CN103716328B - Operation request processing method and system - Google Patents
Operation request processing method and system Download PDFInfo
- Publication number
- CN103716328B CN103716328B CN201410003491.5A CN201410003491A CN103716328B CN 103716328 B CN103716328 B CN 103716328B CN 201410003491 A CN201410003491 A CN 201410003491A CN 103716328 B CN103716328 B CN 103716328B
- Authority
- CN
- China
- Prior art keywords
- system server
- background system
- network terminal
- confidentiality
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an operation request processing method and system. The operation request processing method comprises the steps that after receiving an operation request message, a background system server generates a response message according to a first preset security class and sends the response message to a network terminal; after receiving the response message, the network terminal generates a feedback message according to a second preset security class and sends the feedback message to the background system server; after receiving the feedback message, the background system server executes an operation request. By conducting security classification on data to be transmitted, semi-transparency of communication data is realized, a part of the communication data are transmitted in the form of plaintexts, and the integrity and the safety of the data to be transmitted with a higher security class can also be guaranteed on the premises that the absolute security of the data to be transmitted with the highest security class is guaranteed and the plaintexts of the data to be transmitted with the higher security class and the plaintexts of the data to be transmitted with a lower security class are visible.
Description
Technical field
The present invention relates to field of information security technology, more particularly, to a kind of operation requests processing method and system.
Background technology
The operational line of existing financial industry generally adopts the communication mode of full ciphertext transmission it is ensured that bank backstage and net
Secure Transaction between network terminal.
The communication mode of usual employing is: the network terminal is linked into bank processing hub, and using principle and the process of shaking hands
Logical security passage end to end is set up at center, and bank processing hub is all added with all communication datas that safety means occur
Close, these communication datas are all circulated in the form of ciphertext+mac on physical channel, to realize the purpose of communication security.
Wherein, the network terminal can include safety means (for example: intelligent cipher equipment, usb key equipment, the interconnection of ic card
Network termination etc.) and the networked devices such as the operation terminal (for example: pc machine, smart mobile phone, panel computer etc.) that is connected with safety means,
Safety means can carry out data interaction by operating terminal and bank processing hub.
But, due to establishing logical security passage between the network terminal and processing center, therefore communication data is in network
Terminal is circulation in the form of full ciphertext+mac in the physical channel between processing center, then if now in network eventually
End (includes main frame, mobile device and Mobile Server with being connected on the physical channel in the middle of processing center into other equipment
Deng Third party system server), these equipment will be only possible to the communication number as a simple tool for transmitting transmission ciphertext form
According to that is to say, that any process and the network terminal and process that the network terminal does to data all cannot be seen on devices
Between center occur any transactional operation, even if now the process of the network terminal makes a mistake, user third party device by
In completely not visible to transmission data, also cannot know or intervene, thus, this kind of data transfer mode is of limited application, pass
Defeated system once introduces other equipment or server, to complication, in netted development, this end-to-end full ciphertext between the ends
The secure transmission tunnel of transmission will manifest its hysteresis quality, be unfavorable for the expansion on applying, and meanwhile, transaction is completely dependent at bank
The notice at reason center, inefficient.
For example, by this communication modes expansive approach when the mobile payment service, need at the network terminal and bank
Add mobile device to be then attached to Mobile Server on physical channel between reason center, then silver is connected to by Mobile Server
Row processing center.But the full ciphertext transmission due to transmission data between the network terminal and bank processing hub, is clipped in network eventually
Mobile device between end and processing center and Mobile Server will be unable to read Transaction Information (ciphertext), thus cannot be to these
(statistical disposition, telephone expenses prepayment etc.) business is done in transaction.For another example, when doing charges for water and electricity payment transaction, user needs by bank to water
Electric company paying, because Transaction Information is in terminal and the transmission of bank processing hub full ciphertext, even if in Transmission system
The middle server accessing hydro power plant, they nor immediately view transaction data, user pays water after charges for water and electricity
Electric company is simultaneously ignorant, and hydro power plant can only wait bank by subscriber payment information transmission to them, just can know the water power of user
Take payout status.Such trading situation is completely opaque, and the transaction of " both parties " places one's entire reliance upon bank processing hub
Notify, inefficient, waste time.So not only give the processing speed of the daily bank processing hub processing a large amount of transaction data
Bring no small challenge, be also unfavorable for that (some trading volumes are very big and need timely to trading situation for related third party simultaneously
The operator knowing such as hydro power plant, commmunication company etc.) real-time monitored trading situation, implement business development, improve efficiency.
Content of the invention
Present invention seek to address that data is not visible in full ciphertext data transfer, the problem that data transmission applications are limited in scope.
Present invention is primarily targeted at providing a kind of operation requests processing method;
Another object of the present invention is to providing a kind of operation requests processing system.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
One aspect of the present invention provides a kind of operation requests processing method, comprising: step a: background system server receives
Operation requests;Step b: after described background system server receives described operation requests information, according to the first default level of confidentiality life
Become response message, and described response message is sent to the network terminal;Wherein, if the described first default level of confidentiality is close for first
Level, then described background system server generate described response message, and described response message is sent to the described network terminal, with
And send described response message to Third party system server;If the described first default level of confidentiality is the second level of confidentiality, described
Background system server carries out verification and calculates generation the first check information to the first data to be transmitted, and described response message is sent out
Deliver to the described network terminal, and described response message is sent to Third party system server;Wherein, described response message is extremely
Include described first check information less;Step c: after the described network terminal receives described response message, pre- according to described second
If level of confidentiality generates feedback information, and described feedback information is sent to described background system server;Wherein, if described second
Default level of confidentiality is the first level of confidentiality, then the described network terminal generates described feedback information, and described feedback information is sent to described
Background system server, and described feedback information is sent to described Third party system server;If described second presets
Level of confidentiality is the 3rd level of confidentiality, then the described network terminal calculates to the second data to be transmitted according to the encryption key in session key
Generate the second encryption information, and the second data to be transmitted is carried out with verification and calculate generation the second check information, receive confirmation and refer to
Order, and described feedback information is sent to described background system server;Wherein, described feedback information at least includes described second
Encryption information and described second check information;If the described first default level of confidentiality is the second level of confidentiality, the described network terminal receives
To after described response message, also described response message is verified, and after verifying that described response message passes through, execute basis
The step that described second default level of confidentiality generates feedback information;Step d: described background system server receives described feedback information
Afterwards, described operation requests are executed;Wherein, if the described second default level of confidentiality is the 3rd level of confidentiality, described background system server
After receiving described feedback information, also described feedback information is verified, and after verifying that described feedback information passes through, execution
Described operation requests.
Additionally, in described step b, if the described first default level of confidentiality is the 3rd level of confidentiality, described background system server
First data to be transmitted is carried out calculate according to the encryption key in session key and generate the first encryption information, and treat to first
Transmission data carries out verification and calculates generating the first check information, and described response message is sent to the described network terminal, wherein,
Described response message at least includes described first encryption information and described first check information;In described step c, if described
One default level of confidentiality is the 3rd level of confidentiality, then, after the described network terminal receives described response message, also described response message is carried out
Checking, and after verifying that described response message passes through, execution generates the step of described feedback information according to the described second default level of confidentiality
Suddenly.
Additionally, in described step c, if the described second default level of confidentiality is the second level of confidentiality, the described network terminal is to second
Data to be transmitted carries out verification and calculates generation the second check information, and described feedback information is sent to described background system service
Device, and described feedback information is sent to Third party system server;Wherein, described feedback information at least includes the second verification
Information;In described step d, if the described second default level of confidentiality is the second level of confidentiality, described background system server receives institute
After stating feedback information, also described feedback information is verified, and after verifying that described feedback information passes through, execute described operation
Request.
Additionally, in described step a: before background system server receives operation requests, described operation requests processing method
Also include: the described network terminal sends logging request to described Third party system server, and is logged in, and is logining successfully
Afterwards, described Third party system server sends operation requests to described background system server;Or the described network terminal is to institute
State background system server and send logging request, and logged in, and after logining successfully, the described network terminal is to described backstage
System server sends operation requests.
Additionally, in described step a: before background system server receives operation requests, described operation requests processing method
Also include: the described network terminal generates the first link information, and wherein, described first link information at least includes: the first algorithm mark
Know and the first random number;The described network terminal sends described first link information to background system server;Described backstage system
After system server receives described first link information, judge whether to support described first calculation according to described first algorithm mark
Method, and after judging to support described first algorithm, and second algorithm corresponding with described first algorithm is set, and generate second
Link information, wherein, described second link information at least includes: the second algorithm mark, background system server certificate and second
Random number;Described background system server sends described second link information to the described network terminal;The described network terminal connects
After receiving described second link information, legitimate verification is carried out to described background system server certificate, and after being verified,
Generate shared master key, and according to described background system server certificate, described shared master key is encrypted, obtain first
Ciphertext;The described network terminal adopts the first random number, described first algorithm mark and the institute described in private key pair of described safety means
State the second random number, described second algorithm mark is signed, and obtains signed data;The described network terminal is by the 3rd link information
Send to described background system server, wherein, described 3rd link information at least includes: the first ciphertext, signed data and
Safety certificate;After described background system server receives described 3rd link information, legitimacy is carried out to described safety certificate
Checking, and after verifying that described safety certificate passes through, verify described signed data, and after verifying that described signed data passes through,
Decipher described first ciphertext and obtain shared master key;Described background system server generates the first certification completion message, and to institute
State the network terminal and send described first certification completion message;After the described network terminal receives described first certification completion message,
Described first certification completion message is verified, and after being verified, generates the second certification completion message, and according to described
Shared master key carries out calculating generation session key;Wherein, described session key at least includes: encryption key;Described network is eventually
End sends described second certification completion message to described background system server;Described background system server receives described
After second certification completion message, described second certification completion message is verified, and after being verified, according to described shared
Master key carries out calculating generation session key;Wherein, described session key at least includes: encryption key.
Additionally, described session key also includes: mac computation key;Described verification calculates and includes: using described session key
In mac computation key data to be transmitted is calculated.
Additionally, described verification calculates and includes: at least through hash algorithm, data to be transmitted is calculated.
Another aspect of the present invention provides a kind of operation requests processing system, comprising: background system server, the network terminal
And Third party system server;Wherein, described background system server, for receiving operation requests, is receiving described behaviour
After making solicited message, response message is generated according to the first default level of confidentiality, and described response message is sent to the described network terminal;
Wherein, if the described first default level of confidentiality is the first level of confidentiality, described background system server generates described response message, and will
Described response message sends to the described network terminal, and described response message is sent to described Third party system server;
If the described first default level of confidentiality is the second level of confidentiality, described background system server carries out master gage to the first data to be transmitted
Calculate and generate the first check information, and described response message is sent to the described network terminal, and described response message is sent
To described Third party system server;Wherein, described response message at least includes described first check information;Described network is eventually
End, for after receiving described response message, generates feedback information according to the described second default level of confidentiality, and by described feedback letter
Breath sends to described background system server;Wherein, if the described second default level of confidentiality is the first level of confidentiality, the described network terminal
Generate described feedback information, and described feedback information is sent to described background system server, and by described feedback information
Send to described Third party system server;If the described second default level of confidentiality is the 3rd level of confidentiality, the described network terminal according to
Encryption key in session key carries out to the second data to be transmitted calculating generation the second encryption information, and to be transmitted to second
Data carries out verification and calculates generation the second check information, receives and confirms instruction, and described feedback information is sent to described backstage
System server;Wherein, described feedback information at least includes described second encryption information and described second check information;If institute
Stating the first default level of confidentiality is the second level of confidentiality, then after the described network terminal receives described response message, also to described response message
Verified, and after verifying that described response message passes through, feedback information is generated according to the described second default level of confidentiality;Described backstage
System server, is additionally operable to, after receiving described feedback information, execute described operation requests;Wherein, if described second is pre-
If level of confidentiality is the 3rd level of confidentiality, then, after described background system server receives described feedback information, also described feedback information is entered
Row checking, and after verifying that described feedback information passes through, execute described operation requests.
Additionally, if the described first default level of confidentiality is the 3rd level of confidentiality, described background system server is according to session key
In encryption key the first data to be transmitted is carried out calculate and generates the first encryption information, and the first data to be transmitted is carried out
Verification calculates and generates the first check information, and described response message is sent to the described network terminal, wherein, described response message
At least include described first encryption information and described first check information;If the described first default level of confidentiality is the 3rd level of confidentiality,
After the described network terminal receives described response message, also described response message is verified, and verifying described response letter
After breath passes through, described feedback information is generated according to the described second default level of confidentiality.
Additionally, if the described second default level of confidentiality is the second level of confidentiality, the described network terminal enters to the second data to be transmitted
Row verification calculates and generates the second check information, and described feedback information is sent to described background system server, and by institute
State feedback information to send to Third party system server;Wherein, described feedback information at least includes the second check information;If institute
Stating the second default level of confidentiality is the second level of confidentiality, then after described background system server receives described feedback information, also to described anti-
Feedforward information is verified, and after verifying that described feedback information passes through, executes described operation requests.
Additionally, the described network terminal, it is additionally operable to send logging request to described Third party system server, and is stepped on
Record, and after logining successfully, described Third party system server sends operation requests to described background system server;Or institute
State the network terminal, be additionally operable to send logging request to described background system server, and logged in, and after logining successfully,
The described network terminal sends operation requests to described background system server.
Additionally, before platform system server receives operation requests in the rear, the described network terminal, it is additionally operable to generate first
Link information, wherein, described first link information at least includes: the first algorithm mark and the first random number, by described first even
The information of connecing sends to background system server;Described background system server, is additionally operable to receiving described first link information
Afterwards, judge whether to support described first algorithm according to described first algorithm mark, and after judging to support described first algorithm,
And second algorithm corresponding with described first algorithm is set, and generate the second link information, wherein, described second link information is extremely
Few inclusion: the second algorithm mark, background system server certificate and the second random number, described second link information is sent to institute
State the network terminal;The described network terminal, is additionally operable to after receiving described second link information, to described background system server
Certificate carries out legitimate verification, and after being verified, generates shared master key, and according to described background system server certificate
Described shared master key is encrypted, obtains the first ciphertext, using the first random number described in the private key pair of described safety means,
Described first algorithm mark and described second random number, described second algorithm mark are signed, and obtain signed data, by the 3rd
Link information sends to described background system server, and wherein, described 3rd link information at least includes: the first ciphertext, signature
Data and safety certificate;Described background system server, is additionally operable to after receiving described 3rd link information, to described peace
Full certificate carries out legitimate verification, and after verifying that described safety certificate passes through, verifies described signed data, and described in checking
After signed data passes through, described first ciphertext of deciphering obtains shared master key, generates the first certification completion message, and to described net
Network terminal sends described first certification completion message;The described network terminal, is additionally operable to complete to disappear receiving described first certification
After breath, described first certification completion message is verified, and after being verified, generate the second certification completion message, and root
Carry out calculating according to described shared master key and generate session key;Wherein, described session key at least includes: encryption key, by institute
State the second certification completion message to send to described background system server;Described background system server, is additionally operable to receiving
After described second certification completion message, described second certification completion message is verified, and after being verified, according to described
Shared master key carries out calculating generation session key;Wherein, described session key at least includes: encryption key.
Additionally, described session key also includes: mac computation key;Described verification calculates and includes: using described session key
In mac computation key data to be transmitted is calculated.
Additionally, described verification calculates and includes: at least through hash algorithm, data to be transmitted is calculated.
As seen from the above technical solution provided by the invention, by a kind of operation requests processing method of the present invention and
System, by carrying out level of confidentiality classification so that communication data reaches translucentization to data to be transmitted, makes section communication data with bright
Civilian mode is transmitted, and on the premise of the absolute safety ensureing level of confidentiality highest data to be transmitted, level of confidentiality can also made relatively low
It is ensured that the integrality of the higher data to be transmitted of level of confidentiality and safety on the premise of higher data to be transmitted is visual in plain text
Property, so that the Third party system server in network transmission system can be checked some communication datas and do industry using these information
Business is expanded, thus increasing the utilization rate of such communication data after Transmission system complicates it is achieved that the peace of network transmission system
Full property is got both with application scalability.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to required use in embodiment description
Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the flow chart of operation requests processing method provided in an embodiment of the present invention;
Fig. 2 is the structural representation of operation requests processing system provided in an embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on this
Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under the premise of not making creative work
Example, broadly falls into protection scope of the present invention.
In describing the invention it is to be understood that term " " center ", " longitudinal ", " horizontal ", " on ", D score,
The orientation of instruction such as "front", "rear", "left", "right", " vertical ", " level ", " top ", " bottom ", " interior ", " outward " or position relationship are
Based on orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description, rather than instruction or dark
Show the device of indication or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that right
The restriction of the present invention.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint are relative
Importance or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or is integrally connected;Can
To be to be mechanically connected or electrical connection;Can be to be joined directly together it is also possible to be indirectly connected to by intermediary, Ke Yishi
The connection of two element internals.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
The flow chart that Fig. 1 illustrates the operation requests processing method of the present invention, referring to Fig. 1, at the operation requests of the present invention
Reason method, comprising:
Step s101: background system server receives operation requests;
Specifically, the present invention can be the frame based on the network terminal, background system server and Third party system server
The operation requests completing under structure are processed;
The network terminal of the present invention can be an end entity possessing data safe processing function, for example: possess number
According to the pc machine of safe handling function, panel computer, notebook computer or smart mobile phone etc.;An operation terminal can also be included
(for example, common pc machine, panel computer, notebook computer or smart mobile phone etc.) and a security terminal are (for example: intelligence is close
Key equipment, ic card reader etc.) two entities, as long as enabling the function of inventive network terminal, belong to the present invention's
Protection domain.Certainly, if the network terminal of the present invention is an entity, the safe handling of data is direct on the network terminal
Carry out;If the network terminal of the present invention includes two entities, the safe handling of data can be carried out on security terminal, example
As: data is encrypted or verifies with calculating etc. and carries out all on security terminal, strengthen portability.
The background system server of the present invention can be the processing center of bank, i.e. the background process server of bank should
Background system server can process the business that all kinds of banks support.
The Third party system server of the present invention can have the server of all kinds of business contacts with bank processing hub, permissible
Including: during the server paying telephone charge, the server paying cell-phone fee, hydro power plant pay the server of charges for water and electricity, mass transit card supplements with money
All kinds of servers such as central server, gas company's voucher center server.
The operation requests of the application can include transaction request or all kinds of service request etc., for example: to prepaid mobile phone recharging
Request, the request supplemented with money to ic card, the request of evidence of making up the number to ic card, network trading such as ask at any form of request.
In the present invention, operation requests can be Third party system server issue background system server or
The network terminal is transmitted directly to background system server, for example:
The network terminal of the present invention can send logging request to Third party system server, and is logged in, and is stepping on
After record success, Third party system server sends operation requests to background system server;Or
The network terminal of the present invention sends logging request to background system server, and is logged in, and is logining successfully
Afterwards, the network terminal sends operation requests to background system server.
As long as background system server can be made to receive all kinds of operation requests all should belong to protection scope of the present invention.
So, user, in network terminal operation, signing in background system server or can sign in third party
After system server, send operation requests to background system server, so that the transmission of operation requests possesses all kinds of adaptations
Ability is it is ensured that all kinds of business all can be realized.
Step s102: after background system server receives operation requests information, response is generated according to the first default level of confidentiality
Information, and response message is sent to the network terminal;Wherein,
If the first default level of confidentiality is the first level of confidentiality, background system server generates response message, and by response message
Send to the network terminal, and response message is sent to Third party system server;
If the first default level of confidentiality is the second level of confidentiality, background system server carries out master gage to the first data to be transmitted
Calculate and generate the first check information, and response message is sent to the network terminal, and response message is sent to Third party system
Server;Wherein, response message at least includes the first check information;
Specifically, in background system server, different levels of confidentiality can be set to data to be transmitted, for number to be transmitted
According to the different process of different level of confidentiality execution, thus on the premise of ensureing security, the data that level of confidentiality can be made relatively low possesses
Visual.
In the present invention, in background system server, data to be transmitted can be pre-set with two default levels of confidentiality, its
In, can arrange the first level of confidentiality in default level of confidentiality is the relatively low level of confidentiality of level of confidentiality, and the second level of confidentiality in the default level of confidentiality of setting is close
The higher level of confidentiality of level, now, after background system server receives operation requests information, generates response letter according to this default level of confidentiality
Breath, and response message is sent to the network terminal.And the background system server data to be transmitted relatively low to level of confidentiality can only be entered
Row is simple to be processed, and is transmitted with plaintext version, thus ensureing the visuality of data to be transmitted, such as: do not distort utilization
The record communication data being worth, such as manipulation of data stream, daily record etc.;The background system server data to be transmitted higher to level of confidentiality
Verification can be carried out calculate, and carry out in the lump sending out by the plaintext of data to be transmitted with through verifying calculated verification data
Send, thus it can also be ensured that the integrality of data on the premise of the visuality ensureing data to be transmitted, such as can be used for applying
Expand, be other equipment or server do business using but must be sure that the communication data that is not tampered with, such as dealing money, should
With type etc..Thus, background system server is in addition to sending the response message corresponding to operation requests to the network terminal,
Data to be transmitted in response message can also be sent to Third party system server with clear-text way, user in third party is
Data can be carried out at system server and check the visuality it is ensured that data.
Certainly, in this step, data to be transmitted can also be pre-set with three levels of confidentiality, can arrange in default level of confidentiality
First level of confidentiality is the relatively low level of confidentiality of level of confidentiality, and the second level of confidentiality in the default level of confidentiality of setting is the higher level of confidentiality of level of confidentiality, and setting is default close
In level the 3rd intensive for highest level of confidentiality, now, if the first default level of confidentiality is the 3rd level of confidentiality, background system server root
First data to be transmitted is carried out calculate according to the encryption key in session key and generate the first encryption information, and to be passed to first
Transmission of data carries out verification and calculates generation the first check information, and response message is sent to the network terminal, and wherein, response message is extremely
Include the first encryption information and the first check information less.Background system server can be carried out to level of confidentiality highest data to be transmitted
Computations and verification calculate, and carry out in the lump sending out by the ciphertext of data to be transmitted with through verifying calculated verification data
Send, thereby may be ensured that the safety of data to be transmitted, ensure the integrality of data simultaneously.
Step s103: after the network terminal receives response message, feedback information is generated according to the second default level of confidentiality, and will be anti-
Feedforward information sends to background system server;Wherein,
If the second default level of confidentiality is the first level of confidentiality, the network terminal generates feedback information, and by feedback information send to
Background system server, and feedback information is sent to Third party system server;
If the second default level of confidentiality is the 3rd level of confidentiality, the network terminal is treated to second according to the encryption key in session key
Transmission data carries out calculating generation the second encryption information, and the second data to be transmitted is carried out with verification calculating generation the second verification
Information, receives and confirms instruction, and feedback information is sent to background system server;Wherein, feedback information at least includes second
Encryption information and the second check information;
If the first default level of confidentiality is the second level of confidentiality, after the network terminal receives response message, also response message is entered
Row checking, and after checking response message passes through, the step that execution generates feedback information according to the second default level of confidentiality;
Specifically, in the network terminal, similarly different levels of confidentiality are arranged to data to be transmitted, for data to be transmitted not
The different process of same level of confidentiality execution, thus on the premise of ensureing security, the data that level of confidentiality can be made relatively low possesses visually
Property.
In the present invention, in the network terminal, data to be transmitted can be pre-set with two default levels of confidentiality, wherein it is possible to
The first level of confidentiality in the default level of confidentiality of setting is the relatively low level of confidentiality of level of confidentiality, and the 3rd level of confidentiality in the default level of confidentiality of setting is level of confidentiality highest
Level of confidentiality, now, after the network terminal receives response message, generates feedback information according to this default level of confidentiality, and feedback information is sent out
Deliver to background system server.And the network terminal data to be transmitted relatively low to level of confidentiality can only simply be processed, with bright
Civilian form is transmitted, thus ensureing the visuality of data to be transmitted, such as: do not distort the record communication number of value
According to such as manipulation of data stream, daily record etc.;The network terminal can be encrypted calculating and master gage to level of confidentiality highest data to be transmitted
Calculate, and be transmitted in the lump by the ciphertext of data to be transmitted with through verifying calculated verification data, thus ensureing data
Integrality and non repudiation and confidentiality, for example: individual can only have the communication data it is ensured that transaction security, such as
People's account, pin code, transaction code etc..Thus, the network terminal except by the plaintext of the feedback information corresponding to response message send to
Outside background system server, the plaintext of the data to be transmitted in feedback information can also be sent to Third party system service
Device, user can carry out data at Third party system server and check the visuality it is ensured that data, and meanwhile, the network terminal is also
Optionally the ciphertext of data to be transmitted and check information can be sent to Third party system server, to adapt to all kinds of industry
Business, improves application power.
Certainly, when the level of confidentiality of the data to be transmitted in the response message that background system server sends is the second level of confidentiality,
So background system server has also also carried out verification calculating to data to be transmitted, and now, the network terminal receives response message
Afterwards, also response message is verified, i.e. verification data is verified, and after checking response message passes through, just execute root
The step generating feedback information according to the second default level of confidentiality;Thereby it is ensured that data integrity, prevent from distorting, the network terminal only has
In the case that the data of the response message receiving is complete, just carry out subsequent treatment, improve the security of data transfer.
Further, it is also possible in the network terminal, data to be transmitted be pre-set with three default levels of confidentiality, wherein it is possible to set
Putting the first level of confidentiality in default level of confidentiality is the relatively low level of confidentiality of level of confidentiality, and the 3rd level of confidentiality in the default level of confidentiality of setting is that level of confidentiality highest is close
Level, the second level of confidentiality in the default level of confidentiality of setting is the higher level of confidentiality of level of confidentiality, for example: if the second default level of confidentiality is the second level of confidentiality,
Then the network terminal carries out verification calculating generation the second check information to the second data to be transmitted, and feedback information is sent to backstage
System server, and feedback information is sent to Third party system server;Wherein, feedback information at least includes the second verification
Information;The network terminal data to be transmitted higher to level of confidentiality can carry out verification and calculate, and by the plaintext of data to be transmitted and warp
Cross and verify calculated verification data and be transmitted in the lump, thus on the premise of the visuality ensureing data to be transmitted, also
Can ensure that the integrality of data.
If additionally, the level of confidentiality of the data to be transmitted in the response message of background system server transmission is the 3rd level of confidentiality,
If i.e. the first default level of confidentiality is the 3rd level of confidentiality, after the network terminal receives response message, also response message is verified,
And after checking response message passes through, the step that execution generates feedback information according to the second default level of confidentiality.Thereby it is ensured that it is to be passed
The security of transmission of data and the integrality that ensure that data, prevent from distorting, and the network terminal is only in the response message receiving
Data complete in the case of, just carry out subsequent treatment, improve the security of data transfer.
Step s104: after background system server receives feedback information, execute operation requests;Wherein,
If the second default level of confidentiality is the 3rd level of confidentiality, after background system server receives feedback information, also to feedback
Information is verified, and after checking feedback information passes through, executes operation requests.
Specifically, when the level of confidentiality of the data to be transmitted in the feedback information that the network terminal sends is three level of confidentiality, then
The network terminal has also also carried out computations to data to be transmitted and verification calculates, and now, background system server receives instead
After feedforward information, also feedback information is verified, i.e. verification data is verified, and after checking feedback information passes through,
Execution operation requests.Thereby it is ensured that the integrality of the security data transmission of output transmission, prevent from distorting, background system
Server, only in the case that the data of the feedback information receiving is complete, just carries out subsequent treatment, improves data transfer
Security.
Certainly, if the in the network terminal second default level of confidentiality is the second level of confidentiality, background system server receives instead
After feedforward information, also feedback information is verified, and after checking feedback information passes through, execute operation requests.Background system takes
After business device receives feedback information, also feedback information is verified, thereby it is ensured that the integrality of data, prevent from distorting, after
Platform system server, only in the case that the data of the feedback information receiving is complete, just carries out subsequent treatment, improves data
The security of transmission.
As can be seen here, by the operation requests processing method of the present invention, by level of confidentiality classification is carried out to data to be transmitted, make
Obtain communication data and reach translucentization, make section communication data transmit with clear-text way, ensure level of confidentiality highest number to be transmitted
According to absolute safety on the premise of, can also on the premise of making the relatively low and higher data to be transmitted of level of confidentiality visual in plain text,
Also ensure the higher integrality of data to be transmitted of level of confidentiality and security, so that the Third party system service in network transmission system
Device can be checked some communication datas and do business development using these information, thus increasing such after Transmission system complicates
The utilization rate of communication data is it is achieved that the getting both of the security of network transmission system and application scalability.
Ask in addition, if producing multiple data interaction between background system server and the network terminal and just can executing operation
Ask, then, step s102 and step s103 of the present invention can be repeated, so that background system service after multiple data interaction
Device executes operation requests.
Certainly, in step s101: before background system server receives operation requests, the operation requests process side of the present invention
Method can also include the operation of the generation of session key.
Specifically, before background system server receives operation requests, can conversate key in the following way
Generation:
Step s105: the network terminal generates the first link information, and wherein, the first link information at least includes: the first algorithm
Mark and the first random number;
Step s106: the network terminal sends the first link information to background system server;
Step s107: after background system server receives the first link information, judged whether according to the first algorithm mark
Support the first algorithm, and after judging to support the first algorithm, and second algorithm corresponding with the first algorithm is set, and generate
Two link informations, wherein, the second link information at least includes: second algorithm mark, background system server certificate and second with
Machine number;
Step s108: background system server sends the second link information to the network terminal;
Step s109: after the network terminal receives the second link information, legitimacy is carried out to background system server certificate
Checking, and after being verified, generate shared master key, and shared master key is carried out add according to background system server certificate
Close, obtain the first ciphertext;
Step s110: the network terminal adopt safety means private key pair first random number, first algorithm mark and second with
Machine number, the second algorithm mark are signed, and obtain signed data;
Step s111: the network terminal sends the 3rd link information to background system server, wherein, the 3rd link information
At least include: the first ciphertext, signed data and safety certificate;
Step s112: after background system server receives the 3rd link information, legitimate verification is carried out to safety certificate,
And after checking safety certificate passes through, verify signed data, and after checking signed data passes through, deciphering first ciphertext obtains altogether
Enjoy master key;
Step s113: background system server generates the first certification completion message, and send the first certification to the network terminal
Completion message;
Step s114: after the network terminal receives the first certification completion message, the first certification completion message is verified,
And after being verified, generate the second certification completion message, and carry out calculating generation session key according to shared master key;Its
In, session key at least includes: encryption key;
Step s115: the network terminal sends the second certification completion message to background system server;
Step s116: after background system server receives the second certification completion message, the second certification completion message is entered
Row checking, and after being verified, carry out calculating generation session key according to shared master key;Wherein, session key at least wraps
Include: encryption key.
Certainly, in the present invention, the network terminal in step s114 and step s116 and background system server generate session
The operation of key can be carried out after both sides' mutual authentication verification completion message simultaneously.
Additionally, when generating session key, session key can also be made to include: mac computation key;Now, above-mentioned step
Verification in rapid is calculated and using the mac computation key in session key, data to be transmitted can be calculated.Thereby it is ensured that
The integrality of data to be transmitted.
Certainly, the session key generating in the present invention can also only include an encryption key, the network terminal and backstage system
System server between in advance consult verification calculate mode, carry out data integrity verifying it is ensured that data to be transmitted complete
Property, now, verification calculating can at least include: at least through hash algorithm, data to be transmitted is calculated;It is, of course, also possible to
The hash value being calculated by respective private key pair is signed, and other side is verified to signed data by public key, thus protecting
The non repudiation of card data is activation both sides, improves security further.
As long as the verification that can at least realize data integrity verifying calculates, protection scope of the present invention all should be belonged to.
Specifically, the session key generating process of the present invention to be described below by way of an example:
1) network terminal acquisition algorithm mark a1, and produces random number r1, r1 and a1 obtain after connecting r1 (r1=r1 |
A1), the algorithm according to the network terminal is supported to be arranged on the symmetry algorithm needing to use in following steps and asymmetric arithmetic;
2) random number r1 and algorithm mark a1 are sent to background system server by the network terminal, start Handshake Protocol;
3) background system server selection algorithm mark a2, produces random number r2, r2 and a2 obtains r2 after connecting.According to from
The algorithm information that terminal is sent, checks whether background system server is supported, if background system server supports this algorithm,
The setting corresponding enciphering and deciphering algorithm of background system server;Do not support, return error message, disconnect;
4) background system server sends the certificate of random number r2 and background system server;
5) the background system server certificate that prefabricated in network terminal using terminal ca root certificate checking receives, if tested
Card does not pass through, then send error messages, terminates link;Otherwise, the network terminal produces 48 byte random numbers (r1+r2) as shared
Master key m1, and m1 is encrypted using the asymmetric arithmetic arranging before using the public key in background system server certificate
To e1;
6) r1 and r2 obtains r3 after connecting, and the network terminal first carries out digest algorithm to r3 and obtains h1, then using network eventually
End private key pair h1 carries out signature computing and obtains s1;
7) s1, e1 and network terminal certificate are sent to background system server by the network terminal;
8) background system server uses ca root certificate to verify network terminal certificate legitimacy, if network terminal certification authentication
Do not pass through, then send error message, terminate link;If network terminal certification authentication is passed through, tested using network terminal certificate
Card s1.If s1 checking is not passed through, send error message, terminate link.Otherwise, from e1, deciphering obtains shared master key m1;
9) background system server background system server certificate is carried out make a summary computing obtain h2, to network terminal certificate
Carry out summary computing and obtain h3.T1 (t1=r1 | | r2 | | h2 | | h3 | | s1 | | is obtained after r1, r2, h2, h3, s1, e1 are connected
e1);Then t1 is carried out with summary computing and obtains h4;D1 is obtained after ascii code " server " and h4 are connected;First 16 using m1
Byte carries out hmac computing to d1 and obtains f1;
10) background system server sends handshake authentication completion message f1 to the network terminal;
11) f1 that the background system server that network terminal checking receives is sent, if checking is unsuccessful, sends mistake
Message, terminates link;Otherwise, send network terminal handshake authentication message f2 to background system server;F2 computing and f1 computing
Method the same it is only necessary to the ascii code " server " during f1 computing is changed to ascii code " client ";
12) network terminal sends handshake authentication completion message f2 to background system server;
13) the f2 message that background system server is received using same computational methods checking.Authentication failed, then send
Error message, terminates link;
14), after above-mentioned handshake procedure success, both sides make session key with the following method:
X=hmac (m1, key_label | | r1 | | r2) (m1 takes its front 16 byte)
Wherein key_label is 3 byte ascii codes " key ".The x20 that makes x1x2 ... is respectively the 1st of x to the 20th byte,
Then encryption key skey is: skey=x1x2 ... x16, mac key mkey is: mkey=x5x6 ... x20;
Certainly, the mode of present invention generation session key is not limited thereto, as long as the generation of session key can be realized,
Protection scope of the present invention all should be belonged to.
Fig. 2 illustrates the structural representation of the operation requests processing system of the present invention, certainly, at the operation requests of the present invention
Reason system is based on aforesaid operations request processing method, and this is no longer going to repeat them, only the operation requests processing system to the present invention
Briefly describe, referring to Fig. 2, the operation requests processing system of the present invention, comprising: background system server 10, the network terminal 20
And Third party system server 30;Wherein,
Background system server 10, for receiving operation requests, after receiving operation requests information, default according to first
Level of confidentiality generates response message, and response message is sent to the network terminal 20;Wherein,
If the first default level of confidentiality is the first level of confidentiality, background system server 10 generates response message, and response is believed
Breath sends to the network terminal 20, and response message is sent to Third party system server 30;
If the first default level of confidentiality is the second level of confidentiality, background system server 10 verifies to the first data to be transmitted
Calculate and generate the first check information, and response message is sent to the network terminal 20, and response message is sent to third party
System server 30;Wherein, response message at least includes the first check information;
The network terminal 20, for, after receiving response message, feedback information being generated according to the second default level of confidentiality, and will be anti-
Feedforward information sends to background system server 10;Wherein,
If the second default level of confidentiality is the first level of confidentiality, the network terminal 20 generates feedback information, and feedback information is sent
To background system server 10, and feedback information is sent to Third party system server 30;
If the second default level of confidentiality is the 3rd level of confidentiality, the network terminal 20 is according to the encryption key in session key to second
Data to be transmitted carries out calculating generation the second encryption information, and the second data to be transmitted is carried out with verification calculating generation the second school
Test information, receive and confirm instruction, and feedback information is sent to background system server 10;Wherein, feedback information at least includes
Second encryption information and the second check information;
If the first default level of confidentiality is the second level of confidentiality, after the network terminal 20 receives response message, also to response message
Verified, and after checking response message passes through, feedback information is generated according to the second default level of confidentiality;
Background system server 10, is additionally operable to upon reception of the feedback information, execute operation requests;Wherein,
If the second default level of confidentiality is the 3rd level of confidentiality, after background system server 10 receives feedback information, also to anti-
Feedforward information is verified, and after checking feedback information passes through, executes operation requests.
Certainly, if the first default level of confidentiality is the 3rd level of confidentiality, background system server 10 is according to adding in session key
Key carries out to the first data to be transmitted calculating generation the first encryption information, and carries out master gage to the first data to be transmitted
Calculate and generate the first check information, and response message is sent to the network terminal 20, wherein, response message at least includes the first encryption
Information and the first check information;If the first default level of confidentiality is the 3rd level of confidentiality, after the network terminal 20 receives response message, also
Response message is verified, and after checking response message passes through, feedback information is generated according to the second default level of confidentiality.
In addition, if the second default level of confidentiality is the second level of confidentiality, then the network terminal 20 verifies to the second data to be transmitted
Calculate and generate the second check information, and feedback information is sent to background system server 10, and by feedback information send to
Third party system server 30;Wherein, feedback information at least includes the second check information;If the second default level of confidentiality is close for second
Level, then, after background system server 10 receives feedback information, also verify to feedback information, and leads in checking feedback information
Later, operation requests are executed.
Additionally, inventive network terminal 20 can also carry out the process of a login, specific as follows:
The network terminal 20, is additionally operable to send logging request to Third party system server 30, and is logged in, and is logging in
After success, Third party system server 30 sends operation requests to background system server 10;Or
The network terminal 20, is additionally operable to send logging request to background system server 10, and is logged in, and logging in into
After work(, the network terminal 20 sends operation requests to background system server 10.
It is also possible to include the operation that a session key generates, specific as follows:
Before background system server 10 receives operation requests,
The network terminal 20, is additionally operable to generate the first link information, and wherein, the first link information at least includes: the first algorithm
Mark and the first random number, the first link information is sent to background system server 10;
Background system server 10, is additionally operable to after receiving the first link information, identifying judgement according to the first algorithm is
No support the first algorithm, and after judging to support the first algorithm, and second algorithm corresponding with the first algorithm is set, and generate
Second link information, wherein, the second link information at least includes: background system server 10 certificate and the second random number, by
Two link informations send to the network terminal 20;
The network terminal 20, is additionally operable to, after receiving the second link information, background system server 10 certificate be closed
Method is verified, and after being verified, generates shared master key, and according to background system server 10 certificate to shared master key
It is encrypted, obtain the first ciphertext, random using private key pair first random number of safety means, the first algorithm mark and second
Number, the second algorithm mark are signed, and obtain signed data, the 3rd link information is sent to background system server 10, its
In, the 3rd link information at least includes: the first ciphertext, signed data and safety certificate;
Background system server 10, is additionally operable to, after receiving the 3rd link information, carry out legitimacy to safety certificate and test
Card, and after checking safety certificate passes through, verify signed data, and after checking signed data passes through, deciphering the first ciphertext obtains
Master key must be shared, generate the first certification completion message, and send the first certification completion message to the network terminal 20;
The network terminal 20, is additionally operable to, after receiving the first certification completion message, the first certification completion message be tested
Card, and after being verified, generate the second certification completion message, and carry out calculating generation session key according to shared master key;
Wherein, session key at least includes: encryption key, and the second certification completion message is sent to background system server 10;
Background system server 10, is additionally operable to after receiving the second certification completion message, to the second certification completion message
Verified, and after being verified, carry out calculating generation session key according to shared master key;Wherein, session key is at least
Including: encryption key.
Certainly, if also included in session key: mac computation key;So, verification calculates and includes: adopts session key
In mac computation key data to be transmitted is calculated.
If only including encryption key in session key, then, verification calculating can also include: at least through hash algorithm
Data to be transmitted is calculated.It is, of course, also possible to adopt the network terminal 20 or the respective private key of background system server 10
Hash value is signed, then using the public key of other side, signature is verified, on the premise of guaranteeing data integrity, also
Can ensure that the non repudiation of data sender.
As can be seen here, by the operation requests processing system of the present invention, by level of confidentiality classification is carried out to data to be transmitted, make
Obtain communication data and reach translucentization, make section communication data transmit with clear-text way, ensure level of confidentiality highest number to be transmitted
According to absolute safety on the premise of, can also on the premise of making the relatively low and higher data to be transmitted of level of confidentiality visual in plain text,
Also ensure the higher integrality of data to be transmitted of level of confidentiality and security, so that the Third party system service in network transmission system
Device can be checked some communication datas and do business development using these information, thus increasing such after Transmission system complicates
The utilization rate of communication data is it is achieved that the getting both of the security of network transmission system and application scalability.
Certainly, the structure of the operation requests processing system of the present invention is not limited thereto, and can also draw in each entity
Separate the different functions of different functional modules execution, for example: can arrange in the network terminal receiver module, sending module,
The different function of each difference in functionality module such as computing module, generation module execution, this is no longer going to repeat them, as long as solving
The technical problem of the present invention, employs technical scheme it is achieved that all kinds of Module Division of the effect of the present invention, all should
Belong to protection scope of the present invention.
Hereinafter, calculate, by as a example the calculating of mac computation key, the classification to data to be transmitted for the present invention to be described by verification
And process:
First, the network terminal with background system server arrange three different levels of confidentiality to data to be transmitted:
Common: not distort the record communication data of value, such as manipulation of data stream, daily record etc.;
Important: to can be used for application extension, be other equipment or server does business using but must be sure that being not tampered with
Communication data, such as dealing money, application type etc.;
Secret: individual can only have the communication data it is ensured that transaction security, such as personal account, pin code, transaction code etc..
Secondly, arrange what the data to be transmitted to different security level was processed in the network terminal and background system server
Scheme:
Common: in plain text.Do not make any process, be transferred directly in the network transmission decorum;
Important :+mac in plain text.Using mac computation key, plaintext is calculated, generate a mac value.Will plaintext and mac
Value packing transmission.After background system server or the network terminal receive such data (in plain text with mac value), using in advance
The mac computation key consulting is verified to mac it is ensured that information is not tampered with;
Secret: ciphertext+mac.Using encryption key, plaintext is encrypted, generates ciphertext, recycle mac to calculate close simultaneously
Key carries out calculating mac value to plaintext.By ciphertext and the packing transmission of mac value.Background system server or the network terminal receive
To after such data (ciphertext and mac value), using the encryption key consulting in advance, ciphertext is decrypted, and using in advance
The mac computation key consulting is verified to mac it is ensured that information is not tampered with.
Now, when the network terminal is communicated with background system server, type of transaction, transaction data are due to being in plain text
Upload, can be seen by a third party, increased the transaction transparency;Additionally, due to data be addition of mac check value it is ensured that
This data can not tamper;The confidential information such as the trading password of user, pin code are still passed in the way of ciphertext plus mac
Defeated it is ensured that being perfectly safe of topsecret papers.
Hereinafter, by charges for water and electricity payment as a example, summarize payment flow process, only this illustrates as an applicating example, not with
This limits the scope of the invention.
(1) the operation terminal being connected with security terminal is respectively connected to the background process of hydro power plant server and bank by user
Center.The network terminal (including security terminal and operation terminal), hydro power plant server, bank's background process center constitute one
Network transmission system.
(2), when concluding the business, the network terminal sets up logical security passage with bank's background process center first.
(3), after logical security Path Setup finishes, bank's background process center needs to send account and pin to user
The input request instruction of code.The communication data that now this instruction is transmitted as needs, because this instruction is a flow process
Data flow, bank's background process center defines the level this instruction to be transmitted for common, passes in plain text in network transmission system,
Hydro power plant server in system now can see that the progress of transaction is in requirement user input account state.
(4) it is now desired to send out the account of oneself and password after the network terminal is connected to instruction.Now, due to this
Data belongs to secret rank, and the data key consulted when then being set up using escape way is encrypted and calculates mac, then
It is sent in network transmission system with ciphertext+mac form.Now, the network terminal can be optionally to hydro power plant server
Send the account of user and password, no matter whether the network terminal sends account and the password of user, water to hydro power plant server
Electric corporate server nor account and the password of seeing user.
(5) bank's background process center is connected to the secret key decryption consulted when the account number cipher of user is set up using escape way
And after completing verification, user can be needed the bill that pay, dealing money is sent to terminal.Because these communication datas belong to
Severity level, then issue calculating together with plain text after mac value, hydro power plant server can see that bank's background process
To the bill of user and the amount of money, now it the industry such as can count using these dealing money and the financial counting of oneself at center
Business.Because there being mac check value, also effectively prevent simultaneously and being gone fishing, dealing money is by falsification.
(6) after the network terminal is connected to, will confirm that instruction sends out, bank's background process center sends input password request,
These instructions are all the manipulation of data stream characterizing transaction progress, so the network terminal and bank's background process center these are led to
Letter data is transmitted in plain text with common grade, and hydro power plant server can understand transparent sees the progress that transaction is carried out.
(7) network terminal will need the trading password of transmission, is sent out with the form of ciphertext plus mac, and now, network is eventually
End optionally can also send trading password to hydro power plant server, and no matter whether the network terminal sends trading password
To hydro power plant server, hydro power plant server all can't see the trading password of user it is ensured that safety.
(8) bank's background process center is connected to password, after deciphering completes cryptographic check, completes to pay.
So, using operation requests processing method and the system of the present invention, can while ensureing that transaction security is carried out,
Progress of concluding the business and amount of money transparence, big beneficial to trading volume, and financial account change is known immediately with the fortune having higher requirements
Battalion business (water power pays, and mobile phone rate pays etc.) realizes business development and provides possibility, for increasingly tending to the network complicating
The development of Transmission system is provided convenience.Adopting said method, both parties no longer will depend on merely bank to notify.Communication system
The transparent transaction progress of middle circulation and billing amount, can allow third party know transaction progress in real time, eliminate bank and lead to
The step for know, saves a large amount of financial resource and material resource it is achieved that the getting both of the security of network transmission system and application scalability.
In flow chart or here any process described otherwise above or method description are construed as, represent and include
The module of the code of executable instruction of one or more steps for realizing specific logical function or process, fragment or portion
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should be by the present invention
Embodiment person of ordinary skill in the field understood.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realizing.For example, if realized with hardware, and the same in another embodiment, can use well known in the art under
Any one of row technology or their combination are realizing: have the logic gates for data-signal is realized with logic function
Discrete logic, there is the special IC of suitable combinational logic gate circuit, programmable gate array (pga), scene
Programmable gate array (fpga) etc..
Those skilled in the art are appreciated that to realize all or part step that above-described embodiment method carries
Suddenly the program that can be by completes come the hardware to instruct correlation, and described program can be stored in a kind of computer-readable storage medium
In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, can be integrated in a processing module in each functional unit in each embodiment of the present invention it is also possible to
It is that unit is individually physically present it is also possible to two or more units are integrated in a module.Above-mentioned integrated mould
Block both can be to be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.Described integrated module is such as
Fruit using in the form of software function module realize and as independent production marketing or use when it is also possible to be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although embodiments of the invention have been shown and described above it is to be understood that above-described embodiment is example
Property it is impossible to be interpreted as limitation of the present invention, those of ordinary skill in the art is in the principle without departing from the present invention and objective
In the case of above-described embodiment can be changed within the scope of the invention, change, replace and modification.The scope of the present invention
By claims and its equivalent limit.
Claims (33)
1. a kind of operation requests processing method is it is characterised in that include:
Step a: background system server receives operation requests;
Step b: after described background system server receives described operation requests information, response is generated according to the first default level of confidentiality
Information, and described response message is sent to the network terminal;Wherein,
If the described first default level of confidentiality is the first level of confidentiality, described background system server generates described response message, and will
Described response message sends to the described network terminal, and described response message is sent to Third party system server;
If the described first default level of confidentiality is the second level of confidentiality, described background system server carries out school to the first data to be transmitted
Test calculating and generate the first check information, and described response message is sent to the described network terminal, and by described response message
Send to Third party system server;Wherein, described response message at least includes described first check information;
Step c: after the described network terminal receives described response message, feedback information is generated according to the second default level of confidentiality, and will
Described feedback information sends to described background system server;Wherein,
If the described second default level of confidentiality is the first level of confidentiality, the described network terminal generates described feedback information, and will be described anti-
Feedforward information sends to described background system server, and described feedback information is sent to described Third party system server;
If the described second default level of confidentiality is the 3rd level of confidentiality, the described network terminal is according to the encryption key in session key to the
Two data to be transmitted carry out calculating generation the second encryption information, and the second data to be transmitted is carried out with verification calculating generation second
Check information, receives and confirms instruction, and described feedback information is sent to described background system server;Wherein, described feedback
Information at least includes described second encryption information and described second check information;
If the described first default level of confidentiality is the second level of confidentiality, after the described network terminal receives described response message, also to institute
State response message to be verified, and after verifying that described response message passes through, execution generates according to the described second default level of confidentiality anti-
The step of feedforward information;
Step d: after described background system server receives described feedback information, execute described operation requests;Wherein,
If the described second default level of confidentiality is the 3rd level of confidentiality, after described background system server receives described feedback information,
Also described feedback information is verified, and after verifying that described feedback information passes through, execute described operation requests.
2. method according to claim 1 it is characterised in that
In described step b,
If the described first default level of confidentiality is the 3rd level of confidentiality, described background system server is close according to the encryption in session key
Key carries out to the first data to be transmitted calculating generation the first encryption information, and the first data to be transmitted is carried out with verification calculating life
Become the first check information, and described response message is sent to the described network terminal, wherein, described response message at least includes institute
State the first encryption information and described first check information;
In described step c,
If the described first default level of confidentiality is the 3rd level of confidentiality, after the described network terminal receives described response message, also to institute
State response message to be verified, and after verifying that described response message passes through, execution generates institute according to the described second default level of confidentiality
The step stating feedback information.
3. method according to claim 1 and 2 it is characterised in that
In described step c,
If the described second default level of confidentiality is the second level of confidentiality, the described network terminal carries out verification and calculates to the second data to be transmitted
Generate the second check information, and described feedback information is sent to described background system server, and by described feedback information
Send to Third party system server;Wherein, described feedback information at least includes the second check information;
In described step d,
If the described second default level of confidentiality is the second level of confidentiality, after described background system server receives described feedback information,
Also described feedback information is verified, and after verifying that described feedback information passes through, execute described operation requests.
4. method according to claim 1 and 2 is it is characterised in that in described step a: background system server receives behaviour
Before asking, methods described also includes:
The described network terminal sends logging request to described Third party system server, and is logged in, and after logining successfully,
Described Third party system server sends operation requests to described background system server;Or
The described network terminal sends logging request to described background system server, and is logged in, and after logining successfully, institute
State the network terminal and send operation requests to described background system server.
5. method according to claim 3 is it is characterised in that in described step a: background system server receives operation please
Before asking, methods described also includes:
The described network terminal sends logging request to described Third party system server, and is logged in, and after logining successfully,
Described Third party system server sends operation requests to described background system server;Or
The described network terminal sends logging request to described background system server, and is logged in, and after logining successfully, institute
State the network terminal and send operation requests to described background system server.
6. the method according to any one of claim 1,2 or 5 is it is characterised in that in described step a: background system service
Before device receives operation requests, methods described also includes:
The described network terminal generates the first link information, and wherein, described first link information at least includes: the first algorithm mark and
First random number;
The described network terminal sends described first link information to background system server;
After described background system server receives described first link information, judge whether to prop up according to described first algorithm mark
Hold described first algorithm, and after judging to support described first algorithm, and second calculation corresponding with described first algorithm is set
Method, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, background system service
Device certificate and the second random number;
Described background system server sends described second link information to the described network terminal;
After the described network terminal receives described second link information, legitimacy is carried out to described background system server certificate and tests
Card, and after being verified, generate shared master key, and according to described background system server certificate to described shared master key
It is encrypted, obtain the first ciphertext;
The described network terminal adopts the first random number, the described first algorithm mark and described second described in private key pair of safety means
Random number, described second algorithm mark are signed, and obtain signed data;
The described network terminal sends the 3rd link information to described background system server, wherein, described 3rd link information
At least include: the first ciphertext, signed data and safety certificate;
After described background system server receives described 3rd link information, legitimate verification is carried out to described safety certificate,
And after verifying that described safety certificate passes through, verify described signed data, and after verifying that described signed data passes through, decipher institute
State the first ciphertext and obtain shared master key;
Described background system server generates the first certification completion message, and it is complete to send described first certification to the described network terminal
Become message;
After the described network terminal receives described first certification completion message, described first certification completion message is verified,
And after being verified, generate the second certification completion message, and carry out calculating generation session key according to described shared master key;
Wherein, described session key at least includes: encryption key;
The described network terminal sends described second certification completion message to described background system server;
After described background system server receives described second certification completion message, described second certification completion message is carried out
Checking, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, described session key
At least include: encryption key.
7. method according to claim 3 is it is characterised in that in described step a: background system server receives operation please
Before asking, methods described also includes:
The described network terminal generates the first link information, and wherein, described first link information at least includes: the first algorithm mark and
First random number;
The described network terminal sends described first link information to background system server;
After described background system server receives described first link information, judge whether to prop up according to described first algorithm mark
Hold described first algorithm, and after judging to support described first algorithm, and second calculation corresponding with described first algorithm is set
Method, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, background system service
Device certificate and the second random number;
Described background system server sends described second link information to the described network terminal;
After the described network terminal receives described second link information, legitimacy is carried out to described background system server certificate and tests
Card, and after being verified, generate shared master key, and according to described background system server certificate to described shared master key
It is encrypted, obtain the first ciphertext;
The described network terminal adopts the first random number, the described first algorithm mark and described second described in private key pair of safety means
Random number, described second algorithm mark are signed, and obtain signed data;
The described network terminal sends the 3rd link information to described background system server, wherein, described 3rd link information
At least include: the first ciphertext, signed data and safety certificate;
After described background system server receives described 3rd link information, legitimate verification is carried out to described safety certificate,
And after verifying that described safety certificate passes through, verify described signed data, and after verifying that described signed data passes through, decipher institute
State the first ciphertext and obtain shared master key;
Described background system server generates the first certification completion message, and it is complete to send described first certification to the described network terminal
Become message;
After the described network terminal receives described first certification completion message, described first certification completion message is verified,
And after being verified, generate the second certification completion message, and carry out calculating generation session key according to described shared master key;
Wherein, described session key at least includes: encryption key;
The described network terminal sends described second certification completion message to described background system server;
After described background system server receives described second certification completion message, described second certification completion message is carried out
Checking, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, described session key
At least include: encryption key.
8. method according to claim 4 is it is characterised in that in described step a: background system server receives operation please
Before asking, methods described also includes:
The described network terminal generates the first link information, and wherein, described first link information at least includes: the first algorithm mark and
First random number;
The described network terminal sends described first link information to background system server;
After described background system server receives described first link information, judge whether to prop up according to described first algorithm mark
Hold described first algorithm, and after judging to support described first algorithm, and second calculation corresponding with described first algorithm is set
Method, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, background system service
Device certificate and the second random number;
Described background system server sends described second link information to the described network terminal;
After the described network terminal receives described second link information, legitimacy is carried out to described background system server certificate and tests
Card, and after being verified, generate shared master key, and according to described background system server certificate to described shared master key
It is encrypted, obtain the first ciphertext;
The described network terminal adopts the first random number, the described first algorithm mark and described second described in private key pair of safety means
Random number, described second algorithm mark are signed, and obtain signed data;
The described network terminal sends the 3rd link information to described background system server, wherein, described 3rd link information
At least include: the first ciphertext, signed data and safety certificate;
After described background system server receives described 3rd link information, legitimate verification is carried out to described safety certificate,
And after verifying that described safety certificate passes through, verify described signed data, and after verifying that described signed data passes through, decipher institute
State the first ciphertext and obtain shared master key;
Described background system server generates the first certification completion message, and it is complete to send described first certification to the described network terminal
Become message;
After the described network terminal receives described first certification completion message, described first certification completion message is verified,
And after being verified, generate the second certification completion message, and carry out calculating generation session key according to described shared master key;
Wherein, described session key at least includes: encryption key;
The described network terminal sends described second certification completion message to described background system server;
After described background system server receives described second certification completion message, described second certification completion message is carried out
Checking, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, described session key
At least include: encryption key.
9. the method according to any one of claim 1,2,5,7 or 8 is it is characterised in that described session key also includes:
Mac computation key;Described verification calculates and includes: using the mac computation key in described session key, data to be transmitted is carried out
Calculate.
10. method according to claim 3 is it is characterised in that described session key also includes: mac computation key;Described
Verification calculates and includes: using the mac computation key in described session key, data to be transmitted is calculated.
11. methods according to claim 4 are it is characterised in that described session key also includes: mac computation key;Described
Verification calculates and includes: using the mac computation key in described session key, data to be transmitted is calculated.
12. methods according to claim 6 are it is characterised in that described session key also includes: mac computation key;Described
Verification calculates and includes: using the mac computation key in described session key, data to be transmitted is calculated.
13. methods according to any one of claim 1,2,5,7,8,10,11 or 12 are it is characterised in that described master gage
Calculate and include: at least through hash algorithm, data to be transmitted is calculated.
14. methods according to claim 3 are it is characterised in that described verification calculates inclusion: at least through hash algorithm pair
Data to be transmitted is calculated.
15. methods according to claim 4 are it is characterised in that described verification calculates inclusion: at least through hash algorithm pair
Data to be transmitted is calculated.
16. methods according to claim 6 are it is characterised in that described verification calculates inclusion: at least through hash algorithm pair
Data to be transmitted is calculated.
17. methods according to claim 9 are it is characterised in that described verification calculates inclusion: at least through hash algorithm pair
Data to be transmitted is calculated.
A kind of 18. operation requests processing systems are it is characterised in that include: background system server, the network terminal and third party
System server;Wherein,
Described background system server, for receiving operation requests, after receiving described operation requests information, pre- according to first
If level of confidentiality generates response message, and described response message is sent to the described network terminal;Wherein,
If the described first default level of confidentiality is the first level of confidentiality, described background system server generates described response message, and will
Described response message sends to the described network terminal, and described response message is sent to described Third party system server;
If the described first default level of confidentiality is the second level of confidentiality, described background system server carries out school to the first data to be transmitted
Test calculating and generate the first check information, and described response message is sent to the described network terminal, and by described response message
Send to described Third party system server;Wherein, described response message at least includes described first check information;
The described network terminal, for, after receiving described response message, feedback information being generated according to the second default level of confidentiality, and will
Described feedback information sends to described background system server;Wherein,
If the described second default level of confidentiality is the first level of confidentiality, the described network terminal generates described feedback information, and will be described anti-
Feedforward information sends to described background system server, and described feedback information is sent to described Third party system server;
If the described second default level of confidentiality is the 3rd level of confidentiality, the described network terminal is according to the encryption key in session key to the
Two data to be transmitted carry out calculating generation the second encryption information, and the second data to be transmitted is carried out with verification calculating generation second
Check information, receives and confirms instruction, and described feedback information is sent to described background system server;Wherein, described feedback
Information at least includes described second encryption information and described second check information;
If the described first default level of confidentiality is the second level of confidentiality, after the described network terminal receives described response message, also to institute
State response message to be verified, and after verifying that described response message passes through, feedback letter is generated according to the described second default level of confidentiality
Breath;
Described background system server, is additionally operable to, after receiving described feedback information, execute described operation requests;Wherein,
If the described second default level of confidentiality is the 3rd level of confidentiality, after described background system server receives described feedback information,
Also described feedback information is verified, and after verifying that described feedback information passes through, execute described operation requests.
19. systems according to claim 18 it is characterised in that
If the described first default level of confidentiality is the 3rd level of confidentiality, described background system server is close according to the encryption in session key
Key carries out to the first data to be transmitted calculating generation the first encryption information, and the first data to be transmitted is carried out with verification calculating life
Become the first check information, and described response message is sent to the described network terminal, wherein, described response message at least includes institute
State the first encryption information and described first check information;
If the described first default level of confidentiality is the 3rd level of confidentiality, after the described network terminal receives described response message, also to institute
State response message to be verified, and after verifying that described response message passes through, generated according to the described second default level of confidentiality described anti-
Feedforward information.
20. systems according to claim 18 or 19 it is characterised in that
If the described second default level of confidentiality is the second level of confidentiality, the described network terminal carries out verification and calculates to the second data to be transmitted
Generate the second check information, and described feedback information is sent to described background system server, and by described feedback information
Send to Third party system server;Wherein, described feedback information at least includes the second check information;
If the described second default level of confidentiality is the second level of confidentiality, after described background system server receives described feedback information,
Also described feedback information is verified, and after verifying that described feedback information passes through, execute described operation requests.
21. systems according to claim 18 or 19 it is characterised in that
The described network terminal, is additionally operable to send logging request to described Third party system server, and is logged in, and is logging in
After success, described Third party system server sends operation requests to described background system server;Or
The described network terminal, is additionally operable to send logging request to described background system server, and is logged in, and logging in into
After work(, the described network terminal sends operation requests to described background system server.
22. systems according to claim 20 it is characterised in that
The described network terminal, is additionally operable to send logging request to described Third party system server, and is logged in, and is logging in
After success, described Third party system server sends operation requests to described background system server;Or
The described network terminal, is additionally operable to send logging request to described background system server, and is logged in, and logging in into
After work(, the described network terminal sends operation requests to described background system server.
23. systems according to any one of claim 18,19 or 22 are it is characterised in that platform system server in the rear
Before receiving operation requests,
The described network terminal, is additionally operable to generate the first link information, and wherein, described first link information at least includes: the first calculation
Method mark and the first random number, described first link information is sent to background system server;
Described background system server, is additionally operable to after receiving described first link information, according to described first algorithm mark
Judge whether to support described first algorithm, and after judging to support described first algorithm, and arrange and described first algorithm pair
The second algorithm answered, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, after
Platform system server certificate and the second random number, described second link information is sent to the described network terminal;
The described network terminal, is additionally operable to, after receiving described second link information, described background system server certificate be entered
Row legitimate verification, and after being verified, generate shared master key, and according to described background system server certificate to described
Shared master key is encrypted, and obtains the first ciphertext, using the first random number, described first calculation described in the private key pair of safety means
Method mark and described second random number, described second algorithm mark are signed, and obtain signed data, the 3rd link information is sent out
Deliver to described background system server, wherein, described 3rd link information at least includes: the first ciphertext, signed data and peace
Full certificate;
Described background system server, is additionally operable to, after receiving described 3rd link information, described safety certificate be closed
Method is verified, and after verifying that described safety certificate passes through, verifies described signed data, and passes through in the described signed data of checking
Afterwards, described first ciphertext of deciphering obtains shared master key, generates the first certification completion message, and sends institute to the described network terminal
State the first certification completion message;
The described network terminal, is additionally operable to after receiving described first certification completion message, to described first certification completion message
Verified, and after being verified, generated the second certification completion message, and carry out calculating generation according to described shared master key
Session key;Wherein, described session key at least includes: encryption key, and described second certification completion message is sent to described
Background system server;
Described background system server, is additionally operable to after receiving described second certification completion message, complete to described second certification
Become message to be verified, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, institute
State session key at least to include: encryption key.
24. systems according to claim 20 it is characterised in that in the rear platform system server receive operation requests it
Before,
The described network terminal, is additionally operable to generate the first link information, and wherein, described first link information at least includes: the first calculation
Method mark and the first random number, described first link information is sent to background system server;
Described background system server, is additionally operable to after receiving described first link information, according to described first algorithm mark
Judge whether to support described first algorithm, and after judging to support described first algorithm, and arrange and described first algorithm pair
The second algorithm answered, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, after
Platform system server certificate and the second random number, described second link information is sent to the described network terminal;
The described network terminal, is additionally operable to, after receiving described second link information, described background system server certificate be entered
Row legitimate verification, and after being verified, generate shared master key, and according to described background system server certificate to described
Shared master key is encrypted, and obtains the first ciphertext, using the first random number, described first calculation described in the private key pair of safety means
Method mark and described second random number, described second algorithm mark are signed, and obtain signed data, the 3rd link information is sent out
Deliver to described background system server, wherein, described 3rd link information at least includes: the first ciphertext, signed data and peace
Full certificate;
Described background system server, is additionally operable to, after receiving described 3rd link information, described safety certificate be closed
Method is verified, and after verifying that described safety certificate passes through, verifies described signed data, and passes through in the described signed data of checking
Afterwards, described first ciphertext of deciphering obtains shared master key, generates the first certification completion message, and sends institute to the described network terminal
State the first certification completion message;
The described network terminal, is additionally operable to after receiving described first certification completion message, to described first certification completion message
Verified, and after being verified, generated the second certification completion message, and carry out calculating generation according to described shared master key
Session key;Wherein, described session key at least includes: encryption key, and described second certification completion message is sent to described
Background system server;
Described background system server, is additionally operable to after receiving described second certification completion message, complete to described second certification
Become message to be verified, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, institute
State session key at least to include: encryption key.
25. systems according to claim 21 it is characterised in that in the rear platform system server receive operation requests it
Before,
The described network terminal, is additionally operable to generate the first link information, and wherein, described first link information at least includes: the first calculation
Method mark and the first random number, described first link information is sent to background system server;
Described background system server, is additionally operable to after receiving described first link information, according to described first algorithm mark
Judge whether to support described first algorithm, and after judging to support described first algorithm, and arrange and described first algorithm pair
The second algorithm answered, and generate the second link information, wherein, described second link information at least includes: the second algorithm mark, after
Platform system server certificate and the second random number, described second link information is sent to the described network terminal;
The described network terminal, is additionally operable to, after receiving described second link information, described background system server certificate be entered
Row legitimate verification, and after being verified, generate shared master key, and according to described background system server certificate to described
Shared master key is encrypted, and obtains the first ciphertext, using the first random number, described first calculation described in the private key pair of safety means
Method mark and described second random number, described second algorithm mark are signed, and obtain signed data, the 3rd link information is sent out
Deliver to described background system server, wherein, described 3rd link information at least includes: the first ciphertext, signed data and peace
Full certificate;
Described background system server, is additionally operable to, after receiving described 3rd link information, described safety certificate be closed
Method is verified, and after verifying that described safety certificate passes through, verifies described signed data, and passes through in the described signed data of checking
Afterwards, described first ciphertext of deciphering obtains shared master key, generates the first certification completion message, and sends institute to the described network terminal
State the first certification completion message;
The described network terminal, is additionally operable to after receiving described first certification completion message, to described first certification completion message
Verified, and after being verified, generated the second certification completion message, and carry out calculating generation according to described shared master key
Session key;Wherein, described session key at least includes: encryption key, and described second certification completion message is sent to described
Background system server;
Described background system server, is additionally operable to after receiving described second certification completion message, complete to described second certification
Become message to be verified, and after being verified, carry out calculating generation session key according to described shared master key;Wherein, institute
State session key at least to include: encryption key.
26. systems according to any one of claim 18,19,22,24 or 25 it is characterised in that described session key also
Including: mac computation key;Described verification calculates and includes: using the mac computation key in described session key to data to be transmitted
Calculated.
27. systems according to claim 20 are it is characterised in that described session key also includes: mac computation key;Institute
State verification and calculate and include: using the mac computation key in described session key, data to be transmitted is calculated.
28. systems according to claim 21 are it is characterised in that described session key also includes: mac computation key;Institute
State verification and calculate and include: using the mac computation key in described session key, data to be transmitted is calculated.
29. systems according to claim 23 are it is characterised in that described session key also includes: mac computation key;Institute
State verification and calculate and include: using the mac computation key in described session key, data to be transmitted is calculated.
30. systems according to claim 18,19,22,24,25 or any one of 27-29 are it is characterised in that described verification
Calculate and include: at least through hash algorithm, data to be transmitted is calculated.
31. systems according to claim 20 are it is characterised in that described verification calculates inclusion: at least through hash algorithm
Data to be transmitted is calculated.
32. systems according to claim 23 are it is characterised in that described verification calculates inclusion: at least through hash algorithm
Data to be transmitted is calculated.
33. systems according to claim 26 are it is characterised in that described verification calculates inclusion: at least through hash algorithm
Data to be transmitted is calculated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410003491.5A CN103716328B (en) | 2014-01-03 | 2014-01-03 | Operation request processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410003491.5A CN103716328B (en) | 2014-01-03 | 2014-01-03 | Operation request processing method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103716328A CN103716328A (en) | 2014-04-09 |
| CN103716328B true CN103716328B (en) | 2017-01-25 |
Family
ID=50408908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410003491.5A Active CN103716328B (en) | 2014-01-03 | 2014-01-03 | Operation request processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103716328B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714308A (en) * | 2018-08-20 | 2019-05-03 | 平安普惠企业管理有限公司 | The monitoring method of data, device, equipment and readable storage medium storing program for executing in the network architecture |
| CN111600854B (en) * | 2020-04-29 | 2022-03-08 | 北京智芯微电子科技有限公司 | Method for establishing security channel between intelligent terminal and server |
| CN116155963B (en) * | 2023-02-27 | 2024-02-06 | 中国石油天然气集团有限公司 | Drilling well site control system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101246575A (en) * | 2008-01-31 | 2008-08-20 | 戚永德 | Credit buyer non-forced performance security post-paying transaction system and method |
| CN101286841A (en) * | 2008-05-26 | 2008-10-15 | 北京盖博瑞尔科技发展有限公司 | Data encryption and transmission method for RFID device |
| CN101764798A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety management system and method based on client terminal |
| CN102711101A (en) * | 2012-04-28 | 2012-10-03 | 大唐微电子技术有限公司 | Method and system for realizing distribution of smart cards |
| US8412838B1 (en) * | 2002-02-11 | 2013-04-02 | Extreme Networks | Method of and system for analyzing the content of resource requests |
-
2014
- 2014-01-03 CN CN201410003491.5A patent/CN103716328B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8412838B1 (en) * | 2002-02-11 | 2013-04-02 | Extreme Networks | Method of and system for analyzing the content of resource requests |
| CN101246575A (en) * | 2008-01-31 | 2008-08-20 | 戚永德 | Credit buyer non-forced performance security post-paying transaction system and method |
| CN101286841A (en) * | 2008-05-26 | 2008-10-15 | 北京盖博瑞尔科技发展有限公司 | Data encryption and transmission method for RFID device |
| CN101764798A (en) * | 2009-07-01 | 2010-06-30 | 北京华胜天成科技股份有限公司 | Safety management system and method based on client terminal |
| CN102711101A (en) * | 2012-04-28 | 2012-10-03 | 大唐微电子技术有限公司 | Method and system for realizing distribution of smart cards |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103716328A (en) | 2014-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103729940B (en) | A kind of main cipher key T MK method for safely downloading of terminal and system | |
| CN103714642B (en) | Key downloading method, management method, downloading management method and device and system | |
| CN103269271B (en) | A kind of back up the method and system of private key in electronic signature token | |
| CN103326862B (en) | Electronically signing method and system | |
| CN106656510A (en) | Encryption key acquisition method and system | |
| CN108234115A (en) | The verification method of information security, device and system | |
| CN103116847B (en) | Smart card, intelligent card transaction system and method with electronic signature functionality | |
| CN107358441A (en) | Method, system and the mobile device and safety certificate equipment of payment verification | |
| CN102239714B (en) | The safety communicating method of mobile financial business and device thereof based on application layer | |
| CN105897721B (en) | Verify the method and device of fiscard user identity reliability | |
| CN107248075A (en) | A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction | |
| CN108964922A (en) | mobile terminal token activation method, terminal device and server | |
| CN107135070A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
| CN104967612A (en) | Data encryption storage method, server and system | |
| CN110677261B (en) | Trusted two-dimensional code generation method and device, electronic equipment and storage medium | |
| CN107888379A (en) | A kind of method of secure connection, POS terminal and code keypad | |
| CN105162607A (en) | Authentication method and system of payment bill voucher | |
| CN105407467B (en) | Method for encrypting short message, device and system | |
| CN103944724A (en) | User identity identification card | |
| CN104462949A (en) | Method and device for calling plug-in | |
| CN110366183A (en) | Short message safety protecting method and device | |
| CN107994995A (en) | A kind of method of commerce, system and the terminal device of lower security medium | |
| CN106712939A (en) | Offline key transmission method and device | |
| CN107104795A (en) | Method for implanting, framework and the system of RSA key pair and certificate | |
| CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1192670 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1192670 Country of ref document: HK |