CN112150155A - Method and system for verifying account balance to prevent tampering - Google Patents
Method and system for verifying account balance to prevent tampering Download PDFInfo
- Publication number
- CN112150155A CN112150155A CN202011115185.2A CN202011115185A CN112150155A CN 112150155 A CN112150155 A CN 112150155A CN 202011115185 A CN202011115185 A CN 202011115185A CN 112150155 A CN112150155 A CN 112150155A
- Authority
- CN
- China
- Prior art keywords
- balance
- user
- check value
- key
- auxiliary check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a method for verifying account balance tamper resistance, which comprises the following steps: generating a key belonging to the user by using the unique identification of the user; several attributes are then selected from the user's shopping activities to participate in the generation of balance assisted check values, such as last time consumed, user unique identification, account balance, etc. And splicing the attributes, adding a key of the user, performing 32-bit length digest obtained by MD5, and storing the obtained value which is a balance auxiliary check value calculated by the balance at the last consumption time of the user. When the user consumes the next time, the new auxiliary check value is calculated again, and whether the current auxiliary check value is matched with the balance auxiliary check value or not is judged, so that the balance of the account is verified, and the safety of the account is improved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for verifying account balance tamper resistance.
Background
In a mall type project, when the user consumes the balance, the system checks whether the balance is sufficient, if so, the purchase is allowed, otherwise, the purchase is not allowed. However, if someone maliciously obtains the database authority, balance data in an account number table of the database are maliciously modified, so that illegal profit-making is carried out, and a company will cause loss. In order to prevent such situations, not only the security management of the database server is required, but also the special verification of the balance can be performed from the programming point of view to verify whether the balance is tampered with maliciously. The existing method generally manages the database server in a safety mode, and the method needs a large amount of cost for maintenance and management.
Disclosure of Invention
In order to overcome the problems, the invention aims to provide a method for verifying the balance of an account to prevent tampering, which can carry out tamper-proof verification on the balance safety of a business scene containing balance consumption, and improves the safety of a user account.
The invention is realized by adopting the following scheme: a method of verifying account balance tamper resistance, the method comprising the steps of:
step S1, generating the key belonging to the user by the unique identification of the user;
step S2, selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, where the several attributes include: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
step S3, when the user consumes the next time, recalculating a new auxiliary check value MoneyCheckValue, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are inconsistent, indicating that the balance is tampered, not allowing to deduct money, if the balance indicates that the verification is successful, entering step S4;
and S4, deducting the balance to obtain the remaining balance and the last consumption time, executing the step S2 to generate a new auxiliary verification value MoneyCheckValue, and storing the new auxiliary verification value MoneyCheckValue for tamper-proof verification in the next consumption.
Further, the step S1 is further specifically: if the user consumes the balance, entering a verification stage, judging whether the balance is sufficient or not, if the balance is insufficient, prompting that the balance is insufficient, and ending the process; and if the quantity of the key is sufficient, generating a key belonging to the user through the unique identification of the user, namely obtaining the unique identification UserID of the user, setting a Des key, performing Des encryption on the unique identification UserID of the user, and generating a key UserKey belonging to the user.
Further, the last consumption time and the account balance are respectively expressed by LastTime and MyMoney; then the attributes are spliced, and the user's own key is added, that is: LastTime + MyMoney + UserKey, spliced and then MD5 is carried out to obtain a 32-bit length abstract.
The invention also provides a system for verifying the account balance tamper resistance, which comprises: the system comprises a user key generation module, a balance auxiliary check value generation module, a comparison module and a next consumption processing module;
the user key generation module is used for generating a key belonging to the user through the unique identification of the user;
the balance auxiliary check value generation module is used for selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, wherein the several attributes comprise: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
the comparison module is used for recalculating a new auxiliary check value MoneyCheckValue when the user consumes the next time, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance is inconsistent, indicating that the balance is tampered, not allowing money deduction, and if the balance indicates that the verification is successful, entering the next consumption processing module;
and the next consumption processing module is used for deducting the balance, obtaining the residual balance and the last consumption time, executing the balance auxiliary check value generating module to generate a new auxiliary check value MoneyCheckValue, storing the new auxiliary check value MoneyCheckValue and performing anti-tampering check in the next consumption.
Further, the implementation manner of the user key generation module is further specifically: if the user consumes the balance, entering a verification stage, judging whether the balance is sufficient or not, if the balance is insufficient, prompting that the balance is insufficient, and ending the process; and if the quantity of the key is sufficient, generating a key belonging to the user through the unique identification of the user, namely obtaining the unique identification UserID of the user, setting a Des key, performing Des encryption on the unique identification UserID of the user, and generating a key UserKey belonging to the user.
Further, the last consumption time and the account balance are respectively expressed by LastTime and MyMoney; then the attributes are spliced, and the user's own key is added, that is: LastTime + MyMoney + UserKey, spliced and then MD5 is carried out to obtain a 32-bit length abstract.
The invention has the beneficial effects that: the method generates an auxiliary check value by generating the balance auxiliary check value, compares the auxiliary check value MoneyCheckvalue obtained after last consumption with the balance auxiliary check value CurrentMoneyvalue which is consumed at the beginning of the current time to verify whether the balance of the account is tampered, can perform anti-tampering check on the balance safety of a business scene containing balance consumption, improves the account safety, and effectively guarantees the benefits of companies.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
FIG. 2 is a schematic flow chart of a method according to an embodiment of the present invention.
Fig. 3 is a schematic block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, a method for verifying account balance tamper resistance according to the present invention includes the following steps:
step S1, generating the key belonging to the user by the unique identification of the user;
step S2, selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, where the several attributes include: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
step S3, when the user consumes the next time, recalculating a new auxiliary check value MoneyCheckValue, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are inconsistent, indicating that the balance is tampered, not allowing to deduct money, if the balance indicates that the verification is successful, entering step S4;
and S4, deducting the balance to obtain the remaining balance and the last consumption time, executing the step S2 to generate a new auxiliary verification value MoneyCheckValue, and storing the new auxiliary verification value MoneyCheckValue for tamper-proof verification in the next consumption.
The invention is further illustrated below with reference to a specific embodiment:
referring to fig. 2, a method for verifying account balance tamper resistance according to the present invention includes the following steps:
step 1: the user consumes the balance and enters a verification stage;
step 2: judging whether the balance is sufficient, if so, entering the step 3, otherwise, prompting that the balance is insufficient, and ending the process;
and step 3: performing a first part of calculation and verification to generate a key UserKey belonging to a user;
step 3.1: obtaining a user unique identification UserID, for example UserID = 889880;
step 3.2: setting a Des key for the system, for example Des key = YzS 990;
step 3.3: des encryption of UserID was performed, DesEncrypt (889880, YzS990) = c9Ks + pJHM9c =. ' c9Ks + pJHM9c = ' as a user's own key UserKey to be used in the following step of generating a digest;
and 4, step 4: calculating a balance auxiliary check value CurrentMoneyCheckValue in the current state;
step 4.1: obtaining last consumption time LastTime = 2020-10-0820: 30: 21;
step 4.2: obtaining the balance after the last consumption (namely the current balance before the current consumption) MyMoney = 105;
step 4.3: splicing LastTime, MyMoney and UserKey to obtain an MD5 original text string text = 2020-10-0820: 30:21105c9Ks + pJHM9c =;
step 4.4: MD5 is carried out to obtain a 32-bit length abstract CurrentMoneyCheckValue =16767C2F65F9D189C08127EE7D5BE 555;
and 5: comparing whether the CurrentMoneyValue is consistent with the MoneyCheckValue stored by the user after last consumption, if so, judging that the MoneyValue is legal, and if not, judging that the MoneyCheckValue is illegal;
step 6: legally consuming, and deducting the balance to obtain the residual balance and the final consumption time;
and 7: and repeating the step 3-4 to generate a new MoneyCheckValue, and storing the new MoneyCheckValue for tamper-proof verification in the next consumption.
The code for calculating the balance auxiliary check value is as follows:
public string GetMoneyCheckValue(string userid, string money, string lastTime)
{
string desKey = "YzS990";
string userKey = DesEncrypt(userid,desKey);
string text = money + lastTime + userKey;
string moneyCheckValue = MD5(text);
return moneyCheckValue;
}
therefore, the balance safety of the business scene containing the balance consumption can be subjected to tamper-proof verification, and the safety of the user account is improved.
Referring to fig. 3, the present invention further provides a system for verifying tamper resistance of an account balance, the system comprising: the system comprises a user key generation module, a balance auxiliary check value generation module, a comparison module and a next consumption processing module;
the user key generation module is used for generating a key belonging to the user through the unique identification of the user;
the balance auxiliary check value generation module is used for selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, wherein the several attributes comprise: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
the comparison module is used for recalculating a new auxiliary check value MoneyCheckValue when the user consumes the next time, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance is inconsistent, indicating that the balance is tampered, not allowing money deduction, and if the balance indicates that the verification is successful, entering the next consumption processing module;
and the next consumption processing module is used for deducting the balance, obtaining the residual balance and the last consumption time, executing the balance auxiliary check value generating module to generate a new auxiliary check value MoneyCheckValue, storing the new auxiliary check value MoneyCheckValue and performing anti-tampering check in the next consumption.
The implementation manner of the user key generation module is further specifically: if the user consumes the balance, entering a verification stage, judging whether the balance is sufficient or not, if the balance is insufficient, prompting that the balance is insufficient, and ending the process; and if the quantity of the key is sufficient, generating a key belonging to the user through the unique identification of the user, namely obtaining the unique identification UserID of the user, setting a Des key, performing Des encryption on the unique identification UserID of the user, and generating a key UserKey belonging to the user.
The last consumption time and the account balance are respectively expressed by LastTime and MyMoney; then the attributes are spliced, and the user's own key is added, that is: LastTime + MyMoney + UserKey, spliced and then MD5 is carried out to obtain a 32-bit length abstract.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (6)
1. A method of verifying account balance tamper resistance, characterized by: the method comprises the following steps:
step S1, generating the key belonging to the user by the unique identification of the user;
step S2, selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, where the several attributes include: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
step S3, when the user consumes the next time, recalculating a new auxiliary check value MoneyCheckValue, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are inconsistent, indicating that the balance is tampered, not allowing to deduct money, if the balance indicates that the verification is successful, entering step S4;
and S4, deducting the balance to obtain the remaining balance and the last consumption time, executing the step S2 to generate a new auxiliary verification value MoneyCheckValue, and storing the new auxiliary verification value MoneyCheckValue for tamper-proof verification in the next consumption.
2. The method of claim 1, wherein the method comprises: the step S1 further includes: if the user consumes the balance, entering a verification stage, judging whether the balance is sufficient or not, if the balance is insufficient, prompting that the balance is insufficient, and ending the process; and if the quantity of the key is sufficient, generating a key belonging to the user through the unique identification of the user, namely obtaining the unique identification UserID of the user, setting a Des key, performing Des encryption on the unique identification UserID of the user, and generating a key UserKey belonging to the user.
3. The method of claim 2, wherein the method comprises: the last consumption time and the account balance are respectively expressed by LastTime and MyMoney; then the attributes are spliced, and the user's own key is added, that is: LastTime + MyMoney + UserKey, spliced and then MD5 is carried out to obtain a 32-bit length abstract.
4. A system for verifying account balance tamper resistance, comprising: the system comprises: the system comprises a user key generation module, a balance auxiliary check value generation module, a comparison module and a next consumption processing module;
the user key generation module is used for generating a key belonging to the user through the unique identification of the user;
the balance auxiliary check value generation module is used for selecting several attributes from the shopping behavior of the user to participate in the generation of the balance auxiliary check value, wherein the several attributes comprise: final consumption time, account balance; splicing the attributes, adding a key of the user, performing MD5 to obtain a 32-bit length abstract, and storing the obtained value which is a balance auxiliary check value CurrentMoneyValue calculated by the balance of the user at the last consumption time;
the comparison module is used for recalculating a new auxiliary check value MoneyCheckValue when the user consumes the next time, comparing whether the balance auxiliary check value CurrentMoneyValue and the auxiliary check value MoneyCheckValue are consistent or not, if the balance is inconsistent, indicating that the balance is tampered, not allowing money deduction, and if the balance indicates that the verification is successful, entering the next consumption processing module;
and the next consumption processing module is used for deducting the balance, obtaining the residual balance and the last consumption time, executing the balance auxiliary check value generating module to generate a new auxiliary check value MoneyCheckValue, storing the new auxiliary check value MoneyCheckValue and performing anti-tampering check in the next consumption.
5. The method of claim 4, wherein the method comprises: the implementation manner of the user key generation module is further specifically: if the user consumes the balance, entering a verification stage, judging whether the balance is sufficient or not, if the balance is insufficient, prompting that the balance is insufficient, and ending the process; and if the quantity of the key is sufficient, generating a key belonging to the user through the unique identification of the user, namely obtaining the unique identification UserID of the user, setting a Des key, performing Des encryption on the unique identification UserID of the user, and generating a key UserKey belonging to the user.
6. The method of claim 5, wherein the method comprises: the last consumption time and the account balance are respectively expressed by LastTime and MyMoney; then the attributes are spliced, and the user's own key is added, that is: LastTime + MyMoney + UserKey, spliced and then MD5 is carried out to obtain a 32-bit length abstract.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011115185.2A CN112150155A (en) | 2020-10-19 | 2020-10-19 | Method and system for verifying account balance to prevent tampering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011115185.2A CN112150155A (en) | 2020-10-19 | 2020-10-19 | Method and system for verifying account balance to prevent tampering |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112150155A true CN112150155A (en) | 2020-12-29 |
Family
ID=73953197
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011115185.2A Pending CN112150155A (en) | 2020-10-19 | 2020-10-19 | Method and system for verifying account balance to prevent tampering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112150155A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107749085A (en) * | 2017-10-25 | 2018-03-02 | 北京匡恩网络科技有限责任公司 | Ticket card, method and machinable medium using ticket card |
| US20190220881A1 (en) * | 2018-01-17 | 2019-07-18 | Mastercard International Incorporated | Systems, methods and computer readable media for creating and processing a digital voucher |
| CN110175838A (en) * | 2019-05-24 | 2019-08-27 | 广东飞企互联科技股份有限公司 | Offline barcode scanning method of payment and offline barcode scanning payment mechanism |
-
2020
- 2020-10-19 CN CN202011115185.2A patent/CN112150155A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107749085A (en) * | 2017-10-25 | 2018-03-02 | 北京匡恩网络科技有限责任公司 | Ticket card, method and machinable medium using ticket card |
| US20190220881A1 (en) * | 2018-01-17 | 2019-07-18 | Mastercard International Incorporated | Systems, methods and computer readable media for creating and processing a digital voucher |
| CN110175838A (en) * | 2019-05-24 | 2019-08-27 | 广东飞企互联科技股份有限公司 | Offline barcode scanning method of payment and offline barcode scanning payment mechanism |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108665359B (en) | Block chain processing method, accounting node and verification node | |
| CN101689237B (en) | Activation system architecture | |
| US20090031135A1 (en) | Tamper Proof Seal For An Electronic Document | |
| CN108009445B (en) | Semi-centralized trusted data management system | |
| CN106779698B (en) | Method, system and device for distributing payment mark and safely paying payment mark | |
| BG64913B1 (en) | Method for verifying the validity of digital franking notes | |
| WO2006028920A2 (en) | Method and system for automatic audit trail | |
| CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
| CN110866223B (en) | Copyright protection method based on block chain and picture steganography | |
| CN106652182A (en) | Charging card management system and method | |
| CN115222410A (en) | Block chain based transaction uplink method and device, electronic equipment and storage medium | |
| CN114626046A (en) | Electronic signature method based on intelligent password key | |
| CN114356919A (en) | Watermark embedding method, tracing method and device for structured database | |
| CN106953880B (en) | Data processing method and system, sub server and main server | |
| CN107948973B (en) | Equipment fingerprint generation method applied to IOS (input/output system) for security risk control | |
| CN111490870B (en) | Seal registration method, verification method and anti-counterfeiting system based on blockchain | |
| CN112328975A (en) | Product software authorization management method, terminal device and medium | |
| CN112150155A (en) | Method and system for verifying account balance to prevent tampering | |
| CN112149186B (en) | Data tamper-proofing method and system based on abstract algorithm | |
| CN112085469B (en) | Data approval method, device, equipment and storage medium based on vector machine model | |
| CN114239058A (en) | Electronic bill management method and system based on state cryptographic algorithm fine-grained privacy protection | |
| CN110879835A (en) | Data processing method, device and equipment based on block chain and readable storage medium | |
| CN112561198B (en) | Block chain-based data processing method, device, equipment and readable storage medium | |
| CN113469758B (en) | Billing method, device, equipment and storage medium of blockchain and tax system | |
| CN113554497A (en) | Bidding process node control method and device, computer equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20201229 |