CN110351091B - Resource replacement method and device based on double signatures and computer equipment - Google Patents

Resource replacement method and device based on double signatures and computer equipment Download PDF

Info

Publication number
CN110351091B
CN110351091B CN201910463018.8A CN201910463018A CN110351091B CN 110351091 B CN110351091 B CN 110351091B CN 201910463018 A CN201910463018 A CN 201910463018A CN 110351091 B CN110351091 B CN 110351091B
Authority
CN
China
Prior art keywords
user
request
resource
signature
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910463018.8A
Other languages
Chinese (zh)
Other versions
CN110351091A (en
Inventor
郭鸿程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910463018.8A priority Critical patent/CN110351091B/en
Publication of CN110351091A publication Critical patent/CN110351091A/en
Application granted granted Critical
Publication of CN110351091B publication Critical patent/CN110351091B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/03Credit; Loans; Processing thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Strategic Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Data Mining & Analysis (AREA)
  • Power Engineering (AREA)
  • Biomedical Technology (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a resource replacement method, a resource replacement device, computer equipment and a storage medium based on double signatures, wherein the method comprises the following steps: receiving a first request sent by a terminal; determining whether the first request has a double signature; if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value; if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource; auditing the first request according to the approval rule; and if the first request is approved, generating a resource replacement instruction corresponding to the first request. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.

Description

Resource replacement method and device based on double signatures and computer equipment
Technical Field
The present application relates to the field of computers, and in particular, to a resource replacement method and apparatus based on dual signatures, a computer device, and a storage medium.
Background
Resource replacement (e.g., loans) are frequently used in modern life, including credit loans, mortgage loans, personal loans, couple loans, and the like. Where replacements involving common resources (e.g., couple loans) are difficult to deal with. The couple loan requires the mutual confirmation of the couple compared with other loans, so the process is more complicated and takes longer. In the traditional technology, for couple loan, the identities of a first user and a second user need to be sequentially verified while the loan is verified, in this case, for the couple, the first user and the second user need to prepare related identity data in advance, which increases the complexity of the process and increases the time consumption; for the auditor, the verification of the specific identity needs to be carried out in real time when the loan is specifically approved, the complexity of the process is increased, and the time consumption is increased. Therefore, the prior art cannot solve the technical problems of long process and much time consumption related to common resource replacement.
Disclosure of Invention
The present application mainly aims to provide a resource replacement method, device, computer equipment and storage medium based on dual signatures, and aims to solve the technical problems of long flow and much time consumption of common resource replacement in the conventional technology.
In order to achieve the above object, the present application provides a resource replacement method based on dual signatures, including the following steps:
receiving a first request sent by a terminal, wherein the first request is used for requesting a first user and a second user to replace a second resource by a common first resource, and the first request comprises the type of the first resource;
judging whether the first request has a double signature, wherein the double signature is a digital signature which can be generated only by confirmation of the first user and the second user;
if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value;
if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource;
auditing the first request according to the approval rule;
and if the first request is approved, generating a resource replacement instruction corresponding to the first request.
Further, the step of determining whether the first request has a double signature, wherein the double signature is a digital signature that can be generated only by confirmation of the first user and the second user, comprises:
receiving a dual signature generation application sent by the terminal, wherein the dual signature generation application is attached with relationship information of the first user and the second user, and the relationship information at least comprises but is not limited to the following information: identification information of the first user, identification information of the second user and association information for representing the first user and the second user;
verifying the relationship information between the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises identification information for verifying the identification information of the first user and the second user and the association information;
if the relationship information of the first user and the second user is verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
Further, the verifying the relationship information between the first user and the second user according to a preset verification rule, where the verification rule at least includes a step of verifying the identification information and the association information of the identification information of the first user and the second user, and includes:
verifying identification information and the association information of the identification information of the first user and the second user by using a specified network through which real identification information and real association information of the first user and the second user can be acquired;
if the identification information of the first user and the second user and the associated information are verified to be correct, a microphone of the terminal is opened, the first user and the second user are prompted to perform specified limb actions through voice, and a camera of the terminal is opened to collect images of the first user and the second user;
determining whether the images of the first user and the second user include the specified limb movement;
and if the images of the first user and the second user comprise the specified limb actions, judging that the relationship information of the first user and the second user is correct.
Further, the first request is encrypted by a first private key to form a first ciphertext, the dual signature is encrypted by a second private key and then encrypted by the first private key to form a second ciphertext, and the determining whether the first request has the dual signature includes:
decrypting the first ciphertext by using a first public key corresponding to the first private key to obtain a first plaintext;
decrypting the data at the signature position in the first plaintext by using a second public key corresponding to a second private key to obtain a second plaintext;
judging whether the second plaintext is the same as a preset verification plaintext or not;
and if the second plaintext is the same as a preset verification plaintext, judging that the first request has a double signature.
Further, the first public key includes a first sub-key and a second sub-key, and the decrypting the first ciphertext by using the first public key corresponding to the first private key to obtain the first plaintext includes:
dividing the first ciphertext into a first part and a second part according to a predetermined dividing method;
decrypting the first part and the second part by using the first sub-key and the second sub-key respectively to obtain a first sub-plaintext and a second sub-plaintext;
combining the first sub-plaintext and the second sub-plaintext into a temporary plaintext according to a preset combination method;
and removing the filling data in the temporary plaintext according to a reverse algorithm of a preset filling algorithm, thereby obtaining the first plaintext.
Further, if the difference between the current time point and the time point of generating the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource, the method includes:
if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, calling a historical use record of the double signature, and judging whether the historical use record is empty or not;
if the historical use record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource.
Further, the step of reviewing the first request according to the approval rule includes:
judging whether the first user and the second user are blacklist members or not;
if the first user and the second user are not blacklist members, judging whether the current state of the first resource is the same as a preset state;
and if the current state of the first resource is the same as the preset state, judging that the preliminary audit is passed, and sending the first request to the next audit terminal specified by the loan approval rule.
The application provides a resource replacement device based on dual signature includes:
a first request receiving unit, configured to receive a first request sent by a terminal, where the first request is used to request a first user and a second user to replace a second resource with a common first resource, and the first request includes a type of the first resource;
a double signature judging unit, configured to judge whether the first request has a double signature, where the double signature is a digital signature that can be generated only by confirmation of both the first user and the second user;
a time threshold determination unit, configured to determine whether a difference between a current time point and a time point of generation of a double signature is smaller than a preset time threshold if the first request has the double signature;
an approval rule obtaining unit, configured to extract the type of the first resource from the first request if a difference between a current time point and a generation time point of the dual signature is smaller than a preset time threshold, and invoke an approval rule corresponding to the type of the first resource according to the type of the first resource;
the auditing unit is used for auditing the first request according to the approval rule;
and the resource replacement instruction generating unit is used for generating a resource replacement instruction corresponding to the first request if the first request passes the audit.
The present application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of any of the above methods when the processor executes the computer program.
The present application provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of any of the above.
The resource replacement method, the resource replacement device, the computer equipment and the storage medium based on the double signatures receive a first request sent by a terminal, if the first request has the double signatures, and the difference value between the current time point and the generation time point of the double signatures is smaller than a preset time threshold, the type of the first resource is extracted from the first request, an approval rule corresponding to the type of the first resource is called according to the type of the first resource, and if the first request passes the approval, a resource replacement instruction corresponding to the first request is generated. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.
Drawings
Fig. 1 is a schematic flowchart of a resource replacement method based on dual signatures according to an embodiment of the present application;
fig. 2 is a schematic block diagram illustrating a structure of a resource permutation device based on dual signatures according to an embodiment of the present application;
fig. 3 is a block diagram illustrating a structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, an embodiment of the present application provides a resource replacement method based on dual signatures, including the following steps:
s1, receiving a first request sent by a terminal, wherein the first request is used for requesting a first user and a second user to replace a second resource through a common first resource, and the first request comprises the type of the first resource;
s2, judging whether the first request has a double signature or not, wherein the double signature is a digital signature which can be generated only by confirmation of the first user and the second user;
s3, if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value;
s4, if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource;
s5, checking the first request according to the approval rule;
and S6, if the first request is approved, generating a resource replacement instruction corresponding to the first request.
As described in step S1 above, a first request sent by a terminal is received, where the first request is used to request a first user and a second user to replace a second resource with a common first resource, and the first request includes a type of the first resource. Where a terminal refers to a terminal used by a user intending to loan. The first request refers to a request involving a resource common to the first user and the second user. Wherein the relationship between the first user and the second user is, for example, a couple relationship, and the resource replacement is, for example, a loan. However, the process of verifying the identity of a couple is more complicated because the couple loan affects both parties of the couple than the normal loan, and not only the normal loan affects only one of them. The loan type is any feasible loan type such as house mortgage loan, vehicle mortgage loan and the like, and the flow of different types of loans is different.
As described in step S2 above, it is determined whether the first request has a double signature, where the double signature is a digital signature that can be generated only by confirmation of both the first user and the second user. The method and the system adopt double signatures to judge whether the first request is confirmed by both parties, compared with the traditional method of sequentially verifying the identities of both parties, the steps are simplified, the confirmation procedure is accelerated, the identity can be verified in advance, real-time verification is not needed, and the loan process is smoother to operate. Wherein the dual signature is a digital signature that can only be generated if both the first user and the second user confirm. The generation process of the double signature is, for example: receiving a double signature generation application sent by a terminal; verifying the identity; and if the identities of the two parties are verified to be correct, generating a double signature, and sending the double signature to the terminal. Further, while generating the double signature, a first user signature and a second user signature corresponding to the double signature can be generated, and the first user signature and the second user signature are sent to the terminal (at this time, the double signature is not sent to the terminal), wherein the first user signature and the second user signature are used for being combined to generate the double signature (namely, when applying for loan, the terminal sends the first user signature and the second user signature to the server, and after the server verifies that the first user signature and the second user signature are both correct, the first user signature and the second user signature are automatically combined to generate the double signature), so that the hidden danger caused by the fact that the double signature is independently mastered by either the first user or the second user is avoided.
As described in step S3, if the first request has a double signature, it is determined whether a difference between a current time point and a time point of generating the double signature is smaller than a preset time threshold. In order to prevent misoperation caused by abuse of the double signature, the method and the device limit the timeliness of the double signature by judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold. Wherein the predetermined time threshold is, for example, 1 hour to 1 month, preferably 3 hours to 1 week, more preferably 5 hours to 24 hours.
As described in step S4, if the difference between the current time point and the time point of generating the double signature is smaller than the preset time threshold, the type of the first resource is extracted from the first request, and an approval rule corresponding to the type of the first resource is invoked according to the type of the first resource. If the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value, the double signature is in an effective time period and is effective, and a subsequent loan approval process can be carried out. Loans are classified into different types, and the flow of different types of loans is different. And the first request carries information of loan types, the type of the first resource is extracted from the first request according to the information, and an approval rule corresponding to the type of the first resource is called according to the type of the first resource. The loan approval rules are preset and correspond to the loan types, and specific approval procedures can be carried out after the loan approval rules are called on the premise of determining the loan types.
As described in step S5 above, the first request is checked according to the approval rule. Specific loan approval rules include any rules including, for example, auditing a wedding certificate, a house certificate, mortgage status, credit status, whether blacklisted, etc. And carrying out corresponding examination and approval according to different loan types.
As described in step S6 above, if the first request is approved, a resource replacement instruction corresponding to the first request is generated. And if the first request is approved, the first user and the second user are in accordance with loan regulations, and the first user and the second user can be affirmed to really send loan requests according to the double signature, so that the resource replacement instruction corresponding to the first request is generated.
In one embodiment, the determining whether the first request has a double signature, where the double signature is a digital signature that can be generated only by confirmation of both the first user and the second user, before step S2, includes:
s11, receiving a dual signature generation application sent by the terminal, wherein the dual signature generation application is attached with relationship information of the first user and the second user, and the relationship information at least comprises but is not limited to the following information: identification information of the first user, identification information of the second user and association information for representing the first user and the second user;
s12, verifying the relationship information of the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises identification information for verifying the identification information of the first user and the second user and the association information;
s13, if the relationship information of the first user and the second user is verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
As described above, generation of a double signature is achieved. The identification information is, for example, an identity card, and the associated information is, for example, a wedding card. The double signature of the present embodiment may be issued by any feasible entity, for example, by the executing entity of the present application, and preferably issued by the loan server, so that the executing entity of the present application can determine the couple to which the double signature specifically corresponds. Wherein the identities of the first user and the second user are verified, wherein the verification rules at least include verification of the identity card and marriage certificate information (e.g., identity card number and marriage certificate number) of the first user and the second user such as: and comparing the identity cards of the first user and the second user with correct identity card information respectively, comparing the marriage certificate information of the first user and the second user with the correct identity card information, and if the identity cards are the same, judging that the identities of the couples and the wives are correct. The correct identification card information and the correct identification card information may be pre-stored in an executive body (for example, a loan server) of the application, or may be obtained from a server having the correct identification card information and the correct identification card information (for example, a server of a public security department and a server of a civil administration department) through a designated network. If the identities of the first user and the second user are verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal. Further, the process of receiving the information confirmed by each of the first user and the second user may further include: opening a camera of the terminal to acquire a current image, judging whether the current image is a first user or a second user according to a preset image comparison algorithm, and when the current image is the first user, requiring the first user to perform a confirmation operation, and when the current image is the second user, requiring the second user to perform a confirmation operation, thereby receiving respective confirmation information of the first user and the second user.
In an embodiment, the verifying the relationship information between the first user and the second user according to a preset verification rule, where the verification rule at least includes the step S12 of verifying the identification information and the association information of the identification information of the first user and the second user, and includes:
s121, verifying the identification information and the association information of the identification information of the first user and the second user by using a specified network, wherein the real identification information and the real association information of the first user and the second user can be obtained through the specified network;
s122, if the identification information of the first user and the second user and the associated information are verified to be correct, a microphone of the terminal is opened, the first user and the second user are prompted to perform specified limb actions through voice, and a camera of the terminal is opened to collect images of the first user and the second user;
s123, judging whether the images of the first user and the second user comprise the specified limb actions;
and S124, if the images of the first user and the second user comprise the specified limb actions, judging that the relation information of the first user and the second user is correct.
As described above, it is enabled to employ a living body identification approach to further verify the identity of the first user and the second user. In order to ensure that the loan applicant is an application proposed by the applicant, the method adopts a living body identification mode to ensure that the loan applicant is living, so as to prevent cheating cameras such as static images, fake videos and the like from cheating loans. The identity card and marriage certificate information of the first user and the second user are first verified using a designated network through which the true identity card and true marriage certificate information of the first user and the second user can be obtained (e.g., obtained over the designated network to a server having correct identity card information and correct identity card information (e.g., a server of a public security department and a civil administration department)). Then opening a microphone of the terminal, prompting the first user and the second user to make a specified limb action by voice, and opening a camera of the terminal to acquire images of the first user and the second user; determining whether the images of the first user and the second user include the specified limb movement; if the images of the first user and the second user include the designated limb movement, it is indicated that the first user and the second user are living bodies, and identification card and marriage certificate information have been verified as described above, and thus it is determined that the relationship information of the first user and the second user is correct. Further, the specified limb action includes a plurality of types, and the determining whether the images of the first user and the second user include the specified limb action includes determining whether the images of the plurality of the first user and the second user include the plurality of types of the specified limb action. Further, the images of the first user and the second user comprise images of a couple's same frame, and the determining whether the images of the first user and the second user comprise the specified limb action comprises: judging whether the image of the first user in the image of the same frame of the first user and the second user makes a first user-specified limb action of voice prompt or not, and simultaneously judging whether the image of the second user in the image of the same frame of the first user and the second user makes a second user-specified limb action of voice prompt or not; if a first user specified limb action of voice prompt is made by the image of the first user in the image of the same frame of the first user and the second user, and a second user specified limb action of voice prompt is made by the image of the second user in the image of the same frame of the first user and the second user, the images of the first user and the second user are judged to include the specified limb action. Or, the images of the first user and the second user include a first user individual image and a second user individual image, and the determining whether the images of the first user and the second user include the specified limb movement includes: judging whether the first user independent image makes a first user specified limb action of voice prompt or not, and judging whether the second user independent image makes a second user specified limb action of voice prompt or not; if the first user single image gives out the first user specified limb action of the voice prompt, and the second user specified limb action of the second user single image giving out the voice prompt is judged, the images of the first user and the second user are judged to include the specified limb action.
In one embodiment, the step S2 of determining whether the first request has a double signature includes:
s201, decrypting the first ciphertext by using a first public key corresponding to a first private key to obtain a first plaintext;
s202, decrypting the data at the signature position in the first plaintext by using a second public key corresponding to a second private key to obtain a second plaintext;
s203, judging whether the second plaintext is the same as a preset verification plaintext;
s204, if the second plaintext is the same as a preset verification plaintext, determining that the first request has a double signature.
As described above, the method for ensuring the security of the digital signature by adopting multiple encryption is realized. The public and private key pair composed of the first public key and the first private key is used for encrypting and decrypting the first request, and the public and private key pair composed of the second public key and the second private key is used for encrypting and decrypting the double signature, so that the first request is protected by one layer of encryption (the first public key and the public and private key pair composed of the first private key), and the double signature is protected by two layers of encryption (the first public key and the public and private key pair composed of the first private key and the public and private key pair composed of the second private key and the second public and private key pair). And if the second public key can decrypt the second plaintext, and the second plaintext is the same as the preset verification plaintext, the signature is a double signature corresponding to the first request, and therefore the first request is judged to have the double signature.
In one embodiment, the step S201 of decrypting the first ciphertext by using the first public key corresponding to the first private key to obtain the first plaintext includes:
s2011, dividing the first ciphertext into a first part and a second part according to a pre-agreed dividing method;
s2012, decrypting the first part and the second part by using the first sub-key and the second sub-key, respectively, to obtain a first sub-plaintext and a second sub-plaintext;
s2013, combining the first sub-plaintext and the second sub-plaintext into a temporary plaintext according to a preset combination method;
s2014, removing the filling data in the temporary plaintext according to a preset inverse algorithm of the filling algorithm, and thus obtaining the first plaintext.
As described above, obtaining the first plaintext is achieved. The method adopts the first sub-secret key and the second sub-secret key to encrypt or decrypt the first ciphertext in a subsection mode, so that the information security is improved; and the data is filled in the first plaintext by using a preset filling algorithm to obtain a temporary plaintext, so that the method is suitable for a specific encryption and decryption algorithm and improves the safety. The specific encryption and decryption algorithm is, for example, a TEA algorithm, the TEA algorithm is a block cipher algorithm, a plaintext cipher text block of the TEA algorithm is 64 bits, a key length is 128 bits, the TEA algorithm uses a Delta (golden section rate) value which is continuously increased as a change, so that encryption of each round is different, and a plaintext of the TEA algorithm must be a byte multiple of 8, so when the first plaintext is not the byte multiple of 8, the first plaintext is encrypted into a temporary plaintext by using a preset padding algorithm to adapt to the TEA algorithm, and therefore, padding data in the temporary plaintext can be removed according to a reverse algorithm of the preset padding algorithm, so that the first plaintext is obtained. The dividing method is, for example, dividing the first part and the second part into the same size or a size according to a predetermined ratio by the size of a file; or obtaining a specified position from the first ciphertext, and dividing the specified position into a first part and a second part by taking the specified position as a dividing point. The predetermined combining method may be any method, for example, the end of the first sub-plaintext is connected to the beginning of the second sub-plaintext. The preset filling algorithm is, for example, filling characters at specific positions of the first time text, where the specific positions may be one or more.
In an embodiment, the step S4, if a difference between the current time point and the time point of generating the double signature is smaller than a preset time threshold, of extracting the type of the first resource from the first request, and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource, includes:
s401, if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, calling a historical use record of the double signature, and judging whether the historical use record is empty or not;
s402, if the historical use record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource.
As described above, the safety is further ensured by judging whether the historical use record is empty or not. In this embodiment, if the difference between the current time point and the time point of generating the dual signature is smaller than a preset time threshold, it is determined whether the historical usage record is empty; if the historical usage record is empty, extracting the type of the first resource from the first request, and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource to ensure that the double signature is used for the first time, so as to ensure the safety of the use of the double signature (for example, preventing a couple from separately obtaining the double signature after using the double signature for loan again after using the double signature for the previous time).
In one embodiment, the step S5 of reviewing the first request according to the approval rule includes:
s501, judging whether both the first user and the second user are blacklist members;
s502, if the first user and the second user are not blacklist members, judging whether the current state of the first resource is the same as a preset state;
and S503, if the current state of the first resource is the same as the preset state, judging that the preliminary audit is passed, and sending the first request to the next audit terminal specified by the loan approval rule.
As described above, hierarchical auditing is achieved to improve auditing efficiency and reduce false-back time. Whether the first user and the second user are qualified in loan is preliminarily judged by judging whether the couple parties are blacklists or not and judging whether the current state of the first resource is the same as the preset state or not, and if the first resource is qualified, the first request is sent to the next auditing terminal specified by the loan approval rule. By the arrangement, classified auditing can be realized, so that the aim of improving efficiency is fulfilled by utilizing special labor division; moreover, when loan errors caused by audit errors are found in the follow-up process, the error generation link can be quickly determined by analyzing the node (which terminal) where the audit errors occur, so that the error return time is reduced. The blacklist member refers to a user recorded in a blacklist, and the blacklist member is pre-added to the blacklist due to the existence of a credit loss behavior and the like. The current status of the first resource is, for example, that the first resource has mortgage, etc.
The resource replacement method based on the double signatures comprises the steps of receiving a first request sent by a terminal, if the first request has the double signatures, and the difference value between the current time point and the generation time point of the double signatures is smaller than a preset time threshold, extracting the type of the first resource from the first request, calling an approval rule corresponding to the type of the first resource according to the type of the first resource, and if the first request passes the approval, generating a resource replacement instruction corresponding to the first request. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.
Referring to fig. 2, an embodiment of the present application provides a resource permutation apparatus based on dual signatures, including:
a first request receiving unit 10, configured to receive a first request sent by a terminal, where the first request is used to request a first user and a second user to replace a second resource with a common first resource, and the first request includes a type of the first resource;
a double signature determination unit 20, configured to determine whether the first request has a double signature, where the double signature is a digital signature that can be generated only by confirmation of the first user and the second user;
a time threshold determining unit 30, configured to determine whether a difference between a current time point and a time point of generating the double signature is smaller than a preset time threshold if the first request has the double signature;
an approval rule obtaining unit 40, configured to extract the type of the first resource from the first request if a difference between a current time point and the time point of generating the dual signature is smaller than a preset time threshold, and invoke an approval rule corresponding to the type of the first resource according to the type of the first resource;
an auditing unit 50, configured to audit the first request according to the approval rule;
and a resource replacement instruction generating unit 60, configured to generate a resource replacement instruction corresponding to the first request if the first request is approved.
As described in the foregoing unit 10, a first request sent by a terminal is received, where the first request is used to request that a first user and a second user replace a second resource with a common first resource, and the first request includes a type of the first resource. Where a terminal refers to a terminal used by a user intending to loan. The first request refers to a request involving a resource common to the first user and the second user. Wherein the relationship between the first user and the second user is, for example, a couple relationship and the resource replacement is, for example, a loan. However, the process of verifying the identity of a couple is more complicated because the couple loan affects both parties of the couple than the normal loan, and not only the normal loan affects only one of them. The loan type is any feasible loan type such as house mortgage loan, vehicle mortgage loan and the like, and the flow of different types of loans is different.
As described above in element 20, it is determined whether the first request has a double signature, where the double signature is a digital signature that can only be generated by confirmation by the first user and the second user. The method and the device adopt double signatures to judge whether the first request is confirmed by two parties together, compared with the traditional method of sequentially verifying the identities of the two parties, the steps are simplified, the confirming procedure is accelerated, the identities can be verified in advance, real-time verification is not needed, and the loan process is smooth. Wherein the dual signature is a digital signature that can only be generated if both the first user and the second user confirm. The generation process of the double signature is, for example: receiving a double signature generation application sent by a terminal; verifying the identity; and if the identities of the two parties are verified to be correct, generating a double signature, and sending the double signature to the terminal. Further, while generating the double signature, a first user signature and a second user signature corresponding to the double signature may be generated, and the first user signature and the second user signature are sent to the terminal (at this time, the double signature is not sent to the terminal), where the first user signature and the second user signature are used to generate the double signature in a combined manner (that is, when applying for loan, the terminal sends the first user signature and the second user signature to the server, and after the server verifies that both the first user signature and the second user signature are correct, the server automatically combines to generate the double signature), so that a hidden danger caused by the fact that the double signature is independently mastered by either the first user or the second user is avoided.
As described in the foregoing unit 30, if the first request has a double signature, it is determined whether a difference between a current time point and a time point of generating the double signature is smaller than a preset time threshold. In order to prevent misoperation caused by abuse of the double signature, the method and the device limit the timeliness of the double signature by judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold. Wherein the predetermined time threshold is, for example, 1 hour to 1 month, preferably 3 hours to 1 week, more preferably 5 hours to 24 hours.
As described in the foregoing unit 40, if the difference between the current time point and the time point of generating the double signature is smaller than the preset time threshold, the type of the first resource is extracted from the first request, and an approval rule corresponding to the type of the first resource is invoked according to the type of the first resource. If the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value, the double signature is in an effective time period and is effective, and a subsequent loan approval process can be carried out. Loans are classified into different types, and the flow of different types of loans is different. And the first request carries information of loan types, the type of the first resource is extracted from the first request according to the information, and an approval rule corresponding to the type of the first resource is called according to the type of the first resource. The loan approval rules are preset and correspond to the loan types, and specific approval procedures can be carried out after the loan approval rules are called on the premise of determining the loan types.
As described above in element 50, the first request is reviewed according to the approval rules. Specific loan approval rules include any rules including, for example, auditing a wedding certificate, a house certificate, mortgage status, credit status, whether blacklisted, etc. And carrying out corresponding examination and approval according to different loan types.
As described in unit 60 above, if the first request is approved, a resource replacement instruction corresponding to the first request is generated. If the first request passes the examination, the first user and the second user are in accordance with the loan provision, and the first user and the second user can be affirmed to really send loan requests according to the double signature, and accordingly, a resource replacement instruction corresponding to the first request is generated.
In one embodiment, the apparatus comprises:
a double signature generation application receiving unit for receiving a double signature generation application transmitted by the terminal,
the dual signature generation application is appended with relationship information of the first user and the second user, the relationship information including at least, but not limited to, the following information: identification information of the first user, identification information of the second user and association information used for representing the first user and the second user;
the identity verification unit is used for verifying the relationship information of the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises identification information for verifying the identification information of the first user and the second user and the association information;
a dual signature generation unit, configured to, if the relationship information of the first user and the second user is verified to be correct, obtain, through a fingerprint input device preset by the terminal, a first fingerprint of the first user and a second fingerprint of the second user, determine whether the first fingerprint is the same as a pre-stored first user fingerprint, and determine whether the second fingerprint is the same as a pre-stored second user fingerprint; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
As described above, the generation of a double signature is achieved. The double signature of the present embodiment may be issued by any feasible entity, for example, by the executing entity of the present application, and preferably issued by the loan server, so that the executing entity of the present application can determine the couple to which the double signature specifically corresponds. Wherein the identities of the first user and the second user are verified, wherein the verification rules include at least the way to verify the identity cards and marriage certificate information (e.g., identity card number and marriage certificate number) of the first user and the second user is, for example: and comparing the identity cards of the first user and the second user with correct identity card information respectively, comparing the marriage certificate information of the first user and the second user with the correct identity card information, and if the identity cards are the same, judging that the identities of the couples and the wives are correct. The correct identification card information and the correct identification card information may be pre-stored in an executive body (for example, a loan server) of the application, or may be obtained from a server having the correct identification card information and the correct identification card information (for example, a server of a public security department and a server of a civil administration department) through a designated network. If the identities of the first user and the second user are verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal. Further, the process of receiving the information confirmed by each of the first user and the second user may further include: opening a camera of the terminal to acquire a current image, judging whether the current image is a first user or a second user according to a preset image comparison algorithm, and when the current image is the first user, requiring the first user to perform a confirmation operation, and when the current image is the second user, requiring the second user to perform a confirmation operation, thereby receiving respective confirmation information of the first user and the second user.
In one embodiment, the identity verification unit comprises:
an information verification subunit configured to verify, by using a specified network through which real identification information and real association information of the first user and the second user can be acquired, identification information of the first user and the second user and the association information;
the image acquisition subunit is configured to, if the identification information of the first user and the second user and the association information are verified to be correct, open a microphone of the terminal, prompt the first user and the second user to perform a specified limb movement by voice, and open a camera of the terminal to acquire images of the first user and the second user;
a designated limb action judgment subunit configured to judge whether the images of the first user and the second user include the designated limb action;
and the identity-free judging subunit is used for judging that the relationship information of the first user and the second user is free of errors if the images of the first user and the second user comprise the specified limb actions.
As described above, it is achieved that a living body identification is employed to further verify the identity of the first user and the second user. In order to ensure that the loan applicant is an application proposed by the applicant, the method adopts a living body identification mode to ensure that the loan applicant is living, so as to prevent cheating cameras such as static images, fake videos and the like from cheating loans. The identity card and marriage certificate information of the first user and the second user are first verified using a designated network through which the true identity card and true marriage certificate information of the first user and the second user can be obtained (e.g., obtained over the designated network to a server having correct identity card information and correct identity card information (e.g., a server of a public security department and a civil administration department)). Then opening a microphone of the terminal, prompting the first user and the second user to make a specified limb action by voice, and opening a camera of the terminal to acquire images of the first user and the second user; determining whether the images of the first user and the second user include the specified limb movement; if the images of the first user and the second user include the designated limb movement, it is indicated that the first user and the second user are living bodies, and the identification card and marriage certificate information have been verified as described above, and thus it is determined that the relationship information of the first user and the second user is correct. Further, the specified limb action includes a plurality of types, and the determining whether the images of the first user and the second user include the specified limb action includes determining whether the images of the plurality of the first user and the second user include the plurality of types of the specified limb action. Further, the images of the first user and the second user comprise images of a couple's same frame, and the determining whether the images of the first user and the second user comprise the specified limb action comprises: judging whether the image of the first user in the image of the same frame of the first user and the second user makes a first user-specified limb action of voice prompt or not, and simultaneously judging whether the image of the second user in the image of the same frame of the first user and the second user makes a second user-specified limb action of voice prompt or not; if a first user specified limb action of voice prompt is made by the image of the first user in the image of the same frame of the first user and the second user, and a second user specified limb action of voice prompt is made by the image of the second user in the image of the same frame of the first user and the second user, the images of the first user and the second user are judged to include the specified limb action. Or, the images of the first user and the second user include a first user individual image and a second user individual image, and the determining whether the images of the first user and the second user include the specified limb movement includes: judging whether the first user independent image makes a first user specified limb action of voice prompt or not, and judging whether the second user independent image makes a second user specified limb action of voice prompt or not; if the first user single image makes the first user specified limb movement of the voice prompt, and the second user specified limb movement of the second user single image making the voice prompt is judged, the images of the first user and the second user are judged to include the specified limb movement.
In one embodiment, the first request is encrypted by a first private key to form a first ciphertext, the dual signature is encrypted by a second private key and then encrypted by the first private key to form a second ciphertext, and the dual signature determining unit 20 includes:
the first plaintext acquisition subunit is used for decrypting the first ciphertext by using a first public key corresponding to the first private key to obtain a first plaintext;
a second plaintext acquisition subunit, configured to decrypt, in the first plaintext, data at the signature position using a second public key corresponding to a second private key, so as to obtain a second plaintext;
a verification plaintext judgment subunit, configured to judge whether the second plaintext is the same as a preset verification plaintext;
and the double-signature judging subunit is used for judging that the first request has a double signature if the second plaintext is the same as a preset verification plaintext.
As described above, the method for ensuring the security of the digital signature by adopting multiple encryption is realized. The public and private key pair composed of the first public key and the first private key is used for encrypting and decrypting the first request, and the public and private key pair composed of the second public key and the second private key is used for encrypting and decrypting the double signature, so that the first request is protected by one layer of encryption (the public and private key pair composed of the first public key and the first private key), and the double signature is protected by two layers of encryption (the public and private key pair composed of the first public key and the first private key, and the public and private key pair composed of the second public key and the second private key). If the second public key can decrypt the second plaintext, and the second plaintext is the same as the preset verification plaintext, the signature is a double signature corresponding to the first request, and therefore the first request is judged to have the double signature.
In one embodiment, the first public key includes a first sub-key and a second sub-key, and the first plaintext acquisition sub-unit includes:
the dividing module is used for dividing the first ciphertext into a first part and a second part according to a predetermined dividing method;
a sub-plaintext acquisition module, configured to decrypt the first part and the second part using the first sub-key and the second sub-key, respectively, so as to obtain a first sub-plaintext and a second sub-plaintext;
the combined plaintext module is used for combining the first sub plaintext and the second sub plaintext into a temporary plaintext according to a preset combining method;
and the first plaintext acquisition module is used for removing the filling data in the temporary plaintext according to a reverse algorithm of a preset filling algorithm so as to acquire the first plaintext.
As described above, obtaining the first plaintext is achieved. The method adopts the first sub-secret key and the second sub-secret key to encrypt or decrypt the first ciphertext in a subsection mode, so that the information security is improved; and the data is filled in the first plaintext by using a preset filling algorithm to obtain a temporary plaintext, so that the method is suitable for a specific encryption and decryption algorithm and improves the safety. The specific encryption and decryption algorithm is, for example, a TEA algorithm, the TEA algorithm is a block cipher algorithm, a plaintext cipher text block of the TEA algorithm is 64 bits, a key length is 128 bits, the TEA algorithm uses a Delta (golden section rate) value which is continuously increased as a change, so that encryption of each round is different, and a plaintext of the TEA algorithm must be a byte multiple of 8, so when the first plaintext is not the byte multiple of 8, the first plaintext is encrypted into a temporary plaintext by using a preset padding algorithm to adapt to the TEA algorithm, and therefore, padding data in the temporary plaintext can be removed according to a reverse algorithm of the preset padding algorithm, so that the first plaintext is obtained.
In one embodiment, the approval rule obtaining unit 40 includes:
the usage judgment subunit is configured to, if a difference between the current time point and the time point of generating the dual signature is smaller than a preset time threshold, retrieve a historical usage record of the dual signature, and judge whether the historical usage record is empty;
and the approval rule obtaining subunit is configured to, if the historical usage record is empty, extract the type of the first resource from the first request, and invoke an approval rule corresponding to the type of the first resource according to the type of the first resource.
As described above, the safety is further ensured by judging whether the historical use record is empty or not. In this embodiment, if the difference between the current time point and the time point of generating the dual signature is smaller than a preset time threshold, it is determined whether the historical usage record is empty; if the historical usage record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource to ensure that the double signature is used for the first time so as to ensure the safety of the use of the double signature (for example, preventing one of the couples from independently obtaining the double signature after using the double signature for loan again after the previous time).
In one embodiment, the auditing unit 50 includes:
a blacklist member judgment subunit, configured to judge whether both the first user and the second user are blacklist members;
a mortgage judging subunit, configured to judge whether a current status of the first resource is the same as a preset status if both the first user and the second user are not blacklist members;
and the first request sending subunit is configured to, if the current status of the first resource is the same as a preset status, determine that the preliminary audit is passed, and send the first request to a next audit terminal specified by the loan approval rule.
As described above, hierarchical auditing is implemented to improve auditing efficiency and reduce false-return time. Whether the first user and the second user are qualified or not can be preliminarily judged by judging whether the two couples are blacklists or not and judging whether the current condition of the first resource is the same as the preset condition or not, and if the first resource is qualified, the first request is sent to the next auditing terminal specified by the loan approval rule. By the arrangement, grading audit can be realized, so that the purpose of improving efficiency is achieved by utilizing special labor division; moreover, when a loan error caused by an audit error is found subsequently, an error occurrence link can be quickly determined by analyzing which node (which terminal) the audit error occurs at, so that the error return time is reduced. The blacklist member refers to a user recorded in a blacklist, and the blacklist member is pre-added to the blacklist due to the existence of a credit loss behavior and the like. The current status of the first resource is, for example, that the first resource has mortgage, etc.
The resource replacement device based on the dual signatures receives a first request sent by a terminal, if the first request has the dual signatures, and the difference value between the current time point and the generation time point of the dual signatures is smaller than a preset time threshold, the type of the first resource is extracted from the first request, an approval rule corresponding to the type of the first resource is called according to the type of the first resource, and if the first request passes the approval, a resource replacement instruction corresponding to the first request is generated. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.
Referring to fig. 3, an embodiment of the present invention further provides a computer device, where the computer device may be a server, and an internal structure of the computer device may be as shown in the figure. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer designed processor is used to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The memory provides an environment for the operating system and the running of computer programs in the non-volatile storage medium. The database of the computer device is used for storing data used by the resource replacement method based on the double signature. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a dual signature based resource permutation method.
The processor executes the resource replacement method based on the double signature, and comprises the following steps of: receiving a first request sent by a terminal, wherein the first request is used for requesting a first user and a second user to replace a second resource by a common first resource, and the first request comprises the type of the first resource; judging whether the first request has a double signature or not, wherein the double signature is a digital signature which can be generated only by confirmation of the first user and the second user; if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value; if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource; auditing the first request according to the approval rule; and if the first request is approved, generating a resource replacement instruction corresponding to the first request.
In one embodiment, the determining whether the first request has a double signature, wherein the double signature is a digital signature that can only be generated by confirmation by the first user and the second user, comprises:
receiving a dual signature generation application sent by the terminal, wherein the dual signature generation application is attached with relationship information of the first user and the second user, and the relationship information at least comprises but is not limited to the following information: identification information of the first user, identification information of the second user and association information for representing the first user and the second user; verifying the relationship information between the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises identification information for verifying the identification information of the first user and the second user and the association information; if the relationship information of the first user and the second user is verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
In one embodiment, the verifying the relationship information between the first user and the second user according to a preset verification rule, where the verification rule includes at least the step of verifying the identification information and the association information of the identification information of the first user and the second user, and includes: verifying the identification information and the association information of the identification information of the first user and the second user by using a specified network through which the real identification information and the real association information of the first user and the second user can be acquired; if the identification information of the first user and the second user and the associated information are verified to be correct, a microphone of the terminal is opened, the first user and the second user are prompted to perform specified limb actions through voice, and a camera of the terminal is opened to collect images of the first user and the second user; determining whether the images of the first user and the second user include the specified limb movement; and if the images of the first user and the second user comprise the specified limb actions, judging that the identities of the first user and the second user are correct.
In one embodiment, the first request is encrypted by a first private key to form a first ciphertext, the dual signature is encrypted by a second private key and then encrypted by the first private key to form a second ciphertext, and the determining whether the first request has the dual signature comprises: decrypting the first ciphertext by using a first public key corresponding to the first private key to obtain a first plaintext; decrypting the data at the signature position in the first plaintext by using a second public key corresponding to a second private key to obtain a second plaintext; judging whether the second plaintext is the same as a preset verification plaintext or not; and if the second plaintext is the same as a preset verification plaintext, judging that the first request has a double signature.
In one embodiment, the first public key includes a first sub-key and a second sub-key, and the decrypting the first ciphertext by using the first public key corresponding to the first private key to obtain the first plaintext includes: dividing the first ciphertext into a first part and a second part according to a pre-agreed dividing method; decrypting the first part and the second part respectively by using the first sub-key and the second sub-key so as to obtain a first sub-plaintext and a second sub-plaintext; combining the first sub-plaintext and the second sub-plaintext into a temporary plaintext according to a preset combination method; and removing the filling data in the temporary plaintext according to a reverse algorithm of a preset filling algorithm, thereby obtaining the first plaintext.
In an embodiment, if a difference between a current time point and a time point of generating the dual signature is smaller than a preset time threshold, the step of extracting the type of the first resource from the first request, and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource includes: if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, calling a historical use record of the double signature, and judging whether the historical use record is empty or not; if the historical use record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource.
In one embodiment, the step of reviewing the first request according to the approval rule includes: judging whether the first user and the second user are blacklist members or not; if the first user and the second user are not blacklist members, judging whether the current state of the first resource is the same as a preset state; and if the current condition of the first resource is the same as the preset condition, judging that the preliminary examination is passed, and sending the first request to the next examination terminal specified by the loan approval rule.
It will be understood by those skilled in the art that the structures shown in the drawings are only block diagrams of some of the structures associated with the embodiments of the present application and do not constitute a limitation on the computer apparatus to which the embodiments of the present application may be applied.
The computer equipment receives a first request sent by a terminal, if the first request has a double signature, and the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, the type of a first resource is extracted from the first request, an approval rule corresponding to the type of the first resource is called according to the type of the first resource, and if the first request passes the approval, a resource replacement instruction corresponding to the first request is generated. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.
An embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method for resource replacement based on dual signatures includes the following steps: receiving a first request sent by a terminal, wherein the first request is used for requesting a first user and a second user to replace a second resource through a common first resource, and the first request comprises the type of the first resource; judging whether the first request has a double signature or not, wherein the double signature is a digital signature which can be generated only by confirmation of the first user and the second user; if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value; if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource; auditing the first request according to the approval rule; and if the first request is approved, generating a resource replacement instruction corresponding to the first request.
In one embodiment, the determining whether the first request has a double signature, wherein the double signature is a digital signature that can only be generated by confirmation by the first user and the second user, comprises: receiving a dual signature generation application sent by the terminal, wherein the dual signature generation application is attached with relationship information of the first user and the second user, and the relationship information at least comprises but is not limited to the following information: identification information of the first user, identification information of the second user and association information for representing the first user and the second user; verifying the relationship information between the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises identification information for verifying the identification information of the first user and the second user and the association information; if the relationship information of the first user and the second user is verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
In one embodiment, the verifying the relationship information between the first user and the second user according to a preset verification rule, where the verification rule includes at least the step of verifying the identification information and the association information of the identification information of the first user and the second user, and includes: verifying identification information and the association information of the identification information of the first user and the second user by using a specified network through which real identification information and real association information of the first user and the second user can be acquired; if the identification information of the first user and the second user and the associated information are verified to be correct, a microphone of the terminal is opened, the first user and the second user are prompted to perform specified limb actions through voice, and a camera of the terminal is opened to collect images of the first user and the second user; determining whether the images of the first user and the second user include the specified limb movement; and if the images of the first user and the second user comprise the specified limb actions, judging that the identities of the first user and the second user are correct.
In one embodiment, the first request is encrypted by a first private key to form a first ciphertext, the double signature is encrypted by a second private key and then encrypted by the first private key to form a second ciphertext, and the determining whether the first request has the double signature comprises: decrypting the first ciphertext by using a first public key corresponding to a first private key to obtain a first plaintext; decrypting the data at the signature position in the first plaintext by using a second public key corresponding to a second private key to obtain a second plaintext; judging whether the second plaintext is the same as a preset verification plaintext or not; and if the second plaintext is the same as a preset verification plaintext, judging that the first request has a double signature.
In one embodiment, the first public key includes a first sub-key and a second sub-key, and the decrypting the first ciphertext by using the first public key corresponding to the first private key to obtain the first plaintext includes: dividing the first ciphertext into a first part and a second part according to a predetermined dividing method; decrypting the first part and the second part respectively by using the first sub-key and the second sub-key so as to obtain a first sub-plaintext and a second sub-plaintext; combining the first sub-plaintext and the second sub-plaintext into a temporary plaintext according to a preset combination method; and removing the filling data in the temporary plaintext according to a reverse algorithm of a preset filling algorithm, thereby obtaining the first plaintext.
In an embodiment, if a difference between a current time point and a time point of generating the dual signature is smaller than a preset time threshold, the step of extracting the type of the first resource from the first request, and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource includes: if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, calling a historical use record of the double signature, and judging whether the historical use record is empty or not; if the historical use record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource.
In one embodiment, the step of reviewing the first request according to the approval rule includes: judging whether the first user and the second user are blacklist members or not; if the first user and the second user are not blacklist members, judging whether the current state of the first resource is the same as a preset state; and if the current state of the first resource is the same as the preset state, judging that the preliminary audit is passed, and sending the first request to the next audit terminal specified by the loan approval rule.
The computer-readable storage medium of the application receives a first request sent by a terminal, if the first request has a double signature, and a difference value between a current time point and a generation time point of the double signature is smaller than a preset time threshold, a type of a first resource is extracted from the first request, an approval rule corresponding to the type of the first resource is called according to the type of the first resource, and if the first request is approved, a resource replacement instruction corresponding to the first request is generated. Thereby realizing shortening the flow, improving the efficiency and reducing the consumed time.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (SSRDRAM), enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct bused dynamic RAM (DRDRAM), and bused dynamic RAM (RDRAM).
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of another identical element in a process, apparatus, article, or method comprising the element.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.

Claims (10)

1. A resource replacement method based on dual signatures is characterized by comprising the following steps:
receiving a first request sent by a terminal, wherein the first request is used for requesting a first user and a second user to replace a second resource by a common first resource, and the first request comprises the type of the first resource;
judging whether the first request has a double signature or not, wherein the double signature is a digital signature which can be generated only by confirmation of the first user and the second user, and the double signature is generated by a server and is sent to a terminal;
if the first request has a double signature, judging whether the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold value;
if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource;
auditing the first request according to the approval rule;
and if the first request is approved, generating a resource replacement instruction corresponding to the first request.
2. The dual-signature-based resource replacement method as claimed in claim 1, wherein the step of determining whether the first request has a dual signature, wherein the dual signature is a digital signature that can be generated only by the first user and the second user, comprises:
receiving a dual signature generation application sent by the terminal, wherein the dual signature generation application is attached with relationship information of the first user and the second user, and the relationship information comprises one of the following information: identification information of the first user, identification information of the second user and association information used for representing the first user and the second user;
verifying the relationship information between the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises the identification information and the association information for verifying the first user and the second user;
if the relationship information of the first user and the second user is verified to be correct, acquiring a first fingerprint of the first user and a second fingerprint of the second user through a fingerprint input device preset by the terminal, judging whether the first fingerprint is the same as a pre-stored first user fingerprint or not, and judging whether the second fingerprint is the same as a pre-stored second user fingerprint or not; and if the first fingerprint is the same as the pre-stored first user fingerprint and the second fingerprint is the same as the pre-stored second user fingerprint, generating a double signature and sending the double signature to the terminal.
3. The dual signature-based resource permutation method according to claim 2,
verifying the relationship information between the first user and the second user according to a preset verification rule, wherein the verification rule at least comprises the steps of verifying the identification information and the association information of the first user and the second user, and comprises the following steps:
verifying the identification information and the association information of the first user and the second user by using a designated network through which the real identification information and the real association information of the first user and the second user can be acquired;
if the identification information and the associated information of the first user and the second user are verified to be correct, a microphone of the terminal is opened, the first user and the second user are prompted to perform specified limb actions through voice, and a camera of the terminal is opened to collect images of the first user and the second user;
determining whether the images of the first user and the second user include the specified limb movement;
and if the images of the first user and the second user comprise the specified limb actions, judging that the relationship information of the first user and the second user is correct.
4. The resource replacement method based on the double signature as claimed in claim 1, wherein the first request is encrypted by the terminal through a first private key to form a first ciphertext, the double signature is encrypted by a second private key through the terminal first and then encrypted by the first private key to form a second ciphertext, and the determining whether the first request has the double signature comprises:
decrypting the first ciphertext by using a first public key corresponding to a first private key to obtain a first plaintext;
decrypting the data at the signature position in the first plaintext by using a second public key corresponding to a second private key to obtain a second plaintext;
judging whether the second plaintext is the same as a preset verification plaintext or not;
and if the second plaintext is the same as a preset verification plaintext, judging that the first request has a double signature.
5. The resource replacement method based on dual signatures according to claim 4, wherein the first public key includes a first sub-key and a second sub-key, and the decrypting the first ciphertext by using the first public key corresponding to the first private key to obtain the first plaintext includes:
dividing the first ciphertext into a first part and a second part according to a pre-agreed dividing method;
decrypting the first part and the second part respectively by using the first sub-key and the second sub-key so as to obtain a first sub-plaintext and a second sub-plaintext;
combining the first sub-plaintext and the second sub-plaintext into a temporary plaintext according to a preset combination method;
and removing the filling data in the temporary plaintext according to a reverse algorithm of a preset filling algorithm, thereby obtaining the first plaintext.
6. The method for resource replacement based on dual signatures according to claim 1, wherein the step of extracting the type of the first resource from the first request and invoking an approval rule corresponding to the type of the first resource according to the type of the first resource, if the difference between the current time point and the time point of generating the dual signature is smaller than a preset time threshold, comprises:
if the difference value between the current time point and the generation time point of the double signature is smaller than a preset time threshold, calling a historical use record of the double signature, and judging whether the historical use record is empty or not;
if the historical use record is empty, extracting the type of the first resource from the first request, and calling an approval rule corresponding to the type of the first resource according to the type of the first resource.
7. The dual signature-based resource replacement method according to claim 1, wherein the step of reviewing the first request according to the approval rule comprises:
judging whether the first user and the second user are blacklist members or not;
if the first user and the second user are not blacklist members, judging whether the current state of the first resource is the same as a preset state;
and if the current state of the first resource is the same as the preset state, judging that the preliminary audit is passed, and sending the first request to a next audit terminal specified by the approval rule.
8. A resource permutation apparatus based on dual signatures, comprising:
a first request receiving unit, configured to receive a first request sent by a terminal, where the first request is used to request a first user and a second user to replace a second resource with a common first resource, and the first request includes a type of the first resource;
a double signature judging unit, configured to judge whether the first request has a double signature, where the double signature is a digital signature that can be generated only by confirmation of both the first user and the second user, and the double signature is generated by a server and sent to a terminal;
a time threshold determination unit, configured to determine whether a difference between a current time point and a time point of generation of a double signature is smaller than a preset time threshold if the first request has the double signature;
an approval rule obtaining unit, configured to extract the type of the first resource from the first request if a difference between a current time point and a generation time point of the dual signature is smaller than a preset time threshold, and invoke an approval rule corresponding to the type of the first resource according to the type of the first resource;
the auditing unit is used for auditing the first request according to the approval rule;
and the resource replacement instruction generating unit is used for generating a resource replacement instruction corresponding to the first request if the first request passes the audit.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor when executing the computer program performs the steps of the method according to any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN201910463018.8A 2019-05-30 2019-05-30 Resource replacement method and device based on double signatures and computer equipment Active CN110351091B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910463018.8A CN110351091B (en) 2019-05-30 2019-05-30 Resource replacement method and device based on double signatures and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910463018.8A CN110351091B (en) 2019-05-30 2019-05-30 Resource replacement method and device based on double signatures and computer equipment

Publications (2)

Publication Number Publication Date
CN110351091A CN110351091A (en) 2019-10-18
CN110351091B true CN110351091B (en) 2023-04-07

Family

ID=68174476

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910463018.8A Active CN110351091B (en) 2019-05-30 2019-05-30 Resource replacement method and device based on double signatures and computer equipment

Country Status (1)

Country Link
CN (1) CN110351091B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111028835B (en) * 2019-11-18 2022-08-09 北京小米移动软件有限公司 Resource replacement method, device, system and computer readable storage medium
CN115378590B (en) * 2022-10-27 2023-02-07 国网浙江义乌市供电有限公司 Energy data safe storage method and system based on block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016037541A1 (en) * 2014-09-11 2016-03-17 苏州海博智能系统有限公司 Checking and signing method and device
CN107392757A (en) * 2017-07-24 2017-11-24 重庆小雨点小额贷款有限公司 Signal auditing method and device
WO2018214777A1 (en) * 2017-05-26 2018-11-29 阿里巴巴集团控股有限公司 Data communication method, device and apparatus, and storage medium
CN109284618A (en) * 2018-09-28 2019-01-29 真相网络科技(北京)有限公司 The verification method and system of data source data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016037541A1 (en) * 2014-09-11 2016-03-17 苏州海博智能系统有限公司 Checking and signing method and device
WO2018214777A1 (en) * 2017-05-26 2018-11-29 阿里巴巴集团控股有限公司 Data communication method, device and apparatus, and storage medium
CN107392757A (en) * 2017-07-24 2017-11-24 重庆小雨点小额贷款有限公司 Signal auditing method and device
CN109284618A (en) * 2018-09-28 2019-01-29 真相网络科技(北京)有限公司 The verification method and system of data source data

Also Published As

Publication number Publication date
CN110351091A (en) 2019-10-18

Similar Documents

Publication Publication Date Title
CN108737442B (en) A kind of cryptographic check processing method
CN105306534B (en) A kind of information calibration method and open platform based on open platform
JP4185363B2 (en) System and method for message encryption and signing in a transaction processing system
CN109067528B (en) Password operation method, work key creation method, password service platform and equipment
CN109347625B (en) Password operation method, work key creation method, password service platform and equipment
CZ197896A3 (en) Encryption method with safekeeping of a key in a third person and a cryptographic system for making the same
CN111368340A (en) Block chain-based evidence-based security verification method and device and hardware equipment
CN109728903B (en) Block chain weak center password authorization method using attribute password
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
US20180130056A1 (en) Method and system for transaction security
CN110351091B (en) Resource replacement method and device based on double signatures and computer equipment
CN111339116A (en) Block chain-based method for sharing open bank data
CN107196761B (en) A kind of method of core function in protection application program
CN112257085A (en) Bidding processing method, system, equipment and medium based on block chain
CN112632574A (en) Multi-mechanism data processing method and device based on alliance chain and related equipment
US20200153622A1 (en) System and method for enforcement of correctness for key derivation
WO2022206433A1 (en) Method and apparatus for pre-executing chaincode in fabric blockchain
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN107888548A (en) A kind of Information Authentication method and device
CN107645474A (en) Log in the method for open platform and log in the device of open platform
CN115580415B (en) Data interaction authentication method, device and system in block chain
CN108416224A (en) A kind of data encryption/decryption method and device
CN113132078A (en) Block chain privacy protection method based on homomorphic commitment and block chain system
CN111080300A (en) Asset transfer method and device based on block chain and hardware equipment
CN114244519A (en) Password verification method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant