CN112712404A - Intelligent intensive processing and business safety protection system for electric charge account - Google Patents
Intelligent intensive processing and business safety protection system for electric charge account Download PDFInfo
- Publication number
- CN112712404A CN112712404A CN202011583158.8A CN202011583158A CN112712404A CN 112712404 A CN112712404 A CN 112712404A CN 202011583158 A CN202011583158 A CN 202011583158A CN 112712404 A CN112712404 A CN 112712404A
- Authority
- CN
- China
- Prior art keywords
- account
- bill
- bank
- management
- electric charge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 70
- 230000005540 biological transmission Effects 0.000 claims abstract description 21
- 230000003993 interaction Effects 0.000 claims abstract description 17
- 230000010354 integration Effects 0.000 claims abstract description 10
- 238000007726 management method Methods 0.000 claims description 165
- 230000005611 electricity Effects 0.000 claims description 73
- 238000000034 method Methods 0.000 claims description 49
- 238000012795 verification Methods 0.000 claims description 26
- 238000013475 authorization Methods 0.000 claims description 21
- 230000008569 process Effects 0.000 claims description 18
- 238000012550 audit Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 11
- 238000012546 transfer Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 9
- 235000014510 cooky Nutrition 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 5
- 238000010606 normalization Methods 0.000 claims description 5
- 230000006399 behavior Effects 0.000 claims description 4
- 239000000470 constituent Substances 0.000 claims description 4
- 230000035945 sensitivity Effects 0.000 claims description 4
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 4
- 238000013461 design Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004064 recycling Methods 0.000 description 4
- 238000011217 control strategy Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000004083 survival effect Effects 0.000 description 3
- 230000009897 systematic effect Effects 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000008014 freezing Effects 0.000 description 1
- 238000007710 freezing Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 239000013642 negative control Substances 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/04—Billing or invoicing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
- G06Q40/125—Finance or payroll
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Health & Medical Sciences (AREA)
- Technology Law (AREA)
- Computer Security & Cryptography (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- General Health & Medical Sciences (AREA)
- Human Resources & Organizations (AREA)
- Primary Health Care (AREA)
- Tourism & Hospitality (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides an intelligent intensive processing and business safety protection system for electric charge accounts, which belongs to the technical field of communication and comprises the following steps: the system comprises a payment channel integration module, a payment channel management module and a payment information management module, wherein the payment channel integration module is used for integrating payment information of each payment channel, and each payment channel comprises an online payment channel and an offline payment channel; the bank-enterprise direct connection management module is used for establishing a bank-enterprise direct connection channel for information interaction between the marketing system and the bank system; the electronic bill collection management module is used for managing the electronic bills; the electronic bill receiving and sending module is also used for processing the transmission, signing and exception handling operations of the electronic bill; the financial and financial reconciliation management module is used for globally managing the lower-level financial processing condition; and the business application safety module is used for carrying out safety protection operation on the electric charge account intelligent intensive processing and business safety protection system.
Description
Technical Field
The invention relates to the technical field of communication, in particular to an intelligent intensive processing and business safety protection system for electric charge accounts.
Background
The electricity charge recycling work is one of core services of marketing specialties, and the current electricity charge recycling modes comprise counter recycling, home recycling and the like, so that on one hand, the labor and time cost is high, and the time period for paying the electricity charge by a user is short, so that inconvenience is caused; on the other hand, because the automation degree is low, the traditional business processing mode generates huge workload on daily account checking and account canceling working modes of electric power marketing accountants, and the working efficiency is low; furthermore, each city company respectively sets up a secondary account of the electricity charge fund pool in a financial institution which is constructed by cooperation of provinces and companies, the fund is collected into a group primary account in real time, and the entrance of the electricity fund business is lack of standardization and difficult to manage systemically; in the aspect of bill income, the paper bills are managed in a circulation mode, data among systems cannot be effectively shared, the work operation process of business personnel is complicated, the efficiency is low, financial services cannot be separated from a manual processing mode, and the management and the control of electric charge funds are not facilitated.
Disclosure of Invention
In view of the above, the invention provides an intelligent intensive processing and business safety protection system for electric charges and accounts, which realizes standardized and systematic management of financial accounts, effectively integrates payment information of each payment channel, saves manpower and material resources, and improves timeliness and accuracy of account processing through intelligent management of electric charges and accounts.
The technical scheme adopted by the embodiment of the invention for solving the technical problem is as follows:
an intelligent intensive processing and business safety protection system for electric charge accounts, comprising:
the payment channel integration module is used for integrating payment information of each payment channel, and each payment channel comprises an online payment channel and an offline payment channel;
the bank-enterprise direct connection management module is used for establishing a bank-enterprise direct connection channel for information interaction between the marketing system and the bank system;
the electronic bill collection management module is used for managing the electronic bills; the system is also used for processing the operations of transmission, signing and exception handling of the electronic bill;
the financial and financial reconciliation management module is used for globally managing the lower-level financial processing condition;
and the business application safety module is used for carrying out safety protection operation on the electric charge account intelligent intensive processing and business safety protection system.
Preferably, the payment channel integration module comprises:
the charging management unit is used for inquiring the electric charge to be paid, the default money or the pre-charging electric charge balance according to the customer charging number; the system is also used for generating a charging voucher after charging is confirmed; the system is also used for recording the sitting and receiving cash payment bill, the sitting and receiving bank payment bill and the electric charge bill corresponding to the sitting and receiving bank payment bill, and storing the sitting and receiving cash payment bill, the sitting and receiving bank payment bill and the cash bill corresponding to the sitting and receiving bank payment bill into a specified bank electric charge account;
the walking and collecting management unit is used for determining a walking and collecting object; the system is also used for generating an electric charge invoice of a walking and receiving object according to the transformer area and the meter reading section and simultaneously locking the electric charge; the system is also used for canceling accounts after charge checking; the system is also used for regenerating the electric charge invoice when the electric charge default money changes after the electric charge is returned; the system is also used for recording a cash deposit receipt for walking and receiving, a bank incoming bill for walking and receiving and an electric charge list corresponding to the bank incoming bill for walking and receiving, and storing the cash deposit receipt for walking and receiving, the bank incoming bill for walking and receiving and a cash bill corresponding to the bank incoming bill for walking and receiving into a specified bank electric charge account;
the card meter electricity purchasing management unit is used for writing the electricity charge information purchased by the customer into the electricity card through the card reader-writer when the customer using the card meter holds the electricity card to purchase electricity;
the load control electricity purchasing management unit is used for calculating electric quantity or electricity charge after a customer purchases electricity at a business outlet, transmitting the electric quantity or the electricity charge to the electric energy acquisition system through an electric energy acquisition control service and controlling electricity utilization;
the rechargeable card payment management unit is used for writing the electricity charge information of the rechargeable card into an electricity card of a customer;
the bank card meter electricity purchasing management unit is used for writing electricity charge information purchased by a customer into an electricity card through the card reader-writer when the customer using the card meter holds the card at a business outlet or a bank outlet with electricity purchasing conditions to purchase electricity;
the collection management unit is used for writing the electricity charge information purchased by the customer into the electricity card after collecting the electricity charge of the network points for collection;
the online payment management unit is used for writing the electric charge information purchased by the customer into the electric card after the customer pays the fee in an online mode;
the withholding management unit is used for generating batch withholding files and locking the electric charges which enter the batch withholding files; the deduction result file is generated after the bank system deducts money according to the batch deduction files; the deduction system is also used for carrying out account cancellation according to the deduction result file when the deduction is successful, and recording deduction time and deduction units in the deduction result file; the system is also used for unlocking the electric charge which is not successfully deducted when the deduction is unsuccessful; the system is also used for prompting the checking processing information when the deduction is unsuccessful due to the error of the customer account;
and the special entrust management unit is used for deducting the electric charge from the bank account of the client according to the electric charge settlement agreement signed by the client and the bank system.
Preferably, the bank-enterprise direct connection management module is also used for automatically clearing the account funds in a mode that one resident corresponds to one bank account; and the system is also used for accessing the flow of the account entry fund of the electric charge account through a bank system.
Preferably, the operation and finance account checking management module is also used for carrying out subject balance statistics and reconstructing detailed accounts; the account balance data are further refined to a lower level, and the fund detailed account, the bank deposit detailed account, the current detailed account, the income detailed account and the receivable item detailed account are adjusted; the system is also used for recording the electric charge which is due to charge after the account closing period as the next month electric charge and recording the pre-charge in the current month until the next month is reached; and the system is also used for receiving the business which is receivable in the next month and performing accounting processing adjustment.
Preferably, the electronic bill collection management module is also used for performing pre-locking operation on the electronic bill; the system is also used for automatically receiving bill information of the draft; the system is also used for online account cancellation; the bank enterprise direct connection channel is also used for transmitting bill information; the system is also used for integrating with a financial management and control system and sharing bill information; the system is also used for pushing the examination and approval result to the bank system on line; the system is also used for automatically signing electronic bills; the system is also used for carrying out bill exception handling; the system is also used for integrating the marketing financial examination and approval process; the method is also used for combing the bill voucher transfer elements of marketing and financial management and control so as to perform online integrated operation of bill vouchers.
Preferably, the method further comprises the following steps:
the marketing account management interface module is used for displaying a customer bill payment interface; the system is also used for displaying a practical report statistics and audit interface; the system is also used for displaying a pre-receiving management interface; the bill storage interface is also used for displaying a bill storage interface; the system is also used for displaying the receiving interface of the bill department; the system is also used for displaying a return interface of the bill department; the system is also used for displaying the bill personal receiving interface; the bill payment system is also used for displaying a bill personal payment interface; the bill voiding interface is also displayed; the bill service condition statistical interface is also used for displaying the bill service condition statistical interface; the system is also used for displaying a business mode change account-closing interface; the account age counting module is also used for displaying an account age counting interface; the system is also used for displaying a bad account verification and cancellation registration interface; the bad account verification and cancellation interface is also used for displaying a bad account verification and cancellation interface; the system is also used for displaying a bad account revocation interface; and is also used for displaying a subject management interface.
Preferably, the marketing accounting management interface module comprises:
the receivable management logic component unit is used for inquiring the electric charge issuing completion condition and checking the receivable monthly report data;
the real-time collection management logic component unit is used for auditing the report form handed over by the toll collector; and also for processing bill to account data; and also for processing customer direct transfer data; the system is also used for counting the balance of the electric charge which is charged by the financial caliber; the system is also used for auditing actual receipt of the monthly reports;
the pre-receiving management logic component unit is used for inquiring the pre-receiving conflict report data; the system is also used for generating pre-receiving and pre-receiving offset data;
the bill management logic component unit is used for counting the number of bills; the system is also used for warehousing the bills; the system is also used for managing the receipt of departments, the receipt of the receipt returned by the departments, the receipt of individuals and the receipt returned by individuals; but also for voiding tickets;
the subject management logic component unit is used for creating a subject version; the system is also used for creating subjects, modifying subjects and canceling subjects; the system is also used for creating accounting affair definition, modifying accounting affair definition and logging out accounting affair definition; the system is also used for creating a detailed voucher entry template and modifying the detailed voucher entry template;
the account closing management logic component unit is used for adjusting the accounting period; also for end-of-term checkout;
the bookkeeping voucher management logic component unit is used for making an accounting entry; the method is also used for making a bookkeeping voucher;
the reconciliation management logic component unit is used for creating bank deposit reconciliation; also used for updating bank deposit statement; also for deleting bank deposit statements; the bank account checking system is also used for inquiring the bank deposit account checking result; the bank account checking system is also used for updating the bank deposit account checking result; the bank balance adjusting table is also used for counting the bank balance adjusting table;
the accounting statistics logic component unit is used for counting the general ledger; the system is also used for counting a balance table of the subjects; the method is also used for counting account age;
the bad account management logic component unit is used for registering bad account verification and cancellation information; the method is also used for verifying and canceling bad accounts; and also for revoking bad accounts.
Preferably, the service application security module comprises:
the identity authentication unit is used for authenticating a general user by using a user name and password mode; the system is also used for authenticating the user with high safety requirement by using a certificate authentication mode; the system is also used for transmitting user login information and identity credentials by using the ciphertext; the system is also used for storing the user password in the ciphertext in a database or a file system; and also for disabling the saving of the user password in COOKIE; the method is also used for binding the IP and appointing a user to log in the specific IP; the password modification device is also used for limiting the password modification period and the number of times of repeated use of the password; the password intensity policy is also used for constructing a user password intensity policy and forcibly requiring the length and the constituent elements of a password character string; the method is also used for locking the client IP when the client fails to log in continuously within a certain time period;
the authorization unit is used for verifying the access authority of the user account; and also for restricting user access to system-level resources; the system is also used for setting a background management control scheme; the system is also used for realizing access control at a server end; the system is also used for setting a unified access control mechanism; the system is also used for setting the authority of the application starting process; the system is also used for setting a detailed authorization scheme according to the role and function classification of the marketing business application so as to reduce the authorization granularity;
the input/output verification unit is used for setting and verifying input data of which all sources are not in a credible range; the system is also used for extracting key parameters from the server side and forbidding the input from the client side; the system is also used for input verification at the server side and the client side; the system is also used for carrying out normalization processing on the input content and then verifying the input content; the data processing device is also used for formatting the output data according to the difference of the output targets;
the configuration management unit is used for ensuring the safety of configuration storage; and also for configuring privileges for the service account; the system is also used for setting access identity limitation of the operation and control configuration management interface; the system is also used for authorizing roles respectively based on the authorization strategy of the roles;
the session management unit is used for setting session management in the Web application system;
the encryption management unit is used for protecting the application system and the data security through encryption;
the parameter operation unit is used for setting parameter rules so as to avoid threat of operation parameters; but also to ensure that the user does not bypass the check by operating the parameters; it is also used to limit the fields that can accept user input and modify and validate all values from the client;
an exception management unit for capturing exceptions using a structured exception handling mechanism; the method is also used for sending general information to an external service client, redirecting to a specific application webpage and returning a general error message to the client when the program is abnormal; the method is also used for terminating the current service and performing rollback operation on the current service when the program is abnormal;
the log and audit unit is used for recording and storing login behaviors, business operations and system running states when a user accesses marketing business applications;
the application interaction safety unit is used for determining an interaction system, and determining the type of data to be interacted and the transmission mode to be adopted; the method is used for setting a safety interface mode; the device is also used for forbidding plaintext transmission and encrypting and transmitting sensitive data; network access control for limiting unauthorized range devices in connection with the system; when other systems access the system equipment, the identity authentication mode is determined according to the sensitivity of the transmitted data and the importance of the processing service; and is also used for saving the log of the transceiving data.
According to the technical scheme, the intelligent intensive processing and business safety protection system for the electric charge accounts, provided by the embodiment of the invention, can realize standardized and systematic management on financial accounts, effectively integrate the payment information of each payment channel, save manpower and material resources and improve the timeliness and accuracy of account processing through the intelligent management of the electric charge accounts.
Drawings
Fig. 1 is a first structural schematic diagram of an electric charge account intelligent intensive processing and business safety protection system.
Fig. 2 is a schematic diagram of a second structure of the electric charge account intelligent intensive processing and business safety protection system.
Fig. 3 is a schematic diagram of a third structure of the electric charge account intelligent intensive processing and business safety protection system.
Fig. 4 is a fourth structural diagram of an electric charge account intelligent intensive processing and business safety protection system.
Fig. 5 is a fifth structural diagram of an electric charge account intelligent intensive processing and business safety protection system.
Detailed Description
The technical scheme and the technical effect of the invention are further elaborated in the following by combining the drawings of the invention.
As shown in fig. 1 to 5, the intelligent intensive processing and business safety protection system for electric charge account provided by the embodiment of the present invention may include the following modules:
the payment channel integration module 11 is used for integrating payment information of each payment channel, and the payment channels comprise an online payment channel and an offline payment channel; in the embodiment of the invention, the off-line payment channels can comprise sitting collection and walking collection, and the on-line payment channels can comprise on-line payment channels such as an E-bank, a WeChat, a Payment-bank, a wing payment, a palm E-bank, an electric charge internet bank and the like.
The bank-enterprise direct connection management module 12 is used for establishing a bank-enterprise direct connection channel for information interaction between the marketing system and the bank system; the system is also used for automatically clearing the account-entering fund in a mode that one resident corresponds to one bank account; and the system is also used for accessing the flow of the account entry fund of the electric charge account through a bank system. Specifically, the bank-enterprise direct connection management module 12 is used for realizing information timely interaction between the marketing system and each bank, firstly, the bank cooperates with the bank to develop a 'housekeeper card' as a supplementary payment mode to provide payment selection for a user, and through a management mode of one user and one account, automatic clearing of the funds of account entry is realized, and the unknown funds are effectively avoided; and secondly, the power charge account is accessed to enter the fund flow, so that various problems of fund flow delay, overlong chain, packet loss and the like in the existing mode are solved.
The electronic bill collecting management module 13 is used for managing the electronic bills; the system is also used for processing the operations of transmission, signing and exception handling of the electronic bill; the electronic bill pre-locking device is also used for pre-locking the electronic bill; the system is also used for automatically receiving bill information of the draft; the system is also used for online account cancellation; the bank enterprise direct connection channel is also used for transmitting bill information; the system is also used for integrating with a financial management and control system and sharing bill information; the system is also used for pushing the examination and approval result to the bank system on line; the system is also used for automatically signing electronic bills; the system is also used for carrying out bill exception handling; the system is also used for integrating the marketing financial examination and approval process; the method is also used for combing the bill voucher transfer elements of marketing and financial management and control so as to perform online integrated operation of bill vouchers.
Under the business background of taking the medium and electric property as a bill issuing bank, the functions of bill pre-locking, bill surface information automatic receiving, online account cancellation and the like of the electronic bank acceptance draft are realized by applying the bill payment of an e-commerce company and integrating with a marketing system; the user is under the medium-power and financial accounts, and marketing system and financial management and control system integrate, realize the sharing of bill information each other, integrate marketing financial examination and approval process, realize signing for the bill according to the result of approving automatically to launch marketing account. Besides the medium-power financial bank, other banks can be selected as bill cooperative banks, bill information of the banks and the marketing system can be timely transmitted through the direct connection channel of the bank and the enterprise, the examination and approval result is pushed on line, bills are automatically signed, and abnormal bill processing and other operations are realized. The bill voucher transmission element of combing marketing and financial management and control finally realizes the online integration of bill voucher, avoids financial folk prescription system certificate to cause the condition that the operation and finance data differ.
The finance and accounting management module 14 is used for globally managing the lower-level accounting processing condition; the system is also used for carrying out subject balance statistics and reconstructing the detailed account; the account balance data are further refined to a lower level, and the fund detailed account, the bank deposit detailed account, the current detailed account, the income detailed account and the receivable item detailed account are adjusted; the system is also used for recording the electric charge which is due to charge after the account closing period as the next month electric charge and recording the pre-charge in the current month until the next month is reached; and the system is also used for receiving the business which is receivable in the next month and performing accounting processing adjustment.
And the business application security module 15 is used for carrying out security protection operation on the electric charge account intelligent intensive processing and business security protection system.
In the embodiment of the present invention, the payment channel integration module 11 may specifically include a sitting management unit 111, a walking management unit 112, a card meter electricity purchasing management unit 113, a negative control electricity purchasing management unit 114, a rechargeable card payment management unit 115, a bank card meter electricity purchasing management unit 116, a collection management unit 117, an online payment management unit 118, a withholding management unit 119, and a special agreement commission management unit 1110:
the charging management unit 111 is used for inquiring the electric charge to be paid, the default money or the pre-charging electric charge balance according to the customer charging number; the system is also used for generating a charging voucher after charging is confirmed; and the system is also used for recording the sitting and receiving cash payment bill, the sitting and receiving bank payment bill and the electric charge bill corresponding to the sitting and receiving bank payment bill, and storing the sitting and receiving cash payment bill, the sitting and receiving bank payment bill and the cash bill corresponding to the sitting and receiving bank payment bill into the specified bank electric charge account.
Specifically, for payment of a check adopted by a client, the client shall check whether the payee, the payer, the bank of opening, the account number, the amount and the like of the check are accurate, whether the seal is complete and clear, record the number of the check corresponding to the paid electric charge, one check possibly corresponds to a plurality of electric charges, and establish an association relationship between the plurality of electric charges and the check during processing, thereby facilitating the financial reconciliation processing and reducing manual processing; the customer who pays the part of the fee, prepays the electric charge and transfers the fee in different times should make a receipt, and then the receipt is exchanged for the invoice after the customer finishes the electric charge. Adopting a mode of receiving and posting, only issuing a receipt for receiving the bills such as the check, the home ticket and the like, and replacing the receipt with the invoice when the money is paid; for the customers who need to issue the value-added tax invoice, the electricity invoice is issued according to the electricity charge and the default money, and then the value-added tax invoice is exchanged according to the electricity charge invoice (the default money part cannot be exchanged).
During the charging arrangement, after a daily real charging handover report is generated by statistics, various bills, invoice stub links, obsolete invoices, unused invoices and the like are checked. And checking whether the daily real electric charge handover report is consistent with the daily real electric charge handover report, and if the daily real electric charge handover report is inconsistent with the daily real electric charge handover report, searching the reason for the inconsistency, and processing the charging error.
In the process of payment, printing or filling a cash payment receipt for cash; for bills, bank bills are printed or filled out. And recording the electric charge lists corresponding to the cash withdrawal bill and the bank incoming bill, and storing the cash withdrawal bill, the bank incoming bill and corresponding cash and bills into a specified bank electric charge account.
When the bill is handed over, the original credentials such as cash payment bank receipt, transfer cheque, bank bill and the like and the daily real charge payment handover statement and the like are handed over, and the two parties need to sign and confirm.
A walking and collecting management unit 112, configured to determine a walking and collecting object; the system is also used for generating an electric charge invoice of a walking and receiving object according to the transformer area and the meter reading section and simultaneously locking the electric charge; the system is also used for canceling accounts after charge checking; the system is also used for regenerating the electric charge invoice when the electric charge default money changes after the electric charge is returned; the system is also used for recording a cash deposit receipt for walking and receiving, a bank incoming bill for walking and receiving and an electric charge list corresponding to the bank incoming bill for walking and receiving, and storing the cash deposit receipt for walking and receiving, the bank incoming bill for walking and receiving and a cash bill corresponding to the bank incoming bill for walking and receiving into a specified bank electric charge account;
specifically, the toll collector should return the unit in a predetermined return period, and the system should sell the account in time. When the payment is made, the payment date of the customer (the payment date of the customer recorded on the payment list) needs to be recorded.
When the bill is handed over, after the bill collector finishes paying, the bill collector needs to count and generate a bill passing-over bill for the bill collector. The payment receipt for the toll of the walking and receiving personnel, the bill to be paid, the payment receipt of the cash bank, the stub of the bill which is paid, the bill which is not received and the like are handed over. The two parties of the transfer should check and verify whether the charging bill and the charging amount are consistent with the charging transfer bill of the walking and receiving personnel, if an error occurs, the reason needs to be searched and processed in time.
In addition, when the invoice of the customer which does not pay the electricity charges is taken again, the default money of the electricity charges is changed, the original invoice is required to be discarded, and the invoice is printed again. The original invoice can be used without change.
The card meter electricity purchasing management unit 113 is used for writing the electricity charge information purchased by the customer into the electricity card through the card reader-writer when the customer uses the electricity card to purchase electricity by using the card meter;
the load control electricity purchasing management unit 114 is used for calculating the electric quantity or the electricity fee after the customer purchases electricity at the business network, and transmitting the electric quantity or the electricity fee to the electric energy acquisition system through the electric energy acquisition control service to control the electricity consumption;
the rechargeable card payment management unit 115 is used for writing the electricity charge information of the rechargeable card into the electricity card of the customer;
the bank card meter electricity purchasing management unit 116 is used for writing electricity charge information purchased by a customer into an electricity card through a card reader-writer when the customer holding the card using the card meter purchases electricity at a business outlet or a bank outlet with electricity purchasing conditions;
the collection management unit 117 is used for writing the electricity charge information purchased by the customer into the electricity card after collecting the electricity charge of the network points for collection;
the online payment management unit 118 is used for writing the electric charge information purchased by the customer into the electric card after the customer pays the fee in an online manner;
a withholding management unit 119 for generating a batch withholding file and locking the electric charge that has entered the batch withholding file; the deduction result file is generated after the bank system deducts money according to the batch deduction files; the deduction system is also used for carrying out account cancellation according to the deduction result file when the deduction is successful, and recording deduction time and deduction units in the deduction result file; the system is also used for unlocking the electric charge which is not successfully deducted when the deduction is unsuccessful; the system is also used for prompting the checking processing information when the deduction is unsuccessful due to the error of the customer account;
the special commission management unit 1110 is used for deducting the electric charge from the bank account of the customer according to the electric charge settlement agreement which the customer has signed with the bank system.
The intelligent intensive processing and business safety protection system for the electric charge account of the embodiment of the invention also comprises:
a marketing account management interface module 16, configured to display a customer bill payment interface; the system is also used for displaying a practical report statistics and audit interface; the system is also used for displaying a pre-receiving management interface; the bill storage interface is also used for displaying a bill storage interface; the system is also used for displaying the receiving interface of the bill department; the system is also used for displaying a return interface of the bill department; the system is also used for displaying the bill personal receiving interface; the bill payment system is also used for displaying a bill personal payment interface; the bill voiding interface is also displayed; the bill service condition statistical interface is also used for displaying the bill service condition statistical interface; the system is also used for displaying a business mode change account-closing interface; the account age counting module is also used for displaying an account age counting interface; the system is also used for displaying a bad account verification and cancellation registration interface; the bad account verification and cancellation interface is also used for displaying a bad account verification and cancellation interface; the system is also used for displaying a bad account revocation interface; and is also used for displaying a subject management interface.
The marketing account management interface module 16 may specifically include an receivable management logic component unit 161, an actual receipt management logic component unit 162, a pre-receipt management logic component unit 163, a bill management logic component unit 164, a subject management logic component unit 165, a closing account management logic component unit 166, an account voucher management logic component unit 167, an account checking management logic component unit 168, an account statistics logic component unit 169, and a bad account management logic component unit 1610:
the receivable management logic component unit 161 is configured to query the electric charge issuance completion condition and check the receivable monthly report data;
the real-time collection management logic component unit 162 is used for checking the report form handed over by the toll collector; and also for processing bill to account data; and also for processing customer direct transfer data; the system is also used for counting the balance of the electric charge which is charged by the financial caliber; the system is also used for auditing actual receipt of the monthly reports;
the pre-receiving management logic component unit 163 is used for inquiring the pre-receiving conflict report data; the system is also used for generating pre-receiving and pre-receiving offset data;
a bill management logic component unit 164 for counting the number of bills; the system is also used for warehousing the bills; the system is also used for managing the receipt of departments, the receipt of the receipt returned by the departments, the receipt of individuals and the receipt returned by individuals; but also for voiding tickets;
a subject management logic component unit 165 for creating a subject version; the system is also used for creating subjects, modifying subjects and canceling subjects; the system is also used for creating accounting affair definition, modifying accounting affair definition and logging out accounting affair definition; the system is also used for creating a detailed voucher entry template and modifying the detailed voucher entry template;
a customs accounting management logic component unit 166 for adjusting accounting periods; also for end-of-term checkout;
a bookkeeping voucher management logic component unit 167 for making an accounting entry; the method is also used for making a bookkeeping voucher;
a reconciliation management logic component unit 168 for creating bank deposit statements; also used for updating bank deposit statement; also for deleting bank deposit statements; the bank account checking system is also used for inquiring the bank deposit account checking result; the bank account checking system is also used for updating the bank deposit account checking result; the bank balance adjusting table is also used for counting the bank balance adjusting table;
an accounting statistics logic component unit 169 for making statistics of the general ledger; the system is also used for counting a balance table of the subjects; the method is also used for counting account age;
the bad account management logic component unit 1610 is configured to register bad account verification and cancellation information; the method is also used for verifying and canceling bad accounts; and also for revoking bad accounts.
In this embodiment of the present invention, the service application security module 15 may specifically include an identity authentication unit 151, an authorization unit 152, an input/output verification unit 153, a configuration management unit 154, a session management unit 155, an encryption management unit 156, a parameter operation unit 157, an exception management unit 158, a log and audit unit 159, and an application interaction security unit 1510, and is designed to perform security protection in ten aspects:
an identity authentication unit 151, configured to authenticate a general user using a user name and password; the system is also used for authenticating the user with high safety requirement by using a certificate authentication mode; the system is also used for transmitting user login information and identity credentials by using the ciphertext; the system is also used for storing the user password in the ciphertext in a database or a file system; and also for disabling the saving of the user password in COOKIE; and is also used for encrypting and storing the user password in a 3DES mode, wherein the length of the key is 168 bits.
In the password strategy, the marketing service application provides the following functions, so that the security risk in the identity authentication process is reduced: the appointed user logs in a specific computer (IP), so that the risk that an illegal client pretends to be the user to attack the server is reduced; limiting the password modification period and the number of times of repeated use of the password; in the aspect of constructing a user password intensity strategy, the length and the constituent elements of a password character string are required forcibly, and the password strategy is effective for all operators and comprises the length of a password, the constituent elements of the password and the number of times of modifying new and old passwords; in order to prevent the illegal client from continuously sending login requests to the server side by an exhaustion method and trying to guess user passwords, the financial management and control system provides a function of automatically locking the client request; when the client fails to log in continuously within a certain period of time, the system automatically locks the client IP until the locking is overtime or the administrator unlocks manually.
An authorization unit 152, configured to verify an access right of a user account; and also for restricting user access to system-level resources; the system is also used for setting a background management control scheme; the system is also used for realizing access control at a server end; the system is also used for setting a unified access control mechanism; the system is also used for setting the authority of the application starting process; and the system is also used for setting a detailed authorization scheme according to the role and function classification of the marketing business application so as to reduce the authorization granularity.
The authorization unit 152 performs authorization design on the aspect of the authorization function of the marketing service application according to conditions such as the authority and the login location of the user.
Designing a resource access control scheme, and verifying the access authority of a user account: access control is carried out on the limited resource according to a system access control strategy, and when an unauthorized user tries to access the limited resource, the system prompts the user and refuses the access; limiting the access of user authority to system level resources, wherein the system level resources can comprise files, folders, registry keys, Active Directory objects, database objects, event logs and the like; designing a background management control scheme, wherein background management limits an accessed source IP address by adopting a blacklist or whitelist mode, and prevents illegal IP access and address spoofing; the method comprises the steps of designing to realize access control at a server side, realizing access control on limited resources in a system at the server side, and forbidding to realize access control only at a client side; designing a unified access control mechanism, and ensuring the consistency of the whole access control strategy by adopting the unified access control mechanism; meanwhile, the access control strategy is ensured not to be modified illegally; the function abuse prevention design avoids the rejection of service caused by resource consumption of the marketing business application system due to a large number of concurrent HTTP requests; the database account number used by the application must be a common authority account, and only allowed databases can be accessed; the authority of the application to start the process is as small as possible, and the system account (in the operating environment) used by the application should have the lowest possible authority. "administeror", "root", "sa", "sysman", "hypervisor", or all other privileged users must not be used to run applications or connect to web servers, databases, or middleware; the authorization granularity is as small as possible, and a detailed authorization scheme is designed according to the role and function classification of marketing service application to ensure that the authorization granularity is as small as possible.
An input/output verification unit 153 configured to set and verify input data of which all sources are not within a trusted range; the system is also used for extracting key parameters from the server side and forbidding the input from the client side; the system is also used for input verification at the server side and the client side; the system is also used for carrying out normalization processing on the input content and then verifying the input content; the data processing device is also used for formatting the output data according to the difference of the output targets;
in terms of input and output, the marketing business application is designed to be safe as follows:
designing input data for verifying that all sources are not within a credible range, wherein the data sources comprise: all fields of the HTTP request message comprise GET data, POST data, COOKIE data, Header data and the like; files of non-trusted sources, third party interface data, database data.
A method of designing a verification using multiple inputs, comprising: checking whether the data conforms to a desired type; checking whether the data conforms to a desired length; checking whether the numerical data conforms to an expected numerical range; check if the data contains special characters, such as: <, >, ", (,),", etc.; carrying out white list inspection by using a regular expression;
input verification is carried out at a server side and a client side to establish a uniform input verification interface, and a consistent verification method is provided for the whole application system: taking an input verification strategy as a core element of application program design; consider a centralized validation approach, e.g., by using common validation and screening code in a shared library; this may ensure consistency in the application of the validation rules; in addition, the workload of development can be reduced, and the subsequent maintenance work is facilitated;
input content is subjected to normalization processing and then verified, such as file paths, URL addresses and the like, and verification is performed after the input content needs normalization into a standard format;
extracting key parameters from a server side, and forbidding input from a client side;
according to different output targets, performing corresponding formatting processing on the output data, such as HTML coding and the like; when data is written back to a client, HTML coding and URL coding check are carried out on the data input by a user, and special characters (including HTML keywords and characters of &, \ r \ n, two \ n and the like) are filtered;
SQL injection prevention, when database operation is carried out, data submitted by a user must be filtered;
XML injection prevention, when data is stored in an XML file format, if Xpath and XSLT functions are used, characters such as < >/'=' and the like in data submitted by a user must be filtered;
information not related to the service is prohibited from being returned to the client.
A configuration management unit 154 for securing configuration storage; and also for configuring privileges for the service account; the system is also used for setting access identity limitation of the operation and control configuration management interface; and is also used for authorizing roles based on the authorization policies of the roles respectively.
Marketing services applications support configuration management interfaces and functions to allow operators and administrators to change configuration parameters, update the content of Web sites, and perform routine maintenance. Major configuration management threats include: unauthorized access to the management interface, unauthorized access to the configuration storage area, retrieval of plaintext configuration secrets, unauthorized processes and service accounts. For these threats, in terms of configuration management, the following design is made:
to ensure the security of configuration storage, text-based configuration files, registries, and databases are common methods for storing application configuration data. The configuration file is prevented from being used in the Web space of an application program, so that the configuration file is prevented from being downloaded due to the possible server configuration vulnerability; avoiding storing confidential configurations in plain text form, such as database connection strings or account credentials; secure configurations (e.g., machine. config and web. config) by encryption, and then restrict access to registry keys, files or tables containing encrypted data; it is ensured that modifications and deletions to the configuration file and changes to the access rights are both verified for authorization and logged in detail. The authority of changing the self configuration information of the account is avoided being granted unless the clear requirement is designed;
with least privileged processes and service accounts, an important aspect of application configuration is the process account used to run the Web server process, and the service account used to access downstream resources and systems. To ensure that minimal privileges are set for these accounts;
the security of the management interface is ensured, the configuration management functions are only accessible by authorized operators and administrators, strong identity verification is performed on the management interface, such as using certificates, suggesting that remote management be restricted or avoided if possible, and requiring that the administrator log in locally. If remote management needs to be supported, an encrypted channel such as SSL or VPN technology should be used, because data transmitted through the management interface is sensitive data;
and the application program is prevented from calling the support system resource and independently distributing the management privilege. If the functionality supported by the configuration management functions of an application varies based on the administrator role, it should be considered to authorize each role separately using a role-based authorization policy.
A session management unit 155 for setting session management in the Web application system.
The session management in the Web application system is correctly designed, and session hijacking and tampering, stealing or misuse of session data are prevented. Session management is to satisfy the following security requirements:
designing a new session for successful login, creating the new session for the user and releasing the original session after the user is successfully authenticated, wherein the created session certificate meets the requirements of randomness and length, and the guess of an attacker is avoided; the session is bound with the IP address, so that the risk of stealing the session is reduced;
designing the storage safety of the session data, storing the session data generated after the user successfully logs in at the server end, ensuring that the session data cannot be illegally accessed, and strictly inputting and verifying the data when updating the session data to avoid the session data from being illegally tampered;
and designing the transmission safety of the session data, and transmitting the user login information and the identity certificate after encrypting. If COOKIE is adopted to carry the session certificate, the Secure, Domain, Path and Expires attributes of COOKIE must be reasonably set; forbidding to transmit the session certificate in an HTTP GET mode and forbidding to set an excessively wide Domain attribute;
designing the safety termination of the session, providing a user log-out function on each page of an application system after the user logs in successfully and creates the session successfully, and logging out the session data of the server side in time when logging out; when the user in the login state directly closes the browser, prompting the user to execute safe logout or automatically completing a logout process for the user, thereby ensuring the safe termination of the session;
reasonable session survival time is designed, the session is probably hijacked and attacked in a replay mode due to the unreasonable session survival time, the session survival time is reasonably set, the session is destroyed after timeout, and information of the session is eliminated;
designing to avoid the forgery of cross-site requests, and generating a disposable random token for the current page as the supplement of a main session certificate on the page related to key business operation; before executing the key service, the application system should check the one-time random token submitted by the user to ensure that the one-time random token is matched with the one-time random token stored at the server side.
And an encryption management unit 156 for protecting the application system and data security by encryption.
The marketing business application adopts encryption measures to protect the application system and data security, and the following design requirements are met aiming at the encryption technology besides using an SSL/TSL encryption transmission channel: the correct algorithm and key are used, the length adopts a cryptographic algorithm approved by the national cryptographic authority, and the key length is ensured to provide a sufficient security level; the security of the encryption key, which is a secret number input to the encryption and decryption process, is ensured. To secure the encrypted data, the key must be protected. Once the attacker obtains the decryption key, the encrypted data is no longer secure, and the key should be recycled periodically; the message is transmitted by using an HTTPS (hypertext transfer protocol secure protocol), encrypted and transmitted by using an RSA (rivest-Shamir-Adleman) protocol, the information integrity and the transmission safety are ensured by using a digital signature, and the message is coded and stored by using Base 64; sensitive data is stored in an encrypted mode by using a 3DES (168-bit key length) algorithm; and integrating data, transmitting the data by using an HTTPS (hypertext transfer protocol secure protocol), and performing security protection on key service data by adopting a digital signature.
A parameter operation unit 157 for setting parameter rules to avoid operating parameter threats; but also to ensure that the user does not bypass the check by operating the parameters; it also serves to limit the fields that can accept user input and to modify and validate all values from the client.
An operating parameter attack is an attack that relies on modifying parameter data sent between a client and a Web application, including query strings, form fields, cookies, and HTTP headers. The main operational parameter threats include: the method comprises the following steps of operating a query character string, an operation form field, an operation cookie and an operation HTTP header, aiming at parameter operation, and meeting the following design requirements in the aspect of security function: avoiding the use of query string parameters that contain sensitive data or affect server security logic; identifying the client using the session identifier and storing the sensitive item in a session store on the server; an HTTP POST is used for replacing a GET submission form, so that a hidden form is avoided; encrypting the query string parameters; HTTP header information is not to be trusted; the HTTP header is sent at the beginning of the HTTP request and response; any security decisions that ensure the Web application are not based on the information contained in the HTTP header, as it is easy for an attacker to manipulate the HTTP header. Ensure that the user does not bypass the check: ensuring that the user does not bypass the check by operating the parameters. Preventing the end user from manipulating the URL parameters through the browser address text box. Verify all data sent from client: fields that can accept user input are restricted and all values from the client are modified and verified.
An exception management unit 158 for capturing exceptions using a structured exception handling mechanism; the method is also used for sending general information to an external service client, redirecting to a specific application webpage and returning a general error message to the client when the program is abnormal; the method is also used for terminating the current service and performing rollback operation on the current service when the program is abnormal;
when a system makes a fault, the system throws an exception, and the exception information generally contains system information used for debugging development and maintenance personnel, and for an end user, the information is generally useless, but for a malicious user, the information increases the chances of finding a potential defect and attacking, and for exception management, main functional requirements include:
the structured exception handling mechanism is used for capturing exception phenomena, so that the application program can be prevented from being placed in an uncoordinated state, and the application program is protected from being attacked by denial of service.
Using the generic error information, when an exception occurs in a program, the generic information is sent to an external service or client of the application or redirected to a specific application web page without exposing messages that may cause information leakage. For example, not to expose stack trace details including function names and problematic line numbers when debugging internal versions; a generic error message is returned to the client.
When the program is abnormal, the current service is terminated, and the rollback operation is performed on the current service, so that the integrity and the validity of the service are ensured, and the current user session can be cancelled if necessary.
One party of the two communication parties does not react within a period of time, and the other party automatically finishes the call back.
When the program is abnormal, recording a detailed error message in a log: a detailed error message is sent to the error log. Sending a minimal amount of information, such as general error messages and custom error log IDs, to a client of the service or application, which can then be mapped to detailed messages in the event log; ensuring that no passwords or other sensitive data is recorded.
And the logging and auditing unit 159 is used for recording and saving login behaviors, business operations and system running states when a user accesses the marketing business application.
When a user accesses the marketing service application, the logging behavior, the service operation and the system running state are recorded and stored, so that traceability and audit in the operation process are ensured, and the safety of service log data is ensured. The log records meet the following security requirements:
the format of the audit log is clear, and the format of the audit log suggests a single-row, regular and formatted CSV text format. The system may be either a Syslog system or an Snmp system. The Syslog mode needs to give a composition structure of the Syslog, and the Snmp mode needs to provide MIB information at the same time.
The logging events include at least the following events: starting and closing an audit function; starting and stopping an application system; configuration changes; access control information; abnormal operation events of the user on the data.
Specific contents of the access control information, for example: a denial of login due to exceeding the limit of the number of attempts; successful or failed login; changing the user authority; changing a user password; authorized users perform functions in roles that are not explicitly authorized; the user attempts to perform a function in the role that is not explicitly authorized. Creating a user account; logout of the user account; freezing of a user account; unfreezing the user account.
The specific content of the abnormal operation event of the user on the data is as follows: an unsuccessful attempt to access the data; the data flag or identification is forcibly overwritten or modified; mandatory modifications to read-only data; data manipulation from an unauthorized user; specifically authorising the activities of the user.
The audit log at least comprises the following contents: user ID or handler ID that caused this event; date, time of the event (timestamp); an event type; the content of the event; whether the event was successful; the source of the request (e.g., the IP address of the request).
The audit log forbidding comprises the following contents, if necessary, fuzzification processing is carried out: user sensitive information (e.g., password information, etc.); the complete transaction information of the client; the privacy information of the client (such as bank card information, password information, identity information and the like).
And preventing the cheating of the service log, if data from an untrusted source needs to be introduced when the service log is generated, strict verification needs to be carried out, and the cheating attack is prevented.
And the service log is safely stored and accessed, and the service log is prohibited from being stored in a WEB directory, so that the safe storage of service log data is ensured, and the access right to the service log is strictly limited.
And performing digital signature on the service log record to realize tamper resistance.
The log shelf life matches the system application level.
An application interaction security unit 1510, configured to clarify an interaction system, determine a data type of interaction and a transmission mode to be used; the method is used for setting a safety interface mode; the device is also used for forbidding plaintext transmission and encrypting and transmitting sensitive data; network access control for limiting unauthorized range devices in connection with the system; when other systems access the system equipment, the identity authentication mode is determined according to the sensitivity of the transmitted data and the importance of the processing service; and is also used for saving the log of the transceiving data.
The application interaction of the application interaction security unit 1510 refers to data interaction when different application systems are interconnected. The interaction of the application system is carried out in an interface mode, and a non-interface mode is avoided, wherein:
defining an interactive system, determining all other systems interacted with the marketing service application, analyzing other application systems interacted with the application system from the data flow direction of the application system, and determining function modules involved when the other application systems are interacted with;
determining the interactive data type, the transmission mode adopted, whether the data content contains sensitive information, such as identity authentication information, and determining the related transmission protocol and whether the transmission channel is encrypted;
in the interface mode safety design, system interconnection is only carried out through interface equipment (a front-end processor, an interface machine, a communication server, an application server and the like), and a core database cannot be directly accessed; the application on the interface equipment only comprises the service function necessary for realizing system interconnection and does not comprise all functions of the service system; the interface device must be deployed in the system interconnection area of the application system; plaintext transmission is forbidden, transmitted sensitive data must be encrypted, an encryption transmission protocol such as HTTPS can be adopted, and a password and a secret key must be encrypted before transmission; for the encryption of a large amount of data, a symmetric encryption algorithm or other encryption algorithms with the same key strength are used, the data to be temporarily stored needs to be encrypted, and an algorithm with a higher encryption speed and a weaker strength is considered; the network access control is realized through a firewall or other equipment which can limit the unauthorized range in the connection of the interconnected system; the other systems access the system equipment and need to be authenticated, and according to the sensitivity of the transmitted data and the importance of the processing service, the simpler user name, password or stronger identity authentication mode such as an appointed source, a digital certificate and a USB Key is considered; logs of various data and messages are stored for auditing and checking.
The intelligent intensive processing and business safety protection system for the electric charge account, provided by the invention, can realize the standardized and systematic management of financial accounts, effectively integrate the payment information of each payment channel, save manpower and material resources and improve the timeliness and accuracy of account processing through the intelligent management of the electric charge account.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.
Claims (8)
1. An intelligent intensive processing and business safety protection system for electric charge accounts, which is characterized by comprising:
the system comprises a payment channel integration module, a payment channel management module and a payment information management module, wherein the payment channel integration module is used for integrating payment information of each payment channel, and each payment channel comprises an online payment channel and an offline payment channel;
the bank-enterprise direct connection management module is used for establishing a bank-enterprise direct connection channel for information interaction between the marketing system and the bank system;
the electronic bill collection management module is used for managing the electronic bills; the electronic bill receiving and sending module is also used for processing the transmission, signing and exception handling operations of the electronic bill;
the financial and financial reconciliation management module is used for globally managing the lower-level financial processing condition;
and the business application safety module is used for carrying out safety protection operation on the electric charge account intelligent intensive processing and business safety protection system.
2. The electric charge account intelligent intensive processing and business safety protection system of claim 1, wherein the payment channel integration module comprises:
the charging management unit is used for inquiring the electric charge to be paid, the default money or the pre-charging electric charge balance according to the customer charging number; the system is also used for generating a charging voucher after charging is confirmed; the system is also used for recording a sitting and received cash payment bill, a sitting and received bank payment bill and an electric charge list corresponding to the sitting and received bank payment bill, and storing the sitting and received cash payment bill, the sitting and received bank payment bill and a cash bill corresponding to the sitting and received bank payment bill into a specified bank electric charge account;
the walking and collecting management unit is used for determining a walking and collecting object; the system is also used for generating an electric charge invoice of the walking and receiving object according to the transformer area and the meter reading section and simultaneously locking the electric charge; the system is also used for canceling accounts after charge checking; the system is also used for regenerating the electric charge invoice when the electric charge default money changes and the electric charge default money is collected again; the system is also used for recording a cash deposit receipt for walking and receiving, a bank deposit bill for walking and receiving and an electric charge list corresponding to the bank deposit bill for walking and receiving, and storing the cash deposit receipt for walking and receiving, the bank deposit bill for walking and receiving and a cash bill corresponding to the bank deposit bill for walking and receiving into the specified bank electric charge account;
the card meter electricity purchasing management unit is used for writing the electricity charge information purchased by the customer into the electricity card through the card reader-writer when the customer using the card meter holds the electricity card to purchase electricity;
the load control electricity purchasing management unit is used for calculating electric quantity or electricity charge after the customer purchases electricity at a business outlet, transmitting the electric quantity or the electricity charge to the electric energy acquisition system through the electric energy acquisition control service and controlling electricity utilization;
the rechargeable card payment management unit is used for writing the electricity charge information of the rechargeable card into the electricity card of the customer;
the bank card meter electricity purchasing management unit is used for writing electricity charge information purchased by the customer into the electricity card through the card reader-writer when the customer card using the card meter purchases electricity at a business outlet or a bank outlet with electricity purchasing conditions;
the collection management unit is used for writing the electricity charge information purchased by the customer into the electricity card after collecting the electricity charge of the network points;
the online payment management unit is used for writing the electric charge information purchased by the customer into the electric card after the customer pays the fee in an online mode;
the withholding management unit is used for generating batch withholding files and locking the electric charge which enters the batch withholding files; the deduction result file is generated after the bank system deducts money according to the batch deduction files; the deduction server is also used for carrying out account cancellation according to the deduction result file when the deduction is successful, and recording deduction time and deduction units in the deduction result file; the system is also used for unlocking the electric charge which is not successfully deducted when the deduction is unsuccessful; the system is also used for prompting the checking processing information when the deduction is unsuccessful due to the error of the customer account;
and the special commission management unit is used for deducting the electric charge from the bank account of the customer according to the electric charge settlement agreement signed by the customer and the bank system.
3. The electric charges accounting intelligent intensive processing and business safety protection system of claim 1,
the bank-enterprise direct connection management module is also used for automatically clearing and counting the income funds in a mode that one resident corresponds to one bank account; and the bank system is also used for accessing the flow of the account entry fund of the electric charge account.
4. The electric charges accounting intelligent intensive processing and business safety protection system of claim 1,
the operation and finance account checking management module is also used for carrying out account balance statistics and reconstructing detailed accounts; the account balance data are further refined to a lower level, and the fund detailed account, the bank deposit detailed account, the current detailed account, the income detailed account and the receivable item detailed account are adjusted; the system is also used for recording the electric charge which is due to charge after the account closing period as the next month electric charge and recording the pre-charge in the current month until the next month is reached; and the method is also used for receiving accounts receivable services in the next month and adjusting the accounts processing.
5. The electric charges accounting intelligent intensive processing and business safety protection system of claim 1,
the electronic bill collection management module is also used for performing pre-locking operation on the electronic bill; the system is also used for automatically receiving bill information of the draft; the system is also used for online account cancellation; the bank enterprise direct connection channel is used for transmitting the bill information; the system is also used for integrating with a financial management and control system and sharing the bill information; the system is also used for pushing the examination and approval result to the bank system on line; the electronic bill is also used for automatically signing the electronic bill; the system is also used for carrying out bill exception handling; the system is also used for integrating the marketing financial examination and approval process; and the system is also used for managing bill voucher transmission elements of marketing and financial management and control so as to perform online integrated operation of the bill voucher.
6. The electric charges accounting intelligent intensive processing and business safety protection system of claim 1, further comprising:
the marketing account management interface module is used for displaying a customer bill payment interface; the system is also used for displaying a practical report statistics and audit interface; the system is also used for displaying a pre-receiving management interface; the bill storage interface is also used for displaying a bill storage interface; the system is also used for displaying the receiving interface of the bill department; the system is also used for displaying a return interface of the bill department; the system is also used for displaying the bill personal receiving interface; the bill payment system is also used for displaying a bill personal payment interface; the bill voiding interface is also displayed; the bill service condition statistical interface is also used for displaying the bill service condition statistical interface; the system is also used for displaying a business mode change account-closing interface; the account age counting module is also used for displaying an account age counting interface; the system is also used for displaying a bad account verification and cancellation registration interface; the bad account verification and cancellation interface is also used for displaying a bad account verification and cancellation interface; the system is also used for displaying a bad account revocation interface; and is also used for displaying a subject management interface.
7. The electric charges accounting intelligent intensive processing and business safety protection system of claim 6, wherein the marketing accounting management interface module comprises:
the receivable management logic component unit is used for inquiring the electric charge issuing completion condition and checking the receivable monthly report data;
the real-time collection management logic component unit is used for auditing the report form handed over by the toll collector; and also for processing bill to account data; and also for processing customer transfer data; the system is also used for counting the balance of the electric charge which is charged by the financial caliber; the system is also used for auditing actual receipt of the monthly reports;
the pre-receiving management logic component unit is used for inquiring the pre-receiving conflict report data; the system is also used for generating pre-receiving and pre-receiving offset data;
the bill management logic component unit is used for counting the number of bills; the bill storage device is also used for storing the bills; the system is also used for managing departments to receive the bills, departments to return to receive the bills, individuals to receive the bills and individuals to return the bills; and also for invalidating said ticket;
the subject management logic component unit is used for creating a subject version; also for creating the subject, modifying the subject, logging off the subject; also used for creating accounting affair definition, modifying the accounting affair definition, and logging off the accounting affair definition; the system is also used for creating a detail voucher entry template and modifying the detail voucher entry template;
the account closing management logic component unit is used for adjusting the accounting period; also for end-of-term checkout;
the bookkeeping voucher management logic component unit is used for making an accounting entry; the method is also used for making a bookkeeping voucher;
the reconciliation management logic component unit is used for creating bank deposit reconciliation; also for updating the bank deposit statement; also for deleting the bank deposit statement; the bank account checking system is also used for inquiring the bank deposit account checking result; the bank account checking system is also used for updating the bank deposit account checking result; the bank balance adjusting table is also used for counting the bank balance adjusting table;
the accounting statistics logic component unit is used for counting the general ledger; the system is also used for counting a balance table of the subjects; the method is also used for counting account age;
the bad account management logic component unit is used for registering bad account verification and cancellation information; the method is also used for verifying and canceling bad accounts; and the method is also used for revoking the bad account.
8. The electric charges accounting intelligent intensive processing and business safety protection system of claim 1, wherein the business application safety module comprises:
the identity authentication unit is used for authenticating a general user by using a user name and password mode; the system is also used for authenticating the user with high safety requirement by using a certificate authentication mode; the system is also used for transmitting user login information and identity credentials by using the ciphertext; the system is also used for storing the user password in the ciphertext in a database or a file system; further for disabling saving of said user password in COOKIE; the system is also used for binding IP and appointing the user to log in at a specific IP; the password modification device is also used for limiting the password modification period and the number of times of repeated use of the password; the password intensity policy is also used for constructing a user password intensity policy and forcibly requiring the length and the constituent elements of a password character string; the method is also used for locking the client IP when the client fails to log in continuously within a certain time period;
the authorization unit is used for verifying the access authority of the user account; and also for restricting user access to system-level resources; the system is also used for setting a background management control scheme; the system is also used for realizing access control at a server end; the system is also used for setting a unified access control mechanism; the system is also used for setting the authority of the application starting process; the system is also used for setting a detailed authorization scheme according to the role and function classification of the marketing business application so as to reduce the authorization granularity;
the input/output verification unit is used for setting and verifying input data of which all sources are not in a credible range; the server is also used for extracting key parameters from the server and forbidding the input from the client; the server side is used for inputting the data to the client side; the system is also used for carrying out normalization processing on the input content and then verifying the input content; the data processing device is also used for formatting the output data according to the difference of the output targets;
the configuration management unit is used for ensuring the safety of configuration storage; and also for configuring privileges for the service account; the system is also used for setting access identity limitation of the operation and control configuration management interface; the system is also used for authorizing roles respectively based on the authorization strategy of the roles;
the session management unit is used for setting session management in the Web application system;
the encryption management unit is used for protecting the application system and the data security through encryption;
the parameter operation unit is used for setting parameter rules so as to avoid threat of operation parameters; also for ensuring that the user does not bypass the check by operating parameters; also used to limit the fields that can accept user input and modify and validate all values from the client;
an exception management unit for capturing exceptions using a structured exception handling mechanism; the system is also used for sending general information to an external service client, redirecting to a specific application webpage and returning a general error message to the client when the program is abnormal; the method is also used for terminating the current service and performing rollback operation on the current service when the program is abnormal;
the log and audit unit is used for recording and storing login behaviors, service operations and system running states when the user accesses the marketing service application;
the application interaction safety unit is used for determining an interaction system, and determining the type of data to be interacted and the transmission mode to be adopted; the method is used for setting a safety interface mode; the device is also used for forbidding plaintext transmission and encrypting and transmitting sensitive data; network access control for limiting unauthorized range devices in connection with the system; when other systems access the system equipment, the identity authentication mode is determined according to the sensitivity of the transmitted data and the importance of the processing service; and is also used for saving the log of the transceiving data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011583158.8A CN112712404A (en) | 2020-12-28 | 2020-12-28 | Intelligent intensive processing and business safety protection system for electric charge account |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011583158.8A CN112712404A (en) | 2020-12-28 | 2020-12-28 | Intelligent intensive processing and business safety protection system for electric charge account |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112712404A true CN112712404A (en) | 2021-04-27 |
Family
ID=75545895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011583158.8A Pending CN112712404A (en) | 2020-12-28 | 2020-12-28 | Intelligent intensive processing and business safety protection system for electric charge account |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112712404A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378169A (en) * | 2021-07-07 | 2021-09-10 | 国网冀北电力有限公司 | Safety protection system for virtual power plant operation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103729792A (en) * | 2014-01-03 | 2014-04-16 | 中国农业银行股份有限公司南通分行 | Financial non-tax multi-channel comprehensive fee collection system and payment business processing flow |
| CN104063756A (en) * | 2014-05-23 | 2014-09-24 | 国网辽宁省电力有限公司本溪供电公司 | Electric power utilization information remote control system |
| CN106355514A (en) * | 2016-08-31 | 2017-01-25 | 中国南方电网有限责任公司 | Management system and process for realizing electric charge collection through bank and power supply enterprise network on basis of account checking identification codes |
| CN106934530A (en) * | 2017-02-27 | 2017-07-07 | 广州海颐软件有限公司 | A kind of comprehensive energy marketing automation system platform of the wisdom energy |
| CN108288223A (en) * | 2018-03-13 | 2018-07-17 | 同方鼎欣科技股份有限公司 | A kind of power marketing manages system and method with financial counting |
| CN110827132A (en) * | 2019-10-14 | 2020-02-21 | 国网河北省电力有限公司 | Automatic reconciliation method for marketing account of power enterprise |
| CN111583008A (en) * | 2020-06-05 | 2020-08-25 | 孙悦 | Intelligent automatic charge cancellation system and method for electricity consumption customers |
-
2020
- 2020-12-28 CN CN202011583158.8A patent/CN112712404A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103729792A (en) * | 2014-01-03 | 2014-04-16 | 中国农业银行股份有限公司南通分行 | Financial non-tax multi-channel comprehensive fee collection system and payment business processing flow |
| CN104063756A (en) * | 2014-05-23 | 2014-09-24 | 国网辽宁省电力有限公司本溪供电公司 | Electric power utilization information remote control system |
| CN106355514A (en) * | 2016-08-31 | 2017-01-25 | 中国南方电网有限责任公司 | Management system and process for realizing electric charge collection through bank and power supply enterprise network on basis of account checking identification codes |
| CN106934530A (en) * | 2017-02-27 | 2017-07-07 | 广州海颐软件有限公司 | A kind of comprehensive energy marketing automation system platform of the wisdom energy |
| CN108288223A (en) * | 2018-03-13 | 2018-07-17 | 同方鼎欣科技股份有限公司 | A kind of power marketing manages system and method with financial counting |
| CN110827132A (en) * | 2019-10-14 | 2020-02-21 | 国网河北省电力有限公司 | Automatic reconciliation method for marketing account of power enterprise |
| CN111583008A (en) * | 2020-06-05 | 2020-08-25 | 孙悦 | Intelligent automatic charge cancellation system and method for electricity consumption customers |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378169A (en) * | 2021-07-07 | 2021-09-10 | 国网冀北电力有限公司 | Safety protection system for virtual power plant operation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Abreu et al. | Blockchain technology in the auditing environment | |
| US7013296B1 (en) | Using electronic security value units to control access to a resource | |
| US7272855B1 (en) | Unified monitoring and detection of intrusion attacks in an electronic system | |
| CN107710258A (en) | System and method for personal identification and checking | |
| CN106934673A (en) | A kind of electronic invoice system | |
| US7140039B1 (en) | Identification of an attacker in an electronic system | |
| CN109949019A (en) | A kind of payment system based on medical block chain | |
| Hassan et al. | Secured insurance framework using blockchain and smart contract | |
| CN107944837A (en) | A kind of authority processing method, device and system | |
| CN101873333B (en) | Enterprise data maintenance method, device and system based on banking system | |
| GB2471072A (en) | Electronic document verification system | |
| US20030229792A1 (en) | Apparatus for distributed access control | |
| Zhu et al. | Research on the security of blockchain data: A survey | |
| US20220253813A1 (en) | Cryptographicaly secured hybrid (on and off blockchain) cryptocurrency system | |
| CN108133415A (en) | A kind of electronics authority method of charging out, device and system | |
| Bohm et al. | Electronic commerce: Who carries the risk of fraud | |
| Dold | The GNU Taler system: practical and provably secure electronic payments | |
| CN107742085A (en) | A kind of data security system | |
| Raikar et al. | BCT-voting: a blockchain technology based voting system | |
| CN112712404A (en) | Intelligent intensive processing and business safety protection system for electric charge account | |
| KR20200124121A (en) | The Method to conveniently and safely authenticate the transfer of My Data | |
| Pali et al. | A comprehensive survey of aadhar and security issues | |
| Xu et al. | AC2M: An Automated Consent Management Model for Blockchain Financial Services Platform | |
| Saim et al. | E-Voting via Upgradable Smart Contracts on Blockchain | |
| CN115643573A (en) | Privileged account authentication method and system based on dynamic security environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210427 |
|
| RJ01 | Rejection of invention patent application after publication |