CN114511328A - Information marking system and payment marking method based on cloud computing - Google Patents
Information marking system and payment marking method based on cloud computing Download PDFInfo
- Publication number
- CN114511328A CN114511328A CN202111638758.4A CN202111638758A CN114511328A CN 114511328 A CN114511328 A CN 114511328A CN 202111638758 A CN202111638758 A CN 202111638758A CN 114511328 A CN114511328 A CN 114511328A
- Authority
- CN
- China
- Prior art keywords
- token
- information
- marking
- module
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 13
- 230000008569 process Effects 0.000 claims description 19
- 238000012954 risk control Methods 0.000 claims description 16
- 238000012508 change request Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 5
- 239000003550 marker Substances 0.000 claims description 4
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 230000009467 reduction Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 2
- 238000000586 desensitisation Methods 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 39
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000008186 active pharmaceutical agent Substances 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000007474 system interaction Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Bioethics (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an information marking system and a payment marking method based on cloud computing, wherein the information marking system comprises a marking module for marking data, a domain control management module for verifying the effectiveness of a token and a de-marking module for restoring marked data, when the information marking system receives a marking application, the marking module can output the token according to a preset token generation rule and replace original data in the marking application with the token; when the information marking system receives the mark restoration application, the domain control management module can verify the validity of the token in the mark restoration application and output a verification result, wherein the verification result is valid or invalid; when the information marking system receives the mark restoration application, if the domain control management module is effective to the check result of the token in the mark restoration application, the unmarked module can output the original data corresponding to the token. The invention provides marking and de-marking services, which can cope with any scene needing desensitization to sensitive data.
Description
Technical Field
The invention relates to the field of information marking, in particular to an information marking system and a payment marking method based on cloud computing.
Background
In recent years, sensitive data such as bank card numbers and the like in the global range are frequently revealed, and fraudulent transactions are greatly increased. With the rapid development of mobile internet and payment industry, card-free payment such as mobile payment, biological payment, gateway payment and the like has become a mainstream payment mode in China, and is popular with the majority of users by virtue of the characteristics of convenience, rapidness, good experience and the like. However, the problem also comes along, the cardless payment belongs to cardless transaction, no authorization ciphertext is generated during the transaction, if sensitive information such as card numbers is leaked, how to verify the transaction validity of a card issuing bank is also performed, although the traditional encryption mode can be realized, all links related to the transaction flow need to be modified, the period is long, the cost is high, and the user experience is also influenced.
In 2016, notification about further enhanced bank card risk management was issued by the people's bank, specifically asking for: from 2016, 12, 1, commercial banks and payment institutions need to use a payment marking technology to desensitize information such as bank card numbers, card verification codes and payment institution payment accounts, and information leakage and fraud transaction risks are controlled from sources. Later, many documents published by people's bank all require "commercial banks should use payment tokenization technology" three more. It can be seen that the public bank pays high attention to protection of sensitive information such as card number (account number) of bank card, and the payment marking technology is the best technical means for solving the problem of verification of card-free transaction determined by the public bank.
The payment marking technology is a latest technology formally released in 2014 by EMVCo (international chip card standardization organization). The principle is to use a unique value (i.e. the payment Token) instead of the traditional bank card number (PAN) for transaction verification, while ensuring that the range of application of the value is restricted to a particular merchant, channel or device. The payment tag can be applied to all links of bank card transaction, and can be used across lines in the industry as the existing transaction based on the bank card number. Not only can desensitize, but also does not reduce the usability, and can ensure the customer experience, so the method has received wide attention of financial institutions once released.
There are two ways of desensitizing data based on encryption and concealment. The encryption is that sensitive information plaintext is encrypted into ciphertext by adopting a corresponding encryption algorithm, and the ciphertext is decrypted into plaintext at a node needing to use the plaintext, wherein the ciphertext is a string of irregular character combinations, the encryption mode is wide in modification range, all involved links are modified, and the ciphertext is a string of messy code display and affects the customer experience. The hiding is that when the sensitive information is displayed, partial bits of the sensitive information are replaced by a star mark and the like, the sensitive information is not completely displayed, but the sensitive information in the clear text is still transmitted in the transmission process between the systems, because the hiding only carries out desensitization processing on the data when the sensitive information is displayed, but does not carry out desensitization on the data when the sensitive information is transmitted between the systems. Thus, neither of these approaches is the best option to address desensitization of sensitive data.
Disclosure of Invention
The invention aims to provide an information marking system and a payment marking method based on cloud computing, which can realize sensitive data protection.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
an information tagging system based on cloud computing, the information tagging system comprising:
the system comprises a marking module, a data processing module and a data processing module, wherein the marking module is configured to mark data, when the information marking system receives a marking application, the marking module can output a token according to a preset token generation rule and replace original data in the marking application with the token;
the domain control management module is configured to be capable of verifying the validity of the token, and when the information marking system receives a marker restoration application, the domain control management module is capable of verifying the validity of the token in the marker restoration application and outputting a verification result, wherein the verification result is valid or invalid;
the unmarked module is configured to restore marked data, and when the information marking system receives a mark restoration application, if a check result of the token in the mark restoration application by the domain control management module is valid, the unmarked module can output original data corresponding to the token.
Further, the token generation rule includes: the generated token includes a part of the original data corresponding to itself.
Further, the token's effectiveness includes age and/or quota of use and/or channel of use and/or number of uses.
Further, the tokenization module is also configured to be capable of making token information change, and when the information tagging system receives a token information change request, the tokenization module is capable of replacing a token in the token information change request and/or original data corresponding to the token;
the tokenization module is further configured to enable token information query and/or token declaration period management.
Further, the mark application, the mark restoration application and the token information change request all originate from external service requesters, and the service requesters comprise personal electronic channels and/or enterprise electronic channels and/or payment systems and/or IBPS and/or internet and/or open banks.
Further, the unmarked module is further configured to enable token risk notification and/or token reduction queries.
Further, the information marking system further comprises a risk control module, wherein the risk control module is configured to carry out risk control on the process of processing the marking application and/or the marking restoration application by the information marking system;
the risk control module is also in communication connection with an external telecommunication fraud system and/or a big data anti-fraud platform.
Further, the domain control management module is also configured to be capable of performing TR registration and/or TR audit and/or TR information maintenance and/or TR domain control management and/or channel management and/or scenario management and/or domain control information query.
Further, the information marking system also comprises a system management module and a bypass service module, wherein the system management module is configured to be capable of UAS authentication synchronization and/or basic parameter management and/or dictionary management and/or timing task management and/or transaction monitoring and/or data source monitoring and/or log monitoring; the bypass service module is configured to enable application marking and/or recovery marking and/or marking bypass and/or bypass transaction queries.
A payment signing method based on the above-mentioned information signing system, through which an external service requester processes payment traffic, the payment signing method comprising: responding to the fact that a service requester acquires the token, the service requester sends the token to an information marking system, the information marking system restores the token into original data and sends the original data to the service requester, and the service requester can perform subsequent payment business according to the original data.
The invention has the advantages that: the Token replaces the original element, namely the original data, can generate the Token which is very similar to the original element, is summarized as 'false body which is very similar to the true body', further can continuously keep some characteristics of the original element according to the actual situation, does not influence the customer experience during the display, and is helpful to prevent the sensitive information leakage in the transmission process by using the Token in the transmission process.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a payment token method provided by an embodiment of the present invention;
FIG. 2 is a block diagram of an information tagging system according to an embodiment of the present invention;
FIG. 3 is a functional block diagram of an information tagging system provided by an embodiment of the present invention;
FIG. 4 is a functional block diagram of common technology components of a central office provided by an embodiment of the present invention;
FIG. 5 is a functional block diagram of a tokenization module provided by an embodiment of the invention;
FIG. 6 is a functional block diagram of a de-tokenization module provided by an embodiment of the invention;
fig. 7 is a schematic block diagram of a domain control management module according to an embodiment of the present invention;
FIG. 8 is a functional block diagram of a risk control module provided by an embodiment of the present invention;
FIG. 9 is a functional block diagram of a system management module provided by an embodiment of the present invention;
FIG. 10 is a functional block diagram of a bypass service module provided by an embodiment of the present invention;
fig. 11 is an architecture diagram of an information marking system provided by an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood and more clearly understood by those skilled in the art, the technical solutions of the embodiments of the present invention will be described below in detail and completely with reference to the accompanying drawings. It should be noted that the implementations not shown or described in the drawings are in a form known to those of ordinary skill in the art. Additionally, while exemplifications of parameters including particular values may be provided herein, it is to be understood that the parameters need not be exactly equal to the respective values, but may be approximated to the respective values within acceptable error margins or design constraints. It is to be understood that the described embodiments are merely exemplary of a portion of the invention and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. In addition, the terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In an embodiment of the present invention, a cloud computing-based information marking system, that is, a TSP system is provided, and the TSP system is based on a cloud computing platform, and the specific architecture diagram of the TSP system is shown in fig. 11, as shown in fig. 3, where the information marking system includes a marking module, a domain control management module, and a de-marking module. The tokenization module is configured to be capable of signing data, the domain control management module is configured to be capable of checking the validity of token, and the de-tokenization module is configured to be capable of restoring the signed data.
When the information marking system receives a marking application, the marking module can output a token according to a preset token generation rule and replace original data in the marking application with the token; when the information marking system receives the mark restoration application, the domain control management module can verify the validity of the token in the mark restoration application and output a verification result, wherein the verification result is valid or invalid; when the information marking system receives the mark restoration application, if the domain control management module is effective to the check result of the token in the mark restoration application, the unmarked module can output the original data corresponding to the token.
According to the TSP system, the marks can be divided into types such as payment marks, account marks, signing marks, authorization marks, identity marks and the like according to the use purpose, so that the use scenes of the marks are greatly expanded, and the sensitive information protection under various types and scenes can be met.
Specifically, the labeling application process includes: the method comprises the steps that a mark requester system, namely a service requester, namely a mark requester TR applies for registration to a TSP system, sensitive information needing to be marked is sent to the TSP system after registration, the TSP system generates tokens for the sensitive information according to the type of an application mark and the rule of the corresponding type in the TSP system, and domain control information, such as the use time, the limit, the use channel, the use times and the like of the tokens are sent when application is carried out, and domain control check is carried out when the tokens are removed. When applying for the mark, a risk control module is butted, and risk control can be carried out on the mark application process. And (3) a label removing process: after sensitive data are marked with tokens, the tokens are all transmitted in a scene by using the tokens, when the tokens need to be unmarked, a unmarked request system sends the tokens to a TSP system to apply for restoring the tokens, the TSP carries out domain control verification on the tokens, after the domain control verification passes, real data are returned to the request system, and the request system takes the restored data to carry out subsequent service logic operation.
As shown in fig. 2, the mark application and the mark restoration application are both originated from an external service requester, i.e. a mark requester system, i.e. a mark requester TR, and the service requester includes a personal electronic channel and/or a business electronic channel and/or a payment system and/or an IBPS and/or an internet and/or an open bank, which is not intended to limit the scope of the present invention.
In one embodiment of the invention, token generation rules include: the generated token includes a part of the original data corresponding to itself. the token generation rule can be configured in the TSP system, for example, a card number (16 bits) is marked, the rule can be set as a card handle (6 bits) + currency (2 bits) + a random part (6 bits) + a check bit (2 bits), the rule is that the token is consistent with the card handle of the original element, a false body much like a real body is generated, and the token generation rule has the advantages that other systems can still identify the token of the line through the card handle when interacting with other peripheral systems, such as a unionpay scene, and compatibility is achieved. In addition, the effectiveness of the token includes the age and/or quota of use and/or channel of use and/or number of uses, which is not intended to limit the scope of the present invention.
In an embodiment of the present invention, the tokenization module is further configured to enable token information change, and when the information tagging system receives a token information change request, the tokenization module is capable of replacing a token in the token information change request and/or original data corresponding to the token. Specifically, when an external service requester sends a token information change request to the information marking system, if the token information change request includes a change token, the tokenization module adjusts the token accordingly; if the token is required to be changed due to the change of the original data, when a token information change request is provided, the tokenization module correspondingly adjusts the token and the original data corresponding to the token.
In one embodiment of the present invention, as shown in fig. 3 and 4, the information tagging system further comprises a central platform common technology component and a risk control module; as shown in fig. 5, the tokenization module is further configured to enable token information query and/or token declaration period management; as shown in fig. 6, the unmarked module is further configured to enable token risk notification and/or token reduction queries; as shown in fig. 7, the domain control management module is further configured to enable TR registration and/or TR audit and/or TR information maintenance and/or TR domain control management and/or channel management and/or scenario management and/or domain control information query; as shown in fig. 8, the risk control module is configured to perform risk control on the process of processing the tag application and/or tag recovery application by the information tagging system, and at the same time, the risk control module is further communicatively connected with an external telecommunication fraud system and/or a big data anti-fraud platform for risk sharing; as shown in fig. 9, the system management module is configured to enable UAS authentication synchronization and/or basic parameter management and/or dictionary management and/or timed task management and/or transaction monitoring and/or data source monitoring and/or log monitoring; as shown in fig. 10, the bypass service module is configured to enable application marking and/or restoration marking and/or marking bypass and/or bypass transaction queries.
In one embodiment of the present invention, the TSP system is a system for providing a full-line mark-up service, as shown in fig. 2, and is divided into a front end and a back end:
(1) TSP front end: after logging in a unified authority authentication system (UAS), a service technician enters a TSP system service management subsystem for operation, such as system management, parameter setting, query statistics and the like.
(2) TSP background: the method comprises 8 micro services of system management, web service, marking, de-marking, risk control, domain control management, data preparation, large-screen display and the like; the system management realizes user authority authentication and single sign-on to a unified authority authentication system (UAS) in the docking line.
In this embodiment, the present TSP system is used in conjunction with an external tag service requester (TR) and a wind control system:
(1) tag service requestor (TR): requesting parties needing marking service inside and outside lines, such as electronic channels, payment systems, open banks and the like; and the required marking service is realized through related API interfaces such as marking and de-marking provided by the TSP.
(2) The wind control system comprises: systems related to the existing wind control system in the industry, such as a telecommunication fraud system, a big data anti-fraud platform and the like; and the TSP queries API interfaces such as pushing, risk data synchronization and the like through a blacklist, and shares fraud information and risk information.
In this embodiment, the TSP system includes service management, TR management, token management, risk control, identity authentication, domain control, guarantee level, data preparation, and system management, and each function module is shown in the following table:
in an embodiment of the present invention, there is provided a payment token method based on the above-mentioned information token system, by which an external service requester processes payment traffic, the payment token method including: and responding to the acquisition of the token by the service requester, and sending the token to the information marking system by the service requester, so that the token is restored into original data by the information marking system and sent to the service requester, and the service requester can perform subsequent payment service according to the original data.
Specifically, as shown in fig. 1, the mark application process: the method comprises the steps that a mark requester system, namely a service requester, namely a mark requester TR sends original element information needing to be marked to a mark service provider system TSP, namely an information marking system, the mark server TR marks the original element information according to the information type of the original element needing to be marked at present and a corresponding token generation rule, the token is returned to the mark requester system after marking is finished, and the token is returned to an APP by the mark requester system for use.
As shown in fig. 1, the token transaction process, i.e. the payment process: in a payment scene, a user presents a payment code to a merchant, the merchant acquires a token and transmits the token in the transmission process, when an acquirer system transfers a payment request to a bank for clearing, a clearing system sends the token to an information marking system, a domain control management module of the information marking system verifies the validity of the token and then carries out de-marking processing, and then the token is restored to an original element, namely original data, namely a real account or a card number, and is returned to the clearing system for subsequent clearing operation.
The idea of the embodiment of the payment marking method and the working process of the information marking system in the embodiment belong to the same idea, and the whole content of the embodiment of the information marking system is incorporated into the embodiment of the payment marking method in a full-text reference manner and is not described again.
The invention adopts the payment marking technology, and can completely solve the problems in the prior art through the information marking system in the self-built line, namely the TSP system. The TSP system can be used in any scene needing desensitization to sensitive data, and a marking and unmarking process is completed along with the scene. In the process of self-establishing the TSP system, the payment mark can be divided into types such as a payment mark, an account mark, a signing mark, an authorization mark, an identity mark and the like according to the use purpose, and the use scene of the payment mark is expanded.
The self-built TSP system can provide services for other systems, serves as an infrastructure, is based on a cloud computing platform, meets the characteristics of high availability, high concurrency, high performance and the like, adopts a multi-center multi-activity architecture, provides 7 x 24 continuous services, ensures the continuity of services, and can be used in industries in a cross-line mode as payment marks can be applied to various links under various transaction scenes, and the payment marks are the same as the conventional transactions based on sensitive information plaintext. The data security of the whole system interaction process can be met by the TSP system which is low in modification cost and easy to access.
The above description is only for the preferred embodiment of the present invention and is not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes that can be directly or indirectly applied to other related technical fields using the contents of the present specification and the accompanying drawings are included in the scope of the present invention.
Claims (10)
1. An information tagging system based on cloud computing, the information tagging system comprising:
the system comprises a marking module, a data processing module and a data processing module, wherein the marking module is configured to mark data, when the information marking system receives a marking application, the marking module can output a token according to a preset token generation rule and replace original data in the marking application with the token;
the domain control management module is configured to be capable of verifying the validity of the token, and when the information marking system receives a marker restoration application, the domain control management module is capable of verifying the validity of the token in the marker restoration application and outputting a verification result, wherein the verification result is valid or invalid;
the unmarked module is configured to restore marked data, and when the information marking system receives a mark restoration application, if a check result of the token in the mark restoration application by the domain control management module is valid, the unmarked module can output original data corresponding to the token.
2. The information tagging system of claim 1, wherein the token generation rule comprises: the generated token includes a part of the original data corresponding to itself.
3. The information tagging system of claim 1 wherein the validity of the token comprises age of use and/or quota of use and/or channel of use and/or number of uses.
4. The information tagging system of claim 1, wherein the tokenization module is further configured to enable token information change, and when the information tagging system receives a token information change request, the tokenization module is capable of replacing a token in the token information change request and/or raw data corresponding to the token;
the tokenization module is further configured to enable token information query and/or token declaration period management.
5. The information tagging system of claim 4 wherein the tagging application, the tagging restoration application, and the token information change request all originate from external service requesters, including personal electronic channels and/or business electronic channels and/or payment systems and/or IBPS and/or internetworking and/or open banks.
6. The information tagging system of claim 1, wherein the de-tagging module is further configured to enable token risk notification and/or token reduction queries.
7. The information tagging system of claim 1 further comprising a risk control module configured to enable risk control of a process of the information tagging system processing the tag application and/or the tag restore application;
the risk control module is also in communication connection with an external telecommunication fraud system and/or a big data anti-fraud platform.
8. The information tagging system of claim 1 wherein the domain control management module is further configured to enable TR registration and/or TR auditing and/or TR information maintenance and/or TR domain control management and/or channel management and/or scenario management and/or domain control information querying.
9. The information tagging system of claim 1 further comprising a system management module and a bypass service module, the system management module being configured to enable UAS authentication synchronization and/or base parameter management and/or dictionary management and/or timed task management and/or transaction monitoring and/or data source monitoring and/or log monitoring; the bypass service module is configured to enable application marking and/or recovery marking and/or marking bypass and/or bypass transaction queries.
10. A payment token method based on the information token system of claim 1, wherein an external service requester processes payment traffic through the payment token method, the payment token method comprising: responding to the fact that a service requester acquires the token, the service requester sends the token to an information marking system, the information marking system restores the token into original data and sends the original data to the service requester, and the service requester can perform subsequent payment business according to the original data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111638758.4A CN114511328A (en) | 2021-12-29 | 2021-12-29 | Information marking system and payment marking method based on cloud computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111638758.4A CN114511328A (en) | 2021-12-29 | 2021-12-29 | Information marking system and payment marking method based on cloud computing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114511328A true CN114511328A (en) | 2022-05-17 |
Family
ID=81548797
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111638758.4A Pending CN114511328A (en) | 2021-12-29 | 2021-12-29 | Information marking system and payment marking method based on cloud computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114511328A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105528695A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Tag-based mobile payment method and mobile payment system |
CN105608568A (en) * | 2016-02-26 | 2016-05-25 | 上海易码信息科技有限公司 | Device integrating functions of finance card payment and settlement and finance card payment and settlement method |
CN105654299A (en) * | 2015-12-31 | 2016-06-08 | 深圳前海微众银行股份有限公司 | Mobile payment method, and cloud payment platform and system |
CN106503993A (en) * | 2016-10-26 | 2017-03-15 | 中国银联股份有限公司 | Based on the method for payment and its system that pay labelling realization |
CN106779698A (en) * | 2016-11-17 | 2017-05-31 | 飞天诚信科技股份有限公司 | A kind of distribution for paying mark and its safe payment method, system and device |
CN109034818A (en) * | 2018-06-19 | 2018-12-18 | 阿里巴巴集团控股有限公司 | The method and device for generating payment label, being verified using payment label |
CN110189136A (en) * | 2019-05-20 | 2019-08-30 | 中国银联股份有限公司 | Transaction processing method, device, equipment, medium and system |
CN110414982A (en) * | 2019-07-10 | 2019-11-05 | 武汉城市一卡通有限公司 | A kind of all-purpose card method of commerce and system |
-
2021
- 2021-12-29 CN CN202111638758.4A patent/CN114511328A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105528695A (en) * | 2014-09-28 | 2016-04-27 | 中国银联股份有限公司 | Tag-based mobile payment method and mobile payment system |
CN105654299A (en) * | 2015-12-31 | 2016-06-08 | 深圳前海微众银行股份有限公司 | Mobile payment method, and cloud payment platform and system |
CN105608568A (en) * | 2016-02-26 | 2016-05-25 | 上海易码信息科技有限公司 | Device integrating functions of finance card payment and settlement and finance card payment and settlement method |
CN106503993A (en) * | 2016-10-26 | 2017-03-15 | 中国银联股份有限公司 | Based on the method for payment and its system that pay labelling realization |
CN106779698A (en) * | 2016-11-17 | 2017-05-31 | 飞天诚信科技股份有限公司 | A kind of distribution for paying mark and its safe payment method, system and device |
CN109034818A (en) * | 2018-06-19 | 2018-12-18 | 阿里巴巴集团控股有限公司 | The method and device for generating payment label, being verified using payment label |
CN110189136A (en) * | 2019-05-20 | 2019-08-30 | 中国银联股份有限公司 | Transaction processing method, device, equipment, medium and system |
CN110414982A (en) * | 2019-07-10 | 2019-11-05 | 武汉城市一卡通有限公司 | A kind of all-purpose card method of commerce and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
US20180268407A1 (en) | Apparatus and method for payment authorization and authentication based tokenization | |
US20210352071A1 (en) | Systems and methods for third-party interoperability in secure network transactions using tokenized data | |
CN108476227A (en) | System and method for equipment push supply | |
CA2914956C (en) | System and method for encryption | |
CN107230050B (en) | Method and system for paying digital currency based on visible digital currency chip card | |
KR20100072104A (en) | Mobile account authentication service | |
CN102238193A (en) | Data authentication method and system using same | |
CN102611702B (en) | A kind of system and method ensureing safety of network trade | |
CN107240010B (en) | Method and system for transferring digital currency to digital currency chip card | |
US20200126072A1 (en) | Systems and methods for substitute controlled-use tokens in secure network transactions | |
US20190325434A1 (en) | System and Method for Determining a Secured Resource Account Number | |
Christodorescu et al. | Towards a two-tier hierarchical infrastructure: an offline payment system for central bank digital currencies | |
US20190362093A1 (en) | Computer-implemented method of transferring a data string from an application to a data protection device | |
CN106980977A (en) | Payment system and its Payment Card based on Internet of Things | |
CN102724180A (en) | Method and system for preventing signature information of universal serial bus (USB) key from being falsified | |
CN111222875A (en) | Dynamic verification method and system for card transaction | |
CN203786773U (en) | Mobile payment service platform | |
CN102609842A (en) | Payment cipher device based on hardware signature equipment, and application method of payment cipher device | |
CN114511328A (en) | Information marking system and payment marking method based on cloud computing | |
KR101049556B1 (en) | Method and system for payment of school expenses through electronic voucher and recording medium therefor | |
Jin et al. | Research on WAP clients supports SET payment protocol | |
CN110914847B (en) | System and method for conducting transactions using a proxy PIN | |
EP3035270A1 (en) | Card-based offline token generation | |
KR101171798B1 (en) | System and method for electronic payment in electronic commerce, and recording medium used thereto |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |