CN117057800A - Data processing method, device, equipment and computer readable storage medium - Google Patents
Data processing method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN117057800A CN117057800A CN202210480874.6A CN202210480874A CN117057800A CN 117057800 A CN117057800 A CN 117057800A CN 202210480874 A CN202210480874 A CN 202210480874A CN 117057800 A CN117057800 A CN 117057800A
- Authority
- CN
- China
- Prior art keywords
- digital
- resource transfer
- resource
- transfer
- resource set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 17
- 238000012546 transfer Methods 0.000 claims abstract description 622
- 238000012545 processing Methods 0.000 claims abstract description 156
- 230000008520 organization Effects 0.000 claims abstract description 104
- 230000007246 mechanism Effects 0.000 claims abstract description 96
- 238000000034 method Methods 0.000 claims abstract description 67
- 238000012795 verification Methods 0.000 claims description 128
- 238000004891 communication Methods 0.000 claims description 27
- 230000006870 function Effects 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 24
- 238000010586 diagram Methods 0.000 description 17
- 230000002776 aggregation Effects 0.000 description 5
- 238000004220 aggregation Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000001629 sign test Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the application discloses a data processing method, a device, equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring a transaction request; the transaction request comprises A digital resource set identifiers which are created by the application client and resource transfer values respectively corresponding to the A digital resource set identifiers; generating a voucher identifier corresponding to the A digital resource set identifiers respectively according to the transaction request, and generating a resource transfer voucher corresponding to the A digital resource set identifiers respectively according to the A voucher identifiers and the A resource transfer values; sending the A resource transfer certificates to the organization server cluster; the mechanism server is used for carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value according to the received resource transfer certificate; and obtaining A resource transfer processing results, and determining the transaction result of the transaction request according to the A resource transfer processing results. By adopting the application, the applicability of resource transfer in transaction can be improved.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a data processing method, apparatus, device, and computer readable storage medium.
Background
With the increasing perfection of internet technology and the advancement of society, mobile payment applications of mobile devices are rapidly spreading, and people buy their own required goods every day using mobile devices (e.g., mobile phones), and obviously, mobile payment becomes an important component in people's life.
The payment mechanisms for realizing mobile payment are many, but the payment mechanisms are independent and cannot communicate with each other; when a transaction is generated, in the prior art, the mobile terminal can only complete the transaction through one digital resource set in one payment mechanism; if the digital resource set a is insufficient to complete the transaction, then one needs to select the digital resource set b from the payment mechanism to complete the transaction, and if the digital resource set b is insufficient to complete the transaction, one still needs to select another digital resource set from the payment mechanism or one digital resource set from another payment mechanism. If each digital resource set in each payment mechanism in the mobile terminal cannot complete the transaction, the resource transfer of the transaction fails. Obviously, the prior art has low applicability to resource transfer of transactions.
Disclosure of Invention
The embodiment of the application provides a data processing method, a device, equipment and a computer readable storage medium, which can improve the applicability of resource transfer in transactions.
In one aspect, an embodiment of the present application provides a data processing method, including:
the business server obtains a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client;
generating a voucher identifier corresponding to the A digital resource set identifiers respectively according to the transaction request, and generating a resource transfer voucher corresponding to the A digital resource set identifiers respectively according to the A voucher identifiers and the A resource transfer values;
sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
And obtaining the resource transfer processing results returned by the A mechanism servers respectively, and determining the transaction result of the transaction request according to the A resource transfer processing results.
In one aspect, an embodiment of the present application provides a data processing method, including:
the target mechanism server obtains a target resource transfer certificate sent by the service server; the target resource transfer credential belongs to a resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications corresponding to the A digital resource set identifications respectively and the resource transfer values corresponding to the A digital resource set identifications respectively; the A credential identifications are respectively generated when a business server acquires a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to the mechanism server and is the target mechanism server;
according to the target resource transfer certificate, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate to obtain a resource transfer processing result;
And returning the resource transfer processing result to the service server so that the service server can determine the transaction result of the transaction request based on the resource transfer processing result.
In one aspect, an embodiment of the present application provides a data processing apparatus, where the data processing apparatus is operated on a service server, and includes:
the first acquisition module is used for acquiring a transaction request aiming at the application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client;
the certificate generation module is used for generating A digital resource set identifiers respectively corresponding to the certificate identifiers according to the transaction request, and generating A digital resource set identifiers respectively corresponding to the resource transfer certificates according to the A digital resource set identifiers and the A resource transfer values;
the certificate acquisition module is used for sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
The second acquisition module is used for acquiring the resource transfer processing results returned by the A mechanism servers respectively and determining the transaction result of the transaction request according to the A resource transfer processing results.
Wherein, the voucher generation module includes:
the first acquisition unit is used for acquiring a transfer password to be verified in the transaction request;
the second acquisition unit is used for acquiring a transfer password set corresponding to the application client; the transfer password set comprises transfer passwords corresponding to the B digital resource set identifiers respectively; wherein, a transfer password refers to a password used for transaction, which is set by an application client when creating a digital resource set identifier; the B digital resource set identifiers comprise A digital resource set identifiers; b is a positive integer equal to or greater than A;
the password verification unit is used for verifying the transfer password to be verified according to the transfer password set to obtain a verification result;
and the first generation unit is used for generating the certificate identifications corresponding to the A digital resource set identifications respectively according to the verification result.
Wherein, password verification unit includes:
the password matching subunit is used for matching the to-be-verified transfer password with the transfer passwords in the transfer password set;
The result determining subunit is used for determining that the verification result is a password error result if the transfer password which is the same as the transfer password to be verified does not exist in the transfer password set;
and the result determining subunit is further used for determining that the verification result is a correct password result if the transfer password which is the same as the transfer password to be verified exists in the transfer password set.
Wherein the first generation unit includes:
the first acquisition subunit is used for acquiring object signatures respectively corresponding to the A digital resource set identifiers in the transaction request if the verification result indicates that the transfer passwords which are the same as the transfer passwords to be verified exist in the transfer password set;
the second obtaining subunit is used for obtaining the object public key corresponding to the application client, and respectively carrying out signature verification on the A object signatures based on the object public key to obtain A signature verification results;
the identification generation subunit is used for generating the certificate identifications respectively corresponding to the A digital resource set identifications if the A signature verification results are the signature verification success results.
Wherein the A object signatures include digital resource set identification E d Corresponding object signature C d D is a positive integer and d is less than or equal to A; digital resource set identification E d Belonging to A digital resource set identifiers; the A signature verification results comprise an object signature C d Corresponding signature verification results;
a second acquisition subunit comprising:
a signature decryption subunit for signing the object C based on the object public key d Decrypting to obtain a first digital abstract;
an identifier obtaining subunit, configured to obtain a transaction identifier in the transaction request, and obtain a digital resource set identifier E from object identifiers corresponding to the a digital resource set identifiers included in the transaction request, respectively d A corresponding object identifier;
a first determining subunit for identifying the transaction identifier, the digital resource set identifier E d Corresponding object identification and digital resource set identification E d The corresponding resource transfer value is determined as the data to be verified;
the digest comparison subunit is used for obtaining a second digital digest of the data to be verified and comparing the first digital digest with the second digital digest;
a second determination subunitFor determining the object signature C if the first digital digest is different from the second digital digest d The corresponding signature verification result is a signature verification failure result;
a third determining subunit for determining the object signature C if the first digital digest is the same as the second digital digest d The corresponding signature verification result is a successful signature verification result.
The transaction request also comprises a transaction identifier, object signatures corresponding to the A digital resource set identifiers respectively, and object identifiers corresponding to the A digital resource set identifiers respectively; the A digital resource set identifiers comprise digital resource set identifiers F g G is a positive integer and g is less than or equal to A; the resource transfer credentials respectively corresponding to the A digital resource set identifiers comprise a digital resource set identifier F g Corresponding resource transfer credentials;
a credential generation module comprising:
a third obtaining unit, configured to obtain a service private key, and based on the service private key, identify F to the digital resource set g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g Signing the corresponding resource transfer value and the transaction identifier to obtain a digital resource set identifier F g A corresponding service signature;
a first determining unit for identifying the digital resource set F g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g Corresponding resource transfer value, digital resource set identification F g Corresponding object signature, transaction identification and digital resource set identification F g Corresponding service signature is determined as digital resource set identifier F g Corresponding resource transfer credentials.
Wherein, the second acquisition module includes:
the second determining unit is used for determining that the transaction result of the transaction request is a transaction success result if the A resource transfer processing results are all resource transfer success results;
And the third determining unit is used for determining that the transaction result of the transaction request is a transaction failure result if the resource transfer failure result exists in the A resource transfer processing results.
Wherein, the second acquisition module further includes:
a fourth obtaining unit, configured to obtain, from the a resource transfer processing results, a resource transfer processing result that belongs to a successful resource transfer result, as a target resource transfer processing result, if the transaction result of the transaction request is a transaction failure result;
a fifth obtaining unit, configured to obtain, from the a digital resource set identifiers, a digital resource set identifier corresponding to the target resource transfer processing result, as a target digital resource set identifier;
a fourth determining unit, configured to determine, according to the resource transfer value corresponding to the target digital resource set identifier, a transferred resource corresponding to the target digital resource set identifier;
and the resource returning unit is used for returning the transferred resources to the target digital resource set identifier.
In one aspect, an embodiment of the present application provides a data processing apparatus, where the data processing apparatus is operated on a target organization server, and includes:
the certificate acquisition module is used for acquiring a target resource transfer certificate sent by the service server; the target resource transfer credential belongs to a resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications corresponding to the A digital resource set identifications respectively and the resource transfer values corresponding to the A digital resource set identifications respectively; the A credential identifications are respectively generated when a business server acquires a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to the mechanism server and is the target mechanism server;
The resource transfer module is used for carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate according to the target resource transfer certificate to obtain a resource transfer processing result;
and the result returning module is used for returning the resource transfer processing result to the service server so that the service server can determine the transaction result of the transaction request based on the resource transfer processing result.
Wherein, the resource transfer module includes:
the first acquisition unit is used for acquiring the target object signature in the target resource transfer certificate and the target service signature in the target resource transfer certificate;
the second acquisition unit is used for acquiring an object public key corresponding to the application client, and signing the target object signature based on the object public key to obtain a first signing verification result;
the third acquisition unit is used for acquiring a service public key corresponding to the mechanism server, and performing signature verification on the target service signature based on the service public key to obtain a second signature verification result;
and the resource transfer unit is used for carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate according to the first signature verification result and the second signature verification result, so as to obtain a resource transfer processing result.
Wherein, the resource transfer unit includes:
the first determining subunit is configured to determine that the resource transfer processing result is a resource transfer failure result if there is a label verification failure result in the first label verification result and the second label verification result;
and the second determining subunit is used for carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate if the first signature verification result and the second signature verification result are both signature verification success results, and determining that the resource transfer processing result is a resource transfer success result if the resource transfer to be transferred is successful.
In one aspect, the application provides a computer device comprising: a processor, a memory, a network interface;
the processor is connected to the memory and the network interface, where the network interface is used to provide a data communication function, the memory is used to store a computer program, and the processor is used to call the computer program to make the computer device execute the method in the embodiment of the present application.
In one aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored therein, the computer program being adapted to be loaded by a processor and to perform a method according to embodiments of the present application.
In one aspect, embodiments of the present application provide a computer program product comprising a computer program stored on a computer readable storage medium; the processor of the computer device reads the computer program from the computer-readable storage medium, and the processor executes the computer program, so that the computer device performs the method in the embodiment of the present application.
In the embodiment of the application, when a business server obtains a transaction request aiming at an application client, a credential identifier corresponding to A digital resource set identifiers in the transaction request can be generated according to the transaction request, wherein the A digital resource set identifiers are all created by the application client, namely, the application client can create at least two digital resource sets; further, the service server can generate resource transfer certificates corresponding to the A digital resource set identifiers respectively according to the A certificate identifiers and the resource transfer values corresponding to the A digital resource set identifiers in the transaction request respectively; the service server sends the A resource transfer certificates to the organization server cluster, wherein the organization server cluster comprises A organization servers respectively corresponding to the A digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate; further, the service server obtains the resource transfer processing results returned by the A mechanism servers respectively, and according to the A resource transfer processing results, the transaction result of the transaction request can be determined. As can be seen from the above, for the transaction request, the embodiment of the present application can implement the cross-mechanism resource transfer, that is, the application client can complete one transaction through the digital resources in at least two digital resource sets, so that the applicability of the resource transfer in the transaction can be improved.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system architecture according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a scenario for data processing according to an embodiment of the present application;
FIG. 3 is a second schematic diagram of a scenario of data processing according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating a data processing method according to an embodiment of the present application;
FIG. 5 is a diagram illustrating a relationship between an application client, a service server, and a plurality of operators according to an embodiment of the present application;
FIG. 6 is a third schematic view of a scenario of data processing according to an embodiment of the present application;
FIG. 7 is a second flow chart of a data processing method according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 9 is a schematic diagram II of a data processing apparatus according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a computer device according to an embodiment of the present application;
fig. 11 is a schematic diagram of a second embodiment of a computer device.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, fig. 1 is a schematic diagram of a system architecture according to an embodiment of the application. As shown in fig. 1, the system architecture may include a service server 100, an organization server cluster, and a terminal device cluster. It will be appreciated that the above-mentioned terminal device cluster may include one or more terminal devices, and the present application does not limit the number of terminal devices, as shown in fig. 1, the terminal device cluster may include: terminal equipment 101a, terminal equipment 101b, …, and terminal equipment 101n. Wherein each terminal device in the terminal device cluster may include: smart terminals with digital resource transfer functions such as smart phones, tablet computers, notebook computers, desktop computers, smart speakers, smart watches, vehicle-mounted terminals, smart televisions and the like.
It should be understood that each terminal device in the terminal device cluster shown in fig. 1 may be provided with an application client, and when the application client runs in each terminal device, data interaction may be performed between the application client and the service server 100 shown in fig. 1. The application client can be an application client with a digital resource collection function, such as a video application, a convenient living application, a social application, a digital resource application, a financial application, a game application, a shopping application, a novel application, a browser and the like. The application client may be an independent client, or may be an embedded sub-client integrated in a client (for example, a social client, an educational client, and a multimedia client), which is not limited herein.
The service server 100 in the embodiment of the present application may be a server corresponding to the application client. Taking the application client as a digital resource application as an example, the service server 100 may be a set of multiple servers including a background server, a data processing server and the like corresponding to the digital resource application, so that each terminal device may perform data transmission with the service server 100 through the application client corresponding to the digital resource application, for example, each terminal device may upload a transaction request to the service server 100 through the application client of the digital resource application, and further the service server 100 may verify the transaction content according to the transaction request and request the institution server to perform corresponding resource transfer. The service server 100 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud computing services.
It will be appreciated that the above-described organization server cluster may include one or more organization servers, and the present application is not limited to the number of organization servers, as shown in fig. 1, and the organization server cluster may include: the organization servers 102a, the organization servers 102b, …, and the organization server 102n. Each of the organization servers in the organization server cluster may be a server corresponding to an operation organization having a function of providing digital resource aggregation service, for example, the organization server 102a is a server corresponding to a first operation organization providing the function of providing digital resource aggregation service, the organization server 102b is a server corresponding to a second operation organization providing the function of providing digital resource aggregation service, and the organization server 102n is a server corresponding to a third operation organization providing the function of providing digital resource aggregation service; the first operation mechanism, the second operation mechanism and the third operation mechanism are mutually independent operation mechanisms. Each of the organization servers in the organization server cluster may be an independent physical server, may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud computing services.
Wherein a communication connection may exist between the clusters of terminal devices, for example, a communication connection exists between terminal device 101a and terminal device 101b, and a communication connection exists between terminal device 101a and terminal device 101 n. Meanwhile, any terminal device in the terminal device cluster may have a communication connection with the service server 100, for example, a communication connection between the terminal device 101a and the service server 100. Meanwhile, any terminal device in the terminal device cluster may have a communication connection with any organization server in the organization server cluster, for example, a communication connection exists between the terminal device 101a and the organization server 102a, and a communication connection exists between the terminal device 101b and the organization server 102 a.
Wherein any of the organization servers in the organization server cluster may have a communication connection with the business server 100, such as a communication connection between the organization server 102a and the business server 100. Meanwhile, there may be a communication connection between the organization server clusters, for example, there may be a communication connection between the organization server 102a and the organization server 102 b.
The present application is not limited to the above-mentioned connection method, and may be directly or indirectly connected through a wired communication method, or directly or indirectly connected through a wireless communication method, or may be further connected through other methods.
For the convenience of subsequent understanding and description, the embodiment of the present application may select one terminal device as a target terminal device in the terminal device cluster shown in fig. 1, for example, use the terminal device 101a as a target terminal device. When a transaction request including a digital resource set identifiers and resource transfer values corresponding to the a digital resource set identifiers respectively is generated in the application client, the terminal device 101a may send the transaction request carrying the object information to the service server 100, where a is a positive integer greater than 1; in the embodiment of the present application, the information for identifying the digital resource set is called a digital resource set identifier, and the embodiment of the present application does not limit the digital resource set identifier, and may be any information that can be used to identify the digital resource set in the service server 100; the digital resource set refers to a tool for managing digital resources, which can be understood as a digital wallet, and can realize the resource transfer of the digital resources in online transactions or offline transactions; the embodiment of the application does not limit the digital resources, and the electronic resources with transaction value can be all available; the object information may represent an object using the application client, and the embodiment of the present application does not limit the object information (the object is authorized), including, but not limited to, a mobile phone and an identification number to which the object is bound in the application client, and may be set according to an actual application scenario.
Further, the service server 100 obtains a transaction request for the application client sent by the terminal device 101a, obviously, the transaction request is used for requesting to implement a transaction through the resource transfer values respectively corresponding to the a digital resource set identifiers, and it can also be understood that the terminal device 101a requests to implement a transaction through the digital resource balances respectively corresponding to the a digital resource sets; further, according to the transaction request, the service server 100 may generate the credential identifier corresponding to the a digital resource set identifiers, and the method of generating the credential identifier is not limited in the embodiment of the present application, and the method of generating the credential identifier with uniqueness may be all that is required. According to the a credential identifications and the a resource transfer values, the service server 100 may generate a resource transfer credential corresponding to the a digital resource set identifications, respectively, that is, the resource transfer credential corresponding to one digital resource set identification includes the credential identification corresponding to the digital resource set identification and the resource transfer value corresponding to the digital resource set identification.
The service server 100 sends the a resource transfer credentials to an organization server cluster, where the organization server cluster includes organization servers corresponding to a digital resource set identifiers respectively, for example, the a digital resource set identifiers include identifiers corresponding to a first digital resource set (abbreviated as a first digital resource set identifier), where the first digital resource set is provided by a first operation organization, and the service server 100 sends the resource transfer credentials corresponding to the first digital resource set identifier (abbreviated as a first resource transfer credential) to an organization server corresponding to the first operation organization (such as the organization server 102a in fig. 1). In the following description, the processing procedure of acquiring the resource transfer credential by the other organization server is identical to the processing procedure of acquiring the first resource transfer credential by the organization server 102a, taking the organization server 102a as an example.
After the first resource transfer certificate is obtained, the organization server 102a performs resource transfer processing on the resources to be transferred indicated by the resource transfer value in the first resource transfer certificate according to the first resource transfer certificate, so as to obtain a resource transfer processing result, and the organization server 102a returns the resource transfer processing result to the service server 100.
The service server 100 obtains the resource transfer processing results returned by the a institution servers, and further, according to the a resource transfer processing results, the service server 100 may determine a transaction result of the transaction request, and return the transaction result to the terminal device 101a.
It will be appreciated that in the specific embodiment of the present application, related data such as user information (e.g., object information and transaction requests) is involved, and when the above embodiments of the present application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data is required to comply with related laws and regulations and standards of related countries and regions.
Alternatively, it may be understood that a system architecture may include a plurality of service servers, where one terminal device may be connected to one service server, and each service server may obtain a transaction request uploaded by a terminal device connected to the service server, so that the obtained transaction request may be processed.
The service server 100, the terminal device 101a, the terminal device 101b, the terminal device 101n, the organization server 102a, the organization servers 102b, …, and the organization server 102n may be blockchain nodes in a blockchain network, and the data (for example, the transaction request and the transaction result) described in full text may be stored in a manner that the blockchain nodes generate blocks according to the data and add the blocks to the blockchains for storage.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like, and is mainly used for sorting data according to time sequence, encrypting the data into an account book, preventing the account book from being tampered and forged, and simultaneously verifying, storing and updating the data. A blockchain is essentially a de-centralized database in which each node stores an identical blockchain, and a blockchain network can distinguish nodes into core nodes, data nodes, and light nodes. The core nodes, data nodes and light nodes together form a blockchain node. The core node is responsible for the consensus of the whole blockchain network, that is to say, the core node is a consensus node in the blockchain network. The process of writing the transaction data in the blockchain network into the ledger may be that a data node or a light node in the blockchain network acquires the transaction data, transfers the transaction data in the blockchain network (that is, the node transfers in a baton manner) until the transaction data is received by a consensus node, packages the transaction data into a block, performs consensus on the block, and writes the transaction data into the ledger after the consensus is completed. Here, the transaction data is exemplified by a transaction request and a transaction result, and after the transaction data is identified by the transaction server 100 (blockchain node), a block is generated according to the transaction data, and the block is stored in the blockchain network; for reading transaction data (i.e., transaction request and transaction result), a block containing the transaction data may be obtained by the blockchain node in the blockchain network, and further, the transaction data may be obtained in the block.
It will be appreciated that the method provided by the embodiments of the present application may be performed by a computer device, including but not limited to a terminal device or a service server or an organization server. The business server and the organization server can be independent physical servers, can be a server cluster or a distributed system formed by a plurality of physical servers, and can also be cloud servers for providing cloud database, cloud service, cloud computing, cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, basic cloud computing service such as big data and artificial intelligent platform. Terminal devices include, but are not limited to, cell phones, computers, intelligent voice interaction devices, intelligent home appliances, vehicle terminals, aircraft, and the like. The terminal device and the service server may be directly or indirectly connected through a wired or wireless manner, which is not limited in the embodiment of the present application.
It can be understood that the system architecture can be applied to a resource transfer scenario of online transaction, and can also be applied to a service scenario such as a resource transfer scenario of offline transaction, and specific service scenarios will not be listed one by one here.
Further, referring to fig. 2, fig. 2 is a schematic diagram of a scenario of data processing according to an embodiment of the present application. The implementation process of the data processing scenario may be performed in a service server, or may be performed in a terminal device, or may be performed in any one of the organization servers in the organization server cluster, or may be performed interactively in the terminal device, the service server, and the organization server cluster, where the terminal device may be any one of the terminal device clusters in the embodiment corresponding to fig. 1, fig. 2 is described taking the terminal device 101a as an example, the service server may be the service server 100 in the embodiment corresponding to fig. 1, and the organization server cluster may be the organization server cluster in the embodiment corresponding to fig. 1. The embodiment of the application can be applied to various scenes, including but not limited to cloud technology, artificial intelligence, intelligent transportation, auxiliary driving and the like.
As shown in fig. 2, the first object 20a has a binding relationship with the terminal device 101a, and the application client of the present application has a digital resource collection function, for convenience of understanding, fig. 2 illustrates the application client as application a, the digital resource collection as wallet, and the digital resource corresponding to the digital resource collection as wallet balance, and as illustrated in the service page 201a, the first object 20a creates 4 digital resource collections in the application a, namely, a digital resource collection 1 (such as wallet 1 in fig. 2), a digital resource collection 2 (such as wallet 2 in fig. 2), a digital resource collection 3 (such as wallet 3 in fig. 2), and a digital resource collection 4 (such as wallet 4 in fig. 2).
As shown in fig. 2, the first object 20a transfers 1000 to the second object (object "aa" in fig. 2) through the application a, at this time, the terminal device 101a queries the digital resources corresponding to each digital resource set of the first object 20 in the application a, and displays the digital resources corresponding to each digital resource set in the service page 201a, where, as shown in the service page 201a, the balance of the wallet 1 (i.e., the digital resources corresponding to the digital resource set 1) is 600, the balance of the wallet 2 (i.e., the digital resources corresponding to the digital resource set 2) is 1000, the balance of the wallet 3 (i.e., the digital resources corresponding to the digital resource set 3) is 500, and the balance of the wallet 4 (i.e., the digital resources corresponding to the digital resource set 4) is 1200.
At this time, the terminal device 101a prompts the first object 20a to select a digital resource set (i.e. wallet) for resource transfer, and the embodiment of the present application may provide two resource transfers, where the first resource transfer mode is a single resource transfer mode, and the second resource transfer mode is a combined resource transfer mode. As shown in fig. 2, if the first object 20a selects a single resource transfer and selects the wallet 1, at this time, the terminal device 101a may display a digital resource lack prompt 201b on the service page 201a, as illustrated in fig. 2 by "your wallet 1 balance is lower than the transfer value", and when the display duration of the digital resource lack prompt 201b reaches the display duration threshold, the terminal device 101a cancels the display of the digital resource lack prompt 201b on the service page 201 a. If the first object 20a selects a single resource transfer and selects the wallet 4, the terminal device 101a may display a transfer password input prompt 201c, such as "please input transfer password" illustrated in fig. 2, and the embodiment of the present application does not limit the manner in which the first object 20a inputs the transfer password, and fig. 2 illustrates a digital password.
If the first object 20a selects the combined resource transfer, at this time, the terminal device 101a may display a combined setting page 201d, where the combined setting page 201d may include at least two to-be-input combined areas and at least two to-be-input resource areas corresponding to the to-be-input combined areas, where the to-be-input combined areas are used for inputting a digital resource set (i.e. wallet) in the combined resource transfer, and the to-be-input resource areas are used for inputting a resource transfer value. Fig. 2 illustrates that at least two to-be-input combined areas include a to-be-input combined area 201e, a to-be-input combined area 202e, and a to-be-input combined area 203e; the at least two to-be-input resource areas include to-be-input resource area 201f corresponding to-be-input combined area 201e, to-be-input resource area 202f corresponding to-be-input combined area 202e, and to-be-input resource area 203f corresponding to-be-input combined area 203 e. The combination setting page 201d may further include an add combination control 204e, and when the first object 20a triggers the add combination control 204e, the terminal device 101a may add a new to-be-input combination area and a new to-be-input resource area in the combination setting page 201d in response to a trigger operation for the add combination control 204 e.
As shown in fig. 2, when the first object 20a triggers the to-be-input combination area 201e, the terminal device 101a may display a digital resource set list 201g, where the digital resource set list 201g includes all digital resource sets created by the first object 20a in the application a, and digital resources corresponding to each digital resource set respectively, and details of the digital resource set list 201g illustrated in fig. 2 are described above with respect to the service page 201a, which is not described herein. If the first object 20a selects the digital resource set 1 (i.e., wallet 1) in the digital resource set list 201g, the terminal device 101a may update and display the combination setting page 201d as a combination setting page 202d, and as shown in fig. 2, the wallet 1 selected by the first object 20a is displayed in a to-be-input combination area 201e in the combination setting page 202 d.
Fig. 2 is an example of selecting digital resource sets one by one with the first object 20a, alternatively, the first object 20a may select a plurality of digital resource sets in the digital resource set list 201g, for example, the digital resource set 1 (such as the wallet 1 in fig. 2), the digital resource set 2 (such as the wallet 2 in fig. 2), and the digital resource set 4 (such as the difference 4 in fig. 2), and then the terminal device 101a performs update display on the combination setting page 201d in response to the selection operation for the digital resource set 1, the digital resource set 2, and the digital resource set 4, please refer to fig. 3 together, and fig. 3 is a schematic diagram of a scenario of data processing provided by an embodiment of the present application. As shown in fig. 3, the terminal device 101a updates and displays the combination setting page 201d as a combination setting page 203d in which the wallet 1 is displayed in the to-be-input combination area 201e in the combination setting page 203d, the wallet 2 is displayed in the to-be-input combination area 202e in the combination setting page 203d, and the wallet 4 is displayed in the to-be-input combination area 203e in the combination setting page 203 d.
Further, the first object 20a sets each resource area to be input respectively, it may be understood that the setting process of the 3 resource areas to be input is the same, so in the embodiment of the present application, the setting process of the resource area to be input is exemplified by the resource area to be input 201f, as shown in fig. 3, when the first object 20a inputs 700 in the resource area to be input 201f, the terminal device 101a may display a digital resource lack prompt 201b according to the balance of the wallet 1, if the first object 20a triggers the digital resource lack prompt 201b, the terminal device 101a may cancel to display the digital resource lack prompt 201b, if the first object 20a does not trigger the digital resource lack prompt 201b, the terminal device 101a continuously displays the digital resource lack prompt 201b until the display duration corresponding to the digital resource lack prompt 201b reaches the display threshold; at this time, the first object 20a may reset the resource transfer value corresponding to the wallet 1, and the subsequent setting process is the same as the above, so that a detailed description is omitted.
The first object 20a sets 3 resource areas to be input, as illustrated by the combination setting page 204d, the first object 20a sets the resource transfer value corresponding to the wallet 1 to 300, the resource transfer value corresponding to the wallet 2 to 500, and the resource transfer value corresponding to the wallet 4 to 200, that is, the total number of the resource transfer values respectively corresponding to the 3 digital resource sets is the total value of the transaction. If the first object 20a triggers the determination control 204f, the terminal device 101a displays the password input page 201h in response to a triggering operation for the determination control 204 f. If any transfer password in the transfer password set is input by the first object 20a in the password input page 201h, the terminal device generates a transaction request based on the identifier corresponding to the digital resource set 1 (for example, the digital resource set identifier 1), the identifier corresponding to the digital resource set 2 (for example, the digital resource set identifier 2), the identifier corresponding to the digital resource set 4 (for example, the digital resource set identifier 4), the resource transfer value corresponding to the digital resource set 1 (for example, 300 in the combination setting page 204 d), the resource transfer value corresponding to the digital resource set 2 (for example, 500 in the combination setting page 204 d), the resource transfer value corresponding to the digital resource set 4 (for example, 200 in the combination setting page 204 d), and the transfer password (i.e., the transfer password to be verified) input by the first object 20 a.
The above-mentioned transfer password set includes the transfer password corresponding to each set of digital resources (e.g., wallet in fig. 2 and 3) when the first object 20a creates each set of digital resources in the application a. It will be appreciated that when creating each set of digital resources, the first object 20a needs to set a transfer password corresponding to the set of digital resources. For example, in application a, through a digital resource set (wallet) service provided by the operator 1, the first object 20a may create a digital resource set 1 (e.g., wallet 1) and set a transfer password 1 corresponding to the digital resource set 1; through the digital resource collection service provided by the operating mechanism 1, the first object 20a may create a digital resource collection 2 (e.g., wallet 2) and set a transfer password 2 corresponding to the digital resource collection 2; the application client (i.e. application a) in the embodiment of the present application supports multiple operating mechanisms to provide digital resource collection service, so that the first object 20a can create a digital resource collection 3 (such as a wallet 3) and set a transfer password 3 corresponding to the digital resource collection 3 through the digital resource collection service provided by the operating mechanism 2; through the digital resource collection service provided by the operator 3, the first object 20a may create a digital resource collection 4 (e.g., wallet 4) and set a transfer password 4 corresponding to the digital resource collection 4; the transfer password set may include a transfer password 1, a transfer password 2, a transfer password 3, and a transfer password 4, where each transfer password in the transfer password set is determined by the first object 20a, and thus may be different from each other or the same.
Referring back to fig. 3, the terminal device 101a sends a transaction request for the application a to the service server 100. When obtaining the transaction request for the application a sent by the terminal device 101a, the service server 100 may generate, according to the transaction request, resource transfer credentials corresponding to 3 digital resource set identifiers (such as the digital resource set identifier 1, the digital resource set identifier 2, and the digital resource set identifier 4) in the transaction request, where the resource transfer credential 1 corresponding to the digital resource set identifier 1, the resource transfer credential 2 corresponding to the digital resource set identifier 2, and the resource transfer credential 3 corresponding to the digital resource set identifier 4 are illustrated in fig. 3, and in this embodiment of the present application, a description of a specific process of generating the resource transfer credential by the service server 100 is not expanded, and please refer to the description of step S102 in the embodiment corresponding to fig. 4 below.
Further, since digital resource collection 1 is created by the digital resource collection service function provided by operator 1, business server 100 sends resource transfer credential 1 to the corresponding server of operator 1, such as, for example, organization server 102a in fig. 3; similarly, since digital resource collection 2 is created by the digital resource collection service function provided by operator 1, business server 100 sends resource transfer credential 2 to the corresponding server of operator 1, such as, for example, organization server 102a in FIG. 3; similarly, since the digital resource collection 4 is created by the digital resource collection service function provided by the operation organization 3, the service server 100 sends the resource transfer credential 3 to a corresponding server of the operation organization 3, such as the organization server 102b in fig. 3. The mechanism server is configured to perform, according to the received resource transfer credential, a resource transfer process on the resource to be transferred indicated by the resource transfer value in the received resource transfer credential, which is not described in the embodiment of the present application, and please refer to the description in the embodiment corresponding to fig. 7 below.
Referring to fig. 3 again, the organization server 102a returns a resource transfer processing result 1 corresponding to the resource transfer credential 1, and a resource transfer processing result 2 corresponding to the resource transfer credential 2 to the service server 100, and the organization server 102b returns a resource transfer processing result 3 corresponding to the resource transfer credential 3 to the service server 100. The service server 100 determines a transaction result, such as a transaction success result or a transaction failure result, of the transaction request according to the 3 resource transfer processing results. Further, the service server 100 returns the transaction result to the terminal device 101a so that the first object 20a knows the resource transfer result.
It will be appreciated that the interfaces and controls illustrated in fig. 2 and 3 are merely some representations that may be referred to, and in an actual business scenario, a developer may perform related design according to product requirements, and the embodiments of the present application are not limited to the specific forms of the interfaces and controls involved.
As can be seen from the foregoing, the embodiment of the present application opens up digital resource sets respectively corresponding to different operation mechanisms based on a digital resource set (i.e. digital wallet) mechanism, for example, the application a supports the operation mechanism 1 to provide a digital resource set service function, and the operation mechanism 2 provides a digital resource set service function; therefore, aiming at a transaction request, the embodiment of the application can realize simultaneous deduction of a plurality of digital resource sets, namely, can realize the opening of the digital resources.
Further, referring to fig. 4, fig. 4 is a flowchart illustrating a data processing method according to an embodiment of the application. The data processing method may be performed by a service server (e.g., the service server 100 shown in fig. 1 described above), or may be performed by a terminal device (e.g., the terminal device 101a shown in fig. 1 described above), or may be performed interactively by the service server and the terminal device. For easy understanding, the embodiment of the present application is described as an example in which the method is executed by a service server. As shown in fig. 4, the data processing method may include at least the following steps S101 to S104.
Step S101, obtaining a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the a digital resource set identifications are each created by an application client.
Specifically, the transaction request in the embodiment of the application may include a plurality of digital resource set identifiers and resource transfer values respectively corresponding to the plurality of digital resource set identifiers, that is, the embodiment of the application may perform resource transfer processing on digital resources in a plurality of digital resource sets at the same time for one transaction, so when the digital resources in one digital resource set are insufficient to complete resource transfer of one transaction, one transaction may be completed by two or more digital resources respectively corresponding to the two or more digital resource sets, and applicability and convenience of resource transfer in the transaction may be improved.
It can be appreciated that the embodiment of the present application also supports completing a transaction through a digital resource in a digital resource set, and the process is the same as that described below, so that a detailed description is omitted.
The application client of the embodiment of the present application supports digital resource aggregation service functions provided by a plurality of operation mechanisms respectively, please refer to fig. 5, and fig. 5 is a relationship structure diagram among the application client, the service server and the plurality of operation mechanisms provided by the embodiment of the present application. As shown in fig. 5, the service server may provide a plurality of operation mechanisms, such as operation mechanism 1, operation mechanism 2, operation mechanisms 3, …, and operation mechanism n, for the application client, each operation mechanism may provide a digital resource set service function, and in fig. 5, the application client creates a digital resource set 1 and a digital resource set 2 through the digital resource set service function provided by the operation mechanism 1; the application client creates a digital resource set 3 and a digital resource set 4 through the digital resource set service function provided by the operation mechanism 3; it will be appreciated that the application client may still create a new set of digital resources, e.g. set of digital resources 5, by means of the digital resource set service functions provided by the operation authorities 1 and 3, respectively, and likewise another new set of digital resources, e.g. set of digital resources 6, by means of the digital resource set service functions provided by the operation authorities 2 and 4, respectively.
Step S102, generating A digital resource set identifiers respectively corresponding to the certificate identifiers according to the transaction request, and generating A digital resource set identifiers respectively corresponding to the resource transfer certificates according to the A digital resource set identifiers and the A resource transfer values.
Specifically, a transfer password to be verified in a transaction request is obtained; acquiring a transfer password set corresponding to an application client; the transfer password set comprises transfer passwords corresponding to the B digital resource set identifiers respectively; wherein, a transfer password refers to a password used for transaction, which is set by an application client when creating a digital resource set identifier; the B digital resource set identifiers comprise A digital resource set identifiers; b is a positive integer equal to or greater than A; verifying the transfer password to be verified according to the transfer password set to obtain a verification result; and generating the certificate identifications corresponding to the A digital resource set identifications respectively according to the verification result.
The specific process of verifying the transfer password to be verified according to the transfer password set to obtain the verification result may include: matching the transfer password to be verified with the transfer passwords in the transfer password set; if the transfer password set does not have the same transfer password as the transfer password to be verified, determining that the verification result is a password error result; if the transfer password which is the same as the transfer password to be verified exists in the transfer password set, determining that the verification result is a correct password result.
The specific process of generating the credential identifiers corresponding to the a digital resource set identifiers respectively according to the verification result may include: if the verification result indicates that the transfer password which is the same as the transfer password to be verified exists in the transfer password set, obtaining object signatures respectively corresponding to the A digital resource set identifiers in the transaction request; acquiring an object public key corresponding to an application client, and respectively signing the A object signatures based on the object public key to obtain A signing verification results; if the A signature verification results are the successful signature verification results, generating the certificate identifications corresponding to the A digital resource set identifications respectively.
Wherein the A object signatures include digital resource set identification E d Corresponding object signature C d D is a positive integer and d is less than or equal to A; digital resource set identification E d Belonging to A digital resource set identifiers; the A signature verification results comprise an object signature C d Corresponding signature verification results; the specific process of respectively signing the A object signatures based on the object public key to obtain A signing verification results can comprise the following steps: signing an object based on the object public key C d Decrypting to obtain a first digital abstract; acquiring transaction identifications in the transaction request, and acquiring digital resource sets from object identifications respectively corresponding to A digital resource set identifications included in the transaction request Combined mark E d A corresponding object identifier; transaction identifier, digital resource set identifier E d Corresponding object identification and digital resource set identification E d The corresponding resource transfer value is determined as the data to be verified; acquiring a second digital digest of the data to be verified, and comparing the first digital digest with the second digital digest; if the first digital digest is different from the second digital digest, determining an object signature C d The corresponding signature verification result is a signature verification failure result; if the first digital digest is the same as the second digital digest, determining an object signature C d The corresponding signature verification result is a successful signature verification result.
Specifically, the transaction request further includes a transaction identifier, object signatures corresponding to the a digital resource set identifiers, and object identifiers corresponding to the a digital resource set identifiers; the A digital resource set identifiers comprise digital resource set identifiers F g G is a positive integer and g is less than or equal to A; the resource transfer credentials respectively corresponding to the A digital resource set identifiers comprise a digital resource set identifier F g Corresponding resource transfer credentials; acquiring a service private key, and identifying the digital resource set F based on the service private key g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g Signing the corresponding resource transfer value and the transaction identifier to obtain a digital resource set identifier F g A corresponding service signature; identifying a digital resource set F g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g Corresponding resource transfer value, digital resource set identification F g Corresponding object signature, transaction identification and digital resource set identification F g Corresponding service signature is determined as digital resource set identifier F g Corresponding resource transfer credentials.
As shown in fig. 2 and fig. 3, when the first object 20a performs a transaction through the application a of the terminal device 101a, a transfer password needs to be input, and the terminal device 101a adds the transfer password input by the first object 20a as a transfer password to be verified to the transaction request, so after the transaction request is acquired by the service server 100, the transfer password to be verified in the transaction request needs to be verified. Referring to fig. 6, fig. 6 is a schematic diagram of a third scenario of data processing according to an embodiment of the present application. As shown in fig. 3, the service server 100 obtains a set of transfer passwords 40a corresponding to the application client, where the set of transfer passwords 40a may include a transfer password 1 (equivalent to the transfer password 1 in the embodiment corresponding to fig. 2 described above), a transfer password 2 (equivalent to the transfer password 2 in the embodiment corresponding to fig. 2 described above), a transfer password 3 (equivalent to the transfer password 3 in the embodiment corresponding to fig. 2 described above), and a transfer password 4 (equivalent to the transfer password 4 in the embodiment corresponding to fig. 2 described above). Further, the service server 100 matches the transfer password to be verified with 4 transfer passwords in the transfer password set 40 a; if the transfer password set 40a does not have the same transfer password as the transfer password to be verified, the verification result may be determined to be a password error result, at this time, the service server 100 may generate a first prompt message, such as the prompt message 401a illustrated in fig. 6, that is, "transfer password error, transaction failure", and return a second prompt message to the terminal device 101a, so that the first object 20a may input the correct transfer password.
Referring to fig. 6 again, if there is a transfer password in the transfer password set that is the same as the transfer password to be verified, for example, the transfer password to be verified is the same as the transfer password 1, the service server 100 may determine that the verification result is a correct password result, at this time, the service server 100 obtains object signatures corresponding to the a digital resource set identifiers in the transaction request, and fig. 6 illustrates the a digital resource set identifiers 1, 2, and 4 as the a digital resource set identifiers mentioned in fig. 3, so the a object signatures may include the object signature 1 corresponding to the digital resource set identifier 1, the object signature 2 corresponding to the digital resource set identifier 2, and the object signature 3 corresponding to the digital resource set identifier 4. Wherein, the object signature 1 is generated by the terminal device 101a signing the object identifier 1, the transaction identifier and the resource transfer value 1 (as 300 in fig. 3) based on the object private key, the object identifier 1 is the object information authorized when the first object 20a creates the digital resource set 1, and the transaction identifier is the information of the transaction, such as the transaction number; object signature 2 is generated by terminal device 101a signing object identifier 2, transaction identifier and resource transfer value 2 (e.g. 500 in fig. 3) based on the object private key, object identifier 2 being object information authorized when first object 20a creates digital resource set 2; the object signature 3 is generated by the terminal device 101a signing the object identification 3, the transaction identification and the resource transfer value 3 (e.g. 200 in fig. 3) based on the object private key, the object identification 3 being object information authorized when the first object 20a creates the digital resource set 4.
The object public key and the object private key mentioned in the embodiment of the application, and the service public key and the service private key are asymmetric key pairs, wherein the public key in the asymmetric key pairs is a public part of the key pairs, and the private key is a non-public part. Public keys are commonly used to encrypt data, verify digital signatures, and the like. By means of this algorithm it is ensured that the resulting key pair is unique, and when using this key pair, if one of the keys is used to encrypt a piece of data, it must be decrypted with the other key, e.g. the public key is used to encrypt the data, and if the private key is used, it must be decrypted with the public key, otherwise the decryption will not succeed.
Further, the service server 100 obtains the object public key 40b corresponding to the application client, and performs signature verification on the a (in the embodiment of the present application, the a is equal to 3) object signatures based on the object public key 40b, so as to obtain a signature verification results. It will be appreciated that the process of signing each object signature by the service server 100 based on the object public key 40b is the same, so that the embodiment of the present application describes the signing verification of the object signature 1 based on the object public key 40 b. As shown in fig. 6, the service server 100 decrypts the object signature 1 based on the object public key 40b to obtain a first digital digest 1, and performs hash computation on the object identifier 1, the transaction identifier and the resource transfer value 1 to obtain a second digital digest 1; the service server 100 compares the first digital abstract 1 with the second digital abstract 1, and if the first digital abstract 1 and the second digital abstract are the same, the signature verification result of the object signature 1 is determined to be a successful signature verification result; if the first digital digest 1 is different from the second digital digest 1, the service server 100 may determine that the signature verification result of the object signature 1 is a signature verification failure result, at this time, the service server 100 may generate a second prompt message, such as the prompt message "object status is abnormal" illustrated in fig. 6, and return the second prompt message to the terminal device 101a, so that the first object 20a may understand that its object status is in an abnormal state.
When the 3 signature verification results are all signature verification success results, the service server 100 generates credential identifiers corresponding to the 3 digital resource set identifiers respectively, such as credential identifier 1, credential identifier 2 and credential identifier 3 illustrated in fig. 6. Further, the service server 100 obtains the service private key 40d, and signs the credential identifier 1, the object identifier 1, the transaction identifier and the resource transfer value 1 based on the service private key 40d to obtain a service signature 1 corresponding to the digital resource set identifier 1; based on the service private key 40d, the service server 100 signs the certificate identifier 2, the object identifier 2, the transaction identifier and the resource transfer value 2 to obtain a service signature 2 corresponding to the digital resource set identifier 2; based on the service private key 40d, signing the certificate identifier 3, the object identifier 3, the transaction identifier and the resource transfer value 3 to obtain a service signature 3 corresponding to the digital resource set identifier 4.
Further, the service server 100 combines the credential identifier 1, the object identifier 1, the transaction identifier, the resource transfer value 1, the service signature 1 and the object signature 1 into a resource transfer credential 1 corresponding to the digital resource set identifier 1; combining the voucher identification 2, the object identification 2, the transaction identification, the resource transfer value 2, the service signature 2 and the object signature 2 into a resource transfer voucher 2 corresponding to the digital resource set identification 2; and combining the certificate identifier 3, the object identifier 3, the transaction identifier, the resource transfer value 3, the service signature 3 and the object signature 3 into a resource transfer certificate 3 corresponding to the digital resource set identifier 4.
The trust relationship between the service server 100 and the organization server cluster is ensured by the asymmetric key pair of the service server 100, that is, the service server 100 signs related data based on the service private key 40d to obtain a service signature, so that the organization server which receives the resource transfer certificate can check the service signature based on the service public key corresponding to the service private key 40d, and the organization server determines the credibility of the transaction according to the check result. Optionally, the service server 100 negotiates a symmetric key pair with the organization server one at a time in advance (i.e. the symmetric key pair is disposable, and the public key and the private key in the symmetric key pair are the same), and then the service server 100 encrypts the credential identifier 1, the object identifier 1, the transaction identifier, and the resource transfer value 1 according to the negotiated symmetric key to obtain the encrypted data 1; encrypting the certificate identifier 2, the object identifier 2, the transaction identifier and the resource transfer value 2 according to the negotiated symmetric key to obtain encrypted data 2; encrypting the certificate identifier 3, the object identifier 3 and the transaction identifier according to the negotiated symmetric key, and obtaining encrypted data 3 by encrypting the resource transfer value 3; then, combining the voucher identification 1, the object identification 1, the transaction identification, the resource transfer value 1, the encrypted data 1 and the object signature 1 into a resource transfer voucher 1 corresponding to the digital resource set identification 1; combining the voucher identification 2, the object identification 2, the transaction identification, the resource transfer value 2, the encrypted data 2 and the object signature 2 into a resource transfer voucher 2 corresponding to the digital resource set identification 2; and combining the certificate identifier 3, the object identifier 3, the transaction identifier, the resource transfer value 3, the encrypted data 3 and the object signature 3 into a resource transfer certificate 3 corresponding to the digital resource set identifier 4.
Step S103, sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; an organization server is used for receiving a resource transfer certificate and carrying out resource transfer processing on resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate.
Specifically, the embodiment of the application does not limit the operation mechanisms to which the a digital resource set identifiers respectively belong, that is, does not limit the operation mechanisms to which the a digital resource sets respectively belong, and can ensure that the operation mechanisms corresponding to the a digital resource sets respectively are different. Let a digital resource sets include a digital resource set a, a digital resource set b, and a digital resource set c. In the application client, if the first object creates a digital resource set a according to a service function provided by an operation mechanism a, creates a digital resource set b according to a service function provided by an operation mechanism b, and creates a digital resource set c according to a service function provided by an operation mechanism c, the service server sends a resource transfer certificate corresponding to the digital resource set a to an organization server corresponding to the operation mechanism a, sends a resource transfer certificate corresponding to the digital resource set b to an organization server corresponding to the operation mechanism b, and sends a resource transfer certificate corresponding to the digital resource set c to an organization server corresponding to the operation mechanism c.
Optionally, two or more than two digital resource sets respectively corresponding to the operation mechanisms are the same in the a digital resource sets, the digital resource set 1 and the digital resource set 2 as illustrated in fig. 5 above all belong to the operation mechanism 1, the digital resource set 3 and the digital resource set 4 all belong to the operation mechanism 3, in this scenario, the service server sends the resource transfer certificate corresponding to the digital resource set 1 and the resource transfer certificate corresponding to the digital resource set 2 to the mechanism server corresponding to the operation mechanism 1, and sends the resource transfer certificate corresponding to the digital resource set 3 and the resource transfer certificate corresponding to the digital resource set 4 to the mechanism server corresponding to the operation mechanism 3.
Step S104, obtaining the resource transfer processing results returned by the A mechanism servers respectively, and determining the transaction result of the transaction request according to the A resource transfer processing results.
Specifically, if the A resource transfer processing results are all successful resource transfer results, determining that the transaction result of the transaction request is a successful transaction result; if the A resource transfer processing results have resource transfer failure results, determining that the transaction result of the transaction request is the transaction failure result.
Specifically, if the transaction result of the transaction request is a transaction failure result, acquiring a resource transfer processing result belonging to a resource transfer success result from the A resource transfer processing results as a target resource transfer processing result; acquiring a digital resource set identifier corresponding to a target resource transfer processing result from the A digital resource set identifiers as a target digital resource set identifier; determining transferred resources corresponding to the target digital resource set identifier according to the resource transfer value corresponding to the target digital resource set identifier; and returning the transferred resources to the target digital resource set identification.
The embodiment of the application realizes a summarized personal digital resource collection mechanism, and when transaction is generated, terminal equipment does not need to switch digital resource collections for a plurality of times, so that resource transfer can be completed based on a plurality of digital resource collections, the convenience of transaction can be improved, and the convenience of digital resource management can also be improved.
In the embodiment of the application, when a business server obtains a transaction request aiming at an application client, a credential identifier corresponding to A digital resource set identifiers in the transaction request can be generated according to the transaction request, wherein the A digital resource set identifiers are all created by the application client, namely, the application client can create at least two digital resource sets; further, the service server can generate resource transfer certificates corresponding to the A digital resource set identifiers respectively according to the A certificate identifiers and the resource transfer values corresponding to the A digital resource set identifiers in the transaction request respectively; the service server sends the A resource transfer certificates to the organization server cluster, wherein the organization server cluster comprises A organization servers respectively corresponding to the A digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate; further, the service server obtains the resource transfer processing results returned by the A mechanism servers respectively, and according to the A resource transfer processing results, the transaction result of the transaction request can be determined. As can be seen from the above, for the transaction request, the embodiment of the present application can implement the cross-mechanism resource transfer, that is, the application client can complete one transaction through the digital resources in at least two digital resource sets, so that the applicability of the resource transfer in the transaction can be improved.
Fig. 7 is a schematic flow chart of a data processing method according to an embodiment of the application. The method may be performed by a business server (e.g., business server 100 shown in fig. 1, above), by a target organization server (e.g., organization server 102a shown in fig. 1, above), or by both the business server and the target organization server. For ease of understanding, embodiments of the present application will be described in terms of this method being performed by a target institution server. As shown in fig. 7, the method may include at least the following steps.
Step S201, obtaining a target resource transfer certificate sent by a service server; the target resource transfer credential belongs to a resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications corresponding to the A digital resource set identifications respectively and the resource transfer values corresponding to the A digital resource set identifications respectively; the A credential identifications are respectively generated when a business server acquires a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to the organization server and is the target organization server.
Specifically, the target organization server is one organization server in the organization server cluster in the embodiment corresponding to fig. 4, and it can be understood that the processing procedure of the received resource transfer credential is consistent for each organization server in the organization server cluster, so the embodiment of the present application is described by taking the target organization server as an example, and the target organization server may be any organization server in the organization server cluster.
The target resource transfer credential is one of the a resource transfer credentials in the embodiment corresponding to fig. 4, and the generation process of the a resource transfer credentials is referred to step S102 in the embodiment corresponding to fig. 4, and is not described herein.
Step S202, according to the target resource transfer certificate, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate, and obtaining a resource transfer processing result.
Specifically, a target object signature in a target resource transfer certificate and a target service signature in the target resource transfer certificate are obtained; acquiring an object public key corresponding to an application client, and signing a target object signature based on the object public key to obtain a first signing verification result; acquiring a service public key corresponding to the mechanism server, and performing signature verification on the target service signature based on the service public key to obtain a second signature verification result; and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate according to the first signature verification result and the second signature verification result, and obtaining a resource transfer processing result.
According to the first signature verification result and the second signature verification result, performing resource transfer processing on the resource to be transferred indicated by the resource transfer value in the target resource transfer certificate, and the specific process of obtaining the resource transfer processing result may include: if the first signature verification result and the second signature verification result have signature verification failure results, determining that the resource transfer processing result is a resource transfer failure result; if the first signature verification result and the second signature verification result are both signature verification success results, carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate, and if the resources to be transferred are successfully transferred, determining that the resource transfer processing result is a resource transfer success result.
The process of signing the target object signature by the target institution server is the same as that of signing the object signature by the service server in the embodiment corresponding to fig. 4, so that a detailed description is omitted here. It can be understood that the process of signing the target service signature by the target institution server is the same as the process of signing the target object signature by the target institution server, and the difference is only that the public key is different, so that a detailed description is omitted here.
The target organization server performs resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate, that is, in the digital resource set corresponding to the target resource transfer certificate, the resources to be transferred indicated by the resource transfer value are acquired and transferred to the digital resource set corresponding to the second object, and as illustrated in fig. 2, the first object 20a transfers 300 in the digital resource set 1 to the digital resource set corresponding to the object "aa". If the resource transfer to be transferred is successful, the target mechanism server can determine that the resource transfer processing result is a successful resource transfer result, if the resource transfer to be transferred fails, for example, the target mechanism server determines that the digital resource in the digital resource set corresponding to the target resource transfer certificate is lower than the resource transfer value in the target resource transfer certificate, or the target mechanism server determines that the set state of the digital resource set corresponding to the second object is an abnormal set state, at this time, the transfer fails, so the target mechanism server can determine that the resource transfer processing result is a resource transfer failure result.
Step S203, the resource transfer processing result is returned to the service server, so that the service server determines the transaction result of the transaction request based on the resource transfer processing result.
In the specific implementation process of step S203, please refer to step S104 in the embodiment corresponding to fig. 4, which is not described herein.
In the embodiment of the application, after receiving the target resource transfer certificate sent by the service server, the target organization server ignores the transfer password set by the first object aiming at the digital resource set of the target resource transfer certificate, and verifies whether each data of the target resource transfer certificate is valid, namely, performs signature verification on the target service signature and performs signature verification on the target object signature; if the data of the target resource transfer certificate are valid, the target organization server performs resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate, and returns the resource transfer processing result to the service server. By adopting the application, the mechanism server cluster can process one transaction request at the same time, namely, the resource transfer processing of the resource transfer value associated with the mechanism server cluster can be respectively carried out, so that the convenience and applicability of the resource transfer in the transaction can be improved.
Further, referring to fig. 8, fig. 8 is a schematic structural diagram of a data processing apparatus according to an embodiment of the application. The data processing means may be a computer program (comprising program code) running in a computer device, for example the data processing means is an application software; the device can be used for executing corresponding steps in the method provided by the embodiment of the application. As shown in fig. 8, the data processing apparatus 1 may include: a first acquisition module 11, a credential generation module 12, a credential acquisition module 13 and a second acquisition module 14.
A first obtaining module 11, configured to obtain a transaction request for an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client;
the credential generation module 12 is configured to generate, according to the transaction request, a credential identifier corresponding to each of the a digital resource set identifiers, and generate, according to the a credential identifiers and the a resource transfer values, a resource transfer credential corresponding to each of the a digital resource set identifiers;
a credential acquisition module 13, configured to send a resource transfer credentials to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
the second obtaining module 14 is configured to obtain the resource transfer processing results returned by the a institution servers respectively, and determine a transaction result of the transaction request according to the a resource transfer processing results.
The specific functional implementation manners of the first acquiring module 11, the credential generating module 12, the credential acquiring module 13 and the second acquiring module 14 may refer to step S101-step S104 in the corresponding embodiment of fig. 4, which are not described herein.
Referring again to fig. 8, the credential generation module 12 may include: a first acquisition unit 121, a second acquisition unit 122, a password authentication unit 123, and a first generation unit 124.
A first obtaining unit 121, configured to obtain a transfer password to be verified in the transaction request;
a second obtaining unit 122, configured to obtain a transfer password set corresponding to the application client; the transfer password set comprises transfer passwords corresponding to the B digital resource set identifiers respectively; wherein, a transfer password refers to a password used for transaction, which is set by an application client when creating a digital resource set identifier; the B digital resource set identifiers comprise A digital resource set identifiers; b is a positive integer equal to or greater than A;
a password verification unit 123, configured to verify the transfer password to be verified according to the transfer password set, so as to obtain a verification result;
the first generating unit 124 is configured to generate credential identifiers corresponding to the a digital resource set identifiers respectively according to the verification result.
The specific functional implementation manner of the first obtaining unit 121, the second obtaining unit 122, the password verifying unit 123, and the first generating unit 124 may refer to step S102 in the corresponding embodiment of fig. 4, and will not be described herein.
Referring again to fig. 8, the password authentication unit 123 may include: the password matches subunit 1231 and the result determination subunit 1232.
A password matching subunit 1231 for matching the transfer password to be authenticated with the transfer passwords in the transfer password set;
the result determining subunit 1232 is configured to determine that the verification result is a password error result if the transfer password that is the same as the transfer password to be verified does not exist in the transfer password set;
the result determining subunit 1232 is further configured to determine that the verification result is a correct result of the password if the transfer password set has the same transfer password as the transfer password to be verified.
The specific functional implementation manner of the password matching subunit 1231 and the result determining subunit 1232 may refer to step S102 in the corresponding embodiment of fig. 4, which is not described herein.
Referring again to fig. 8, the first generating unit 124 may include: a first acquisition subunit 1241, a second acquisition subunit 1242, and an identification-generation subunit 1243.
The first obtaining subunit 1241 is configured to obtain, if the verification result indicates that the transfer password set has the same transfer password as the transfer password to be verified, an object signature corresponding to the a digital resource set identifier in the transaction request;
the second obtaining subunit 1242 is configured to obtain an object public key corresponding to the application client, and sign-test the a object signatures based on the object public key, so as to obtain a sign-test results;
the identifier generating subunit 1243 is configured to generate credential identifiers corresponding to the a digital resource set identifiers respectively if the a signature verification results are all signature verification success results.
The specific functional implementation manner of the first acquiring subunit 1241, the second acquiring subunit 1242, and the identifier generating subunit 1243 may refer to step S102 in the corresponding embodiment of fig. 4, which is not described herein.
Referring again to FIG. 8, the A object signatures include a digital resource set identifier E d Corresponding object signature C d D is a positive integer and d is less than or equal to A; digital resource set identification E d Belonging to A digital resource set identifiers; the A signature verification results comprise an object signature C d Corresponding signature verification results;
the second acquisition subunit 1242 may include: signature decryption subunit 12421, identification acquisition subunit 12422, first determination subunit 12423, digest comparison subunit 12424, second determination subunit 12425, and third determination subunit 12426.
Signature decryption subunit 12421 for signing object C based on the object public key d Decrypting to obtain a first digital abstract;
an identifier obtaining subunit 12422, configured to obtain a transaction identifier in the transaction request, and obtain a digital resource set identifier E from object identifiers corresponding to the a digital resource set identifiers included in the transaction request, respectively d A corresponding object identifier;
a first determination subunit 12423 for identifying the transaction, the digital resource set, and the digital resource set d Corresponding object identification and digital resource set identification E d The corresponding resource transfer value is determined as the data to be verified;
the digest comparison subunit 12424 is configured to obtain a second digital digest of the data to be verified, and compare the first digital digest with the second digital digest;
a second determining subunit 12425 for determining the object signature C if the first digital digest is different from the second digital digest d The corresponding signature verification result is a signature verification failure result;
a third determining subunit 12426 for determining the object signature C if the first digital digest is the same as the second digital digest d The corresponding signature verification result is a successful signature verification result.
The specific functional implementation manners of the signature decryption subunit 12421, the identifier obtaining subunit 12422, the first determining subunit 12423, the summary comparing subunit 12424, the second determining subunit 12425, and the third determining subunit 12426 may refer to step S102 in the corresponding embodiment of fig. 4, which is not described herein again.
Referring to fig. 8, the transaction request further includes a transaction identifier, object signatures corresponding to the a digital resource set identifiers, and object identifiers corresponding to the a digital resource set identifiers, respectively; the A digital resource set identifiers comprise digital resource set identifiers F g G is a positive integer and g is less than or equal to A; the resource transfer credentials respectively corresponding to the A digital resource set identifiers comprise a digital resource set identifier F g Corresponding resource transfer credentials;
the credential generation module 12 may include: the third acquisition unit 125 and the first determination unit 126.
A third obtaining unit 125, configured to obtain a service private key, and based on the service private key, identify F to the digital resource set g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g The corresponding value of the resource transfer is used,signing the transaction identifier to obtain a digital resource set identifier F g A corresponding service signature;
a first determining unit 126 for identifying the digital resource set F g Corresponding certificate identification and digital resource set identification F g Corresponding object identifier and digital resource set identifier F g Corresponding resource transfer value, digital resource set identification F g Corresponding object signature, transaction identification and digital resource set identification F g Corresponding service signature is determined as digital resource set identifier F g Corresponding resource transfer credentials.
The specific functional implementation manner of the third obtaining unit 125 and the first determining unit 126 may refer to step S102 in the corresponding embodiment of fig. 4, which is not described herein.
Referring again to fig. 8, the second acquisition module 14 may include: the second determination unit 141 and the third determination unit 142.
A second determining unit 141, configured to determine that the transaction result of the transaction request is a transaction success result if the a resource transfer processing results are all resource transfer success results;
the third determining unit 142 is configured to determine that the transaction result of the transaction request is a transaction failure result if there is a resource transfer failure result in the a resource transfer processing results.
The specific functional implementation manner of the second determining unit 141 and the third determining unit 142 may refer to step S104 in the corresponding embodiment of fig. 4, which is not described herein.
Referring again to fig. 8, the second acquisition module 14 may further include: a fourth acquisition unit 143, a fifth acquisition unit 144, a fourth determination unit 145, and a resource return unit 146.
A fourth obtaining unit 143, configured to obtain, from the a resource transfer processing results, a resource transfer processing result that belongs to a successful resource transfer result, as a target resource transfer processing result, if the transaction result of the transaction request is a transaction failure result;
A fifth obtaining unit 144, configured to obtain, from the a digital resource set identifiers, a digital resource set identifier corresponding to the target resource transfer processing result, as a target digital resource set identifier;
a fourth determining unit 145, configured to determine, according to the resource transfer value corresponding to the target digital resource set identifier, a transferred resource corresponding to the target digital resource set identifier;
a resource return unit 146, configured to return the transferred resource to the target digital resource set identifier.
The specific functional implementation manner of the fourth obtaining unit 143, the fifth obtaining unit 144, the fourth determining unit 145, and the resource return unit 146 may refer to step S104 in the corresponding embodiment of fig. 4, which is not described herein.
As can be seen from the above, for the transaction request, the embodiment of the present application can implement the cross-mechanism resource transfer, that is, the application client can complete one transaction through the digital resources in at least two digital resource sets, so that the applicability of the resource transfer in the transaction can be improved.
Further, referring to fig. 9, fig. 9 is a schematic diagram of a data processing apparatus according to an embodiment of the application. The data processing means may be a computer program (comprising program code) running in a computer device, for example the data processing means is an application software; the device can be used for executing corresponding steps in the method provided by the embodiment of the application. As shown in fig. 9, the data processing apparatus 2 may include: a credential acquisition module 21, a resource transfer module 22 and a result return module 23.
A credential acquisition module 21, configured to acquire a target resource transfer credential sent by the service server; the target resource transfer credential belongs to a resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications corresponding to the A digital resource set identifications respectively and the resource transfer values corresponding to the A digital resource set identifications respectively; the A credential identifications are respectively generated when a business server acquires a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to the mechanism server and is the target mechanism server;
the resource transfer module 22 is configured to perform, according to the target resource transfer credential, a resource transfer process on the resource to be transferred indicated by the resource transfer value in the target resource transfer credential, to obtain a resource transfer process result;
the result returning module 23 is configured to return the resource transfer processing result to the service server, so that the service server determines a transaction result of the transaction request based on the resource transfer processing result.
The specific functional implementation manners of the credential obtaining module 21, the resource transferring module 22 and the result returning module 23 may refer to step S201-step S203 in the corresponding embodiment of fig. 7, which are not described herein.
Referring again to fig. 9, the resource transfer module 22 may include: a first acquisition unit 221, a second acquisition unit 222, a third acquisition unit 223, and a resource transfer unit 224.
A first obtaining unit 221, configured to obtain a target object signature in the target resource transfer credential and a target service signature in the target resource transfer credential;
a second obtaining unit 222, configured to obtain an object public key corresponding to the application client, and perform signature verification on the target object signature based on the object public key, so as to obtain a first signature verification result;
a third obtaining unit 223, configured to obtain a service public key corresponding to the organization server, and perform signature verification on the target service signature based on the service public key, so as to obtain a second signature verification result;
and the resource transfer unit 224 is configured to perform resource transfer processing on the resource to be transferred indicated by the resource transfer value in the target resource transfer certificate according to the first signature verification result and the second signature verification result, so as to obtain a resource transfer processing result.
The specific functional implementation manner of the first acquiring unit 221, the second acquiring unit 222, the third acquiring unit 223, and the resource transferring unit 224 may refer to step S202 in the corresponding embodiment of fig. 7, and will not be described herein.
Referring again to fig. 9, the resource transfer unit 224 may include: the first determining subunit 2241 and the second determining subunit 2242.
The first determining subunit 2241 is configured to determine that the resource transfer processing result is a resource transfer failure result if there is a label verification failure result in the first label verification result and the second label verification result;
the second determining subunit 2242 is configured to perform resource transfer processing on the resource to be transferred indicated by the resource transfer value in the target resource transfer certificate if the first label verification result and the second label verification result are both label verification success results, and determine that the resource transfer processing result is a resource transfer success result if the resource to be transferred is successful.
The specific functional implementation manner of the first determining subunit 2241 and the second determining subunit 2242 may refer to step S202 in the corresponding embodiment of fig. 7, which is not described herein.
As can be seen from the above, for the transaction request, the embodiment of the present application can implement the cross-mechanism resource transfer, that is, the application client can complete one transaction through the digital resources in at least two digital resource sets, so that the applicability of the resource transfer in the transaction can be improved.
Further, referring to fig. 10, fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the application. As shown in fig. 10, the computer device 1000 may include: at least one processor 1001, such as a CPU, at least one network interface 1004, a user interface 1003, a memory 1005, at least one communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), a Keyboard (Keyboard), and the network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others. The memory 1005 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also optionally be at least one storage device located remotely from the aforementioned processor 1001. As shown in fig. 10, the memory 1005, which is one type of computer storage medium, may include an operating system, a network communication module, a user interface module, and a device control application.
In the computer device 1000 shown in FIG. 10, the network interface 1004 may provide network communication functions; while user interface 1003 is primarily used as an interface for providing input to a user; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:
Acquiring a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client;
generating a voucher identifier corresponding to the A digital resource set identifiers respectively according to the transaction request, and generating a resource transfer voucher corresponding to the A digital resource set identifiers respectively according to the A voucher identifiers and the A resource transfer values;
sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
and obtaining the resource transfer processing results returned by the A mechanism servers respectively, and determining the transaction result of the transaction request according to the A resource transfer processing results.
It should be understood that the computer device 1000 described in the embodiment of the present application may perform the description of the data processing method in the embodiment corresponding to fig. 4 and fig. 7, and may also perform the description of the data processing apparatus 1 in the embodiment corresponding to fig. 8, which is not repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
Further, referring to fig. 11, fig. 11 is a schematic diagram of a second embodiment of a computer device. As shown in fig. 11, the computer device 2000 may include: processor 2001, network interface 2004 and memory 2005, in addition, the above-described computer device 2000 may further include: a user interface 2003, and at least one communication bus 2002. Wherein a communication bus 2002 is used to enable connected communications between these components. The user interface 2003 may include a Display screen (Display), a Keyboard (Keyboard), and the optional user interface 2003 may further include a standard wired interface, a wireless interface, among others. The network interface 2004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 2005 may be a high-speed RAM memory or a nonvolatile memory (non-volatile memory), such as at least one magnetic disk memory. The memory 2005 may also optionally be at least one storage device located remotely from the aforementioned processor 2001. As shown in fig. 11, an operating system, a network communication module, a user interface module, and a device control application program may be included in the memory 2005 as one type of computer-readable storage medium.
In the computer device 2000 illustrated in fig. 11, the network interface 2004 may provide network communication functions; while user interface 2003 is primarily an interface for providing input to a user; and processor 2001 may be used to invoke device control applications stored in memory 2005 to implement:
acquiring a target resource transfer certificate sent by a service server; the target resource transfer credential belongs to a resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications corresponding to the A digital resource set identifications respectively and the resource transfer values corresponding to the A digital resource set identifications respectively; the A credential identifications are respectively generated when a business server acquires a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by an application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to the mechanism server and is the target mechanism server;
according to the target resource transfer certificate, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate to obtain a resource transfer processing result;
And returning the resource transfer processing result to the service server so that the service server can determine the transaction result of the transaction request based on the resource transfer processing result.
It should be understood that the computer device 2000 described in the embodiment of the present application may perform the description of the data processing method in the embodiment corresponding to fig. 4 and fig. 7, and may also perform the description of the data processing apparatus 2 in the embodiment corresponding to fig. 9, which is not repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
The embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program includes program instructions, and when the program instructions are executed by a processor, implement the data processing methods provided in each step in fig. 4 and fig. 7, and specifically refer to the implementation manners provided in each step in fig. 4 and fig. 7, which are not described herein again. In addition, the description of the beneficial effects of the same method is omitted.
The computer readable storage medium may be the data processing apparatus provided in any one of the foregoing embodiments or an internal storage unit of the computer device, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash card (flash card) or the like, which are provided on the computer device. Further, the computer-readable storage medium may also include both internal storage units and external storage devices of the computer device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
Embodiments of the present application also provide a computer program product comprising a computer program stored in a computer readable storage medium. The processor of the computer device reads the computer program from the computer readable storage medium, and the processor executes the computer program, so that the computer device may perform the description of the data processing method or apparatus in the foregoing embodiments, which is not described herein. In addition, the description of the beneficial effects of the same method is omitted.
The terms first, second and the like in the description and in the claims and drawings of embodiments of the application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or device that comprises a list of steps or elements is not limited to the list of steps or modules but may, in the alternative, include other steps or modules not listed or inherent to such process, method, apparatus, article, or device.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The foregoing disclosure is illustrative of the present application and is not to be construed as limiting the scope of the application, which is defined by the appended claims.
Claims (16)
1. A method of data processing, comprising:
the business server obtains a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by the application client;
Generating the certificate identifications corresponding to the A digital resource set identifications respectively according to the transaction request, and generating the resource transfer certificates corresponding to the A digital resource set identifications respectively according to the A certificate identifications and the A resource transfer values;
sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
and obtaining the resource transfer processing results returned by the A mechanism servers respectively, and determining the transaction result of the transaction request according to the A resource transfer processing results.
2. The method according to claim 1, wherein generating credential identifiers corresponding to the a digital resource set identifiers, respectively, according to the transaction request, comprises:
acquiring a transfer password to be verified in the transaction request;
acquiring a transfer password set corresponding to the application client; the transfer password set comprises transfer passwords corresponding to the B digital resource set identifiers respectively; wherein, a transfer password refers to a password which is set by the application client side when creating a digital resource set identifier and is used for carrying out transaction; the B digital resource set identifiers comprise the A digital resource set identifiers; b is a positive integer equal to or greater than A;
Verifying the transfer password to be verified according to the transfer password set to obtain a verification result;
and generating the certificate identifications corresponding to the A digital resource set identifications respectively according to the verification result.
3. The method according to claim 2, wherein verifying the transfer password to be verified according to the transfer password set, to obtain a verification result, includes:
matching the transfer password to be verified with the transfer passwords in the transfer password set;
if the transfer password which is the same as the transfer password to be verified does not exist in the transfer password set, determining that the verification result is a password error result;
and if the transfer password which is the same as the transfer password to be verified exists in the transfer password set, determining that the verification result is a correct password result.
4. The method according to claim 2, wherein generating credential identifiers corresponding to the a digital resource set identifiers, respectively, according to the verification result includes:
if the verification result indicates that the transfer passwords which are the same as the transfer passwords to be verified exist in the transfer password set, obtaining object signatures respectively corresponding to the A digital resource set identifiers in the transaction request;
Acquiring an object public key corresponding to the application client, and respectively signing the A object signatures based on the object public key to obtain A signing verification results;
and if the A signature verification results are successful signature verification results, generating the certificate identifications respectively corresponding to the A digital resource set identifications.
5. The method of claim 4, wherein the a object signatures comprise a digital resource set identification E d Corresponding object signature C d D is a positive integer and d is less than or equal to A; the digital resource set identifier E d Belonging to the A digital materialsA source set identification; the A signature verification results comprise the object signature C d Corresponding signature verification results;
the signing verification is carried out on the A object signatures based on the object public key to obtain A signing verification results, and the method comprises the following steps:
signing the object based on the object public key C d Decrypting to obtain a first digital abstract;
acquiring transaction identifiers in the transaction request, and acquiring digital resource set identifiers E from object identifiers respectively corresponding to the A digital resource set identifiers included in the transaction request d A corresponding object identifier;
identifying the transaction identifier and the digital resource set identifier E d Corresponding object identification and the digital resource set identification E d The corresponding resource transfer value is determined as the data to be verified;
acquiring a second digital digest of the data to be verified, and comparing the first digital digest with the second digital digest;
if the first digital digest is different from the second digital digest, determining the object signature C d The corresponding signature verification result is a signature verification failure result;
if the first digital digest is the same as the second digital digest, determining the object signature C d The corresponding signature verification result is a successful signature verification result.
6. The method of claim 1, wherein the transaction request further includes a transaction identifier, an object signature corresponding to the a digital resource set identifiers, and an object identifier corresponding to the a digital resource set identifiers, respectively; the A digital resource set identifier comprises a digital resource set identifier F g G is a positive integer and g is less than or equal to A; the resource transfer certificates respectively corresponding to the A digital resource set identifiers comprise the digital resource set identifier F g Corresponding resource transfer credentials;
the generating the resource transfer certificates respectively corresponding to the A digital resource set identifiers according to the A certificate identifiers and the A resource transfer values comprises the following steps:
Acquiring a service private key, and identifying F for the digital resource set based on the service private key g Corresponding certificate identification and the digital resource set identification F g Corresponding object identification, the digital resource set identification F g Signing the corresponding resource transfer value and the transaction identifier to obtain the digital resource set identifier F g A corresponding service signature;
identifying the digital resource set F g Corresponding certificate identification and the digital resource set identification F g Corresponding object identification, the digital resource set identification F g Corresponding resource transfer value, the digital resource set identifier F g Corresponding object signature, the transaction identifier and the digital resource set identifier F g Corresponding service signature is determined to be the digital resource set identifier F g Corresponding resource transfer credentials.
7. The method of claim 1, wherein determining the transaction outcome of the transaction request based on the a resource transfer processing outcomes comprises:
if the A resource transfer processing results are all successful resource transfer results, determining that the transaction result of the transaction request is a successful transaction result;
and if the resource transfer failure result exists in the A resource transfer processing results, determining that the transaction result of the transaction request is the transaction failure result.
8. The method of claim 7, wherein the method further comprises:
if the transaction result of the transaction request is the transaction failure result, acquiring a resource transfer processing result belonging to the resource transfer success result from the A resource transfer processing results as a target resource transfer processing result;
acquiring a digital resource set identifier corresponding to the target resource transfer processing result from the A digital resource set identifier, and taking the digital resource set identifier as a target digital resource set identifier;
determining transferred resources corresponding to the target digital resource set identifier according to the resource transfer value corresponding to the target digital resource set identifier;
and returning the transferred resource to the target digital resource set identifier.
9. A method of data processing, comprising:
the target mechanism server obtains a target resource transfer certificate sent by the service server; the target resource transfer credential belongs to A resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications respectively corresponding to the A digital resource set identifications and the resource transfer values respectively corresponding to the A digital resource set identifications; the A credential identifications are respectively generated when the business server acquires a transaction request aiming at an application client; the transaction request comprises the A digital resource set identification and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by the application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to an organization server and is the target organization server;
According to the target resource transfer certificate, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate to obtain a resource transfer processing result;
and returning the resource transfer processing result to the service server so that the service server can determine the transaction result of the transaction request based on the resource transfer processing result.
10. The method according to claim 9, wherein the performing, according to the target resource transfer credential, the resource transfer processing on the resource to be transferred indicated by the resource transfer value in the target resource transfer credential to obtain a resource transfer processing result includes:
acquiring a target object signature in the target resource transfer certificate and a target service signature in the target resource transfer certificate;
acquiring an object public key corresponding to the application client, and signing the target object signature based on the object public key to obtain a first signing verification result;
acquiring a service public key corresponding to the organization server, and performing signature verification on the target service signature based on the service public key to obtain a second signature verification result;
And carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate according to the first signature verification result and the second signature verification result to obtain a resource transfer processing result.
11. The method of claim 10, wherein the performing, according to the first signature verification result and the second signature verification result, the resource transfer process on the resource to be transferred indicated by the resource transfer value in the target resource transfer certificate to obtain a resource transfer process result includes:
if the first signature verification result and the second signature verification result have signature verification failure results, determining that the resource transfer processing result is a resource transfer failure result;
and if the first signature verification result and the second signature verification result are both successful signature verification results, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate, and if the resources to be transferred are successful, determining that the resource transfer processing result is a successful resource transfer result.
12. A data processing apparatus, the data processing apparatus operating on a service server, comprising:
Acquiring a transaction request aiming at an application client; the transaction request comprises A digital resource set identifiers and resource transfer values respectively corresponding to the A digital resource set identifiers; a is a positive integer greater than 1; the A digital resource set identifiers are all created by the application client;
generating the certificate identifications corresponding to the A digital resource set identifications respectively according to the transaction request, and generating the resource transfer certificates corresponding to the A digital resource set identifications respectively according to the A certificate identifications and the A resource transfer values;
sending the A resource transfer certificates to the organization server cluster; the mechanism server cluster comprises A mechanism servers respectively corresponding to the digital resource set identifiers; the mechanism server is used for receiving a resource transfer certificate and carrying out resource transfer processing on the resources to be transferred indicated by the resource transfer value in the received resource transfer certificate according to the received resource transfer certificate;
and obtaining the resource transfer processing results returned by the A mechanism servers respectively, and determining the transaction result of the transaction request according to the A resource transfer processing results.
13. A data processing apparatus, the data processing apparatus operating on a target institution server, comprising:
Acquiring a target resource transfer certificate sent by a service server; the target resource transfer credential belongs to A resource transfer credentials; the A resource transfer certificates are generated by the service server according to the certificate identifications respectively corresponding to the A digital resource set identifications and the resource transfer values respectively corresponding to the A digital resource set identifications; the A credential identifications are respectively generated when the business server acquires a transaction request aiming at an application client; the transaction request comprises the A digital resource set identification and A resource transfer values; a is a positive integer greater than 1; the A digital resource set identifiers are all created by the application client; the digital resource set identifier corresponding to the target resource transfer certificate belongs to an organization server and is the target organization server;
according to the target resource transfer certificate, performing resource transfer processing on the resources to be transferred indicated by the resource transfer value in the target resource transfer certificate to obtain a resource transfer processing result;
and returning the resource transfer processing result to the service server so that the service server can determine the transaction result of the transaction request based on the resource transfer processing result.
14. A computer device, comprising: a processor, a memory, and a network interface; the processor is connected to the memory and the network interface, wherein the network interface is configured to provide a data communication function, the memory is configured to store a computer program, and the processor is configured to invoke the computer program to cause the computer device to perform the method of any of claims 1 to 11.
15. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method of any of claims 1-11.
16. A computer program product, characterized in that the computer program product comprises a computer program stored in a computer readable storage medium, the computer program being adapted to be read and executed by a processor to cause a computer device having the processor to perform the method of any of claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210480874.6A CN117057800A (en) | 2022-05-05 | 2022-05-05 | Data processing method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210480874.6A CN117057800A (en) | 2022-05-05 | 2022-05-05 | Data processing method, device, equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117057800A true CN117057800A (en) | 2023-11-14 |
Family
ID=88661369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210480874.6A Pending CN117057800A (en) | 2022-05-05 | 2022-05-05 | Data processing method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117057800A (en) |
-
2022
- 2022-05-05 CN CN202210480874.6A patent/CN117057800A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3688930B1 (en) | System and method for issuing verifiable claims | |
| EP3721603B1 (en) | System and method for creating decentralized identifiers | |
| US11477032B2 (en) | System and method for decentralized-identifier creation | |
| US20210144011A1 (en) | System and method for verifying verifiable claims | |
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| US10073958B2 (en) | Security system for verification of user credentials | |
| US9100171B1 (en) | Computer-implemented forum for enabling secure exchange of information | |
| CN117579281A (en) | Method and system for ownership verification using blockchain | |
| CN113541970B (en) | Method and system for using distributed identifier | |
| US20210241270A1 (en) | System and method of blockchain transaction verification | |
| US10867326B2 (en) | Reputation system and method | |
| CN103559430B (en) | application account management method and device based on Android system | |
| US20230016488A1 (en) | Document signing system for mobile devices | |
| CN115906117A (en) | Trusted application implementation method based on blockchain transaction | |
| CN117057800A (en) | Data processing method, device, equipment and computer readable storage medium | |
| EP2710762A1 (en) | Linking credentials in a trust mechanism | |
| CN115955364B (en) | User identity information confidentiality method and system of network bidding transaction system | |
| CN114022259B (en) | Bidding method and device based on public key assignment and identity verification | |
| CN117556401A (en) | Electronic signature method and device based on third party platform | |
| CN115664742A (en) | Block chain-based digital identity verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |