Claims (10)
一種應用於雲端運算環境中的金融資料處理方法,包含一第一雲端服務提供系統所執行的下列步驟:(A)接收來自一應用服務提供系統的一第一服務要求及其訊息,其中,該第一服務要求之訊息包括一用戶隱私資料;(B)根據該用戶隱私資料取得至少一個金鑰;(C)根據該金鑰對該用戶隱私資料進行加密,以得到一用戶替代隱私資料;(D)傳送一第二服務要求及其訊息給一第二雲端服務提供系統,其中,該第二服務要求之訊息包括該用戶替代隱私資料;(E)接收來自該第二雲端服務提供系統回應該第二服務要求所傳送的一已加密金融資料集,並根據該金鑰對該已加密金融資料集進行解密,以得到一已解密金融資料集;(F)傳送該已解密金融資料集給該應用服務提供系統以回應該第一服務要求;及(G)刪除該用戶隱私資料、該用戶替代隱私資料、該已加密金融資料集,及該已解密金融資料集。A financial data processing method for use in a cloud computing environment, comprising the following steps performed by a first cloud service providing system: (A) receiving a first service request and an information from an application service providing system, wherein The first service request message includes a user privacy data; (B) obtaining at least one key according to the user privacy data; (C) encrypting the user privacy data according to the key to obtain a user substitute for private data; D) transmitting a second service request and its message to a second cloud service providing system, wherein the second service request message includes the user replacing the privacy data; (E) receiving the response from the second cloud service providing system The second service requests an encrypted set of financial data transmitted, and decrypts the encrypted financial data set according to the key to obtain a decrypted financial data set; (F) transmitting the decrypted financial data set to the Applying the service delivery system to respond to the first service request; and (G) deleting the user's private information, the user's replacement of the private data, the encrypted financial information And the decrypted financial data set.
依據申請專利範圍第1項所述之應用於雲端運算環境中的金融資料處理方法,還包含步驟(D)及(E)之間且於該第二雲端服務提供系統所執行的下列步驟:(H)根據來自該第一雲端服務提供系統的該第二服務要求取得該已加密金融資料集;及(I)傳送該已加密金融資料集給該第一雲端服務提供系統。The financial data processing method applied in the cloud computing environment according to claim 1 of the patent application scope, further comprising the following steps performed between the steps (D) and (E) and executed by the second cloud service providing system: H) obtaining the encrypted financial data set according to the second service request from the first cloud service providing system; and (1) transmitting the encrypted financial data set to the first cloud service providing system.
依據申請專利範圍第2項所述之應用於雲端運算環境中的金融資料處理方法,其中,該用戶隱私資料包括一用戶識別資訊,步驟(B)係根據該用戶識別資訊取得相關於該用戶識別資訊的該金鑰,步驟(C)係根據該金鑰對該用戶識別資訊進行加密,以得到一用戶替代識別資訊,該用戶替代隱私資料包括該用戶替代識別資訊。According to the financial data processing method applied in the cloud computing environment, the user privacy data includes a user identification information, and the step (B) is related to the user identification according to the user identification information. The key of the information, the step (C) encrypts the user identification information according to the key to obtain a user substitute identification information, and the user substitutes the private information to include the user substitute identification information.
依據申請專利範圍第3項所述之應用於雲端運算環境中的金融資料處理方法,其中,步驟(H)包括下列子步驟:(h-1)根據該第二服務要求之訊息的該用戶替代隱私資料的該用戶替代識別資訊,取得一主帳戶替代識別資訊;及(h-2)根據該主帳戶替代識別資訊取得一已加密主帳戶相關資料,其中,該已加密金融資料集包括該已加密主帳戶相關資料。The financial data processing method applied to the cloud computing environment according to claim 3, wherein the step (H) comprises the following sub-steps: (h-1) the user replacement according to the message of the second service request The user of the privacy data substitutes the identification information to obtain a primary account replacement identification information; and (h-2) obtains an encrypted primary account related data according to the primary account replacement identification information, wherein the encrypted financial data set includes the Encrypt the primary account related information.
依據申請專利範圍第2項所述之應用於雲端運算環境中的金融資料處理方法,其中,步驟(A)所接收的該第一服務要求之訊息還包括一非隱私資料,步驟(D)所傳送的該第二服務要求之訊息還包括該非隱私資料。According to the financial data processing method applied in the cloud computing environment, the message of the first service request received in the step (A) further includes a non-private data, and the step (D) The message of the second service request transmitted also includes the non-private information.
依據申請專利範圍第5項所述之應用於雲端運算環境中的金融資料處理方法,其中,步驟(A)所接收的該第一服務要求之訊息的該用戶隱私資料還包括一存款帳戶識別資訊,該非隱私資料包括一查詢區間,步驟(C)還根據該金鑰對該存款帳戶識別資訊進行加密,以得到一存款帳戶替代識別資訊,該用戶替代隱私資料還包括該存款帳戶替代識別資訊,步驟(H)係根據該第二服務要求之訊息取得該查詢區間內至少一已加密交易明細,其中,該已加密金融資料集包括該已加密交易明細。According to the financial data processing method in the cloud computing environment described in claim 5, wherein the user privacy information of the first service request message received in step (A) further includes a deposit account identification information. The non-private information includes an inquiry interval, and the step (C) further encrypts the deposit account identification information according to the key to obtain a deposit account replacement identification information, and the user substitute private information further includes the deposit account replacement identification information. Step (H) is to obtain at least one encrypted transaction detail in the query interval according to the message of the second service request, wherein the encrypted financial data set includes the encrypted transaction details.
依據申請專利範圍第2項所述之應用於雲端運算環境中的金融資料處理方法,其中,步驟(A)所接收的該第一服務要求之訊息的該用戶隱私資料還包括多筆交易帳戶識別資訊,步驟(C)還根據該金鑰分別對該等交易帳戶識別資訊進行加密,以得到多筆交易帳戶替代識別資訊,該用戶替代隱私資料還包括該等交易帳戶替代識別資訊,步驟(H)係根據該第二服務要求之訊息取得分別對應於該等交易帳戶替代識別資訊的多筆已加密交易帳戶相關資料,其中,該已加密金融資料集包括該等已加密交易帳戶相關資料,步驟(E)係根據該金鑰分別對該等已加密交易帳戶相關資料進行解密,以得到多筆已解密交易帳戶相關資料,該已解密金融資料集包括該等已解密交易帳戶相關資料。According to the financial data processing method in the cloud computing environment described in claim 2, wherein the user privacy data of the first service request message received in step (A) further includes multiple transaction account identifications. Information, step (C) further encrypts the transaction account identification information according to the key to obtain multiple transaction account replacement identification information, and the user substitute privacy data further includes the transaction account replacement identification information, step (H) Obtaining, according to the message of the second service request, a plurality of encrypted transaction account related materials respectively corresponding to the transaction account replacement identification information, wherein the encrypted financial data set includes the encrypted transaction account related materials, the steps (E) decrypting the encrypted transaction account related data according to the key to obtain a plurality of decrypted transaction account related materials, and the decrypted financial data set includes the decrypted transaction account related materials.
依據申請專利範圍第7項所述之應用於雲端運算環境中的金融資料處理方法,還包含步驟(F)及(G)之間且於該第一雲端服務提供系統所執行的下列步驟:(J)接收來自該應用服務提供系統且分別相關於該等已解密交易帳戶相關資料的多筆交易明細,並根據該金鑰對該等交易明細進行加密以得到多筆已加密交易明細;及(K)傳送該等已加密交易明細給該第二雲端服務提供系統;其中,步驟(G)還刪除該等交易明細及該等已加密交易明細。The financial data processing method applied to the cloud computing environment according to claim 7 of the patent application scope further includes the following steps performed between the steps (F) and (G) and executed by the first cloud service providing system: J) receiving a plurality of transaction details from the application service providing system and related to the data of the decrypted transaction accounts respectively, and encrypting the transaction details according to the key to obtain a plurality of encrypted transaction details; and K) transmitting the encrypted transaction details to the second cloud service providing system; wherein step (G) also deletes the transaction details and the encrypted transaction details.
依據申請專利範圍第8項所述之應用於雲端運算環境中的金融資料處理方法,還包含步驟(J)之後且於該第二雲端服務提供系統所執行的一步驟(L):接收並儲存該等已加密交易明細。The financial data processing method applied to the cloud computing environment according to claim 8 of the patent application scope further includes a step (L) performed after the step (J) and executed by the second cloud service providing system: receiving and storing These encrypted transaction details.
一種應用於雲端運算環境中的金融資料處理架構,可與一用戶裝置進行通訊,該金融資料處理架構包含:一應用服務提供系統,用以根據來自該用戶裝置的資料傳送一第一服務要求及其訊息;一第一雲端服務提供系統,可與該應用服務提供系統進行通訊;及一第二雲端服務提供系統,可與該應用服務提供系統及該第一雲端服務提供系統進行通訊;其中,該第一雲端服務提供系統用以:接收來自該應用服務提供系統的一第一服務要求及其訊息,其中,該第一服務要求之訊息包括一用戶隱私資料;根據該用戶隱私資料取得至少一個金鑰;根據該金鑰對該用戶隱私資料進行加密,以得到一用戶替代隱私資料;傳送一第二服務要求及其訊息給該第二雲端服務提供系統,其中,該第二服務要求之訊息包括該用戶替代隱私資料;接收來自該第二雲端服務提供系統回應該第二服務要求所傳送的一已加密金融資料集,並根據該金鑰對該已加密金融資料集進行解密,以得到一已解密金融資料集;傳送該已解密金融資料集給該應用服務提供系統以回應該第一服務要求;及刪除該用戶隱私資料、該用戶替代隱私資料、該已加密金融資料集,及該已解密金融資料集;其中,該第二雲端服務提供系統用以:根據來自該第一雲端服務提供系統的該第二服務要求之訊息取得該已加密金融資料集;及傳送該已加密金融資料集給該第一雲端服務提供系統。A financial data processing architecture for use in a cloud computing environment, which can communicate with a user device, the financial data processing architecture comprising: an application service providing system for transmitting a first service request based on data from the user device and a first cloud service providing system for communicating with the application service providing system; and a second cloud service providing system for communicating with the application service providing system and the first cloud service providing system; The first cloud service providing system is configured to receive a first service request and a message from the application service providing system, where the first service request message includes a user privacy profile; and the at least one user profile is obtained according to the user privacy profile. a key; the user privacy data is encrypted according to the key to obtain a user substitute for the private data; and the second service request and the message are sent to the second cloud service providing system, wherein the second service request message Including the user's alternative privacy information; receiving from the second cloud service delivery system Retrieving a set of encrypted financial data transmitted by the second service request, and decrypting the encrypted financial data set according to the key to obtain a decrypted financial data set; transmitting the decrypted financial data set to the application The service providing system responds to the first service request; and deletes the user privacy information, the user substitute privacy data, the encrypted financial data set, and the decrypted financial data set; wherein the second cloud service providing system is used Obtaining the encrypted financial data set according to the second service request message from the first cloud service providing system; and transmitting the encrypted financial data set to the first cloud service providing system.