CN108540498B - Method and system for issuing security policy version in financial payment - Google Patents
Method and system for issuing security policy version in financial payment Download PDFInfo
- Publication number
- CN108540498B CN108540498B CN201810646226.7A CN201810646226A CN108540498B CN 108540498 B CN108540498 B CN 108540498B CN 201810646226 A CN201810646226 A CN 201810646226A CN 108540498 B CN108540498 B CN 108540498B
- Authority
- CN
- China
- Prior art keywords
- security policy
- version
- communication module
- module
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a system for issuing a security policy version in financial payment, which belong to the field of financial payment and information security, and comprise a security policy management system 10 and a security policy execution device 20, wherein the security policy management system 10 is provided with a security policy management module 101, a communication module 102, a security policy execution device state monitoring module 103, a synchronization module 104 and an enabling module 105, the communication module 102 is adopted to issue the security policy and control instruction of the security policy management system 10, response data of the security policy execution device 20 is received, and after the synchronization security policy version in the security policy execution device 20 is successfully enabled, the old security policy version is automatically disabled. The invention further improves the update issuing success rate and the safety of the safety strategy version by improving the safety strategy issuing flow, improves the issuing transmission efficiency, can construct the protection network of financial payment safety in an omnibearing and multi-layer way, and has high popularization and application value.
Description
Technical Field
The invention belongs to the field of financial payment and information security, and particularly relates to a method and a system for issuing a security policy version in financial payment.
Background
The design and implementation difficulty of the financial payment security system is high, and the design and implementation difficulty is mainly characterized in the following aspects: firstly, financial payment scene and technical scheme are diversified, and the safety requirement and the safety problem that different scenes and schemes face are different, and the safety system construction that leads to financial payment is very complicated, and the degree of difficulty of safety evaluation is also very big. Secondly, the security of the financial payment application is severely challenged by various loopholes, viruses and Trojan problems of the operating system of the smart phone and the App thereof. Thirdly, confidentiality, integrity and non-repudiation of financial payment information are achieved, sensitive information transmitted by merchants and users on a public network is easy to be stolen, abused and illegally tampered by others, loss is caused, confidentiality and integrity of information transmission are required to be achieved, and non-repudiation of transactions is guaranteed.
With the continuous rapid increase of network information, people have stronger safety protection consciousness, and meanwhile, the number of servers is increased year by year due to the increase of safety equipment, so that the distributed cluster system is widely applied. In the prior art, a means of uniformly issuing the security policy is generally adopted, and the security policy server can perform signaling interaction with the security equipment, so that the cost of manually maintaining the security equipment is reduced. The method comprises the steps of simultaneously updating a security policy corresponding to a second client associated with a first client when the security policy of the first client is detected to be updated, specifically, issuing security policy updating information to a client node corresponding to the second client and a client node corresponding to a server by a security policy platform to realize the updating operation of the security policy of the second client, and realizing the updating of the security policy by a third client according to the updating method of the second client.
The security problem of the mobile internet is endless, the security of financial payment is also seriously influenced objectively, and how to apply the security policy to a guarantee system covering the underlying hardware security, terminal application security, communication security, scene security and platform security is a problem which needs to be solved urgently by the technicians in the field.
Disclosure of Invention
The invention provides a method and a system for issuing a security policy version in financial payment, which are used for solving the problems of inconvenient operation, large occupied system resources and the like in the security policy updating and issuing process in the prior art, and further improving the updating and issuing success rate of the security policy version and the issuing security by improving the security policy updating and issuing process.
In order to achieve the above object, the present invention provides a method for issuing a security policy version in financial payment, the method comprising:
s101: the security policy version in the security policy management system 10 is generated by the security policy management module 101 inputting a parameter increment factor and PCode operation in a PCode operating environment;
s102: the security policy executing device state monitoring module 103 detects the current state information of the security policy executing device 20 and reports the current state information to the security policy management module 101;
s103: the synchronization module 104 issues the version number of the synchronized security policy version to a node of the security policy enforcement device 20;
s104: the communication module 102 monitors whether the version number issuing information of the synchronous security policy version exists in the node of the security policy executing device 20 in real time;
s105: the communication module 102 replies and informs the security policy execution device 20 to update the synchronous security policy version according to the heartbeat set by the security policy execution device 20;
s106: the security policy execution device 20 receives the synchronous security policy version of the communication module 102 in reply to the heartbeat notification, actively transmits a request synchronous security policy version to the communication module 102, and transmits the ciphertext of the current number of the security policy execution device 20 to the communication module 102;
s107: the communication module 102 receives the ciphertext numbered by the security policy execution device 20 and transmits the ciphertext to the security policy management module 101 for decryption verification, after verification, the security policy management module 101 calculates and obtains the total number of the ciphertext data blocks of the increment factor and the PCode, the size of each block of data, the data verification code B and the ciphertext data verification code A, and the communication module 102 replies the total number of the blocks and the verification code A to the security policy execution device 20;
s108: after receiving the total number of blocks and the check code a replied by the communication module 102, the security policy executing device 20 sends a request to the communication module 102 to issue increment factors and PCode ciphertext data;
s109: the communication module 102 receives the ciphertext numbered by the security policy execution device 20, transmits the ciphertext to the security policy management module 101 for decryption verification, takes the hardware information of the security policy execution device 20 as a secret key after verification, encrypts an increment factor and PCode in a currently issued security policy version, and sends the partitioned ciphertext data to the security policy execution device 20 in blocks;
s110: after the security policy executing device 20 receives the encrypted data of the block, firstly, the encrypted data of the block is combined, the verification code A is verified, and if the verification is passed, the encrypted data is decrypted by using the hardware information of the security policy executing device 20 as a key; after decryption, a data verification code B is obtained and used for verifying the decrypted data, and if verification is successful, a security policy version passing the synchronous verification is obtained;
s111: after the security policy executing device 20 successfully synchronizes the security policy version, the synchronization result is fed back to the communication module 102, and the communication module 102 then transmits the synchronization result to the security policy management module 101 for log recording.
Preferably, the ciphertext data check code a in S107 is used by the security policy enforcement device 20 to verify whether the partitioned ciphertext data is complete and correct after being combined; the data check code B in S107 is used by the security policy enforcement device 20 to verify whether the decrypted data is complete and correct; in S110, the security policy execution device 20 calculates a hash value according to a preset algorithm after combining the partitioned ciphertext data, compares the hash value with the received check code a, and verifies if the comparison result is matched; otherwise, the verification fails, namely the security policy version synchronization fails; in the step S110, after the security policy executing device 20 decrypts the data, a data check code B and data are obtained, the decrypted data are calculated to obtain a hash value according to a preset algorithm, and the hash value is compared with the received data check code B, if the comparison result is matched, the verification is passed; otherwise, the verification fails, namely the security policy version synchronization fails.
Further, in the S110, the security policy executing device 20 uses the hardware information of the security policy executing device 20 as a key to decrypt the cryptograph data passing through verification, and after decrypting, a data check code B is obtained, where the check code B is not the same check code as the cryptograph data check code a in S17, and the decrypted check code B is used to check whether the decrypted data is complete and correct, if the verification is successful, the security policy executing device 20 synchronously verifies the security policy version passing through, otherwise, the security policy executing device 20 is not synchronous.
Preferably, the method for issuing the security policy version further comprises the following steps: an enabling process of the synchronized security policy version, the steps of the enabling process being as follows:
s201: the enabling module 105 issues a version number of the enabled security policy version to one node of the security policy enforcement device 20;
s202: the communication module 102 monitors whether the version number issuing information of the enabled security policy version exists in the nodes of the security policy executing device 20 in real time;
s203: the communication module 102 replies and notifies the security policy enforcement device 20 of an enabling instruction according to the heartbeat set by the security policy enforcement device 20;
s204: the heartbeat replied by the communication module 102 is received by the security policy executing device 20 and contains an enabling instruction, the hardware information of the security policy executing device 20 is used as a key decryption enabling instruction, whether the version number of the decrypted security policy version is consistent with the version number of the security policy version which is successfully synchronized is checked, if so, the security policy version is enabled by the executing enabling instruction, otherwise, the security policy version is not executed, the enabling result is fed back to the communication module 102, and the enabling result is transmitted to the security policy management module 101 by the communication module 102 for log recording;
s205: the enabling instruction is obtained by the communication module 102 using the security policy enforcement device 20 hardware information as a key to encrypt the version number of the issued synchronized security policy version.
Preferably, the communication method adopted by the synchronization module 104, the communication module 102 and the enabling module 105 is wired communication and/or wireless communication.
Preferably, when the hardware information of the security policy executing device 20 is encrypted as a key, the hardware information includes a CPU serial number and a terminal number, and the encryption algorithm used is one or more symmetric encryption algorithms selected from DES, 3DES and AES.
Preferably, the old security policy version is automatically disabled after the synchronized security policy version in the security policy enforcement device 20 is successfully enabled.
The invention also provides a system for issuing the security policy version in the financial payment, which comprises: the security policy management system 10 and the security policy enforcement device 20, wherein the security policy management system 10 includes:
the security policy management module 101: the method comprises the steps of inputting a parameter increment factor and PCode operation in a PCode operation environment to generate a security policy version, checking ciphertext numbered by the security policy execution device 20, encrypting the issued increment factor and PCode data, and recording the update synchronization of the security policy execution device 20 and starting a security policy version log;
the communication module 102: the configuration parameters and control instructions for issuing the security policy management system 10, and also receive the request and ciphertext data responded by the security policy execution device 20;
the security policy enforcement device status monitoring module 103: the security policy management module 101 is used for detecting whether the security policy execution device 20 is online and reporting the information of the security policy execution device 20 to the security policy management module;
the synchronization module 104: a node for issuing a version number of the synchronized security policy version to the security policy enforcement device 20;
the enabling module 105: for issuing a version number of the enabled security policy version to a node of said security policy enforcement device 20.
Preferably, the security policy enforcement device 20 includes at least one of a BLE terminal, a mobile terminal, a ticket checking terminal, and a POS terminal.
Preferably, the security policy management module 101 is configured to block the sent ciphertext data, and is capable of calculating and obtaining a total number of blocks of the ciphertext data, a size of each block of ciphertext data, a data check code B, and a check code a of the ciphertext data.
Preferably, the check codes a and B are respectively used for judging whether the ciphertext data received by the security policy enforcement device 20 and the decrypted data are complete and correct.
Compared with the prior art, the invention has the beneficial effects that:
1. the invention provides a method and a system for issuing a security policy version in financial payment, wherein the security policy version of a background server is synchronized and started between the security policy version of a security policy execution device 20 and the security policy version of the security policy execution device 20 through a flow mode from a security policy management system 10 to a communication module 102 and then from the communication module 102 to each security policy execution device 20;
2. the invention adopts the data blocking transmission technology to reduce each data unit, so that on one hand, the transmission efficiency is improved, on the other hand, the data loss caused by the network broadband limitation is not easy to occur due to the small data quantity transmitted each time, and the data transmission success rate is improved;
3. the invention adopts the hardware information of the safety strategy executing device 20 as the secret key to encrypt the issued increment factor and PCode data, wherein the hardware information comprises a CPU serial number and a terminal serial number, and as the hardware information of each safety strategy executing device 20 is different, each secret key is different, and further the issued ciphertext data is different, so that the safety of the issued safety strategy version is improved;
in a word, the invention further improves the issuing success rate and the safety of the safety strategy version by improving the safety strategy issuing technology and the safety process, improves the issuing transmission efficiency, and achieves the purpose of constructing the protection network for the financial payment safety in an omnibearing and multi-layer manner.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention. In the drawings:
FIG. 1 is a flowchart of an update synchronization process of a method for issuing a security policy version in financial payment according to the present embodiment;
FIG. 2 is a flowchart illustrating an enabling process of a method for issuing a security policy version in financial payment according to the present embodiment;
fig. 3 is a schematic diagram of a system architecture for issuing a security policy version in financial payment in this embodiment.
Detailed Description
The present invention will be further described with reference to the drawings and examples, but the scope of the present invention is not limited to the following specific examples.
The embodiment provides a method for issuing a security policy version in financial payment, which comprises the steps of updating synchronization and starting a process, wherein the updating synchronization process flow (see fig. 1) of the method for issuing the security policy version in financial payment comprises the following steps:
s101: the security policy version in the security policy management system 10 is generated by the security policy management module 101 inputting a parameter increment factor and PCode operation in the PCode operating environment;
s102: the security policy executing device state monitoring module 103 detects the current state information of the security policy executing device 20 and reports the current state information to the security policy management module 101;
s103: the synchronization module 104 issues the version number of the synchronized security policy version to a node of the security policy enforcement device 20;
s104: the communication module 102 monitors whether the version number issuing information of the synchronous security policy version exists in the nodes of the security policy executing device 20 in real time;
s105: the communication module 102 replies and informs the security policy execution device 20 to update the synchronous security policy version according to the heartbeat set by the security policy execution device 20;
s106: the security policy execution device 20 receives the synchronous security policy version of the communication module 102 in reply to the heartbeat notification, actively transmits a request synchronous security policy version to the communication module 102, and transmits the ciphertext of the current number of the security policy execution device 20 to the communication module 102;
s107: the communication module 102 receives the ciphertext numbered by the security policy execution device 20 and transmits the ciphertext to the security policy management module 101 for decryption verification, after verification, the security policy management module 101 calculates and obtains the total number of the ciphertext data blocks of the increment factor and the PCode, the size of each block of data, the data verification code B and the ciphertext data verification code A, and the communication module 102 replies the total number of the blocks and the verification code A to the security policy execution device 20;
s108: after receiving the total number of blocks and the check code a replied by the communication module 102, the security policy executing device 20 sends a request to the communication module 102 to issue increment factors and PCode ciphertext data;
s109: the communication module 102 receives the ciphertext numbered by the security policy execution device 20, transmits the ciphertext to the security policy management module 101 for decryption verification, takes the hardware information of the security policy execution device 20 as a secret key after verification, encrypts an increment factor and PCode in a currently issued security policy version, and sends the partitioned ciphertext data to the security policy execution device 20 in blocks;
s110: after the security policy executing device 20 receives the encrypted data of the block, firstly, the encrypted data of the block is combined, the verification code A is verified, and if the verification is passed, the encrypted data is decrypted by using the hardware information of the security policy executing device 20 as a key; after decryption, a data verification code B is obtained and used for verifying the decrypted data, and if verification is successful, a security policy version passing the synchronous verification is obtained;
s111: after the security policy executing device 20 successfully synchronizes the security policy version, the synchronization result is fed back to the communication module 102, and the communication module 102 then transmits the synchronization result to the security policy management module 101 for log recording.
The ciphertext data check code a in S107 is used by the security policy enforcement device 20 to verify whether the partitioned ciphertext data are complete and correct after being combined; the data check code B in S107 is used by the security policy enforcement device 20 to verify whether the decrypted data is complete and correct; in S110, the security policy execution device 20 calculates a hash value according to a preset algorithm after combining the partitioned ciphertext data, compares the hash value with the received check code a, and verifies if the comparison result is matched; otherwise, the verification fails, namely the security policy version synchronization fails; in the step S110, after the security policy executing device 20 decrypts the data, a data check code B and data are obtained, the decrypted data are calculated to obtain a hash value according to a preset algorithm, and the hash value is compared with the received data check code B, if the comparison result is matched, the verification is passed; otherwise, the verification fails, namely the security policy version synchronization fails.
Further, in the S110, the security policy executing device 20 uses the hardware information of the security policy executing device 20 as a key to decrypt the cryptograph data passing through verification, and after decrypting, a data check code B is obtained, where the check code B is not the same check code as the cryptograph data check code a in S17, and the decrypted check code B is used to check whether the decrypted data is complete and correct, if the verification is successful, the security policy executing device 20 synchronously verifies the security policy version passing through, otherwise, the security policy executing device 20 is not synchronous.
In S111 above, after the security policy version synchronization of the security policy executing device 20 is successful, the feedback synchronization result of the security policy executing device 20 includes: the number and the security policy version number of the security policy enforcement device 20 with successful synchronization, and the number and the security policy version number of the security policy enforcement device 20 with failed synchronization.
The method for issuing the security policy version further comprises the following steps: an enablement procedure for synchronized security policy versions, the steps of the enablement procedure (see fig. 2) being as follows:
s201: the enabling module 105 issues the version number of the enabled security policy version to a node of the security policy enforcement device 20;
s202: the communication module 102 monitors whether version number issuing information of the enabled security policy version exists in the nodes of the security policy executing device 20 in real time;
s203: the communication module 102 replies and notifies the security policy enforcement device 20 of an enabling instruction according to the heartbeat set by the security policy enforcement device 20;
s204: the heartbeat replied by the communication module 102 is received by the security policy executing device 20 and contains an enabling instruction, the hardware information of the security policy executing device 20 is used as a key decryption enabling instruction, whether the version number of the decrypted security policy version is consistent with the version number of the security policy version which is successfully synchronized is checked, if so, the security policy version is enabled by the executing enabling instruction, otherwise, the security policy version is not executed, the enabling result is fed back to the communication module 102, and the enabling result is transmitted to the security policy management module 101 by the communication module 102 for log recording;
s205: the enabling instruction is obtained by the communication module 102 using the security policy enforcement device 20 hardware information as a key to encrypt the version number of the issued synchronized security policy version.
The communication methods adopted by the synchronization module 104, the communication module 102 and the enabling module 105 are wired communication and/or wireless communication.
Specifically, in S204 above, after the security policy version enablement by the security policy enforcement device 20 is successful, the feedback enablement result by the security policy enforcement device 20 includes: the successful enablement of the security policy enforcement device 20 number and security policy version number, and the failed enablement of the security policy enforcement device 20 number and security policy version number.
When the hardware information of the security policy executing device 20 is used as a key to encrypt, the hardware information includes a CPU serial number and a terminal number, and the encryption algorithm used is one or more symmetric encryption algorithms selected from DES, 3DES and AES.
It is particularly emphasized that the old security policy version automatically fails after the synchronized security policy version in the security policy enforcement device 20 is enabled successfully.
In this embodiment, a system for issuing a security policy version in financial payment is also provided (see fig. 3), where the system includes: the security policy management system 10 and the security policy enforcement device 20, wherein the security policy management system 10 includes:
the security policy management module 101: the method comprises the steps of inputting a parameter increment factor and PCode operation in a PCode operation environment to generate a security policy version, checking ciphertext numbered by the security policy execution device 20, encrypting the issued increment factor and PCode data, and recording the update synchronization of the security policy execution device 20 and starting a security policy version log;
the communication module 102: the configuration parameters and control instructions for issuing the security policy management system 10, and also receive the request and ciphertext data responded by the security policy execution device 20;
the security policy enforcement device status monitoring module 103: the security policy management module 101 is used for detecting whether the security policy execution device 20 is online and reporting the information of the security policy execution device 20 to the security policy management module;
the synchronization module 104: a node for issuing a version number of the synchronized security policy version to the security policy enforcement device 20;
the enabling module 105: for issuing a version number of the enabled security policy version to a node of said security policy enforcement device 20.
The security policy enforcement device 20 includes at least one of a BLE terminal, a mobile terminal, a ticket checking terminal, and a POS terminal.
The security policy management module 101 is configured to block the transmitted ciphertext data, and is capable of calculating and obtaining a total number of blocks of the ciphertext data, a size of each block of ciphertext data, a data check code B, and a check code a of the ciphertext data.
The check codes a and B are respectively used for judging whether the ciphertext data received by the security policy executing device 20 and the decrypted data are complete and correct.
In summary, compared with the prior art, the method and system for issuing the security policy version in financial payment not only can realize the synchronized security policy version in the security policy execution device 20, but also can automatically fail the old security policy version after the security policy version is successfully started, and does not need to operate a disabling instruction to release system memory data occupied by excessive security policies, so that the operation is convenient, and the system resources are automatically optimized; in the embodiment, a data block transmission technology is adopted, so that data units are reduced, the transmission efficiency is improved, and the success rate of data transmission is improved; in addition, in this embodiment, the hardware information of the security policy executing device 20 is used as a key to encrypt the issued increment factor and PCode data, so as to improve the security of the issued security policy version. In summary, by improving the security policy issuing technology and process, the issuing success rate and security of the security policy version are greatly improved.
The above description should not be taken as limiting the practice of the invention to these descriptions, but it will be understood by those skilled in the art that several simple deductions or substitutions may be made without departing from the spirit of the invention, and the invention is defined by the appended claims.
Claims (10)
1. A method for issuing a security policy version in financial payment, the method comprising:
s101: the security policy version in the security policy management system 10 is generated by the security policy management module 101 inputting a parameter increment factor and PCode operation in the PCode operating environment;
s102: the security policy executing device state monitoring module 103 detects the state information of the current security policy executing device 20 and reports the state information to the security policy management module 101;
s103: the synchronization module 104 issues the version number of the synchronized security policy version to one node of the security policy coordination device 106;
s104: the communication module 102 monitors whether the version number issuing information of the synchronous security policy version exists in the nodes of the security policy coordination device 106 in real time;
s105: the communication module 102 replies and informs the security policy execution device 20 to update the synchronous security policy version according to the heartbeat set by the security policy execution device 20;
s106: the security policy execution device 20 receives the synchronous security policy version of the communication module 102 in reply to the heartbeat notification, actively transmits a request synchronous security policy version to the communication module 102, and transmits the ciphertext of the current number of the security policy execution device 20 to the communication module 102;
s107: the communication module 102 receives the ciphertext numbered by the security policy executing device 20 and transmits the ciphertext to the security policy management module 101 for decryption verification, after verification, the security policy management module 101 calculates and obtains the total number of blocks of the ciphertext data of the increment factor and the PCode, the size of each block of data, the data verification code B and the verification code A of the ciphertext data, and the communication module 102 replies the total number of blocks and the verification code A to the security policy executing device 20;
s108: after receiving the total number of blocks and the check code a replied by the communication module 102, the security policy executing device 20 sends a request to the communication module 102 to issue increment factors and PCode ciphertext data;
s109: the communication module 102 receives the ciphertext numbered by the security policy execution device 20, transmits the ciphertext to the security policy management module 101 for decryption verification, takes the hardware information of the security policy execution device 20 as a secret key after verification, encrypts an increment factor and a PCode in a currently issued security policy version, and distributes the partitioned ciphertext data to the security policy execution device 20 in blocks;
s110: after the security policy executing device 20 receives the block ciphertext data, firstly, the block ciphertext data is combined, the verification code A is verified, and if the verification is passed, the hardware information of the security policy executing device 20 is used as a key to decrypt the ciphertext data; after decryption, a data verification code B is obtained and used for verifying the decrypted data, and if verification is successful, a security policy version passing the synchronous verification is obtained;
s111: after the security policy executing device 20 successfully synchronizes the security policy version, the synchronization result is fed back to the communication module 102, and the communication module 102 then transmits the synchronization result to the security policy management module 101 for log recording.
2. The method for issuing a security policy version in financial payment according to claim 1, wherein: the method also comprises an enabling process of the synchronized security policy version, which comprises the following steps:
s201: the enabling module 105 issues the version number of the enabled security policy version to the security policy coordination device 106;
s202: the communication module 102 monitors whether the security policy coordination device 106 has version number issuing information of the enabled security policy version in real time;
s203: the communication module 102 replies and notifies the security policy enforcement device 20 of an enabling instruction according to the heartbeat set by the security policy enforcement device 20;
s204: the heartbeat replied by the communication module 102 is received by the security policy executing device 20 and contains an enabling instruction, the hardware information of the security policy executing device 20 is used as a key decryption enabling instruction, whether the version number of the decrypted security policy version is consistent with the version number of the security policy version which is successfully synchronized is checked, if so, the security policy version is enabled by the executing enabling instruction, otherwise, the security policy version is not executed, the enabling result is fed back to the communication module 102, and the enabling result is transmitted to the security policy management module 101 by the communication module 102 for log recording;
s205: the enabling instruction is obtained by the communication module 102 using the security policy enforcement device 20 hardware information as a key to encrypt the version number of the issued synchronized security policy version.
3. The method for issuing a security policy version in financial payment according to claim 2, wherein: the communication methods adopted by the synchronization module 104, the communication module 102 and the enabling module 105 are wired communication and/or wireless communication.
4. The method for issuing a security policy version in financial payment according to claim 1, wherein: when the hardware information of the security policy executing device 20 is used as a key to encrypt, the hardware information includes a CPU serial number and a terminal number, and the encryption algorithm used is one or more symmetric encryption algorithms selected from DES, 3DES and AES.
5. The method for issuing a security policy version in financial payment according to claim 2, wherein: after the synchronized security policy version in the security policy enforcement device 20 is successfully enabled, the previous old security policy version is automatically disabled.
6. A system employing a method of security policy version issuing in financial payments according to any of claims 1-5 comprising a security policy management system 10 and said security policy enforcement device 20, characterised in that: the security policy management system 10 includes:
the security policy management module 101 is configured to input a parameter increment factor and PCode operation in a PCode operating environment to generate a security policy version, check ciphertext numbered by the security policy execution device 20, encrypt the issued increment factor and PCode data, and record update synchronization and enable security policy version log of the security policy execution device 20;
the communication module 102 is configured to issue configuration parameters and control instructions of the security policy management system 10, and further receive a request and ciphertext data that the security policy execution device 20 responds to;
a security policy execution device state monitoring module 103, configured to detect whether the security policy execution device 20 is online, and report online information of the security policy execution device 20 to the security policy management module 101;
a synchronization module 104, configured to issue a version number of the synchronized security policy version to a node of the security policy coordination device 106;
an enabling module 105, configured to issue a version number of the enabled security policy version to a node of the security policy coordination device 106.
7. The system according to claim 6, wherein: the security policy enforcement device 20 includes one or more of a mobile phone, a BLE terminal, a mobile terminal, a ticket checking terminal, and a POS terminal, which are used for payment.
8. The system according to claim 6, wherein: the security policy management module 101 is configured to block the transmitted ciphertext data, and is capable of calculating and obtaining a total number of blocks of the ciphertext data, a size of each block of ciphertext data, a data check code B, and a check code a of the ciphertext data.
9. The system according to claim 6, wherein: the check code a and the data check code B of the ciphertext data are respectively used for judging whether the ciphertext data received by the security policy execution device 20 and the decrypted data are complete and correct.
10. The system according to claim 6, wherein: after the synchronized security policy version in the security policy enforcement device 20 is successfully enabled, the previous old security policy version is automatically disabled.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810646226.7A CN108540498B (en) | 2018-06-21 | 2018-06-21 | Method and system for issuing security policy version in financial payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810646226.7A CN108540498B (en) | 2018-06-21 | 2018-06-21 | Method and system for issuing security policy version in financial payment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108540498A CN108540498A (en) | 2018-09-14 |
| CN108540498B true CN108540498B (en) | 2023-05-05 |
Family
ID=63471387
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810646226.7A Active CN108540498B (en) | 2018-06-21 | 2018-06-21 | Method and system for issuing security policy version in financial payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108540498B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729086B (en) * | 2018-12-28 | 2021-02-23 | 奇安信科技集团股份有限公司 | Policy management method, system, device, and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015184891A1 (en) * | 2014-11-20 | 2015-12-10 | 中兴通讯股份有限公司 | Security management and control method, apparatus, and system for android system |
| CN106067886A (en) * | 2016-08-03 | 2016-11-02 | 广州唯品会信息科技有限公司 | Security strategy update method and system |
| CN106100834A (en) * | 2016-06-22 | 2016-11-09 | 广西咪付网络技术有限公司 | The generation in a kind of algorithm secret key storehouse and update method |
-
2018
- 2018-06-21 CN CN201810646226.7A patent/CN108540498B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015184891A1 (en) * | 2014-11-20 | 2015-12-10 | 中兴通讯股份有限公司 | Security management and control method, apparatus, and system for android system |
| CN106100834A (en) * | 2016-06-22 | 2016-11-09 | 广西咪付网络技术有限公司 | The generation in a kind of algorithm secret key storehouse and update method |
| CN106067886A (en) * | 2016-08-03 | 2016-11-02 | 广州唯品会信息科技有限公司 | Security strategy update method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108540498A (en) | 2018-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110162936B (en) | Software content use authorization method | |
| CN105050081B (en) | Method, device and system for connecting network access device to wireless network access point | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| CN100561916C (en) | A kind of method and system that upgrades authenticate key | |
| KR102177848B1 (en) | Method and system for verifying an access request | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| CN108737442A (en) | A kind of cryptographic check processing method | |
| TWI679556B (en) | Transaction method, device and system for virtual reality environment | |
| US11831753B2 (en) | Secure distributed key management system | |
| EP2291787A2 (en) | Techniques for ensuring authentication and integrity of communications | |
| CN102946392A (en) | URL (Uniform Resource Locator) data encrypted transmission method and system | |
| CN111737366A (en) | Private data processing method, device, equipment and storage medium of block chain | |
| EP2845141A1 (en) | Method and system for activation | |
| CN111130798B (en) | Request authentication method and related equipment | |
| CN110362984B (en) | Method and device for operating service system by multiple devices | |
| CN114257376B (en) | Digital certificate updating method, device, computer equipment and storage medium | |
| CN107426223B (en) | Cloud document encryption and decryption method, cloud document encryption and decryption device and cloud document processing system | |
| CN112765626A (en) | Authorization signature method, device and system based on escrow key and storage medium | |
| CN110138736B (en) | Identity authentication method, device and equipment for multiple dynamic random encryption of Internet of things | |
| CN107171784B (en) | Emergency command scheduling method and system for emergency environment events | |
| JP2014022920A (en) | Electronic signature system, electronic signature method, and electronic signature program | |
| CN108540498B (en) | Method and system for issuing security policy version in financial payment | |
| KR20160063250A (en) | Network authentication method using a card device | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| CN113505358A (en) | Method for supervising information processing behaviors |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |