CN106453259A - Internet finance safety link realization method based on block chaining encryption technology - Google Patents

Internet finance safety link realization method based on block chaining encryption technology Download PDF

Info

Publication number
CN106453259A
CN106453259A CN201610821059.6A CN201610821059A CN106453259A CN 106453259 A CN106453259 A CN 106453259A CN 201610821059 A CN201610821059 A CN 201610821059A CN 106453259 A CN106453259 A CN 106453259A
Authority
CN
China
Prior art keywords
link
user
vector
server
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610821059.6A
Other languages
Chinese (zh)
Inventor
周振
于藜铭
谭腾飞
刘慧平
鲁文凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Electric Technology Co., Ltd.
Original Assignee
Guangzhou Shizhen Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Shizhen Information Technology Co Ltd filed Critical Guangzhou Shizhen Information Technology Co Ltd
Priority to CN201610821059.6A priority Critical patent/CN106453259A/en
Publication of CN106453259A publication Critical patent/CN106453259A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management

Abstract

The invention discloses an internet finance safety link realization method based on a block chaining encryption technology. The method is characterized in that a message head block encryption secret key provided by autonomous authentication service can be used in the process of a user buying financing products on the Internet; a TLS tunnel technology of HTTPS is put into service to ensure the link safety of the user; and the link-level safety certification is intensified through a dynamic link vector record verified under a vector protocol and a user identity system, thereby when a user buys lottery tickets at a web portal, personnel identify information, link vector information and authentication strategies are combined to ensure the reliability and stability of day-to-day business such as lottery ticket buying and payment in the network transmission in terms of security mechanism.

Description

A kind of the Internet financial security link implementation method based on block chaining encryption technology
Technical field
The present invention relates to the Internet financial sector technical field is and in particular to a kind of interconnection based on block chaining encryption technology Net financial security link implementation method.
Background technology
HTTP is an OO agreement belonging to application layer, due to its simple and direct, quick mode it is adaptable to be distributed Formula Hypermedia Information System.It proposed in nineteen ninety, through use in a few years and development, is constantly improved and extends.Mesh Front used in WWW be HTTP/1.0 sixth version, the standardization work of HTTP/1.1 is in progress, and HTTP- The suggestion of NG (Next Generation of HTTP) has been proposed that.Http protocol is based on request/response paradigm.
One client computer is set up with server after being connected, and sends one and asks to server, the form of request method is to unite One resource identifier, protocol version, back is that MIME information includes asking modifier, client information and possible content. After server is connected to request, give corresponding response message, its form be a statusline include the protocol version of information, one Individual successful or wrong code, back is that MIME information includes server info, entity information and possible content.Safe transmission Layer protocol (TLS) is used for providing confidentiality data integrity between two communication application programs.
This agreement is made up of two-layer:TLS record protocol (TLS Record) and tls handshake protocol (TLS Handshake).
Relatively low layer is TLS record protocol, positioned at certain reliable host-host protocol (such as TCP) above.Tls protocol includes Two protocol groups --- TLS record protocol and tls handshake protocol, every group of information with a lot of different-formats, TLS record protocol It is a kind of layered protocol.
Information in each layer may comprise the fields such as length, description and content.Record protocol supports information transfer, by number Can process block, compressed data, application MAC, encryption and transmission result etc. according to being fragmented into.The data receiving is decrypted, Verification, decompression, restructuring etc., then transfer them to higher level client.
TLS connection status refers to the operating environment of TLS record protocol.It defines compression algorithm, AES and MAC Algorithm.TLS recording layer is from the high-rise continuous data receiving the no empty block of arbitrary size.Cipher key calculation:Record protocol pass through algorithm from Key, IV and MAC key is produced in the security parameter that Handshake Protocol provides.
Tls handshake protocol is made up of three sub- protocol groups it is allowed to reciprocity both sides reach one on the security parameter of recording layer Cause, self identity, illustration are consulted security parameter, are reported mutually error conditions.The defect of current HTTPS network:
(1) Distributed Denial of service (the distributed refusal clothes after can not preventing from usurping public key certificate Business is attacked);
(2) the invasive operation stealing the initiation of chain technology after can not preventing from usurping public key certificate;
(3) network environment that can not use in conjunction with user carries out identification;
(4) high-grade service security can not be ensured in conjunction with userspersonal information;
(5) processing safety that can not carry out time shafts in conjunction with historical log and current operating temporal is screened;
(6) it cannot be guaranteed that between repeatedly netting in a things transaction shake hands the correct problem of order.
Content of the invention
The present invention is directed to deficiency of the prior art, provides a kind of safety certification of strengthening link level, thus making in user With during portal website's lottery by personally identifiable information, link vector information and authentication policy combine it is ensured that user lottery with The reliability and stability in the security mechanism in network transmission process for the routine work paying skill is encrypted based on block chaining The Internet financial security link implementation method of art.
The present invention is achieved through the following technical solutions:A kind of the Internet finance peace based on block chaining encryption technology Full link implementation method, the method can be carried using autonomous authentication service during user buys finance product on the internet For heading block encryption key, enable the TLS tunneling technique of HTTPS, ensure the link safety of user, it includes following step Suddenly:
Step one, the heading encryption key block being generated by autonomous authentication authority method, and be combined with message body phase, to Next link sends message;
Step 2, the HTTPS protocol processes of autonomous Service Ticket, before TLS link establishment, using message identity system and Dynamic link vector, and carry sequential search, carry out message identity certification and link authentication;
Step 3, in each things cycle, set up the transaction block key of one group of independence, the conversation initial stage checks certification Vector, whether from authorizing transaction, reexamines the licit traffic whether transaction identification system is in same things, if not Licit traffic is then concluded the business and is reported an error, and web browser prompting user has security risk it is proposed that re-starting crucial transaction, page jump To transaction initial page;
If licit traffic, then set up LS tunnel and carry out normal conversation and data interaction, meanwhile, system carries out next step Block encryption calculate, and generate next step Self-certified key, set up next step transaction, comprise the following steps that:
A, user use browser to log in autonomous portal website, and Website front-end code obtains user's current IP address first: IP, proxy gateway address:Gateway, browser type:Browser information, and login time:time;Four It is combined as the discernible vector of current ink:Vector;First, the Browser information that HTTP head returns passes through CA_ The browser type table of server compares, and obtains Browserid, and it is timesten that login time is carried out timestamp computing; Vector=IP^Gateway& (Browserid | timesten);Then by Vector information transmission to link/user identity system System:Link/User server, link/user identity system generates the time according to this visit time of current CA_server Stamp timeserversten, finally carries out MD5 computing to Vector, generates summary Vector_MD5, and returns to CA_ server;
B, client user log in, and CA_server according to username and password, obtains active user in systems unique ID, and it is sent to Link/User server, Link/User server searches user's registration table according to ID, obtains This ID (identity number) card No. is returned to Verification System service after md5 encryption by the ID (identity number) card No. filled in during user's registration;
C, CA_server use MD5 decoding to obtain ID (identity number) card No. and Vector, the timesten according to oneself record and The timeserversten obtaining, the holding time stabs to timesten/timeserversten, and uses JVM standard configuration Keytools instrument, answers IP problem answers:Vector, answers user name problem:identity_id;Answer cryptographic problem: Timesten^timeserversten, generates CA certificate and public/private keys pair;
D, issue public key carrier, to web browser, this certificate is installed automatically, set up TLS tunnel, carry out HTTPS session;
E, when HTTPS first time session, CA_Server recalculates the vector of this session;
F, session content is carried out with private key deciphering, compare identity information, link vector information and timestamp information this three Information, whether comparison current sessions vector is identical with record vector, has prevented link from usurping;By rear, then by timestamp Whether overtime information transmission, to Link/User server, compares current state;Identity information is sent to Link/ Userserver, compares whether user is limited by corresponding business;Above by rear, Link/User server returns to CA_Server unique communication ID, CA_Server carry out public key encryption to this ID and send web browser to, and Web browser is since then The use of this ID is licence plate, carries out normal HTTPS session interaction.
The invention has the beneficial effects as follows:The present invention can be using certainly during user buys finance product on the internet The heading block encryption key that master authentication service provides, enables the TLS tunneling technique of HTTPS, ensures the link safety of user.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Have technology description in required use accompanying drawing be briefly described it should be apparent that, drawings in the following description be only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, acceptable Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the system flow chart of the present invention;
Fig. 2 is the block chaining AES schematic diagram of the present invention.
Specific embodiment
All features disclosed in this specification, or disclosed all methods or during step, except mutually exclusive Feature and/or step beyond, all can combine by any way.
Any feature disclosed in this specification (including any accessory claim, summary and accompanying drawing), except non-specifically is chatted State, all can be replaced by other alternative features equivalent or that there is similar purpose.I.e., unless specifically stated otherwise, each feature It is a series of equivalent or one of similar characteristics example.
As depicted in figs. 1 and 2, first pass through the heading encryption key block that autonomous authentication authority method generates, and with report Style combines, and sends message to next link;
Secondly, the HTTPS protocol processes of autonomous Service Ticket, before TLS link establishment, using message identity system and dynamic State link vector, and carry sequential search, carry out message identity certification and link authentication;
Finally, each sets up the transaction block key of one group of independence in the things cycle, the conversation initial stage check certification to Amount, whether from authorizing transaction, reexamines the licit traffic whether transaction identification system is in same things, if not conjunction Then transaction reports an error for method transaction, and web browser prompting user has security risk it is proposed that re-starting crucial transaction, page jump is extremely Transaction initial page;
If licit traffic, then set up LS tunnel and carry out normal conversation and data interaction, meanwhile, system carries out next step Block encryption calculate, and generate next step Self-certified key, set up next step transaction, comprise the following steps that:
A, user use browser to log in autonomous portal website, and Website front-end code obtains user's current IP address first: IP, proxy gateway address:Gateway, browser type:Browser information, and login time:time;Four It is combined as the discernible vector of current ink:Vector;First, the Browser information that HTTP head returns passes through CA_ The browser type table of server compares, and obtains Browserid, and it is timesten that login time is carried out timestamp computing; Vector=IP^Gateway& (Browserid | timesten);Then by Vector information transmission to link/user identity system System:Link/User server, link/user identity system generates the time according to this visit time of current CA_server Stamp timeserversten, finally carries out MD5 computing to Vector, generates summary Vector_MD5, and returns to CA_ server;
B, client user log in, and CA_server according to username and password, obtains active user in systems unique ID, and it is sent to Link/User server, Link/User server searches user's registration table according to ID, obtains This ID (identity number) card No. is returned to Verification System service after md5 encryption by the ID (identity number) card No. filled in during user's registration;
C, CA_server use MD5 decoding to obtain ID (identity number) card No. and Vector, the timesten according to oneself record and The timeserversten obtaining, the holding time stabs to timesten/timeserversten, and uses JVM standard configuration Keytools instrument, answers IP problem answers:Vector, answers user name problem:identity_id;Answer cryptographic problem: Timesten^timeserversten, generates CA certificate and public/private keys pair;
D, issue public key carrier, to web browser, this certificate is installed automatically, set up TLS tunnel, carry out HTTPS session;
E, when HTTPS first time session, CA_Server recalculates the vector of this session;
F, session content is carried out with private key deciphering, compare identity information, link vector information and timestamp information this three Information, whether comparison current sessions vector is identical with record vector, has prevented link from usurping;By rear, then by timestamp Whether overtime information transmission, to Link/User server, compares current state;Identity information is sent to Link/ Userserver, compares whether user is limited by corresponding business;Above by rear, Link/User server returns to CA_Server unique communication ID, CA_Server carry out public key encryption to this ID and send web browser to, and Web browser is since then The use of this ID is licence plate, carries out normal HTTPS session interaction.
The invention has the beneficial effects as follows:The present invention can be using certainly during user buys finance product on the internet The heading block encryption key that master authentication service provides, enables the TLS tunneling technique of HTTPS, ensures the link safety of user.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, and any The change or replacement expected without creative work, all should be included within the scope of the present invention.Therefore, the present invention Protection domain should be defined by the protection domain that claims are limited.

Claims (1)

1. a kind of the Internet financial security link implementation method based on block chaining encryption technology is it is characterised in that the method energy Enough heading block encryption keys being provided using autonomous authentication service during user buys finance product on the internet, are opened With the TLS tunneling technique of HTTPS, ensure the link safety of user, it comprises the following steps:
Step one, the heading encryption key block being generated by autonomous authentication authority method, and be combined with message body phase, to next Individual link sends message;
Step 2, the HTTPS protocol processes of autonomous Service Ticket, before TLS link establishment, using message identity system with dynamically Link vector, and carry sequential search, carry out message identity certification and link authentication;
Step 3, in each things cycle, set up the transaction block key of one group of independence, the conversation initial stage checks Ciphering Key Whether from authorizing transaction, reexamine the licit traffic whether transaction identification system is in same things, if not legal Then transaction reports an error for transaction, and web browser prompting user has security risk it is proposed that re-starting crucial transaction, page jump best friend Easily initial page;
If licit traffic, then set up LS tunnel and carry out normal conversation and data interaction, meanwhile, system carries out the block of next step Cryptographic calculations, and generate next step Self-certified key, set up next step transaction, comprise the following steps that:
A, user use browser to log in autonomous portal website, and Website front-end code obtains user's current IP address first:IP, generation Reason gateway address:Gateway, browser type:Browser information, and login time:time;Four combinations For the discernible vector of current ink:Vector;First, the Browser information that HTTP head returns passes through CA_ The browser type table of server compares, and obtains Browserid, and it is timesten that login time is carried out timestamp computing; Vector=IP^Gateway& (Browserid | timesten);Then by Vector information transmission to link/user identity system System:Link/User server, link/user identity system generates the time according to this visit time of current CA_server Stamp timeserversten, finally carries out MD5 computing to Vector, generates summary Vector_MD5, and returns to CA_ server;
B, client user log in, and CA_server, according to username and password, obtains active user's unique subscriber in systems ID, and it is sent to Link/User server, Link/User server searches user's registration table according to ID, obtains user This ID (identity number) card No. is returned to Verification System service after md5 encryption by the ID (identity number) card No. filled in during registration;
C, CA_server use MD5 decoding acquisition ID (identity number) card No. and Vector, the timesten according to oneself record and acquisition Timeserversten, the holding time stab to timesten/timeserversten, and use JVM standard configuration keytools work Tool, answers IP problem answers:Vector, answers user name problem:identity_id;Answer cryptographic problem:timesten^ Timeserversten, generates CA certificate and public/private keys pair;
D, issue public key carrier, to web browser, this certificate is installed automatically, set up TLS tunnel, carry out HTTPS session;
E, when HTTPS first time session, CA_Server recalculates the vector of this session;
F, session content is carried out with private key deciphering, compares identity information, link vector information and this three information of timestamp information, Compare current sessions vector whether identical with record vector, prevent link from usurping;By rear, then timestamp information is passed Give Link/User server, whether overtime compare current state;Identity information is sent to Link/Userserver, than Whether user is limited by corresponding business;Above by rear, Link/User server returns to CA_Server and uniquely leads to Letter ID, CA_Server carries out public key encryption to this ID and sends web browser to, and Web browser is licence plate using this ID since then, Carry out normal HTTPS session interaction.
CN201610821059.6A 2016-09-13 2016-09-13 Internet finance safety link realization method based on block chaining encryption technology Pending CN106453259A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610821059.6A CN106453259A (en) 2016-09-13 2016-09-13 Internet finance safety link realization method based on block chaining encryption technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610821059.6A CN106453259A (en) 2016-09-13 2016-09-13 Internet finance safety link realization method based on block chaining encryption technology

Publications (1)

Publication Number Publication Date
CN106453259A true CN106453259A (en) 2017-02-22

Family

ID=58168824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610821059.6A Pending CN106453259A (en) 2016-09-13 2016-09-13 Internet finance safety link realization method based on block chaining encryption technology

Country Status (1)

Country Link
CN (1) CN106453259A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN108737435A (en) * 2018-05-30 2018-11-02 阿里巴巴集团控股有限公司 A kind of account initial method and device
CN108769057A (en) * 2018-06-15 2018-11-06 北京奇虎科技有限公司 Personal identification method based on block chain and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885771A (en) * 2005-06-23 2006-12-27 国际商业机器公司 Method and apparatus for establishing a secure communication session
CN102195878A (en) * 2010-03-19 2011-09-21 F5网络公司 Proxy SSL handoff via mid-stream renegotiation
CN102629928A (en) * 2012-04-13 2012-08-08 江苏新彩软件有限公司 Implementation method for safety link of internet lottery ticket system based on public key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1885771A (en) * 2005-06-23 2006-12-27 国际商业机器公司 Method and apparatus for establishing a secure communication session
CN102195878A (en) * 2010-03-19 2011-09-21 F5网络公司 Proxy SSL handoff via mid-stream renegotiation
CN102629928A (en) * 2012-04-13 2012-08-08 江苏新彩软件有限公司 Implementation method for safety link of internet lottery ticket system based on public key

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN107171806B (en) * 2017-05-18 2020-04-10 北京航空航天大学 Mobile terminal network key negotiation method based on block chain
CN108737435A (en) * 2018-05-30 2018-11-02 阿里巴巴集团控股有限公司 A kind of account initial method and device
CN108737435B (en) * 2018-05-30 2020-09-18 阿里巴巴集团控股有限公司 Account initialization method and device
CN108769057A (en) * 2018-06-15 2018-11-06 北京奇虎科技有限公司 Personal identification method based on block chain and device

Similar Documents

Publication Publication Date Title
EP2304636B1 (en) Mobile device assisted secure computer network communications
CN106101068B (en) Terminal communicating method and system
CN104767731B (en) A kind of Restful move transactions system identity certification means of defence
TWI436627B (en) Method and apparatus for authenticatiing online transactions using a browser
EP2020797B1 (en) Client-server Opaque token passing apparatus and method
CN105554098B (en) A kind of equipment configuration method, server and system
CN101873331B (en) Safety authentication method and system
CN101156352B (en) Authentication method, system and authentication center based on mobile network P2P communication
CN106534143A (en) Method and system capable of realizing cross-application authentication authorization
CN104506534A (en) Safety communication secret key negotiation interaction scheme
EP2289222B1 (en) Method, authentication server and service server for authenticating a client
CN107040513A (en) A kind of credible access registrar processing method, user terminal and service end
CN105827395A (en) Network user authentication method
CN102209046A (en) Network resource integration system and method
CN109639731A (en) The certification of multiple-factor Universal-Composability and service authorizing method, communications service system
CN103108028A (en) Cloud computing processing system with security architecture
CN102025748B (en) Method, device and system for acquiring user name of Kerberos authentication mode
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN104468618A (en) Sensor network based XMPP security access method
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
CN106453259A (en) Internet finance safety link realization method based on block chaining encryption technology
CN102629928B (en) Implementation method for safety link of internet lottery ticket system based on public key
CN107566393A (en) A kind of dynamic rights checking system and method based on trust certificate
CN102208980A (en) Communication method and system
CN113922974A (en) Information processing method and system, front end, server and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Zhou Zhen

Inventor after: Yu Liming

Inventor after: Liu Huiping

Inventor before: Zhou Zhen

Inventor before: Yu Liming

Inventor before: Tan Tengfei

Inventor before: Liu Huiping

Inventor before: Lu Wenkai

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20170309

Address after: 510000 Guangzhou science and Technology Industrial Development Zone, Guangdong Province, science Road, No. 808, room 101, No.

Applicant after: Guangzhou Electric Technology Co., Ltd.

Address before: 510000 Guangzhou science and Technology Industrial Development Zone, Guangdong Province, science Avenue, room 101, No. 808

Applicant before: Guangzhou Mdt InfoTech Ltd

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222