CN114978727A - Business processing method, device, medium and program product based on password transformation - Google Patents

Business processing method, device, medium and program product based on password transformation Download PDF

Info

Publication number
CN114978727A
CN114978727A CN202210588258.2A CN202210588258A CN114978727A CN 114978727 A CN114978727 A CN 114978727A CN 202210588258 A CN202210588258 A CN 202210588258A CN 114978727 A CN114978727 A CN 114978727A
Authority
CN
China
Prior art keywords
password
transformation
value
service processing
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210588258.2A
Other languages
Chinese (zh)
Inventor
雷雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210588258.2A priority Critical patent/CN114978727A/en
Publication of CN114978727A publication Critical patent/CN114978727A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the specification provides a business processing method, a business processing device, a business processing medium and a program product based on password transformation, and is applied to the technical field of information security. The method comprises the following steps: receiving a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user; extracting a first cryptographic value corresponding to the target user; calculating the service processing password according to the first password transformation value and a password transformation function to obtain a temporary password; processing the first cryptographically transformed value based on a modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value; and sending the target service and the temporary password to a server. The method ensures that the temporary passwords are different every time, improves the difficulty of cracking the temporary passwords by lawbreakers, obviously improves the safety of the transmitted password values and ensures the information safety of users.

Description

Business processing method, device, medium and program product based on password transformation
Technical Field
The embodiments of the present disclosure relate to the field of information security technologies, and in particular, to a method, an apparatus, a medium, and a program product for processing a service based on cryptographic transformation.
Background
With the development of the internet, different industries are also fused with the internet to achieve better development. Among them, online service processing can achieve effects such as online transaction based on the internet, and is a hot spot in current development. When online business processing, especially online financial payment, is performed, a user is often required to input a corresponding password to complete electronic payment. Because the process designs the transmission of the password between the front-end equipment and the background verification equipment, when lawbreakers intercept the transmitted data, the password can be directly acquired, thereby generating greater threats to the information security and property security of users.
At present, in order to ensure the security of information transmission, especially password transmission, a password is generally encrypted by using a secret key, so that the transmitted password is encrypted, and a lawbreaker cannot directly obtain a real password. However, because the encryption process is fixed, after a lawless person intercepts a certain amount of data, the lawless person can easily determine the encryption rule, so that the encrypted password is cracked, and the threat to the user information security still exists. Therefore, there is a need for a method for improving security of a transmitted password in a service processing process.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a service processing method, device, storage medium and program product based on password transformation, so as to solve the problem of how to ensure the security of a password sent in a service processing process.
In order to solve the above technical problem, an embodiment of the present specification provides a service processing method based on cryptographic transformation, which is applied to a front-end device; the method comprises the following steps: receiving a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user; extracting a first cryptographic value corresponding to the target user; calculating the service processing password according to the first password transformation value and a password transformation function to obtain a temporary password; processing the first cryptographically transformed value based on a modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value; sending the target service and the temporary password to a server so that the server obtains a service processing password according to a password transformation function, the temporary password and a first password transformation value, and processing the target service after verifying the service processing password; and the server processes the first password transformation value based on a modification function after acquiring the service processing password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
The embodiment of the present specification further provides a service processing method based on password transformation, which is applied to a server; the method comprises the following steps: receiving a target service and a temporary password which are sent by front-end equipment and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the service processing password according to the first password transformation value and the password transformation function; the service processing password is input into the front-end equipment by a user; the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value; obtaining a first cryptographic transformation value, a cryptographic transformation function and a modification function corresponding to the target user; calculating a service processing password according to the first password transformation value, the password transformation function and the temporary password; processing the first cryptographically transformed value based on the modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value; checking the service processing password; and processing the target service under the condition that the service processing password passes the verification.
The embodiment of the present specification further provides a service processing apparatus based on password transformation, which is arranged in the front-end device; the method comprises the following steps: a service processing request receiving module, configured to receive a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user; a first cryptographic value extraction module for extracting a first cryptographic value corresponding to the target user; the temporary password calculation module is used for calculating the service processing password according to the first password transformation value and the password transformation function to obtain a temporary password; the second password transformation value replacing module is used for processing the first password transformation value based on a modification function to obtain a second password transformation value and replacing the first password transformation value with the second password transformation value; the sending module is used for sending the target service and the temporary password to a server so that the server can obtain a service processing password according to a password transformation function, the temporary password and a first password transformation value, and the target service is processed after the service processing password is verified; and after the server acquires the service processing password, processing the first cryptographic transformation value based on a modification function to obtain a second cryptographic transformation value, and replacing the first cryptographic transformation value with the second cryptographic transformation value.
The embodiment of the present specification further provides a service processing device based on password transformation, which is arranged in the server; the device comprises: the receiving module is used for receiving a target service and a temporary password which are sent by the front-end equipment and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the service processing password according to the first password transformation value and the password transformation function; the business processing password is input into the front-end equipment by a user; the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value; a function obtaining module, configured to obtain a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the target user; the business processing password calculation module is used for calculating a business processing password according to the first password transformation value, the password transformation function and the temporary password; the first password transformation value processing module is used for processing the first password transformation value based on the modification function to obtain a second password transformation value and replacing the first password transformation value with the second password transformation value; the verification module is used for verifying the service processing password; and the target service processing module is used for processing the target service under the condition that the service processing password passes the verification.
Embodiments of the present specification also provide a computer-readable storage medium, on which a computer program/instruction is stored, where the computer program/instruction, when executed by a processor, implements the service processing method based on cryptographic transformation.
Embodiments of the present specification further provide a computer program product, which includes a computer program/instruction, and when executed by a processor, the computer program/instruction implements the service processing method based on cryptographic transformation.
As can be seen from the technical solutions provided in the embodiments of the present specification, after the front-end device acquires the service processing password, the service processing password is converted based on the first password conversion value to obtain the temporary password, and what is sent to the server is the temporary password. Correspondingly, the server can perform inverse transformation on the temporary password according to the first password transformation value to obtain a real service processing password for verification, so that the condition that the service processing password is not transmitted directly is ensured. In addition, the front-end equipment and the server process the first password transformation value to obtain a second password transformation value after utilizing the first password transformation value in each business processing process, and replace the first password transformation value with the second password transformation value, so that the processing results of the business processing passwords at each time are different, even if lawless persons intercept the temporary passwords, the temporary passwords cannot be cracked, the safety of the transmitted password values is obviously improved, and the information and property safety of users is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the specification, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a block diagram of a service processing system based on cryptographic transformation according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a service processing method based on cryptographic transformation according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a service processing method based on cryptographic transformation according to an embodiment of the present disclosure;
fig. 4 is a flowchart of a service processing method based on cryptographic transformation according to an embodiment of the present disclosure;
FIG. 5 is a block diagram of a business processing apparatus based on cryptographic transformation according to an embodiment of the present disclosure;
fig. 6 is a block diagram of a service processing apparatus based on cryptographic transformation according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort shall fall within the protection scope of the present specification.
In order to better understand the inventive concept of the present application, a service processing system based on cryptographic transformation in the embodiment of the present specification is first introduced. As shown in fig. 1, the business processing system 100 based on the cryptographic transformation includes a front-end device 110 and a server 120.
The front-end 110 may interact with the user, receive user selections for different services, and receive user entered passwords. The front-end device 110 stores therein a first cryptographic transformation value, a cryptographic transformation function, and a modification function, and changes a password input by a user or the stored first cryptographic transformation value based on the stored function. The front-end device 110 may also communicate with the server 120 to send corresponding service information and password values.
The server 120 may receive corresponding information transmitted by the front-end device 110, including service information, a password, and the like, based on communication with the front-end device 110. The server 120 may also have stored therein in advance a first cryptographic value, a cryptographic transformation function and a modification function, and the stored values correspond to the functions and stored in the front-end device 110. The server 120 may compute the received password based on the stored function to obtain the true password value. Correspondingly, the server 120 may also check the password value, and implement processing on the received service if the check is passed.
It should be noted that fig. 1 only exemplarily shows a scenario of interaction between a front-end device and a server, and in practical applications, the number of the front-end device and the server is not limited, for example, one server may communicate with multiple front-end devices.
For the service processing system based on the cryptographic transformation, an embodiment of the present specification provides a service processing method based on the cryptographic transformation. The execution main body of the business processing method based on the password transformation is the business processing system based on the password transformation. As shown in fig. 2, the service processing method based on the cryptographic transformation may include the following implementation steps.
S210: the front-end equipment receives a service processing request of a target user.
The service processing request is a request submitted by a target user based on interaction with the front-end equipment. For example, when a user needs to complete a transfer service, the mobile banking APP may be opened, after the transfer option is clicked, information such as a card number, a transfer amount, an account password and the like may be input, and the mobile banking APP may generate a service processing request according to the input card number, transfer amount and account password, where the card number and transfer amount constitute specific content of a target service.
The target service may be a specific service type and service information input by the target user, for example, based on the above example, when the target service is a transfer service, the service type is the transfer service, and the service information includes information such as transaction account numbers and transaction amounts of both parties; when the target service is a transaction payment service, the service type is a payment service, and the service information comprises a payment account number, order information, payment amount and the like of the user. The target service may be set based on the specific situation in the actual scene, which is not limited in this regard.
The service processing password is a password which is required to be input by the target user to complete the current service. The service processing password can be different types of passwords such as a payment password, a login password, an authentication password and the like. The server stores a corresponding service processing password based on the identity information of the user, so that the service processing password can be verified after being received.
In some embodiments, the transaction password may be a password received based on gravity sensing principles. In this embodiment, the front-end device is a device having a gravity sensing function. When the space pose of the front-end equipment changes or the front-end equipment is shaken by a user, the front-end equipment can recognize the current specific pose condition and/or the shaking direction of the equipment.
Specifically, when the front-end device needs to receive a password input by a user, the gravity sensing function can be started. Accordingly, the user may be prompted on the interface of the front-end device that the password may be entered based on gravity sensing. After the gravity sensing function is started, the user can shake or adjust the pose of the front-end equipment according to preset steps. For example, the user may first pan the device 3 times to the left, 2 times to the right, and then pan the device once to the left as a gravity-sensitive input password. In practical applications, the password value can be input by rotating the device by a certain angle or facing a specific direction, which is not limited to this.
The front-end equipment converts the detected shaking direction and/or the equipment space pose of the front-end equipment into a business processing password according to preset logic, wherein the business processing password can be a character string consisting of corresponding characters. For example, the left-handed device corresponds to a character a, the right-handed device corresponds to a character Z, the device rotates 360 degrees and corresponds to a character K, and based on the above example, the service processing password obtained through conversion is AAAZZA.
The password input by the user is received through the gravity sensing principle, so that the password is prevented from being peeped by lawless persons, and the information security is ensured in the password input process.
S220: the front-end device extracts a first cryptographic value corresponding to the target user.
After the service processing request is obtained, the front-end device may extract a first cryptographic value of the target user. The first cryptographic value is pre-stored in the head-end device. The front-end device may perform, before sending the service to the server, modification of the service processing password input by the user by acquiring the first password transformation value.
In one specific example, the first cryptographic value may be a count value, for example, set to 0 at the time of initial setting, and then sequentially accumulated based on the number of times of business processes.
In practical applications, in a case where the front-end device may be used by a plurality of users, the front-end device may store different first cryptographic values based on different user identifications. Accordingly, the service processing request may be accompanied by a corresponding user identifier, so that the front-end device can extract the first cryptographic value directly based on the user identifier.
In some embodiments, if it is detected that the target user is the first-time submission target service, that is, the first cryptographic transformation value of the target user is not pre-stored in the head-end device, the first cryptographic transformation value corresponding to the target user may be set as the transformation initial value. The initial value of the transformation may be a predetermined fixed value, for example, a fixed value such as 0, and accordingly, the server may also directly determine the same initial value of the transformation under the circumstances, thereby ensuring effective implementation of the method.
S230: and the front-end equipment calculates the service processing password according to the first password transformation value and the password transformation function to obtain a temporary password.
The first cryptographic transformation value and the cryptographic transformation function may process the transaction cryptogram. The password change function may be a preset character change relationship, and different characters may be converted into corresponding characters based on different first password conversion values.
In some embodiments, the cryptographic transformation function may be to shift the character by the size of the first cryptographic value in a preset endianness corresponding to the character table. For example, when the first cipher transformation value is 1 and the service processing cipher is AAAZZA, the obtained temporary cipher may be bbbaba. In practical applications, different transformation rules may be set for different characters, and also based on the above example, corresponding to the first transformation value being 1, the character a may be shifted backward to B, and the character Z may be shifted forward to Y, which may be specifically set based on requirements, and is not limited.
The cryptographic transformation function may be another calculation function, in which the first cryptographic transformation value and the service processing password may be input values of the function, so that the corresponding temporary password is directly calculated and output based on the function. In practical application, the cryptographic transformation function can be adjusted according to requirements, which is not limited.
S240: the front-end device processes the first cryptographically transformed value based on the modification function to obtain a second cryptographically transformed value, and replaces the first cryptographically transformed value with the second cryptographically transformed value.
After the temporary password is calculated, the front-end device may process the first cryptographic value to obtain a second cryptographic value. Thereby ensuring that the calculation results are different every time.
The modification function may be a function that recalculates the first cryptographic value, resulting in the second cryptographic value. For example, the modification function may be a simple cumulative function, each time adding 1 to the first cryptographic value to obtain a new second cryptographic value; the modification function may also be a more complex function, making it difficult to directly determine the change law for each obtained second cryptographic transformation value.
After the second cryptographic transformation value is obtained, the first cryptographic transformation value can be replaced by the second cryptographic transformation value, that is, when the next service of the user is processed, the obtained first cryptographic transformation value is the second cryptographic transformation value obtained by the current calculation. For example, when the first cryptographic transformation value of this time is 1 and the calculated second cryptographic transformation value is 2, the first cryptographic transformation value used in the next processing of the service access password is 2.
S250: and the front-end equipment sends the target service and the temporary password to the server.
After the temporary password is determined, the front-end equipment sends the target service and the temporary password to the server according to the corresponding communication mode.
S260: the server obtains a first cryptographic value, a cryptographic transformation function, and a modification function corresponding to the target user.
Upon receiving the target service and the temporary password, the server may obtain a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the target user. Specifically, the server may pre-store a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the user identifier of the different user, and then extract the first cryptographic transformation value, the cryptographic transformation function, and the modification function directly based on the corresponding user identifier after receiving the target service and the temporary password.
In some embodiments, if the first cryptographic value and the service processing record corresponding to the target user are not found, that is, the target user is a first time to process the service, and the corresponding first cryptographic value is not stored before, the first cryptographic value may be set as the initial value of the transformation. The initial value of the transformation may be a fixed value, so that the same value as the first cryptographic transformation determined by the head-end equipment in step S220 ensures proper implementation of the method.
Correspondingly, the same password transformation function and modification function may be set for different users, so that the corresponding steps are directly executed under the condition that the user initially processes the service, or the password transformation function and modification function corresponding to the target user may be sent to the server by the front-end device and correspondingly stored by the server, which is not limited to this.
S270: and the server calculates the business processing password according to the first password transformation value, the password transformation function and the temporary password.
After the server obtains the first password transformation value and the password transformation function, the server can process the temporary password and restore the temporary password to the service processing password.
Specifically, a cipher inverse-solution function corresponding to the cipher transformation function may be determined, and then the temporary cipher is processed by using the cipher inverse-solution function based on the first cipher transformation value to obtain the service processing cipher. The cryptographic inverse function may be a function corresponding to the cryptographic transformation function for restoring the temporary cipher. For example, when the password transformation function is to move the characters backward by a certain position in the preset sequence, the password inverse solution function may be to move the characters forward by a certain position in the preset sequence. The password inverse solution function may also be a corresponding password inverse solution function calculated in advance according to the password transformation function and then stored by the server. The inverse cryptographic function may be adjusted based on actual conditions, which is not limited.
S280: the server processes the first cryptographic value based on the modification function to obtain a second cryptographic value, and replaces the first cryptographic value with the second cryptographic value.
Similarly, after the server completes the calculation of the service processing password, the server may also process the first cryptographic value based on the modification function to obtain a second cryptographic value, and replace the first cryptographic value with the second cryptographic value, in order to ensure the unification of the first cryptographic value stored in the server and the front-end device, so as to implement the normal and effective operation of the method.
S290: and the server checks the service processing password.
After the server obtains the service processing password, a verification process can be executed. Specifically, the server or the corresponding storage device may store a password corresponding to the target user in advance, the server may extract the stored password and compare the stored password with the calculated service processing password, and if the stored password and the calculated service processing password are the same, the verification is passed; otherwise, the verification fails.
S2100: and the server processes the target service under the condition that the service processing password passes the verification.
In case the password check passes for the service handling, the server may start handling the target service. Specifically, the server may store service processing logic for different services in advance. The server can acquire corresponding service processing logic for automatic processing aiming at the type of the target service; the server can also forward the target service to other equipment or terminal equipment of an operator for processing. The specific processing procedure for the target service may be set based on the requirements of the actual application, and is not described herein again.
It should be noted that, in the execution process of the embodiment of the present specification, whether the verification is passed or not, the front-end device and the server may recalculate and replace the stored first cryptographic transformation value, so as to ensure that the first cryptographic transformation value used each time is different, and improve the information security.
Based on the introduction of the embodiment of the service processing method based on password transformation, it can be seen that, in the method, after the front-end device acquires the service processing password, the service processing password is converted based on the first password transformation value to obtain the temporary password, and what is sent to the server is the temporary password. Correspondingly, the server can perform inverse transformation on the temporary password according to the first password transformation value to obtain a real service processing password for verification, so that the condition that the service processing password is not transmitted directly is ensured. In addition, the front-end equipment and the server process the first password transformation value to obtain a second password transformation value after utilizing the first password transformation value in each business processing process, and replace the first password transformation value with the second password transformation value, so that the processing results of the business processing passwords at each time are different, even if lawless persons intercept the temporary passwords, the temporary passwords cannot be cracked, the safety of the transmitted password values is obviously improved, and the information and property safety of users is guaranteed.
Based on the service processing method based on the cryptographic transformation corresponding to fig. 2, an embodiment of the present specification further provides a service processing method based on the cryptographic transformation. The execution main body of the business processing method based on the password transformation is front-end equipment. As shown in fig. 3, the service processing method based on the cryptographic transformation includes the following specific steps.
S310: receiving a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user.
For the detailed description of this step, reference may be made to the description in step S210, and details are not described here.
S320: a first cryptographic value corresponding to the target user is extracted.
For the detailed description of this step, reference may be made to the description in step S220, and details are not described here.
S330: and calculating the service processing password according to the first password transformation value and the password transformation function to obtain a temporary password.
For the detailed description of this step, reference may be made to the description in step S230, which is not described herein again.
S340: processing the first cryptographically transformed value based on a modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value.
For the detailed description of this step, reference may be made to the description in step S240, and details are not described here.
S350: sending the target service and the temporary password to a server so that the server obtains a service processing password according to a password transformation function, the temporary password and a first password transformation value, and processing the target service after verifying the service processing password; and the server processes the first password transformation value based on a modification function after acquiring the service processing password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
For the detailed description of this step, reference may be made to the descriptions in steps S250, S260, S270, S280, S290, and S2100, and details are not repeated here.
Based on the service processing method based on the cryptographic transformation corresponding to fig. 2, an embodiment of the present specification further provides a service processing method based on the cryptographic transformation. The execution subject of the business processing method based on the password transformation is a server. As shown in fig. 4, the service processing method based on the cryptographic transformation includes the following specific steps.
S410: receiving a target service and a temporary password which are sent by front-end equipment and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the business processing password according to the first password transformation value and the password transformation function; the business processing password is input into the front-end equipment by a user; and the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
For the detailed description of this step, reference may be made to the descriptions in steps S210, S220, S230, S240, and S250, which are not described herein again.
S420: a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the target user are obtained.
For the detailed description of this step, reference may be made to the description in step S260, and details are not described here.
S430: and calculating the service processing password according to the first password transformation value, the password transformation function and the temporary password.
For the detailed description of this step, reference may be made to the introduction of step S270, and details are not described here.
S440: processing the first cryptographically transformed value based on the modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value.
For the detailed description of this step, reference may be made to the description in step S280, and details are not repeated here.
S450: and checking the service processing password.
For the detailed description of this step, reference may be made to the introduction of step S290, and details are not described herein.
S460: and processing the target service under the condition that the service processing password passes the verification.
For the detailed description of this step, reference may be made to the description in step S2100, and details are not described here.
A service processing apparatus based on cryptographic transformation according to an embodiment of the present specification is introduced based on the service processing method based on cryptographic transformation corresponding to fig. 3. The business processing device based on the password transformation is arranged on the front-end equipment. As shown in fig. 5, the service processing apparatus based on the cryptographic transformation includes the following modules.
A service processing request receiving module 510, configured to receive a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user.
A first cryptographic value extraction module 520, configured to extract a first cryptographic value corresponding to the target user.
A temporary password calculation module 530, configured to calculate the service processing password according to the first password transformation value and the password transformation function to obtain a temporary password.
A second cryptographic value replacing module 540, configured to process the first cryptographic value based on a modification function to obtain a second cryptographic value, and replace the first cryptographic value with the second cryptographic value.
A sending module 550, configured to send the target service and the temporary password to a server, so that the server obtains a service processing password according to the password transformation function, the temporary password, and the first password transformation value, and processes the target service after verifying the service processing password; and the server processes the first password transformation value based on a modification function after acquiring the service processing password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
A service processing apparatus based on cryptographic transformation according to an embodiment of the present specification is introduced based on the service processing method based on cryptographic transformation corresponding to fig. 4. The business processing device based on the password transformation is arranged in the server. As shown in fig. 6, the service processing apparatus based on the cryptographic transformation includes the following modules.
A receiving module 610, configured to receive a target service and a temporary password, which are sent by a front-end device and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the service processing password according to the first password transformation value and the password transformation function; the service processing password is input into the front-end equipment by a user; and the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
A function obtaining module 620, configured to obtain a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the target user.
And a service processing password calculating module 630, configured to calculate a service processing password according to the first password transformation value, the password transformation function, and the temporary password.
A first cryptographic value processing module 640, configured to process the first cryptographic value based on the modification function to obtain a second cryptographic value, and replace the first cryptographic value with the second cryptographic value.
A checking module 650, configured to check the service processing password.
And the target service processing module 660 is configured to process the target service when the service processing password is verified.
Based on the service processing method based on the cryptographic transformation corresponding to fig. 3 and/or fig. 4, an embodiment of the present specification provides a computer-readable storage medium on which a computer program/instruction is stored. The computer-readable storage medium can be read by a processor based on an internal bus of a device, and program instructions in the computer-readable storage medium are implemented by the processor.
In this embodiment, the computer-readable storage medium may be implemented in any suitable manner. The computer-readable storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), a Memory Card (Memory Card), and the like. The computer storage medium stores computer program instructions. When executed, implement the program instructions or modules of the embodiment corresponding to fig. 3 and/or the embodiment corresponding to fig. 4 of this specification.
In this embodiment, the processor may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. Specifically, the processor may execute the embodiment corresponding to fig. 3 when being disposed on the front-end device, and may execute the method steps in the embodiment corresponding to fig. 4 when being disposed on the server.
Based on the service processing method based on the cryptographic transformation corresponding to fig. 3 and/or fig. 4, an embodiment of the present specification further provides a computer program product including computer programs/instructions. The computer program product may be a program written in a corresponding computer program language, stored in a corresponding storage device in a programmed manner, and transmittable via a computer network. The computer program product may be executed by a processor. In the embodiments of the present specification, the computer program product, when being executed, implements the program instructions or modules of the business processing method based on the cryptographic transformation according to the embodiment corresponding to fig. 3 and/or the embodiment corresponding to fig. 4.
It should be noted that, the service processing method, the service processing apparatus, the storage medium, and the program product based on the cryptographic transformation may be applied to the technical field of information security, and may also be applied to other technical fields besides the technical field of computers, which is not limited thereto.
In addition, in the service processing method, the service processing device, the service processing storage medium and the service processing program product based on the password transformation, the operations of obtaining the password value of the user and reading, storing, using, processing and the like of the operation instruction of the user all conform to the relevant regulations of national laws and regulations.
While the process flows described above include operations that occur in a particular order, it should be appreciated that the processes may include more or less operations that are performed sequentially or in parallel (e.g., using parallel processors or a multi-threaded environment).
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the specification. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, tape storage, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that may be used to store information that may be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The described embodiments may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims (11)

1. A business processing method based on password transformation is characterized in that the method is applied to front-end equipment; the method comprises the following steps:
receiving a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user;
extracting a first cryptographic value corresponding to the target user;
calculating the service processing password according to the first password transformation value and a password transformation function to obtain a temporary password;
processing the first cryptographically transformed value based on a modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value;
sending the target service and the temporary password to a server so that the server obtains a service processing password according to a password transformation function, the temporary password and a first password transformation value, and processing the target service after verifying the service processing password; and the server processes the first password transformation value based on a modification function after acquiring the service processing password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
2. The method of claim 1, wherein the business process password comprises a password received based on gravity sensing principles; the receiving of the service processing request of the target user includes:
detecting the shaking direction and/or the spatial pose of the front-end equipment at least once under the condition of starting the gravity sensing function;
and converting the shaking direction and/or the equipment space pose of the at least one-time front-end equipment into a business processing password.
3. The method of claim 1, wherein the cryptographic transformation function is configured to shift each character of the transaction key based on a predetermined endianness based on a magnitude of the first cryptographic transformation value.
4. The method of claim 1, wherein computing the transaction cryptogram from the first cryptographic value and a cryptographic transformation function to obtain a temporary cryptogram comprises:
and when the target user is detected to be a first submitted target service, setting a first password transformation value corresponding to the target user as a transformation initial value.
5. A business processing method based on password transformation is characterized in that the method is applied to a server; the method comprises the following steps:
receiving a target service and a temporary password which are sent by front-end equipment and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the service processing password according to the first password transformation value and the password transformation function; the business processing password is input into the front-end equipment by a user; the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value;
obtaining a first cryptographic transformation value, a cryptographic transformation function and a modification function corresponding to the target user;
calculating a service processing password according to the first password transformation value, the password transformation function and the temporary password;
processing the first cryptographically transformed value based on the modification function to obtain a second cryptographically transformed value, and replacing the first cryptographically transformed value with the second cryptographically transformed value;
checking the service processing password;
and processing the target service under the condition that the service processing password passes the verification.
6. The method of claim 5, wherein said obtaining a first cryptographic value, a cryptographic transformation function, and a modification function corresponding to the target user comprises:
and setting the first password transformation value as a transformation initial value under the condition that the first password transformation value and the service processing record corresponding to the target user are not found.
7. The method of claim 5, wherein said computing a transaction cryptogram from the first cryptographic transformation value, a cryptographic transformation function, and a temporary cryptogram, comprises:
determining a cryptographic inverse function corresponding to the cryptographic transformation function;
and calculating the service processing password according to the first password transformation value, the password inverse solution function and the temporary password.
8. A business processing device based on password transformation is characterized in that the business processing device is arranged at front-end equipment; the device comprises:
a service processing request receiving module, configured to receive a service processing request of a target user; the service processing request comprises a target service and a service processing password corresponding to the target user;
a first cryptographic value extraction module for extracting a first cryptographic value corresponding to the target user;
the temporary password calculation module is used for calculating the service processing password according to the first password transformation value and the password transformation function to obtain a temporary password;
the second password transformation value replacing module is used for processing the first password transformation value based on a modification function to obtain a second password transformation value and replacing the first password transformation value with the second password transformation value;
the sending module is used for sending the target service and the temporary password to a server so that the server can obtain a service processing password according to a password transformation function, the temporary password and a first password transformation value, and the target service is processed after the service processing password is verified; and the server processes the first password transformation value based on a modification function after acquiring the service processing password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value.
9. A business processing device based on password transformation is characterized in that the device is arranged on a server; the device comprises:
the receiving module is used for receiving a target service and a temporary password which are sent by the front-end equipment and correspond to a target user; the temporary password is obtained by the front-end equipment through calculation of the service processing password according to the first password transformation value and the password transformation function; the service processing password is input into the front-end equipment by a user; the front-end equipment processes the first password transformation value based on a modification function after calculating the temporary password to obtain a second password transformation value, and replaces the first password transformation value with the second password transformation value;
a function obtaining module, configured to obtain a first cryptographic transformation value, a cryptographic transformation function, and a modification function corresponding to the target user;
the business processing password calculation module is used for calculating a business processing password according to the first password transformation value, the password transformation function and the temporary password;
the first password transformation value processing module is used for processing the first password transformation value based on the modification function to obtain a second password transformation value and replacing the first password transformation value with the second password transformation value;
the verification module is used for verifying the service processing password;
and the target service processing module is used for processing the target service under the condition that the service processing password passes the verification.
10. A computer-readable storage medium, having stored thereon a computer program/instructions, characterized in that the computer program/instructions, when executed, implement the steps of the method according to any of claims 1-7.
11. A computer program product comprising computer program/instructions, characterized in that the computer program/instructions, when executed, implement the steps of the method according to any of claims 1-7.
CN202210588258.2A 2022-05-27 2022-05-27 Business processing method, device, medium and program product based on password transformation Pending CN114978727A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210588258.2A CN114978727A (en) 2022-05-27 2022-05-27 Business processing method, device, medium and program product based on password transformation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210588258.2A CN114978727A (en) 2022-05-27 2022-05-27 Business processing method, device, medium and program product based on password transformation

Publications (1)

Publication Number Publication Date
CN114978727A true CN114978727A (en) 2022-08-30

Family

ID=82955972

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210588258.2A Pending CN114978727A (en) 2022-05-27 2022-05-27 Business processing method, device, medium and program product based on password transformation

Country Status (1)

Country Link
CN (1) CN114978727A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1235445A (en) * 1998-01-13 1999-11-17 日本电气株式会社 Password updating apparatus and recording medium used therefor
CN105357011A (en) * 2015-10-22 2016-02-24 上海斐讯数据通信技术有限公司 Encryption and decryption methods and systems, and terminal
CN108011708A (en) * 2016-10-28 2018-05-08 长城汽车股份有限公司 The controller and vehicle of message encryption method, vehicle based on automobile bus
CN109451806A (en) * 2016-07-08 2019-03-08 微软技术许可有限责任公司 It is accessed control using static password or disposal password
CN110768784A (en) * 2019-10-22 2020-02-07 广州酷旅旅行社有限公司 Password transmission method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1235445A (en) * 1998-01-13 1999-11-17 日本电气株式会社 Password updating apparatus and recording medium used therefor
CN105357011A (en) * 2015-10-22 2016-02-24 上海斐讯数据通信技术有限公司 Encryption and decryption methods and systems, and terminal
CN109451806A (en) * 2016-07-08 2019-03-08 微软技术许可有限责任公司 It is accessed control using static password or disposal password
CN108011708A (en) * 2016-10-28 2018-05-08 长城汽车股份有限公司 The controller and vehicle of message encryption method, vehicle based on automobile bus
CN110768784A (en) * 2019-10-22 2020-02-07 广州酷旅旅行社有限公司 Password transmission method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
JP7225413B2 (en) Secure autofill of forms with on-demand application to generate virtual numbers for contactless cards
KR102179152B1 (en) Client authentication using social relationship data
EP3413255A1 (en) Electronic payment service processing method and device, and electronic payment method and device
CN112333198A (en) Secure cross-domain login method, system and server
CN105871786B (en) A kind of verification method of user information, device and system
CN104091140B (en) A kind of information processing method and electronic equipment
US9025834B2 (en) Input validation, user and data authentication on potentially compromised mobile devices
CN107733883B (en) Method and device for detecting account numbers registered in batches
CN105099688A (en) Operation method for electronic account, display method and apparatus for payment page
US10284565B2 (en) Security verification method, apparatus, server and terminal device
US20160239841A1 (en) Method, apparatus, and system for secure online payment
CN108848058A (en) Intelligent contract processing method and block catenary system
CN110311895B (en) Session permission verification method and system based on identity authentication and electronic equipment
JP6682453B2 (en) data communication
CN109040134A (en) A kind of design method and relevant apparatus of information encryption
CN108564363A (en) A kind of transaction processing method, server, client and system
WO2017006118A1 (en) Secure distributed encryption system and method
CN113032837A (en) Anonymous authentication method and system for open platform
US11308238B2 (en) Server and method for identifying integrity of application
CN104426657A (en) Service authentication method and system, server
CN114640464A (en) Block chain-based subscription data transmission method, device, equipment and storage medium
US10616262B2 (en) Automated and personalized protection system for mobile applications
CN114978727A (en) Business processing method, device, medium and program product based on password transformation
US20230344829A1 (en) Multifactor authentication for information security within a metaverse
US10909530B2 (en) Authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination