CN111311261B - Safe processing method, device and system for online transaction - Google Patents

Safe processing method, device and system for online transaction Download PDF

Info

Publication number
CN111311261B
CN111311261B CN202010111538.5A CN202010111538A CN111311261B CN 111311261 B CN111311261 B CN 111311261B CN 202010111538 A CN202010111538 A CN 202010111538A CN 111311261 B CN111311261 B CN 111311261B
Authority
CN
China
Prior art keywords
encryption
security processing
preprocessing
function code
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010111538.5A
Other languages
Chinese (zh)
Other versions
CN111311261A (en
Inventor
周建平
李平
梁亚女
郑培钿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202010111538.5A priority Critical patent/CN111311261B/en
Publication of CN111311261A publication Critical patent/CN111311261A/en
Application granted granted Critical
Publication of CN111311261B publication Critical patent/CN111311261B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a safe processing method, device and system for online transaction, wherein the method comprises the following steps: generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal; carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed; the message to be processed is sent to an encryption server for encryption security processing; and receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal. The device is used for executing the method. The method, the device and the system for safely processing the online transaction improve the processing efficiency of the online transaction.

Description

Safe processing method, device and system for online transaction
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, an apparatus, and a system for securely processing online transactions.
Background
With the rapid development of the mobile internet, the transaction amount of a banking system is larger and larger, and a large-scale host is basically adopted as a core processing system for domestic banks at present.
In the online transaction process, encryption security processing such as card password generation and verification, generation and verification of the magnetic stripe card CVV (Card Verification Value), generation of a dynamic password, and the like is required. As the transaction amount of the banking system is increased, the encryption security process is more and more frequent, the encryption mode of the encryption equipment of the large host is fixed, the expansion is difficult, and the flexibility is poor. With the development of banking and the improvement of security requirements, a large host is difficult to adapt to the requirements of encryption algorithm updating, and hardware upgrading is difficult to reuse and the cost is high.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a method, a device and a system for safely processing online transactions, which can at least partially solve the problems in the prior art.
In one aspect, the present invention provides a method for securely processing an online transaction, including:
generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal;
carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed;
the message to be processed is sent to an encryption server for encryption security processing;
and receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal.
In another aspect, the present invention provides a secure processing system for online transactions, comprising a service server and an encryption server, wherein the service server is communicatively connected with the encryption server, and the secure processing system comprises:
the service server comprises a receiving module, a service module, a plurality of encryption preprocessing modules and a communication module, wherein the receiving module is connected with the service module, each encryption preprocessing module is respectively connected with the service module and the communication module, the receiving module is used for receiving a transaction request which is sent by a transaction terminal and comprises a transaction code, the service module is used for obtaining a function code according to the transaction code, generating an encryption security processing request carrying the function code, and sending the encryption processing request to the corresponding encryption preprocessing module according to the function code; the encryption preprocessing module is used for carrying out encryption security preprocessing on the encryption security processing request and generating a message to be processed; the communication module is used for sending the message to be processed to the encryption server; the encryption server is used for carrying out encryption and security processing on the message to be processed.
In yet another aspect, the present invention provides a secure processing device for online transactions, comprising:
a generation unit configured to generate an encrypted secure processing request, the encrypted secure processing request including a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal;
the preprocessing unit is used for carrying out encryption security preprocessing on the encryption security processing request according to the function code and generating a message to be processed;
the sending unit is used for sending the message to be processed to an encryption server for encryption security processing;
and the receiving unit is used for receiving the security processing result returned by the encryption server and sending the processing result to the transaction terminal.
In yet another aspect, the present invention provides an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the secure processing method for online transactions of any of the embodiments described above when the program is executed.
In yet another aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the secure processing method for online transactions according to any of the embodiments described above.
The method, the device and the system for safely processing the online transaction, provided by the embodiment of the invention, can generate the encryption safe processing request comprising the function code, carry out encryption safe preprocessing on the encryption safe processing request according to the function code, generate the message to be processed, send the message to be processed to the encryption server for encryption safe processing, receive the safe processing result returned by the encryption server, send the processing result to the transaction terminal, and realize the preprocessing of the encryption processing request through the function code, thereby improving the processing efficiency of the online transaction.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic diagram of a secure processing system for online transactions according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an encryption server according to an embodiment of the present invention.
Fig. 3 is a flowchart of a method for securely processing an online transaction according to an embodiment of the invention.
Fig. 4 is a flowchart of a method for securely processing an online transaction according to another embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a security processing device for online transactions according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a security processing device for online transactions according to another embodiment of the present invention.
Fig. 7 is a schematic structural diagram of a security processing device for online transactions according to another embodiment of the present invention.
Fig. 8 is a schematic physical structure of an electronic device according to an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present invention and their descriptions herein are for the purpose of explaining the present invention, but are not to be construed as limiting the invention. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be arbitrarily combined with each other.
Fig. 1 is a schematic structural diagram of a security processing system for online transactions according to an embodiment of the present invention, and as shown in fig. 1, the security processing system for online transactions according to an embodiment of the present invention includes a service server 1 and an encryption server 2, where the service server 1 is communicatively connected to the encryption server 2, and:
the service server 1 comprises a receiving module 11, a service module 12, a plurality of encryption preprocessing modules 13 and a communication module 14, wherein the receiving module 11 is connected with the service module 12, each encryption preprocessing module 13 is respectively connected with the service module 12 and the communication module 14, the receiving module 11 is used for receiving a transaction request sent by a transaction terminal and sending the transaction request to the service module 12, and the transaction request comprises a transaction code; the service module 12 obtains a corresponding function code according to the transaction code inquiry, generates an encryption security processing request carrying the function code, and then sends the encryption security processing request to a corresponding encryption preprocessing module 13 according to the function code included in the encryption security processing request, wherein the function code corresponding to each encryption preprocessing module 13 is different; the encryption preprocessing module 13 is used for carrying out encryption security preprocessing on the encryption processing request and generating a message to be processed; the communication module 14 is configured to send the message to be processed to the encryption server 2, and a TCP long connection can be established between the communication module 14 and the encryption server 2 for communication, so as to improve communication efficiency; the encryption server 2 is configured to perform encryption security processing on the message to be processed, where the encryption security processing includes card secret verification, CVV value verification, and the like. The function codes corresponding to the encryption preprocessing modules 13 are different, and the function code corresponding to each encryption preprocessing module is set according to actual needs, which is not limited in the embodiment of the present invention. The transaction terminal is, for example, a POS machine, an automatic teller machine, a counter terminal, etc., and the service server 1 may be implemented by a server as an execution body to execute the encryption processing method of the online transaction provided by the embodiment of the present invention, where the transaction code and the function code are preset, and the transaction code corresponds to the function code. The service server 1 is used as an execution body to execute the security processing method of the online transaction provided by the embodiment of the invention.
According to the online transaction security processing system provided by the embodiment of the invention, the encryption service architecture and the service architecture are decoupled, the service server receives the encryption processing request, encryption security preprocessing such as key selection is performed through the plurality of encryption preprocessing modules, and the generated message to be processed is sent to the encryption server for encryption security processing, so that the online transaction security processing efficiency is improved. In addition, by decoupling the encryption service architecture and the service architecture, the encryption server is convenient to upgrade and expand, and the hardware upgrade cost of online transaction is reduced.
Fig. 2 is a schematic structural diagram of an encryption server according to an embodiment of the present invention, and as shown in fig. 2, the encryption server according to an embodiment of the present invention includes an encapsulation interface unit 21, an encryptor unit 22, a key management unit 23, and a security control unit 24, where:
the encryptor unit 22 is configured to provide basic encryption algorithms of various industry standards, and the package interface unit 21 is configured to provide a combined encryption algorithm calling interface, where the combined encryption algorithm is a combined package of various basic encryption algorithms, and is set according to actual needs, which is not limited in the embodiment of the present invention. The key management unit 23 is used for management and preservation of the master key and the work key. The security control unit 24 is used to set user rights. The basic encryption algorithm is combined and packaged through the packaging interface unit 21, so that the encryption algorithm used in online transaction is expanded, and the expandability of the encryption server is improved. The encryption server 2 may further include a platform control management unit for implementing management of the platform encryption layer, mainly including key operation management and monitoring management.
Fig. 3 is a flowchart of a method for securely processing an online transaction according to an embodiment of the present invention, where, as shown in fig. 3, the method for securely processing an online transaction according to an embodiment of the present invention includes:
s301, generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal;
specifically, when online transaction is performed, the transaction terminal sends a transaction request to the service server, wherein the transaction request comprises a transaction code, and after the service server receives the transaction request, an encryption security processing request is generated, and the encryption security processing request comprises a function code, and the function code is obtained according to the transaction code. The function codes and the transaction codes are preset, the transaction codes correspond to the function codes, and each function code corresponds to a preprocessing mode. S302, carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed;
specifically, after the service server generates the encryption security processing request, a preprocessing mode is selected according to the function code to perform encryption security preprocessing on the encryption security processing request to obtain encryption security processing parameters, and then a message to be processed is generated according to a set format, wherein the message to be processed comprises the encryption security processing parameters. The function code is set according to actual needs, and the embodiment of the invention is not limited. The preprocessing mode is set according to actual needs, and the embodiment of the invention is not limited. The encryption security processing parameters are set according to actual needs, and the embodiment of the invention is not limited.
For example, a function code is set to correspond to a preprocessing mode of encryption security preprocessing of card password verification; setting a function code corresponding to a preprocessing mode of encryption security preprocessing of CVV verification of the magnetic stripe card; and setting a function code corresponding to a preprocessing mode of encryption security preprocessing of chip card verification.
S303, sending the message to be processed to an encryption server for encryption security processing;
specifically, after the service server generates the message to be processed, the message to be processed is sent to the encryption server, and after the encryption server receives the message to be processed, the encryption server performs encryption security processing on the message to be processed to obtain a security processing result. The specific process of performing encryption security processing on the message to be processed is the prior art, and details are not described here.
For example, after receiving the message to be processed, the encryption server analyzes the card password according to a preset encryption algorithm and the message to be processed, and then compares the card password with the card password included in the encryption security processing request to realize the verification of the card password, and a verification result of the card password is obtained as the security processing result.
S304, receiving a security processing result returned by the encryption server, and sending the processing result to the transaction terminal.
Specifically, after the encryption server obtains the security processing result, the security processing result is sent to the service server, and the service server sends the received security processing result to the transaction terminal.
The encryption processing method for online transaction provided by the embodiment of the invention can generate the encryption security processing request comprising the function code, carry out encryption security preprocessing on the encryption security processing request according to the function code, generate the message to be processed, send the message to be processed to the encryption server for encryption security processing, receive the security processing result returned by the encryption server, send the processing result to the transaction terminal, realize the preprocessing of the encryption processing request through the function code, and improve the processing efficiency of online transaction. In addition, the encryption security preprocessing and the encryption security processing are used for realizing the security processing of the online transaction, so that the flexibility and the expandability of the encryption processing of the online transaction are improved.
Fig. 4 is a flow chart of a method for securely processing an online transaction according to another embodiment of the present invention, as shown in fig. 4, further, based on the above embodiments, the performing the encryption security preprocessing on the encryption security processing request according to the function code, and generating a to-be-processed message includes:
s3021, selecting a corresponding preprocessing mode according to the function code, and obtaining an encryption security processing parameter according to the function code and the preprocessing parameter included in the encryption security processing request; wherein, the function code corresponds to the preprocessing mode;
specifically, after each function code has a corresponding preprocessing mode, the service server may select a corresponding preprocessing mode according to the encryption security processing request including the function code after receiving the encryption security processing request, where the preprocessing mode sets what encryption security preprocessing needs to be performed on the encryption security processing request including the function code, and obtains encryption security processing parameters according to the function code and the preprocessing parameters included in the encryption security processing request. The preprocessing parameters can comprise a bank card number, a channel identifier and the like, and are set according to actual needs, and the embodiment of the invention is not limited. The function code corresponds to the preprocessing mode.
S3022, forming the message to be processed according to the encryption security processing parameters.
Specifically, after obtaining the encryption security processing parameters, the service server will obtain the encryption security processing parameters to form the message to be processed according to a set format, where the set format is a message format that can be identified by the encryption server.
For example, when a customer handles a withdrawal service at a bank counter, a withdrawal password is input, the card number and the withdrawal password of the customer need to be verified, and the terminal at the bank counter sends a transaction request to the service server, where the transaction request may include a transaction code 1101, a bank card number, a channel identifier, and the withdrawal password input by the customer. After receiving the transaction request, the service server queries and obtains a function code 18507 according to the transaction code 1101 and generates an encryption security processing request, wherein the encryption security processing request comprises the function code 18507, a bank card number, a channel identifier and a withdrawal password input by a customer, and the bank card number, the channel identifier and the withdrawal password input by the customer are preprocessing parameters. After the service server generates the encryption security processing request, the service server obtains the preprocessing of verifying the card secret according to the function code 18507, can obtain the instruction code DSTOV according to the function code 18507, obtain the card storage key and the withdrawal password of the bank card number according to the bank card number, obtain the channel key according to the channel identification query, and then take the instruction code DSTOV, the card storage key, the channel key, the bank card number, the withdrawal password of the bank card number and the withdrawal password input by the customer as encryption security processing parameters. The service server forms a message to be processed by the instruction code DSTOV, the card storage key, the channel key, the bank card number, the withdrawal password of the bank card number and the withdrawal password input by the client and sends the message to the encryption server. After the encryption server obtains the message to be processed, it determines that card secret verification is required according to the instruction code DSTOV, a plaintext of a withdrawal password of the bank card number is obtained according to analysis of a card storage key, a channel key, the bank card number and the withdrawal password of the bank card number, the plaintext of the withdrawal password input by a customer is obtained according to analysis of the withdrawal password input by the customer, the plaintext of the withdrawal password of the bank card number and the plaintext of the withdrawal password input by the customer are compared, if the two plaintext are identical, the card secret verification is passed, and the encryption server returns prompt information that the card secret verification passes to the service server as a safe processing result. If the two plain texts are different, the fact that the card password verification is not passed is indicated, and the encryption server returns prompt information that the card password verification is not passed to the service server as a safety processing result. The transaction code 1101, the function code 18507 and the instruction code DSTOV are all preset, the transaction code 1101 corresponds to the function code 18507, the function code 18507 is used for determining a preprocessing mode of encryption security preprocessing, and the instruction code DSTOV is used for instructing an encryption server to perform card secret verification on a message to be processed. It will be appreciated that for privacy purposes, the card memory key, channel key, customer entered withdrawal code, and bank card number withdrawal code are all transmitted in the form of ciphertext.
For example, upon verifying the CVV value of the magnetic stripe card, the transaction terminal may send a transaction request to the transaction server including the transaction code 1102, the card number, the region identification, and the CVV value to be verified. After receiving the transaction request, the service server queries and obtains a function code 17008 according to the transaction code 1102 and generates an encryption security processing request, wherein the encryption security processing request comprises the function code 17008, a card number, a region identifier and a CVV value to be verified, and the card number, the region identifier and the CVV value to be verified are preprocessing parameters. After the service server generates the encryption security processing request, it obtains the preprocessing for verifying the CVV value according to the function code 17008, and can obtain the command code DSCVG according to the function code 17008, obtain the validity period and the service constraint code according to the card number query, obtain the area key according to the area identifier query, and then use the command code DSCVG, the area key, the validity period, the service constraint code, the card number and the CVV value to be verified as the encryption security processing parameters. The service server forms a message to be processed by the instruction code DSCVG, the area key, the validity period, the service constraint code, the card number and the CVV value to be verified and sends the message to the encryption server. After the encryption server obtains the message to be processed, determining that the CVV value verification of the magnetic stripe card is required according to the instruction code DSCVG, analyzing and obtaining the plaintext of the CVV value of the magnetic stripe card according to the area key, the validity period, the service constraint code and the card number, analyzing and obtaining the plaintext of the CVV value to be verified according to the CVV value to be verified, comparing the plaintext of the CVV value of the magnetic stripe card with the plaintext of the CVV value to be verified, and if the plaintext are identical, indicating that the CVV value verification of the magnetic stripe card is passed, returning prompt information that the CVV value verification of the magnetic stripe card is passed to the service server as a safety processing result by the encryption server. If the two plain texts are different, the fact that the CVV value of the magnetic stripe card is not verified is indicated to be failed, and the encryption server returns prompt information that the CVV value of the magnetic stripe card is not verified to the service server as a safety processing result. The transaction code 1102, the function code 17008 and the instruction code DSCVG are all preset, the transaction code 1102 corresponds to the function code 17008, the function code 17008 is used for determining a preprocessing mode of encryption security preprocessing, and the instruction code DSCVG is used for indicating an encryption server to verify a magnetic stripe card CVV value of a message to be processed. It will be appreciated that for privacy purposes, the CVV value and the region key to be verified are transmitted in the form of ciphertext.
On the basis of the above embodiments, the encryption processing method for online transactions provided by the embodiment of the present invention further includes:
and if the function code is judged to be abnormal, sending error prompt information to the transaction terminal.
Specifically, after receiving the encryption security processing request, the service server compares the encryption security processing request with all preset function codes, if the encryption security processing request includes all the function codes which are different from each other, indicating that the function codes are abnormal, the service server sends error prompt information to the transaction terminal so as to prompt the function code errors in the encryption processing request sent by the transaction terminal.
On the basis of the foregoing embodiments, further, the sending the message to be processed to the encryption server includes:
and sending the message to be processed to the encryption server in a shared memory mode.
Specifically, in order to improve the communication efficiency, the service server sends the message to be processed to the encryption server in a shared memory mode, that is, the service server transmits the message to be processed to the shared memory, and the encryption server reads the message to be processed from the shared memory.
Fig. 5 is a schematic structural diagram of an online transaction security processing apparatus according to an embodiment of the present invention, as shown in fig. 5, further, based on the above embodiments, the online transaction security processing apparatus according to the embodiment of the present invention includes a generating unit 501, a preprocessing unit 502, a transmitting unit 503, and a receiving unit 504, where:
the generating unit 501 is configured to generate an encrypted security processing request, where the encrypted security processing request includes a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal; the preprocessing unit 502 is configured to perform encryption security preprocessing on the encryption security processing request according to the function code, and generate a message to be processed; the sending unit 503 is configured to send the message to be processed to an encryption server for encryption security processing; the receiving unit 504 is configured to receive a security processing result returned by the encryption server, and send the processing result to the transaction terminal.
Specifically, when an online transaction is performed, the transaction terminal sends a transaction request, where the transaction request includes a transaction code, and after receiving the transaction request, the generation unit 501 generates an encrypted security processing request, where the encrypted security processing request includes a function code, where the function code is obtained according to the transaction code query. The function codes and the transaction codes are preset, the transaction codes correspond to the function codes, and each function code corresponds to a preprocessing mode.
After the encryption security processing request is generated, the preprocessing unit 502 selects a preprocessing mode according to the function code to perform encryption security preprocessing on the encryption security processing request, so as to obtain encryption security processing parameters, and then generates a message to be processed according to a set format, wherein the message to be processed includes the encryption security processing parameters. The function code is set according to actual needs, and the embodiment of the invention is not limited. The preprocessing mode is set according to actual needs, and the embodiment of the invention is not limited. The encryption security processing parameters are set according to actual needs, and the embodiment of the invention is not limited.
After the message to be processed is generated, the sending unit 503 sends the message to be processed to the encryption server, and after the encryption server receives the message to be processed, the encryption server performs encryption security processing on the message to be processed, so as to obtain a security processing result. The specific process of performing encryption security processing on the message to be processed is the prior art, and details are not described here.
After obtaining the security processing result, the receiving unit 504 may send the security processing result to the service server, and the service server may send the received security processing result to the transaction terminal.
The encryption processing device for online transaction provided by the embodiment of the invention can generate the encryption security processing request comprising the function code, carry out encryption security preprocessing on the encryption security processing request according to the function code, generate the message to be processed, send the message to be processed to the encryption server for encryption security processing, receive the security processing result returned by the encryption server, send the processing result to the transaction terminal, realize the preprocessing of the encryption processing request through the function code, and improve the processing efficiency of online transaction. In addition, the encryption security preprocessing and the encryption security processing are used for realizing the security processing of the online transaction, so that the flexibility and the expandability of the encryption processing of the online transaction are improved.
Fig. 6 is a schematic structural diagram of a security processing apparatus for online transactions according to another embodiment of the present invention, as shown in fig. 6, further, based on the above embodiments, the preprocessing unit 502 includes a selecting subunit 5021 and a composing subunit 5022, wherein:
the selecting subunit 5021 is configured to select a corresponding preprocessing mode according to the function code, and obtain an encryption security processing parameter according to the function code and a preprocessing parameter included in the encryption security processing request; wherein, the function code corresponds to the preprocessing mode; the composition subunit 5022 is configured to compose the message to be processed according to the encryption security processing parameter.
Specifically, after each function code has a corresponding preprocessing mode and receives the encryption security processing request, the selecting subunit 5021 may select the corresponding preprocessing mode according to the encryption security processing request including the function code, where the preprocessing mode sets what kind of encryption security preprocessing needs to be performed on the encryption security processing request including the function code, and obtains the encryption security processing parameter according to the function code and the preprocessing parameter included in the encryption security processing request. The preprocessing parameters can comprise a bank card number, a channel identifier and the like, and are set according to actual needs, and the embodiment of the invention is not limited. The function code corresponds to the preprocessing mode.
After obtaining the encryption security processing parameters, the component subunit 5022 will obtain the encryption security processing parameters to form the message to be processed according to a set format, where the set format is a message format that can be identified by the encryption server.
Fig. 7 is a schematic structural diagram of an online transaction security processing apparatus according to another embodiment of the present invention, as shown in fig. 7, further the online transaction security processing apparatus according to the embodiment of the present invention further includes a determining unit 505, where:
the judging unit 505 is configured to send an error prompt message to the transaction terminal after judging that the function code is abnormal.
Specifically, after receiving the encryption security processing request, the determining unit 505 compares the function code included in the encryption security processing request with all preset function codes, and if the function code included in the encryption security processing request is different from all preset function codes, indicating that the function code is abnormal, the service server sends error prompt information to the transaction terminal to prompt that the function code in the encryption processing request sent by the transaction terminal is wrong.
Further, on the basis of the above embodiments, the transmitting unit 503 is specifically configured to:
and sending the message to be processed to the encryption server in a shared memory mode.
Specifically, in order to improve the communication efficiency, the sending unit 503 sends the message to be processed to the encryption server through a shared memory manner, that is, the service server transmits the message to be processed to the shared memory, and the encryption server reads the message to be processed from the shared memory.
The embodiment of the online transaction security processing device provided in the embodiment of the present invention may be specifically used to execute the processing flow of each method embodiment, and the functions thereof are not described herein again, and reference may be made to the detailed description of the method embodiments.
Fig. 8 is a schematic physical structure of an electronic device according to an embodiment of the present invention, as shown in fig. 8, the electronic device may include: a processor 801, a communication interface (Communications Interface) 802, a memory 803, and a communication bus 804, wherein the processor 801, the communication interface 802, and the memory 803 communicate with each other through the communication bus 804. The processor 801 may call logic instructions in the memory 803 to perform the following method: generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal; carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed; the message to be processed is sent to an encryption server for encryption security processing; and receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal.
Further, the logic instructions in the memory 803 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, randomAccess Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example comprising: generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal; carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed; the message to be processed is sent to an encryption server for encryption security processing; and receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal.
The present embodiment provides a computer-readable storage medium storing a computer program that causes the computer to execute the methods provided by the above-described method embodiments, for example, including: generating an encryption security processing request, wherein the encryption security processing request comprises a function code; wherein the encryption security processing request is generated after receiving a transaction request sent by the transaction terminal; carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed; the message to be processed is sent to an encryption server for encryption security processing; and receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present specification, reference to the terms "one embodiment," "one particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (9)

1. A method for securely processing an online transaction, comprising:
generating an encryption security processing request, wherein the encryption security processing request comprises a function code; the encryption security processing request is generated after receiving a transaction request sent by a transaction terminal;
carrying out encryption security preprocessing on the encryption security processing request according to the function code, and generating a message to be processed;
the message to be processed is sent to an encryption server for encryption security processing;
receiving a security processing result returned by the encryption server and sending the processing result to the transaction terminal;
the step of carrying out encryption security preprocessing on the encryption security processing request according to the function code and generating a message to be processed comprises the following steps:
selecting a corresponding preprocessing mode according to the function code, and obtaining an encryption security processing parameter according to the function code and the preprocessing parameter included in the encryption security processing request; wherein, the function code corresponds to the preprocessing mode;
and forming the message to be processed according to the encryption security processing parameters.
2. The method as recited in claim 1, further comprising:
and if the function code is judged to be abnormal, sending error prompt information to the transaction terminal.
3. The method according to claim 1 or 2, wherein the sending the message to be processed to an encryption server comprises:
and sending the message to be processed to the encryption server in a shared memory mode.
4. A secure processing system for online transactions, comprising a service server and an encryption server, the service server and the encryption server being communicatively coupled, wherein:
the service server comprises a receiving module, a service module, a plurality of encryption preprocessing modules and a communication module, wherein the receiving module is connected with the service module, each encryption preprocessing module is respectively connected with the service module and the communication module, the receiving module is used for receiving a transaction request which is sent by a transaction terminal and comprises a transaction code, the service module is used for obtaining a function code according to the transaction code, generating an encryption security processing request carrying the function code, and sending the encryption security processing request to the corresponding encryption preprocessing module according to the function code; the encryption preprocessing module is used for carrying out encryption security preprocessing on the encryption security processing request and generating a message to be processed; the communication module is used for sending the message to be processed to the encryption server; the encryption server is used for carrying out encryption security processing on the message to be processed;
the encryption preprocessing module is specifically configured to select a corresponding preprocessing mode according to the function code, and obtain an encryption security processing parameter according to the function code and a preprocessing parameter included in the encryption security processing request; wherein, the function code corresponds to the preprocessing mode; and forming the message to be processed according to the encryption security processing parameters.
5. A secure processing device for online transactions, comprising:
a generation unit configured to generate an encrypted secure processing request, the encrypted secure processing request including a function code; the encryption security processing request is generated after receiving a transaction request sent by a transaction terminal;
the preprocessing unit is used for carrying out encryption security preprocessing on the encryption security processing request according to the function code and generating a message to be processed;
the sending unit is used for sending the message to be processed to an encryption server for encryption security processing;
the receiving unit is used for receiving the security processing result returned by the encryption server and sending the processing result to the transaction terminal;
wherein the preprocessing unit includes:
the selecting subunit is used for selecting a corresponding preprocessing mode according to the function code and obtaining an encryption security processing parameter according to the function code and the preprocessing parameter included in the encryption security processing request; wherein, the function code corresponds to the preprocessing mode;
and the composition subunit is used for composing the message to be processed according to the encryption security processing parameters.
6. The apparatus as recited in claim 5, further comprising:
and the judging unit is used for sending error prompt information to the transaction terminal after judging that the function code is abnormal.
7. The apparatus according to claim 5 or 6, wherein the transmitting unit is specifically configured to:
and sending the message to be processed to the encryption server in a shared memory mode.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and running on the processor, characterized in that the processor implements the steps of the method of any of claims 1 to 3 when executing the computer program.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 3.
CN202010111538.5A 2020-02-24 2020-02-24 Safe processing method, device and system for online transaction Active CN111311261B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010111538.5A CN111311261B (en) 2020-02-24 2020-02-24 Safe processing method, device and system for online transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010111538.5A CN111311261B (en) 2020-02-24 2020-02-24 Safe processing method, device and system for online transaction

Publications (2)

Publication Number Publication Date
CN111311261A CN111311261A (en) 2020-06-19
CN111311261B true CN111311261B (en) 2023-07-21

Family

ID=71160191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010111538.5A Active CN111311261B (en) 2020-02-24 2020-02-24 Safe processing method, device and system for online transaction

Country Status (1)

Country Link
CN (1) CN111311261B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143278B (en) * 2021-11-26 2024-02-23 中国银行股份有限公司 Message processing method and server for supporting peripheral system cryptographic upgrade by core system
CN117097564B (en) * 2023-10-18 2024-02-02 沃通电子认证服务有限公司 Password service calling method, device, terminal equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101877835A (en) * 2010-04-21 2010-11-03 钱袋网(北京)信息技术有限公司 STK (SIM (Subscriber Identity Module) Tool Kit) business processing method and system as well as mobile terminal
CN106296177A (en) * 2016-08-30 2017-01-04 中国民生银行股份有限公司 Data processing method based on bank's Mobile solution and equipment
CN106960335A (en) * 2017-03-28 2017-07-18 中国建设银行股份有限公司 System outer call method, device and communication system
WO2018113508A1 (en) * 2016-12-23 2018-06-28 中国银联股份有限公司 Ciphertext-based identity verification method
CN110580225A (en) * 2019-09-20 2019-12-17 中国银行股份有限公司 Simulation method and device of service system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8245292B2 (en) * 2005-11-16 2012-08-14 Broadcom Corporation Multi-factor authentication using a smartcard

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101877835A (en) * 2010-04-21 2010-11-03 钱袋网(北京)信息技术有限公司 STK (SIM (Subscriber Identity Module) Tool Kit) business processing method and system as well as mobile terminal
CN106296177A (en) * 2016-08-30 2017-01-04 中国民生银行股份有限公司 Data processing method based on bank's Mobile solution and equipment
WO2018113508A1 (en) * 2016-12-23 2018-06-28 中国银联股份有限公司 Ciphertext-based identity verification method
CN106960335A (en) * 2017-03-28 2017-07-18 中国建设银行股份有限公司 System outer call method, device and communication system
CN110580225A (en) * 2019-09-20 2019-12-17 中国银行股份有限公司 Simulation method and device of service system

Also Published As

Publication number Publication date
CN111311261A (en) 2020-06-19

Similar Documents

Publication Publication Date Title
CN110099048B (en) Cloud storage method and equipment
CN109872155A (en) Data processing method and device
CN111311261B (en) Safe processing method, device and system for online transaction
KR20130026423A (en) Method for identifying and authenticating an rfid tag by a reader
CN111800262B (en) Digital asset processing method and device and electronic equipment
CN113472716B (en) System access method, gateway device, server, electronic device and storage medium
CN103905400A (en) Service authentication method, apparatus and system
CN111161062A (en) Cross-chain transaction method and device
US20230088837A1 (en) Secure password generation and management using nfc and contactless smart cards
CN104993932A (en) Method for improving signature safety
CN109213572A (en) A kind of confidence level based on virtual machine determines method and server
CN105635164A (en) Method and device for security authentication
EP3416118A1 (en) Method of controlling compliance between a payment key and a cardholder verification method
KR101676846B1 (en) Mutual verification system and method performing thereof
CN117240473A (en) Electronic contract signing method, electronic contract signing device, electronic equipment and storage medium
CN115396443B (en) Time factor-based alliance chain consensus method, device, equipment and storage medium
JP2018093372A (en) Authentication method, authenticated device and authentication device
CN113222612B (en) Medical insurance card swiping transaction system and method based on blockchain
CN106779703B (en) Dynamic realization method and device for centralized management of bank card key
CN112291189B (en) Method, device, equipment and storage medium for sending and checking ciphertext
CN105281913B (en) Electronic evidence processing method, system and dynamic code service system for electronic signature
CN114423005B (en) Wireless network configuration method, device, equipment and machine-readable storage medium
US20220337581A1 (en) Authenticated messaging session with contactless card authentication
CN113313888B (en) ATM card-free withdrawal system and method based on block chain
CN107196946A (en) A kind of safety certifying method logged in based on barcode scanning and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant