CN117649297A

CN117649297A - Transaction method, apparatus, device, medium and program product

Info

Publication number: CN117649297A
Application number: CN202311572740.8A
Authority: CN
Inventors: 文洁; 马坤
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-11-23
Filing date: 2023-11-23
Publication date: 2024-03-05

Abstract

The present disclosure provides a transaction method, apparatus, device, medium and program product, relates to the field of network security technology, and may be applied to the field of financial technology or other fields. The transaction method is applied to a transaction docking module installed on an APP main program, and the transaction docking module comprises a plurality of service functions SDKs. The transaction method comprises the following steps: acquiring a calling request of an APP main program; transmitting the disposable token to a background system according to the call request; determining a target service function SDK from a plurality of service function SDKs according to the transaction to be executed of the APP main program; and when the disposable token passes the verification, the target service function SDK is called to perform data interaction with the background system so as to execute the transaction to be executed.

Description

Transaction method, apparatus, device, medium and program product

Technical Field

The present disclosure relates to the field of network security technologies, and in particular, to a transaction method, apparatus, device, medium, and program product.

Background

The mobile phone bank is an extension of the internet banking, is also another financial business service mode which is convenient for banking users after the internet banking and telephone banking, and is called as an electronic wallet next to the body. The mobile phone bank not only prolongs the service time of the bank, but also enlarges the service range of the bank.

However, in view of the technical strength, the labor cost and the like, the construction and popularization of the bank electronic wallet products cannot be rapidly performed by small and medium-sized financial institutions, and particularly, the high security requirement of the bank electronic wallet products on data interaction brings great technical barriers to the development of the bank electronic wallets of the small and medium-sized financial institutions.

Disclosure of Invention

In view of the foregoing, the present disclosure provides a transaction method, apparatus, device, medium, and program product.

According to a first aspect of the present disclosure, there is provided a transaction method, wherein the transaction method is applied to a transaction docking module installed on an APP main program, the transaction docking module including a plurality of service functions SDKs, the transaction method comprising:

acquiring a calling request of an APP main program;

transmitting a disposable token to a background system according to the call request;

determining a target service function SDK from the plurality of service function SDKs according to the transaction to be executed of the APP main program;

and when the disposable token passes the verification, the target service function SDK is called to perform data interaction with the background system so as to execute the transaction to be executed.

According to an embodiment of the disclosure, the transaction docking module further includes a plurality of base components SDKs, and the invoking the target service function SDKs performs data interaction with the background system to execute the transaction to be executed, including:

Invoking a basic component SDK bound with the target service function SDK to perform data interaction with the background system so as to execute the transaction to be executed;

the base component SDK comprises at least one of an interactive interface definition component, a network transmission component and a message encryption and decryption component.

According to an embodiment of the disclosure, the message encrypting and decrypting component is configured to: when the communication is carried out with the background system, encrypting the whole communication message by using a disposable encryption key;

wherein the one-time encryption key is generated from a time stamp, a device id, and a random number string.

According to an embodiment of the present disclosure, the step of communicating with the background system includes:

performing asymmetric encryption on the one-time encryption key by using a first key to obtain a first ciphertext;

transmitting the first ciphertext to the background system, the first ciphertext configured to: the background system decrypts the first ciphertext according to a locally stored second key matched with the first key so as to acquire the one-time encryption key;

and when a message representing that the background system successfully decrypts the first ciphertext is received, encrypting the communication message according to the one-time encryption key.

According to an embodiment of the disclosure, the communication message includes authentication information, and the encrypting the communication message according to the one-time encryption key includes:

symmetrically encrypting the authentication information by using the one-time encryption key to obtain a second ciphertext;

the second ciphertext is sent to the background system, and the second ciphertext is configured to enable the background system to decrypt the second ciphertext according to the one-time encryption key so as to obtain the authentication information;

obtaining a transaction processing result, wherein the transaction processing result comprises: and when the background system verifies the authentication information, executing the processing result generated after the transaction to be executed.

According to an embodiment of the present disclosure, the encrypting the communication message according to the one-time encryption key further includes:

filtering the content of the communication message through a FILTER protective layer to remove target information;

and carrying out asymmetric encryption on the filtered communication message according to the one-time encryption key.

According to an embodiment of the present disclosure, the transaction docking module further includes: front page SDK; the transaction method further comprises the following steps:

Responding to a first operation of a user, acquiring the front-end page SKD, wherein the front-end page SDK comprises a standard user interface and a basic page function;

displaying an interaction page through the front-end page SDK;

in response to a second operation by the user, the interactive page is adapted to at least one of language, currency, and time zone of the current geographic location.

According to the embodiment of the disclosure, the codes in the transaction docking module are subjected to code reinforcement processing.

A second aspect of the present disclosure provides a transaction apparatus, wherein the transaction apparatus is applied to a transaction docking module installed on an APP main program, the transaction docking module including a plurality of service functions SDKs, the transaction apparatus comprising:

the acquisition module is used for acquiring a call request of the APP main program;

the transmission module is used for responding to the call request and transmitting the disposable token to the background system;

the first processing module is used for determining a target service function SDK from the plurality of service function SDKs according to the transaction to be executed of the APP main program;

and the second processing module is used for calling the target service function SDK to perform data interaction with the background system when the disposable token passes the verification so as to execute the transaction to be executed.

A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the transaction method described above.

A fourth aspect of the present disclosure also provides a computer readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the transaction method described above.

A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the transaction method described above.

One or more of the above embodiments have the following advantages or benefits:

in the embodiment of the disclosure, various functions of the electronic wallet can be packaged in a standardized form in the transaction docking module through the SDK technology. Therefore, when some financial institutions or merchants develop the electronic wallet APP, corresponding SDKs can be selected from the transaction docking module for custom assembly according to actual needs and embedded into the APP. Therefore, the design investment of the front-end product of the electronic wallet APP can be reduced, and the efficient development is facilitated. Meanwhile, in the embodiment of the disclosure, the transaction docking module can generate a disposable token when interacting with a background system of a financial institution, and verify the validity of a call request of an APP main program through the disposable token, and only when the disposable token passes the verification, the transaction is started to be executed. The disposable token has high timeliness and high cracking difficulty, so that the safety and reliability of data interaction can be ensured.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates an application scenario diagram of a transaction method, apparatus, electronic device, storage medium, and program product according to an embodiment of the present disclosure;

fig. 2 schematically illustrates a flow chart of a transaction method according to an embodiment of the present disclosure, and fig. 3 schematically illustrates an architecture diagram of a transaction docking module according to an embodiment of the present disclosure;

FIG. 3 schematically illustrates an architecture diagram of a transaction docking module, according to an embodiment of the present disclosure;

FIG. 4 schematically illustrates a flow chart of data interaction with a background system according to an embodiment of the disclosure;

FIG. 5 schematically illustrates one of the flow charts of message encryption and decryption according to an embodiment of the present disclosure;

FIG. 6 schematically illustrates a second flow chart for message encryption and decryption according to an embodiment of the disclosure;

fig. 7 schematically illustrates an interaction diagram of a mobile terminal and a background system when encrypting and decrypting a message according to an embodiment of the present disclosure;

FIG. 8 schematically illustrates a second flow chart for message encryption and decryption according to an embodiment of the disclosure;

FIG. 9 schematically illustrates a fourth flow chart of message encryption and decryption according to an embodiment of the disclosure;

FIG. 10 schematically illustrates a flow diagram for configuring a front-end page in accordance with an embodiment of the present disclosure;

FIG. 11 schematically illustrates a block diagram of a transaction device according to an embodiment of the present disclosure;

fig. 12 schematically illustrates a block diagram of an electronic device adapted to implement a transaction method according to an embodiment of the disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

It should be noted that, the transaction method, the device, the electronic device, the storage medium and the program product provided by the embodiments of the present disclosure relate to the technical field of network security. The transaction method provided by the embodiment of the disclosure can be applied to the field of financial science and technology or any field except the field of financial science and technology. Embodiments of the present disclosure do not limit the application fields of the transaction method, apparatus, electronic device, storage medium, and program product.

In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.

The embodiment of the disclosure provides a transaction method, wherein the transaction method is applied to a transaction docking module installed on an APP main program, the transaction docking module comprises a plurality of service functions SDKs, and the transaction method comprises the following steps: acquiring a calling request of an APP main program; transmitting the one-time token to a background system in response to the call request; verifying the acquired disposable token; determining a target service function SDK from a plurality of service function SDKs according to the transaction to be executed of the APP main program; and when the disposable token passes the verification, the target service function SDK is called to perform data interaction with the background system so as to execute the transaction to be executed.

Fig. 1 schematically illustrates an application scenario diagram of a transaction method, apparatus, electronic device, storage medium and program product according to an embodiment of the present disclosure.

As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.

The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.

The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.

It should be noted that, the transaction method provided by the embodiments of the present disclosure may be generally performed by the terminal devices 101, 102, 103. Accordingly, the transaction apparatus provided by the embodiments of the present disclosure may be generally provided in the terminal devices 101, 102, 103.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

The transaction method of the disclosed embodiment will be described in detail with reference to fig. 2 and 3 based on the scenario described in fig. 1.

The embodiment of the disclosure provides a transaction method, wherein the transaction method is applied to a transaction docking module installed on an APP main program, and the transaction docking module comprises a plurality of service functions SDKs.

In an embodiment of the present disclosure, the transaction docking module may be preconfigured with a plurality of business function SDKs, for example, the plurality of business function SDKs may include: two-dimensional code payment function SDK, substitute deduction payment function SDK, online payment function SDK, payment core function SDK, etc. Correspondingly, the transaction docking module is further configured with a plurality of base components SDKs, where the plurality of base components SDKs may include: an interactive interface definition component, a network transmission component, a message encryption and decryption component and the like. Each business function SDK depends on one or more base component SDKs. In the embodiment of the disclosure, a corresponding service function SDK may be selected according to actual needs, and installed into an APP main program, one or more service function SDKs and a base component SDK on which each service function SDK depends may be selected from a transaction docking module to be assembled, and the assembled service function SDKs and base component SDKs are installed into the APP main program in an embedded manner.

Fig. 2 schematically illustrates a flow chart of a transaction method according to an embodiment of the present disclosure, and fig. 3 schematically illustrates an architecture diagram of a transaction docking module according to an embodiment of the present disclosure.

As shown in fig. 2 and 3, the transaction method of this embodiment includes steps S210 to S240.

Although the steps in fig. 2 are shown in order as indicated by arrows, these steps are not necessarily performed in order as indicated by arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, or the order of their execution may not necessarily be sequential, but may be performed in rotation or alternating with at least some of the other steps or sub-steps of other steps.

In step S210, a call request of the APP main program is acquired.

In embodiments of the present disclosure, the APP host program may be an APP that is provided with transaction functions by a financial institution, which may include, for example, a bank or the like, and transaction functions may include payment functions and balance inquiries. Alternatively, the APP main program may be the APP of the financial institution itself, for example, an electronic wallet of a certain bank, or the APP main program may be the APP of a merchant who signs up with the financial institution. In this example, the financial institution serves as a transaction background, and the APP main program performs data interaction with the financial institution through the transaction docking module to implement transaction functions such as payment and settlement. For clarity, the transaction method according to the embodiment of the present disclosure will be described below by taking the APP main program as an APP of a merchant subscribed to a financial institution. For example, the APP main program may be an electronic wallet APP of merchant Y signed up with bank X.

When a user executes a transaction through the APP main program, the APP main program initiates a call request to the transaction docking module to wake up the transaction docking module, and then, through the transaction docking module, the APP main program performs data interaction with a background system of a financial institution according to pre-configured interaction rules (such as message packaging, transmission standards and the like) so as to execute the transaction. Wherein the user may be an enterprise end user or a personal end user, as embodiments of the present disclosure are not limited in this regard.

In step S220, a one-time token (token) is transmitted to the background system in response to the call request.

In the embodiment of the disclosure, when the transaction docking module receives the call request, validity verification needs to be performed to verify whether the call request is legal, for example, whether the merchant Y is a merchant signed up with the bank X may be verified.

For example, when a user executes a transaction through the APP main program, the transaction docking module may generate a disposable token according to the transaction to be executed and the APP main program that initiates the transaction, and then send the generated disposable token to the background system according to a predetermined format. After receiving the disposable token, the background system can analyze the disposable token so as to acquire the identity of the merchant Y, and then match the acquired identity of the merchant Y with the signed merchant stored in the database. After the matching is successful, the background system returns a first message to the transaction docking module to inform that the matching is successful, so that the transaction to be executed starts to be executed, otherwise, the background system returns a second message to the transaction docking module to inform that the matching is failed, so that the transaction to be executed is refused to be executed.

Optionally, one disposable token is generated per session, and different disposable tokens are generated by different sessions, thereby increasing the difficulty of cracking the tokens.

In step S230, a target service function SDK is determined from the plurality of service function SDKs according to the transaction to be executed of the APP main program.

In the embodiment of the disclosure, the call request can be analyzed to determine the transaction to be executed of the APP main program, and further, the target service function SDK is determined from the plurality of service function SDKs according to the transaction mode of the transaction to be executed. For example, the transaction means may include: two-dimensional code payment, deduction payment, online payment and the like, and after the transaction mode is determined, a corresponding one of the two-dimensional code payment function SDK, the deduction payment function SDK and the online payment function SDK can be selected as a target service function SDK. Accordingly, it should be noted that the two-dimensional code payment function SDK, the substitute payment function SDK, and the online payment function SDK are executed depending on the payment core function SDK and the base component SDK, so that when the target service function SDK is determined, the payment core function SDK and the base component SDK on which the target service function SDK depends should be correspondingly found out to perform data interaction with the background system.

When the one-time token passes the verification, the target service function SDK is called to perform data interaction with the background system to execute the transaction to be executed in step S240. When the one-time token fails verification, execution of the transaction to be executed is denied.

As described above, when the background system returns the first message to the transaction docking module, the token is successfully matched, that is, the disposable token passes the verification, so that the target service function SDK can be called to start executing the transaction to be executed, for example, a corresponding operation page is displayed, so that the user can input information (such as a transfer account) related to the transaction to be executed.

The transaction method of the embodiments of the present disclosure is further described below with reference to fig. 2 through 10.

Fig. 4 schematically illustrates a flow chart of data interaction with a background system according to an embodiment of the disclosure.

Referring to fig. 4, in some embodiments, the transaction docking module further includes a plurality of base components SDKs, and step S240 includes step S241.

In step S241, the base component SDK bound to the target service function SDK is called to perform data interaction with the background system, so as to execute the transaction to be executed. The base component SDK comprises at least one of an interactive interface definition component, a network transmission component and a message encryption and decryption component.

In an embodiment of the present disclosure, an application scenario of a transaction docking module is exemplarily provided, in which the transaction docking module may be output to a small and medium-sized financial institution (hereinafter also referred to as financial institution N) desiring to develop an electronic wallet product by a large-sized financial institution or a financial institution (hereinafter also referred to as financial institution M) configured with a complete and sound electronic wallet function. The financial institution M may split the atomic functions according to the existing electronic wallet, and package each atomic function into a service function SDK, for example, the atomic functions may include: the payment core function, the online payment function, the two-dimensional code payment function and the deduction payment function. Further, the package generates corresponding service function SDKs, for example, a payment core function SDK, an online payment function SDK, a two-dimensional code payment function SDK, and a deduction payment function SDK. Optionally, the payment core function, the online payment function, the two-dimensional code payment function, and the deduction payment function may be further subdivided, for example, the payment core function may include: a payment card management function and a customer identity authentication function; the online payment function may include: an online payment agreement management function, an online payment quota management function, and an online payment transaction acceptance function; the two-dimensional code payment function may include: a two-dimension code protocol management function, a two-dimension code quota management function and a two-dimension code transaction acceptance function; the deduction payment function may include: the device comprises a substitute deduction protocol management function, a substitute deduction limit management function, a substitute deduction exchange management function and the like, so that comprehensive scene coverage is realized.

In the above embodiments, the number and types of service function SDKs are merely exemplary, and in other specific embodiments, the number and types of service function SDKs may not be limited to the above examples, and the number and types of service function SDKs may be configured according to actual needs, which is not limited by the embodiments of the present disclosure.

In the embodiment of the disclosure, the service function SDK may be bound with the base component SDK on which the service function SDK depends, so that when determining that the service function SDK (i.e., the target service function SDK) for implementing the transaction to be executed, the transaction docking module may call the corresponding base component SDK according to the binding relationship. For example, when the transaction to be executed needs to be paid through the two-dimension code, the two-dimension code payment function SDK can be determined to be the target service function SDK, and then, a base component SDK on which the two-dimension code payment function SDK depends, such as an interactive interface definition component, a network transmission component, a message encryption and decryption component and the like, is found out from a plurality of base components SDKs.

In the embodiment of the present disclosure, a plurality of service functions SDKs may be independently configured, for example, there may be no dependency relationship between the two-dimensional code payment function SDK and the deduction payment function SDK. Thus, when the electronic wallet APP is developed, the financial institution N can select the required business function SDK and the corresponding basic assembly SDK from the transaction docking module to be flexibly assembled according to the business operation range of the financial institution N. For example, the financial institution N only has two-dimensional code payment service, and then the payment core function SDK, the two-dimensional code payment function SDK and the corresponding base component SDK can be selected from the transaction docking module, and the required transaction docking module is obtained after assembly, so that the front end function construction is completed.

Optionally, in the transaction docking module, each service function SDK communicates with the background system through the base component SDK, and a communication rule (e.g., a message specification) that the base component SDK communicates with the background system may be configured in a standardized manner. Thus, the financial institution N carries out corresponding configuration on the data interface of the background system of the financial institution N according to the communication rule, and the construction of the background system can be completed, thereby completing the functional construction of the whole electronic wallet product. After the function construction is completed, the transaction docking module is embedded into an APP main program of a financial institution N self-research or an APP main program of a partner merchant of the financial institution N, and development of the electronic wallet APP can be completed. Therefore, through one-time research and development, the quick multi-channel service function can be put in.

In the embodiment of the disclosure, in order to enable the transaction docking module to adapt to the background systems of various financial institutions, the communication rules of the transaction docking module need to be configured, so that the transaction docking module has enough security assurance measures, and therefore confidentiality and integrity of interaction data can be guaranteed when the transaction docking module communicates with the background systems of various financial institutions.

Fig. 5 schematically illustrates one of the flow charts of message encryption and decryption according to an embodiment of the present disclosure.

Referring to fig. 5, in some embodiments, the message encrypting and decrypting component is configured to perform step S310.

In step S310, when communicating with the background system, the full communication message is encrypted using the one-time encryption key. Wherein the one-time encryption key is generated from a timestamp, a device id, and a random number string.

In the embodiment of the present disclosure, the device id may refer to a device id of a mobile terminal in which the APP main program is installed. The device id may be acquired through a device fingerprint acquisition technology, for example, through a device fingerprint acquisition technology, hardware information of the device and software information of the APP main program may include one or more relevant parameters in the current transaction to be performed, such as a transaction account number and the like, so as to form the device id in a summarized combination. Therefore, through the device fingerprint acquisition technology, the multi-dimensional software and hardware characteristics in the mobile terminal can be acquired, the device is comprehensively judged, the device uniqueness is ensured, and the falsification of a hacker on the device is prevented.

In the embodiment of the disclosure, the timestamp, the device id and the random number string may be arranged and combined according to a preset rule to generate a disposable encryption key, and the longer the disposable encryption key is, the more information is covered, the greater the cracking and forging difficulties are, and the higher the security is.

In the embodiment of the disclosure, by the mode, when the transaction docking module is communicated with the background system, one key can be communicated at a time, so that higher security requirements of the electronic wallet are met.

Fig. 6 schematically illustrates a second flowchart of message encryption and decryption according to an embodiment of the present disclosure, and fig. 7 schematically illustrates an interaction diagram of a mobile terminal and a background system when performing message encryption and decryption according to an embodiment of the present disclosure.

Referring to fig. 6 and 7 in combination, in some embodiments, the step of communicating with the backend system, that is, step S310 includes: step S311 to step S313.

In step S311, the one-time encryption key is asymmetrically encrypted using the first key to obtain a first ciphertext.

In step S312, the first ciphertext is sent to the background system, the first ciphertext configured to: and the background system decrypts the first ciphertext according to the locally stored second key matched with the first key so as to obtain the one-time encryption key.

In step S313, when a message indicating that the background system successfully decrypts the first ciphertext is received, the communication message is encrypted according to the one-time encryption key.

In the embodiment of the disclosure, the first key may be a public key, the second key may be a private key, the first key is a configurable item in the transaction docking module, and the user may set a specific first key in the transaction docking module according to actual needs, for example, set an algorithm and a length of the key. Accordingly, the second key is stored in the background system for decrypting the first ciphertext encrypted by the first key.

In an embodiment of the present disclosure, after the primary encryption key is asymmetrically encrypted using the first key, the obtained first ciphertext may be sent to the background system through an HTTPS protocol. The background system uses a second key which is stored in advance and matched with the first key to decrypt the first ciphertext, and the disposable encryption key can be obtained when the decryption is successful. Optionally, the background system may return a message to the transaction docking module according to the decryption result, that is, inform the transaction docking module whether the background system is successfully decrypted, when the background system is successfully decrypted, the transaction docking module determines that the background system obtains the current one-time encryption key, and further, may encrypt the communication message according to the one-time encryption key to perform a next operation, or else, reject the next operation and feed back the decryption failure.

Fig. 8 schematically illustrates a second flowchart of message encryption and decryption according to an embodiment of the disclosure.

Referring to fig. 8, in some embodiments, the communication message includes authentication information, and step S313 includes steps S3131 to S3133.

In step S3131, the authentication information is symmetrically encrypted using the one-time encryption key to obtain a second ciphertext.

In step S3132, the second ciphertext is sent to the background system, where the second ciphertext is configured to enable the background system to decrypt the second ciphertext according to the one-time encryption key, so as to obtain the authentication information.

In step S3133, a transaction processing result is acquired, the transaction processing result including: and when the background system verifies the authentication information, executing a processing result generated after the transaction to be executed.

In the embodiment of the present disclosure, in step S240, when the disposable token passes the verification, the transaction docking module may display a transaction page, so as to interact with the user, for example, may collect authentication information of the user by using a biometric, a short message OTP, a payment password, and the like.

After the collected authentication information is encrypted through the one-time encryption key, the second ciphertext is sent to the background system, the background system decrypts the second ciphertext through the one-time encryption key obtained by decrypting the first ciphertext, so that the authentication information is obtained, and the background system performs signature verification on the authentication information, so that identity authentication of a user is completed.

In the embodiment of the disclosure, the related data of the transaction to be executed may be encrypted by the one-time encryption key and then sent to the background system, so that the background system may execute the transaction to be executed after the identity authentication is passed, for example, execute a transfer transaction or a payment transaction, and return the execution result to the transaction docking module, where the execution result may include, for example, execution success, execution in progress or execution failure, and the like, and may specifically be determined according to actual needs, which is not limited herein. When the background system returns the execution result, the disposable encryption key can be used for encryption, and when the transaction docking module receives the encrypted execution result, the disposable encryption key can be used for decryption to obtain the execution result. Furthermore, the transaction docking module can display the corresponding page according to the execution result. That is, in embodiments of the present disclosure, the same one-time encryption key is used in one transaction session.

Alternatively, the one-time encryption key may employ an encryption algorithm and key length required by the PCI industry to ensure confidentiality and integrity of data.

Fig. 9 schematically illustrates a fourth flowchart of message encryption and decryption according to an embodiment of the disclosure.

Referring to fig. 9, in some embodiments, step S313 further includes step S3134 and step S3135.

In step S3134, the content of the communication packet is filtered through the FILTER protection layer to remove the target information.

In step S3135, the filtered communication message is asymmetrically encrypted according to the one-time encryption key.

In the embodiment of the disclosure, through the FILTER protection layer, fields with higher risk in the full-volume message are filtered, and the filtered fields are deleted, for example, fields which are easily attacked by cross-site scripts and the like in the full-volume message can be deleted, so that the risk of being attacked is reduced.

In some embodiments, the code in the transaction docking module is subject to code consolidation.

In embodiments of the present disclosure, code in the transaction docking module may be encrypted or transformed, etc., to prevent decompilation of the code.

Fig. 10 schematically illustrates a flow diagram for configuring a front-end page according to an embodiment of the present disclosure.

Referring to fig. 10, in some embodiments, the transaction docking module further includes: front page SDK. The transaction method further includes steps S410 to S430.

In step S410, in response to a first operation by the user, a front-end page SKD is acquired, the front-end page SDK including a standard user interface and basic page functions.

In step S420, the interactive page is presented through the front-end page SDK.

In step S430, the interactive page is adapted to at least one of a language, a currency, and a time zone of the current geographic location in response to a second operation of the user.

In the embodiment of the disclosure, the use habit of the user group can be determined according to the geographic position, and then, the standard interaction page is formed according to the use habit. Furthermore, the interactive page package is realized through the SDK technology. In this way, the requirements of financial institutions in various regions can be quickly adapted. Alternatively, SDK interfacing may be implemented using mobile terminal native technology, thereby providing a smooth, rapid installation experience. For example, the transaction docking module may support mainstream ios, android operating systems.

Optionally, the adaptation of multiple languages, multiple currencies and multiple time zones can be realized through the SDK technology according to different regions and user habits. The SDK technology enables the business functions in the transaction docking module to be customized through flexible rules, meanwhile, validity verification and guidance prompt can be completed in real time according to user input information, and the using convenience of customers is improved.

In the embodiment of the disclosure, the transaction docking module can realize comprehensive scene coverage, and meanwhile, good user experience and a reliable safety system are also considered. Standard electronic wallet functionality is encapsulated with the SDK technology form, defining standard data interaction specifications. The electronic wallet system is beneficial to large financial institutions or financial institutions with complete and sound electronic wallet functions, and can quickly output to small and medium financial institutions desiring to develop electronic wallet products, and the small and medium financial institutions can quickly build the electronic wallet products by realizing a background data interface according to standards.

Optionally, in the transaction docking module, the SDK and the interface specification document can be integrated, and meanwhile, technical guidelines are provided in a matched manner, and best practice demo engineering is provided, so that development cost of small and medium-sized financial institutions is simplified. Therefore, the embodiment of the disclosure can reduce investment of earlier product design and technical architecture design of small and medium-sized financial institutions, and provides a set of low-cost and high-value payment product construction scheme for the small and medium-sized financial institutions.

Based on the transaction method, the disclosure further provides a transaction device, which is applied to a transaction docking module installed on the APP main program, wherein the transaction docking module comprises a plurality of service functions SDKs. The device will be described in detail below with reference to fig. 11.

Fig. 11 schematically shows a block diagram of a transaction device according to an embodiment of the present disclosure.

As shown in fig. 11, the transaction apparatus 1100 of this embodiment includes an acquisition module 1110, a transmission module 1120, a first processing module 1130, and a second processing module 1140.

The acquiring module 1110 is configured to acquire a call request of an APP main program. In an embodiment, the obtaining module 1110 may be configured to perform the step S210 described above, which is not described herein.

The transmission module 1120 is configured to transmit the one-time token to the background system in response to the call request. In an embodiment, the transmission module 1120 may be used to perform the step S220 described above, which is not described herein.

The first processing module 1130 is configured to determine a target service function SDK from the plurality of service functions SDKs according to a transaction to be executed of the APP main program. In an embodiment, the first processing module 1130 may be configured to perform the step S230 described above, which is not described herein.

The second processing module 1140 is configured to invoke the target service function SDK to perform data interaction with the background system to execute the transaction to be executed when the one-time token passes the verification. In an embodiment, the second processing module 1140 may be used to perform the step S240 described above, which is not described herein.

According to an embodiment of the present disclosure, any of the acquisition module 1110, the transmission module 1120, the first processing module 1130, and the second processing module 1140 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 1110, the transmission module 1120, the first processing module 1130, and the second processing module 1140 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the acquisition module 1110, the transmission module 1120, the first processing module 1130, and the second processing module 1140 may be at least partially implemented as a computer program module, which when executed, may perform the corresponding functions.

According to an embodiment of the present disclosure, the transaction docking module further includes a plurality of base components SDKs, and the second processing module 1140 is specifically configured to perform the following steps:

and calling a basic component SDK bound with the target service function SDK to perform data interaction with a background system so as to execute the transaction to be executed.

According to an embodiment of the present disclosure, a message encrypting and decrypting component is configured to: when communicating with the background system, the one-time encryption key is used for encrypting the whole communication message.

Wherein the one-time encryption key is generated from a timestamp, a device id, and a random number string.

According to an embodiment of the present disclosure, the step of communicating with a background system includes:

the one-time encryption key is asymmetrically encrypted using the first key to obtain a first ciphertext.

Transmitting a first ciphertext to the background system, the first ciphertext configured to: and the background system decrypts the first ciphertext according to the locally stored second key matched with the first key so as to obtain the one-time encryption key.

And when the message representing that the background system successfully decrypts the first ciphertext is received, encrypting the communication message according to the disposable encryption key.

According to an embodiment of the present disclosure, a communication message includes authentication information, and the communication message is encrypted according to a one-time encryption key, including:

and symmetrically encrypting the authentication information by using the one-time encryption key to obtain a second ciphertext.

And sending the second ciphertext to the background system, wherein the second ciphertext is configured to enable the background system to decrypt the second ciphertext according to the one-time encryption key so as to acquire authentication information.

Obtaining a transaction processing result, wherein the transaction processing result comprises: and when the background system verifies the authentication information, executing a processing result generated after the transaction to be executed.

According to an embodiment of the present disclosure, encrypting the communication message according to the one-time encryption key further includes:

and filtering the content of the communication message through the FILTER protection layer to remove the target information.

And carrying out asymmetric encryption on the filtered communication message according to the disposable encryption key.

According to an embodiment of the present disclosure, the transaction docking module further includes: front page SDK. The transaction device further comprises a third processing module for performing the steps of:

in response to a first operation of a user, a front-end page SKD is acquired, and the front-end page SDK comprises a standard user interface and basic page functions.

And displaying the interactive page through the front-end page SDK.

In response to a second operation by the user, the interactive page is adapted to at least one of a language, a currency, and a time zone of the current geographic location.

As shown in fig. 12, an electronic device 1200 according to an embodiment of the present disclosure includes a processor 1201, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. The processor 1201 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 1201 may also include on-board memory for caching purposes. The processor 1201 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.

In the RAM 1203, various programs and data required for the operation of the electronic apparatus 1200 are stored. The processor 1201, the ROM 1202, and the RAM 1203 are connected to each other through a bus 1204. The processor 1201 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1202 and/or RAM 1203. Note that the program may be stored in one or more memories other than the ROM 1202 and the RAM 1203. The processor 1201 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the disclosure, the electronic device 1200 may also include an input/output (I/O) interface 1205, the input/output (I/O) interface 1205 also being connected to the bus 1204. The electronic device 1200 may also include one or more of the following components connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 1208 including a hard disk or the like; and a communication section 1209 including a network interface card such as a LAN card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. The drive 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 1210 so that a computer program read out therefrom is installed into the storage section 1208 as needed.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement a transaction method according to embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include the ROM 1202 and/or the RAM 1203 and/or one or more memories other than the ROM 1202 and the RAM 1203 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the transaction methods provided by embodiments of the present disclosure.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1201. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program can also be transmitted, distributed over a network medium in the form of signals, and downloaded and installed via a communication portion 1209, and/or from a removable medium 1211. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program can be downloaded and installed from a network via the communication portion 1209, and/or installed from the removable media 1211. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1201. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. The transaction method is applied to a transaction docking module installed on an APP main program, the transaction docking module comprises a plurality of service functions SDKs, and the transaction method comprises the following steps:

Acquiring a calling request of an APP main program;

2. The transaction method according to claim 1, wherein the transaction docking module further includes a plurality of base components SDKs, the invoking the target business function SDKs for data interaction with the backend system to perform the transaction to be performed, comprising:

3. The transaction method according to claim 2, wherein the message encrypting and decrypting component is configured to: when the communication is carried out with the background system, encrypting the whole communication message by using a disposable encryption key;

4. A transaction method according to claim 3, wherein the step of communicating with the backend system comprises:

5. The transaction method according to claim 4, wherein the communication message includes authentication information, and wherein encrypting the communication message according to the one-time encryption key includes:

6. The transaction method according to claim 4, wherein encrypting the communication message according to the one-time encryption key further comprises:

7. The transaction method according to claim 1, wherein the transaction docking module further comprises: front page SDK; the transaction method further comprises the following steps:

displaying an interaction page through the front-end page SDK;

8. The transaction method according to any one of claims 1-7, wherein the code in the transaction docking module is code hardened.

9. A transaction device, wherein the transaction device is applied to a transaction docking module installed on an APP main program, the transaction docking module includes a plurality of service functions SDKs, the transaction device includes:

10. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs,

wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the transaction method of any of claims 1-8.

11. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to perform the transaction method according to any of claims 1 to 8.

12. A computer program product comprising a computer program which, when executed by a processor, implements the transaction method according to any one of claims 1 to 8.