CN103401844A - Operation request processing method and system - Google Patents
Operation request processing method and system Download PDFInfo
- Publication number
- CN103401844A CN103401844A CN2013102940892A CN201310294089A CN103401844A CN 103401844 A CN103401844 A CN 103401844A CN 2013102940892 A CN2013102940892 A CN 2013102940892A CN 201310294089 A CN201310294089 A CN 201310294089A CN 103401844 A CN103401844 A CN 103401844A
- Authority
- CN
- China
- Prior art keywords
- operation requests
- packet
- terminal
- system server
- background system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an operation request processing method and an operation request processing system, wherein the method comprises the following steps that a first terminal generates operation requests and sends the operation requests to a background system server; the background system server sends the operation requests to a second terminal after verifying that the operation requests are legal; a second terminal sends the operation request data packet to an authorization electronic signature token, the authorization electronic signature token carries out prompt on the operation request data packet, confirming instructions are received, the signing is carried out, and the signed data packet is obtained; the authorization electronic signature token sends the signed data packet to the second terminal; the second terminal sends the signed data packet and the operation request data packet to a background system server; and after the background system server verifies that the data packet is passed, the operation requests are executed according to the operation request data packet. When the operation request processing method and the operation request processing system are adopted, the electronic form can be adopted for examination and approval, the use is convenient, and meanwhile, the safety and the non-repudiation of the examination and approval are also ensured.
Description
Technical field
The present invention relates to a kind of information security field, relate in particular to a kind of processing method and system of operation requests.
Background technology
At present, along with the development of network, no matter be ecommerce or Web bank, all by these means of network, realize business separately, well met the demand of the people to shopping and banking, the convenient use.
Yet enterprise, when carrying out ecommerce or Web bank, can be licensed to the employee and carry out associative operation by the leader of enterprise; Individual's execution associative operation that also can depute one's authority to a substitute.But existing the mandate is by the leader of enterprise, to examine rear authorization to sign or individual to handle the associated authorization formality execution associative operation that deputes one's authority to a substitute, at this moment, no matter that enterprise must on the scenely just can authorize per capita, otherwise need to wait for that the donor is on the scene and just can authorize, easily cause affecting adversely business opportunity, be inconvenient to manage and authorize greatly.
Summary of the invention
The present invention is intended to solve the problem of existing mandated program inconvenience.
Main purpose of the present invention is to provide a kind of processing method of operation requests;
Another object of the present invention is to provide a kind for the treatment of system of operation requests.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
One aspect of the present invention provides a kind of processing method of operation requests, comprising: first terminal obtains content of operation; Described first terminal obtains the operation requests generation strategy, and according to described operation requests generation strategy and the request of described content of operation generating run; Described first terminal is sent to described background system server by described operation requests; Described background system server, after obtaining described operation requests, is verified the legitimacy of described operation requests; Described background system server, after the described operation requests of checking is legal, is sent to the second terminal by described operation requests; Described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy by the operation requests Packet Generation to the authorization electronic signature token, wherein, described operation requests packet generates according to described request sending strategy and described operation requests; Described authorization electronic signature token is pointed out described operation requests packet; Described authorization electronic signature token confirmation of receipt instruction, and according to described confirmation instruction, described operation requests packet is signed, signature packet obtained; Described authorization electronic signature token is sent to described the second terminal by described signature packet; Described the second terminal by described signature packet and described operation requests Packet Generation to the background system server; Described background system server is verified described signature packet; Described background system server, after the described signature packet of checking is passed through, is carried out described operation requests according to described operation requests packet.
In addition, described first terminal obtains the operation requests generation strategy, and comprises according to the step of described operation requests generation strategy and the request of described content of operation generating run: described first terminal obtains identification information and licencing key; Described first terminal generates described operation requests according to described identification information, described licencing key and described content of operation; Described background system server is after obtaining described operation requests, the step of verifying the legitimacy of described operation requests comprises: described background system server is after obtaining described operation requests, correctness according to the described licencing key of described identification information checking, if verify that described licencing key is correct, verify that described operation requests is legal.
In addition, described licencing key is dynamic password or static password.
In addition, described first terminal obtains the operation requests generation strategy, and comprise according to the step of described operation requests generation strategy and the request of described content of operation generating run: described first terminal obtains identification information and signing messages, wherein, described signing messages is to the acquisition of signing of described content of operation; Described first terminal generates described operation requests according to described identification information, described signing messages and described content of operation; Described background system server is after obtaining described operation requests, the step of verifying the legitimacy of described operation requests comprises: described background system server is after obtaining described operation requests, correctness according to described identification information and the described signing messages of described content of operation checking, if verify that described signing messages is correct, verify that described operation requests is legal.
In addition, described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy, the step of operation requests Packet Generation to the authorization electronic signature token comprised: described the second terminal, after obtaining described operation requests, is obtained forwarding strategy; Described the second terminal is using described operation requests as the operation requests Packet Generation to the authorization electronic signature token.
In addition, described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy, the step of operation requests Packet Generation to the authorization electronic signature token comprised: described the second terminal, after obtaining described operation requests, is obtained and is processed and sending strategy; Described the second terminal is processed the generating run request data package according to described processing sending strategy to described operation requests, and according to described processing sending strategy by described operation requests Packet Generation to the authorization electronic signature token.
In addition, described content of operation comprises: transfer, logistics solicited message, accessing request information or obtain solicited message.
In addition, described background system server is after the described signature packet of checking is passed through, the step of carrying out described operation requests according to described operation requests packet comprises: described background system server, after the described signature packet of checking is passed through, is carried out the described operation of transferring accounts according to described transfer; Described background system server, after the described signature packet of checking is passed through, is carried out described logistics operation according to described logistics solicited message; Described background system server, after the described signature packet of checking is passed through, is carried out the access rights setting operation according to described accessing request information; Perhaps described background system server, after the described signature packet of checking is passed through, is carried out transmit operation according to the described request of obtaining.
The present invention provides a kind for the treatment of system of operation requests on the other hand, comprising: first terminal, background system server, the second terminal and authorization electronic signature token; Wherein, described first terminal obtains content of operation, obtains the operation requests generation strategy, and according to described operation requests generation strategy and the request of described content of operation generating run, described operation requests is sent to described background system server; Described background system server is after obtaining described operation requests, verify the legitimacy of described operation requests, after the described operation requests of checking is legal, described operation requests is sent to described the second terminal, signature packet is verified, after the described signature packet of checking is passed through, according to described operation requests packet, carry out described operation requests; Described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy by the operation requests Packet Generation to described authorization electronic signature token, wherein, described operation requests packet generates according to described request sending strategy and described operation requests, and by described signature packet and described operation requests Packet Generation to described background system server; Described authorization electronic signature token is pointed out described operation requests packet, the confirmation of receipt instruction, and according to described confirmation instruction, described operation requests packet is signed, obtain signature packet, described signature packet is sent to described the second terminal.
In addition, described first terminal obtains identification information and licencing key, according to described identification information, described licencing key and described content of operation, generates described operation requests; Described background system server, after obtaining described operation requests, according to the correctness of the described licencing key of described identification information checking, if verify that described licencing key is correct, verifies that described operation requests is legal.
In addition, described licencing key is dynamic password or static password.
In addition, described first terminal obtains identification information and signing messages, wherein, described signing messages, to the acquisition of signing of described content of operation, generates described operation requests according to described identification information, described signing messages and described content of operation; Described background system server, after obtaining described operation requests, according to the correctness of described identification information and the described signing messages of described content of operation checking, if verify that described signing messages is correct, verifies that described operation requests is legal.
In addition, described the second terminal, after obtaining described operation requests, is obtained forwarding strategy, using described operation requests as the operation requests Packet Generation to the authorization electronic signature token.
In addition, described the second terminal is after obtaining described operation requests, obtain and process and sending strategy, according to described processing sending strategy, described operation requests is processed to the generating run request data package, and according to described processing sending strategy by described operation requests Packet Generation to the authorization electronic signature token.
In addition, described content of operation comprises: transfer, logistics solicited message, accessing request information or obtain solicited message.
In addition, described background system server, after the described signature packet of checking is passed through, is carried out the described operation of transferring accounts according to described transfer; Described background system server, after the described signature packet of checking is passed through, is carried out described logistics operation according to described logistics solicited message; Described background system server, after the described signature packet of checking is passed through, is carried out the access rights setting operation according to described accessing request information; Perhaps described background system server, after the described signature packet of checking is passed through, is carried out transmit operation according to the described request of obtaining.
As seen from the above technical solution provided by the invention, as can be seen here, adopt processing method and the system of operation requests of the present invention, can examine with electronic form, in the time of convenient the use, also guaranteed fail safe and the non repudiation examined.
The accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, in below describing embodiment, the accompanying drawing of required use is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite of not paying creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the flow chart of the processing method of operation requests provided by the invention;
Fig. 2 is the structural representation of the treatment system of operation requests provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment that obtains, belong to protection scope of the present invention.
in description of the invention, it will be appreciated that, term " " center ", " vertically ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only be used to describing purpose, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be done broad understanding, for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also to be electrically connected to; Can be directly to be connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Fig. 1 has shown the flow chart of the processing method of operation requests of the present invention, and referring to Fig. 1, the processing method of operation requests of the present invention comprises:
Step S101, first terminal obtains content of operation;
Concrete, first terminal can be the terminal that the employee adopts, and can be the terminal that the agent adopts, or is the terminal of claimant's employing; By first terminal, to realize respective request.
First terminal can be fixed terminal or mobile terminal, and fixed terminal can be: PC, ATM or POS machine etc., mobile terminal can be: notebook computer, panel computer, smart mobile phone or handheld POS machine etc.
First terminal can connect by wired or wireless mode the background system server, to realize respective request.
Wherein, content of operation of the present invention can for following any:
Transfer, for example: the transferred account service of request bank;
The logistics solicited message, for example: the business that request leader approval logistics sends;
Accessing request information, for example: the business of certain main frame of request access or server;
Obtain solicited message; For example: request is obtained authority from certain main frame or server and is carried out the file download, or the decryption information etc. of the enciphered message of download is obtained in request from certain main frame or server.
Certainly, content of operation of the present invention can also comprise details information of above-mentioned request etc.
Step S102, first terminal obtain the operation requests generation strategy, and according to operation requests generation strategy and the request of content of operation generating run;
Concrete, the operation requests generation strategy can comprise according to any generating run request of following content:
Identification information and licencing key; If the employing licencing key is simple; Certainly, licencing key is dynamic password or static password, the dynamic password that dynamic password can adopt E-token dynamic password card to generate, and static password can set in advance.Adopt dynamic password, fail safe is higher, adopts static password, and is simple.Perhaps
Perhaps identification information and signing messages; This signing messages can be that the private key of the key that holds of user is signed and obtained content of operation, if adopt signing messages, improves fail safe Nonrepudition.
Certainly, the present invention can arrange according to the complexity of user's operation requests different ranks to obtain static password, dynamic password or signing messages, and above level of security increases step by step.For example: the amount of money of transferring accounts hour can select to obtain the mode of static password; When the amount of money of transferring accounts is larger, can select to obtain the mode of signing messages.
If first terminal obtains identification information and licencing key, so, first terminal is according to identification information, licencing key and the request of content of operation generating run.First terminal can, by identification information, licencing key and content of operation combination producing operation requests, after also can calculating licencing key, be combined into operation requests etc. by licencing key and content of operation after identification information, calculating.It can be the HASH value of calculating the MAC value of licencing key or calculating licencing key that licencing key is calculated, and can be MAC value or HASH value intercepting part value to calculating.Licencing key is calculated, can guarantee the fail safe of licencing key transmission, prevent that licencing key is acquired.First terminal can also directly be encrypted the generating run request to identification information, licencing key and content of operation, and encrypted transmission improves fail safe.
If first terminal obtains identification information and signing messages, wherein, signing messages is to the content of operation acquisition of signing, and so, first terminal is according to identification information, signing messages and the request of content of operation generating run.First terminal can be by identification information, signing messages and content of operation combination producing operation requests etc., or first terminal encrypts the generating run request to identification information, signing messages and content of operation, and encrypted transmission improves fail safe.
Step S103, first terminal is sent to the background system server by operation requests;
Step S104, background system server after obtaining operation requests, the legitimacy of verification operation request;
If first terminal obtains identification information and licencing key, according to identification information, licencing key and the request of content of operation generating run, the background system server is after obtaining operation requests so, correctness according to identification information checking licencing key, if the checking licencing key is correct, the verification operation request is legal.
If operation requests is enciphered message or comprises enciphered message, the background system server is decrypted rear checking to its enciphered message.
When licencing key was static password, this static password can be pre-stored in the background system server, with identification information, has corresponding relation, and the background system server is searched the static password that prestores according to identification information.If first terminal calculates MAC value or HASH value to static password, the background system server is also adopted MAC value or the HASH value of the static password that calculating in a like fashion finds when verifying, thereby verifies.
When licencing key was dynamic password, the background system server can adopt the mode identical with the E-token dynamic password card that generates this dynamic password to generate the verification password, thereby whether the verification password that comparison generates is consistent with the dynamic password that receives.There are corresponding relation in mode and identification information that the background system server generates the verification password, the background system server is searched the mode that generates the verification password and generates the verification password according to identification information, if first terminal calculates MAC value or HASH value to dynamic password, background system server MAC value or the HASH value of also adopting the dynamic password that generates in a like fashion when verifying.
If first terminal obtains identification information and signing messages, wherein, signing messages is to the content of operation acquisition of signing, and according to identification information, signing messages and the request of content of operation generating run, the background system server is after obtaining operation requests so, according to the correctness of identification information and content of operation certifying signature information, if certifying signature information is correct, the verification operation request is legal.For example: the background system server prestores the PKI of the key that the user holds, there are corresponding relation in this PKI and identification information, the background system server is searched PKI according to identification information, according to the PKI that finds and the content of operation that receives, signing messages is carried out to sign test, sign test is by the verification operation request is legal.
Only have that the request of background system server authentication operation is legal just can carry out subsequent operation afterwards, guarantee authenticity, the legitimacy of operation requests, and the fail safe of subsequent operation.
Step S105, background system server, after the verification operation request is legal, are sent to the second terminal by operation requests;
Concrete, the second terminal can be the terminal that leader adopts, and can be the terminal that the donor adopts, or is the terminal of approver's employing; By the second terminal, to realize corresponding Authorized operation.
The second terminal can be fixed terminal or mobile terminal, and fixed terminal can be: PC, ATM or POS machine etc., mobile terminal can be: notebook computer, panel computer, smart mobile phone or handheld POS machine etc.
The second terminal can connect by wired or wireless mode the background system server, to realize corresponding Authorized operation.
Step S106, the second terminal, after obtaining operation requests, is obtained the request sending strategy, and according to the request sending strategy by the operation requests Packet Generation to the authorization electronic signature token, wherein, the operation requests packet generates according to request sending strategy and operation requests;
Concrete, the second terminal, after obtaining operation requests, can directly forward operation requests, after can processing operation requests, sends again; If directly forward, simple to operation, if send again after operation requests is processed, can improve the increase content of operation, the convenient use.
The second terminal is after obtaining operation requests, and directly operation requests being forwarded can be in the following way:
The second terminal is obtained forwarding strategy, using operation requests as the operation requests Packet Generation to the authorization electronic signature token.
The second terminal is after obtaining operation requests, and after operation requests is processed, sending can be in the following way again:
The second terminal is obtained and is processed and sending strategy, according to processing and sending strategy is processed the generating run request data package to operation requests, and according to process and sending strategy by the operation requests Packet Generation to the authorization electronic signature token.
When this processing can be for the business at certain main frame of request access or server, increase authority and arrange to wait and operate arbitrarily.
By operation requests is processed, can increase other operations relevant to operation requests, improve fail safe.
Step S107, the authorization electronic signature token is pointed out the operation requests packet;
concrete, the authorization electronic signature token uses for the leader, the key that the donor uses or the approver uses, can be USBkey, bluetooth key, infrared key, NFC key, the key that audio frequency key etc. can be connected with the second terminal coupling arbitrarily, after this authorization electronic signature token receives the operation requests packet, the operation requests packet is shown or voice suggestion, the key message that perhaps extracts in the operation requests packet shows or voice suggestion, which kind of operation requests the end user knows operation requests as take prompting, thereby judge whether this operation requests can go through.
Step S108, authorization electronic signature token confirmation of receipt instruction, and according to the confirmation instruction, the operation requests packet is signed, obtain signature packet;
Concrete, if it is real that the end user of authorization electronic signature token confirms operation requests, can be approved, press on the authorization electronic signature token button (for example OK button) is set, to send, confirm that instruction is to the authorization electronic signature token, the authorization electronic signature token, after receiving this confirmation instruction, is signed to the operation requests packet according to the private key of this authorization electronic signature token, obtains signature packet.
End user by the authorization electronic signature token signs to the operation requests packet, has guaranteed the non repudiation of examining.
Step S109, the authorization electronic signature token is sent to the second terminal by signature packet;
Step S110, the second terminal by signature packet and operation requests Packet Generation to the background system server;
Step S111, the background system server is verified signature packet;
Concrete, the background system server prestores the PKI of authorization electronic signature token, after the background system server receives signature packet and operation requests packet, can find the PKI corresponding with the authorization electronic signature token according to identification information, according to this PKI, signature packet verified.
Step S112, background system server are after the certifying signature packet passes through, according to the request of operation requests packet executable operations.
At this moment, only have the background system server after the certifying signature packet passes through, just according to the request of operation requests packet executable operations, guaranteed authenticity and the fail safe of operation requests.
Certainly, according to the difference of content of operation,
The background system server, after the certifying signature packet passes through, can be carried out following different operation:
According to transfer, carry out the operation of transferring accounts;
According to the logistics solicited message, carry out logistics operation;
According to accessing request information, carry out the access rights setting operation; Perhaps
According to the request of obtaining, carry out transmit operation.
As can be seen here, adopt the processing method of operation requests of the present invention, can examine with electronic form, in the time of convenient the use, also guaranteed fail safe and the non repudiation examined.
Fig. 2 has shown the structural representation of the treatment system of operation requests, and the treatment system of operation requests of the present invention adopts the processing method of above-mentioned operation requests, in this explanation no longer one by one, only structure and the function separately thereof of the treatment system of operation requests are carried out to simple explanation, referring to Fig. 2, the treatment system of operation requests comprises: first terminal 201, background system server 202, the second terminal 203 and authorization electronic signature token 204; Wherein,
First terminal 201 obtains content of operation, obtains the operation requests generation strategy, and according to operation requests generation strategy and the request of content of operation generating run, operation requests is sent to background system server 202; Wherein, content of operation can comprise: transfer, logistics solicited message, accessing request information or obtain solicited message.
Background system server 202 is after obtaining operation requests, the legitimacy of verification operation request, after the verification operation request is legal, operation requests is sent to the second terminal 203, signature packet is verified, after the certifying signature packet passes through, according to the request of operation requests packet executable operations;
The second terminal 203 is after obtaining operation requests, obtain the request sending strategy, and according to the request sending strategy by the operation requests Packet Generation to authorization electronic signature token 204, wherein, the operation requests packet generates according to request sending strategy and operation requests, and by signature packet and operation requests Packet Generation to background system server 202;
204 pairs of operation requests packets of authorization electronic signature token are pointed out, the confirmation of receipt instruction, and according to the confirmation instruction, the operation requests packet is signed, obtain signature packet, signature packet is sent to the second terminal 203.
In addition, first terminal 201 generating run request in the following way:
Mode one: first terminal 201 obtains identification information and licencing key, according to identification information, licencing key and the request of content of operation generating run; Wherein, licencing key is dynamic password or static password.
At this moment, the background system server legitimacy of verification operation request in the following way:
Background system server 202 is after obtaining operation requests, and according to the correctness of identification information checking licencing key, if the checking licencing key is correct, the verification operation request is legal.
Mode two: first terminal 201 obtains identification information and signing messages, and wherein, signing messages is to the content of operation acquisition of signing, according to identification information, signing messages and the request of content of operation generating run;
At this moment, the background system server legitimacy of verification operation request in the following way:
Background system server 202 is after obtaining operation requests, and according to the correctness of identification information and content of operation certifying signature information, if certifying signature information is correct, the verification operation request is legal.
Certainly, the second terminal 203 after obtaining operation requests, can be in the following way by the operation requests Packet Generation to authorization electronic signature token 204:
One: the second terminal 203 of mode is obtained forwarding strategy, using operation requests as the operation requests Packet Generation to authorization electronic signature token 204.
Two: the second terminals 203 of mode are after obtaining operation requests, obtain and process and sending strategy, according to processing and sending strategy is processed the generating run request data package to operation requests, and according to process and sending strategy by the operation requests Packet Generation to authorization electronic signature token 204.
In addition, background system server 202 after the certifying signature packet passes through, executable operations request in the following way:
According to transfer, carry out the operation of transferring accounts;
According to the logistics solicited message, carry out logistics operation;
According to accessing request information, carry out the access rights setting operation; Perhaps
According to the request of obtaining, carry out transmit operation.
As can be seen here, adopt the treatment system of operation requests of the present invention, can examine with electronic form, in the time of convenient the use, also guaranteed fail safe and the non repudiation examined.
Certainly; in the treatment system of operation requests of the present invention; each device can be carried out associative operation by separately CPU or chip; each device can be divided the different operating that different modules completes; also can complete whole operations by a module; as long as adopted the solution of the present invention, realized purpose of the present invention, reach effect of the present invention and all should belong to protection scope of the present invention.
In flow chart or in this any process of otherwise describing or method, describe and can be understood to, expression comprises one or more module, fragment or part be used to the code of the executable instruction of the step that realizes specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although the above has illustrated and has described embodiments of the invention, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art is not in the situation that break away from principle of the present invention and aim can change above-described embodiment within the scope of the invention, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.
Claims (16)
1. the processing method of an operation requests, is characterized in that, comprising:
First terminal obtains content of operation;
Described first terminal obtains the operation requests generation strategy, and according to described operation requests generation strategy and the request of described content of operation generating run;
Described first terminal is sent to described background system server by described operation requests;
Described background system server, after obtaining described operation requests, is verified the legitimacy of described operation requests;
Described background system server, after the described operation requests of checking is legal, is sent to the second terminal by described operation requests;
Described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy by the operation requests Packet Generation to the authorization electronic signature token, wherein, described operation requests packet generates according to described request sending strategy and described operation requests;
Described authorization electronic signature token is pointed out described operation requests packet;
Described authorization electronic signature token confirmation of receipt instruction, and according to described confirmation instruction, described operation requests packet is signed, signature packet obtained;
Described authorization electronic signature token is sent to described the second terminal by described signature packet;
Described the second terminal by described signature packet and described operation requests Packet Generation to the background system server;
Described background system server is verified described signature packet;
Described background system server, after the described signature packet of checking is passed through, is carried out described operation requests according to described operation requests packet.
2. method according to claim 1, is characterized in that,
Described first terminal obtains the operation requests generation strategy, and comprises according to the step of described operation requests generation strategy and the request of described content of operation generating run:
Described first terminal obtains identification information and licencing key;
Described first terminal generates described operation requests according to described identification information, described licencing key and described content of operation;
Described background system server is after obtaining described operation requests, and the step of the legitimacy of the described operation requests of checking comprises:
Described background system server, after obtaining described operation requests, according to the correctness of the described licencing key of described identification information checking, if verify that described licencing key is correct, verifies that described operation requests is legal.
3. method according to claim 2, is characterized in that, described licencing key is dynamic password or static password.
4. method according to claim 1, is characterized in that,
Described first terminal obtains the operation requests generation strategy, and comprises according to the step of described operation requests generation strategy and the request of described content of operation generating run:
Described first terminal obtains identification information and signing messages, and wherein, described signing messages is to the acquisition of signing of described content of operation;
Described first terminal generates described operation requests according to described identification information, described signing messages and described content of operation;
Described background system server is after obtaining described operation requests, and the step of the legitimacy of the described operation requests of checking comprises:
Described background system server, after obtaining described operation requests, according to the correctness of described identification information and the described signing messages of described content of operation checking, if verify that described signing messages is correct, verifies that described operation requests is legal.
5. the described method of according to claim 1 to 4 any one, it is characterized in that, described the second terminal, after obtaining described operation requests, is obtained the request sending strategy, and according to the described request sending strategy, the step of operation requests Packet Generation to the authorization electronic signature token is comprised:
Described the second terminal, after obtaining described operation requests, is obtained forwarding strategy;
Described the second terminal is using described operation requests as the operation requests Packet Generation to the authorization electronic signature token.
6. the described method of according to claim 1 to 4 any one, it is characterized in that, described the second terminal, after obtaining described operation requests, is obtained the request sending strategy, and according to the described request sending strategy, the step of operation requests Packet Generation to the authorization electronic signature token is comprised:
Described the second terminal, after obtaining described operation requests, is obtained and is processed and sending strategy;
Described the second terminal is processed the generating run request data package according to described processing sending strategy to described operation requests, and according to described processing sending strategy by described operation requests Packet Generation to the authorization electronic signature token.
7. the described method of according to claim 1 to 6 any one, is characterized in that, described content of operation comprises:
Transfer, logistics solicited message, accessing request information or obtain solicited message.
8. method according to claim 7, is characterized in that, described background system server is after the described signature packet of checking is passed through, and the step of carrying out described operation requests according to described operation requests packet comprises:
Described background system server, after the described signature packet of checking is passed through, is carried out the described operation of transferring accounts according to described transfer;
Described background system server, after the described signature packet of checking is passed through, is carried out described logistics operation according to described logistics solicited message;
Described background system server, after the described signature packet of checking is passed through, is carried out the access rights setting operation according to described accessing request information; Perhaps
Described background system server, after the described signature packet of checking is passed through, is carried out transmit operation according to the described request of obtaining.
9. the treatment system of an operation requests, is characterized in that, comprising: first terminal, background system server, the second terminal and authorization electronic signature token; Wherein,
Described first terminal obtains content of operation, obtains the operation requests generation strategy, and according to described operation requests generation strategy and the request of described content of operation generating run, described operation requests is sent to described background system server;
Described background system server is after obtaining described operation requests, verify the legitimacy of described operation requests, after the described operation requests of checking is legal, described operation requests is sent to described the second terminal, signature packet is verified, after the described signature packet of checking is passed through, according to described operation requests packet, carry out described operation requests;
Described the second terminal is after obtaining described operation requests, obtain the request sending strategy, and according to the described request sending strategy by the operation requests Packet Generation to described authorization electronic signature token, wherein, described operation requests packet generates according to described request sending strategy and described operation requests, and by described signature packet and described operation requests Packet Generation to described background system server;
Described authorization electronic signature token is pointed out described operation requests packet, the confirmation of receipt instruction, and according to described confirmation instruction, described operation requests packet is signed, obtain signature packet, described signature packet is sent to described the second terminal.
10. system according to claim 9, is characterized in that,
Described first terminal obtains identification information and licencing key, according to described identification information, described licencing key and described content of operation, generates described operation requests;
Described background system server, after obtaining described operation requests, according to the correctness of the described licencing key of described identification information checking, if verify that described licencing key is correct, verifies that described operation requests is legal.
11. system according to claim 10, is characterized in that, described licencing key is dynamic password or static password.
12. system according to claim 9, is characterized in that,
Described first terminal obtains identification information and signing messages, and wherein, described signing messages, to the acquisition of signing of described content of operation, generates described operation requests according to described identification information, described signing messages and described content of operation;
Described background system server, after obtaining described operation requests, according to the correctness of described identification information and the described signing messages of described content of operation checking, if verify that described signing messages is correct, verifies that described operation requests is legal.
13. the described system of according to claim 9 to 12 any one, is characterized in that, described the second terminal, after obtaining described operation requests, is obtained forwarding strategy, using described operation requests as the operation requests Packet Generation to the authorization electronic signature token.
14. the described system of according to claim 9 to 12 any one, it is characterized in that, described the second terminal is after obtaining described operation requests, obtain and process and sending strategy, according to described processing sending strategy, described operation requests is processed to the generating run request data package, and according to described processing sending strategy by described operation requests Packet Generation to the authorization electronic signature token.
15. the described system of according to claim 9 to 14 any one, is characterized in that, described content of operation comprises:
Transfer, logistics solicited message, accessing request information or obtain solicited message.
16. system according to claim 15, is characterized in that,
Described background system server, after the described signature packet of checking is passed through, is carried out the described operation of transferring accounts according to described transfer;
Described background system server, after the described signature packet of checking is passed through, is carried out described logistics operation according to described logistics solicited message;
Described background system server, after the described signature packet of checking is passed through, is carried out the access rights setting operation according to described accessing request information; Perhaps
Described background system server, after the described signature packet of checking is passed through, is carried out transmit operation according to the described request of obtaining.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310294089.2A CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
PCT/CN2014/076443 WO2015003521A1 (en) | 2013-07-12 | 2014-04-29 | Operation request processing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310294089.2A CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103401844A true CN103401844A (en) | 2013-11-20 |
CN103401844B CN103401844B (en) | 2016-09-14 |
Family
ID=49565370
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310294089.2A Active CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103401844B (en) |
WO (1) | WO2015003521A1 (en) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103701782A (en) * | 2013-12-16 | 2014-04-02 | 天地融科技股份有限公司 | Data transmission method and system |
CN103716327A (en) * | 2014-01-03 | 2014-04-09 | 天地融科技股份有限公司 | Operation request processing method and system |
CN103944726A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Operation request processing system |
WO2015003521A1 (en) * | 2013-07-12 | 2015-01-15 | 天地融科技股份有限公司 | Operation request processing method and system |
CN104811309A (en) * | 2015-03-24 | 2015-07-29 | 天地融科技股份有限公司 | Method and system for using intelligent secret key device remotely |
CN105656850A (en) * | 2014-11-13 | 2016-06-08 | 腾讯数码(深圳)有限公司 | Data processing method, and related device and system |
CN105827405A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团陕西有限公司 | Remotely-controlled safety lock device and remote control method thereof |
CN103716327B (en) * | 2014-01-03 | 2016-11-30 | 天地融科技股份有限公司 | A kind of operation requests processing method and system |
CN106506496A (en) * | 2016-10-27 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | A kind of methods, devices and systems that withdraws the money without card |
CN108600218A (en) * | 2018-04-23 | 2018-09-28 | 捷德(中国)信息科技有限公司 | A kind of remote authorization system and remote-authorization method |
CN108763884A (en) * | 2018-04-18 | 2018-11-06 | Oppo广东移动通信有限公司 | Right management method, device, mobile terminal and storage medium |
CN108763892A (en) * | 2018-04-18 | 2018-11-06 | Oppo广东移动通信有限公司 | Right management method, device, mobile terminal and storage medium |
CN109474924A (en) * | 2017-09-07 | 2019-03-15 | 中兴通讯股份有限公司 | A kind of restoration methods, device, computer equipment and the storage medium of lock network file |
CN110278083A (en) * | 2018-03-16 | 2019-09-24 | 腾讯科技(深圳)有限公司 | ID authentication request treating method and apparatus, equipment replacement method and apparatus |
CN112184150A (en) * | 2020-09-17 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Multi-party approval method, device and system in data sharing exchange and electronic device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111609A1 (en) * | 2002-06-12 | 2004-06-10 | Tadashi Kaji | Authentication and authorization infrastructure system with CRL issuance notification function |
CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
CN102737313A (en) * | 2012-05-25 | 2012-10-17 | 天地融科技股份有限公司 | Method and system for authorizing verification on electronic signature tools and electronic signature tools |
CN102870132A (en) * | 2009-12-15 | 2013-01-09 | 艾菲尼迪公司 | Systems, apparatus, and methods for identity verification and funds transfer via payment proxy system |
CN103077460A (en) * | 2012-10-31 | 2013-05-01 | 中华电信股份有限公司 | System and method for financial certificate transaction by mobile device |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102496125A (en) * | 2011-12-21 | 2012-06-13 | 成都英黎科技有限公司 | Transferring method and system based on mobile terminal |
CN103401844B (en) * | 2013-07-12 | 2016-09-14 | 天地融科技股份有限公司 | The processing method of operation requests and system |
-
2013
- 2013-07-12 CN CN201310294089.2A patent/CN103401844B/en active Active
-
2014
- 2014-04-29 WO PCT/CN2014/076443 patent/WO2015003521A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111609A1 (en) * | 2002-06-12 | 2004-06-10 | Tadashi Kaji | Authentication and authorization infrastructure system with CRL issuance notification function |
CN102870132A (en) * | 2009-12-15 | 2013-01-09 | 艾菲尼迪公司 | Systems, apparatus, and methods for identity verification and funds transfer via payment proxy system |
CN102737313A (en) * | 2012-05-25 | 2012-10-17 | 天地融科技股份有限公司 | Method and system for authorizing verification on electronic signature tools and electronic signature tools |
CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
CN103077460A (en) * | 2012-10-31 | 2013-05-01 | 中华电信股份有限公司 | System and method for financial certificate transaction by mobile device |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015003521A1 (en) * | 2013-07-12 | 2015-01-15 | 天地融科技股份有限公司 | Operation request processing method and system |
CN103701782A (en) * | 2013-12-16 | 2014-04-02 | 天地融科技股份有限公司 | Data transmission method and system |
CN103716327B (en) * | 2014-01-03 | 2016-11-30 | 天地融科技股份有限公司 | A kind of operation requests processing method and system |
CN103716327A (en) * | 2014-01-03 | 2014-04-09 | 天地融科技股份有限公司 | Operation request processing method and system |
CN103944726A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Operation request processing system |
CN103944726B (en) * | 2014-04-25 | 2018-05-29 | 天地融科技股份有限公司 | Operation requests processing system |
CN105656850A (en) * | 2014-11-13 | 2016-06-08 | 腾讯数码(深圳)有限公司 | Data processing method, and related device and system |
CN105827405A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团陕西有限公司 | Remotely-controlled safety lock device and remote control method thereof |
CN104811309A (en) * | 2015-03-24 | 2015-07-29 | 天地融科技股份有限公司 | Method and system for using intelligent secret key device remotely |
CN104811309B (en) * | 2015-03-24 | 2018-07-17 | 天地融科技股份有限公司 | A kind of long-range method and system using intelligent cipher key equipment |
CN106506496A (en) * | 2016-10-27 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | A kind of methods, devices and systems that withdraws the money without card |
WO2018076443A1 (en) * | 2016-10-27 | 2018-05-03 | 宇龙计算机通信科技(深圳)有限公司 | Method, apparatus and system for cardless withdrawal |
CN109474924A (en) * | 2017-09-07 | 2019-03-15 | 中兴通讯股份有限公司 | A kind of restoration methods, device, computer equipment and the storage medium of lock network file |
CN110278083A (en) * | 2018-03-16 | 2019-09-24 | 腾讯科技(深圳)有限公司 | ID authentication request treating method and apparatus, equipment replacement method and apparatus |
CN110278083B (en) * | 2018-03-16 | 2021-11-30 | 腾讯科技(深圳)有限公司 | Identity authentication request processing method and device, and equipment resetting method and device |
CN114039734A (en) * | 2018-03-16 | 2022-02-11 | 腾讯科技(深圳)有限公司 | Device resetting method and device |
CN108763892A (en) * | 2018-04-18 | 2018-11-06 | Oppo广东移动通信有限公司 | Right management method, device, mobile terminal and storage medium |
CN108763884A (en) * | 2018-04-18 | 2018-11-06 | Oppo广东移动通信有限公司 | Right management method, device, mobile terminal and storage medium |
CN108763884B (en) * | 2018-04-18 | 2022-01-11 | Oppo广东移动通信有限公司 | Authority management method, device, mobile terminal and storage medium |
CN108600218A (en) * | 2018-04-23 | 2018-09-28 | 捷德(中国)信息科技有限公司 | A kind of remote authorization system and remote-authorization method |
CN108600218B (en) * | 2018-04-23 | 2020-12-29 | 捷德(中国)科技有限公司 | Remote authorization system and remote authorization method |
CN112184150A (en) * | 2020-09-17 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Multi-party approval method, device and system in data sharing exchange and electronic device |
Also Published As
Publication number | Publication date |
---|---|
WO2015003521A1 (en) | 2015-01-15 |
CN103401844B (en) | 2016-09-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11276051B2 (en) | Systems and methods for convenient and secure mobile transactions | |
CN103401844A (en) | Operation request processing method and system | |
CN106656488B (en) | Key downloading method and device for POS terminal | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
US8433914B1 (en) | Multi-channel transaction signing | |
WO2015161699A1 (en) | Secure data interaction method and system | |
CN103532719B (en) | Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request | |
CN103326862B (en) | Electronically signing method and system | |
US20150372813A1 (en) | System and method for generating a random number | |
CN104243451A (en) | Information interaction method and system and smart key equipment | |
WO2015161690A1 (en) | Secure data interaction method and system | |
CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
CN103107996A (en) | On-line download method and system of digital certificate and digital certificate issuing platform | |
CN103136664A (en) | Trading system and trading method of smart card with electronic signature function | |
US20210058252A1 (en) | Electronic device and method, performed by electronic device, of transmitting control command to target device | |
KR20120108599A (en) | Credit card payment service using online credit card payment device | |
CN112055019B (en) | Method for establishing communication channel and user terminal | |
CN106027250A (en) | Identity card information safety transmission method and system | |
CN103684797A (en) | Subscriber and subscriber terminal equipment correlation authentication method and system | |
US20240187236A1 (en) | Secure management of accounts on display devices using a contactless card | |
EP2948893A1 (en) | Automated content signing for point-of-sale applications in fuel dispensing environments | |
CN103136667B (en) | There is the smart card of electronic signature functionality, smart card transaction system and method | |
JP7275186B2 (en) | Touchless PIN input method and touchless PIN input system | |
JP6501813B2 (en) | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM | |
KR20110005611A (en) | System and method for managing otp using user's media, otp device and recording medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1190523 Country of ref document: HK |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1190523 Country of ref document: HK |