CN104361489A - Sensitive information identification system and sensitive information identification method - Google Patents
Sensitive information identification system and sensitive information identification method Download PDFInfo
- Publication number
- CN104361489A CN104361489A CN201410609081.5A CN201410609081A CN104361489A CN 104361489 A CN104361489 A CN 104361489A CN 201410609081 A CN201410609081 A CN 201410609081A CN 104361489 A CN104361489 A CN 104361489A
- Authority
- CN
- China
- Prior art keywords
- platform
- transaction
- sensitive information
- information
- payment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
- G06Q20/027—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the field of information security, in particular to an information identification system and an information identification method. The information identification system comprises transaction platforms, a gateway, a payment platform, a secret key management platform, a first FPE (format preserving encryption) encryptor and a second FPE encryptor, wherein each transaction platform is used for acquiring sensitive information and generating and sending a transaction request, the gateway is connected with the transaction platforms and used for providing an access port for the transaction platforms, the payment platform is connected with the gateway and used for achieving payment for the transaction request, the secret key management platform is connected with the payment platform and used for managing and assigning secret key information of the transaction platforms, the first FPE encryptor is connected with the gateway and used for achieving identification of the sensitive information in the transaction request, and the second FPE encryptor is connected with the secret key management platform and used for decrypting the sensitive information subjected to identification. The information identification system centers on the secret key management platform, secret keys are distributed to each transaction platform, and the sensitive information is encrypted by FPE, so that no change on data length during sensitive information transmission is guaranteed, and security of the sensitive information is ensured.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of mark system and method thereof of information.
Background technology
Along with the develop rapidly of computer technology and network technology, the safety problem of database information is day by day serious, as the leakage event of a large amount of sensitive informations that China Internet at the end of 2011 occurs, its underlying cause is just that these information store mainly with plaintext version, there is great potential safety hazard.
Especially current, online payment universal, it is as the basis of ecommerce, and the generally application of E-Payment has promoted the fast development of ecommerce, but in whole payment process, also bring the personal sensitive information particularly problem revealed of bank card information.
In actual applications, the sensitive data such as credit number, identification card number is encrypted very necessary, but uses legacy packets password usually growth data, data length and type are changed, need Update Table library structure or application program to adapt to these changes, cost is very high; In addition, in traditional message identification method centered by password manager, this needs to set up the password server concentrated, and adopt to concentrate and dispose, buying relevant device, drops into a large amount of costs.
Summary of the invention
Can expand data for traditional block cipher, it is the problem that data length and type change, the present invention is centered by key management platform, each transaction platform is given by key distribution, use FPE to be encrypted sensitive information simultaneously, ensure that sensitive information data length in transmitting procedure does not change, ensure that the safety of sensitive information simultaneously.
The mark system and method for sensitive information provided by the invention, technical scheme is as follows:
A mark system for sensitive information, comprising:
Transaction platform, gateway, payment platform, key management platform, a FPE (Format PreservingEncryption, form retains encryption) encryption equipment, and the 2nd FPE encryption equipment, wherein,
Described transaction platform, for obtaining described sensitive information, being formed simultaneously and concurrently sending transaction request;
Described gateway, is connected with described transaction platform, provides access port for described transaction platform accesses described payment platform;
Described payment platform, is connected with described gateway, for realizing the payment of described transaction request;
Described key management platform, is connected with described payment platform, manages and distribute the key information of described transaction platform;
A described FPE encryption equipment, is connected with described gateway, for realizing the mark of the sensitive information in described transaction request;
Described 2nd FPE encryption equipment, is connected with described key management platform, for realizing the deciphering of the sensitive information after markization.
Form retains a kind of symmetric cryptography of ciphering type, requires ciphertext and expressly has identical form.Form for database sensitive information retains encryption, needs to ensure that ciphertext meets the constraint of database for data layout, mainly comprises: data can not be expanded, and namely when encrypting N position digital, must export another one N bit digital; Data type can not be changed; Data must be able to be encrypted by determinacy, for the data as major key or index field in database, using the row that are retained its place feature as major key or index after it is encrypted; And encryption process is reversible.
Preferably, described gateway is the payment gateway of described transaction platform or the online gateway of described payment platform.
Gateway (Gateway) is also known as gateway, protocol converter.Gateway realizes network interconnection more than network layer, is the most complicated network interconnection apparatus, network interconnection, only for network interconnection that two upper-layer protocols are different.Gateway both may be used for wide area network interconnection, also may be used for local area network interconnection.Gateway is a kind of computer system or equipment of serving as conversion important task.Using different communication protocol, data layout or language, even between the diverse two kinds of systems of architecture, gateway is a translater.Just convey a message different simply from bridge, gateway will be repacked the information received, with the demand of adaptation to end system.
Gateway is in fact the IP address that a network leads to other networks.Ratio is if any network A and network B, and the IP address range of network A is " 192.168.1.1 ~ 192.168.1.254 ", and subnet mask is 255.255.255.0; The IP address range of network B is " 192.168.2.1 ~ 192.168.2.254 ", and subnet mask is 255.255.255.0.When there is no router, tcp/ip communication can not be carried out between two networks, even two networks are connected on same switch (or hub), the main frame that ICP/IP protocol also can judge in two networks according to subnet mask (255.255.255.0) is in different networks.And the communication that will realize between these two networks, then must pass through gateway.If the destination host of the detecting host packet in network A is not in the home network, just packet is transmitted to its gateway, again by gateway forwards to the gateway of network B, the gateway of network B is transmitted to certain main frame (as shown in drawings) of network B again.Network A is to the process of network B forwarding data bag.
Thus, only set the IP address of gateway, ICP/IP protocol could realize the intercommunication mutually between heterogeneous networks.Does is so this IP address the IP address of which platform machine? the IP address of gateway is the IP address of the equipment with routing function, and the equipment with routing function has router, enable the server of Routing Protocol (being equivalent in fact a router), proxy server (being also equivalent to a router).
In the context with the interactive operation of Novell netware network, between SMB (SMB) agreement that gateway uses in window networking and the NetWare core protocol (NCP) that netware network uses, play bridge beam action.Gateway is also referred to as ip router.
Preferably, described sensitive information comprise for unique identification user information and pay card number.
A mark method for sensitive information, is applied to the mark system of above-mentioned sensitive information, it is characterized in that, comprise the following steps:
Transaction platform described in S1 obtains described sensitive information, is formed and sends described transaction request;
Gateway described in S2 receives described payment request, described payment request is sent to a described FPE encryption equipment simultaneously;
A FPE encryption equipment described in S3 realizes the mark of the described described sensitive information paid in request, forms new transaction request;
Payment platform described in S4 obtains described new transaction request, sends the request to described key management platform simultaneously;
Described payment request is newly sent to described 2nd EPF encryption equipment and is decrypted by key management platform described in S5;
S6 sends the transaction that described decryption information to described payment platform realizes described transaction request.
Preferably, it is characterized in that: before the transaction realizing described transaction platform, described transaction platform is registered in described mark system, and obtains encryption key and the initial vector of the transmission of described key management platform, completes the registration of described transaction platform; And described initial vector is stored, decruption key, FPE encryption key, and data layout in a described FPE encryption equipment; The ciphertext of the described sensitive information associated with described transaction platform log-on message is stored, described initial vector, and described data layout in key management platform.
Particularly, between easy platform and a FPE encryption equipment, communication will be transmitted through public network, so adopted asymmetric arithmetic encryption, first transaction request uses public-key encryption, i.e. above-mentioned encryption key in transaction platform, and it is formed in the process of transaction platform registration; In a FPE encryption equipment, go deciphering by the private key of transaction platform subsequently, the decruption key namely in an above-mentioned FPE encryption equipment, with FPE encryption key, the information decrypted is encrypted with markization encryption algorithm F PE again.
Preferably, specifically comprise in step sl:
Transaction platform described in S11 obtains the Transaction Information comprising described sensitive information, forms described transaction request;
The encryption that S12 uses described encryption key to realize described transaction request in transaction platform generates enciphered message;
Described enciphered message sends out by transaction platform described in S13.
Preferably, described transaction request comprises described sensitive information and described transaction platform log-on message.
Preferably, specifically comprise in step s3:
Described in S31, a FPE encryption equipment receives described enciphered message;
Described in S32, a FPE encryption equipment uses described decruption key and initial vector to realize the deciphering of described enciphered message, obtains described sensitive information;
Described in S33, a FPE encryption equipment uses described initial vector, described FPE encryption key, and described data layout realizes the markization formation ciphertext of described sensitive information, forms new transaction request simultaneously;
Described in S34, described transaction request sends by a FPE encryption equipment.
Preferably, specifically comprise in step s 5:
Key management platform described in S51 obtains the described initial vector associated with described ciphertext, described data layout according to the described cipher-text information received, and is stored in the cipher-text information in described key management platform;
Described in S52, the cipher-text information receiving described cipher-text information and storage is compared by key management platform, realizes the confirmation of described cipher-text information;
If S53 comparison success, then described key management platform is by described initial vector and described data layout, and the described ciphertext received is sent to described 2nd FPE encryption equipment together;
The deciphering that 2nd FPE encryption equipment described in S53 realizes described ciphertext obtains sensitive information;
Described in S54, described sensitive information is sent to described payment platform by the 2nd FPE encryption equipment, realizes the payment of described transaction request.
The mark system and method for sensitive information provided by the invention, its beneficial effect is:
1. use FPE to be encrypted sensitive information in the mark system of sensitive information of the present invention, ensured that the data length of sensitive information in whole communication process does not change, ensure that the safety of sensitive information simultaneously; And in the present invention, as long as according to encryption key and initial vector, the encryption of sensitive information can be realized, generate password information, guarantee generate password information unique correspond to transaction platform;
2. in the present invention centered by key management platform, give each transaction platform by delivering key, each transaction platform uses FPE to encrypt corresponding sensitive information, and the distribution realizing system is arranged, compared to traditional system, while change is less, reach the lower effect of cost.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail:
Fig. 1 is the structural representation of the mark system of sensitive information in the present invention;
Fig. 2 is the schematic flow sheet of the mark method of sensitive information in the present invention.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below in conjunction with drawings and Examples, the present invention is specifically described.Accompanying drawing in the following describes is only some embodiments of the present invention.For those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
As shown in Figure 1, the invention provides a kind of mark system of sensitive information, specifically comprise: transaction platform, gateway, payment platform, key management platform, a FPE encryption equipment, and the 2nd FPE encryption equipment.
Particularly, transaction platform, for obtaining sensitive information, being formed simultaneously and concurrently sending transaction request.In actual applications, transaction platform comprises electric business's platform, as Jingdone district, Taobao, and Suning etc.And transaction platform is before use system of the present invention is concluded the business, to register in key management platform, the information of registration comprises: name of firm, organize structure code, legal person's certificate and contact method etc., then key management platform be transaction platform distribute encryption encryption key and initial vector, simultaneously by the association store of the information such as transaction platform and initial vector at key management platform.Further, the encryption key in transaction platform, if transaction can ask to regularly replace.Especially, the present invention is to the concrete form of transaction platform, and the concrete form of transaction platform log-on message is all not specifically limited, as long as it can realize object of the present invention, is all included in content of the present invention.
Further, in order to ensure the security performance of information in transmitting procedure, in the process of transaction platform registration, key management platform also can distribute safe control accordingly to certificate used during data encryption.Especially, between transaction platform and a FPE encryption equipment, communication will be transmitted through public network, so adopted asymmetric arithmetic encryption, transaction platform carries out at key management platform generating PKI and private key in the process registered, wherein, PKI is for encrypting the transaction request in transaction platform, and PKI packing simultaneously enters safe control; Private key is used for decrypted private key and is stored in a FPE encryption equipment.
Gateway, is connected with transaction platform, for transaction platform access payment platform provides access port.Further, in the present invention, gateway is the payment gateway of transaction platform or the online gateway of payment platform, i.e. system provided by the invention, include two kinds of modes of payments, namely user can select by using the payment gateway of transaction platform and payment platform to communicate to connect, and also can select to be communicated to connect by the online gateway of payment platform and payment platform.Particularly, the online gateway of payment platform comprise Unionpay or bank at first payment gateway; The payment gateway of transaction platform, Ke Yishi, as Alipay etc.
Payment platform, is connected with gateway, for realizing the payment of transaction request, namely realizes the clearance of the request that pays.Particularly, the payment platform in the present invention comprises the system for settling account of bank, namely receives the transaction request that transaction platform sends, and comprises the information realization clearance process such as dealing money, transaction card number.
Key management platform, is connected with payment platform, the key information of management and dispensing transaction platform.In actual applications, except being in charge of and distributing key information, the maintenance of key is also comprised.The encryption key that store transaction platform log-on message is associated, the ciphertext of sensitive information, initial vector, the information such as certificate.Especially, in the present invention, the key being distributed to each transaction platform in key management platform is the random number produced by hardware such as encryption equipments, certainly, the generation form of the present invention to FPE encryption key does not limit, as long as it can realize object of the present invention, is all included in content of the present invention.
One FPE encryption equipment, is connected with gateway, for realizing the mark of the sensitive information in transaction request.In actual applications, before the use, in the initialization procedure of i.e. system, need to be configured encryption equipment, comprise storage key management platform and be distributed to the certificate that trade company has imported transaction platform decruption key (i.e. private key), for information such as FPE encryption key, initial vector and the data layouts encrypted to sensitive information.Especially, the FPE encryption key said here is the random number of the safety of the generation of encryption equipment, and certainly, the generation form of the present invention to FPE encryption key does not limit, as long as it can realize object of the present invention, is all included in content of the present invention.
Further, above-mentioned sensitive information comprise for unique identification user information and pay card number etc., as No. SSN (Social Security Number social security number).
Present invention also offers a kind of mark method of sensitive information, be applied to the mark system of above-mentioned sensitive information, comprise the following steps:
S1 transaction platform obtains sensitive information, is formed and concurrently send transaction request;
S2 gateway receives the request of payment, payment request is sent to a FPE encryption equipment simultaneously;
S3 the one FPE encryption equipment realizes the mark of the sensitive information paid in request, forms new transaction request;
S4 payment platform obtains new transaction request, sends the request to key management platform simultaneously;
New payment request is sent to the 2nd EPF encryption equipment and is decrypted by S5 key management platform;
S6 sends the transaction that decryption information to payment platform realizes transaction request.
Concrete, before the transaction realizing transaction platform, transaction platform is registered in markization system, and obtains encryption key and the initial vector of the transmission of key management platform, completes the registration of transaction platform; And storing initial is vectorial in a FPE encryption equipment, decruption key, FPE encryption key, and data layout; The ciphertext of the sensitive information associated with transaction platform log-on message is stored, initial vector, and data layout in key management platform.
Further, in step S1, transaction platform obtains sensitive information, forms concurrent sending in transaction request and specifically comprises:
S11 transaction platform obtains the Transaction Information comprising sensitive information, forms transaction request.Especially, the sensitive information said here, comprises the card number that will use in process of exchange, ID (identity number) card information etc.; Transaction request comprises sensitive information and transaction platform log-on message, and namely transaction request information is except comprising sensitive information, also comprises transaction platform mechanism information etc.
The encryption that S12 uses encryption key to realize transaction request in transaction platform generates enciphered message.Especially, in order to ensure the safety of information in transmitting procedure further, corresponding safe control and certificate is also used to realize the encryption of data in the present invention, especially, the safe control that the present invention describes, comprising is that a kind of browser is included in the OCX safe control installed in IE by full control.
Enciphered message sends out by S13 transaction platform.
Further, in step S3, a FPE encryption equipment realizes the mark of the sensitive information paid in request, is formed in new transaction request, specifically comprises:
S31 the one FPE encryption equipment receiving encryption key;
S32 the one FPE encryption equipment uses decruption key and initial vector to realize the deciphering of enciphered message, obtains sensitive information.Especially, if employ safe control in transaction platform and certificate is encrypted data, then use in a FPE encryption equipment and be stored in inner certificate accordingly it is decrypted.
S33 the one FPE encryption equipment uses initial vector, FPE encryption key, and data layout realizes the markization formation ciphertext of sensitive information, forms new transaction request simultaneously.Particularly, in general, sensitive information is encrypted, encrypt at pars intermedia, 4 meetings retain accordingly end to end, such as: SSN is 74,123,456 7,890 0000, then the ciphertext after FPE encryption is 7,412 3,423 3,526 0000, again the information after encryption is sent to the 2nd FPE subsequently and is decrypted.
Transaction request sends by S34 the one FPE encryption equipment.
Further, in step s 5, new payment request is sent to the 2nd EPF encryption equipment and is decrypted and specifically comprises by key management platform:
S51 key management platform obtains the initial vector associated with ciphertext according to the cipher-text information received, data layout, and is stored in the cipher-text information in key management platform.Particularly, key management platform, after receiving ciphertext, is namely searched in the contingency table of storage inside according to the ciphertext received, find other relevant information simultaneously, if do not found, then illustrate that ciphertext was tampered in the process of transmission, then stop transaction.
The cipher-text information receiving cipher-text information and storage is compared by S52 key management platform, realizes the confirmation of cipher-text information;
If S53 comparison success, then key management platform is by initial vector and data layout, and the ciphertext received is sent to the 2nd FPE encryption equipment together; If comparison failure, then stop transaction.
The deciphering that S53 the 2nd FPE encryption equipment realizes ciphertext obtains sensitive information;
Sensitive information is sent to payment platform by S54 the 2nd FPE encryption equipment, realizes the payment of transaction request.System for settling account in payment platform is namely according to the sensitive information decrypted, and as card number, the information such as the amount of money are cleared.After clearance terminates, clearance result is sent in transaction platform, confirms for user.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment of making, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. a mark system for sensitive information, is characterized in that, comprising:
Transaction platform, gateway, payment platform, key management platform, a FPE encryption equipment, and the 2nd FPE encryption equipment, wherein,
Described transaction platform, for obtaining described sensitive information, being formed simultaneously and concurrently sending transaction request;
Described gateway, is connected with described transaction platform, provides access port for described transaction platform accesses described payment platform;
Described payment platform, is connected with described gateway, for realizing the payment of described transaction request;
Described key management platform, is connected with described payment platform, manages and distribute the key information of described transaction platform;
A described FPE encryption equipment, is connected with described gateway, for realizing the mark of the sensitive information in described transaction request;
Described 2nd FPE encryption equipment, is connected with described key management platform, for realizing the deciphering of the sensitive information after markization.
2. the mark system of sensitive information as claimed in claim 1, is characterized in that: described gateway is the payment gateway of described transaction platform or the online gateway of described payment platform.
3. the mark system of sensitive information as claimed in claim 1, is characterized in that: described sensitive information comprise for unique identification user information and pay card number.
4. a mark method for sensitive information, be applied to as arbitrary in claim 1-3 as described in the mark system of sensitive information, it is characterized in that, comprise the following steps:
Transaction platform described in S1 obtains described sensitive information, is formed and sends described transaction request;
Gateway described in S2 receives described payment request, described payment request is sent to a described FPE encryption equipment simultaneously;
A FPE encryption equipment described in S3 realizes the mark of the described described sensitive information paid in request, forms new transaction request;
Payment platform described in S4 obtains described new transaction request, sends the request to described key management platform simultaneously;
Described payment request is newly sent to described 2nd EPF encryption equipment and is decrypted by key management platform described in S5;
S6 sends the transaction that described decryption information to described payment platform realizes described transaction request.
5. the mark method of sensitive information as claimed in claim 4, is characterized in that:
Before the transaction realizing described transaction platform, described transaction platform is registered in described mark system, and obtains encryption key and the initial vector of the transmission of described key management platform, completes the registration of described transaction platform; And described initial vector is stored, decruption key, FPE encryption key, and data layout in a described FPE encryption equipment; The ciphertext of the described sensitive information associated with described transaction platform log-on message is stored, described initial vector, and described data layout in key management platform.
6. the mark method of sensitive information as claimed in claim 5, is characterized in that, specifically comprise in step sl:
Transaction platform described in S11 obtains the Transaction Information comprising described sensitive information, forms described transaction request;
The encryption that S12 uses described encryption key to realize described transaction request in transaction platform generates enciphered message;
Described enciphered message sends out by transaction platform described in S13.
7. the mark method of sensitive information as claimed in claim 6, is characterized in that: described transaction request comprises described sensitive information and described transaction platform log-on message.
8. the mark system of sensitive information as claimed in claim 6, is characterized in that, specifically comprise in step s3:
Described in S31, a FPE encryption equipment receives described enciphered message;
Described in S32, a FPE encryption equipment uses described decruption key and initial vector to realize the deciphering of described enciphered message, obtains described sensitive information;
Described in S33, a FPE encryption equipment uses described initial vector, described FPE encryption key, and described data layout realizes the markization formation ciphertext of described sensitive information, forms new transaction request simultaneously;
Described in S34, described transaction request sends by a FPE encryption equipment.
9., as claim profit requires the mark method of sensitive information as described in 8, it is characterized in that, specifically comprise in step s 5:
Key management platform described in S51 obtains the described initial vector associated with described ciphertext, described data layout according to the described cipher-text information received, and is stored in the cipher-text information in described key management platform;
Described in S52, the cipher-text information receiving described cipher-text information and storage is compared by key management platform, realizes the confirmation of described cipher-text information;
If S53 comparison success, then described key management platform is by described initial vector and described data layout, and the described ciphertext received is sent to described 2nd FPE encryption equipment together;
The deciphering that 2nd FPE encryption equipment described in S53 realizes described ciphertext obtains sensitive information;
Described in S54, described sensitive information is sent to described payment platform by the 2nd FPE encryption equipment, realizes the payment of described transaction request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410609081.5A CN104361489B (en) | 2014-11-03 | 2014-11-03 | A kind of mark system and method for sensitive information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410609081.5A CN104361489B (en) | 2014-11-03 | 2014-11-03 | A kind of mark system and method for sensitive information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104361489A true CN104361489A (en) | 2015-02-18 |
| CN104361489B CN104361489B (en) | 2018-01-09 |
Family
ID=52528747
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410609081.5A Active CN104361489B (en) | 2014-11-03 | 2014-11-03 | A kind of mark system and method for sensitive information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104361489B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295366A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Sensitive data recognition methods and device |
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN109543399A (en) * | 2018-11-12 | 2019-03-29 | 中国联合网络通信有限公司重庆市分公司 | A method of prevent second-generation ID card reader OCX control to be tampered |
| CN109729063A (en) * | 2018-05-14 | 2019-05-07 | 网联清算有限公司 | Information processing method and information processing system applied to encryption equipment |
| CN111553667A (en) * | 2020-04-02 | 2020-08-18 | 中国银联股份有限公司 | Transaction method, gateway device, payment platform, merchant device and transaction system |
| CN112769759A (en) * | 2020-12-22 | 2021-05-07 | 北京深思数盾科技股份有限公司 | Information processing method, information gateway, server and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018130A (en) * | 2007-02-15 | 2007-08-15 | 物方恒德(北京)投资咨询有限公司 | Finance business system and finance business processing method |
| CN101685512A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Computer, payment system and method thereof for realizing on-line payment |
| CN102592107A (en) * | 2011-12-31 | 2012-07-18 | 成都天钥科技有限公司 | Method, device and system for realizing commodity business on handheld terminal |
-
2014
- 2014-11-03 CN CN201410609081.5A patent/CN104361489B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018130A (en) * | 2007-02-15 | 2007-08-15 | 物方恒德(北京)投资咨询有限公司 | Finance business system and finance business processing method |
| CN101685512A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Computer, payment system and method thereof for realizing on-line payment |
| CN102592107A (en) * | 2011-12-31 | 2012-07-18 | 成都天钥科技有限公司 | Method, device and system for realizing commodity business on handheld terminal |
Non-Patent Citations (1)
| Title |
|---|
| 周蔚林: ""基于多种终端接入和数据安全的电子支付平台设计"", 《中国优秀硕士学位论文全文数据库 经济与管理科学辑》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295366A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Sensitive data recognition methods and device |
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN109729063A (en) * | 2018-05-14 | 2019-05-07 | 网联清算有限公司 | Information processing method and information processing system applied to encryption equipment |
| CN109729063B (en) * | 2018-05-14 | 2022-02-25 | 网联清算有限公司 | Information processing method and information processing system applied to encryption machine |
| CN109543399A (en) * | 2018-11-12 | 2019-03-29 | 中国联合网络通信有限公司重庆市分公司 | A method of prevent second-generation ID card reader OCX control to be tampered |
| CN109543399B (en) * | 2018-11-12 | 2022-12-23 | 中国联合网络通信有限公司重庆市分公司 | Method for preventing second-generation ID card reader OCX control from being tampered |
| CN111553667A (en) * | 2020-04-02 | 2020-08-18 | 中国银联股份有限公司 | Transaction method, gateway device, payment platform, merchant device and transaction system |
| CN112769759A (en) * | 2020-12-22 | 2021-05-07 | 北京深思数盾科技股份有限公司 | Information processing method, information gateway, server and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104361489B (en) | 2018-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3286867B1 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
| EP3432523B1 (en) | Method and system for connecting a terminal to a virtual private network | |
| CN104361489A (en) | Sensitive information identification system and sensitive information identification method | |
| JP4304362B2 (en) | PKI-compliant certificate confirmation processing method and apparatus, and PKI-compliant certificate confirmation processing program | |
| CN101605137B (en) | Safe distribution file system | |
| EP1635502B1 (en) | Session control server and communication system | |
| CN1656772B (en) | Association of security parameters for a collection of related streaming protocols | |
| US10469491B2 (en) | Access control in an information centric network | |
| CN106713279B (en) | video terminal identity authentication system | |
| CN101772024B (en) | User identification method, device and system | |
| KR102325725B1 (en) | Digital certificate management method and device | |
| CN101405759A (en) | Method and apparatus for user centric private data management | |
| CN101145908A (en) | System, device and method for guaranteeing service network security | |
| CN103746815B (en) | Safety communicating method and device | |
| CN109586908A (en) | A kind of safe packet transmission method and its system | |
| CN105208024A (en) | Safe data transmission method and system adopting no HTTPS, client and server | |
| CN108322488A (en) | The system that trust data is shared and distributes is realized in multiple car networkings | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN109379345B (en) | Sensitive information transmission method and system | |
| CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
| CN114143050B (en) | Video data encryption system | |
| JP2001134534A (en) | Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device | |
| CN110198320B (en) | Encrypted information transmission method and system | |
| CN102281303A (en) | Data exchange method | |
| CN106452752A (en) | Method and system of modifying cipher, client, server and smart device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160310 Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China Applicant after: Shanghai PeopleNet Security Technology Co., Ltd. Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4 Applicant before: Shanghai everybody Science and Technology Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |