CN103546496A - Financial union cloud service platform - Google Patents
Financial union cloud service platform Download PDFInfo
- Publication number
- CN103546496A CN103546496A CN201210235877.XA CN201210235877A CN103546496A CN 103546496 A CN103546496 A CN 103546496A CN 201210235877 A CN201210235877 A CN 201210235877A CN 103546496 A CN103546496 A CN 103546496A
- Authority
- CN
- China
- Prior art keywords
- service platform
- cloud service
- financial
- alliance
- financial alliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a financial union cloud service platform. The financial union cloud service platform is characterized in that an only-true identity certification system of a billion-level certification scale is established through a combined public key and dynamic password technology, and self-certificating electronic identification of uniqueness and certification of all the people and things in the world can be provided. The core technology problem of an information security management system is solved accordingly, and a solid and credible security base is laid for electronic commerce. A user accesses to the financial union cloud service platform securely through network cloud, the amount of electronic certificates issued from the financial union cloud service platform is ten billion times of that of a conventional CA (certificate authority) certification system, while system investment and operating cost are only less than one tenth of those of a same-scaled CA. Therefore, the financial union cloud service platform has incomparable technical advantages and cost advantages in the field of the electronic certification. The invention further discloses an identity-certification based small and medium-sized financial institution safety integrated service platform, an identity-certification based mobile banking general service platform and an identity-certification based general card service system.
Description
Technical field
The present invention relates to a kind of financial alliance cloud service platform for financial safety of cloud service access.
Background technology
Financial service is the important application that people's daily life needs, common financial service need to be arrived sales counter and be handled, on mobile terminal, lack security means, under the Distance Network Environment of untrusted, easily invaded existing financial service core system cannot solve accessing safely and service problem of numerous environment comprehensively, by ID authentication and financial service trustship, with secure cloud service form, solve problems such as improving efficiency of service and supervision and fail safe, if having special-purpose HSD to be difficult to solve identity, do not differentiate validity problem.If by safe smart electronics key and server proxy cluster, by authentication and rights management, just can realize preferably financial service and supervision.
Summary of the invention
The present invention has overcome the shortcoming of prior art, a kind of financial alliance cloud service platform is provided, it is characterized in that, described financial alliance cloud service platform is cross-terminal, across Institution Services, the original financial business core system trustship of Ji Ge mechanism is on financial alliance cloud service platform, user can use diverse network terminal to access by safety, do not changing on the basis of original operation system, preposition by ID authentication and safety switching, remote secure access originally can only be in the financial business core system of local IP access, common features due to financial business core system, the financial service that provides specialty to ensure on financial alliance cloud service platform, can reduce repeated construction, improve efficiency of service and fail safe, described ID authentication adopts Conbined public or double key to be combined with dynamic password technology, can adapt to diverse network terminal, described Conbined public or double key refers to the characteristic of utilizing elliptic curve key to superpose, by constructing the thousands of groups of elliptic curve keys pair that fail safe is good, through combination, just can realize 10,000,000,000 grades and the elliptic curve key pair unique correspondence of user ID, described dynamic password technology refers to the unique string number that uses mobile device, the common computing of dynamic synchronization code that the personal identification number that user establishes certainly and financial alliance cloud service platform provide, makes mobile device to form and to have the dynamic security of different authentication codes to connect at every turn from financial alliance cloud service platform.Described financial alliance cloud service platform Service Source is present in a plurality of server clusters available on network with distribution form, and each server cluster carries out the standby and load balancing of the distribution adjustment of resource storage, synchronous, long-range calamity by financial alliance cloud service platform.
Through thousands of each private keys to initial key centering of selecting, be called private key factor, all private key factors form private key factor combination, and the confidentiality of private key factor combination is the key of Conbined public or double key technical security reliability.Due to concerning elliptic curve cipher system, only know PKI (factor) rG, it is extremely difficult obtaining corresponding private key (factor) r.So it is infeasible attempting to go out by shared key factor backstepping the attack method of corresponding private key factor.
On the other hand, by grasping a plurality of users' private key, the method that the group that establishes an equation solves private key factor set is also infeasible.
Hypothesize attack person has obtained two users' private key SKa, SKb, and hypothesis is in the n layer mapping corresponding with these two users, only has the wherein mapping value difference of one deck, and other mapping value are all identical.(SKa-SKb) can eliminate the impact of the private key factor that n-1 is identical so, but obtain be still the poor of two different private key factors rather than private key factor itself.Institute in this way also cannot expose private key factor, and private key factor set remains safe.
When private key factor set and shared key factor set are divided into 16 * 64=1024, memory space is 1K key, by the multinomial that the cryptographic Hash of user ID is formed, divides while being expressed as 64 coordinate parameters, and combination key amount can reach 16 64 powers.
Described financial alliance cloud service platform, it is characterized in that, the technology of described cross-terminal service realizes by TCP/IP, UDP, P2P and NAT through-transmission technique, on the network terminal that user uses, need to install specific client software, the cross-terminal that can use financial alliance cloud service platform to provide by network is served, and carries out data sharing and transfer of data relay and acceleration with other network terminal that is connected to financial alliance cloud service platform.
Described financial alliance cloud service platform, it is characterized in that, the technology of described cross-terminal service is that the Webpage technology by HTML5 realizes, as long as the web browser of supporting HTML5 is installed on the network terminal that user uses, just can conducts interviews and use interactive services.
Described financial alliance cloud service platform, is characterized in that, for resource, the form with safe and intelligent cloud is deployed in server cluster available on network described financial alliance cloud service platform calamity; Described safe and intelligent cloud is the distinctive a kind of method of servicing of financial alliance cloud service platform, in order to prevent that joint efficiency is low and to take main bandwidth resources, and adopt efficient, controlled, layering P2P transmission method, comprise step: safe and intelligent cloud is divided into the file server of storing and file being provided, realize the master index server of customer account management and search, the fileinfo that has file server on described index server, keeps synchronizeing renewal with file server; Index server is that client node distributes subnet, only the client node in same subnet just can mutual data transmission, in each subnet, has a file server at least, file server is equivalent to subfile server, only serves the client node in other subfile server and place subnet; For the new backup file also not having in subnet, client node is at first only directly to obtain needed file from file server, when index server searches can provide the destination node of this document, only in the client node through the legal acquisition this document of present networks or file server, search for.
Described financial alliance cloud service platform, is characterized in that, described financial alliance cloud service platform is according to the uplink and downlink data traffic of each client node, and transfer of data is adjusted in equilibrium.
Described financial alliance cloud service platform; it is characterized in that, the data of all transmission are encrypted enciphered datas, and ciphering process has user ID, random number, dynamic key; participate in cryptographic calculation with system time, and have initiator's elliptic curve private key signature to protect.
Described financial alliance cloud service platform, is characterized in that, described financial alliance cloud service platform, when connecting and/or transmit data, be differentiated by ID authentication the identity of client node.
Described financial alliance cloud service platform, is characterized in that, the identity of authentication client node by with the realizing alternately of tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, described tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key be at least provided with one can not complete copy security component.
Described financial alliance cloud service platform, it is characterized in that, user logins the maintaining-managing system of financial alliance cloud service platform by tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, can setting and modifying, activate or forbid having authority, the term of validity, function and the personal identification number of the mobile device of unique string number, data write in the cloud database on tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key and backstage.
Described financial alliance cloud service platform, is characterized in that, described ID authentication also possesses sign and can infinitely superpose, and can authenticate the function of each transmission node, realizes P2PE, the P2P function of tape identification authentication; Can also realize user on the basis of principal mark knowledge, the multiple identities of realizing according to the combination of the son sign of different suffix or son sign application identity discriminating under varying environment, different rights.
Embodiment
Financial alliance of the present invention cloud service platform, headed by specific implementation method, set up before this cloud platform and database, Ji Yuge financial institution or local settlement center combine and set up server cluster and network data base, personnel and tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key that each need to be participated in to financial service are set up corresponding relation, the unique corresponding tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key of each user.In tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, storing user's name, identification card number, account, address, the essential informations such as phone number with background data base simultaneously.Wherein, the information of phone number for reporting.If lost the situation that change appears in tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key or phone number, can handle and report the loss and change formality in local financial institution, again get tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key and change phone number.Data in tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key while getting are as the criterion with back-end data stock shelves.
Next is service, user accesses safely financial alliance cloud service platform by the network terminal, and the computer of connecting Internet of take is example, and user need to first insert tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, carry out the ID authentication based on hardware security computing, just can carry out telecommunication network security service.The mobile phone that connects wireless network of take is example, now cannot connect tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, the maintaining-managing system that will access on the computer of connecting Internet by tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key in advance, unique string number of input handset, set own personal identification number and fetch the synchronous initial code that financial alliance cloud service platform issues, then with regard to available handsets, login financial alliance cloud service platform, input personal identification number and synchronous initial code, activate, just by dynamic security, connect later, make financial alliance cloud service platform can identify the mobile phone that this sets, finance alliance cloud service platform will pass through agency mechanism, after safety identification mobile phone, replace user carry out ID authentication and transfer safely preposition, safety enters operation system.
Difficulty and the cost of bootlegging have so greatly been improved, unique string number due to manufacturer's support equipment of the mobile phone brand of appointment, it is very difficult wanting to copy mobile phone string number, financial alliance cloud service platform is at every turn because the connect hours is different in addition, or all can Regeneration dynamics synchronous code after successfully connecting, other equipment normally not connecting cannot be copied, the personal identification number that also has user to set is not stored, be at every turn by with string number, the cryptographic Hash of dynamic synchronization code and random number and cryptographic calculation carry out dynamically connecting, and access times, the term of validity, function and capital rationing are all limited in advance by user.
Embodiment 1 (the small-and medium-sized financial institutions safety comprehensive service platform based on ID authentication)
Small-and medium-sized financial institutions safety comprehensive service platform based on ID authentication of the present invention, for cross-terminal distributed network, adopts described financial alliance cloud service platform, provides core system trustship and calamity standby.Aspect core system, no matter user, by ID authentication secure log financial services system, is that staff or client can both carry out safety operation and access.Its function is electronic facility and the software systems of the core business system of 1500 small-and medium-sized financial institutions of trustship (containing tens thousand of business sites and more than one hundred million client).
Calamity for aspect, on the one hand by the existing file generated dynamic index catalogue constantly refreshing, offer user access, and sort according to user's access situation, to reduce user's trans-regional access, on the other hand user's file of preliminary election in catalogue to be added up, comprehensive preliminary election sequence situation and access sequence situation are carried out file update, to central store server, send file and download application, downloaded rear automatic renewal index list.Between the described webserver and each user, and between each user and other user, the method for transfer of data adopts manageable distributed transmission method, be that service end is managed each network terminal both from server or other network terminal reception data, also manage each network terminal and send data to server or other network terminal.
The described webserver can be made central server, also can do Edge Server, also adopts manageable distributed transmission method between each server.
Embodiment 2 (the Mobile banking's generic service platform based on ID authentication)
Mobile banking's generic service platform based on ID authentication of the present invention is used for across Distribution of Institutions formula network, adopt described financial alliance cloud service platform, on the basis of financial alliance cloud service platform, for financial institution and the client of trustship provides single-point access service, mobile phone can be connected with appointed bank, become individual swipe the card application facility and self-help bank, and user's interlock account all can be unified to safety management.
Embodiment 3 (the GE Capital card service system based on ID authentication)
GE Capital card service system based on ID authentication of the present invention is used for across Distribution of Institutions formula network, adopt described financial alliance cloud service platform, on the basis of financial alliance cloud service platform, for financial institution and the client of trustship provides the service of GE Capital card, realization can realize cross-domain authentication and have high security and the fiscard of versatility, PSAM card and service system between commercial network and banking system.Because another packing forms of tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key is exactly smart card, can directly as fiscard, use, for ensureing versatility, ID authentication function is standard (the Chinese PBOC of being at fiscard, Europe is EMV) on realize one, apply more, the PSAM card of the ID authentication function of simultaneously having upgraded, the SAM card of replacing in existing ATM and POS machine just can be realized compatible and upgrading.Financial alliance cloud service platform has been expanded application scenario and the scope of fiscard by ID authentication simultaneously.Described fiscard by card reader or USB interface, connects computer log finance alliance cloud service platform, just can as tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, enter maintaining-managing system, carry out mobile device mandate, change, activate or forbid.
Claims (10)
1. a financial alliance cloud service platform, it is characterized in that, described financial alliance cloud service platform is cross-terminal, across Institution Services, the original financial business core system trustship of Ji Ge mechanism is on financial alliance cloud service platform, user can use diverse network terminal to access by safety, do not changing on the basis of original operation system, preposition by ID authentication and safety switching, remote secure access originally can only be in the financial business core system of local IP access, common features due to financial business core system, the financial service that provides specialty to ensure on financial alliance cloud service platform, can reduce repeated construction, improve efficiency of service and fail safe, described ID authentication adopts Conbined public or double key to be combined with dynamic password technology, can adapt to diverse network terminal, described Conbined public or double key refers to the characteristic of utilizing elliptic curve key to superpose, by constructing the thousands of groups of elliptic curve keys pair that fail safe is good, through combination, just can realize 10,000,000,000 grades and the elliptic curve key pair unique correspondence of user ID, described dynamic password technology refers to the unique string number that uses mobile device, the common computing of dynamic synchronization code that the personal identification number that user establishes certainly and financial alliance cloud service platform provide, makes mobile device to form and to have the dynamic security of different authentication codes to connect at every turn from financial alliance cloud service platform.Described financial alliance cloud service platform Service Source is present in a plurality of server clusters available on network with distribution form, and each server cluster carries out the standby and load balancing of the distribution adjustment of resource storage, synchronous, long-range calamity by financial alliance cloud service platform.
2. according to the financial alliance cloud service platform described in claim 1, it is characterized in that, the technology of described cross-terminal service realizes by TCP/IP, UDP, P2P and NAT through-transmission technique, on the network terminal that user uses, need to install specific client software, the cross-terminal that can use financial alliance cloud service platform to provide by network is served, and carries out data sharing and transfer of data relay and acceleration with other network terminal that is connected to financial alliance cloud service platform.
3. according to the financial alliance cloud service platform described in claim 1, it is characterized in that, the technology of described cross-terminal service is that the Webpage technology by HTML5 realizes, as long as the web browser of supporting HTML5 is installed on the network terminal that user uses, just can conducts interviews and use interactive services.
4. according to arbitrary described financial alliance cloud service platform in claim 2 or 3, it is characterized in that, for resource, the form with safe and intelligent cloud is deployed in server cluster available on network described financial alliance cloud service platform calamity; Described safe and intelligent cloud is the distinctive a kind of method of servicing of financial alliance cloud service platform, in order to prevent that joint efficiency is low and to take main bandwidth resources, and adopt efficient, controlled, layering P2P transmission method, comprise step: safe and intelligent cloud is divided into the file server of storing and file being provided, realize the master index server of customer account management and search, the fileinfo that has file server on described index server, keeps synchronizeing renewal with file server; Index server is that client node distributes subnet, only the client node in same subnet just can mutual data transmission, in each subnet, has a file server at least, file server is equivalent to subfile server, only serves the client node in other subfile server and place subnet; For the new backup file also not having in subnet, client node is at first only directly to obtain needed file from file server, when index server searches can provide the destination node of this document, only in the client node through the legal acquisition this document of present networks or file server, search for.
5. according to the financial alliance cloud service platform described in claim 4, it is characterized in that, described financial alliance cloud service platform is according to the uplink and downlink data traffic of each client node, and transfer of data is adjusted in equilibrium.
6. according to the financial alliance cloud service platform described in claim 5; it is characterized in that; the data of all transmission are encrypted enciphered datas; ciphering process has user ID, random number, dynamic key; participate in cryptographic calculation with system time, and have initiator's elliptic curve private key signature to protect.
7. according to the financial alliance cloud service platform described in claim 6, it is characterized in that, described financial alliance cloud service platform, when connecting and/or transmit data, be differentiated by ID authentication the identity of client node.
8. according to the financial alliance cloud service platform described in claim 7, it is characterized in that, the identity of authentication client node by with the realizing alternately of tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, described tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key be at least provided with one can not complete copy security component.
9. the financial alliance cloud service platform described according to Claim 8, it is characterized in that, user logins the maintaining-managing system of financial alliance cloud service platform by tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key, can setting and modifying, activate or forbid having authority, the term of validity, function and the personal identification number of the mobile device of unique string number, data write in the cloud database on tiger-shaped tally issued to generals as imperial authorization for loop movement in ancient China token electron key and backstage.
10. according to the financial alliance cloud service platform described in claim 9, it is characterized in that, described ID authentication also possesses sign and can infinitely superpose, and can authenticate the function of each transmission node, realizes P2PE, the P2P function of tape identification authentication; Can also realize user on the basis of principal mark knowledge, the multiple identities of realizing according to the combination of the son sign of different suffix or son sign application identity discriminating under varying environment, different rights.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210235877.XA CN103546496A (en) | 2012-07-10 | 2012-07-10 | Financial union cloud service platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210235877.XA CN103546496A (en) | 2012-07-10 | 2012-07-10 | Financial union cloud service platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103546496A true CN103546496A (en) | 2014-01-29 |
Family
ID=49969543
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210235877.XA Pending CN103546496A (en) | 2012-07-10 | 2012-07-10 | Financial union cloud service platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103546496A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577683A (en) * | 2016-01-19 | 2016-05-11 | 成都陌云科技有限公司 | E-commerce website data processing method |
| CN106254315A (en) * | 2016-07-19 | 2016-12-21 | 青松智慧(北京)科技有限公司 | Cloud security operation system cut-in method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212646A (en) * | 2006-12-31 | 2008-07-02 | 中国科学院声学研究所 | System and method for implementing video-on-demand with peer-to-peer network technique |
| CN101958793A (en) * | 2010-03-03 | 2011-01-26 | 北京唐朝科技股份有限公司 | Double public key cryptograph identity identification, secrete key verification and digital signing integrated solution |
| CN102034178A (en) * | 2009-09-29 | 2011-04-27 | 上海艾融信息科技有限公司 | Cross-mechanism online payment method, system and device |
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
| CN103428234A (en) * | 2012-05-17 | 2013-12-04 | 无锡睿驰美迪科技有限公司 | Education cloud computing platform |
-
2012
- 2012-07-10 CN CN201210235877.XA patent/CN103546496A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212646A (en) * | 2006-12-31 | 2008-07-02 | 中国科学院声学研究所 | System and method for implementing video-on-demand with peer-to-peer network technique |
| CN102034178A (en) * | 2009-09-29 | 2011-04-27 | 上海艾融信息科技有限公司 | Cross-mechanism online payment method, system and device |
| CN101958793A (en) * | 2010-03-03 | 2011-01-26 | 北京唐朝科技股份有限公司 | Double public key cryptograph identity identification, secrete key verification and digital signing integrated solution |
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
| CN103428234A (en) * | 2012-05-17 | 2013-12-04 | 无锡睿驰美迪科技有限公司 | Education cloud computing platform |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105577683A (en) * | 2016-01-19 | 2016-05-11 | 成都陌云科技有限公司 | E-commerce website data processing method |
| CN105577683B (en) * | 2016-01-19 | 2018-08-03 | 成都陌云科技有限公司 | Electric business website data processing method |
| CN106254315A (en) * | 2016-07-19 | 2016-12-21 | 青松智慧(北京)科技有限公司 | Cloud security operation system cut-in method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109302415B (en) | A kind of authentication method, block chain node and storage medium | |
| EP3255832B1 (en) | Dynamic encryption method, terminal and server | |
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| CN1323508C (en) | A Single Sign On method based on digital certificate | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN102420690B (en) | Fusion and authentication method and system of identity and authority in industrial control system | |
| CN102946603B (en) | Based on the unified identity authentication method of social characteristic in power cloud system | |
| EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
| CN108270551B (en) | Security service construction system on block chain | |
| US9614847B2 (en) | User authentication | |
| CN101594232B (en) | Authentication method for dynamic password, system and corresponding authentication device | |
| US20100186075A1 (en) | Method and system for accessing devices in a secure manner | |
| CN103581108A (en) | Login authentication method, login authentication client, login authentication server and login authentication system | |
| CN101527634B (en) | System and method for binding account information with certificates | |
| CN108022100B (en) | Cross authentication system and method based on block chain technology | |
| CA2944047A1 (en) | User authentication | |
| CN113079215B (en) | Block chain-based wireless security access method for power distribution Internet of things | |
| CN109067785A (en) | Cluster authentication method, device | |
| CN104079413A (en) | Enhancement type one-time dynamic password authentication method and system | |
| CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
| CN102377573A (en) | Double-factor authentication method capable of securely updating password | |
| Li et al. | Improvement Method of SSL Protocol Identity Authentication based on the Attribute Certificate | |
| CN103178969A (en) | Service authentication method and system | |
| CN110505184B (en) | Enterprise network disk safe login authentication system and method | |
| CN103546496A (en) | Financial union cloud service platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140129 |