CN116132180A - Data processing method, data verification method and device - Google Patents

Data processing method, data verification method and device Download PDF

Info

Publication number
CN116132180A
CN116132180A CN202310128736.6A CN202310128736A CN116132180A CN 116132180 A CN116132180 A CN 116132180A CN 202310128736 A CN202310128736 A CN 202310128736A CN 116132180 A CN116132180 A CN 116132180A
Authority
CN
China
Prior art keywords
data
parameter
parameter data
encryption
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310128736.6A
Other languages
Chinese (zh)
Inventor
夏帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Financial Technology Co Ltd
Original Assignee
Bank of China Financial Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Financial Technology Co Ltd filed Critical Bank of China Financial Technology Co Ltd
Priority to CN202310128736.6A priority Critical patent/CN116132180A/en
Publication of CN116132180A publication Critical patent/CN116132180A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Abstract

The data processing method, the data verification method and the data verification device can be applied to the network security field or the financial field, the personalized parameter processing mechanism comprising encryption, decryption, signature adding and signature verification is provided for the parameter data based on the data items defined by the parameter model, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission safety of the parameter data is ensured.

Description

Data processing method, data verification method and device
Technical Field
The disclosure relates to the field of data management, and in particular, to a data processing method, a data verification method and a data verification device.
Background
At present, through parameter data transmission, data interaction between different systems and between different service functions can be realized, and convenient functional service is provided for users.
However, in the parameter data transmission process, the conditions that the data is crawled and maliciously tampered may occur, so that the normal operation of a related system is disturbed, related information is leaked, and the security of the parameter data transmission is reduced.
Therefore, how to improve the security of the parameter data in the transmission process is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the above problems, the present disclosure provides a data processing method, a data verification method, and a device for overcoming or at least partially solving the above problems, where the technical solutions are as follows:
a data processing method applied to a request initiator, the method comprising:
obtaining first parameter data, wherein data items of the first parameter data are defined by a pre-constructed parameter model, and the data items comprise an encryption switch, an encryption and decryption algorithm, a signature switch and a signature algorithm;
performing confusion processing on the first parameter data by using a preset data confusion device to obtain second parameter data;
under the condition that the signing switch is turned on, signing the second parameter data by utilizing the signing algorithm to obtain third parameter data, wherein the third parameter data comprises the second parameter data and a digital signature;
when the encryption switch is turned on, encrypting the third parameter data by using the encryption and decryption algorithm to obtain fourth parameter data;
Obtaining an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm from an algorithm data dictionary of a database;
and packaging the fourth parameter data, the encryption and decryption algorithm identification and the signature algorithm identification into a data request, and transmitting the data request to a request receiver.
Optionally, the performing, by using a preset data obfuscator, obfuscating the first parameter data to obtain second parameter data includes:
and carrying out parameter dislocation processing and salifying processing on the first parameter data by using a preset data obfuscator to obtain second parameter data.
Optionally, the data item further includes a parameter name, a parameter value, a parameter data type, a parameter sensitivity, parameter description information, and a parameter encryption number.
Optionally, the first parameter data is interface interaction data or payment page data of the banking transaction system.
A data verification method applied to a request receiver, the method comprising:
obtaining a data request transmitted by a request initiator, wherein the data request comprises fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier;
Determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the signature algorithm identification in an algorithm data dictionary of a database;
decrypting the third parameter data by using the encryption and decryption algorithm to obtain third parameter data, wherein the third parameter data comprises second parameter data and a digital signature;
verifying the digital signature by using the signature algorithm to obtain a verification result;
and under the condition that the verification result is passed, performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain first parameter data.
Optionally, the performing confusion recovery processing on the second parameter data by using a preset data obfuscator to obtain first parameter data includes:
and carrying out parameter recovery processing and desalination processing on the second parameter data by using a preset data obfuscator to obtain first parameter data.
Optionally, after the obtaining the first parameter data, the method further includes:
responding to the first parameter data to obtain request target data;
carrying out confusion processing on the request target data by using the preset data confusion device to obtain data to be signed;
Signing the data to be signed by using the signature algorithm to obtain data to be encrypted;
encrypting the data to be encrypted by using the encryption and decryption algorithm to obtain target encrypted data;
and packaging the target encryption data, the signature algorithm identifier corresponding to the signature algorithm and the encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm into a data packet, and returning the data packet to the request initiator.
Optionally, after the obtaining the first parameter data, the method further includes:
responding to the first parameter data to obtain request target data;
and displaying the request target data.
A data processing apparatus for application to a request originator, the apparatus comprising: a first obtaining unit, a second obtaining unit, a third obtaining unit, a fourth obtaining unit, a fifth obtaining unit and a request transmission unit,
the first obtaining unit is used for obtaining first parameter data, wherein data items of the first parameter data are defined by a pre-constructed parameter model and comprise an encryption switch, an encryption and decryption algorithm, a signing switch and a signature algorithm;
The second obtaining unit is configured to use a preset data obfuscator to obfuscate the first parameter data to obtain second parameter data;
the third obtaining unit is configured to perform signing processing on the second parameter data by using the signing algorithm under the condition that the signing switch is turned on, so as to obtain third parameter data, where the third parameter data includes the second parameter data and a digital signature;
the fourth obtaining unit is configured to encrypt the third parameter data by using the encryption/decryption algorithm when the encryption switch is turned on, so as to obtain fourth parameter data;
the fifth obtaining unit is configured to obtain an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm in an algorithm data dictionary of a database;
the request transmission unit is configured to package the fourth parameter data, the encryption and decryption algorithm identifier and the signature algorithm identifier into a data request, and transmit the data request to a request receiver.
A data verification apparatus for use with a request recipient, the apparatus comprising: a sixth obtaining unit, an algorithm determining unit, a seventh obtaining unit, an eighth obtaining unit, and a ninth obtaining unit,
The sixth obtaining unit is configured to obtain a data request transmitted by a request initiator, where the data request includes fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier;
the algorithm determining unit is used for determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identifier and a signature algorithm corresponding to the signature algorithm identifier in an algorithm data dictionary of a database;
the seventh obtaining unit is configured to decrypt the third parameter data by using the encryption/decryption algorithm to obtain third parameter data, where the third parameter data includes second parameter data and a digital signature;
the eighth obtaining unit is configured to verify the digital signature by using the signature algorithm to obtain a verification result;
and the ninth obtaining unit is configured to perform confusion recovery processing on the second parameter data by using a preset data confusion device to obtain first parameter data when the verification result is that the verification result is passed.
By means of the technical scheme, the data processing method, the data verification method and the data verification device can be applied to the network security field or the financial field, the personalized parameter processing mechanism comprising encryption, decryption, signature adding and signature verification is provided for the parameter data based on the data items defined by the parameter model, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission security of the parameter data is ensured.
The foregoing description is merely an overview of the technical solutions of the present disclosure, and may be implemented according to the content of the specification in order to make the technical means of the present disclosure more clearly understood, and in order to make the above and other objects, features and advantages of the present disclosure more clearly understood, the following specific embodiments of the present disclosure are specifically described.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the disclosure. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 shows a flow diagram of one implementation of a data processing method provided by an embodiment of the present disclosure;
FIG. 2 shows a flow diagram of another implementation of a data processing method provided by an embodiment of the present disclosure;
FIG. 3 is a schematic flow chart of an embodiment of a data verification method according to the embodiments of the present disclosure;
FIG. 4 is a schematic flow chart of another embodiment of a data verification method according to an embodiment of the disclosure;
FIG. 5 is a schematic flow chart of another embodiment of a data verification method according to an embodiment of the disclosure;
FIG. 6 is a schematic flow chart illustrating another embodiment of a data verification method according to an embodiment of the present disclosure;
FIG. 7 illustrates an overall process schematic of data processing and verification provided by embodiments of the present disclosure;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present disclosure;
fig. 9 shows a schematic structural diagram of a data verification device provided in an embodiment of the disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In the transmission process of the parameter data, the parameter data can be encrypted and signed so as to prevent the leakage and the tampering of the data. In the case of https protocol, the parameter data may not be decrypted and transmitted, but during the interface request, the parameter data may be crawled and tampered, thereby disturbing the normal operation of the system. Even though tamper can be prevented by the signing process, information including financial transaction information, transaction flow information and customer information may be crawled during transmission, causing information leakage, thereby affecting the security of the system. Meanwhile, the logic of the data encryption and decryption and signature algorithm is usually written and fixed in codes, so that the modification and maintenance are inconvenient, the data item information of the parameter data cannot be flexibly adjusted, and the flexible processing of different types of parameter data is difficult. Accordingly, in order to overcome the foregoing problems, the embodiments of the present disclosure provide a data processing method and a data verification method.
As shown in fig. 1, an embodiment of the present disclosure provides a flowchart of one implementation of a data processing method, which may be applied to a request initiator, and the data processing method may include:
a100, obtaining first parameter data, wherein data items of the first parameter data are defined by a pre-constructed parameter model, and the data items comprise an encryption switch, an encryption and decryption algorithm, a signature switch and a signature algorithm.
Optionally, the first parameter data is interface interaction data or payment page data of the banking transaction system. The interface interaction data may include transaction data related to interaction including transfer transaction data and loan transaction data. The payment page data is data for presentation on a payment page.
The embodiment of the disclosure can pre-construct a parameter model, and define data items of parameter data by using the parameter model. Optionally, the data items may further include a parameter name, a parameter value, a parameter data type, a parameter sensitivity, parameter description information, and a parameter encryption number. The embodiment of the disclosure is beneficial to personalized processing of the parameter data by defining the data item of the parameter data, and optimizes the program logic.
And A200, performing confusion processing on the first parameter data by using a preset data confusion device to obtain second parameter data.
The preset data obfuscator is used for obfuscating and recovering parameter data.
The confusion process may include parameter misplacement and salification, among other processes. The confusion restoration process may include a parameter restoration and a desalination process. It will be appreciated that the request initiator and the request recipient use the same preset data obfuscator.
Optionally, based on the method shown in fig. 1, as shown in fig. 2, the embodiment of the disclosure provides a flowchart of another implementation of the data processing method, and step a200 may include:
and A210, performing parameter dislocation processing and salifying processing on the first parameter data by using a preset data obfuscator to obtain second parameter data.
The parameter dislocation is the relative position of characters in the exchange parameter data. The salification process is to form new parameter data by a combination of a set of random characters with the original parameter data. According to the embodiment of the disclosure, parameter dislocation processing and salifying processing are performed on the parameter data, so that the decoding difficulty of the parameter data can be increased, and information leakage is effectively prevented.
A300, under the condition that a signing switch is turned on, signing the second parameter data by utilizing a signature algorithm to obtain third parameter data, wherein the third parameter data comprises the second parameter data and a digital signature.
The signature algorithm may be any one of the algorithms including Md5 (Message Digest Algorithm, fifth edition of message digest algorithm), SHA algorithm (Secure Hash Algorithm secure hash algorithm), CRC (Cyclic Redundancy Check ) algorithm.
Specifically, the embodiment of the disclosure may generate a digital signature corresponding to the second parameter data using a signature algorithm, and then add the digital signature to the second parameter data to obtain the third parameter data. According to the embodiment of the disclosure, the digital signature is generated through the signature algorithm, so that whether the parameter data is tampered in the transmission process can be effectively identified, and the correctness of the parameter data obtained by the request receiver is ensured.
And A400, under the condition that the encryption switch is turned on, encrypting the third parameter data by using an encryption and decryption algorithm to obtain fourth parameter data.
The encryption and decryption algorithm can be any algorithm including an RSA (Rivest-Shamir-Adleman) encryption algorithm, an AES (Advanced Encryption Standard ) encryption algorithm and an ECC (Elliptic curve cryptography ) encryption algorithm. It will be appreciated that for the encryption process, the decryption process is the inverse of the encryption process.
Optionally, the request initiator may encrypt the parameter data for multiple rounds using the encryption times and the encryption and decryption algorithm specified in the data item of the parameter data.
According to the embodiment of the disclosure, the parameter data is encrypted, so that information hiding of the parameter data is realized, and the safety of the parameter data is improved.
A500, obtaining an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm from an algorithm data dictionary of the database.
The algorithm data dictionary stores the mapping relation between the encryption and decryption algorithm identification corresponding to the encryption and decryption algorithm and the signature algorithm identification corresponding to the signature algorithm. The request initiator and the request receiver can pre-define an algorithm data dictionary, and store the algorithm data dictionary in a database. The user can flexibly change and modify the algorithm data dictionary.
The request initiator can inquire an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm in the algorithm data dictionary.
A600, packaging the fourth parameter data, the encryption and decryption algorithm identification and the signature algorithm identification into a data request, and transmitting the data request to a request receiver.
According to the method and the device, the algorithm identification is packaged into the data request, so that a request receiver can query a corresponding encryption and decryption algorithm and signature algorithm by using the algorithm data dictionary to process fourth parameter data. Meanwhile, in the transmission process of the parameter data, the algorithm type used by the parameter data can be protected from interception and acquisition, and the information safety is ensured.
The data processing method provided by the disclosure can be applied to the field of network security or the field of finance, and can be applied to a request initiator to obtain first parameter data, wherein a data item of the first parameter data is defined by a pre-constructed parameter model, and the data item comprises an encryption switch, an encryption and decryption algorithm, a signature switch and a signature algorithm; carrying out confusion processing on the first parameter data by using a preset data confusion device to obtain second parameter data; under the condition that a signing switch is turned on, signing processing is carried out on the second parameter data by utilizing a signature algorithm, and third parameter data are obtained, wherein the third parameter data comprise the second parameter data and a digital signature; under the condition that an encryption switch is turned on, encrypting the third parameter data by using an encryption and decryption algorithm to obtain fourth parameter data; obtaining an encryption and decryption algorithm identifier corresponding to an encryption and decryption algorithm and a signature algorithm identifier corresponding to a signature algorithm from an algorithm data dictionary of a database; and packaging the fourth parameter data, the encryption and decryption algorithm identification and the signature algorithm identification into a data request, and transmitting the data request to a request receiver. According to the parameter data transmission method and device, based on the data items defined by the parameter model on the parameter data, the personalized parameter processing mechanism including encryption and signing is provided for the parameter data, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission safety of the parameter data is ensured.
As shown in fig. 3, a flowchart of an implementation manner of a data verification method provided by an embodiment of the present disclosure, where the data verification method may be applied to a request receiving party, the data verification method may include:
b100, obtaining a data request transmitted by a request initiator, wherein the data request comprises fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier.
B200, determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the signature algorithm identification in an algorithm data dictionary of the database.
The request receiver can inquire an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the previous algorithm identification in the algorithm data dictionary.
And B300, decrypting the third parameter data by using an encryption and decryption algorithm to obtain the third parameter data, wherein the third parameter data comprises the second parameter data and the digital signature.
And B400, verifying the digital signature by using a signature algorithm to obtain a verification result.
Specifically, the embodiment of the disclosure may use a signature algorithm to generate a current digital signature of the second parameter data obtained by decryption, compare the current digital signature with a digital signature in the third parameter data, and if the current digital signature is the same, check the result as passing, and if the current digital signature is not the same, check the result as not passing.
And B500, under the condition that the verification result is passed, performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain the first parameter data.
And under the condition that the verification result is passed, indicating that the parameter data is not tampered in the transmission process, and performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain correct first parameter data.
Optionally, based on the method shown in fig. 3, as shown in fig. 4, a flowchart of another implementation of the data verification method provided by the embodiment of the present disclosure, step B500 may include:
and B510, performing parameter recovery processing and desalination processing on the second parameter data by using a preset data obfuscator to obtain the first parameter data.
The parameter recovery is to recover the relative position of the character of the parameter data before parameter dislocation. The desalting treatment is to delete the random character added in the salifying treatment. According to the embodiment of the disclosure, the parameter data before confusion processing can be accurately restored by carrying out parameter recovery processing and desalination processing on the parameter data.
The data verification method provided by the embodiment of the disclosure can be applied to the field of network security or the field of finance, and can be applied to a request receiver to obtain a data request transmitted by the request initiator, wherein the data request comprises fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier; determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the signature algorithm identification in an algorithm data dictionary of a database; decrypting the third parameter data by using an encryption and decryption algorithm to obtain the third parameter data, wherein the third parameter data comprises the second parameter data and a digital signature; verifying the digital signature by using a signature algorithm to obtain a verification result; and under the condition that the verification result is passed, performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain the first parameter data. According to the parameter data processing method and device based on the parameter model, the data items defined for the parameter data are based on the parameter model, the personalized parameter processing mechanism including decryption and signature verification is provided for the parameter data, whether the parameter data are tampered or not can be identified by combining the parameter confusion mechanism of the preset data confusion device, the parameter data before confusion are accurately restored, the correctness of the parameter data is guaranteed, and the normal operation of a system is guaranteed.
Optionally, based on the method shown in fig. 3, as shown in fig. 5, a flowchart of another implementation of the data verification method provided in the embodiment of the present disclosure may further include, after step B500:
b600, responding to the first parameter data and obtaining the request target data.
It may be appreciated that the embodiments of the present disclosure may extract, at the relevant server, request target data corresponding to the first parameter data according to the first parameter data.
And B610, carrying out confusion processing on the request target data by using a preset data confusion device to obtain the data to be signed.
The confusion process of step B610 may refer to the description of step a200, and will not be described herein.
And B620, signing the data to be signed by utilizing a signature algorithm to obtain the data to be encrypted.
The signing process of step B620 may refer to the description of step a300, and will not be described herein.
And B630, encrypting the data to be encrypted by using an encryption and decryption algorithm to obtain target encrypted data.
The encryption process of step B630 may refer to the description of step a400, and will not be described herein.
And B640, packaging the target encrypted data, the signature algorithm identification corresponding to the signature algorithm and the encryption and decryption algorithm identification corresponding to the encryption and decryption algorithm into a data packet, and returning the data packet to the request initiator.
According to the embodiment of the disclosure, corresponding encryption and signing are carried out on the request target data according to an encryption and decryption algorithm and a signature algorithm used by the parameter data, so that a request initiator can decrypt and sign the target encrypted data in the returned data packet, and the request target data is extracted.
According to the encryption and decryption algorithm and the signature algorithm used by the parameter data, the request target data is correspondingly encrypted and signed, so that the request initiator can conveniently and rapidly decrypt and verify the signature after obtaining the target encrypted data, and the data security in the transmission process is improved, and meanwhile the data processing efficiency is improved.
Optionally, based on the method shown in fig. 3, as shown in fig. 6, a flowchart of another implementation of the data verification method provided in the embodiment of the present disclosure may further include, after step B500:
b700, responding to the first parameter data, and obtaining the request target data.
And B710, displaying the request target data.
According to the embodiment of the disclosure, the obtained request target data can be returned and displayed on the payment page under the condition that the first parameter data is the payment page data, so that the visual processing of the request target data is realized, and a user can intuitively acquire the request target data.
To facilitate an understanding of the overall process of data processing and verification provided by the present disclosure, the description is provided herein by way of example in connection with FIG. 7: FIG. 7 is a schematic diagram illustrating an overall process of data processing and verification provided by an embodiment of the present disclosure. Under the condition that the parameter data is interface interaction data, a request initiator uses a data obfuscator to obfuscate the parameter data, then sequentially signs and encrypts the parameter data, and the processed parameter data is transmitted to a request receiver in a data request mode. After receiving the processed parameter data, the request receiver decrypts and checks the parameter data according to the algorithm data dictionary, uses the data obfuscator to carry out obfuscation recovery processing on the parameter data, obtains request target data, carries out the same signing encryption processing on the request target data, and returns the request target data to the request initiator in a data packet mode. After receiving the data packet, the request initiator performs the same decryption and signature verification on the target encrypted data, and the data request is ended.
When the parameter data is payment page data, the request initiator uses the data obfuscator to obfuscate the parameter data, then signs and encrypts the parameter data, the parameter data can be spliced behind the URL, and the processed parameter data is transmitted to the request receiver in a data request mode. After receiving the processed parameter data, the request receiver decrypts and checks the parameter data according to the algorithm data dictionary, and then uses the data obfuscator to carry out obfuscation recovery processing on the parameter data to obtain the request target data and display the request target data. The request target data may include a collection account number and an amount.
According to the parameter data transmission method and device, based on the data items defined by the parameter model on the parameter data, personalized parameter processing mechanisms including encryption, decryption, signing and signature verification are provided for the parameter data, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission safety of the parameter data is ensured.
Although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Corresponding to the above data processing method, the embodiment of the present disclosure further provides a data processing apparatus, where the structure of the data processing apparatus is shown in fig. 8, and the data processing apparatus is applied to a request initiator, and the data processing apparatus may include: a first obtaining unit 10, a second obtaining unit 11, a third obtaining unit 12, a fourth obtaining unit 13, a fifth obtaining unit 14, and a request transmitting unit 15.
A first obtaining unit 10, configured to obtain first parameter data, where a data item of the first parameter data is defined by a pre-constructed parameter model, and the data item includes an encryption switch, an encryption/decryption algorithm, a signing switch, and a signature algorithm.
A second obtaining unit 11, configured to use a preset data obfuscator to obfuscate the first parameter data to obtain second parameter data.
And a third obtaining unit 12, configured to perform signing processing on the second parameter data by using a signature algorithm when the signing switch is turned on, to obtain third parameter data, where the third parameter data includes the second parameter data and a digital signature.
And a fourth obtaining unit 13, configured to encrypt the third parameter data by using an encryption/decryption algorithm when the encryption switch is turned on, so as to obtain fourth parameter data.
A fifth obtaining unit 14, configured to obtain, in an algorithm data dictionary of the database, an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm.
The request transmission unit 15 is configured to package the fourth parameter data, the encryption and decryption algorithm identifier, and the signature algorithm identifier into a data request, and transmit the data request to the request receiver.
Optionally, the second obtaining unit 11 is specifically configured to perform parameter dislocation processing and salifying processing on the first parameter data by using a preset data obfuscator, so as to obtain second parameter data.
Optionally, the data item further includes a parameter name, a parameter value, a parameter data type, a parameter sensitivity, parameter description information, and a parameter encryption number.
Optionally, the first parameter data is interface interaction data or payment page data of the banking transaction system.
The data processing device can be applied to the field of network security or the field of finance, and can be applied to a request initiator to obtain first parameter data, wherein a data item of the first parameter data is defined by a pre-constructed parameter model, and the data item comprises an encryption switch, an encryption and decryption algorithm, a signature switch and a signature algorithm; carrying out confusion processing on the first parameter data by using a preset data confusion device to obtain second parameter data; under the condition that a signing switch is turned on, signing processing is carried out on the second parameter data by utilizing a signature algorithm, and third parameter data are obtained, wherein the third parameter data comprise the second parameter data and a digital signature; under the condition that an encryption switch is turned on, encrypting the third parameter data by using an encryption and decryption algorithm to obtain fourth parameter data; obtaining an encryption and decryption algorithm identifier corresponding to an encryption and decryption algorithm and a signature algorithm identifier corresponding to a signature algorithm from an algorithm data dictionary of a database; and packaging the fourth parameter data, the encryption and decryption algorithm identification and the signature algorithm identification into a data request, and transmitting the data request to a request receiver. According to the parameter data transmission method and device, based on the data items defined by the parameter model on the parameter data, the personalized parameter processing mechanism including encryption and signing is provided for the parameter data, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission safety of the parameter data is ensured.
The data processing apparatus includes a processor and a memory, the first obtaining unit 10, the second obtaining unit 11, the third obtaining unit 12, the fourth obtaining unit 13, the fifth obtaining unit 14, the request transmitting unit 15, and the like are stored as program units in the memory, and the processor executes the program units stored in the memory to realize the corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one data item defined by the parameter model based on the parameter model by adjusting the kernel parameters, a personalized parameter processing mechanism comprising encryption and signing is provided for the parameter data, and the parameter confusion mechanism of the preset data confusion device is combined, so that the decoding difficulty of the parameter data in the transmission process can be improved, information leakage is prevented, and the transmission safety of the parameter data is ensured.
The disclosed embodiments provide a computer-readable storage medium having stored thereon a program that when executed by a processor implements the data processing method.
The embodiment of the disclosure provides a processor for running a program, wherein the program runs to execute the data processing method.
The embodiment of the disclosure provides an electronic device, which comprises at least one processor, and at least one memory and a bus connected with the processor; the processor and the memory complete communication with each other through a bus; the processor is used for calling the program instructions in the memory to execute the data processing method. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present disclosure also provides a computer program product adapted to perform a program initialized with the steps of a data processing method when executed on an electronic device.
Corresponding to the above data verification method, the embodiment of the present disclosure further provides a data verification device, with a structure shown in fig. 9, where the data verification device may be applied to a request receiving party, and the data verification device may include: a sixth obtaining unit 20, an algorithm determining unit 21, a seventh obtaining unit 22, an eighth obtaining unit 23, and a ninth obtaining unit 24.
A sixth obtaining unit 20, configured to obtain a data request transmitted by the request initiator, where the data request includes fourth parameter data, an encryption and decryption algorithm identifier, and a signature algorithm identifier.
An algorithm determining unit 21, configured to determine an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identifier and a signature algorithm corresponding to the signature algorithm identifier in an algorithm data dictionary of the database.
A seventh obtaining unit 22, configured to decrypt the third parameter data by using an encryption/decryption algorithm, to obtain the third parameter data, where the third parameter data includes the second parameter data and the digital signature.
An eighth obtaining unit 23 is configured to verify the digital signature by using a signature algorithm, and obtain a verification result.
And a ninth obtaining unit 24, configured to, if the verification result is passed, perform confusion recovery processing on the second parameter data using a preset data obfuscator, to obtain the first parameter data.
Optionally, the ninth obtaining unit 24 is specifically configured to perform a parameter recovery process and a desalination process on the second parameter data by using a preset data obfuscator, so as to obtain the first parameter data.
Optionally, the data verification device may further include: a tenth obtaining unit, an eleventh obtaining unit, a twelfth obtaining unit, a thirteenth obtaining unit, and a packet transmission unit.
A tenth obtaining unit for obtaining the request target data in response to the first parameter data after the ninth obtaining unit 24 obtains the first parameter data.
And the eleventh obtaining unit is used for carrying out confusion processing on the request target data by using a preset data confusion device to obtain the data to be signed.
And the twelfth obtaining unit is used for signing the data to be signed by utilizing a signature algorithm to obtain the data to be encrypted.
A thirteenth obtaining unit, configured to encrypt the data to be encrypted using an encryption/decryption algorithm, to obtain the target encrypted data.
And the data packet transmission unit is used for packaging the target encrypted data, the signature algorithm identifier corresponding to the signature algorithm and the encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm into a data packet and returning the data packet to the request initiator.
Optionally, the data verification device may further include: a thirteenth obtaining unit and a data display unit.
A thirteenth obtaining unit for obtaining the request target data in response to the first parameter data after the ninth obtaining unit 24 obtains the first parameter data.
And the data display unit is used for displaying the request target data.
The data verification device provided by the embodiment of the disclosure can be applied to the field of network security or the field of finance, and can be applied to a request receiver to obtain a data request transmitted by a request initiator, wherein the data request comprises fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier; determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the signature algorithm identification in an algorithm data dictionary of a database; decrypting the third parameter data by using an encryption and decryption algorithm to obtain the third parameter data, wherein the third parameter data comprises the second parameter data and a digital signature; verifying the digital signature by using a signature algorithm to obtain a verification result; and under the condition that the verification result is passed, performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain the first parameter data. According to the parameter data processing method and device based on the parameter model, the data items defined for the parameter data are based on the parameter model, the personalized parameter processing mechanism including decryption and signature verification is provided for the parameter data, whether the parameter data are tampered or not can be identified by combining the parameter confusion mechanism of the preset data confusion device, the parameter data before confusion are accurately restored, the correctness of the parameter data is guaranteed, and the normal operation of a system is guaranteed.
The data verification device includes a processor and a memory, where the sixth obtaining unit 20, the algorithm determining unit 21, the seventh obtaining unit 22, the eighth obtaining unit 23, the ninth obtaining unit 24, and the like are stored as program units, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one data item defined by the parameter model based on the parameter model by adjusting the kernel parameters, a personalized parameter processing mechanism comprising decryption and verification is provided for the parameter data, and the parameter confusion mechanism of the preset data confusion device is combined, so that whether the parameter data is tampered or not can be identified, the parameter data before confusion can be accurately restored, the correctness of the parameter data is ensured, and the normal operation of the system is ensured.
The disclosed embodiments provide a computer-readable storage medium having stored thereon a program that, when executed by a processor, implements the data verification method.
The embodiment of the disclosure provides a processor for running a program, wherein the program runs to execute the data verification method.
The embodiment of the disclosure provides an electronic device, which comprises at least one processor, and at least one memory and a bus connected with the processor; the processor and the memory complete communication with each other through a bus; the processor is used for calling the program instructions in the memory to execute the data verification method. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present disclosure also provides a computer program product adapted to perform a program initialized with the steps of the data verification method when executed on an electronic device.
The specific manner in which the individual units perform the operations in relation to the apparatus of the above embodiments has been described in detail in relation to the embodiments of the method and will not be described in detail here.
It should be noted that the data processing method, the data verification method and the data verification device provided by the present disclosure may be used in the network security field or the financial field. The foregoing is merely an example, and is not intended to limit the application fields of a data processing method, a data verification method, and an apparatus provided in the present disclosure.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, electronic devices (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, the electronic device includes one or more processors (CPUs), memory, and a bus. The electronic device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
In the description of the present disclosure, it should be understood that, if the directions or positional relationships indicated by the terms "upper", "lower", "front", "rear", "left" and "right", etc., are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the positions or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limitations of the present disclosure.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present disclosure, are intended to be included within the scope of the claims of the present disclosure.

Claims (10)

1. A data processing method for application to a request initiator, the method comprising:
obtaining first parameter data, wherein data items of the first parameter data are defined by a pre-constructed parameter model, and the data items comprise an encryption switch, an encryption and decryption algorithm, a signature switch and a signature algorithm;
Performing confusion processing on the first parameter data by using a preset data confusion device to obtain second parameter data;
under the condition that the signing switch is turned on, signing the second parameter data by utilizing the signing algorithm to obtain third parameter data, wherein the third parameter data comprises the second parameter data and a digital signature;
when the encryption switch is turned on, encrypting the third parameter data by using the encryption and decryption algorithm to obtain fourth parameter data;
obtaining an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm from an algorithm data dictionary of a database;
and packaging the fourth parameter data, the encryption and decryption algorithm identification and the signature algorithm identification into a data request, and transmitting the data request to a request receiver.
2. The method of claim 1, wherein the obfuscating the first parameter data using a preset data obfuscator to obtain second parameter data, comprises:
and carrying out parameter dislocation processing and salifying processing on the first parameter data by using a preset data obfuscator to obtain second parameter data.
3. The method of claim 1, wherein the data items further comprise a parameter name, a parameter value, a parameter data type, a parameter sensitivity, parameter description information, and a parameter encryption number.
4. The method of claim 1, wherein the first parameter data is interface interaction data or payment page data of a banking transaction system.
5. A data verification method, applied to a request receiver, the method comprising:
obtaining a data request transmitted by a request initiator, wherein the data request comprises fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier;
determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identification and a signature algorithm corresponding to the signature algorithm identification in an algorithm data dictionary of a database;
decrypting the third parameter data by using the encryption and decryption algorithm to obtain third parameter data, wherein the third parameter data comprises second parameter data and a digital signature;
verifying the digital signature by using the signature algorithm to obtain a verification result;
and under the condition that the verification result is passed, performing confusion recovery processing on the second parameter data by using a preset data confusion device to obtain first parameter data.
6. The method of claim 5, wherein performing the confusion recovery process on the second parameter data using a preset data obfuscator to obtain first parameter data, comprises:
and carrying out parameter recovery processing and desalination processing on the second parameter data by using a preset data obfuscator to obtain first parameter data.
7. The method of claim 5, wherein after the obtaining the first parameter data, the method further comprises:
responding to the first parameter data to obtain request target data;
carrying out confusion processing on the request target data by using the preset data confusion device to obtain data to be signed;
signing the data to be signed by using the signature algorithm to obtain data to be encrypted;
encrypting the data to be encrypted by using the encryption and decryption algorithm to obtain target encrypted data;
and packaging the target encryption data, the signature algorithm identifier corresponding to the signature algorithm and the encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm into a data packet, and returning the data packet to the request initiator.
8. The method of claim 5, wherein after the obtaining the first parameter data, the method further comprises:
Responding to the first parameter data to obtain request target data;
and displaying the request target data.
9. A data processing apparatus for application to a request initiator, the apparatus comprising: a first obtaining unit, a second obtaining unit, a third obtaining unit, a fourth obtaining unit, a fifth obtaining unit and a request transmission unit,
the first obtaining unit is used for obtaining first parameter data, wherein data items of the first parameter data are defined by a pre-constructed parameter model and comprise an encryption switch, an encryption and decryption algorithm, a signing switch and a signature algorithm;
the second obtaining unit is configured to use a preset data obfuscator to obfuscate the first parameter data to obtain second parameter data;
the third obtaining unit is configured to perform signing processing on the second parameter data by using the signing algorithm under the condition that the signing switch is turned on, so as to obtain third parameter data, where the third parameter data includes the second parameter data and a digital signature;
the fourth obtaining unit is configured to encrypt the third parameter data by using the encryption/decryption algorithm when the encryption switch is turned on, so as to obtain fourth parameter data;
The fifth obtaining unit is configured to obtain an encryption and decryption algorithm identifier corresponding to the encryption and decryption algorithm and a signature algorithm identifier corresponding to the signature algorithm in an algorithm data dictionary of a database;
the request transmission unit is configured to package the fourth parameter data, the encryption and decryption algorithm identifier and the signature algorithm identifier into a data request, and transmit the data request to a request receiver.
10. A data verification apparatus for application to a request receiver, the apparatus comprising: a sixth obtaining unit, an algorithm determining unit, a seventh obtaining unit, an eighth obtaining unit, and a ninth obtaining unit,
the sixth obtaining unit is configured to obtain a data request transmitted by a request initiator, where the data request includes fourth parameter data, an encryption and decryption algorithm identifier and a signature algorithm identifier;
the algorithm determining unit is used for determining an encryption and decryption algorithm corresponding to the encryption and decryption algorithm identifier and a signature algorithm corresponding to the signature algorithm identifier in an algorithm data dictionary of a database;
the seventh obtaining unit is configured to decrypt the third parameter data by using the encryption/decryption algorithm to obtain third parameter data, where the third parameter data includes second parameter data and a digital signature;
The eighth obtaining unit is configured to verify the digital signature by using the signature algorithm to obtain a verification result;
and the ninth obtaining unit is configured to perform confusion recovery processing on the second parameter data by using a preset data confusion device to obtain first parameter data when the verification result is that the verification result is passed.
CN202310128736.6A 2023-02-17 2023-02-17 Data processing method, data verification method and device Pending CN116132180A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310128736.6A CN116132180A (en) 2023-02-17 2023-02-17 Data processing method, data verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310128736.6A CN116132180A (en) 2023-02-17 2023-02-17 Data processing method, data verification method and device

Publications (1)

Publication Number Publication Date
CN116132180A true CN116132180A (en) 2023-05-16

Family

ID=86304477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310128736.6A Pending CN116132180A (en) 2023-02-17 2023-02-17 Data processing method, data verification method and device

Country Status (1)

Country Link
CN (1) CN116132180A (en)

Similar Documents

Publication Publication Date Title
EP3917075B1 (en) Method and apparatus for encrypting and decrypting product information
US20200372503A1 (en) Transaction messaging
US5319705A (en) Method and system for multimedia access control enablement
WO2020253469A1 (en) Hot update method and apparatus for script file package
EP3761203A1 (en) Information processing method, blockchain node, and electronic apparatus
CN110289946B (en) Block chain wallet localized file generation method and block chain node point equipment
CN110688662A (en) Sensitive data desensitization and inverse desensitization method and electronic equipment
CN111047313B (en) Code scanning payment, information sending and key management method, device and equipment
US10425388B2 (en) Protecting sensitive data security
CN110061968A (en) A kind of file encryption-decryption method based on block chain, system and storage medium
US20230325516A1 (en) Method for file encryption, terminal, electronic device and computer-readable storage medium
CN107800716B (en) Data processing method and device
CN103942896A (en) System for money withdrawing without card on ATM
CN109615376B (en) Transaction method and device based on zero-knowledge proof
CN110417557B (en) Intelligent terminal peripheral data security control method and device
CN115276978A (en) Data processing method and related device
CN108650214B (en) Dynamic page encryption anti-unauthorized method and device
CN116015846A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN116132180A (en) Data processing method, data verification method and device
KR20220002059A (en) Mobile payment method, appratus and mobile payment verification method
CN104915607A (en) Password data processing and exchanging method based on mobile terminal
CN111861489A (en) Financial product transaction share determination method and device based on block chain
CN117522417B (en) Transaction security verification method and device based on quantum encryption
CN105989489B (en) A kind of method and payment terminal of IC card networking certification
CN113379418B (en) Information verification method, device, medium and program product based on security plug-in

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination