CN113037711A - Anti-tampering method and system for merchant data transmission and storage - Google Patents
Anti-tampering method and system for merchant data transmission and storage Download PDFInfo
- Publication number
- CN113037711A CN113037711A CN202110160345.3A CN202110160345A CN113037711A CN 113037711 A CN113037711 A CN 113037711A CN 202110160345 A CN202110160345 A CN 202110160345A CN 113037711 A CN113037711 A CN 113037711A
- Authority
- CN
- China
- Prior art keywords
- merchant
- data
- message
- platform
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000005540 biological transmission Effects 0.000 title claims abstract description 23
- 238000012795 verification Methods 0.000 claims abstract description 12
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000002427 irreversible effect Effects 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Abstract
The invention provides a tamper-proof method and a tamper-proof system for merchant data transmission and storage, wherein the method comprises the following steps: receiving a message sent by a merchant terminal, encrypting sensitive data by the message through a platform public key, and then adding a label to the whole message through a merchant private key; checking the signature of the message through a public key of a merchant; after the signature verification is finished, decrypting the sensitive data through a platform private key to obtain decrypted data; and encrypting the sensitive field in the decrypted data, and storing the decrypted data into a database. According to the scheme, the merchant data can be prevented from being maliciously tampered in the transmission and storage processes, so that the privacy of the merchant is protected, and the loss of the merchant and a third-party payment company is avoided.
Description
Technical Field
The invention relates to the technical field of data storage, in particular to a tamper-proof method and a tamper-proof system for merchant data transmission and storage.
Background
At present, most internet companies have potential safety hazards in data transmission and storage, and particularly third-party payment companies have the defects that most data belong to sensitive data and are all privacy data of users, once the privacy data are revealed, the users and individuals are greatly harmed, and therefore, the third-party payment companies are indispensable in data safe transmission and safe storage.
In a data center of a third-party payment company, the most sensitive data is merchant data, the merchant data includes information such as basic information of a merchant, names of legal persons, identity cards of the legal persons, business licenses, business addresses, merchant settlement cards and the like, and the information belongs to private information and cannot be revealed. When a merchant makes merchant provision in a third-party payment company, the services of the local payment company are accessed through an interface, and if data is transmitted in a plaintext mode in a network layer, a large potential safety hazard exists; meanwhile, in the process of storing the data, if the data is maliciously modified and tampered by people, the data can also bring great loss to companies and merchants. Therefore, a method for preventing the merchant data from being maliciously tampered during the transmission and storage process and avoiding the disclosure of the privacy of the merchant is needed.
Disclosure of Invention
The invention aims to provide a method and a system for preventing merchant data from being tampered during transmission and storage, and the scheme can prevent the merchant data from being tampered maliciously during the transmission and storage process, thereby being beneficial to protecting the privacy of merchants and avoiding the loss of merchants and third-party payment companies.
The technical scheme provided by the invention is as follows:
the invention provides a tamper-proof method for merchant data transmission and storage, which comprises the following steps:
receiving a message sent by a merchant terminal, encrypting sensitive data by the message through a platform public key, and then adding a label to the whole message through a merchant private key;
checking the signature of the message through a public key of a merchant;
after the signature verification is finished, decrypting the sensitive data through a platform private key to obtain decrypted data;
and encrypting the sensitive field in the decrypted data, and storing the decrypted data into a database.
In the scheme, sensitive data are encrypted through a platform public key for a message sent by a merchant terminal, and then the whole message is signed through a merchant private key, so that the platform terminal can correspondingly check and sign the message through the merchant public key firstly after receiving the message, and after the check and sign are completed, the sensitive data are decrypted through the platform private key, and then sensitive fields in the decrypted data are encrypted and stored, so that the merchant data can be prevented from being maliciously tampered in the transmission and storage processes, the merchant privacy is protected, and loss caused to merchants and third-party payment companies is avoided.
Further, the encrypting the sensitive field in the decrypted data and storing the decrypted data in a database specifically includes the steps of:
customizing the splicing mode of the mac check column;
generating the corresponding mac check column according to the sensitive field;
performing MD5 encryption on the mac check column to generate an information summary;
3DES encryption is carried out on the information abstract, and a mac value corresponding to the mac check column is generated;
and storing the mac value and the decryption data into the database.
Further, after storing the mac value and the decryption data in the database, the method further includes the steps of:
when data is read, performing 3DES decryption through the mac value to obtain an MD5 value;
processing the read data according to the step of generating the information abstract, and regenerating the information abstract;
if the regenerated message digest is different from the MD5 value, the data is tampered, and an early warning is given.
By customizing the splicing mode of the mac check column, for example, the fields of the merchant data include id, merc _ id, name, cardNo, bankname, and the like, the three fields of merc _ id + name + cardNo may be predefined to be spliced to obtain the mac check column, and of course, other fields may also be selected to be spliced. After splicing is completed, MD5 encryption is firstly carried out on the mac check column to generate an information abstract, then 3DES encryption is carried out on the information abstract to generate a mac value corresponding to the mac check column, and the mac value and decrypted data are stored in the database together, so that 3DES decryption can be carried out through the mac value to obtain an MD5 value when data are read; and then, the information abstract is regenerated according to the original method, and because the encryption process of the MD5 is irreversible, if the regenerated information abstract is different from the MD5 value, the data is tampered, so that a user can accurately judge whether the stored data is tampered, and the privacy of merchants can be protected.
In addition, in the present embodiment, the 3DES and the MD5 are selected to be used for encryption in sequence, and in other embodiments, other similar encryption methods may also be selected for encryption.
Further, the storing the mac value and the decryption data into the database specifically includes the steps of:
presetting a database table in the database, and sorting the database table according to fields;
storing the decrypted data into the database table according to fields;
and storing the mac value obtained by calculation into the database table.
Through presetting the database table, the method not only can be convenient for storing, sorting and reading the merchant data, but also can be convenient for splicing the mac check columns, and is also beneficial to checking and reading the mac value.
Further, after obtaining the decrypted data, the method further includes the steps of:
organizing a return message;
encrypting the sensitive data in the return message through a merchant public key;
and adding the label to the whole return message through a platform private key, so that after the merchant terminal receives the return message, the label of the return message is checked through the platform public key, and then the sensitive data is decrypted through the user private key.
After the platform end receives the message sent by the merchant end, sensitive data in the return message can be encrypted through the merchant public key, and then the platform private key is used for signing the whole return message, so that after the merchant end receives the return message, the platform public key can be used for checking the signature of the return message, and then the user private key is used for decrypting the sensitive data, thereby being beneficial to avoiding the return message from being tampered.
Further, before receiving the message sent by the customer end, the method further comprises the steps of:
calling a certificate generation interface in a certificate system to generate a platform secret key certificate and a merchant secret key certificate;
and displaying the platform private key and the merchant public key at the platform end, and displaying the platform public key and the merchant private key at the merchant end.
In addition, the invention also provides a system for preventing the merchant data from being tampered, which comprises a merchant end, a platform end and a merchant system, wherein the merchant end is connected with the platform end through the merchant system;
wherein the merchant system comprises:
the receiving module is used for receiving the message sent by the merchant terminal, encrypting the sensitive data by the platform public key, and then adding the label to the whole message by the merchant private key;
the signature verification module is used for verifying the signature of the message through the public key of the merchant;
the decryption module is used for decrypting the sensitive data through a platform private key after the signature verification is finished to obtain decrypted data;
and the storage module is used for encrypting the sensitive fields in the decrypted data and storing the decrypted data into a database.
In the scheme, sensitive data are encrypted through a platform public key firstly for a message sent by a merchant terminal, and then the whole message is signed through a merchant private key, so that after the message is received by the platform terminal, the message can be correspondingly checked and signed through a signature checking module firstly, after the signature checking is completed, the sensitive data are decrypted through a decryption module, sensitive fields in the decrypted data are encrypted and stored, the merchant data can be prevented from being maliciously tampered in the transmission and storage processes, the merchant privacy is protected, and losses caused by merchants and third-party payment companies are avoided.
Further, the storage module includes:
the self-defining unit is used for self-defining the splicing mode of the mac check column;
the generating unit is used for generating the corresponding mac check column according to the sensitive field;
the first encryption unit is used for carrying out MD5 encryption on the mac check column to generate an information summary;
the second encryption unit is used for carrying out 3DES encryption on the information abstract and generating a mac value corresponding to the mac check column;
and the storage unit is used for storing the mac value and the decryption data into the database.
Further, a database table is preset in the database, and the database table is listed according to fields;
and the storage unit stores the decrypted data into the database table according to fields and stores the mac value obtained by calculation into the database table.
Further, the merchant system further comprises:
the encryption module is used for encrypting the sensitive data in the return text organized by the platform terminal through a commercial tenant public key;
and the signing module is used for signing the whole return message through a platform private key, so that after the business user side receives the return message, the business user side firstly checks the signature of the return message through a platform public key and then decrypts the sensitive data through a user private key.
According to the anti-tampering method and system for merchant data transmission and storage provided by the invention, sensitive data of a message sent by a merchant end is encrypted through a platform public key, and then the whole message is signed through a merchant private key, so that the platform end can correspondingly check the signature of the message through the merchant public key after receiving the message, decrypt the sensitive data through the platform private key after the signature verification is completed, and then encrypt and store sensitive fields in the decrypted data, so that the merchant data can be prevented from being tampered maliciously in the transmission and storage processes, the merchant privacy is protected, and the loss of merchants and third-party payment companies is avoided.
Drawings
The foregoing features, technical features, advantages and embodiments of the present invention will be further explained in the following detailed description of the preferred embodiments, which is to be read in connection with the accompanying drawings.
FIG. 1 is a schematic overall flow diagram of an embodiment of the present invention;
FIG. 2 is a schematic diagram of merchant-side and platform-side data delivery according to an embodiment of the invention;
fig. 3 is a schematic structural diagram of a merchant system according to an embodiment of the present invention.
Reference numbers in the figures: 1-a receiving module; 2-a label checking module; 3-a decryption module; 4-a storage module; 41-a custom unit; 42-a generating unit; 43-a first encryption unit; 44-a second encryption unit; 45-a storage unit; 5-an encryption module; 6-a tagging module.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
Example 1
An embodiment of the present invention, as shown in fig. 1 and fig. 2, provides a tamper-proof method for merchant data transmission and storage, including the steps of:
s1, receiving the message sent by the merchant, encrypting the sensitive data by the message through the platform public key, and then signing the whole message through the merchant private key.
Preferably, before receiving the message sent by the customer end, the method further includes the steps of:
s01, the merchant generates a certificate in the certificate management of the user system, and invokes a certificate generation interface in the certificate system to generate a platform key certificate and a merchant key certificate.
S02, displaying the platform private key and the merchant public key at the platform end, and displaying the platform public key and the merchant private key at the merchant end. The public key and the private key are paired and decrypt each other, and the public key is encrypted and the private key is decrypted; and the private key is used for digital signature and the public key is used for verification.
And S2, checking the message through the public key of the merchant.
And S3, after the signature verification is completed, decrypting the sensitive data through the platform private key to obtain decrypted data.
And S4, encrypting the sensitive fields in the decrypted data and storing the decrypted data into the database.
In the scheme, sensitive data are encrypted through a platform public key for a message sent by a merchant terminal, and then the whole message is signed through a merchant private key, so that the platform terminal can correspondingly check and sign the message through the merchant public key firstly after receiving the message, and after the check and sign are completed, the sensitive data are decrypted through the platform private key, and then sensitive fields in the decrypted data are encrypted and stored, so that the merchant data can be prevented from being maliciously tampered in the transmission and storage processes, the merchant privacy is protected, and loss caused to merchants and third-party payment companies is avoided.
Example 2
An embodiment of the present invention, on the basis of embodiment 1, encrypts a sensitive field in decrypted data, and stores the decrypted data in a database, and specifically includes the steps of:
and S41, customizing the splicing mode of the mac check column.
By customizing the splicing mode of the mac check column, for example, the fields of the merchant data include id, merc _ id, name, cardNo, bankname, and the like, the three fields of merc _ id + name + cardNo may be predefined to be spliced to obtain the mac check column, and of course, other fields may also be selected to be spliced.
And S42, generating a corresponding mac check column according to the sensitive field.
And S43, performing MD5 encryption on the mac check column to generate the information digest.
And S44, performing 3DES encryption on the message digest to generate a mac value corresponding to the mac check column.
And S45, storing the mac value and the decrypted data into a database.
Further, storing the mac value and the decrypted data in a database, specifically comprising the steps of:
presetting a database table in a database, and sorting the database table according to fields; storing the decrypted data into a database table according to the fields; and storing the mac value obtained by calculation into a database table.
Through presetting the database table, the method not only can be convenient for storing, sorting and reading the merchant data, but also can be convenient for splicing the mac check columns, and is also beneficial to checking and reading the mac value.
Further, after storing the mac value and the decrypted data in the database, the method further comprises the following steps:
and S46, when the data is read, performing 3DES decryption through the mac value to obtain an MD5 value.
S47, processing the read data according to the step of generating the message digest, and regenerating the message digest.
And S48, if the regenerated message digest is different from the MD5 value, the data is tampered, and an early warning is given out.
After splicing is completed, MD5 encryption is carried out on the mac check column to generate an information abstract, then 3DES encryption is carried out on the information abstract to generate a mac value corresponding to the mac check column, and the mac value and the decrypted data are stored in the database together. When data is read, 3DES decryption can be performed through the mac value to obtain an MD5 value; and then, the information abstract is regenerated according to the original method, and because the encryption process of the MD5 is irreversible, if the regenerated information abstract is different from the MD5 value, the data is tampered, so that a user can accurately judge whether the stored data is tampered, and the privacy of merchants can be protected.
In addition, in the present embodiment, the 3DES and the MD5 are selected to be used for encryption in sequence, and in other embodiments, other similar encryption methods may also be selected for encryption.
Example 3
An embodiment of the present invention, as shown in fig. 2, further includes, after obtaining the decrypted data based on embodiment 1 or 2, the steps of:
and S5, organizing the return message.
And S6, encrypting the sensitive data in the return message through the public key of the merchant.
And S7, the platform private key is used for signing the whole return message, so that after the merchant receives the return message, the merchant firstly checks the signature of the return message through the platform public key and then decrypts the sensitive data through the user private key.
After the platform end receives the message sent by the merchant end, sensitive data in the return message can be encrypted through the merchant public key, and then the platform private key is used for signing the whole return message, so that after the merchant end receives the return message, the platform public key can be used for checking the signature of the return message, and then the user private key is used for decrypting the sensitive data, thereby being beneficial to avoiding the return message from being tampered.
Example 4
An embodiment of the present invention, as shown in fig. 3, further provides a tamper-resistant system for merchant data transmission and storage, including a merchant end, a platform end, and a merchant system, where the merchant end is connected to the platform end through the merchant system. The merchant system comprises a receiving module 1, a signature verification module 2, a decryption module 3 and a storage module 4.
The receiving module 1 is used for receiving a message sent by a merchant terminal, and the message firstly encrypts sensitive data through a platform public key and then carries out overall signature on the message through a merchant private key.
The signature checking module 2 is used for checking the signature of the message through the public key of the merchant; and the decryption module 3 is used for decrypting the sensitive data through the platform private key after the signature verification is finished to obtain decrypted data.
The storage module 4 is used for encrypting the sensitive fields in the decrypted data and storing the decrypted data into the database.
In the scheme, sensitive data are encrypted through a platform public key firstly for a message sent by a merchant terminal, and then the whole message is signed through a merchant private key, so that after the message is received by the platform terminal, the message can be correspondingly checked and signed through a signature checking module 2 firstly, after the signature checking is completed, the sensitive data are decrypted through a decryption module 3, sensitive fields in the decrypted data are encrypted and stored, merchant data can be prevented from being maliciously tampered in the transmission and storage processes, the merchant privacy is protected, and loss caused by merchants and third-party payment companies is avoided.
Example 5
In an embodiment of the present invention, as shown in fig. 3, on the basis of embodiment 4, the storage module includes a customizing unit 41, a generating unit 42, a first encrypting unit 43, a second encrypting unit 44, and a storing unit 45.
The custom unit 41 is used for customizing the splicing mode of the mac check column; the generating unit 42 is configured to generate a corresponding mac check column according to the sensitive field.
The first encryption unit 43 is configured to perform MD5 encryption on the mac check column to generate an information digest; the second encryption unit 44 is configured to perform 3DES encryption on the information digest to generate a mac value corresponding to a mac check column; the storage unit 45 is used to store the mac value and the decrypted data in the database.
In addition, a database table is preset in the database and is listed according to fields; the storage unit 45 stores the decrypted data in the database table by field, and stores the mac value obtained by calculation in the database table. Through presetting the database table, the method not only can be convenient for storing, sorting and reading the merchant data, but also can be convenient for splicing the mac check columns, and is also beneficial to checking and reading the mac value.
By customizing the splicing mode of the mac check columns and generating the corresponding mac check columns according to the sensitive fields, after splicing is completed, MD5 encryption can be performed on the mac check columns to generate information digests, then 3DES encryption can be performed on the information digests to generate mac values corresponding to the mac check columns, and the mac values and decrypted data are stored in a database together. When data is read, 3DES decryption can be performed through the mac value to obtain an MD5 value; and then, the information abstract is regenerated according to the original method, and because the encryption process of the MD5 is irreversible, if the regenerated information abstract is different from the MD5 value, the data is tampered, so that a user can accurately judge whether the stored data is tampered, and the privacy of merchants can be protected.
Preferably, the merchant system further comprises an encryption module 5 and a tagging module 6.
The encryption module 5 is used for encrypting the sensitive data in the return text organized by the platform end through the public key of the merchant.
The signature adding module 6 is used for adding signatures to the whole return message through the platform private key, so that after the merchant receives the return message, the merchant can firstly check the signatures of the return message through the platform public key and then decrypt the sensitive data through the user private key.
In the scheme, after the platform end receives the message sent by the merchant end, the encryption module 5 can be used for encrypting the sensitive data in the returned message, and then the signing module 6 is used for signing the whole returned message, so that after the merchant end receives the returned message, the returned message can be checked and signed through the platform public key firstly, and then the sensitive data is decrypted through the user private key, thereby being beneficial to avoiding the returned message from being tampered during transmission.
It should be noted that the above embodiments can be freely combined as necessary. The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A tamper-proof method for merchant data transmission and storage is characterized by comprising the following steps:
receiving a message sent by a merchant terminal, encrypting sensitive data by the message through a platform public key, and then adding a label to the whole message through a merchant private key;
checking the signature of the message through a public key of a merchant;
after the signature verification is finished, decrypting the sensitive data through a platform private key to obtain decrypted data;
and encrypting the sensitive field in the decrypted data, and storing the decrypted data into a database.
2. The method as claimed in claim 1, wherein the method for preventing tampering of the merchant data transmission and storage includes encrypting the sensitive field in the decrypted data and storing the decrypted data in a database, and includes the following steps:
customizing the splicing mode of the mac check column;
generating the corresponding mac check column according to the sensitive field;
performing MD5 encryption on the mac check column to generate an information summary;
3DES encryption is carried out on the information abstract, and a mac value corresponding to the mac check column is generated;
and storing the mac value and the decryption data into the database.
3. The method as claimed in claim 2, wherein after storing the mac value and the decryption data in the database, the method further comprises:
when data is read, performing 3DES decryption through the mac value to obtain an MD5 value;
processing the read data according to the step of generating the information abstract, and regenerating the information abstract;
if the regenerated message digest is different from the MD5 value, the data is tampered, and an early warning is given.
4. The method as claimed in claim 2, wherein the step of storing the mac value and the decryption data in the database includes the steps of:
presetting a database table in the database, and sorting the database table according to fields;
storing the decrypted data into the database table according to fields;
and storing the mac value obtained by calculation into the database table.
5. The method as claimed in claim 1, wherein after obtaining the decrypted data, the method further comprises:
organizing a return message;
encrypting the sensitive data in the return message through a merchant public key;
and adding the label to the whole return message through a platform private key, so that after the merchant terminal receives the return message, the label of the return message is checked through the platform public key, and then the sensitive data is decrypted through the user private key.
6. The method as claimed in claim 1, wherein the step of receiving the message sent by the merchant terminal further comprises:
calling a certificate generation interface in a certificate system to generate a platform secret key certificate and a merchant secret key certificate;
and displaying the platform private key and the merchant public key at the platform end, and displaying the platform public key and the merchant private key at the merchant end.
7. The anti-tampering system for merchant data transmission and storage is characterized by comprising a merchant end, a platform end and a merchant system, wherein the merchant end is connected with the platform end through the merchant system;
wherein the merchant system comprises:
the receiving module is used for receiving the message sent by the merchant terminal, encrypting the sensitive data by the platform public key, and then adding the label to the whole message by the merchant private key;
the signature verification module is used for verifying the signature of the message through the public key of the merchant;
the decryption module is used for decrypting the sensitive data through a platform private key after the signature verification is finished to obtain decrypted data;
and the storage module is used for encrypting the sensitive fields in the decrypted data and storing the decrypted data into a database.
8. The system of claim 7, wherein the storage module comprises:
the self-defining unit is used for self-defining the splicing mode of the mac check column;
the generating unit is used for generating the corresponding mac check column according to the sensitive field;
the first encryption unit is used for carrying out MD5 encryption on the mac check column to generate an information summary;
the second encryption unit is used for carrying out 3DES encryption on the information abstract and generating a mac value corresponding to the mac check column;
and the storage unit is used for storing the mac value and the decryption data into the database.
9. The system of claim 8, wherein the system is further configured to: a database table is preset in the database and is arranged in columns according to fields;
and the storage unit stores the decrypted data into the database table according to fields and stores the mac value obtained by calculation into the database table.
10. The system of claim 7, wherein the merchant system further comprises:
the encryption module is used for encrypting the sensitive data in the return text organized by the platform terminal through a commercial tenant public key;
and the signing module is used for signing the whole return message through a platform private key, so that after the business user side receives the return message, the business user side firstly checks the signature of the return message through a platform public key and then decrypts the sensitive data through a user private key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110160345.3A CN113037711A (en) | 2021-02-05 | 2021-02-05 | Anti-tampering method and system for merchant data transmission and storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110160345.3A CN113037711A (en) | 2021-02-05 | 2021-02-05 | Anti-tampering method and system for merchant data transmission and storage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113037711A true CN113037711A (en) | 2021-06-25 |
Family
ID=76460343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110160345.3A Pending CN113037711A (en) | 2021-02-05 | 2021-02-05 | Anti-tampering method and system for merchant data transmission and storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113037711A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020135801A1 (en) * | 2000-12-08 | 2002-09-26 | Gary Tessman | Distributed image storage architecture |
| JP2004325677A (en) * | 2003-04-23 | 2004-11-18 | Sony Corp | Encryption processing device, encryption processing method, and computer program |
| CN109271798A (en) * | 2018-09-13 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | Sensitive data processing method and system |
| CN111314315A (en) * | 2020-01-20 | 2020-06-19 | 重庆富民银行股份有限公司 | Open platform multi-dimensional safety control system and method |
| CN112202713A (en) * | 2020-08-28 | 2021-01-08 | 航天科工网络信息发展有限公司 | User data security protection method under Kubernetes environment |
| CN112235289A (en) * | 2020-10-13 | 2021-01-15 | 桂林微网互联信息技术有限公司 | Data encryption and decryption method and device, computing equipment and storage medium |
-
2021
- 2021-02-05 CN CN202110160345.3A patent/CN113037711A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020135801A1 (en) * | 2000-12-08 | 2002-09-26 | Gary Tessman | Distributed image storage architecture |
| JP2004325677A (en) * | 2003-04-23 | 2004-11-18 | Sony Corp | Encryption processing device, encryption processing method, and computer program |
| CN109271798A (en) * | 2018-09-13 | 2019-01-25 | 深圳萨摩耶互联网金融服务有限公司 | Sensitive data processing method and system |
| CN111314315A (en) * | 2020-01-20 | 2020-06-19 | 重庆富民银行股份有限公司 | Open platform multi-dimensional safety control system and method |
| CN112202713A (en) * | 2020-08-28 | 2021-01-08 | 航天科工网络信息发展有限公司 | User data security protection method under Kubernetes environment |
| CN112235289A (en) * | 2020-10-13 | 2021-01-15 | 桂林微网互联信息技术有限公司 | Data encryption and decryption method and device, computing equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2810402B1 (en) | A method and database system for secure storage and communication of information | |
| US6301660B1 (en) | Computer system for protecting a file and a method for protecting a file | |
| EP2465246B1 (en) | Layered protection and validation of identity data delivered online via multiple intermediate clients | |
| US20020049906A1 (en) | Digital signature system, digital signature method, digital signature mediation method, digital signature mediation system, information terminal and storage medium | |
| US20060282372A1 (en) | Method to secure credit card information stored electronically | |
| US20010044785A1 (en) | Method and system for private shipping to anonymous users of a computer network | |
| CN106452775A (en) | Method and apparatus for accomplishing electronic signing and signing server | |
| JPH11512841A (en) | Document authentication system and method | |
| US7881469B2 (en) | Crypto-wireless-tag | |
| CN109858911A (en) | Qualification verification method, device, system, equipment and readable storage medium storing program for executing | |
| CN110401542A (en) | Electronic identity voucher generation method, terminal and server | |
| CN106953732A (en) | The key management system and method for chip card | |
| US20130138965A1 (en) | Control method, program and system for link access | |
| CN107229879A (en) | Electronics confirmation request automatic generation method and system based on safe Quick Response Code | |
| CN114500093A (en) | Safe interaction method and system for message information | |
| CN116645055A (en) | One-stop type medical enterprise information service platform | |
| CN116843349A (en) | Mobile digital medicine marketing platform based on SAAS service | |
| CN113037711A (en) | Anti-tampering method and system for merchant data transmission and storage | |
| US20070192589A1 (en) | System and method for encrypting webpage logs | |
| CN113537982B (en) | Security verification method, device, equipment and storage medium of financial equipment | |
| CN116383861B (en) | Computer security processing system based on user data protection | |
| CN115242391A (en) | Road passenger transport electronic ticket password service management method and system | |
| CN110490003B (en) | User trusted data generation method, user trusted data acquisition method, device and system | |
| JPH10228375A (en) | Electronic distribution system | |
| WO2010134249A1 (en) | Data processing system, information flow control method, and non-temporal computer readable medium storing program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210625 |