CN112529578A - Payment password management method, system, computer equipment and storage medium - Google Patents

Payment password management method, system, computer equipment and storage medium Download PDF

Info

Publication number
CN112529578A
CN112529578A CN202011496909.2A CN202011496909A CN112529578A CN 112529578 A CN112529578 A CN 112529578A CN 202011496909 A CN202011496909 A CN 202011496909A CN 112529578 A CN112529578 A CN 112529578A
Authority
CN
China
Prior art keywords
password
hash
user
payment
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011496909.2A
Other languages
Chinese (zh)
Inventor
李帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Consumer Finance Co Ltd
Original Assignee
Ping An Consumer Finance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Consumer Finance Co Ltd filed Critical Ping An Consumer Finance Co Ltd
Priority to CN202011496909.2A priority Critical patent/CN112529578A/en
Publication of CN112529578A publication Critical patent/CN112529578A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Abstract

The application relates to the technical field of passwords, and provides a payment password management method, a payment password management system, computer equipment and a storage medium, wherein when the payment password is set, a first encrypted password transmitted by a client through a transmission layer is received; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password; decrypting the first encrypted password to obtain a first hash password; and encrypting the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binding the second encryption password with the user and storing the second encryption password in a database. The preset payment password is saved in the application in a form of a plaintext password, uniqueness can be guaranteed, and the security of the payment password is improved.

Description

Payment password management method, system, computer equipment and storage medium
Technical Field
The present application relates to the field of cryptographic technologies, and in particular, to a method, a system, a computer device, and a storage medium for managing a payment password.
Background
At present, 6-bit payment passwords are kept, verified and used secretly in the industry, the security level of the payment passwords is high, and each payment system has a set of payment password management system.
At present, the payment password is usually stored in the industry in a hash manner, but when different users set the same payment password, duplicate data may exist. Therefore, it is necessary to ensure that the password for each user is unique and different.
At present, a service end in the industry can obtain a payment password of a plaintext, the payment password is compared with a database directly to determine whether the payment password is the same or not, and certain safety defects are caused by using the password at night.
At present, in a plurality of service scenes, if the payment password is required to be verified, a common mode in the industry is to transmit the payment password through a service code for verification, so that the payment password can be transmitted among a plurality of systems, and a safety risk exists.
Therefore, the current payment passwords have security defects in the processes of storage, verification and use.
Disclosure of Invention
The application mainly aims to provide a payment password management method, a payment password management system, a computer device and a storage medium, and aims to overcome the defect that a server side is unsafe when the payment password is stored at the present time.
In order to achieve the above object, the present application provides a payment password management method, which is applied to a server and includes the following steps:
when setting a payment password, receiving a first encryption password transmitted by a client through a transmission layer; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password;
decrypting the first encrypted password to obtain the first hash password;
and encrypting the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binding the second encryption password with the user and storing the second encryption password in a database.
Further, the step of encrypting the first hash password by the user-defined password to obtain a second encrypted password includes:
generating a virtual encryption machine according to the pre-configured parameters; the parameters comprise self-defined offset of a server, CPU consumption, a secret key and a salt length;
and encrypting the first Hash password based on the virtual encryption machine to obtain the second encryption password.
Further, after the step of encrypting the first hash password by the user-defined password device to obtain a second encrypted password, and binding and storing the second encrypted password and the user in a database, the method further includes:
receiving a third encrypted password transmitted by the client through the transmission layer when the payment transaction is carried out; when a user initiates a payment transaction at the client, the client acquires a payment password input by the user and acquires credential information of the user; combining the credential information of the user with the payment password to obtain a second combined password, and performing hash calculation on the second combined password to obtain a second hash password; the client encrypts the second hash password to obtain a third encrypted password;
acquiring a second encryption password corresponding to the user from the database;
verifying the third encrypted password based on the second encrypted password.
Further, the step of verifying the third encryption password based on the second encryption password comprises:
decrypting the third encrypted password to obtain the second hash password;
encrypting the second hash password based on the self-defined password device to obtain a fourth encrypted password;
and verifying whether the fourth encryption password is consistent with the second encryption password, and if so, judging that the payment password input by the user is correct.
Further, the step of verifying the third encryption password based on the second encryption password comprises:
decrypting the third encrypted password to obtain the second hash password;
decrypting the second encrypted password based on the self-defined password device to obtain the first hash password;
and verifying whether the first hash password is consistent with the second hash password, and if so, judging that the payment password input by the user is correct.
Further, after the step of verifying the third encryption password based on the second encryption password, the method includes:
when the payment password is verified to be correct, generating a stateless token, and transmitting the token to the client through the transfer layer; when the client needs to access a service system to request service, the token is transmitted to the service system;
receiving the token sent by the business system, and verifying the token;
and feeding back the verification result to the service system so as to return a service processing result to the client through the service system according to the verification result.
Further, the step of generating a stateless token includes:
acquiring user attributes of the user, wherein the user attributes at least comprise the credential information;
performing hash calculation on the user attribute to obtain an attribute hash value;
generating a random number of eight bits by adopting a random algorithm;
and combining the attribute hash value with the random number to obtain the token.
The application also provides a payment password management system, which comprises a client, a transfer layer and a server;
when a payment password is set, the client acquires a preset payment password input by a user and acquires credential information of the user; combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password;
the client encrypts the first Hash password to obtain a first encrypted password, and transmits the first encrypted password to the server through the transmission layer;
the server decrypts the first encrypted password to obtain a first hash password;
and the server encrypts the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binds the second encryption password with the user and stores the second encryption password in a database.
The present application further provides a computer device comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of any one of the above methods when executing the computer program.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of any of the above.
According to the payment password management method, the payment password management system, the computer equipment and the storage medium, when the payment password is set, a first encryption password transmitted by a client through a transmission layer is received; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password; decrypting the first encrypted password to obtain the first hash password; and encrypting the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binding the second encryption password with the user and storing the second encryption password in a database. The payment password stored in the server side in advance is not stored in a plaintext password mode, uniqueness can be guaranteed, meanwhile, encryption modes of the client side and the server side are not communicated, and safety of payment password storage is improved.
Drawings
FIG. 1 is a diagram illustrating the steps of a payment password management method according to an embodiment of the present application;
FIG. 2 is a block diagram of a payment password management system according to an embodiment of the present application;
fig. 3 is a block diagram illustrating a structure of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Referring to fig. 1, an embodiment of the present application provides a method for managing a payment password, which is applied to a server and includes the following steps:
step S1, when setting payment password, receiving the first encryption password transmitted by the client through the transmission layer; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password;
step S2, decrypting the first encrypted password to obtain the first hash password;
and step S3, encrypting the first hash password based on a self-defined password device to obtain a second encryption password, and binding and storing the second encryption password and the user in a database.
In this embodiment, the above-mentioned payment password management method is used for managing the payment password, including saving, verifying, transferring and using the payment password. The payment password is stored, so that the payment password set by the user can be conveniently stored, and the payment password can be verified in the following process; verifying a payment password typically occurs in a payment scenario to effect verification of the password; the transfer of the payment password is used in the transfer of the payment password among a plurality of service terminals.
In this embodiment, the method for managing a payment password is applied to a system for managing a payment password, and the system may include a client, a delivery layer, and a server, where the client is usually the end where a user is located, and is used for the user to input a password, initiate a request, and the like. The transmission layer is a network transmission layer, and two ends of the transmission layer are respectively connected with the client and the server to realize data transmission between the client and the server. The server is a management end for storing the payment password and verifying the payment password.
When a user needs to set a payment password on an application, the user can log in the corresponding application on the client and input a preset payment password that the user wants, wherein the preset payment password is usually 6 digits. In order to avoid the server getting the plaintext password of the user, the client needs to perform hash calculation on the preset payment password. Meanwhile, as the preset payment passwords set by different users may be the same, the hash passwords obtained after hash calculation are consistent. Therefore, in this embodiment, salt is added before the hash calculation of the preset payment password, and the salt value is user credential information (different for each user), thereby ensuring the difference of hash results in the same password scenario among multiple users. Specifically, the credential information of the user and the preset payment password may be combined to obtain a first combined password, and then the first combined password is subjected to hash calculation to obtain a first hash password.
In order to avoid tampering and hijacking when the first hash password is transmitted to the server through the transmission layer, the client further encrypts the first hash password by using a public key to obtain a first encrypted password, and then transmits the first encrypted password to the server through the transmission layer. In this embodiment, an RSA encryption mode is adopted, the client public key is encrypted, and the server private key is decrypted, so that the security of a transfer layer is ensured, and data tampering after packet capture is prevented.
As described in step S1, the server receives the first encrypted password, which is not a plaintext password, so as to improve the security of the password.
As stated in the step S2, the server decrypts the first encrypted password by using the private key to obtain the first hash password, where the first hash password is not a plaintext password, and the server cannot obtain a preset payment password in the plaintext from the first hash password, so as to ensure the security of the payment password to the maximum extent.
As stated in the step S3, the server is customized to have a scrambler, where the scrambler is used to encrypt the first hash password to obtain a second encrypted password; the encryption of the cipher device on the server is different from the encryption mode of the client, so that the ciphers of the client and the server are not communicated, and the difficulty of hijacking the ciphers is increased.
And the server encrypts the first Hash password to obtain a second encryption password, and then binds and stores the second encryption password and the user in a database, thereby completing the setting and storing process of the payment password preset by the user. In the process, the server can not take the plaintext password of the user, and the passwords of the client and the server are not communicated, so that the security of the password is improved.
In an embodiment, the step S2 of encrypting the first hashed password by the customized-based password device to obtain a second encrypted password includes:
generating a virtual encryption machine according to the pre-configured parameters; the parameters comprise self-defined offset of a server, CPU consumption, a secret key and a salt length;
and encrypting the first Hash password based on the virtual encryption machine to obtain the second encryption password.
In this embodiment, since the scrambler is customized by the server, and the generation of the scrambler is only related to the customized offset, CPU consumption, key, and length of the salt value of the server, the encryption process of the server may be different from that of the client, so that the client and the server implement double-layer customized encryption, and the non-intercommunication of passwords is implemented.
In an embodiment, after the step S3 of encrypting the first hashed password by the user-defined password device to obtain a second encrypted password, and binding and storing the second encrypted password and the user in a database, the method further includes:
step S4, when payment transaction is carried out, a third encrypted password transmitted by the client through the transmission layer is received; when a user initiates a payment transaction at the client, the client acquires a payment password input by the user and acquires credential information of the user; combining the credential information of the user with the payment password to obtain a second combined password, and performing hash calculation on the second combined password to obtain a second hash password; the client encrypts the second hash password to obtain a third encrypted password;
step S5, obtaining a second encryption password corresponding to the user from the database;
step S6, verifying the third encryption password based on the second encryption password.
In this embodiment, the above process is used to implement the verification process of the payment password. When a client initiates a payment transaction, the payment password needs to be verified; the user can input the payment password on the client, and then the client performs hash calculation and encryption processing on the payment password, and the processing process is consistent with the process of setting the preset payment password, which is not described herein again.
And the server side obtains the third encrypted password obtained after the hash calculation and encryption processing are carried out on the basis of the payment password, wherein the third encrypted password is not a plaintext password, acquires a second encrypted password corresponding to the user from a database, and verifies the third encrypted password on the basis of the second encrypted password. When the payment password is verified, the verification of the plaintext password is not needed, and the payment password is safer.
In an embodiment, the step S6 of verifying the third encryption password based on the second encryption password includes:
decrypting the third encrypted password to obtain the second hash password;
encrypting the second hash password based on the self-defined password device to obtain a fourth encrypted password;
and verifying whether the fourth encryption password is consistent with the second encryption password, and if so, judging that the payment password input by the user is correct.
In an embodiment, the step S6 of verifying the third encryption password based on the second encryption password includes:
decrypting the third encrypted password to obtain the second hash password;
decrypting the second encrypted password based on the self-defined password device to obtain the first hash password;
and verifying whether the first hash password is consistent with the second hash password, and if so, judging that the payment password input by the user is correct.
In an embodiment, after the step S6 of verifying the third encryption password based on the second encryption password, the method includes:
step S7, when the payment password is verified to be correct, generating a stateless token, and transmitting the token to the client through the transfer layer; when the client needs to access a service system to request service, the token is transmitted to the service system;
step S8, receiving the token sent by the service system and verifying the token;
and step S9, feeding back the verification result to the service system, and returning a service processing result to the client through the service system according to the verification result.
In this embodiment, in some special service scenarios (such as cash withdrawal or consumption), the passwords need to be transmitted and used at multiple service terminals, and if the passwords are directly transmitted, the potential safety hazard is undoubtedly increased; therefore, in the present embodiment, the passing of the password is not directly performed, but after the payment password of the user is successfully verified, a token is generated according to the preset rule, and the token is a stateless JWT dynamic token which is a one-time token. And the token and the payment password of the user have a binding relationship, and the binding relationship is stored in a password box to prevent the password from being stolen.
And then, the server transmits the token to the client, the client transmits the token to a service system to request service, and the service system needs to verify the token when verifying whether the service system passes the service request of the client. Therefore, the service system needs to send the token to the server for proving to obtain a verification result of the server; and finally, the service system returns a service processing result to the client according to the verification result. In the process, the payment password is not required to be transmitted, only the token is transmitted, and the token is a one-time token and is dynamically generated, so that the safety and reliability of the payment password are guaranteed to the maximum extent.
In one embodiment, the step of generating a stateless token comprises:
acquiring user attributes of the user, wherein the user attributes at least comprise the credential information;
performing hash calculation on the user attribute to obtain an attribute hash value;
generating a random number of eight bits by adopting a random algorithm;
and combining the attribute hash value with the random number to obtain the token.
In this embodiment, the token is generated by performing hash calculation on the user attribute and combining a random number, and because the user attribute has uniqueness, the token also has uniqueness, which ensures safety and reliability.
Referring to fig. 2, an embodiment of the present application further provides a payment password management system, including a client, a delivery layer, and a server;
when a payment password is set, the client acquires a preset payment password input by a user and acquires credential information of the user; combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password;
the client encrypts the first Hash password to obtain a first encrypted password, and transmits the first encrypted password to the server through the transmission layer;
the server decrypts the first encrypted password to obtain a first hash password;
and the server encrypts the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binds the second encryption password with the user and stores the second encryption password in a database.
In an embodiment, the encrypting the first hash password by the server based on a self-defined scrambler to obtain a second encrypted password specifically includes:
generating a virtual encryption machine according to the pre-configured parameters; the parameters comprise self-defined offset of a server, CPU consumption, a secret key and a salt length;
and encrypting the first Hash password based on the virtual encryption machine to obtain the second encryption password.
In one embodiment, the server is further configured to verify a payment password input by the client when initiating a payment transaction;
when the client initiates a payment transaction, a payment password input by a user is acquired, and credential information of the user is acquired; combining the credential information of the user with the payment password to obtain a second combined password, and performing hash calculation on the second combined password to obtain a second hash password;
the client encrypts the second hash password to obtain a third encrypted password, and transmits the third encrypted password to the server through the transmission layer;
and the server side acquires a second encryption password corresponding to the user from a database, and verifies the third encryption password based on the second encryption password.
In an embodiment, the process of the server verifying the third encrypted password based on the second encrypted password specifically includes:
decrypting the third encrypted password to obtain the second hash password;
encrypting the second hash password based on the self-defined password device to obtain a fourth encrypted password;
and verifying whether the fourth encryption password is consistent with the second encryption password, and if so, judging that the payment password input by the user is correct.
In an embodiment, the process of the server verifying the third encrypted password based on the second encrypted password specifically includes:
decrypting the third encrypted password to obtain the second hash password;
decrypting the second encrypted password based on the self-defined password device to obtain the first hash password;
and verifying whether the first hash password is consistent with the second hash password, and if so, judging that the payment password input by the user is correct.
In one embodiment, the system further comprises a business system;
the server is further configured to:
when the payment password is verified to be correct, generating a stateless token, and transmitting the token to the client through the transfer layer;
when the client needs to access a service system to request service, the token is transmitted to the service system;
the service system sends the token to the server for verification and receives a verification result of the server;
and the service system returns a service processing result to the client according to the verification result.
In one embodiment, the step of the server generating a stateless token includes:
acquiring user attributes of the user, wherein the user attributes at least comprise the credential information;
performing hash calculation on the user attribute to obtain an attribute hash value;
generating a random number of eight bits by adopting a random algorithm;
and combining the attribute hash value with the random number to obtain the token.
In this embodiment, please refer to the method described in the embodiment for specific implementation of the client, the delivery layer, and the server in the embodiment, which is not described herein again.
Referring to fig. 3, a computer device, which may be a server and whose internal structure may be as shown in fig. 3, is also provided in the embodiment of the present application. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the computer designed processor is used to provide computational and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing payment passwords and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of managing payment passwords.
Those skilled in the art will appreciate that the architecture shown in fig. 3 is only a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects may be applied.
An embodiment of the present application also provides a computer-readable storage medium having a computer program stored thereon, where the computer program, when executed by a processor, implements a method for managing payment passwords. It is to be understood that the computer-readable storage medium in the present embodiment may be a volatile-readable storage medium or a non-volatile-readable storage medium.
In summary, in the management method, system, computer device and storage medium for payment passwords provided in the embodiments of the present application, when a payment password is set, a first encrypted password transmitted by a client through a transport layer is received; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password; decrypting the first encrypted password to obtain the first hash password; and encrypting the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binding the second encryption password with the user and storing the second encryption password in a database. The payment password stored in the server side in advance is not stored in a plaintext password mode, uniqueness can be guaranteed, meanwhile, encryption modes of the client side and the server side are not communicated, and safety of payment password storage is improved.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided herein and used in the examples may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double-rate SDRAM (SSRSDRAM), Enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that includes the element.
The above description is only for the preferred embodiment of the present application and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are intended to be included within the scope of the present application.

Claims (10)

1. A management method of payment passwords is applied to a server side and is characterized by comprising the following steps:
when setting a payment password, receiving a first encryption password transmitted by a client through a transmission layer; the client is used for acquiring credential information of a user when acquiring a preset payment password input by the user, combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password; encrypting the first Hash password to obtain a first encrypted password;
decrypting the first encrypted password to obtain the first hash password;
and encrypting the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binding the second encryption password with the user and storing the second encryption password in a database.
2. The method for managing the payment password as claimed in claim 1, wherein the step of encrypting the first hash password by the user-defined password to obtain a second encrypted password comprises:
generating a virtual encryption machine according to the pre-configured parameters; the parameters comprise self-defined offset of a server, CPU consumption, a secret key and a salt length;
and encrypting the first Hash password based on the virtual encryption machine to obtain the second encryption password.
3. The method for managing a payment password as claimed in claim 1, wherein after the step of encrypting the first hash password by the user-defined password device to obtain a second encrypted password, and binding and storing the second encrypted password with the user in a database, the method further comprises:
receiving a third encrypted password transmitted by the client through the transmission layer when the payment transaction is carried out; when a user initiates a payment transaction at the client, the client acquires a payment password input by the user and acquires credential information of the user; combining the credential information of the user with the payment password to obtain a second combined password, and performing hash calculation on the second combined password to obtain a second hash password; the client encrypts the second hash password to obtain a third encrypted password;
acquiring a second encryption password corresponding to the user from the database;
verifying the third encrypted password based on the second encrypted password.
4. The method for managing the payment password as claimed in claim 3, wherein the step of verifying the third encryption password based on the second encryption password comprises:
decrypting the third encrypted password to obtain the second hash password;
encrypting the second hash password based on the self-defined password device to obtain a fourth encrypted password;
and verifying whether the fourth encryption password is consistent with the second encryption password, and if so, judging that the payment password input by the user is correct.
5. The method for managing the payment password as claimed in claim 3, wherein the step of verifying the third encryption password based on the second encryption password comprises:
decrypting the third encrypted password to obtain the second hash password;
decrypting the second encrypted password based on the self-defined password device to obtain the first hash password;
and verifying whether the first hash password is consistent with the second hash password, and if so, judging that the payment password input by the user is correct.
6. The method for managing the payment password as claimed in claim 3, wherein the step of verifying the third encryption password based on the second encryption password is followed by:
when the payment password is verified to be correct, generating a stateless token, and transmitting the token to the client through the transfer layer; when the client needs to access a service system to request service, the token is transmitted to the service system;
receiving the token sent by the business system, and verifying the token;
and feeding back the verification result to the service system so as to return a service processing result to the client through the service system according to the verification result.
7. The method for managing a payment cryptogram as claimed in claim 6, wherein the step of generating a stateless token comprises:
acquiring user attributes of the user, wherein the user attributes at least comprise the credential information;
performing hash calculation on the user attribute to obtain an attribute hash value;
generating a random number of eight bits by adopting a random algorithm;
and combining the attribute hash value with the random number to obtain the token.
8. A payment password management system is characterized by comprising a client, a transfer layer and a server;
when a payment password is set, the client acquires a preset payment password input by a user and acquires credential information of the user; combining the credential information of the user with the preset payment password to obtain a first combined password, and performing hash calculation on the first combined password to obtain a first hash password;
the client encrypts the first Hash password to obtain a first encrypted password, and transmits the first encrypted password to the server through the transmission layer;
the server decrypts the first encrypted password to obtain a first hash password;
and the server encrypts the first Hash password based on a self-defined scrambler to obtain a second encryption password, and binds the second encryption password with the user and stores the second encryption password in a database.
9. A computer device comprising a memory and a processor, the memory having stored therein a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202011496909.2A 2020-12-17 2020-12-17 Payment password management method, system, computer equipment and storage medium Pending CN112529578A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011496909.2A CN112529578A (en) 2020-12-17 2020-12-17 Payment password management method, system, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011496909.2A CN112529578A (en) 2020-12-17 2020-12-17 Payment password management method, system, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112529578A true CN112529578A (en) 2021-03-19

Family

ID=75001163

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011496909.2A Pending CN112529578A (en) 2020-12-17 2020-12-17 Payment password management method, system, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112529578A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768613A (en) * 2018-04-03 2018-11-06 四川新网银行股份有限公司 A kind of ciphertext password method of calibration based on multiple encryption algorithms
CN111917535A (en) * 2020-06-30 2020-11-10 山东信通电子股份有限公司 Data encryption storage method and device and server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768613A (en) * 2018-04-03 2018-11-06 四川新网银行股份有限公司 A kind of ciphertext password method of calibration based on multiple encryption algorithms
CN111917535A (en) * 2020-06-30 2020-11-10 山东信通电子股份有限公司 Data encryption storage method and device and server

Similar Documents

Publication Publication Date Title
CN108768664B (en) Key management method, device, system, storage medium and computer equipment
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
EP3318003B1 (en) Confidential authentication and provisioning
CN109361669B (en) Identity authentication method, device and equipment of communication equipment
US20150350196A1 (en) Terminal authentication system, server device, and terminal authentication method
CN108111497B (en) Mutual authentication method and device for camera and server
CN111031047B (en) Device communication method, device, computer device and storage medium
CN111107073B (en) Application automatic login method and device, computer equipment and storage medium
CN107920052B (en) Encryption method and intelligent device
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
CN110138548B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol
CN112257093B (en) Authentication method, terminal and storage medium for data object
US20090276622A1 (en) Secret authentication system
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
CN110098925B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number
CN111740995B (en) Authorization authentication method and related device
CN111510288B (en) Key management method, electronic device and storage medium
US8261088B2 (en) Secret authentication system
CN114679299B (en) Communication protocol encryption method, device, computer equipment and storage medium
CN115604034A (en) Encryption and decryption method and system for communication connection and electronic equipment
CN111541708B (en) Identity authentication method based on power distribution
CN110086627B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and time stamp
CN112529578A (en) Payment password management method, system, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination