CN106408301A - Method and device for improving security of transaction command - Google Patents

Method and device for improving security of transaction command Download PDF

Info

Publication number
CN106408301A
CN106408301A CN201610877851.3A CN201610877851A CN106408301A CN 106408301 A CN106408301 A CN 106408301A CN 201610877851 A CN201610877851 A CN 201610877851A CN 106408301 A CN106408301 A CN 106408301A
Authority
CN
China
Prior art keywords
cryptographic hash
transaction data
client
transaction
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610877851.3A
Other languages
Chinese (zh)
Inventor
陈强
梁武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Wangjin Holdings Co Ltd
Original Assignee
Guangdong Wangjin Holdings Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Wangjin Holdings Co Ltd filed Critical Guangdong Wangjin Holdings Co Ltd
Priority to CN201610877851.3A priority Critical patent/CN106408301A/en
Publication of CN106408301A publication Critical patent/CN106408301A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a method and a device for improving security of a transaction command. The method comprises the steps of: calculating a first hash value of transaction data information, generating an authorization ID, and storing the first hash value and the authorization ID in a local database of a transaction authorization end; transmitting the authorization ID to a client, and storing the transaction data information and the authorization ID in a network database; receiving the authorization ID and the transaction data information obtained from the network database by a task scheduling server; judging whether the authorization ID exists, if so, then executing a next step; calculating to obtain a second hash value of the transaction data information, and judging whether the second hash value and the first hash value are identical, if so, then executing a next step; and transmitting successfully verification information to the task scheduling server, and transmitting the transaction data information to a third party payment channel. According to the method for improving security of the transaction command, the security of the transaction command is improved by additionally arranging the transaction authorization end, and executing corresponding logic thereof.

Description

A kind of method and device improving trading instruction safety
Technical field
The invention belongs to smart machine transaction field, more particularly, to a kind of method and device improving trading instruction safety.
Background technology
Get more and more at present and be related to the system of financial transaction class, its transactional operation is mostly asynchronous transaction.Asynchronous friendship Easy main flow is:(1) user carry out paying at Web end, the operation such as reimbursement;(2), after system receives peration data, first put in storage Or enqueue, and return to customer transaction " in process " state;(3) system, by independent task scheduling job service, scans " in process " task, and trading instruction is assigned to Third-party payment passage;(4) after Third-party payment passage has been processed, readjustment Result or by system active inquiry result, changes the stateful transaction in operation system.
In this process, Client-initiated transactional operation data, is not to be directly assigned to Third-party payment passage, and It is that first warehouse-in waits, then assign instruction again after task scheduling job service goes to read.
Content of the invention
In order to overcome the deficiencies in the prior art, an object of the present invention is to provide a kind of raising trading instruction safety Method, it can improve the safety of trading instruction.
The second object of the present invention is to provide a kind of device improving trading instruction safety, and it can improve trading instruction Safety.
An object of the present invention employs the following technical solutions realization:
A kind of method improving trading instruction safety, comprises the following steps:
S1:Trading Authorization end receives the transaction data of client upload, and this Transaction Information is sent to client by user End;
S2:Calculate the first cryptographic Hash of transaction data, generate and this first cryptographic Hash corresponding mandate ID, and by the One cryptographic Hash and mandate ID are stored in the local data base at Trading Authorization end;
S3:ID will be authorized to transmit to client, and by transaction data and authorize ID to be stored in network data base;
S4:Receive mandate ID and the transaction data that task scheduling service gets from network data base;
S5:Judge to whether there is this mandate ID in local data base, if it is, execution S6, if it is not, then send authorizing Failure is to client;
S6:It is calculated the second cryptographic Hash of this transaction data, and judge that the second cryptographic Hash with the first cryptographic Hash is No consistent, if it is, execution next step, if it is not, then sending authentication failed to client;
S7:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to Third-party payment passage.
Preferably, also include step S61 between step S7 and S6:
S61:Delete and authorize ID and the first cryptographic Hash.It can guarantee that and verifies successfully once.
Preferably, described mandate ID is GUID.It can disclose the pattern authorizing ID to adopt further.
The second object of the present invention employs the following technical solutions realization:
A kind of device improving trading instruction safety, including with lower module:
First information receiver module:Trading Authorization end receive client upload transaction data, this Transaction Information by User sends to client;
Cryptographic Hash computing module:Calculate the first cryptographic Hash of transaction data, generate corresponding with this first cryptographic Hash Authorize ID, and by the first cryptographic Hash and authorize ID to be stored in the local data base at Trading Authorization end;
Data memory module:ID will be authorized to transmit to client, and by transaction data and authorize ID to be stored in network In data base;
Second information receiving module:Receive mandate ID and the transaction data that task scheduling service gets from network data base Information;
Authorize judge module:Judge to whether there is this mandate ID in local data base, if it is, execution cryptographic Hash judges Module, if it is not, then send authorization failure to client;
Cryptographic Hash judge module:Be calculated the second cryptographic Hash of this transaction data, and judge the second cryptographic Hash with Whether the first cryptographic Hash is consistent, if it is, transmission module on execution transaction data, if it is not, then sending authentication failed to client;
Transmission module on transaction data:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to the Tripartite's payment channel.
Preferably, also include data deletion module between transmission module on cryptographic Hash judge module and transaction data:Delete Authorize ID and the first cryptographic Hash.It can guarantee that and verifies successfully once.
Preferably, described mandate ID is GUID.It can disclose the pattern authorizing ID to adopt further.
Compared to existing technology, the beneficial effects of the present invention is:
The method improving trading instruction safety proposed by the present invention, by increasing Trading Authorization end, and it is corresponding to execute it Logic is improving the safety of trading instruction.And its can guarantee that verify successfully once after, delete corresponding data, it is right to prevent Same data check success thing even multiple twice occurs, and improves the accuracy of transaction.
Brief description
Fig. 1 is a kind of flow chart of the method improving trading instruction safety of the present invention;
Fig. 2 is a kind of structure chart of the device improving trading instruction safety of the present invention.
Specific embodiment
Below, in conjunction with accompanying drawing and specific embodiment, the present invention is described further:
As shown in figure 1, the present invention provides a kind of method improving trading instruction safety, comprise the following steps:
S1:Trading Authorization end receives the transaction data of client upload, and this Transaction Information is sent to client by user End;The data at this time receiving is original transaction data;
S2:Calculate the first cryptographic Hash of transaction data, generate and this first cryptographic Hash corresponding mandate ID, and by the One cryptographic Hash and mandate ID are stored in the local data base at Trading Authorization end, and described mandate ID is only required to be unique value, Here is preferably used GUID (GUID) and is indicated;At Trading Authorization end by the pass in transaction data Key data carries out dressing up a string character string, then calculates the cryptographic Hash of this character string;
S3:ID will be authorized to transmit to client, and by transaction data and authorize ID to be stored in network data base;? It is that transaction data is carried out in-stockroom operation, and that is to say web page display customer transaction " in process " in client.
S4:Receive mandate ID and the transaction data that task scheduling service gets from network data base;This step Be task scheduling service carry out read storehouse operation, get " in process " transaction task and authorize ID, and will authorize ID and with The corresponding transaction data of this mandate ID submits to Trading Authorization end;
S5:Judge that local data base whether there is this mandate ID, if it is, execution S6, lose if it is not, then sending and authorizing Lose to client;Due to local authorization location exist multiple mandate ID and with authorize corresponding first cryptographic Hash of ID, then carrying out When judgement, the mandate ID using the mandate ID currently getting and storage in local data base compares one by one, if locally Not this mandate ID in data base, then authorize and do not pass through, if there is this mandate ID, then can carry out the operation of next step.
S6:It is calculated the second cryptographic Hash of this transaction data, and judge that the second cryptographic Hash with the first cryptographic Hash is No consistent, if it is, execution S61, if it is not, then sending authentication failed to client;
S61:Delete and authorize ID and the first cryptographic Hash;Its purpose is to ensure only to verify successfully successively, if in verification In the case of successfully, when task scheduling service is sent out transaction data again and verified, then verify and do not pass through;
S7:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to Third-party payment passage.
Entirely and during third party transaction, execute its logic by increasing Trading Authorization end, improve transaction and refer to The safety of order.
As shown in Fig. 2 the present invention provides a kind of device improving trading instruction safety, including with lower module:
First information receiver module:Trading Authorization end receive client upload transaction data, this Transaction Information by User sends to client;
Cryptographic Hash computing module:Calculate the first cryptographic Hash of transaction data, generate corresponding with this first cryptographic Hash Authorize ID, and by the first cryptographic Hash and authorize ID to be stored in the local data base at Trading Authorization end;Described mandate ID is GUID.
Data memory module:ID will be authorized to transmit to client, and by transaction data and authorize ID to be stored in network In data base;
Second information receiving module:Receive mandate ID and the transaction data that task scheduling service gets from network data base Information;
Authorize judge module:Judge to whether there is this mandate ID in local data base, if it is, execution cryptographic Hash judges Module, if it is not, then send authorization failure to client;
Cryptographic Hash judge module:Be calculated the second cryptographic Hash of this transaction data, and judge the second cryptographic Hash with Whether the first cryptographic Hash is consistent, if it is, transmission module on execution transaction data, if it is not, then sending authentication failed to client;
Transmission module on transaction data:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to the Tripartite's payment channel.
It is highly preferred that also including data deletion module between transmission module on cryptographic Hash judge module and transaction data:Delete Except authorizing ID and the first cryptographic Hash, when judging that the second cryptographic Hash is consistent with the first cryptographic Hash, then execution data deletion module is More preferably mode, it ensure that and is only proved to be successful once, is not in the successful situation of repeated authentication.
It will be apparent to those skilled in the art that can technical scheme as described above and design, make other various Corresponding change and deformation, and all these change and deformation all should belong to the protection domain of the claims in the present invention Within.

Claims (6)

1. a kind of method improving trading instruction safety is it is characterised in that comprise the following steps:
S1:Trading Authorization end receives the transaction data of client upload, and this Transaction Information is sent to client by user;
S2:Calculate the first cryptographic Hash of transaction data, generate and this first cryptographic Hash corresponding mandate ID, and first is breathed out Uncommon value and mandate ID are stored in the local data base at Trading Authorization end;
S3:ID will be authorized to transmit to client, client by transaction data and authorizes ID to be stored in network data base;
S4:Receive mandate ID and the transaction data that task scheduling service gets from network data base;
S5:Judge to whether there is this mandate ID in local data base, if it is, execution S6, if it is not, then sending authorization failure To client;
S6:It is calculated the second cryptographic Hash of this transaction data, and judge the second cryptographic Hash and the first cryptographic Hash whether Cause, if it is, execution next step, if it is not, then sending authentication failed to client;
S7:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to Third-party payment passage.
2. the method improving trading instruction safety as claimed in claim 1 is it is characterised in that also wrap between step S7 and S6 Include step S61:
S61:Delete and authorize ID and the first cryptographic Hash.
3. the method improving trading instruction safety as claimed in claim 1 is it is characterised in that described mandate ID is GUID.
4. a kind of device improving trading instruction safety is it is characterised in that include with lower module:
First information receiver module:Trading Authorization end receives the transaction data of client upload, and this Transaction Information is by user Send to client;
Cryptographic Hash computing module:Calculate the first cryptographic Hash of transaction data, generate and this corresponding mandate of the first cryptographic Hash ID, and by the first cryptographic Hash and authorize ID to be stored in the local data base at Trading Authorization end;
Data memory module:ID will be authorized to transmit to client, and by transaction data and authorize ID to be stored in network data In storehouse;
Second information receiving module:Receive the mandate ID that task scheduling service gets from network data base and number of deals it is believed that Breath;
Authorize judge module:Judge that local data base whether there is this mandate ID, if it is, execution cryptographic Hash judge module, If it is not, then sending authorization failure to client;
Cryptographic Hash judge module:It is calculated the second cryptographic Hash of this transaction data, and judge the second cryptographic Hash and first Whether cryptographic Hash is consistent, if it is, transmission module on execution transaction data, if it is not, then sending authentication failed to client;
Transmission module on transaction data:It is proved to be successful to task scheduling service transmission, and transaction data is transmitted to third party Payment channel.
5. the device improving trading instruction safety as claimed in claim 4 is it is characterised in that in cryptographic Hash judge module and friendship Easily also include data deletion module between transmission module in data:Delete and authorize ID and the first cryptographic Hash.
6. the device improving trading instruction safety as claimed in claim 4 is it is characterised in that described mandate ID is GUID.
CN201610877851.3A 2016-09-30 2016-09-30 Method and device for improving security of transaction command Pending CN106408301A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610877851.3A CN106408301A (en) 2016-09-30 2016-09-30 Method and device for improving security of transaction command

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610877851.3A CN106408301A (en) 2016-09-30 2016-09-30 Method and device for improving security of transaction command

Publications (1)

Publication Number Publication Date
CN106408301A true CN106408301A (en) 2017-02-15

Family

ID=59228478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610877851.3A Pending CN106408301A (en) 2016-09-30 2016-09-30 Method and device for improving security of transaction command

Country Status (1)

Country Link
CN (1) CN106408301A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111445256A (en) * 2020-03-27 2020-07-24 北京瑞卓喜投科技发展有限公司 Multi-party platform based method and device for verifying compliance of certification transaction and memory
US11422856B2 (en) * 2019-06-28 2022-08-23 Paypal, Inc. Adaptive program task scheduling to blocking and non-blocking queues

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102194177A (en) * 2011-05-13 2011-09-21 南京柯富锐软件科技有限公司 System for risk control over online payment
CN102694780A (en) * 2011-03-25 2012-09-26 同方股份有限公司 Digital signature authentication method, payment method containing the same and payment system
CN102819799A (en) * 2012-07-26 2012-12-12 郑州信大捷安信息技术股份有限公司 Multi-channel safety authenticating system and authenticating method based on U-Key
US20140180931A1 (en) * 2012-12-07 2014-06-26 David Lie System and Method for Secure Wi-Fi- Based Payments Using Mobile Communication Devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102694780A (en) * 2011-03-25 2012-09-26 同方股份有限公司 Digital signature authentication method, payment method containing the same and payment system
CN102194177A (en) * 2011-05-13 2011-09-21 南京柯富锐软件科技有限公司 System for risk control over online payment
CN102819799A (en) * 2012-07-26 2012-12-12 郑州信大捷安信息技术股份有限公司 Multi-channel safety authenticating system and authenticating method based on U-Key
US20140180931A1 (en) * 2012-12-07 2014-06-26 David Lie System and Method for Secure Wi-Fi- Based Payments Using Mobile Communication Devices

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11422856B2 (en) * 2019-06-28 2022-08-23 Paypal, Inc. Adaptive program task scheduling to blocking and non-blocking queues
CN111445256A (en) * 2020-03-27 2020-07-24 北京瑞卓喜投科技发展有限公司 Multi-party platform based method and device for verifying compliance of certification transaction and memory

Similar Documents

Publication Publication Date Title
US11227275B2 (en) Person-to-person electronic payment processing
KR102384340B1 (en) Method for processing blockchain based real-time transaction and system thereof
CN105608577B (en) Method for realizing non-repudiation, payment management server and user terminal thereof
US11521203B2 (en) Generating a cryptographic key based on transaction data of mobile payments
CN104021333B (en) Mobile security watch bag
US20140025585A1 (en) Distributing authorized tokens to conduct mobile transactions
US20180248685A1 (en) Systems, Devices, and Methods for In-Field Authenticating of Autonomous Robots
CN106936790A (en) The method that client and server end carries out two-way authentication is realized based on digital certificate
CN103400269A (en) Smart community home gateway-based safety payment method
KR101499906B1 (en) Smart card having OTP generation function and OTP authentication server
CN110599140B (en) Digital currency verification method and system
CN109120395A (en) Label data generation method, label and the data processing based on NFC label
US20140137265A1 (en) System and Method For Securing Critical Data In A Remotely Accessible Database
CN103107888B (en) The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level
CN103024706A (en) Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication
CN107507004B (en) Data processing method and system
CN104125230A (en) Short message authentication service system and authentication method
CN104835038A (en) Networking payment device and networking payment method
CN107453871A (en) Password generated method, password authentication method, method of payment and device
CN106408301A (en) Method and device for improving security of transaction command
CN116703395B (en) Digital RMB payment method, device, equipment, system and medium
CN206878870U (en) A kind of safe single-sign-on accesses system
CN111259363B (en) Service access information processing method, system, device, equipment and storage medium
CN109801075A (en) Method of payment, device, computer equipment and storage medium
CN101425901A (en) Control method and device for customer identity verification in processing terminals

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170215