CN106339939B - Non-tamper-able distributed bill system based on secure hardware and transaction processing method - Google Patents
Non-tamper-able distributed bill system based on secure hardware and transaction processing method Download PDFInfo
- Publication number
- CN106339939B CN106339939B CN201610736004.5A CN201610736004A CN106339939B CN 106339939 B CN106339939 B CN 106339939B CN 201610736004 A CN201610736004 A CN 201610736004A CN 106339939 B CN106339939 B CN 106339939B
- Authority
- CN
- China
- Prior art keywords
- transaction
- bill
- hardware
- bill unit
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Technology Law (AREA)
- Strategic Management (AREA)
- Marketing (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a non-tampering distributed bill system based on secure hardware and a transaction processing method, wherein the system comprises: the bill unit module is stored in the safety hardware and used for storing at least one bill unit in a data structure form; the access module is used for receiving the transaction request of the service system and returning a response result to the service system; the transaction maintenance module is used for processing the bill unit in the bill unit module after receiving the transaction request so as to update and generate a new bill unit, and returning the new bill unit as a response result to the service system after the new bill unit is encrypted; the encryption key is generated by adopting a key derivation mechanism based on a secure hardware initialization preset algorithm. The secret key of the bill unit in the secure hardware realizes data encryption and non-repudiation/non-tampering of data operation in the transaction process, and all transactions are managed under centralized supervision, so that the uniqueness, authority and security of transaction bottom layer data processing are ensured.
Description
Technical Field
The invention relates to the field of financial transaction control, in particular to a non-tamper-able distributed bill system based on secure hardware and a transaction processing method.
Background
The popularity of the internet, and in particular the mobile internet, has brought the subversion of the digital revolution to various traditional industries. Examples of these large variations are: the retail industry is subverted by network providers, the communication industry is subverted by social applications, and the IT industry is subverted by cloud computing. In the financial field, the retail payment industry is also subverted by the huge consumption network system of the network merchant and social type. One of the most important commonalities is that the traditional industry is subverted by cross-industry technology in terms of efficiency, customer service, etc.
The banking system, which is the main financial entity of the country, is also in the early night of a storm. However, in some variations from the previously described reversal cases, which were essentially summarized after the traditional industry was reversed, the reversed industry did not recognize the reversal at that time or did not anticipate the speed and severity of the reversal until it was recognized that it was completely reversed. Before a storm that the traditional financial system is subverted, the central rows in the world, banks and various financial institutions all embrace the cross-industry concepts such as distributed bills, block chains and the like unconditionally at the first time, and hopefully, the concept of the revolution can be guided in the subversion process.
Cross-industry technologies such as information security and big data are considered as the most promising technologies to subvert the current financial system, but the revolution will be the revolution of eliminating the central bank and the intermediary and supervision functions of the bank, like the bit bank hurry a few years ago, or a tool which can be used to improve the functions? The latter is obviously considered by the central lines and the banks of the world. However, so far, how to effectively apply technologies such as information security and distributed bills to promote the reform of financial systems is still in the stages of theoretical concepts and sandbox deduction in most financial institutions such as central banks and banks. Many of these attempts have focused on improving the efficiency of current payment systems, such as the T +2 problem of settlement, the certification problem of assets, but have not reached the root of financial technology.
In the prior art, the following electronic transaction modes exist in the field of financial transactions:
electronic money: electronic Money is a Money value stored electronically (including magnetic stripe) and representing a request right to an issuer, and is issued by the issuer after receiving funds for payment, accepted by other natural persons or legal persons except the issuer, and is issued at a flat price and redeemed at a flat price.
Electronic invoice: the electronic invoice is a product of an information era, is used by merchants in a form of uniform distribution of a tax bureau like a common invoice, adopts national uniform coding for invoice numbers, adopts a uniform anti-counterfeiting technology and is distributed to the merchants, and a signature mechanism of the electronic tax bureau is attached to the electronic invoice.
Payment wallet: the mobile payment platform integrates a plurality of bank cards for users, and avoids complicated procedures of butt joint of banks in the payment process; the system is an individual independent of buyers and sellers, provides transaction information and guarantee of transaction funds for both parties, has strong development, and can be used for fund payment of credit cards, account transfer, telephone charge, water and electricity payment, taxi taking and the like.
However, the prior art has the following defects:
1) there is a risk of liquidity, electronic money may be suddenly demanded, and an issuing organization of electronic money may not keep a conventional money preparation of an equal amount for redeeming the electronic money, which may cause a liquidity crisis to occur to an electronic banking service organization.
2) Electronic money and electronic invoices can only be anti-counterfeit by means of encryption digital signatures and the like. If the key technology and data are mastered, the massive emergence of counterfeit currency and invoices will bring significant losses to the issuing organization.
3) The formation of the internet scheme can effectively monitor the payment of the third party, but needs to relate to each transaction, does not utilize the function of the existing business system of the bank, and does not solve the problem finally.
4) Although the current financial systems have a high degree of digitization, most of the financial data, including payment and settlement, must be certified for completeness and validity by means of post-audit. The method is very weak under the large data and the emerging internet financial innovation system. Not only the financial data based on payment itself is not complete and manageable, but also the derivative bills of invoices and taxes, etc. which must be based on complete and correct payment data, will not be complete and manageable. That is, there will be an increasing gap between the emerging financial technology (FinTech) and regulatory agencies (central, tax, foreign exchange management, etc.). The supervising functional organization and the backward auditing process do not catch up with the changes brought by financial science and technology innovation.
In addition, as a blockchain of bitcoin underlying technologies, some other applications have been gradually started, especially in the financial field. The block chain (Blockchain) refers to a technical scheme for collectively maintaining a reliable database in a decentralized and distrust-free mode, but due to the decentralized distributed characteristic, the functions of a central supervision mechanism cannot be exerted, so that the application of the block chain is limited; due to a multiple confirmation mechanism of the transaction records, the confirmation efficiency is low, and the quick payment application cannot be adapted; meanwhile, the transaction records are stored in a split-type distribution mode, so that transaction data are stored in multiple modes, and resources are wasted.
Disclosure of Invention
The invention provides a non-falsifiable distributed bill system based on secure hardware and a transaction processing method, and aims to solve the technical problem that asset supervision and maintenance of an existing financial system are to be improved.
The technical scheme adopted by the invention is as follows:
according to one aspect of the invention, a secure hardware-based non-tamperable distributed billing system is provided as an underlying system of a centrally supervised asset management system for interacting with a business system to respond to data processing requests of a business layer and generate transaction records; a secure hardware-based non-tamperproof distributed billing system comprising:
the system comprises a safety hardware, a bill unit module, a data processing module and a data processing module, wherein the bill unit module is stored in the safety hardware and used for storing at least one bill unit in a data structure form, and the bill unit is used for representing a numerical value corresponding to a service attribute of a service system so as to meet the transaction settlement requirement;
the access module is used as an access interface for data interaction with the service system hardware, and is used for receiving the transaction request of the service system and returning the response result to the service system;
the transaction maintenance module is used for processing the bill unit in the bill unit module after receiving the transaction request so as to update and generate a new bill unit, and returning the new bill unit as a response result to the service system after being encrypted so as to form corresponding mirror image data; the encryption key is generated by adopting a key derivation mechanism based on a secure hardware initialization preset algorithm.
Furthermore, the number of the secure hardware is multiple, corresponding to different levels of the asset management system with centralized supervision, one or more bill units are correspondingly stored on each secure hardware, the secure hardware is uniformly initialized by a main authority with centralized supervision, a master key in the key derivation mechanism is kept by the main authority, and a key pool in the secure hardware of the next level is subordinate to a key pool in the secure hardware of the previous level.
Further, the data structure of the billing unit includes at least: the system comprises a serial number, an access address, a number and a secret key, wherein the serial number is a dynamic ID used for identifying the corresponding transaction dynamic state of a bill unit, the access address is a unique access ID used for identifying the bill unit, the number is used for representing a numerical value corresponding to the service attribute of a service system, and the secret key is dynamically updated by security hardware based on an initialized preset algorithm.
Further, the transaction maintenance module includes:
the identity authentication submodule is used for encrypting the transaction request corresponding to the local bill unit by the key and then sending the transaction request to the security hardware corresponding to the previous level for identity authentication and carrying out identity authentication on the encrypted transaction request sent by the next level;
the transaction processing submodule is used for processing the transaction request according to the identity verification result of the previous level and updating and generating a new bill unit;
and the receipt generation submodule is used for encrypting the new bill unit and returning the encrypted bill unit as a response result to the service system.
Further, the non-tamper-able distributed billing system based on secure hardware of the present invention further comprises:
and the transaction recording module is used for generating bill information which at least represents the transaction processing record corresponding to the bill unit update according to the received transaction request.
Further, the non-tamper-able distributed billing system based on secure hardware of the present invention further comprises:
and the cloud data storage platform is used for receiving and storing the bill information generated by the transaction recording module.
Further, the non-tamper-able distributed billing system based on secure hardware of the present invention further comprises:
and the export module is used for exporting the bill units stored in the bill unit module to a third-party service system after being encrypted by the corresponding keys.
According to another aspect of the invention, an asset transaction processing method is further provided, wherein based on the above-mentioned secure hardware-based non-tamper-able distributed billing system, the distributed billing system is used as an underlying system for responding to a transaction request of a business system, and performs synchronous update on billing units involved in a transaction.
Further, the asset transaction processing method of the present invention further comprises:
and exporting the bill units in the security hardware to a third-party service system for signature of the third-party service system, so as to realize transaction supervision of two or more supervision authorities based on the same security hardware.
Furthermore, the asset management system corresponding to the asset transaction of the invention is a bank system, a tax system, a security system and an electronic data exchange system in an enterprise.
The invention has the following beneficial effects:
the invention relates to a non-falsifiable distributed bill system based on secure hardware and a transaction processing method, wherein a bill unit is stored in the secure hardware, a transaction request from a service layer is responded through updating of the bill unit in the secure hardware, transaction circulation is realized, the updated bill unit is encrypted through a secret key in the secure hardware and then returned to the service system, the secret key in the secure hardware is generated by an initialized preset algorithm through a secret key derivation mechanism, so that the secret key of the bill unit in the secure hardware realizes non-repudiation/non-falsification of data encryption and data operation in the transaction process, and all transactions are managed under centralized supervision, so that the uniqueness, authority and safety of data processing at the bottom of the transaction are ensured, in addition, the non-falsifiable distributed bill system does not need to change the existing service layer transaction system, and only needs to directly connect the secure hardware with the service system hardware or connect the secure hardware with the service system hardware through a network, the safety hardware where the bill unit is located exists in a background mode, and the bill unit responds to the transaction of the business system, so that the bill unit is good in compatibility and convenient to popularize and apply.
In addition to the objects, features and advantages described above, other objects, features and advantages of the present invention are also provided. The present invention will be described in further detail below with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic block diagram of a preferred embodiment of the secure hardware-based non-tamperproof distributed billing system of the present invention;
FIG. 2 is a schematic diagram of the structure of a billing unit in accordance with a preferred embodiment of the present invention;
figure 3 is a schematic diagram of a preferred embodiment of a central row billing unit configuration of the present invention;
figure 4 is a schematic diagram of a central row billing unit update configuration in accordance with a preferred embodiment of the present invention;
fig. 5 is a schematic diagram of a bill unit structure of each bank after a central bank distributes a plurality of banks according to a preferred embodiment of the present invention;
FIG. 6 is a schematic diagram of the structure of a new bill unit after bank A makes an account in the preferred embodiment of the present invention;
FIG. 7 is a schematic diagram of the structure of a new bill unit after an account is made by bank B in the preferred embodiment of the present invention;
FIG. 8 is a schematic diagram of the bill unit structure of the bank C in the preferred embodiment of the present invention;
FIG. 9 is a schematic diagram of a bill unit for transferring money with a bank in a preferred embodiment of the present invention;
FIG. 10 is a schematic diagram of a billing unit structure for cross bank transfers in a preferred embodiment of the invention;
FIG. 11 is a second schematic diagram of the structure of the billing unit for transfer across lines in the preferred embodiment of the invention;
FIG. 12 is a schematic diagram of the structure of a transaction maintenance module in a preferred embodiment of the invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to reduce the high cost caused by the conventional paper money issuing and circulation and avoid the market confusion caused by the circulation of counterfeit money and the illegal behaviors of money laundering, tax evasion and the like which cannot be avoided by the conventional bank supervision system, the embodiment of the invention provides a non-falsification distributed bill system based on safety hardware, which is used as a bottom layer system of an asset management system for centralized supervision and is used for interacting with a business system to respond to a data processing request of a business layer and generate a transaction record; referring to fig. 1, the non-tamper-able distributed billing system based on secure hardware of the present embodiment includes:
a billing unit module 100 stored in the security hardware for storing at least one billing unit in a data structure, the billing unit being configured to characterize a value corresponding to a business attribute of the business system to satisfy a transaction settlement requirement;
the access module 200 is used as an access interface for data interaction with the service system hardware, and is used for receiving the transaction request of the service system and returning the response result to the service system;
the transaction maintenance module 300 is configured to process the bill units in the bill unit module after receiving the transaction request to update and generate a new bill unit, and return the new bill unit as a response result to the service system after being encrypted to form corresponding mirror image data; the encryption key is generated by adopting a key derivation mechanism based on a secure hardware initialization preset algorithm.
In this embodiment, the asset management system for centralized supervision is described by taking a bank system as an example, where the bank system includes a chinese people bank (hereinafter, referred to as a central bank) as a centralized supervision mechanism, and a plurality of commercial banks under supervision of the central bank, and each commercial bank is divided into a branch bank and a branch bank from top to bottom according to a hierarchical relationship to form a multi-level architecture system for centralized supervision.
The secure Hardware (HSM) involved in this embodiment is a dedicated crypto processor designed specifically to protect the crypto key lifecycle. The secure hardware module securely manages, processes and stores the encryption key in a reliable and tamper-resistant device, provides protection for transactions, identity data and applications by providing a protected encryption key for a wide range of applications and configuring encryption, decryption, identity authentication and digital signature services, is commonly known as an encryption machine in the industry, and details of the hardware structure and specific composition thereof are not described herein.
In this embodiment, the number of the secure hardware is multiple, which corresponds to different levels of the asset management system with centralized supervision, one or more bill units are correspondingly stored on each secure hardware, the secure hardware is uniformly initialized by a main authority with centralized supervision, a master key in a key derivation mechanism is maintained by the main authority, a key pool in the secure hardware of the next level is subordinate to a key pool in the secure hardware of the previous level, a hierarchical distributed structure based on centralized supervision is formed, and data of related transactions are stored in a multi-level supervision and operation system.
In this embodiment, referring to fig. 2, the data structure of the billing unit at least includes: the system comprises a serial number, an access address, a quantity and a secret key, wherein the serial number is a dynamic ID used for identifying the corresponding transaction dynamic state of a bill unit; the access address is a unique access ID for identifying the billing unit; the amount is used to represent a value corresponding to a business attribute of a business system, for example, the value represents an amount corresponding to currency in a banking system, the value represents an amount of stock in a stock exchange system, and the value represents a tax amount in a tax system, which is only an example and is not limited herein; the keys are dynamically updated by the secure hardware based on an initialized provisioning algorithm, derived from the issuer's master key.
The basic operation of the billing unit stored in the secure hardware of this embodiment is as follows:
a) the payment transfer of the specific digital assets can be carried out between different bill units (which can be in the same safety hardware or between safety hardware at different physical positions), the related transfer is synchronously carried out between the two bill units, and the number of the two bill units is synchronously increased and decreased, so that the total amount before and after the asset transfer is ensured to be unchanged;
b) the asset transfer operation is carried out after the integrity of the bill unit data and the identity authenticity of both parties of the transaction are carried out;
c) the above related transfer operations and data encryption (calculation) are all performed in secure hardware.
The following takes digital currency as an example, and is exemplified by combining the non-tampering distributed billing system of the embodiment:
for example, if a central bank issued 100-dollar digital currency, a billing unit is created in the HSM security hardware as shown in fig. 3.
The central supervision organization allocates a key pool to the HSM corresponding to the central row, the key 1 is generated from the key pool, and the key is automatically generated and allocated in the HSM hardware, and the algorithm of the key is automatically initialized and set by the authority, wherein any algorithm of digital signatures is supported, including symmetric or asymmetric signatures, Mask Authentication Code (MAC), and the like.
1. There are three commercial banks under the central row, which are allocated to the a bank 40, the B bank 30 and the C bank 20, after receiving the command from the business layer, the interface between the HSM and the central row will receive a command, the bill unit in the HSM security hardware in the background of the central row will be updated, the bill unit corresponding to the updated central row is as shown in fig. 4, where the secret key 2 is a sub-secret key reallocated from the secret key pool of the central row, and the bill unit of the original secret key 1 is updated. And the key pools of the central row are distributed to three corresponding key pools of three banks: a bank A key pool, a bank B key pool and a bank C key pool.
Meanwhile, the billing system of the embodiment updates the billing unit according to payment information (information transferred to three banks respectively) returned by the banks, the new billing unit data is encrypted into a string of character strings and returned to the banking system, after the bank verifies, corresponding mirror image data (balance) is formed in the business layer, and the HSM uploads a payment instruction (three simple billing information, such as 100-40, 60-30, and 30-20) to the cloud device. The specific operation process is as follows:
(1) the business layer changes the digital monetary value of each account on HSM hardware through API uplink instruction (bill unit update);
(2) the HSM sends an encrypted digital currency document (namely a string of character strings of serial number + address + number + unit and then encrypted by a secret key) to the payment system through an API downlink instruction;
(3) and the HSM transmits the payment instruction (simple bill information) to a remote cloud data center for storage.
Then, the bill units in the HSM security hardware of the three bank backgrounds are also synchronously and correspondingly generated, as shown in fig. 5, where the key 3 is randomly allocated to the bank a key pool, the key 4 is randomly allocated to the bank B key pool, and so on.
2. Suppose that bank A has two clients 1 and 2 to open an account, client 1 stores 25 yuan, and client 2 stores 10 yuan; the bank B has made an account of the client 3, the client 3 has stored 17, the billing units corresponding to the three banks will be updated according to the transaction request of the business layer, wherein the updated structure of the billing unit of the bank A is shown in FIG. 6, wherein the keys 6, 7 and 8 are randomly allocated in the key pool of the bank A, the billing unit corresponding to the original key 3 is updated, and similarly, the HSM also generates corresponding simple billing information and uploads the information to the cloud device; the updated structure of the bill unit of the bank B is shown in fig. 7, where the keys 9 and 10 are randomly allocated in the key pool of the bank B, the bill unit corresponding to the original key 4 is updated, and similarly, the HSM also generates corresponding simple bill information and uploads the bill information to the cloud device; the bill unit of bank C remains unchanged and the structure is shown in fig. 8.
3. Transferring accounts with the bank:
client 1 transfers 6 yuan to client 2, at this time, the structure of the changed bill unit of bank a is shown in fig. 9, the bill unit corresponding to the previous secret keys 7 and 8 is updated, and meanwhile, simple bill information (25-6,10+6) is sent to the cloud device, and other bill units are not changed.
4. Transferring accounts across lines:
customer 1 transfers 4 dollars to customer 3, and the changed structure of the bill unit of bank a is shown in fig. 10, and the changed structure of the bill unit of bank B is shown in fig. 11. The bill unit corresponding to the secret key 11 is updated, and meanwhile, a simple bill message (19-4) is sent to the cloud device; the billing unit corresponding to the key 10 is updated before, and a simple billing message (17+4) is sent to the cloud device.
In the distributed billing system provided by this embodiment, the digital currency is stored in the HSM hardware in the form of a data structure, and has uniqueness, and in this embodiment, the existing financial payment system does not need to be changed, and after the HSM is accessed to the financial system, the amount displayed in the financial system is a mirror image, and all transactions need to be verified online. The embodiment is essentially different from the blockchain technology of the bitcoin, the blockchain is dispersed, when a new transaction is generated, all participating nodes of the whole network need to be verified, and each node needs to use a data structure of the blockchain.
Specifically, referring to fig. 12, the transaction maintenance module 300 of the present embodiment includes:
the identity authentication sub-module 310 is configured to encrypt the transaction request corresponding to the local bill unit with a key and send the encrypted transaction request to the security hardware corresponding to the previous level for identity authentication, and authenticate the encrypted transaction request sent from the next level;
the transaction processing submodule 320 is used for processing the transaction request according to the authentication result of the previous level, and updating and generating a new bill unit;
and the receipt generation submodule 330 is configured to encrypt the new bill unit and return the encrypted bill unit to the service system as a response result.
In the implementation of this embodiment, each secure hardware is initialized by a master authority, including various encryption and decryption algorithms, initial parameters, and the like, after the transaction requirements of the service layer are preprocessed by the service system, a transaction request instruction is generated to the secure hardware corresponding to the bottom layer, key derivation required for the transaction, encryption and decryption of transaction data, authentication of transaction messages, and payment transfer in the transaction (i.e., rewriting of data values, such as that numerical values in bill units are conventionally readable and unwritable, and the data can be written on the premise of identity authentication, so as to implement addition and subtraction of quantity attributes in different bill units), and an execution result is returned to the service layer. The security mechanisms of the business layer are implemented by the business system or organization and are not within the scope of the present invention. The safety hardware of the embodiment implements identity authentication on the transaction request through the identity authentication sub-module 310, so that the transaction flow is performed after online authentication, and the HSM of the upper layer returns after being digitally signed by the corresponding key of the HSM, so as to ensure the reliability and non-repudiation of supervision; the transaction processing submodule 320 rewrites and updates the bill unit to generate a new bill unit according to the instruction returned from the previous layer, where rewriting of the numerical value, updating of the serial number by the incremental algorithm, and updating of the secret key are included; the receipt generation sub-module 330 generates a character string after the new bill unit is encrypted by using the key, and returns the character string to the service system, so as to form corresponding mirror image data on the service layer.
Preferably, the non-tamper-able distributed billing system based on secure hardware of this embodiment further includes:
and the transaction recording module is used for generating bill information which at least represents the transaction processing record corresponding to the bill unit update according to the received transaction request. Preferably, the billing information is returned to the business system with the response result to form a transaction integrity record at the business layer. More preferably, the non-tamper-able distributed billing system based on secure hardware of this embodiment further includes: the cloud data storage platform receives and stores the bill information generated by the transaction record module so as to store and backup the transaction record at the cloud end, thereby facilitating subsequent query.
Preferably, the non-tamper-able distributed billing system based on secure hardware of this embodiment further includes:
and the export module is used for exporting the bill units stored in the bill unit module to a third-party service system after being encrypted by the corresponding keys. The data of the bill unit in the HSM is encrypted into a single character string which is used as the identification of the third-party digital asset payment system, and then the docking with the existing or future third-party digital asset payment system (such as a gift wallet) is realized. Preferably, the bill unit character string derived from the HSM (host security module) can be stored in the terminal device (mobile phone, computer, etc.) and the financial technology platform (e-wallet, tax system, etc.), and the character string can be verified on line at any time.
In this embodiment, the derivation algorithm of the key in the secure hardware is designed by the issuer, for example, derived from the main key of the authority such as the central office, the tax bureau, etc., the derivation algorithm is executed in the HSM and generates a specific key, the key does not go out of the HSM, and the security of the key and the data encrypted by the key is ensured. And the data block is derived from the HSM as a string, encrypting the string, ensuring the integrity and verifiability of the string on behalf of the billing unit, and data confidentiality during the transaction.
The invention relates to a non-falsification distributed bill system based on secure hardware, which stores a bill unit in the secure hardware, responds a transaction request from a service layer by updating the bill unit in the secure hardware, realizes transaction circulation, returns the updated bill unit to the service system after encryption processing of a secret key in the secure hardware, generates the secret key in the secure hardware by an initialized preset algorithm by adopting a secret key derivation mechanism, ensures that the secret key of the bill unit in the secure hardware realizes non-repudiation/non-falsification of data encryption and data operation in the transaction process, ensures the uniqueness, authority and safety of data processing of a transaction bottom layer under the management of centralized supervision, and in addition, the non-falsification distributed bill system of the invention does not need to change the existing service layer transaction system, only needs to directly connect the secure hardware with the service system hardware or connect the secure hardware with the service system hardware through a network, the safety hardware where the bill unit is located exists in a background mode, and the bill unit responds to the transaction of the business system, so that the bill unit is good in compatibility and convenient to popularize and apply.
According to another aspect of the present invention, there is also provided an asset transaction processing method, based on the foregoing secure hardware-based non-tamper-able distributed billing system, the distributed billing system is used as an underlying system for responding to a transaction request of a business system, and performs synchronous update on billing units involved in a transaction.
The asset transaction processing method of the embodiment further comprises the following steps:
and exporting the bill units in the security hardware to a third-party service system for signature of the third-party service system, so as to realize transaction supervision of two or more supervision authorities based on the same security hardware. Namely, the key management functions of two monitoring authorities (such as money and tax) can be realized on the same safety hardware device, and the management and control strategy and the device initialization setting are set and controlled by the authority by self, so that the data can not be tampered.
It should be noted that: the embodiment of the present invention is an example of digital currency, which is only for convenience of understanding and does not limit the scope of the claims of the present application, and the distributed billing system of the present embodiment may also be used in the fields of banks, tax, foreign exchange, stocks, etc., and may be used in payment systems, banking systems, tax systems, and edi (electric data exchange) inside companies, and only needs to be modified into a data structure required by the corresponding system. In addition, the bills encrypted by these different regulatory bodies can be mutually signed, so that a certain tax bill can correspond to a certain payment (of course, not all are required), such a multi-regulatory unit, and a complex "distributed bill" of multiple regulatory data.
The asset management system corresponding to the asset transaction of the invention can be a bank system, a tax system, a security system or an electronic data exchange system in an enterprise.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, or fabricated separately as individual integrated circuit modules, or fabricated as a single integrated circuit module from multiple modules or steps. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. An asset transaction processing method implemented based on a secure hardware-based non-tamperable distributed billing system, wherein the secure hardware-based non-tamperable distributed billing system serves as an underlying system of a centrally supervised asset management system for interacting with a business system in response to a data processing request of the business layer and generating a transaction record; the secure hardware-based non-tamperproof distributed billing system comprises:
the bill unit module is stored in the safety hardware and used for storing at least one bill unit in a data structure form, and the bill unit is used for representing a numerical value corresponding to the service attribute of the service system so as to meet the transaction settlement requirement;
the access module is used as an access interface for data interaction with the service system hardware, and is used for receiving the transaction request of the service system and returning the response result to the service system;
the transaction maintenance module is used for processing the bill unit in the bill unit module after receiving the transaction request so as to update and generate a new bill unit, and returning the new bill unit as a response result to the service system after being encrypted so as to form corresponding mirror image data; the encryption key is generated by adopting a key derivation mechanism based on the secure hardware initialization preset algorithm;
the data structure of the billing unit at least comprises: the system comprises a serial number, an access address, a number and a secret key, wherein the serial number is a dynamic ID used for identifying the corresponding transaction dynamic state of a bill unit, the access address is a unique access ID used for identifying the bill unit, the number is used for representing a numerical value corresponding to the service attribute of a service system, and the secret key is dynamically updated by the safety hardware based on an initialized preset algorithm;
the transaction maintenance module includes:
the identity authentication submodule is used for encrypting the transaction request corresponding to the local bill unit by the key and then sending the transaction request to the security hardware corresponding to the previous level for identity authentication and carrying out identity authentication on the encrypted transaction request sent by the next level;
the transaction processing submodule is used for processing the transaction request according to the identity verification result of the previous level and updating and generating a new bill unit;
the receipt generation submodule is used for encrypting the new bill unit and returning the encrypted bill unit as a response result to the service system;
the security hardware is multiple and corresponds to different levels of a centrally-supervised asset management system, one or more bill units are correspondingly stored on each security hardware, the security hardware is uniformly initialized by a centrally-supervised administrative authority, a master key in the key derivation mechanism is kept by the administrative authority, and a key pool in the next level of security hardware is subordinate to a key pool in the previous level of security hardware;
the method comprises the following steps: the distributed bill system is used as a bottom system for responding the transaction request of the business system and synchronously updates the bill units related to the transaction; and exporting the bill units in the safety hardware to a third-party service system for signature of the third-party service system, so as to realize transaction supervision of two or more supervision authorities based on the same safety hardware.
2. The method of claim 1, wherein the secure hardware-based non-tamperproof distributed billing system further comprises:
and the transaction recording module is used for generating bill information which at least represents the transaction processing record corresponding to the bill unit update according to the received transaction request.
3. The method of claim 2, wherein the secure hardware-based non-tamperproof distributed billing system further comprises:
and the cloud data storage platform is used for receiving and storing the bill information generated by the transaction recording module.
4. The method of claim 1, wherein the secure hardware-based non-tamperproof distributed billing system further comprises:
and the export module is used for exporting the bill units stored in the bill unit module to a third-party service system after being encrypted by the corresponding keys.
5. The method of claim 1,
the asset management system corresponding to the asset transaction is a bank system, a tax system, a security system or an electronic data exchange system in the enterprise.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610736004.5A CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610736004.5A CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106339939A CN106339939A (en) | 2017-01-18 |
| CN106339939B true CN106339939B (en) | 2020-05-15 |
Family
ID=57823021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610736004.5A Active CN106339939B (en) | 2016-08-26 | 2016-08-26 | Non-tamper-able distributed bill system based on secure hardware and transaction processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106339939B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103471B (en) * | 2017-03-28 | 2020-06-30 | 上海瑞麒维网络科技有限公司 | Method and device for determining transaction validity based on block chain |
| CN110365491B (en) * | 2017-03-30 | 2021-03-26 | 腾讯科技(深圳)有限公司 | Service processing method, device, equipment, storage medium and data sharing system |
| CN108881163B (en) * | 2017-05-16 | 2021-05-14 | 江峰 | Multi-center block chain system with block issuing mechanism |
| CN107545419B (en) * | 2017-07-19 | 2021-07-13 | 招商银行股份有限公司 | Remittance processing method, system and computer readable storage medium |
| GB2569207A (en) * | 2017-07-19 | 2019-06-12 | China Merchants Bank Company | Remittance processing method and system, and computer-readable storage medium |
| CN107633390B (en) * | 2017-08-25 | 2021-04-20 | 苏州朗润创新知识产权运营有限公司 | Cloud wallet management method and server |
| WO2019135734A1 (en) * | 2018-01-02 | 2019-07-11 | Hewlett-Packard Development Company, L.P. | Regulating modification |
| CN108717659A (en) * | 2018-04-03 | 2018-10-30 | 中电科大数据研究院有限公司 | A kind of measures of tax collection and framework based on block chain |
| CN108564369B (en) * | 2018-04-18 | 2021-07-27 | 常州大学 | Decentralized currency transaction method based on regional chain |
| CN108876579A (en) * | 2018-07-05 | 2018-11-23 | 江苏恒宝智能***技术有限公司 | A kind of tax declaration management method and system based on block chain |
| CN109165957A (en) * | 2018-08-14 | 2019-01-08 | 海南高灯科技有限公司 | Invoice data method of charging out, system and relevant device based on block chain |
| CN110490700A (en) * | 2019-08-08 | 2019-11-22 | 上海源庐加佳信息科技有限公司 | A kind of staple commodities spot business system based on block chain intelligence contract |
| CN111488399A (en) * | 2020-05-06 | 2020-08-04 | 北京俩撇科技有限公司 | Block chain system, transaction processing method and device |
| CN111669377B (en) * | 2020-05-27 | 2023-02-03 | 国家广播电视总局广播电视规划院 | Safety control method for block chain chaining information |
| CN111932255B (en) * | 2020-08-12 | 2023-11-03 | 中国人民银行数字货币研究所 | Method and device for realizing transaction reconciliation based on encrypted currency |
| CN115760331A (en) * | 2022-11-08 | 2023-03-07 | 深圳市雁联计算***有限公司 | Configuration method and system for preventing bill from being tampered |
| CN117094722B (en) * | 2023-10-19 | 2024-01-30 | 深圳薪汇科技有限公司 | Security supervision method and system for online payment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102496112A (en) * | 2011-11-24 | 2012-06-13 | 烽火通信科技股份有限公司 | Three-screen payment system based on intelligent SD card and realization method thereof |
| CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
| CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104376493A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Safe processing system and method based on encryption equipment |
-
2016
- 2016-08-26 CN CN201610736004.5A patent/CN106339939B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102496112A (en) * | 2011-11-24 | 2012-06-13 | 烽火通信科技股份有限公司 | Three-screen payment system based on intelligent SD card and realization method thereof |
| CN105162607A (en) * | 2015-10-12 | 2015-12-16 | 武汉瑞纳捷电子技术有限公司 | Authentication method and system of payment bill voucher |
| CN106327184A (en) * | 2016-08-22 | 2017-01-11 | 中国科学院信息工程研究所 | Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106339939A (en) | 2017-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106339939B (en) | Non-tamper-able distributed bill system based on secure hardware and transaction processing method | |
| WO2022100078A1 (en) | Blockchain baas cross-border digital payment platform for smart supply chain | |
| JP7128111B2 (en) | Systems and methods for controlling asset-related activities via blockchain | |
| CN109829767A (en) | A kind of point reward exchanging system and method based on block chain technology | |
| CN113439281A (en) | Digital legal currency | |
| CN107230055B (en) | Method and system for paying digital currency | |
| CN107230051B (en) | Payment method and payment system of digital currency | |
| US20190164150A1 (en) | Using Blockchain Ledger for Selectively Allocating Transactions to User Accounts | |
| US10637644B1 (en) | System and method for authorizing transactions in an authorized member network | |
| CN107392601B (en) | Application method and system for digital currency wallet | |
| US20230410111A1 (en) | Cryptocurrency Storage Distribution | |
| CN110838068A (en) | Weak-centered fund transaction platform and method thereof | |
| CN109784886B (en) | Custodable limited circulation dual account model | |
| CN107330690B (en) | Method and system for binding application wallet of digital currency with bank wallet | |
| JPH11503541A (en) | Electronic Funds Transaction Certificate | |
| CN112767185B (en) | Reverse warranty financing method, device and storage medium based on blockchain | |
| CN111260485A (en) | Mutual-aid insurance method, equipment and medium based on block chain | |
| CN109767217B (en) | Digital asset, server, terminal and digital asset transaction method | |
| CN107369018B (en) | Binding method and binding system for digital currency wallet | |
| CN113570350A (en) | Bill digital interaction system and method based on block chain | |
| CN113919938A (en) | Domestic buyer's warranty financing method, device, equipment and medium based on block chain | |
| WO2020110079A1 (en) | Secure cryptocurrency storage system and method | |
| Palihapitiya | Blockchain Revolution in Banking Industry | |
| Cai et al. | Introduction to blockchain basics | |
| CN111444416A (en) | Method, system and device for popularizing financial business |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |