CN107483210B - Data verification method and system - Google Patents
Data verification method and system Download PDFInfo
- Publication number
- CN107483210B CN107483210B CN201710670479.3A CN201710670479A CN107483210B CN 107483210 B CN107483210 B CN 107483210B CN 201710670479 A CN201710670479 A CN 201710670479A CN 107483210 B CN107483210 B CN 107483210B
- Authority
- CN
- China
- Prior art keywords
- data
- service
- processing
- service data
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention discloses a data verification method, a device and a system, wherein the data verification method applied to a server side comprises the following steps: obtaining application side data which comprises first service data and signature data, wherein the signature data is obtained by performing preset first and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; respectively executing first processing and standardized processing on the first service data to obtain first processing result data and service data in a standard interface format required by a service party; and verifying the first service data based on the signature data and the first processing result data. Therefore, the invention realizes the transfer of the workflow of converting the characteristic data of the application party into the standard data of the service party from the application party to the execution of the service party, and the mechanism enables the service party to obtain the initial service data of the application party, thereby being capable of acquiring whether the service data of the application party is tampered or not in a signature verification mode.
Description
Technical Field
The invention belongs to the technical field of digital verification of data in direct connection of a bank and an enterprise, and particularly relates to a data verification method and system.
Background
At present, bank-enterprise direct connection services provided by commercial banks are all standard services (standard interfaces and standard access modes), but with the continuous improvement of the financial management level of enterprises, more and more personalized demands are generated. The characteristic interface required by enterprises, especially large group enterprises, and the standardized service provided by banks often have contradictions.
In order to solve the problem, the commercial bank provides a standard front-end processor for the enterprise, and also provides a characteristic front-end processor for the enterprise (the standard front-end processor and the characteristic front-end processor belong to bank front-end processors), and the characteristic front-end processor is arranged at the enterprise end and used for converting an enterprise characteristic interface message (a business data message) and a bank standard interface message. Referring to fig. 1, assuming that the client feature message is a, the bank front-end processor disposed at the client converts the feature message a into a bank standard interface message a', thereby solving the problem that the feature interface required by the enterprise and the standardized service provided by the bank are contradictory.
However, since the message finally sent to the bank end is a bank standard interface message, such as a' above, the message sent to the bank-enterprise direct connection application server is not the client initial message, which causes a problem that the bank-enterprise cannot perform signature verification on the client message when processing the client message, that is, it cannot know whether the client original message is tampered by means of signature verification.
Disclosure of Invention
In view of this, the present invention provides a data verification method and system, and aims to solve the signature verification problem of the client initial message in the direct connection of the bank and the enterprise.
Therefore, the invention discloses the following technical scheme:
a data verification method is applied to a server side, and comprises the following steps:
obtaining application party data sent by an application party; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party;
executing the first processing on the first service data to obtain first processing result data;
executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party;
and performing signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result.
Preferably, in the method, the service party includes a comprehensive front platform and a server, and the obtaining of the application party data sent by the application party includes:
and receiving application party data sent by an application party by using the comprehensive front-end platform.
In the above method, preferably, if the first process is a predetermined hash process or an encryption process, and the second process is a predetermined signature process, the performing the first process on the first service data to obtain first process result data includes:
performing hash operation on the first service data by using a preset hash algorithm in the comprehensive preposed platform to obtain corresponding hash data; or;
and encrypting the first service data by using a preset encryption algorithm in the comprehensive preposition platform to obtain corresponding ciphertext data.
Preferably, in the method, the signature verification of the first service data based on the signature data and the first processing result data includes:
combining the service data in the standard interface format, the first processing result data and the signature data by using the comprehensive front-end platform, and sending the combined data obtained by combining to the server;
verifying whether equivalence between the original text and the signature exists between the first processing result data and the signature data by using the server to obtain a verification result; if the verification result shows that the data is provided, the first service data is not tampered relative to the original service data; and if the verification result shows that the first service data is not available, the first service data is tampered relative to the original service data. .
The above method, preferably, further comprises: processing the service data in the standard interface format by using the server based on the verification result;
the processing the service data in the standard interface format by the utilization server based on the verification result comprises the following steps:
if the verification result shows that the first service data is not tampered, performing normal service processing on the service data in the standard interface format, and feeding back service processing result data to an application party through the comprehensive front-end platform; if the verification result shows that the first service data is tampered, executing preset error reporting processing, and feeding back error reporting information to an application party through the comprehensive preposed platform;
wherein, the utilizing server feeds back service processing result data or error information to the application party through the comprehensive preposition platform, further comprising:
sending the service processing result data or error information in the standard interface format to the comprehensive prepositive platform by using the server;
and converting the service processing result data or the error information in the standard interface format into service processing result data or error information in a special interface format of an application party by using the comprehensive preposed platform, and sending the service processing result data or the error information in the special interface format to the application party.
A data verification method is applied to an application side, and comprises the following steps:
acquiring original service data to be sent to a service party, wherein the original service data is data in a specific interface format of an application party;
performing preset first processing and second processing on the original service data to obtain signature data corresponding to the original service data;
combining the original service data and the signature data to obtain application data, and sending the application data to a server; so that the server performs signature verification and service data processing based on the verification result on the data of the application party;
and receiving processing result data sent by the server.
In the method, preferably, the application side includes an application system and a micro-front device, and the performing predetermined first processing and second processing on the original service data to obtain signature data corresponding to the original service data includes:
performing predetermined hash operation or encryption processing on the original service data from the application system by using the micro-front device to obtain corresponding hash data or ciphertext data; and carrying out preset signature adding processing on the hash data or the ciphertext data to obtain the signature data.
Preferably, in the method, the receiving the processing result data sent by the server side includes:
receiving service processing result data or error information in a specific interface format of an application party from a service party by using the micro-front device; and forwarding the service processing result data or the error reporting information to the application system.
A first data validation apparatus for use with a server, the apparatus comprising:
the comprehensive prepositive platform is used for acquiring application party data sent by an application party; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; the first processing module is used for executing the first processing on the first service data to obtain first processing result data; executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party;
and the server is used for carrying out signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result.
In the above apparatus, preferably, the first process is a predetermined hash process or an encryption process, and the second process is a predetermined signature signing process;
the integrated front-end platform performs the first processing on the first service data to obtain first processing result data, and the method specifically includes:
the comprehensive prepositive platform performs preset Hash operation on the first service data by utilizing a preset Hash algorithm to obtain corresponding Hash data; or; and encrypting the first service data by using a preset encryption algorithm to obtain corresponding ciphertext data.
In the foregoing apparatus, preferably, the server performs signature verification on the first service data based on the signature data and the first processing result data, and specifically includes:
the server receives combined data sent by a comprehensive preposed platform, wherein the combined data is obtained by combining the service data in the standard interface format, the first processing result data and the signature data by the comprehensive preposed platform; verifying whether equivalence between the original text and the signature exists between the first processing result data and the signature data to obtain a verification result; if the verification result shows that the data is provided, the first service data is not tampered relative to the original service data; and if the verification result shows that the first service data is not available, the first service data is tampered relative to the original service data.
Preferably, the server is further configured to process the service data in the standard interface format based on a verification result;
the server processes the service data in the standard interface format based on the verification result, and specifically includes:
if the verification result shows that the first service data is not tampered, the server executes normal service processing on the service data in the standard interface format, and feeds back service processing result data to an application party through the comprehensive front-end platform; if the verification result shows that the first service data is tampered, the server executes preset error reporting processing and feeds error reporting information back to an application party through the comprehensive preposed platform;
wherein, the server feeds back service processing result data or error information to the application party through the comprehensive preposition platform, and further comprises:
the server sends the service processing result data or error information in the standard interface format to the comprehensive preposed platform; the comprehensive prepositive platform converts the service processing result data or the error information in the standard interface format into service processing result data or error information in a special interface format of an application party, and sends the service processing result data or the error information in the special interface format to the application party.
A second data verification apparatus, applied to an application side, the apparatus comprising:
an application system;
the micro-front device is used for acquiring original service data to be sent to a service side in the application system, wherein the original service data is data in a specific interface format of the application side; performing preset first processing and second processing on the original service data to obtain signature data corresponding to the original service data; combining the original service data and the signature data to obtain application data, and sending the application data to a server; so that the server performs signature verification and service data processing based on the verification result on the data of the application party; and receiving processing result data sent by the server.
Preferably, in the apparatus, the micro-front end device performs predetermined first processing and second processing on the original service data to obtain signature data corresponding to the original service data, and specifically includes:
the micro-front device performs preset hash operation or encryption processing on the original service data from the application system to obtain corresponding hash data or ciphertext data: and carrying out preset signature adding processing on the hash data or the ciphertext data to obtain the signature data.
A data verification system comprising a first data verification apparatus as described above, and a second data verification apparatus as described above, wherein: the data verification system completes required data verification and corresponding data processing based on the data verification based on the interaction between the first data verification device and the second data verification device.
According to the scheme, the data verification method applied to the server side obtains application side data which comprises first service data to be verified and signature data, wherein the signature data is obtained by performing preset first and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; respectively executing the first processing and the standardized processing on the first service data to obtain first processing result data and service data in a standard interface format required by a service party; and finally, verifying the first service data based on the signature data and the first processing result data. Therefore, the invention realizes the work flow of converting the characteristic data of the application party into the standard data of the service party, and the work flow is transferred from the application party to the execution of the service party, and the processing mechanism enables the service party to obtain the initial service data (namely the first service data in the specific interface format of the application party, but not the standard data obtained after standardization) of the application party, thereby being capable of obtaining whether the service data of the application party is falsified in a signature verification mode.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a schematic diagram of data interaction between a client network and a banking network in a prior art bank-enterprise direct connection;
FIG. 2 is a flowchart of a method for verifying data of a server according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of data interaction between an application side and a service side according to an embodiment of the present invention;
FIG. 4 is another flow chart of a method for verifying data of a server according to a second embodiment of the present invention;
fig. 5 is a flowchart of an application data verification method according to a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of a first data verification apparatus according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second data verification apparatus according to a fifth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a data verification system according to a sixth embodiment of the present invention.
Detailed Description
For the sake of reference and clarity, the technical terms, abbreviations or abbreviations used hereinafter are to be interpreted in summary as follows:
the bank-enterprise is directly connected: the online banking system is a new online direct connection access mode of the online banking system and the enterprise financial system. The group enterprise connects the internal fund system with the commercial bank system through a data interface.
Bank-rabbet front-end processor: the system is developed and maintained by a commercial bank, is generally deployed in a client network, and provides functions of data encryption, signature adding, verification and forwarding for the bank-enterprise direct connection.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a data verification method, which is applied to a server, such as a bank in application scenarios like bank-enterprise direct connection, and aims to solve the signature verification problem of a client initial message (including business data) in application scenarios like bank-enterprise direct connection. Referring to fig. 2, a flow chart of a method for server data validation is shown, which may include the steps of:
The invention provides a method for changing a working mechanism of a service party (such as a bank network in a bank-enterprise direct connection) and an application party (such as a client network in the bank-enterprise direct connection) in the prior art, and particularly provides a working process for converting application party characteristic data into service party standard data in the prior art, and the working process is transferred from the application party to the service party for execution, so that the signature and signature checking problem of a client initial message in the bank-enterprise direct connection is solved.
In view of this, unlike the network composition and the working principle of the application side and the service side as shown in fig. 1 adopted in the prior art, in the present invention, referring to fig. 3, the service side specifically includes an integrated front-end platform and a server, that is, the workflow of converting the application side characteristic data into the service side standard data, which is possessed by the bank front-end processor arranged at the application side in the prior art, is migrated to the integrated front-end platform arranged at the service side and executed in the present invention.
On this basis, the data verification method applied to the server side provided by the embodiment can complete the processing procedures of the steps included in the data verification method based on the mutual cooperation between the comprehensive preposed platform of the server side and the server.
In step 201, the integrated front-end platform of the service side may be used to receive the application side data sent by the application side. The application side data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data by the application side; the first service data is data in a specific interface format of an application party.
For example, if the original service data provided by the application party is a, the application party may first perform hash operation or encryption processing (i.e., first processing) on the service data a by using a predetermined hash algorithm or encryption algorithm to obtain corresponding hash data or ciphertext data, and then perform signature and signature processing (second processing) on the hash data or ciphertext data by using the application party to obtain signature data B corresponding to the original service data. And then, the application side combines the original service data A and the signature data B corresponding to the original service data A and sends the combined original service data A and the signature data B to the service side.
In this step 201, the first service data included in the application data obtained by using the integrated front-end platform of the service party may be consistent with the original service data provided by the application party, which means that the service data provided by the application party is not tampered before being transmitted to the service party; of course, the first service data may also be inconsistent with the original service data provided by the application party, which indicates that the service data provided by the application party is tampered before being transmitted to the service party.
For example, for the original service data a and the signature data B thereof, after the application side combines a and B and sends the a and B to the service side, the service side receives corresponding application side data, the received application side data includes first service data Ax and signature data B, the first service data Ax may be consistent with or inconsistent with the original service data a, and for this case, the present invention aims to verify the first service data Ax based on the signature data B to verify whether the first service data Ax is tampered with respect to the original service data a.
The process of this step 202 is also performed in the integrated front-end platform of the server.
After receiving the application data from the application party, the integrated front-end platform may first analyze the application data, for example, the application data may specifically be analyzed as signature data of a fixed-length part and an original request message of a client (carrying the first service data), and separate the first service data and the signature data in the application data, for example, separate the application data to obtain the first service data Ax and the signature data B. Thereafter, a first process may be performed on the first traffic data.
In this step 202, the integrated front-end platform of the service party performs the same hash operation or encryption processing on the first service data by using the same hash algorithm or encryption algorithm.
Assuming that the first service data is Ax, the step may perform a hash operation or an encryption process on Ax, and encode a hash operation or an encryption processing structure, such as BASE64 encoding, to obtain first processing result data a1 corresponding to Ax, and then, the a1 is also used in a signature verification process for Ax.
This step can also be performed in the integrated front end platform of the server.
In view of the above, in this embodiment, in the comprehensive front-end platform of the server, the first service data in the interface format specific to the application party included in the received application party data is standardized according to the requirement of the server, so as to obtain the service data in the standard interface format required by the server.
Still taking the first service data Ax corresponding to the original service data a as an example, the integrated front-end platform can obtain the service data a' in the standard interface format required by the server by standardizing the first service data Ax.
On the basis, the integrated front-end platform can combine the service data (a ') in the standard interface format, the first processing result data (a1) and the signature data (B), and send the combined data (a' + a1+ B) to the server of the server side, as shown in fig. 3. The comprehensive prepositive platform can specifically adopt a request message form to send the combined data to a server.
And 204, performing signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result.
This step is performed in particular in the server of the server.
After receiving a request message carrying the combined data sent by the comprehensive front-end platform, the server analyzes the request message to obtain service data (A') in a standard interface format, first processing result data (A1) and signature data (B), and caches an analysis result.
On this basis, the server can verify the first traffic data (Ax) on the basis of the signature data (B) and the first processing result data (a 1).
Wherein, whether the equivalence between the original text and the signature is available between the first processing result data (A1) and the signature data (B) can be verified, and a verification result is obtained; if the verification result shows that the data is provided, the first service data (Ax) is not tampered relative to the original service data (A); if the verification result shows that the original service data (A) is not available, the first service data (Ax) is falsified relative to the original service data (A).
Wherein, specifically, the signature data (B) is data obtained by performing the first processing and the second processing on the original service data (a) generated by the application system by the application party, so that the signature data (B) corresponds to the original service data (a) generated by the application system, and as can be seen from the above, the first processing result data (a1) is data obtained by performing the first processing on the first service data (Ax), so that the first processing result data (a1) corresponds to the first service data (Ax) received by the service party; in view of this, it is possible to indirectly verify whether the first service data (Ax) is consistent with the original service data (a) provided by the application side by verifying whether equivalence between the original text and the signature is provided between the first processing result data (a1) and the signature data (B).
In specific implementation, a server of the service party, such as a bank-enterprise direct connection server, may invoke a signature verification server preset at the service party based on the first processing result data and the signature data, and may, for example, invoke the signature verification server specifically set at the bank, and perform the signature verification process by using the signature verification server, to verify whether the first service data is tampered.
Subsequently, a server at the server side, such as a bank-enterprise direct connection server, may perform corresponding different processing on the service data in the standard interface format based on different verification results, and the content of this step will be described in the following embodiments.
According to the scheme, the data verification method applied to the server side obtains application side data which comprises first service data to be verified and signature data, wherein the signature data is obtained by performing preset first and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; respectively executing the first processing and the standardized processing on the first service data to obtain first processing result data and service data in a standard interface format required by a service party; and finally, verifying the first service data based on the signature data and the first processing result data. Therefore, the invention realizes the work flow of converting the characteristic data of the application party into the standard data of the service party, and the work flow is transferred from the application party to the execution of the service party, and the processing mechanism enables the service party to obtain the initial service data (namely the first service data in the specific interface format of the application party, but not the standard data obtained after standardization) of the application party, thereby being capable of obtaining whether the service data of the application party is falsified in a signature verification mode.
In the following second embodiment of the present invention, referring to another flowchart of the server data verification method shown in fig. 4, the method may further include:
step 205: and processing the service data in the standard interface format by using the server based on the verification result.
If the verification result shows that the first service data is not tampered relative to the original service data of the application party, the data of the application party is safe and credible, so that normal service processing can be performed on the service data in the standard interface format, and the service processing result data is fed back to the application party through the comprehensive front-end platform. For example, the service data in the standard interface format is analyzed to obtain service data such as a payment account number, a collection account number, and an amount of the customer, and corresponding transaction processing is performed on the service data.
And if the verification result shows that the first service data is tampered, the data of the application party is no longer safe and credible, and for the condition, preset error reporting processing is executed, corresponding service response is refused to be carried out, and error reporting information is fed back to the application party through the comprehensive preposed platform.
Specifically, when the service side application side feeds back corresponding processing result information, the service side server may first send the service processing result data in the standard interface format or the error information to the comprehensive front-end platform; on the basis, the comprehensive prepositive platform can be used for converting the service processing result data or the error information in the standard interface format into the service processing result data or the error information in the special interface format of the application party and sending the service processing result data or the error information in the special interface format to the application party so as to realize response to the application party.
In a third embodiment of the present invention, a data verification method is provided, where the method of this embodiment is applied to an application party, for example, an enterprise party in an application scenario such as bank-enterprise direct connection, and with reference to a flowchart of the application party data verification method shown in fig. 5, the method may include the following steps:
The method is applied to an application party, and aims to solve the signature verification problem of the client initial message (including business data) in application scenes such as bank-enterprise direct connection and the like through the mutual cooperation with the method applied to the service party provided in the embodiment. In correspondence to the above structural composition of the server including the integrated front-end platform and the server in the embodiment, referring to fig. 3, the application may include an application system, such as an Enterprise Resource Planning (ERP) system of an Enterprise customer, and a micro front-end device, wherein the micro front-end device is still provided by the server, but compared with a feature front-end device provided by the server to the application and disposed at the application in the prior art, the micro front-end device no longer has a function of converting the application feature data into the server feature data, that is, the function of converting the application feature data into the server feature data is migrated from the application to the server (specifically, the function is migrated to the integrated front-end platform of the server).
The steps included in the method of this embodiment may be implemented in the micro-front-end device on the application side.
In this step, the micro-front-end device may specifically receive original service data sent by an application system (e.g., a customer ERP system) of an application party, where the original service data is specifically data in an interface format specific to the application party, and the data may be sent by the application system in the form of a request message and received by the micro-front-end device of the application party.
As described above, the first process may be a hash operation, an encryption process, or the like, and the second process may be a signature signing process performed on the result of the hash operation or the encryption process.
In view of this, in this step, the micro front-end device on the application side may perform a hash operation on the request packet including the original service data received from the application system by using a predetermined hash algorithm, or perform an encryption process on the request packet by using a predetermined encryption algorithm; on the basis, the result data obtained by the hash operation or the encryption process, that is, the hash data or the ciphertext data, may be encoded, for example, based 64 encoding, and the encoding result may be used to sign the data certificate.
Taking the original service data as a, after performing the hash operation/encryption processing, encoding, and signing on the original service data, a signature data B corresponding to the original service data as a can be obtained.
Then, the micro-front device combines the original service data and the signature data of the original service data based on a certain combination rule, and sends the combined data (such as A + B) obtained by combination to a comprehensive front platform of a service side for processing.
Specifically, for example, based on a combination rule of "placing the signature result as a fixed-length message before the original request message of the client", the received application system request message (including the original service data a) and the signature data obtained based on the first and second processes may be combined, and the combined data may be sent to the server, so that the server performs corresponding processing based on signature verification on the data.
And step 504, receiving the processing result data sent by the server.
As described in the second embodiment of the present invention, the service party may correspondingly perform different processing on the service data according to different signature verification results of the service data, for example, when the verification result indicates that the service data received from the application party has not been tampered, the service party performs normal service processing on the service data, and if the service data has been tampered, the service party performs error reporting processing. Accordingly, the processing result data received by the application side from the service side is specifically the service processing result data or the error information.
Specifically, the micro-front device of the application side receives the service processing result data or the error information in the application side specific interface format sent by the comprehensive front platform of the service side, and forwards the received service processing result data or the error information to the application system of the application side, so as to respond to the request message of the application system.
An embodiment of the present invention provides a first data verification apparatus, which is applied to a server side, and with reference to a schematic structural diagram of the first data verification apparatus shown in fig. 6, the apparatus includes:
the comprehensive front platform 601 is used for acquiring application party data sent by an application party; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; the first processing module is used for executing the first processing on the first service data to obtain first processing result data; and executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party.
The server 602 is configured to perform signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service side processes the service data in the standard interface format based on the verification result.
In an implementation manner of the embodiment of the present invention, the first process is a predetermined hash process or an encryption process, and the second process is a predetermined signature signing process; the integrated front-end platform performs the first processing on the first service data to obtain first processing result data, and the method specifically includes:
the comprehensive prepositive platform performs preset Hash operation on the first service data by utilizing a preset Hash algorithm to obtain corresponding Hash data; or; and encrypting the first service data by using a preset encryption algorithm to obtain corresponding ciphertext data.
In an implementation manner of the embodiment of the present invention, the performing, by the server, signature verification on the first service data based on the signature data and the first processing result data specifically includes:
the server receives combined data sent by a comprehensive preposed platform, wherein the combined data is obtained by combining the service data in the standard interface format, the first processing result data and the signature data by the comprehensive preposed platform; verifying whether equivalence between the original text and the signature exists between the first processing result data and the signature data to obtain a verification result; if the verification result shows that the data is provided, the first service data is not tampered relative to the original service data; and if the verification result shows that the first service data is not available, the first service data is tampered relative to the original service data.
In an implementation manner of the embodiment of the present invention, the server is further configured to process the service data in the standard interface format based on a verification result; the server processes the service data in the standard interface format based on the verification result, and specifically includes:
if the verification result shows that the first service data is not tampered, the server executes normal service processing on the service data in the standard interface format, and feeds back service processing result data to an application party through the comprehensive front-end platform; if the verification result shows that the first service data is tampered, the server executes preset error reporting processing and feeds error reporting information back to an application party through the comprehensive preposed platform;
wherein, the server feeds back service processing result data or error information to the application party through the comprehensive preposition platform, and further comprises:
the server sends the service processing result data or error information in the standard interface format to the comprehensive preposed platform; the comprehensive prepositive platform converts the service processing result data or the error information in the standard interface format into service processing result data or error information in a special interface format of an application party, and sends the service processing result data or the error information in the special interface format to the application party.
For the first data verification device disclosed in the fourth embodiment of the present invention, since it corresponds to the data verification methods disclosed in the first to second embodiments, the description is relatively simple, and for the relevant similarities, refer to the description of the data verification methods in the first to second embodiments, and the details are not described herein.
An embodiment of the present invention provides a second data verification apparatus, which is applied to an application side, and with reference to a schematic structural diagram of the second data verification apparatus shown in fig. 7, the apparatus includes:
an application system 701;
a micro front-end device 702, configured to obtain original service data to be sent to a service side in the application system, where the original service data is data in a format of a specific interface of the application side; performing preset first processing and second processing on the original service data to obtain signature data corresponding to the original service data; combining the original service data and the signature data to obtain application data, and sending the application data to a server; so that the server performs signature verification and service data processing based on the verification result on the data of the application party; and receiving processing result data sent by the server.
In an implementation manner of the embodiment of the present invention, the micro front-end device performs predetermined first processing and second processing on the original service data to obtain signature data corresponding to the original service data, and specifically includes:
the micro-front device performs preset hash operation or encryption processing on the original service data from the application system to obtain corresponding hash data or ciphertext data: and carrying out preset signature adding processing on the hash data or the ciphertext data to obtain the signature data.
For the second data verification device disclosed in the fifth embodiment of the present invention, since it corresponds to the data verification method disclosed in the third embodiment, the description is relatively simple, and for the relevant similar points, reference may be made to the description of the data verification method in the third embodiment, and details are not described here.
An embodiment of the present invention provides a data verification system, and referring to a schematic structural diagram of the data verification system shown in fig. 8, the system includes a first data verification apparatus according to the fourth embodiment, and a second data verification apparatus according to the fifth embodiment, where:
the data verification system completes required data verification and corresponding data processing based on the data verification based on the interaction between the first data verification device and the second data verification device.
In summary, the scheme of the present invention realizes the workflow of converting the application-side characteristic data into the server-side standard data, and the workflow is transferred from the application side to the server side for execution, and the processing mechanism enables the server side to obtain the initial service data of the application side (instead of the standard data obtained by standardizing the initial data), so that whether the application-side service data is tampered or not can be known in a signature verification manner.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
Finally, it is further noted that, herein, relational terms such as first, second, third, fourth, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A data verification method applied to a server, the method comprising:
obtaining application side data which comprises client ERP system specific interface format data and is sent by an application side; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application side client ERP system;
executing the first processing on the first service data to obtain first processing result data;
executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party;
performing signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result;
wherein, the service party includes a comprehensive front platform and a server, and the obtaining of the application party data sent by the application party includes:
receiving application party data sent by an application party by using the comprehensive front-end platform;
the first processing is predetermined hash processing or encryption processing, and the second processing is predetermined signature signing processing, and the first processing is performed on the first service data to obtain first processing result data, including:
performing hash operation on the first service data by using a preset hash algorithm in the comprehensive preposed platform to obtain corresponding hash data; or;
encrypting the first service data by using a preset encryption algorithm in the comprehensive preposition platform to obtain corresponding ciphertext data;
the signature verification of the first service data based on the signature data and the first processing result data includes:
combining the service data in the standard interface format, the first processing result data and the signature data by using the comprehensive front-end platform, and sending the combined data obtained by combining to the server;
verifying whether equivalence between the original text and the signature exists between the first processing result data and the signature data by using the server to obtain a verification result; if the verification result shows that the data is provided, the first service data is not tampered relative to the original service data; and if the verification result shows that the first service data is not available, the first service data is tampered relative to the original service data.
2. The method of claim 1, further comprising: processing the service data in the standard interface format by using the server based on the verification result;
the processing the service data in the standard interface format by the utilization server based on the verification result comprises the following steps:
if the verification result shows that the first service data is not tampered, performing normal service processing on the service data in the standard interface format, and feeding back service processing result data to an application party through the comprehensive front-end platform; if the verification result shows that the first service data is tampered, executing preset error reporting processing, and feeding back error reporting information to an application party through the comprehensive preposed platform;
wherein, the utilizing server feeds back service processing result data or error information to the application party through the comprehensive preposition platform, further comprising:
sending the service processing result data or error information in the standard interface format to the comprehensive prepositive platform by using the server;
and converting the service processing result data or the error information in the standard interface format into service processing result data or error information in a special interface format of an application party by using the comprehensive preposed platform, and sending the service processing result data or the error information in the special interface format to the application party.
3. A data verification method applied to an application side, corresponding to the data verification method applied to a service side of any one of claims 1 to 2, the method comprising:
the method comprises the steps of obtaining original service data to be sent to a service party, wherein the original service data are data in a special interface format of a client ERP system of an application party;
performing preset first processing and second processing on the original service data to obtain signature data corresponding to the original service data;
combining the original service data and the signature data to obtain application side data including data in a special interface format of a client ERP system, and sending the application side data to a service side; so that the server performs signature verification and service data processing based on the verification result on the application data, wherein the signature verification and service data processing based on the verification result are performed on the application data on the server, and the method comprises the following steps: obtaining application party data sent by an application party; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; executing the first processing on the first service data to obtain first processing result data; executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party; performing signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result;
and receiving processing result data sent by the server.
4. The method according to claim 3, wherein the application party includes an application system and a micro-front-end device, and the performing the predetermined first processing and second processing on the original service data to obtain signature data corresponding to the original service data includes:
performing predetermined hash operation or encryption processing on the original service data from the application system by using the micro-front device to obtain corresponding hash data or ciphertext data; and carrying out preset signature adding processing on the hash data or the ciphertext data to obtain the signature data.
5. The method of claim 4, wherein the receiving the processing result data sent by the server comprises:
receiving service processing result data or error information in a specific interface format of an application party from a service party by using the micro-front device; and forwarding the service processing result data or the error reporting information to the application system.
6. A first data verification apparatus, applied to a server, the apparatus comprising:
the comprehensive prepositive platform is used for acquiring application side data which are sent by an application side and comprise client ERP system specific interface format data; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; the first processing module is used for executing the first processing on the first service data to obtain first processing result data; executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party;
the server is used for carrying out signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result;
the first processing is preset Hash processing or encryption processing, and the second processing is preset signature adding processing;
the integrated front-end platform performs the first processing on the first service data to obtain first processing result data, and the method specifically includes:
the comprehensive prepositive platform performs preset Hash operation on the first service data by utilizing a preset Hash algorithm to obtain corresponding Hash data; or; encrypting the first service data by using a preset encryption algorithm to obtain corresponding ciphertext data;
the server, based on the signature data and the first processing result data, performs signature verification on the first service data, and specifically includes:
the server receives combined data sent by a comprehensive preposed platform, wherein the combined data is obtained by combining the service data in the standard interface format, the first processing result data and the signature data by the comprehensive preposed platform; verifying whether equivalence between the original text and the signature exists between the first processing result data and the signature data to obtain a verification result; if the verification result shows that the data is provided, the first service data is not tampered relative to the original service data; and if the verification result shows that the first service data is not available, the first service data is tampered relative to the original service data.
7. The apparatus of claim 6, wherein the server is further configured to process the service data in the standard interface format based on a verification result;
the server processes the service data in the standard interface format based on the verification result, and specifically includes:
if the verification result shows that the first service data is not tampered, the server executes normal service processing on the service data in the standard interface format, and feeds back service processing result data to an application party through the comprehensive front-end platform; if the verification result shows that the first service data is tampered, the server executes preset error reporting processing and feeds error reporting information back to an application party through the comprehensive preposed platform;
wherein, the server feeds back service processing result data or error information to the application party through the comprehensive preposition platform, and further comprises:
the server sends the service processing result data or error information in the standard interface format to the comprehensive preposed platform; the comprehensive prepositive platform converts the service processing result data or the error information in the standard interface format into service processing result data or error information in a special interface format of an application party, and sends the service processing result data or the error information in the special interface format to the application party.
8. A second data authentication apparatus, applied to an application side, corresponding to the first data authentication apparatus applied to a service side according to any one of claims 6 to 7, the apparatus comprising:
an application system; the application system is a customer ERP system;
the micro-front device is used for acquiring original service data to be sent to a service side in the application system, wherein the original service data is data in a specific interface format of the application side; performing preset first processing and second processing on the original service data to obtain signature data corresponding to the original service data; combining the original service data and the signature data to obtain application side data including data in a special interface format of a client ERP system, and sending the application side data to a service side; so that the server performs signature verification and service data processing based on the verification result on the data of the application party; receiving processing result data sent by a server;
the method for executing signature verification and business data processing based on a verification result on the data of the application party on the service party comprises the following steps: obtaining application party data sent by an application party; the application data comprises first service data to be verified and signature data used for verifying the first service data, and the signature data is obtained by performing preset first processing and second processing on original service data corresponding to the first service data; the first service data is data in a specific interface format of an application party; executing the first processing on the first service data to obtain first processing result data; executing preset standardization processing on the first service data to obtain service data in a standard interface format required by a service party; and performing signature verification on the first service data based on the signature data and the first processing result data to obtain a verification result, so that the service party processes the service data in the standard interface format based on the verification result.
9. The apparatus according to claim 8, wherein the micro-front end device performs a first process and a second process on the original service data to obtain signature data corresponding to the original service data, and specifically includes:
the micro-front device performs preset hash operation or encryption processing on the original service data from the application system to obtain corresponding hash data or ciphertext data: and carrying out preset signature adding processing on the hash data or the ciphertext data to obtain the signature data.
10. A data verification system comprising a first data verification apparatus as claimed in any one of claims 6 to 7 and a second data verification apparatus as claimed in any one of claims 8 to 9, wherein: the data verification system completes required data verification and corresponding data processing based on the data verification based on the interaction between the first data verification device and the second data verification device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710670479.3A CN107483210B (en) | 2017-08-08 | 2017-08-08 | Data verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710670479.3A CN107483210B (en) | 2017-08-08 | 2017-08-08 | Data verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107483210A CN107483210A (en) | 2017-12-15 |
| CN107483210B true CN107483210B (en) | 2021-03-16 |
Family
ID=60598986
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710670479.3A Active CN107483210B (en) | 2017-08-08 | 2017-08-08 | Data verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107483210B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113364806B (en) * | 2021-06-30 | 2023-04-07 | 深圳前海微众银行股份有限公司 | Service interface migration verification method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101937598A (en) * | 2010-08-23 | 2011-01-05 | 中国工商银行股份有限公司 | Insurance policy output device based on bank teller terminal |
| CN106209383A (en) * | 2016-07-13 | 2016-12-07 | 广东商联支付网络技术有限公司 | A kind of method and device of mobile payment security certification |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100397812C (en) * | 2004-07-26 | 2008-06-25 | 中国工商银行股份有限公司 | Communication method and system basenon vertual link customer terminal and bank network |
| EP1833009B1 (en) * | 2006-03-09 | 2019-05-08 | First Data Corporation | Secure transaction computer network |
| CN101030278A (en) * | 2007-04-04 | 2007-09-05 | 王忠杰 | Paper-bill payment system based on Internet service |
| CN101834946A (en) * | 2010-05-11 | 2010-09-15 | 丁峰 | Method for performing safe mobile phone payment and mobile phone for performing safe payment |
| WO2012123859A1 (en) * | 2011-03-16 | 2012-09-20 | Garay Peter A | Transaction security method and device |
| CN103078911A (en) * | 2012-12-27 | 2013-05-01 | 中国建设银行股份有限公司 | Communication system for directly connecting bank and enterprise and communication method of communication system |
| CN105205592B (en) * | 2015-09-06 | 2019-02-26 | 北京瑞宏科技有限公司 | It realizes that electronic invoice keeps accounts based on cloud platform and submits an expense account system and method |
| CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
-
2017
- 2017-08-08 CN CN201710670479.3A patent/CN107483210B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101937598A (en) * | 2010-08-23 | 2011-01-05 | 中国工商银行股份有限公司 | Insurance policy output device based on bank teller terminal |
| CN106209383A (en) * | 2016-07-13 | 2016-12-07 | 广东商联支付网络技术有限公司 | A kind of method and device of mobile payment security certification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107483210A (en) | 2017-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210256510A1 (en) | Computer implemented method for processing a financial transaction and a system therefor | |
| US11531661B2 (en) | Vehicle incident documentation for blockchain | |
| US11050690B2 (en) | Method for providing recording and verification service for data received and transmitted by messenger service, and server using method | |
| EP2974122B1 (en) | Systems and methods for cryptographic security as a service | |
| US8868916B2 (en) | Self-contained electronic signature | |
| CN108352021B (en) | Method and system for authentication data collection and reporting associated with online transactions | |
| CN107124281B (en) | Data security method and related system | |
| CN106529938A (en) | Virtual card issuing method, device and terminal | |
| US20160149918A1 (en) | Secure information interaction method for electronic resources transfer | |
| US11740817B2 (en) | Modular data processing and storage system | |
| US11716200B2 (en) | Techniques for performing secure operations | |
| CN107169364A (en) | A kind of data security method and related system | |
| JP2018533131A (en) | Authentication service customer data management method and system | |
| CN111325585A (en) | Asset transfer method, device and computer readable storage medium | |
| CN113129008B (en) | Data processing method, device, computer readable medium and electronic equipment | |
| CN107483210B (en) | Data verification method and system | |
| CN103647650A (en) | Rule definition based automatic signature/signature verification device and method | |
| CN113014556A (en) | Bank-enterprise communication system, communication method and electronic terminal | |
| CN116703576A (en) | Trade detection method and device, storage medium and electronic equipment | |
| CN117408804A (en) | Logistics bill verification method, system, device, equipment and storage medium | |
| CN116821954A (en) | Information processing method and device, electronic equipment and computer readable storage medium | |
| CN113592625A (en) | Credit report generation method and device and electronic equipment | |
| CN117478418A (en) | System manager data transaction method and system based on blockchain | |
| CN115510493A (en) | Resource data processing method and device based on block chain and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |