CN113205337A - Transaction processing system and method - Google Patents

Transaction processing system and method Download PDF

Info

Publication number
CN113205337A
CN113205337A CN202110619885.3A CN202110619885A CN113205337A CN 113205337 A CN113205337 A CN 113205337A CN 202110619885 A CN202110619885 A CN 202110619885A CN 113205337 A CN113205337 A CN 113205337A
Authority
CN
China
Prior art keywords
transaction
transaction request
protocol
processing result
bank
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110619885.3A
Other languages
Chinese (zh)
Inventor
曾宪奇
董潇
王晓旭
张婉露
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202110619885.3A priority Critical patent/CN113205337A/en
Publication of CN113205337A publication Critical patent/CN113205337A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a transaction processing system and a method, relating to the technical field of cryptographic algorithm, comprising the following steps: the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit; the security unit encrypts sensitive information in the transaction request according to a first key of the security unit, generates a check code for transaction element information in the transaction request according to a second key of the security unit, generates a transaction request protocol and sends the transaction request protocol to the bank application software; the bank application software transmits the transaction request protocol to a bank background system; the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, and processes the transaction according to the transaction request after the verification is passed and the decryption.

Description

Transaction processing system and method
Technical Field
The invention relates to the technical field of cryptographic algorithms, in particular to a transaction processing system and a transaction processing method.
Background
The safety unit is hardware capable of providing safety storage of private information and safety execution of important programs, is physically independent, adopts a safety protocol to communicate with the outside, and has an independent execution environment and safety storage. At present, the interaction between the bank background system and the security unit is generally transferred through application software (APP/SDK) installed on the device. The risk existing in the mode is that information interaction between the bank background system and the security unit can be intercepted or tampered by application software, and a large potential safety hazard exists.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a transaction processing system, which is used for realizing accurate and safe transmission of information between a safety unit and a bank background system, and comprises:
safety unit, bank backstage system and bank application software, wherein:
the bank application software is used for receiving a transaction request initiated by a client and forwarding the transaction request to the security unit; receiving a transaction request protocol returned by the security unit, and forwarding the transaction request protocol to a bank background system;
the safety unit is used for encrypting sensitive information in the transaction request according to a first secret key of the safety unit and generating a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software;
and the bank background system is used for analyzing the transaction request protocol, verifying the check code of the transaction element information in the transaction request according to the second key of the security unit, decrypting the encrypted sensitive information in the transaction request according to the first key of the security unit after the verification is passed, and processing the transaction according to the transaction request after the verification is passed and the decryption.
The embodiment of the invention provides a transaction processing method for realizing accurate and safe transmission of information between a safety unit and a bank background system, which comprises the following steps:
the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit;
the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software;
the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system;
the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, and processes the transaction according to the transaction request after the verification is passed and the decryption.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the transaction processing method is realized when the processor executes the computer program.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores and executes the transaction processing method.
The embodiment of the invention comprises the following steps: the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit; the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software; the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system; the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, processes the transaction according to the transaction request after the verification is passed and decrypted, and then encrypts and decrypts the transaction information, generates the check code and verifies the check code through the security unit and the bank background system based on the first secret key and the second secret key, so that the accurate and safe transmission of the transaction information between the security unit and the bank background system is realized, the risk of intercepting or tampering the transaction information by application software is avoided, and the accuracy and the safety of transaction processing are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is a schematic diagram of a transaction processing system architecture according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a transaction processing method according to an embodiment of the invention;
FIG. 3 is a schematic diagram of a transaction result feedback process according to an embodiment of the invention;
FIG. 4 is a schematic diagram of a detailed process flow of step 203 in FIG. 1;
FIG. 5 is a flow chart of an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, method or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
An embodiment of the present invention provides a transaction processing system, configured to implement accurate and secure transmission of information between a security unit and a bank background system, where fig. 1 is a schematic diagram of a transaction processing system structure in an embodiment of the present invention, and as shown in fig. 1, the system includes:
the system comprises a security unit 01, a bank background system 02 and bank application software 03, wherein:
the bank application software 03 is used for receiving a transaction request initiated by a customer and forwarding the transaction request to the security unit 01; receiving a transaction request protocol returned by the security unit 01, and forwarding the transaction request protocol to the bank background system 02;
the safety unit 01 is used for encrypting sensitive information in the transaction request according to a first secret key of the safety unit and generating a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software 03;
the bank background system 02 is used for analyzing the transaction request protocol, verifying the check code of the transaction element information in the transaction request according to the second key of the security unit, decrypting the encrypted sensitive information in the transaction request according to the first key of the security unit after the verification is passed, and processing the transaction according to the transaction request after the verification is passed and the decrypted transaction request.
As shown in fig. 1, an embodiment of the present invention is implemented by: the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit; the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software; the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system; the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, processes the transaction according to the transaction request after the verification is passed and the decrypted, and then encrypts or decrypts the transaction information, generates the check code or verifies the check code through the security unit and the bank background system based on the first secret key and the second secret key, so that the accurate and safe transmission of the transaction information between the security unit and the bank background system is realized, the risk of intercepting or tampering the transaction information by application software is avoided, and the accuracy and the safety of transaction processing are improved.
As shown in fig. 1, in one embodiment, the security element 01 includes a plurality of security elements, each security element corresponding to a first key and a second key;
the bank background system 02 stores a first key and a second key of a plurality of security units 01.
In specific implementation, the bank application software 03 is an entrance operated by a client, and is responsible for connecting the security unit 01 and the bank background system 02, receiving and forwarding messages and transaction protocols, and ensuring the security and validity of information, the security unit 01 is responsible for terminal transaction processing, the security unit 01 may include a plurality of security units, each security unit 01 corresponds to one group of keys, and includes a first key and a second key, the first key is used for encryption, the second key is used for generating a check code, the first key and the second key may be symmetric keys, and the bank background system 02 stores the first key and the second key of the plurality of security units 01.
After receiving the transaction request initiated by the customer, the bank application software 03 calls an interface provided by the security unit 01, and forwards the transaction request to the security unit 01.
The secure unit 01 generates a transaction request protocol according to the transaction request, specifically, the secure unit 01 first encrypts sensitive information in the transaction request according to a first key of the secure unit, where the sensitive information may include: account information, customer information and the like, and other information can be included, sensitive information can be prevented from being leaked through encryption, and then, a check code is generated for transaction element information in the transaction request according to a second secret key of the safety unit, wherein the transaction element information can include: the transaction time, the transaction amount, the transaction random number and the like can also comprise other information, the verification code generation can prevent the transaction information from being tampered, then, a transaction request protocol is generated according to the transaction request after the encryption and the verification code generation, wherein the transaction protocol can be identified by the security unit and comprises a transaction request interface in an agreed format and corresponding response data, and finally, the transaction request protocol is sent to the bank application software 03.
In one embodiment, the bank application 03 is specifically configured to:
receiving a transaction request protocol returned by the security unit 01, and generating a transaction request message according to a message format corresponding to the bank background system 02;
and forwarding the transaction request message to the bank background system 02.
In specific implementation, after receiving a transaction request protocol, the bank application software 03 first generates a transaction request message according to a message format corresponding to the bank background system 02, forwards the transaction request message to the bank background system 02, the bank background system 02 extracts the transaction request protocol from the transaction request message, then analyzes the transaction request protocol, verifies a check code of transaction element information in the transaction request according to a second secret key of the security unit 01, after the verification is passed, the transaction element information can be determined to be true and accurate, then decrypts the encrypted sensitive information in the transaction request by using the first secret key of the security unit, and processes and completes the transaction according to the transaction request which is verified and decrypted.
In one embodiment, the bank backend system 02 is further configured to: after the transaction is processed, a transaction processing result is obtained, sensitive information in the transaction processing result is encrypted according to a first secret key of the safety unit, and a check code is generated according to a second secret key of the safety unit for transaction element information in the transaction processing result; generating a transaction processing result protocol and sending the transaction processing result protocol to the bank application software according to the transaction processing result after the encryption and the check code generation and the transaction protocol format of the security unit;
the bank application 03 is also used to: receiving a transaction processing result protocol returned by the bank background system 02, and forwarding the transaction processing result protocol to a security unit 01 corresponding to the transaction processing result protocol; displaying the transaction processing result after passing the verification and the decryption to the user;
the security unit 01 is also used to: the system is used for analyzing the transaction processing result protocol, verifying the check code of the transaction element information in the transaction processing result according to the second key of the security unit, decrypting the encrypted sensitive information in the transaction processing result according to the first key of the security unit after the verification is passed, and returning the transaction processing result after the verification is passed and the decryption to the bank application software.
In specific implementation, when a transaction processing result is obtained or a new transaction request is initiated after the transaction is processed by the bank background system 02, the sensitive information in the transaction processing result or the new transaction request is encrypted according to the first secret key of the security unit, then, a check code is generated according to the second secret key of the security unit on the transaction processing result or the transaction element information in the new transaction request, then, the transaction processing result or the new transaction request after the encryption and the check code generation is formatted according to a transaction protocol format which can be identified by the security unit 01, a transaction processing result protocol or a new transaction request protocol is generated, and the transaction processing result protocol or the new transaction request protocol is packaged into a message to be sent to the bank application software 03.
After receiving the message returned by the bank background system 02, the bank application software 03 first reads the transaction processing result protocol or the new transaction request protocol in the message, calls the transaction processing result protocol or the new transaction request protocol to call the corresponding interface of the security unit 01, and forwards the transaction processing result protocol or the new transaction request protocol to the security unit 01.
The security unit 01 may analyze the transaction processing result protocol or the new transaction request protocol, verify the check code of the transaction element information in the transaction processing result or the new transaction request according to the second key of the security unit, decrypt the encrypted sensitive information in the transaction processing result or the new transaction request according to the first key of the security unit after the verification is passed, return the transaction processing result or the new transaction request after the verification is passed and the decryption to the bank application software 02, and the bank application software 02 displays the transaction processing result after the verification is passed and the decryption to the user, or performs the subsequent transaction processing operation.
Based on the transaction mechanism, the embodiment of the invention encrypts or decrypts the transaction information based on the first secret key through the security unit and the bank background system, thereby realizing the secure transmission of the transaction information between the security unit and the bank background system, and generates or verifies the check code of the transaction information based on the second secret key, thereby realizing the accurate transmission of the transaction information between the security unit and the bank background system, ensuring the privacy and the authenticity of the information transmitted between the security unit and the bank background system, avoiding the risk of intercepting or tampering the transaction information by application software, and further improving the accuracy and the security of transaction processing.
Based on the same inventive concept, the embodiment of the present invention further provides a transaction processing method, such as the following embodiments. Because the principle of the transaction processing method for solving the problem is similar to that of the transaction processing method system, the implementation of the method can be referred to the implementation of the system, and repeated details are not repeated.
An embodiment of the present invention provides a transaction processing method for implementing accurate and secure transmission of information between a security unit and a bank background system, where fig. 2 is a schematic diagram of a transaction processing method flow in an embodiment of the present invention, and as shown in fig. 2, the method includes:
step 201: the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit;
step 202: the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software;
step 203: the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system;
step 204: the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, and processes the transaction according to the transaction request after the verification is passed and the decryption.
In one embodiment, the security elements comprise a plurality of security elements, each security element corresponding to a first key and a second key;
the bank background system stores a first key and a second key of a plurality of security units.
Fig. 3 is a schematic diagram of a transaction result feedback process in an embodiment of the present invention, as shown in fig. 3, in an embodiment, the method may further include:
step 301: the bank background system obtains a transaction processing result after processing the transaction, encrypts sensitive information in the transaction processing result according to a first secret key of the security unit, and generates a check code for transaction element information in the transaction processing result according to a second secret key of the security unit; generating a transaction processing result protocol and sending the transaction processing result protocol to the bank application software according to the transaction processing result after the encryption and the check code generation and the transaction protocol format of the security unit;
step 302: the bank application software receives a transaction processing result protocol returned by the bank background system and forwards the transaction processing result protocol to a safety unit corresponding to the transaction processing result protocol;
step 303: the safety unit analyzes the transaction processing result protocol, verifies the check code of the transaction element information in the transaction processing result according to the second key of the safety unit, decrypts the encrypted sensitive information in the transaction processing result according to the first key of the safety unit after the verification is passed, and returns the transaction processing result after the verification is passed and the decryption to the bank application software;
step 304: and the bank application software displays the transaction processing result after the verification is passed and the decryption to the user.
Fig. 4 is a schematic diagram of a specific process of step 203 in fig. 2, as shown in fig. 4, in an embodiment, in step 203, the receiving, by the bank application software, a transaction request protocol returned by the security unit, and forwarding the transaction request protocol to the bank background system includes:
step 401: receiving a transaction request protocol returned by the security unit, and generating a transaction request message according to a message format corresponding to a bank background system;
step 402: and forwarding the transaction request message to a bank background system.
It should be noted that while the operations of the method of the present invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the transaction processing method is realized when the processor executes the computer program.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores and executes the transaction processing method.
The following is a specific example to facilitate an understanding of how the invention may be practiced.
Fig. 5 is a schematic diagram of a flow of an embodiment of the present invention, as shown in fig. 5, including the following steps:
step 501: the bank application software receives a transaction request initiated by a client, calls an interface provided by the security unit and forwards the transaction request to the security unit;
step 502: the security unit encrypts sensitive information in the transaction request according to a first key of the security unit, generates a check code for transaction element information in the transaction request according to a second key of the security unit, generates a transaction request protocol according to the transaction request after the encryption and the check code generation, and sends the transaction request protocol to the bank application software;
step 503: after receiving the transaction request protocol, the bank application software generates a transaction request message according to a message format corresponding to the bank background system and forwards the transaction request message to the bank background system;
step 504: the bank background system extracts a transaction request protocol from the transaction request message, analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request by using the first secret key of the security unit after the verification is passed, and processes and completes the transaction according to the transaction request which passes and is decrypted;
step 505: the bank background system obtains a transaction processing result or initiates a new transaction request after processing the transaction, encrypts sensitive information in the transaction processing result or the new transaction request according to a first secret key of the security unit, generates a check code for transaction element information in the transaction processing result or the new transaction request according to a second secret key of the security unit, formats the encrypted transaction processing result or the new transaction request after generating the check code according to a transaction protocol format which can be identified by the security unit, generates a transaction processing result protocol or a new transaction request protocol, and packages the transaction processing result protocol or the new transaction request protocol into a message to be sent to bank application software;
step 506: the bank application software is used for reading a transaction processing result protocol or a new transaction request protocol in the message after receiving the message returned by the bank background system, calling the transaction processing result protocol or the new transaction request protocol to call an interface of the corresponding safety unit and forwarding the transaction processing result protocol or the new transaction request protocol to the safety unit;
step 507: the safety unit analyzes the transaction processing result protocol or the new transaction request protocol, verifies the check code of the transaction element information in the transaction processing result or the new transaction request according to the second key of the safety unit, decrypts the encrypted sensitive information in the transaction processing result or the new transaction request according to the first key of the safety unit after the verification is passed, and returns the transaction processing result or the new transaction request after the verification is passed and the decryption to the bank application software;
step 508: and the bank application software displays the transaction processing result after passing the verification and the decryption to the user or executes subsequent transaction processing operation.
In summary, the embodiment of the present invention provides: the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit; the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software; the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system; the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, processes the transaction according to the transaction request after the verification is passed and decrypted, and then encrypts and decrypts the transaction information, generates the check code and verifies the check code through the security unit and the bank background system based on the first secret key and the second secret key, so that the accurate and safe transmission of the transaction information between the security unit and the bank background system is realized, the risk of intercepting or tampering the transaction information by application software is avoided, and the accuracy and the safety of transaction processing are improved.
Although the present invention provides method steps as described in the examples or flowcharts, more or fewer steps may be included based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, apparatus (system) or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "upper", "lower", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Unless expressly stated or limited otherwise, the terms "mounted," "connected," and "connected" are intended to be inclusive and mean, for example, that they may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations. It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention is not limited to any single aspect, nor is it limited to any single embodiment, nor is it limited to any combination and/or permutation of these aspects and/or embodiments. Moreover, each aspect and/or embodiment of the present invention may be utilized alone or in combination with one or more other aspects and/or embodiments thereof.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.

Claims (10)

1. A transaction processing system, comprising: safety unit, bank backstage system and bank application software, wherein:
the bank application software is used for receiving a transaction request initiated by a client and forwarding the transaction request to the security unit; receiving a transaction request protocol returned by the security unit, and forwarding the transaction request protocol to a bank background system;
the safety unit is used for encrypting sensitive information in the transaction request according to a first secret key of the safety unit and generating a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software;
and the bank background system is used for analyzing the transaction request protocol, verifying the check code of the transaction element information in the transaction request according to the second key of the security unit, decrypting the encrypted sensitive information in the transaction request according to the first key of the security unit after the verification is passed, and processing the transaction according to the transaction request after the verification is passed and the decryption.
2. The system of claim 1, wherein the security element comprises a plurality of security elements, each security element corresponding to a first key and a second key;
the bank background system stores a first key and a second key of a plurality of security units.
3. The system of claim 1, wherein the bank back office system is further configured to: after the transaction is processed, a transaction processing result is obtained, sensitive information in the transaction processing result is encrypted according to a first secret key of the safety unit, and a check code is generated according to a second secret key of the safety unit for transaction element information in the transaction processing result; generating a transaction processing result protocol and sending the transaction processing result protocol to the bank application software according to the transaction processing result after the encryption and the check code generation and the transaction protocol format of the security unit;
the banking application software is further configured to: receiving a transaction processing result protocol returned by the bank background system, and forwarding the transaction processing result protocol to a safety unit corresponding to the transaction processing result protocol; displaying the transaction processing result after passing the verification and the decryption to the user;
the security unit is further configured to: the system is used for analyzing the transaction processing result protocol, verifying the check code of the transaction element information in the transaction processing result according to the second key of the security unit, decrypting the encrypted sensitive information in the transaction processing result according to the first key of the security unit after the verification is passed, and returning the transaction processing result after the verification is passed and the decryption to the bank application software.
4. The system of claim 1, wherein the banking application software is specifically configured to:
receiving a transaction request protocol returned by the security unit, and generating a transaction request message according to a message format corresponding to a bank background system;
and forwarding the transaction request message to a bank background system.
5. A transaction processing method, comprising:
the bank application software receives a transaction request initiated by a client and forwards the transaction request to the security unit;
the safety unit encrypts sensitive information in the transaction request according to a first secret key of the safety unit and generates a check code for transaction element information in the transaction request according to a second secret key of the safety unit; generating a transaction request protocol according to the encrypted transaction request after the check code is generated and sending the transaction request protocol to the bank application software;
the bank application software receives the transaction request protocol returned by the security unit and forwards the transaction request protocol to the bank background system;
the bank background system analyzes the transaction request protocol, verifies the check code of the transaction element information in the transaction request according to the second secret key of the security unit, decrypts the encrypted sensitive information in the transaction request according to the first secret key of the security unit after the verification is passed, and processes the transaction according to the transaction request after the verification is passed and the decryption.
6. The method of claim 5, wherein the security element comprises a plurality of security elements, each security element corresponding to a first key and a second key;
the bank background system stores a first key and a second key of a plurality of security units.
7. The method of claim 5, further comprising:
the bank background system obtains a transaction processing result after processing the transaction, encrypts sensitive information in the transaction processing result according to a first secret key of the security unit, and generates a check code for transaction element information in the transaction processing result according to a second secret key of the security unit; generating a transaction processing result protocol and sending the transaction processing result protocol to the bank application software according to the transaction processing result after the encryption and the check code generation and the transaction protocol format of the security unit;
the bank application software receives a transaction processing result protocol returned by the bank background system and forwards the transaction processing result protocol to a safety unit corresponding to the transaction processing result protocol;
the safety unit analyzes the transaction processing result protocol, verifies the check code of the transaction element information in the transaction processing result according to the second key of the safety unit, decrypts the encrypted sensitive information in the transaction processing result according to the first key of the safety unit after the verification is passed, and returns the transaction processing result after the verification is passed and the decryption to the bank application software;
and the bank application software displays the transaction processing result after the verification is passed and the decryption to the user.
8. The method of claim 5, wherein the bank application software receives the transaction request protocol returned by the security unit, and forwards the transaction request protocol to the bank background system, and the method comprises the following steps:
receiving a transaction request protocol returned by the security unit, and generating a transaction request message according to a message format corresponding to a bank background system;
and forwarding the transaction request message to a bank background system.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 5 to 8 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any of claims 5 to 8.
CN202110619885.3A 2021-06-03 2021-06-03 Transaction processing system and method Pending CN113205337A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110619885.3A CN113205337A (en) 2021-06-03 2021-06-03 Transaction processing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110619885.3A CN113205337A (en) 2021-06-03 2021-06-03 Transaction processing system and method

Publications (1)

Publication Number Publication Date
CN113205337A true CN113205337A (en) 2021-08-03

Family

ID=77024111

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110619885.3A Pending CN113205337A (en) 2021-06-03 2021-06-03 Transaction processing system and method

Country Status (1)

Country Link
CN (1) CN113205337A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114297307A (en) * 2021-12-30 2022-04-08 中国南方电网有限责任公司 Data synchronization method and device, computer equipment and storage medium
CN115189945A (en) * 2022-07-07 2022-10-14 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN115293767A (en) * 2022-07-26 2022-11-04 北京科蓝软件系统股份有限公司 Safety verification method and system for digital currency exchange of high-cabinet of bank

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1677409A (en) * 2004-04-02 2005-10-05 华为技术有限公司 Method and system for delivering trade information through mobile network
CN101593325A (en) * 2008-05-29 2009-12-02 北京方维银通科技有限公司 Secure processing method for financial transaction data, payment platform, portable terminal and system
CN102254264A (en) * 2011-08-17 2011-11-23 广州广电运通金融电子股份有限公司 Security control method and security control system of mobile payment
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
CN104318436A (en) * 2014-10-21 2015-01-28 上海鹏逸电子商务有限公司 Safety payment method and system based on mobile terminal and mobile terminal
CN104835038A (en) * 2015-03-30 2015-08-12 恒宝股份有限公司 Networking payment device and networking payment method
CN104881782A (en) * 2015-05-11 2015-09-02 福建联迪商用设备有限公司 Method, system, and client based on secure transaction
CN107688998A (en) * 2017-09-29 2018-02-13 杭州京歌科技有限公司 Method of commerce and system based on banking system
CN111127014A (en) * 2019-12-25 2020-05-08 中国银联股份有限公司 Transaction information processing method, server, user terminal, system and storage medium
CN112508579A (en) * 2020-11-26 2021-03-16 金邦达有限公司 Transaction verification system and verification method thereof

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1677409A (en) * 2004-04-02 2005-10-05 华为技术有限公司 Method and system for delivering trade information through mobile network
CN101593325A (en) * 2008-05-29 2009-12-02 北京方维银通科技有限公司 Secure processing method for financial transaction data, payment platform, portable terminal and system
CN102254264A (en) * 2011-08-17 2011-11-23 广州广电运通金融电子股份有限公司 Security control method and security control system of mobile payment
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
CN104318436A (en) * 2014-10-21 2015-01-28 上海鹏逸电子商务有限公司 Safety payment method and system based on mobile terminal and mobile terminal
CN104835038A (en) * 2015-03-30 2015-08-12 恒宝股份有限公司 Networking payment device and networking payment method
CN104881782A (en) * 2015-05-11 2015-09-02 福建联迪商用设备有限公司 Method, system, and client based on secure transaction
CN107688998A (en) * 2017-09-29 2018-02-13 杭州京歌科技有限公司 Method of commerce and system based on banking system
CN111127014A (en) * 2019-12-25 2020-05-08 中国银联股份有限公司 Transaction information processing method, server, user terminal, system and storage medium
CN112508579A (en) * 2020-11-26 2021-03-16 金邦达有限公司 Transaction verification system and verification method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114297307A (en) * 2021-12-30 2022-04-08 中国南方电网有限责任公司 Data synchronization method and device, computer equipment and storage medium
CN115189945A (en) * 2022-07-07 2022-10-14 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN115189945B (en) * 2022-07-07 2024-05-17 中国工商银行股份有限公司 Transaction request verification method and device, electronic equipment and readable storage medium
CN115293767A (en) * 2022-07-26 2022-11-04 北京科蓝软件系统股份有限公司 Safety verification method and system for digital currency exchange of high-cabinet of bank
CN115293767B (en) * 2022-07-26 2023-03-07 北京科蓝软件系统股份有限公司 Safety verification method and system for digital currency exchange of high-cabinet of bank

Similar Documents

Publication Publication Date Title
CN103716322B (en) Secret key download method, management method, download management method, secret key download device, secret key management device and secret key download management system
CN103716321B (en) A kind of terminal master key TMK safety downloading method and systems
CN103714642B (en) Key downloading method, management method, downloading management method and device and system
CN107248075B (en) Method and device for realizing bidirectional authentication and transaction of intelligent key equipment
CN113205337A (en) Transaction processing system and method
CN103237004A (en) Key download method, key management method, method, device and system for download management
CN103716168A (en) Secret key management method and system
WO2011082082A1 (en) System and method for securing data
CN112202557B (en) Encryption method, device, equipment and storage medium based on key update distribution
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN114499875B (en) Service data processing method, device, computer equipment and storage medium
CN100583174C (en) Data safety processing method using online banking system safety terminal
CN113421092A (en) Block chain system, client and storage system and method of transaction data
CN112865965B (en) Train service data processing method and system based on quantum key
CN200993803Y (en) Internet banking system safety terminal
CN115276978A (en) Data processing method and related device
CN112910641B (en) Verification method and device for cross-link transaction supervision, relay link node and medium
CN116861461A (en) Data processing method, system, device, storage medium and electronic equipment
CN115883078A (en) File encryption method, file decryption method, file encryption device, file decryption equipment and storage medium
CN109146476A (en) A kind of method of payment, server-side, application end and payment system
CN114462072A (en) Privacy data protection system and method
CN115456615A (en) Processing method, control device and storage medium for data secure transmission
CN117932565A (en) Authorization control method and system based on asymmetric cryptosystem
CN116743375A (en) Key transmission method, device, equipment and storage medium
CN115601033A (en) Data processing method, device and equipment based on finite-state machine and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination