CN111260365A - Encryption method and device for protecting transaction security - Google Patents

Encryption method and device for protecting transaction security Download PDF

Info

Publication number
CN111260365A
CN111260365A CN202010177223.0A CN202010177223A CN111260365A CN 111260365 A CN111260365 A CN 111260365A CN 202010177223 A CN202010177223 A CN 202010177223A CN 111260365 A CN111260365 A CN 111260365A
Authority
CN
China
Prior art keywords
encryption
key
encrypted
request
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010177223.0A
Other languages
Chinese (zh)
Inventor
吴代坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Sunmi Technology Group Co Ltd
Shanghai Sunmi Technology Co Ltd
Original Assignee
Shanghai Sunmi Technology Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Sunmi Technology Group Co Ltd filed Critical Shanghai Sunmi Technology Group Co Ltd
Priority to CN202010177223.0A priority Critical patent/CN111260365A/en
Publication of CN111260365A publication Critical patent/CN111260365A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Abstract

The invention provides an encryption method, an encryption device, a chip and a computer readable storage medium for protecting transaction security, wherein the encryption method for protecting the transaction security comprises the following steps: receiving an encryption request, wherein the encryption request comprises a random character string and a parameter to be encrypted, the random character string is positioned in the parameter to be encrypted, the position of the random character string in the parameter to be encrypted is variable, and the character value of the random character string is an encrypted character value; and encrypting the parameter to be encrypted according to the random character string to generate a first digital signature.

Description

Encryption method and device for protecting transaction security
Technical Field
The present invention relates to an encryption method, and more particularly, to an encryption method and apparatus for protecting transaction security.
Background
When transaction services, such as payment services, are transacted using network communication, data needs to be encrypted to generate a digital signature. An encryption flow is usually embedded in the transaction process to encrypt data in the transaction process. In general, a digital signature is generated in an encryption process using a plaintext string that is easily intercepted and tampered during network communication. Further, the encryption process involves key information, which is typically stored in a configuration file or database of the encryption device. And the encryption flow is realized by the encryption logic code, the encryption logic code is stored in the common memory of the business side, however, no matter the key information or the logic code stored in the memory of the business side, the key information or the logic code stored in the memory of the business side can be sent in a plaintext mode in the network communication process, the key information and the logic code are easy to be tampered after being intercepted, and the storage modes of the key information and the logic code have the risk of being leaked. Therefore, a more secure data encryption method needs to be provided to ensure the security of the service.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides an encryption method and an encryption device for protecting transaction security. And the method also comprises the step of checking the address identification and the unique request entrance, thereby avoiding the risk of revealing the encryption mode.
In addition, the encryption method is stored in the independent device so as to be called when data encryption is requested, the content of the device cannot be accessed externally, and the purposes of improving the security performance of encryption and avoiding leakage are achieved.
In a first aspect, an encryption method for protecting transaction security is provided, which includes: receiving an encryption request, wherein the encryption request comprises a random character string and a parameter to be encrypted, the random character string is positioned in the parameter to be encrypted, the position of the random character string in the parameter to be encrypted is variable, and the character value of the random character string is an encrypted character value; and encrypting the parameter to be encrypted according to the random character string to generate a first digital signature.
In the communication process of requesting encryption, because both communication parties, namely a sender and a receiver, predefine the content of a random character string, namely the receiver can recognize the random character string, the possibility of data interception and falsification in the communication process is avoided, and the position of the random character string is variable, namely, the position of the random character string is not fixed in the communication process of requesting encryption each time, the uncertainty of the encryption result of the random character string is increased, and the encryption effect of the encryption parameter is effectively improved.
In some embodiments, the encryption request includes a first address identifier, and the encryption method for securing transaction security further includes: checking the address identification, and judging whether the encryption request is legal or not according to the first address identification; and when the encryption request is legal, the encryption request passes through a unique entrance, and the unique entrance is a preset entrance.
When a sender sends an encryption request, the encryption request carries a first address identifier of the sender, and after a receiver confirms that the first address identifier is a legal address identifier, the encryption request passes through a unique entry which is used for calling an encryption mode to generate a first digital signature, so that the receiver avoids the access of illegal address identifiers, the encryption request can only be encrypted through a unique entry request, and the unique entry is used for controlling the access and avoiding malicious attack.
In some embodiments, the encryption method for protecting transaction security further comprises: receiving a key identifier, determining key information according to the key identifier, and decrypting the encrypted character value according to the key information to generate a decrypted character value; and receiving an encryption mode, encrypting the parameter to be encrypted according to the encryption mode and the decrypted character value, and generating the first digital signature.
In some embodiments, the key information corresponds to a unique key identifier, the key information and the unique key identifier are stored in a first database, and the encryption method for protecting the security of the transaction further includes: sending key request information to a first database, wherein the key request information comprises the key identifier and a second address identifier; and when the second address identifier is legal, receiving the key information corresponding to the key identifier in the first database.
The key information is stored in the first database, and when the address identifier of the key request information sent by the receiver is legal, namely when the first database allows the receiver to acquire the key information, the key information is sent to the receiver, so that the first database effectively improves the possibility that data is maliciously captured and tampered in the communication process.
In some embodiments, the encryption mode is predefined, and the predefined encryption mode can be reused in the encryption process later, so that the communication is simpler and more convenient.
In a second aspect, an embodiment of the present invention further provides an encryption apparatus for protecting transaction security, including: the encryption device comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an encryption request, the encryption request comprises a random character string and a parameter to be encrypted, the random character string is located in the parameter to be encrypted, the position of the random character string in the parameter to be encrypted is variable, and the character value of the random character string is an encrypted character value; and the encryption module is used for encrypting the parameter to be encrypted according to the random character string to generate a first digital signature.
In the communication process of requesting encryption, because both communication parties, namely a sender and a receiver, predefine the content of a random character string, namely the receiver can recognize the random character string, the possibility of data interception and falsification in the communication process is avoided, and the position of the random character string is variable, namely, the position of the random character string is not fixed in the communication process of requesting encryption each time, the uncertainty of the encryption result of the random character string is increased, and the encryption effect of the encryption parameter is effectively improved.
In some embodiments, the encryption device for securing transaction security further comprises: the verifying module is used for verifying the address identifier and judging whether the encryption request is legal or not according to the first address identifier; the interface module is provided with a unique entrance, and when the encryption request is legal, the encryption request passes through the unique entrance.
When a sending party sends an encryption request to an encryption device, the encryption request carries a first address identifier of the sending party, and after a receiving party confirms that the first address identifier is a legal address identifier, the encryption request passes through a unique entry which is used for calling an encryption mode to generate a first digital signature for the encryption request.
In some embodiments, the encryption device for securing transaction security further comprises: the second receiving module is used for receiving the key identification and the encryption mode; the determining module is used for determining key information according to the key identification; the encryption module further comprises: decrypting the encrypted character value according to the key information to generate a decrypted character value; and encrypting the parameter to be encrypted according to an encryption mode and the decrypted character value to generate the first digital signature.
In some embodiments, the key information has a unique key identification, the key information and the unique key identification are stored in a first database, and the encryption device for securing the transaction further comprises: the sending module is used for sending key request information to a first database, wherein the key request information comprises the key identifier and a second address identifier; a third receiving module, configured to receive the key information corresponding to the key identifier in the first database, where the key information is sent by the first database after the first database determines that the second address identifier is legal.
The key information is stored in the first database, and when the address identifier of the key request information sent by the receiver is legal, namely when the first database allows the receiver to acquire the key information, the key information is sent to the receiver, so that the first database effectively improves the possibility that data is maliciously captured and tampered in the communication process.
In some embodiments, the encryption method is predefined, and the predefined encryption mode can be reused in the encryption process later, so that the communication is simpler and more convenient.
In a third aspect, an embodiment of the present invention further provides an encryption apparatus for protecting transaction security, including: at least one processor; a memory coupled with the at least one processor, the memory storing executable instructions, wherein the executable instructions, when executed by the at least one processor, cause the method of any of the first aspects to be implemented.
In a fourth aspect, an embodiment of the present invention further provides a chip, configured to perform the method in the first aspect. Specifically, the chip includes: a processor for calling and running the computer program from the memory so that the device on which the chip is installed is used for executing the method of the first aspect.
In a fifth aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method according to any one of the above first aspects.
In a sixth aspect, an embodiment of the present invention further provides a computer program product, which includes computer program instructions, and the computer program instructions make a computer execute the method in the first aspect.
Therefore, the encryption method for protecting the transaction security of the embodiment of the invention receives the data to be encrypted containing the random character string, the position of the random character string in the data to be encrypted and the character value of the character string are variable, and the random character string is the encrypted character string, so that the risks of interception and falsification caused by using plaintext transmission in the communication process are avoided. And the method also comprises the step of checking the address identification and the unique request entrance, thereby avoiding the risk of revealing the encryption mode.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is an architecture diagram of an encryption method for protecting transaction security according to an embodiment of the present invention;
fig. 2 is a schematic encryption flow diagram of an encryption method for protecting transaction security according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an apparatus of an encryption method for protecting transaction security according to an embodiment of the present invention;
fig. 4 is another schematic diagram of an apparatus for an encryption method for protecting transaction security according to an embodiment of the present invention.
Detailed description of the preferred embodiments
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The embodiment of the invention provides the following scheme:
data encryption is a process of generating a digital signature based on data to be encrypted, key information, and an encryption manner, and technical terms used in the embodiments of the present invention are first explained below.
1. Secret key
The key is divided into a symmetric key and an asymmetric key, the symmetric key encryption means that a sender and a receiver of information use the same key to encrypt and decrypt data, the asymmetric key encryption adopts a pair of matched keys to encrypt and decrypt, one of the matched keys is a public key and the other is a private key, each key performs one-way processing on the data, and the function of each key is opposite to that of the other, for example, when one key is used for encryption, the other key is used for decryption. That is, a file encrypted with a public key can only be decrypted with the private key, while a file encrypted with the private key can only be decrypted with the public key.
2. Encryption
The basic process of data encryption is to process a plaintext file or data according to some algorithm to make it an unreadable ciphertext, and to display the plaintext only after inputting a corresponding key. By the method, the purposes of protecting data from being illegally stolen, tampered and read are achieved.
The encryption method is also called encryption algorithm, such as SHA1 algorithm, MD5 message digest algorithm, and in addition, the encryption algorithm includes symmetric encryption algorithm and asymmetric encryption algorithm, the symmetric encryption algorithm uses symmetric key for encryption, the asymmetric encryption algorithm uses asymmetric key for encryption, and the commonly used asymmetric encryption algorithm includes RSA algorithm, Elgamal algorithm, knapsack algorithm, and the like.
3. Digital abstract
The digital digest is a short message that is converted from a message of an arbitrary length to a fixed length, and may also be a HASH function (HASH function). That is, the digital digest is a ciphertext that is converted by a HASH function from a plaintext to be encrypted into a ciphertext of a fixed length. The ciphertexts of different plaintexts converted by the digital digest technology are different, while the ciphertexts of the same plaintexts converted by the digital digest technology are the same.
4. Digital signature
The digital signature is also called as a public key digital signature, is realized by means of an asymmetric encryption technology and a digital abstract, is used for guaranteeing the safety of network information, and can solve the problems of counterfeiting, impersonation, tampering and the like of the information in the network transmission process.
In particular, a digital signature is a digital string generated by the sender of a message to authenticate the digital message. Generally, digital signatures are used for two complementary operations, one for signing and the other for verification. The asymmetric key of the asymmetric encryption technology is used, a public key is used for encryption during signature, and a private key is used for decryption during verification.
More specifically, the digital signature is a public key encryption of a digital digest that is transmitted to the recipient along with the original text. The receiver uses the private key to decrypt the digital abstract, then uses the digital abstract technology to generate the digital abstract of the original text, compares the generated digital abstract with the decrypted digital abstract, if the generated digital abstract is the same as the decrypted digital abstract, the digital label is not modified in the transmission process, namely the digital label is legal, otherwise the digital label is illegal.
The technical terms related to the present application are introduced above, and the following describes the architecture of the encryption method for protecting the security of the transaction provided by the embodiment of the present application with reference to fig. 1.
The encryption requestor 110, which may also be referred to as an encryption requesting device, sends a request for the encryption method to protect the security of the transaction to the first device 120, which may have one or more IP addresses, such as encryption requestor IP1, encryption requestor IP2, encryption requestor IP 3. The encryption requester 110 may send the key information to the first device 120 in advance, the first device 120 performs an encryption operation on the key information, meanwhile, the first device 120 generates a unique key identifier corresponding to the key information and sends the unique key identifier to the encryption requester 110, and stores the key information in the first database 130, and the encryption requester requests the first device 120 to perform an encryption operation using the unique key identifier and the data to be encrypted.
The first device 120 is used for storing the encryption method for protecting the security of the transaction, the first device 120 is provided with a firewall 121 for avoiding malicious access, the first device is further provided with an IP white list 122, the IP white list 122 is used for limiting the access to the IP address of the first device 120, that is, when the address of the requesting encryptor 110 is the IP address stored in the IP white list 122, the requesting encryptor 110 can access the first device 120, the first device 120 is further provided with a unique request entry 123, and the unique request entry is a read-only entry, that is, the encryption requester 110 can request to call the encryption method stored in the first device 120 through the entry 123.
Illustratively, the requesting encryptor has IP addresses IP1, IP2, IP3, the first device 120 has an IP white list set therein to allow IP1, IP3 access, and IP1, IP3 access the first device 120 through the unique request entry 123, which may be simultaneous access of IP1 and IP 3.
The first database 130 is used for storing key information in the encryption method for protecting the security of the transaction, the first database 130 is provided with a firewall 131 for avoiding malicious access, the first database is provided with an IP white list 132, the IP white list 132 is used for limiting access to the IP address of the first database 130, that is, when the IP address of the first device 120 belongs to the first database 130, the access request of the first device 120 accesses the key information stored in the first database 130 through the IP white list 132, the first database 130 is further provided with a unique read-only entry 133, that is, after the access request of the first device 120 passes through the IP white list 132, the key information stored in the first database 130 can be obtained through the entry 133. The key information may be the key information of the first device 120 encrypted by the asymmetric encryption method of the encryption requester 110, and then the encrypted key information is stored in the first database 130, the key information has a unique key identifier, the key identifier may be specified by the first device 120, and the key identifier is stored in the first database 130.
In the above, the architecture of the encryption method for protecting the security of the transaction provided by the embodiment of the present application is introduced with reference to fig. 1.
The following takes the first device as a soft encryption server 220, and the first Database is a cloud Database (RDS) 230 as an example, and details an encryption flow of the encryption method for protecting transaction security according to the embodiment of the present invention are described with reference to fig. 2.
It should be noted that the sending and receiving modes described below may be transmission through a wireless network, for example, HTTPS transmission, TCP/IP protocol transmission, or transmission through a wired interface, for example, Type-C transmission, and the like, and the present application is not limited in particular. As shown in fig. 2:
s201 sends an encryption request
This step is performed by service requestor 110, i.e., service requestor 110 sends an encryption request to soft encryption server 220, the encryption request including: the key identification, the first parameter to be encrypted and the encryption mode.
The soft encryption server 220 receives a public key and a signature generating key sent by a service third party, wherein the public key is generated by the service third party when the service request 110 requests the encryption process, and the soft encryption server 220 encrypts the public key and the signature generating key to generate a key identifier. Specifically, the soft encryption server 220 receives public key information of a third party and a key for generating a signature, which are sent by the service requester 110, encrypts the received information according to the public key of the soft encryption server 220 to generate key information, and sends the encrypted key information to the RDS database 230, where the RDS database 230 stores the key information, generates a unique key identifier for the key information, and returns the key identifier to the service requester 110. The key information corresponding to the key identifier is stored in the RDS database 230 in an encrypted manner, so that the key information can be prevented from being intercepted or tampered during communication, and the security of data is ensured.
It should be noted that the first parameter to be encrypted includes a random string, the position of the random string is variable, for example, the first parameter to be encrypted is composed of a 10-bit character, the random string may be located at any position in the 10-bit character, for example, at bit 5 or bit 6, and the value of the random string is variable, and the random string may be any symbol, for example,% s or% n, which ensures that the format of the transmitted data during communication has randomness and non-readability. It should be further noted that the symbol of the random string has a mapping relationship with the key for generating the signature, that is, the random symbol% s or% n corresponds to the key for generating the signature, and the storage relationship may be stored in the soft encryption server 220.
S202 receives an encryption request
This step is performed by soft encryption server 220, that is, soft encryption server 220 receives the encryption request, where the encryption request includes: the key identification, the first parameter to be encrypted and the encryption mode.
It should be noted that the soft encryption server 220 is provided with an IP white list and a unique request entry, where the request entry refers to an entry for calling or reading the encryption process, and the IP white list refers to an IP address list that can access the soft encryption server 220.
During encryption, the soft encryption server 220 uses the key information corresponding to the received key identifier to process the first parameter to be encrypted and then uses the received encryption mode to encrypt the first parameter to be encrypted.
For example, the random character string included in the first parameter to be encrypted is decrypted, and then the decrypted first parameter to be encrypted is encrypted according to the received encryption mode to generate the first digital signature.
S203 sends the key identification and requests the key information
This step is performed by the soft encryption server 220, and the key information generated in step S201 is stored in the RDS database 230, so that the key information corresponding to the key identifier needs to be acquired during the soft encryption process, and therefore the soft encryption server 220 should send the request key information to the RDS database 230, where the key information includes the key for generating the signature that needs to be used during the encryption process.
It should be noted that the key for generating the signature is the information sent by the third party to the service requester 110 in step S201.
S204 receives the request message
The step is executed by the RDS database 230, which receives the request information of the soft encryption server 220, finds out the key information corresponding to the key identifier according to the received key identifier, and sends the key information stored in the RDS database 230 to the soft encryption server 220. The key information contains the public key information transmitted by the third party in step S201 and the key for generating the signature.
It should be noted that the RDS database 230 is provided with an IP white list, which refers to a list of IP addresses that can access the RDS database 230. The RDS database can avoid malicious access by other IP addresses.
S205 sending Key information
This step is performed by RDS database 230 sending the key information, which contains the public key information and the key that generated the signature, to soft encryption server 220. It should be noted that the key information is the key information encrypted by the soft encryption server through the public key in step S201, so that in the network transmission process, the information is the encrypted information, and the information can be prevented from being intercepted or tampered in the transmission process.
S206 receives the encrypted information, encrypts and generates a first digital signature
This step is performed by the soft encryption server 220, and after receiving the key information sent by the RDS database 230, since the key information stored in the RDS database 230 is encrypted information, specifically, the key information is encrypted by a public key, the soft encryption server 220 first decrypts the key information by using a private key corresponding to the public key, and obtains a key for generating a signature.
The soft encryption server 220 encrypts the first parameter to be encrypted including the random character string received in step S201, specifically, replaces the random character string in the first parameter to be encrypted with a key for generating a signature to generate a plaintext parameter to be encrypted, and then encrypts the plaintext parameter to be encrypted according to the received encryption mode to generate a first digital signature, where the encryption mode may be specified by the service party 110 or predefined by the soft encryption server 220, that is, the encryption mode may be specified in the communication process or predefined before communication, and the present application is not limited in particular.
It should be noted that, in the encryption process, the public key of the soft encryption server 220 is used for encryption, and the soft encryption server 220 is provided with a firewall and an IP white list, so as to avoid malicious access by an unknown visitor, meanwhile, the soft encryption server 220 is provided with a unique request entry, only through the request entry, the encryption program in the soft encryption server 220 can be used, and the request entry can only call or read the encryption flow, and cannot write data, so that the situations of malicious attack and tampering are avoided.
S207 sends a first digital signature
This step is performed by soft encryption server 220 sending a first digital signature encrypted using a public key to business party 110. Service party 110 may speak the first digital signature to a third party (not shown) requesting the corresponding service.
In a mobile payment scene, the processes of data encryption and network communication are carried out through the processes, data used in the transmission process are encrypted and then transmitted, and the encrypted process is arranged in a server only provided with a unique request inlet, so that the interception and tampering of the data transmission process or the leakage of the encrypted process are avoided, the safety in the network communication process is effectively improved, and the safety requirement of a service requester is ensured. And the encryption process is stored in the soft encryption server, the service requester does not need to embed the encryption process into the service process, and can obtain the digital signature only by sending the information to be encrypted, so that the possibility of encryption mode leakage or tampering caused by memory leakage of the service requester is avoided, and the safety of the transaction process is improved. In addition, the service request party can also use a self-defined encryption process, and the flexibility is strong.
In addition, the present invention further provides an encryption apparatus for protecting transaction security, and fig. 3 is a schematic diagram of an embodiment of the encryption apparatus for protecting transaction security according to the present invention, including:
a first receiving module 310, configured to receive an encryption request, where the encryption request includes a random character string and a parameter to be encrypted, the random character string is located in the parameter to be encrypted, a position of the random character string in the parameter to be encrypted is variable, and a character value of the random character string is an encrypted character value;
and an encryption module 320, configured to encrypt the parameter to be encrypted according to the random character string, and generate a first digital signature.
Optionally, in an embodiment, the encryption device for protecting the security of the transaction further includes:
a checking module 330, configured to check the address identifier, and determine whether the encryption request is legal according to the first address identifier;
and the interface module 340 is provided with a unique entrance, and when the encryption request is legal, the encryption request passes through the unique entrance.
Optionally, in an embodiment, the encryption device for protecting the security of the transaction further includes: a second receiving module 350, configured to receive the key identifier and the encryption manner;
a determining module 360, configured to determine key information according to the key identifier;
the encryption module 320 further includes:
decrypting the encrypted character value according to the key information to generate a decrypted character value;
and encrypting the parameter to be encrypted according to an encryption mode and the decrypted character value to generate the first digital signature.
Optionally, in an embodiment, the encryption device for protecting the security of the transaction further includes: a sending module 370, configured to send key request information to the first database, where the key request information includes the key identifier and the second address identifier;
a third receiving module 380, configured to receive the key information corresponding to the key identifier in the first database,
and the key information is sent by the first database after the first database determines that the second address identifier is legal.
Similar to the specific technical details of the encryption device for protecting transaction security and the encryption device method for protecting transaction security described above, the technical effects that can be achieved in the embodiment of the encryption device for protecting transaction security can also be achieved in the embodiment of the encryption method for protecting transaction security, and are not described herein again in order to reduce repetition. Accordingly, the related technical details mentioned in the embodiments of the encryption method for protecting transaction security may also be applied in the embodiments of the encryption device for protecting transaction security.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In addition, the present invention also provides an encryption device for protecting transaction security, comprising:
at least one processor; a memory coupled to the at least one processor, the memory storing executable instructions, wherein the executable instructions, when executed by the at least one processor, cause the method of the first aspect of the invention to be carried out. The processor and the memory may be provided separately or may be integrated together.
For example, the memory may include random access memory, flash memory, read only memory, programmable read only memory, non-volatile memory or registers, and the like. The processor may be a Central Processing Unit (CPU) or the like. Or a Graphics Processing Unit (GPU) memory may store executable instructions. The processor may execute executable instructions stored in the memory to implement the various processes described herein.
It will be appreciated that the memory in this embodiment can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a ROM (Read-only memory), a PROM (programmable Read-only memory), an EPROM (erasable programmable Read-only memory), an EEPROM (electrically erasable programmable Read-only memory), or a flash memory. The volatile memory may be a RAM (random access memory) which serves as an external cache. By way of illustration and not limitation, many forms of RAM are available, such as SRAM (staticaram, static random access memory), DRAM (dynamic RAM, dynamic random access memory), SDRAM (synchronous DRAM ), DDRSDRAM (double data rate SDRAM, double data rate synchronous DRAM), ESDRAM (Enhanced SDRAM, Enhanced synchronous DRAM), SLDRAM (synchlink DRAM, synchronous link DRAM), and DRRAM (directrrambus RAM, direct memory random access memory). The memory 42 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, the memory stores elements, upgrade packages, executable units, or data structures, or a subset thereof, or an extended set thereof: an operating system and an application program.
The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application programs comprise various application programs and are used for realizing various application services. The program for implementing the method of the embodiment of the present invention may be included in the application program.
In an embodiment of the present invention, the processor is configured to execute the method steps provided in the second aspect by calling a program or an instruction stored in the memory, specifically, a program or an instruction stored in the application program.
In addition, an embodiment of the present invention further provides a chip, configured to perform the method in the first aspect. Specifically, the chip includes: a processor for calling and running the computer program from the memory so that the device on which the chip is installed is used for executing the method of the first aspect.
Furthermore, the present invention also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method of the second aspect of the invention.
For example, the machine-readable storage medium may include, but is not limited to, various known and unknown types of non-volatile memory.
Furthermore, an embodiment of the present invention further provides a computer program product, which includes computer program instructions, where the computer program instructions enable a computer to execute the method in the first aspect.
Those of skill in the art would understand that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments of the present application, the disclosed system, apparatus and method may be implemented in other ways. For example, the division of the unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system. In addition, the coupling between the respective units may be direct coupling or indirect coupling. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or may exist separately and physically.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a machine-readable storage medium. Therefore, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a machine-readable storage medium and may include several instructions to cause an electronic device to perform all or part of the processes of the technical solution described in the embodiments of the present application. The storage medium may include various media that can store program codes, such as ROM, RAM, a removable disk, a hard disk, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present application, and the scope of the present application is not limited thereto. Those skilled in the art can make changes or substitutions within the technical scope disclosed in the present application, and such changes or substitutions should be within the protective scope of the present application.

Claims (13)

1. An encryption method for securing a transaction, comprising:
receiving an encryption request, wherein the encryption request comprises a random character string and a parameter to be encrypted, the random character string is positioned in the parameter to be encrypted, the position of the random character string in the parameter to be encrypted is variable, and the character value of the random character string is an encrypted character value;
and encrypting the parameter to be encrypted according to the random character string to generate a first digital signature.
2. The method of claim 1, wherein the encryption request includes a first address identification, the method further comprising:
checking the address identification, and judging whether the encryption request is legal or not according to the first address identification;
and if the encryption request is legal, the encryption request passes through a unique entrance, and the unique entrance is a preset entrance.
3. The method of claim 1 or 2, wherein the method further comprises:
receiving a key identifier, determining key information according to the key identifier, and decrypting the encrypted character value according to the key information to generate a decrypted character value;
and receiving an encryption mode, encrypting the parameter to be encrypted according to the encryption mode and the decrypted character value, and generating the first digital signature.
4. The method of claim 3, wherein the key information corresponds to a unique identifier of the key, the key information and the identifier of the unique key being stored in a first database, the method further comprising:
sending key request information to a first database, wherein the key request information comprises the key identifier and a second address identifier;
and when the second address identifier is legal, receiving the key information corresponding to the key identifier in the first database.
5. The method of any of claims 1 to 4, wherein the encryption scheme is predefined.
6. An encryption apparatus for securing transactions, comprising:
the encryption device comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving an encryption request, the encryption request comprises a random character string and a parameter to be encrypted, the random character string is located in the parameter to be encrypted, the position of the random character string in the parameter to be encrypted is variable, and the character value of the random character string is an encrypted character value;
and the encryption module is used for encrypting the parameter to be encrypted according to the random character string to generate a first digital signature.
7. The apparatus of claim 6, wherein the encryption request includes a first address identification, the apparatus further comprising:
the verifying module is used for verifying the address identifier and judging whether the encryption request is legal or not according to the first address identifier;
the interface module is provided with a unique entrance, and when the encryption request is legal, the encryption request passes through the unique entrance.
8. The apparatus of claim 6 or 7, wherein the apparatus further comprises:
the second receiving module is used for receiving the key identification and the encryption mode;
the determining module is used for determining key information according to the key identification;
the encryption module further comprises:
decrypting the encrypted character value according to the key information to generate a decrypted character value;
and encrypting the parameter to be encrypted according to an encryption mode and the decrypted character value to generate the first digital signature.
9. The apparatus of claim 8, wherein the key information has a unique key identification, the key information and the unique key identification being stored in a first database, the apparatus further comprising:
the sending module is used for sending key request information to a first database, wherein the key request information comprises the key identifier and a second address identifier;
a third receiving module, configured to receive the key information corresponding to the key identifier in the first database,
and the key information is sent by the first database after the first database determines that the second address identifier is legal.
10. The apparatus of claim 9, wherein the encryption method is predefined.
11. An encryption apparatus for securing transactions, comprising:
at least one processor;
a memory coupled with the at least one processor, the memory storing executable instructions, wherein the executable instructions, when executed by the at least one processor, cause the method of any of claims 1-5 to be implemented.
12. A computer readable storage medium having stored thereon executable instructions which when executed by a machine result in the implementation of a method according to any one of claims 1 to 5.
13. A chip, comprising: a processor for calling and running the computer program from the memory so that the device in which the chip is installed performs: the method of any one of claims 1 to 5.
CN202010177223.0A 2020-03-13 2020-03-13 Encryption method and device for protecting transaction security Pending CN111260365A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010177223.0A CN111260365A (en) 2020-03-13 2020-03-13 Encryption method and device for protecting transaction security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010177223.0A CN111260365A (en) 2020-03-13 2020-03-13 Encryption method and device for protecting transaction security

Publications (1)

Publication Number Publication Date
CN111260365A true CN111260365A (en) 2020-06-09

Family

ID=70951470

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010177223.0A Pending CN111260365A (en) 2020-03-13 2020-03-13 Encryption method and device for protecting transaction security

Country Status (1)

Country Link
CN (1) CN111260365A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901124A (en) * 2020-07-29 2020-11-06 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111901124A (en) * 2020-07-29 2020-11-06 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment
CN111901124B (en) * 2020-07-29 2023-04-18 北京天融信网络安全技术有限公司 Communication safety protection method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US10595201B2 (en) Secure short message service (SMS) communications
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US8499156B2 (en) Method for implementing encryption and transmission of information and system thereof
CN109728914B (en) Digital signature verification method, system, device and computer readable storage medium
CN111835774B (en) Data processing method, device, equipment and storage medium
US11606202B2 (en) Methods and systems for secure data transmission
CN110868291B (en) Data encryption transmission method, device, system and storage medium
WO2018220693A1 (en) Information processing device, verification device, information processing system, information processing method, and recording medium
CN114244508A (en) Data encryption method, device, equipment and storage medium
CN106656955A (en) Communication method and system and user terminal
US8181869B2 (en) Method for customizing customer identifier
CN111260365A (en) Encryption method and device for protecting transaction security
CN116743470A (en) Service data encryption processing method and device
CN113239343B (en) Encryption method for internal authentication, smart card, internal authentication method and card reader
CN108242997B (en) Method and apparatus for secure communication
CN115459929A (en) Security verification method, apparatus, electronic device, system, medium, and product
CN113111360A (en) File processing method
CN108985079B (en) Data verification method and verification system
CN114024702A (en) Information security protection method and computing device
Arvin S. Lat et al. SOUL System: secure online USB login system
CN116318899B (en) Data encryption and decryption processing method, system, equipment and medium
CN113556365B (en) Authentication result data transmission system, method and device
CN117499160B (en) Network security protection method and system based on electronic file
CN114553510B (en) Service key distribution system, method and readable storage medium
US20230124498A1 (en) Systems And Methods For Whitebox Device Binding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination