access service layer execution process after data has not been tampered with according to a second embodiment of the present disclosure.
As shown in fig. 5, in the second embodiment of the present disclosure, the plaintext request data includes the original signature information, and after the plaintext request data is determined not to be tampered in operation S440, operations S450 to S470 may be further included.
In operation S450, the original signature information is subjected to signature verification, and if the verification passes, the signature information of the security access service layer is added to the original signature information, so as to obtain updated signature information.
And performing signature verification on the original signature information through a signature algorithm built in the security access service layer, and adding the signature information of the security access service layer to obtain updated signature information. Therefore, the back-and-forth signature information is encrypted and stored, and the repudiation prevention of the request data is ensured.
In operation S460, relevant data of the access request in the plaintext request data is extracted, uniqueness checking is performed on the relevant data, and if the checking passes, it is determined that the plaintext request data has transaction uniqueness.
Wherein the relevant data of the access request comprises: access request content, transaction number, timestamp and unique signature of the terminal device.
After the signature is verified, uniqueness verification is carried out on the access request content, the transaction number, the timestamp and the unique feature code of the terminal device, transaction uniqueness is guaranteed, and replay attack is prevented.
In operation S470, the plaintext request data is transmitted to the application server.
And after the signature check and the uniqueness check are passed, forwarding the real plaintext request data to an application server for processing.
The methods respectively executed by the terminal device and the security access service layer shown in fig. 2 to 5 are further described with reference to fig. 6. It will be appreciated by those skilled in the art that the following example embodiments are only for the understanding of the present disclosure, and the present disclosure is not limited thereto.
Fig. 6 schematically illustrates an operational flow diagram of a data flow process between a terminal device and a secure access service layer according to an embodiment of the present disclosure.
As shown in fig. 6, in the embodiment of the present disclosure, data flow between a terminal device and a security access service layer sequentially includes the following steps:
(1) the internal application program of the terminal equipment initiates an access request for user transaction data to the security access service layer, and the security access service layer issues a public key of the security access service layer to the internal application program of the terminal equipment. That is, the public key is transmitted in the whole system in the clear;
(2) the terminal equipment generates a one-time dynamic key S corresponding to the access request by using a random number algorithm, encrypts the generated key by using the received public key to generate an encryption key C, and sends the encryption key C to a security access service layer;
(3) and the security access service layer receives the encryption key C, decrypts by using a private key corresponding to the public key, and restores to obtain a disposable dynamic key S.
After the exchange steps, the terminal equipment and the security access service layer both obtain the one-time dynamic secret key S. Therefore, the terminal equipment can encrypt the request data packet by using the one-time dynamic secret key S, and the response, namely the transaction number, after encryption can be fed back to the terminal equipment in time by the security access service layer.
According to the embodiment of the disclosure, a security access service layer is established between the application program in the terminal device and the application server, and through a security access service layer proxy mode, security services are all realized on the layer, so that application service requirements (such as different services of inquiry, account transfer, purchase and the like or different applications) are really realized and are placed behind the security access service layer, and uniform and comprehensive security access service is provided. Therefore, a uniform security access service layer is established, the problem that most application security functions only pay attention to one or part of confidentiality, integrity, uniqueness, tamper resistance and repudiation resistance, so that security access services are uneven is solved, and the security access level of the application is greatly improved.
Fig. 7 schematically shows a flow chart of a method of secure access of transaction data performed by an application server according to a third embodiment of the present disclosure.
As shown in fig. 7, the secure access method of transaction data performed by the application server of this embodiment may include operation S710.
In operation S710, plaintext request data from the security access service layer is received, and the plaintext request data is processed to obtain an access request result.
With the embodiments of the present disclosure, the application server can provide an actual access request processing service.
Fig. 8 schematically shows a flow chart of an application server execution process after processing plaintext request data according to a third embodiment of the disclosure.
As shown in fig. 8, in the third embodiment of the present disclosure, after the operation S710, an operation S720 may be further included.
In operation S720, the access request result is transmitted back to the security access service layer.
Specifically, when the application server returns the package, referring to the methods respectively executed by the terminal device and the security access service layer shown in fig. 2 to fig. 5, the transaction request, the transaction number, the timestamp, and the encapsulation, integrity calculation, and signature of the terminal device are performed reversely through the security access service layer, and then the transaction request, the transaction number, the timestamp, and the encapsulation, integrity calculation, and signature of the terminal device are returned to the user program after being encrypted by the one-time dynamic key. And after the user program is decrypted and the integrity, the signature and the transaction uniqueness are confirmed, the safe user transaction data access is completed, and if other operations exist, a new round of safe user access process is started.
The method for securely accessing transaction data shown in fig. 2 to 8 will be further described with reference to fig. 9 and 10 in conjunction with specific embodiments. Those skilled in the art will appreciate that the following example embodiments are only for the understanding of the present disclosure, and the present disclosure is not limited thereto.
Fig. 9 schematically illustrates an overall operational flow diagram of a method of secure access to transaction data according to an embodiment of the present disclosure.
As shown in fig. 9, in the embodiment of the present disclosure, after the terminal device sequentially performs data encapsulation, signature verification, and integrity verification, the terminal device encrypts the request packet, and forwards the encrypted packet to the security access service layer. The security access service layer decrypts the encrypted data packet by using the stored private key, then sequentially carries out integrity check, signature check and uniqueness check, and then forwards the real plaintext request data to the application server, and the application server processes the access request data and obtains a real access request result.
Fig. 10 schematically illustrates an operation flow diagram of full link service capability detection on application traffic according to a method of an embodiment of the present disclosure.
As shown in fig. 10, in the embodiment of the present disclosure, first, the security access service layer generates a pair of a public key and a private key by using an asymmetric encryption algorithm, the public key is issued to the terminal device, and the private key is encrypted and stored. On the terminal equipment, a user operates a user terminal program to initiate an access request for transaction data, the user terminal program generates a one-time dynamic secret key, and the one-time dynamic secret key is encrypted by using a public key and then is sent to a security access service layer. And then, the security access service layer establishes a transaction number for the transaction and uses a private key for decryption to obtain a one-time dynamic key, and the transaction number is fed back to the terminal equipment. Then, on the terminal equipment, the user terminal program packages, signs and calculates the integrity added value of the transaction request, the transaction number, the timestamp and the unique feature code of the user terminal, and finally the transaction request, the transaction number, the timestamp and the unique feature code of the user terminal are encrypted by the one-time dynamic key and transmitted to the security access service layer.
And then, the security access service layer decrypts the data, verifies the integrity, the signature and the transaction number, verifies whether the confidentiality, the integrity, the uniqueness and the anti-repudiation are verified to be passed or not, if so, forwards the request data to an application server for processing, and otherwise, ends the access request.
And finally, after the application server obtains the access request result of the request data, the security access service layer encapsulates, signs and calculates the integrity added value of the transaction request result, the transaction number and the timestamp, and finally the transaction request result, the transaction number and the timestamp are encrypted by a one-time dynamic key and then returned to the application program on the terminal equipment.
According to the embodiment of the disclosure, a security access service layer is established between the application program in the terminal device and the application server, and through a security access service layer proxy mode, security services are all realized on the layer, so that application service requirements (such as different services of inquiry, account transfer, purchase and the like or different applications) are really realized and are placed behind the security access service layer, and uniform and comprehensive security access service is provided. On a uniform security access service layer, confidentiality, integrity, uniqueness, tamper resistance and repudiation resistance are realized, extra investment of security functions of repeated construction of each application is reduced, and the problems of uneven application repeated construction investment and security capability are also avoided.
Based on the above secure access method for transaction data, the present disclosure also provides a secure access system for transaction data, which will be described in detail below with reference to fig. 11.
Fig. 11 schematically shows a block diagram of a secure access system for transaction data according to a fourth embodiment of the present disclosure.
As shown in fig. 11, the system 1100 for secure access to transaction data of this embodiment includes a terminal device 1110, a secure access service layer 1120, and an application server 1130.
The terminal device 1110 is configured to generate a one-time dynamic key in response to an access request for user transaction data initiated by an application program in the terminal device; loading a public key issued by the security access service layer, encrypting the one-time dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving the transaction number fed back by the secure access service layer. In an embodiment, the terminal device 1110 may be configured to perform operations S210 to S230 described above, which are not described herein again.
The security access service layer 1120 is configured to generate a public key and a private key in a pair by using an asymmetric encryption algorithm, store the private key, and issue the public key to the terminal device; receiving an encryption key from the terminal equipment, decrypting the encryption key by using a private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from the terminal equipment, and decrypting the encrypted data packet by using the one-time dynamic key to obtain plaintext request data and an original integrity added value; and calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value, and if so, judging that the plaintext request data is not tampered. In an embodiment, the security access service layer 1120 may be configured to perform operations S410 to S440 described above, which are not described herein again.
The application server 1130 is configured to receive the plaintext request data from the security access service layer, process the plaintext request data, and obtain an access request result. In an embodiment, the application server 1130 may be configured to perform the operation S710 described above, which is not described herein again.
According to the embodiment of the disclosure, a security access service layer is established between the application program in the terminal device and the application server, and through a security access service layer proxy mode, security services are all realized on the layer, so that application service requirements (such as different services of inquiry, account transfer, purchase and the like or different applications) are really realized and are placed behind the security access service layer, and uniform and comprehensive security access service is provided. In a uniform security access service layer, confidentiality, integrity, uniqueness, tamper resistance and repudiation resistance are realized, extra investment of security functions of repeated construction of each application is reduced, and the problems of uneven application repeated construction investment and security capability are also avoided.
According to the embodiment of the present disclosure, any plurality of modules in the terminal device 1110, the secure access service layer 1120, and the application server 1130 may be combined and implemented in one module, or any one of the modules may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the terminal device 1110, the secure access service layer 1120, and the application server 1130 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware. Alternatively, at least one of the terminal device 1110, the secure access service layer 1120 and the application server 1130 may be at least partly implemented as computer program modules, which when executed may perform corresponding functions.
Fig. 12 schematically shows a block diagram of an electronic device adapted to implement a method of secure access to transaction data according to a fifth embodiment of the present disclosure.
As shown in fig. 12, an electronic apparatus 1200 according to an embodiment of the present disclosure includes a processor 1201, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. The processor 1201 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1201 may also include on-board memory for caching purposes. The processor 1201 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1203, various programs and data necessary for the operation of the electronic apparatus 1200 are stored. The processor 1201, the ROM1202, and the RAM 1203 are connected to each other by a bus 1204. The processor 1201 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM1202 and/or the RAM 1203. Note that the programs may also be stored in one or more memories other than the ROM1202 and the RAM 1203. The processor 1201 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement a method for secure access to transaction data according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM1202 and/or the RAM 1203 and/or one or more memories other than the ROM1202 and the RAM 1203 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product is run in a computer system, the program code is for causing the computer system to implement a method for secure access to transaction data as provided by embodiments of the present disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 1201. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, downloaded and installed through the communication section 1209, and/or installed from the removable medium 1211. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1209, and/or installed from the removable medium 1211. The computer program, when executed by the processor 1201, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (14)
1. A method of secure access to transaction data performed by a terminal device, comprising:
responding to an access request initiated by an internal application program of the terminal equipment to user transaction data, and generating a one-time dynamic key;
loading a public key issued by a security access service layer, encrypting the disposable dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and
and receiving the transaction number fed back by the security access service layer.
2. The method of claim 1, wherein the generating a one-time dynamic key comprises:
and generating a one-time dynamic key corresponding to the access request by using a random number algorithm.
3. The method of claim 1, wherein after receiving the transaction number fed back by the secure access service layer, further comprising:
acquiring relevant data of the access request, and packaging the relevant data;
signing the packaged related data to generate a request data packet;
calculating an integrity additional value of the request data packet by using an integrity algorithm, and adding the integrity additional value to the tail part of the request data packet to obtain an updated request data packet; and
and encrypting the updated request data packet by using the one-time dynamic key to generate an encrypted data packet, and sending the encrypted data packet to the security access service layer.
4. The method of claim 3, wherein the data associated with the access request comprises: access request content, transaction number, timestamp and unique signature of the terminal device.
5. The method of claim 1, wherein responding to the terminal device internal application initiated access request for user transaction data is preceded by:
obtaining the authorization of a user to the user transaction data;
and after obtaining the authorization, initiating an access request for the user transaction data at an application program.
6. A method of secure access to transaction data performed by a secure access service layer, comprising:
generating a public key and a private key in a pair by using an asymmetric encryption algorithm, storing the private key, and issuing the public key to terminal equipment;
receiving an encryption key from the terminal equipment, decrypting the encryption key by using the private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment;
receiving an encrypted data packet from terminal equipment, and decrypting the encrypted data packet by using the one-time dynamic key to obtain plaintext request data and an original integrity additional value; and
and calculating the integrity additional value of the plaintext request data by using an integrity algorithm, judging whether the integrity additional value of the plaintext request data is completely consistent with the original integrity additional value, and if so, judging that the plaintext request data is not tampered.
7. The method of claim 6, wherein the plaintext request data comprises original signature information, and wherein after determining that the plaintext request data has not been tampered with, further comprising:
carrying out signature verification on the original signature information, and if the verification is passed, adding signature information of a security access service layer to the original signature information to obtain updated signature information;
extracting relevant data of an access request in the plaintext request data, performing uniqueness check on the relevant data, and determining that the plaintext request data has transaction uniqueness if the relevant data passes the uniqueness check; and
and sending the plaintext request data to an application server.
8. The method of claim 7, wherein the data associated with the access request comprises: access request content, transaction number, timestamp and unique signature of the terminal device.
9. A method of secure access to transaction data performed by an application server, comprising:
and receiving plaintext request data from a security access service layer, and processing the plaintext request data to obtain an access request result.
10. The method of claim 9, wherein the method further comprises:
and transmitting the access request result to a security access service layer in a reverse direction.
11. A system for secure access to transaction data, comprising:
the terminal equipment is used for responding to an access request initiated by an internal application program of the terminal equipment for user transaction data and generating a one-time dynamic key; loading a public key issued by a security access service layer, encrypting the one-time dynamic key by using the public key to generate an encryption key, and sending the encryption key to the security access service layer; and receiving a transaction number fed back by the secure access service layer;
the security access service layer is used for generating a public key and a private key in pair by using an asymmetric encryption algorithm, storing the private key and issuing the public key to the terminal equipment; receiving an encryption key from the terminal equipment, decrypting the encryption key by using the private key to obtain a one-time dynamic key, generating a transaction number and feeding the transaction number back to the terminal equipment; receiving an encrypted data packet from terminal equipment, and decrypting the encrypted data packet by using the one-time dynamic key to obtain plaintext request data and an original integrity added value; calculating an integrity added value of the plaintext request data by using an integrity algorithm, judging whether the integrity added value of the plaintext request data is completely consistent with the original integrity added value or not, and if so, judging that the plaintext request data is not tampered;
and the application server is used for receiving the plaintext request data from the security access service layer, processing the plaintext request data and obtaining an access request result.
12. An electronic device, comprising:
one or more processors;
a storage device to store one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-10.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 10.
14. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210627466.9A CN115001828A (en) | 2022-06-02 | 2022-06-02 | Secure access method, system, electronic device and medium for transaction data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210627466.9A CN115001828A (en) | 2022-06-02 | 2022-06-02 | Secure access method, system, electronic device and medium for transaction data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115001828A true CN115001828A (en) | 2022-09-02 |
Family
ID=83031170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210627466.9A Pending CN115001828A (en) | 2022-06-02 | 2022-06-02 | Secure access method, system, electronic device and medium for transaction data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115001828A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117640109A (en) * | 2024-01-26 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | API (application program interface) secure access method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506453A (en) * | 2016-10-09 | 2017-03-15 | 南京邮电大学 | Electric power big data transmission method and system based on Rapid matching and integrity detection |
| CN107395560A (en) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | Safety check and its initiation, management method, equipment, server and storage medium |
| CN108200014A (en) * | 2017-12-18 | 2018-06-22 | 北京深思数盾科技股份有限公司 | The method, apparatus and system of server are accessed using intelligent key apparatus |
| CN113438086A (en) * | 2021-06-24 | 2021-09-24 | 深圳前海微众银行股份有限公司 | Data security protection method and system |
-
2022
- 2022-06-02 CN CN202210627466.9A patent/CN115001828A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106506453A (en) * | 2016-10-09 | 2017-03-15 | 南京邮电大学 | Electric power big data transmission method and system based on Rapid matching and integrity detection |
| CN107395560A (en) * | 2017-06-05 | 2017-11-24 | 努比亚技术有限公司 | Safety check and its initiation, management method, equipment, server and storage medium |
| CN108200014A (en) * | 2017-12-18 | 2018-06-22 | 北京深思数盾科技股份有限公司 | The method, apparatus and system of server are accessed using intelligent key apparatus |
| CN113438086A (en) * | 2021-06-24 | 2021-09-24 | 深圳前海微众银行股份有限公司 | Data security protection method and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117640109A (en) * | 2024-01-26 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | API (application program interface) secure access method and device, electronic equipment and storage medium |
| CN117640109B (en) * | 2024-01-26 | 2024-04-26 | 远江盛邦(北京)网络安全科技股份有限公司 | API (application program interface) secure access method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180124023A1 (en) | Method, system and apparatus for storing website private key plaintext | |
| CN112333198A (en) | Secure cross-domain login method, system and server | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| CN111030827A (en) | Information interaction method and device, electronic equipment and storage medium | |
| CN107920060B (en) | Data access method and device based on account | |
| CN110737905B (en) | Data authorization method, data authorization device and computer storage medium | |
| CN113094190B (en) | Micro-service calling method, micro-service calling device, electronic equipment and storage medium | |
| CN115001828A (en) | Secure access method, system, electronic device and medium for transaction data | |
| CN114640524B (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| CN114584378B (en) | Data processing method, device, electronic equipment and medium | |
| CN114095165B (en) | Key updating method, server device, client device and storage medium | |
| CN114499893B (en) | Bidding file encryption and evidence storage method and system based on block chain | |
| CN114584299B (en) | Data processing method, device, electronic equipment and storage medium | |
| CN111125734B (en) | Data processing method and system | |
| CN114491489A (en) | Request response method and device, electronic equipment and storage medium | |
| CN112217810A (en) | Request response method, device, equipment and medium | |
| CN114615087B (en) | Data sharing method, device, equipment and medium | |
| CN114826616B (en) | Data processing method, device, electronic equipment and medium | |
| CN115189945B (en) | Transaction request verification method and device, electronic equipment and readable storage medium | |
| CN114553570B (en) | Method, device, electronic equipment and storage medium for generating token | |
| CN114095254B (en) | Message encryption method, server device, client device and storage medium | |
| CN115952518B (en) | Data request method, device, electronic equipment and storage medium | |
| CN114785560B (en) | Information processing method, device, equipment and medium | |
| CN114844694B (en) | Information processing method, apparatus, device and storage medium | |
| CN115189945A (en) | Transaction request verification method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |