CN110505205A - Cloud platform encryption and decryption services cut-in method and access system - Google Patents
Cloud platform encryption and decryption services cut-in method and access system Download PDFInfo
- Publication number
- CN110505205A CN110505205A CN201910650539.4A CN201910650539A CN110505205A CN 110505205 A CN110505205 A CN 110505205A CN 201910650539 A CN201910650539 A CN 201910650539A CN 110505205 A CN110505205 A CN 110505205A
- Authority
- CN
- China
- Prior art keywords
- encryption
- decryption
- channel
- gateway
- customer end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The present invention discloses a kind of cloud platform encryption and decryption service cut-in method and access system, and method includes: the service access application that channel customer end sends certain a kind of business of a certain channel to gateway;Gateway confirmation channel customer end whether sends secret authentication key and whether secret authentication key is correct, gateway provides encryption and decryption service for such business of the correct channel of secret authentication key, corresponding encryption and decryption is returned for channel customer end and services calculated result, and gateway is such service generation Services Code and signature authentication corresponding with the Services Code at secret authentication key mistake or the channel customer end without safety certification secret key;Qualification information needed for such business to channel customer end authenticates;After qualification information is by certification, gateway is to such traffic assignments of channel secret authentication key corresponding with Services Code and encryption and decryption service plan.The present invention saves a large amount of exploitation and implementation cost in the realization of whole cloud platform, outreach system and settlement system.
Description
Technical field
The present invention relates to technical field of data security, specifically, being related to a kind of cloud platform encryption and decryption service cut-in method
And access system.
Background technique
Financial system needs to be operation flow by security component and different outer to the very high requirement of data safety
Channel, the whole offer safety certification of preposition service, data message signature, rights management, fault-tolerant processing, resources control and data are provided
The data safeties guarantee such as backup and recovery.Wherein safety certification and data signature are mainly to provide suitable for different business scene
Enciphering and deciphering algorithm.Basic ideas are to provide encryption and decryption functions in a manner of servicing, by its software implementation, virtualization, distribution and
Serviceization is conducive in platform and operation flow efficiently, flexibly realize.Database Systems are using the storage encryption of data item grade, i.e.,
The different field of different records, sensitive record is aided with verification measure all using different key encryptions to guarantee in database
The confidentiality and integrality of database data storage, prevent unauthorized access and the modification of data.
Including that multiclass is multinomial in financial platform is related to the data of safety certification, data encryption storage, transmission and data signature
Encryption and decryption functions effectively support the development of every business, improve fund and data safety, business handling efficiency and service comprehensively
Quality, basic, of overall importance, crew's property effect are increasingly enhanced.The important leverage that information security is deeply promoted as informationization,
It is closely related with the secure access of accumulation fund system, there is important meaning to service inquiry, business handling, capital settlement and management work
Justice has significant impact to platform safety, faces that the situation is tense.
However, currently, every business in financial platform is to be respectively arranged with encryption and decryption program, in the every business of calling
When, the encryption and decryption program of each business is called respectively, this causes client code to adapt to the interface of each business, increases client
Hold the complexity of code.Also increased in the realization of whole financial platform, outreach system and settlement system a large amount of exploitation and
Implementation cost.
Summary of the invention
In order to solve the above problem, the present invention provides a kind of cloud platform encryption and decryption service cut-in method, comprising the following steps:
Step S1, channel customer end send the service access application of certain a kind of business of a certain channel to gateway;
Whether just whether step S2, gateway confirmation channel customer end send secret authentication key and secret authentication key
Really, gateway provides encryption and decryption service for certain described a kind of business of the correct channel of secret authentication key, returns for channel customer end
It returns corresponding encryption and decryption and services calculated result,
Also, gateway be secret authentication key mistake or without safety certification secret key channel customer end it is described a certain
Class service generation Services Code and signature authentication corresponding with the Services Code;
Step S3 authenticates qualification information needed for certain a kind of business described in channel customer end;
Step S4, after qualification information is by certification, gateway is to certain a kind of traffic assignments and Services Code pair described in channel
The secret authentication key and encryption and decryption service plan answered.
Preferably, it in step S2, provides plus solves using the JAR packet corresponding with encryption and decryption service plan of encapsulation in a gateway
Close service, channel customer end call built-in api interface to complete corresponding encryption and decryption service by the JAR packet that gateway provides.
Preferably, channel customer end passes through SSL secure network access gateway.
Preferably, further include step S5, also generate audit log and exception record.
Preferably, secret authentication key regularly updates, and when updating secret authentication key, is calculated using one-way hash function
The hashed value of current safety authentication key, and using hashed value as new secret authentication key.
Preferably, according to load-balancing algorithm that the distribution of computation tasks of encryption and decryption service is single to each calculating in step S2
Member.
Preferably, the load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, and static state is negative
Carrying equalization algorithm includes: polling method, weighted polling method, priority method;
Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response tachometric method, observation, anticipation method, dynamic wheel
Inquiry method.
Preferably, the algorithm that the rule encrypt, decrypted uses includes at least MD5, RSA, DES, AES, Base64.
Preferably, the gateway first verifies channel visitor when channel customer end sends service access application to gateway
Title, physical address, network type, the IP address at family end.
The present invention also provides a kind of cloud platform encryption and decryption service access systems, comprising:
Safety certification secret key authentication module, for receive and verify a certain channel that channel customer end is sent to gateway certain
The service of a kind of business accesses application;
Encryption and decryption services computing module, for providing encryption and decryption service, returns to corresponding encryption and decryption clothes for channel customer end
Business calculated result;
Services Code generation module, for judging secret authentication key mistake in safety certification secret key authentication module or not having
In the case where having safety certification secret key, Services Code and signature authentication information corresponding with Services Code are generated;
Qualification approval module, for being authenticated to qualification information needed for certain a kind of business described in channel customer end;
Encryption and decryption service plan distribution module is used for after qualification information is by certification, to certain a kind of industry described in channel
Business distribution secret authentication key and encryption and decryption service plan, and the secret authentication key, encryption and decryption service plan and service are compiled
Code is corresponding.
Cloud platform encryption and decryption service cut-in method of the invention and access system, client only need same gateway interaction, and
The specific subitem service of the multiclass of dispersion need not be called, client code is simplified, in whole cloud platform, outreach system and clearing system
A large amount of exploitation and implementation cost are saved in the realization of system.Solve cloud platform data encryption, transmission and service logic exploitation
Coupled problem, simplify the exploitation of the cryptographic services and signature authentication in financial settlement, payment transaction and safety certification process
Amount reduces financial system safety certification, the development cost of Data Encryption Transmission and service logic, and data is uniformly processed by gateway
Safety, improves the safety and stability of business.
Detailed description of the invention
By the way that embodiment is described in conjunction with following accompanying drawings, features described above of the invention and technological merit will become
More understands and be readily appreciated that.
Fig. 1 is the flow diagram for indicating the cloud platform encryption and decryption service cut-in method of the embodiment of the present invention;
Fig. 2 is the module structure drafting for indicating the cloud platform encryption and decryption service access system of the embodiment of the present invention.
Specific embodiment
Cloud platform encryption and decryption of the present invention service cut-in method and access system described below with reference to the accompanying drawings
Embodiment.Those skilled in the art will recognize, without departing from the spirit and scope of the present invention, can be with
Described embodiment is modified with a variety of different modes or combinations thereof.Therefore, attached drawing and description are inherently said
Bright property, it is not intended to limit the scope of the claims.In addition, in the present specification, attached drawing is drawn not in scale, and
And identical appended drawing reference indicates identical part.
Cloud platform encryption and decryption services cut-in method, comprising the following steps:
Step S1, by SSL, (Secure Socket Layer provides safety and data integrity for network communication at channel customer end
A kind of security protocol) secure network sent to gateway a certain channel certain a kind of business service access application, specifically, channel
Client sends the service access application of certain a kind of business of a certain channel by held secret authentication key to gateway.Its
In, for example, channel includes having channel, external networking government affairs mechanism channel, internet finance by oneself to access channel in financial field,
Wherein, own channel includes management department's sales counter, acts on behalf site, loan center, phone, short message, wechat, mobile APP, self-service end
End, website and these channels of online business hall.Outside networking government affairs mechanism channel include guarantee agency, business bank, live build portion,
Capital construction commission is lived, through letter office, quality supervision, industry and commerce, social security, civil administration, planning, territory, public security, these channels of government affairs office by the People's Bank.
Each channel has different types of business.Such as bank, include at least inquiry class, loan application class,
Settle accounts the types of business such as class.Different business of the various businesses being unfolded between each channel as channel.
Channel customer end can be the client of certain a kind of business of each channel.Client can include but is not limited to hand
Machine, personal digital assistant (Personal Digital Assistant, PDA), radio hand-held equipment, tablet computer (Tablet
Computer), PC (Personal Computer, PC) etc..Channel customer end can be one only for a kind of business
Platform computer is also possible to a computer for multi-traffic.
Wherein, channel customer end, can also either carry out relevant operation by channel customer end by channel management person
To be that channel customer end directly carries out relevant operation according to the program of setting.
Step S2, gateway receive after channel customer terminates service request, and whether verify its secret authentication key correct,
If correct, encryption and decryption service is provided, gateway is channel to provide encryption and decryption service by such business of the channel of certification
Client returns to corresponding encryption and decryption and services calculated result.For example, channel customer end input be the information such as Bank Account Number, then plus
Decryption service will return to channel customer end by the bank account information of encryption, and channel customer end recycles the silver by encryption
Row account information executes specific business.
If it is determined that secret authentication key mistake or there is no safety certification secret key, that is to say, that in a gateway to such industry
Business is currently without the corresponding encryption and decryption scheme of distribution.Services Code is then generated by gateway and signature authentication information, the signature are recognized
Card is exactly to sign by certain crypto-operation generation series of sign and code composition electronic cipher, writes signature to substitute
Or seal.Services Code has no particular/special requirement, can be the combination of number, character or number and character, as long as can distinguish
Come.Wherein, every a kind of business of corresponding each channel has a Services Code, and label corresponding with the Services Code
Name certification.Gateway corresponds to the channel customer end and generates the corresponding Services Code of such business and signature authentication.For example, channel customer
A kind of business at end is loan application, for example (corresponding loan application can be mounted in the loan on computer at channel customer end
Money approval system) on input user information, the information such as Real Name, ID card No., Bank Account Number, the amount of the loan of submission,
If not encrypting these information directly and submitting to loan approval system, it is likely to result in information leakage.So these information
Encrypted result is all obtained by Encryption Algorithm by gateway, i.e., is encrypted as not directly understanding by the clear data directly understood
Ciphertext data, are just sent to loan approval system, and approval system of providing a loan using safety certification secret key come the data to encryption
It is decrypted, obtains the relevant information of loan application people input, approval system of then providing a loan executes relevant review operation again.Its
In, the private data being related in loan approval process can be by gateway come encryption and decryption processing.
Step S3, after generating Services Code and signature authentication information, further to needed for such business of channel customer end
Qualification information authenticated, the data information can be the data for representing the strength of enterprise, such as bank, can be with
It is annual return, achievement increasing degree, receives number of deposits, total value etc. of offering loans.Required data information type can root
According to needing to set in a gateway.The different business of corresponding different channel, the data information for needing to authenticate can be different.
Step S4, after qualification information is by certification, gateway, which is allocated safety to such service access service of channel, to be recognized
Card key and encryption and decryption service plan, the encryption and decryption service plan can have different security levels, and security level is higher,
Safety is better.The secret authentication key and encryption and decryption service plan are corresponding with Services Code, that is to say, that according to different
Type of service distributes encryption and decryption service plan.For example, the inquiry class of banking channels distributes a kind of encryption and decryption scheme, banking channels
Loan class distributes a kind of encryption and decryption scheme.And encryption and decryption service is converted into the service that channel customer end is able to use.Specifically,
Required encryption and decryption service routine is encapsulated in a gateway, and encryption and decryption service routine can be using JAVA language, corresponding each to add
Service plan is decrypted, provides encryption and decryption service using JAR packet.The JAR packet that channel customer end is provided by gateway calls built-in
Corresponding encryption and decryption service can be completed in API (application programming interface) interface.In addition, the inhomogeneity business of different channels can
To be to use identical encryption and decryption scheme, that is, call the same JAR packet.
Step S4 is that channel customer end is assigned with encryption and decryption service plan and safety certification secret key by step S1 to S3,
Channel customer end can by SSL secure network access gateway, after through safety certification key confirmation and data information certification,
The encryption and decryption service that is arranged in gateway can be used, complete safety certification, data encryption storage, transmission and data signature etc. with
The related link of encryption and decryption.
It further, further include step S5, also generation audit log and exception record are in case carry out channel analysis, service is adjusted
Dosage inquiry and performance, accident analysis.
In one alternate embodiment, secret authentication key regularly updates, and is after generating secret authentication key, by certain
Period (such as every day) changes key.In more new key, the hashed value of current key is calculated using one-way hash function, and
This hashed value is used as new key.It briefly, is exactly to use the hashed value of current key as next key.
In one alternate embodiment, in step S2, specific calculating is realized according to load-balancing algorithm and is assigned to conjunction
Suitable computing unit.Specifically, gateway includes multiple computing units for encryption and decryption, is measured using load-balancing algorithm
The calculation amount distributed on each computing unit.Each computing unit can be is deployed in more virtual servers or privately owned cloud service respectively
On device.The load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, static load balancing algorithm
It include: polling method, weighted polling method, priority method.Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response speed
Degree method, observation prejudge method, dynamic polling method.
In one alternate embodiment, the algorithm that the rule encrypt, decrypted uses includes at least MD5 (Message Digest 5
5th edition), RSA (rivest, shamir, adelman), DES (data encryption standards, be it is a kind of using key encrypt block algorithm), AES
(Advanced Encryption Standard), Base64 (a method of binary data is indicated based on 64 printable characters).
In one alternate embodiment, the gateway channel customer end to gateway send service access application when,
First verify the validity at channel customer end.Specifically, with first verifying the title at channel customer end, physical address, network type, IP
Location after being verified, could permit channel customer end to gateway and send service access application, prevent the client of not associated rights
Arbitrarily initiate service access application in end.
In one alternate embodiment, gateway regularly update enciphering and deciphering algorithm type and corresponding enciphering and deciphering algorithm,
Safeguard secret authentication key, computing unit quantity and the log services of channel access.
The present invention also provides a kind of cloud platform encryption and decryption service access system 10, cloud platform encryption and decryption service access systems 10
It is encapsulated in gateway.As shown in fig.2, being the module composition schematic diagram of cloud platform encryption and decryption service access system 10 of the present invention.
Cloud platform encryption and decryption service access system 10 includes the safety certification secret key authentication module 101 being encapsulated in gateway, encryption and decryption clothes
Business computing module 102, Services Code generation module 103, qualification approval module 104, encryption and decryption service plan distribution module 105.
Wherein, safety certification secret key authentication module 101 is sent out by SSL secure network to gateway for receiving channel customer end
The service of a kind of business of certain of a certain channel sent accesses application, wherein for example, in financial field, channel include own channel,
Outside networking government affairs mechanism channel, internet finance access channel, wherein own channel include management department's sales counter, act on behalf site,
Loan center, phone, short message, wechat, mobile APP, self-aided terminal, website and these channels of online business hall.Outside networking political affairs
Business mechanism channel include guarantee agency, business bank, live build portion, the People's Bank, live capital construction commission, through letter office, quality supervision, industry and commerce, social security,
Civil administration, planning, territory, public security, these channels of government affairs office.
Each channel has different types of business.Such as bank, include at least inquiry class, loan application class,
Settle accounts the types of business such as class.Different business of the various businesses being unfolded between each channel as channel.
Channel customer end can be the client of certain a kind of business of each channel.Client can include but is not limited to hand
Machine, personal digital assistant (Personal Digital Assistant, PDA), radio hand-held equipment, tablet computer (Tablet
Computer), PC (Personal Computer, PC) etc..Channel customer end can be one only for a kind of business
Platform computer is also possible to a computer for multi-traffic.
Wherein, channel customer end, can also either carry out relevant operation by channel customer end by channel management person
To be that channel customer end directly carries out relevant operation according to the program of setting.
Safety certification secret key authentication module 101 receives after channel customer terminates service request, verifies its safety certification
Whether key is correct, and the verifying of safety certification secret key is correct, then sends a signal to encryption and decryption service computing module 102.
Encryption and decryption service computing module 102 returns to corresponding encryption and decryption for providing encryption and decryption service, for channel customer end
Service calculated result.For example, the input of channel customer end is the information such as Bank Account Number, then encryption and decryption service will pass through the silver of encryption
Row account information returns to channel customer end, and channel customer end recycles the bank account information by encryption to execute specific industry
Business.
If safety certification secret key authentication module 101 judges secret authentication key mistake or does not have safety certification secret key,
That is in a gateway to such business currently without the corresponding encryption and decryption scheme of distribution.Then by Services Code generation module
103 generate Services Code and signature authentication information.Services Code has no particular/special requirement, can be number, character or number and word
The combination of symbol, as long as can distinguish.Wherein, every a kind of business of corresponding each channel has a Services Code,
With signature authentication corresponding with the Services Code.Gateway corresponds to the channel customer end and generates the corresponding Services Code of such business
And signature authentication.For example, a kind of business at channel customer end is loan application, such as in channel customer end (corresponding loan application
The loan approval system that can be mounted on computer) on input user information, the Real Name of submission, ID card No.,
The information such as Bank Account Number, the amount of the loan are submitted to loan approval system if directly do not encrypted these information, may be made
At information leakage.So these information, which all pass through gateway, obtains encrypted result, i.e., the plaintext that will directly understand by Encryption Algorithm
Data encryption is the ciphertext data not directly understood, is just sent to loan approval system, and approval system of providing a loan utilizes peace
It is complete to authenticate secret key the data of encryption to be decrypted, the relevant information of loan application people input is obtained, then loan examination & approval system
System executes relevant review operation again.Wherein, the private data being related in loan approval process can pass through gateway
Carry out encryption and decryption processing.
Qualification approval module 104 is for further recognizing qualification information needed for such business of channel customer end
Card, the data information can be the data for representing the strength of enterprise, such as bank, can be annual return, achievement increases
Long amplitude receives number of deposits, total value etc. of offering loans.Required data information type can according to need to be set in a gateway
It is fixed.The different business of corresponding different channel, the data information for needing to authenticate can be different.
Encryption and decryption service plan distribution module 105 is used for after qualification information is by certification, is connect to such business of channel
Enter service and be allocated secret authentication key and encryption and decryption service plan, the encryption and decryption service plan can have different peaces
Full rank, security level is higher, and safety is better.The secret authentication key and encryption and decryption service plan and Services Code pair
It answers, that is to say, that distribute encryption and decryption service plan according to different types of service.For example, the inquiry class of banking channels distributes one kind
Encryption and decryption scheme, the loan class of banking channels distribute a kind of encryption and decryption scheme.And encryption and decryption service is converted into channel customer end
The service being able to use.Specifically, required encryption and decryption service routine is encapsulated in a gateway, and encryption and decryption service routine, which can be, to be adopted
With JAVA language, corresponding each encryption and decryption service plan provides encryption and decryption service using JAR packet.Channel customer end passes through gateway
The JAR packet of offer calls built-in api interface that corresponding encryption and decryption service can be completed.In addition, the inhomogeneity industry of different channels
Business can be using identical encryption and decryption scheme, that is, call the same JAR packet.
The above description is only a preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art
For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification,
Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of cloud platform encryption and decryption services cut-in method, which comprises the following steps:
Step S1, channel customer end send the service access application of certain a kind of business of a certain channel to gateway;
Step S2, gateway confirmation channel customer end whether sends secret authentication key and whether secret authentication key is correct, net
It closes and provides encryption and decryption service for certain described a kind of business of the correct channel of secret authentication key, return and correspond to for channel customer end
Encryption and decryption service calculated result,
Also, gateway is certain described a kind of industry of secret authentication key mistake or the channel customer end without safety certification secret key
Business generates Services Code and signature authentication corresponding with the Services Code;
Step S3 authenticates qualification information needed for certain a kind of business described in channel customer end;
Step S4, after qualification information is by certification, gateway is corresponding with Services Code to certain a kind of traffic assignments described in channel
Secret authentication key and encryption and decryption service plan.
2. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
In step S2, encryption and decryption service, channel are provided using the JAR packet corresponding with encryption and decryption service plan of encapsulation in a gateway
Client calls built-in api interface to complete corresponding encryption and decryption service by the JAR packet that gateway provides.
3. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Channel customer end passes through SSL secure network access gateway.
4. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Further include step S5, also generates audit log and exception record.
5. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Secret authentication key regularly updates, and when updating secret authentication key, calculates current safety using one-way hash function and recognizes
The hashed value of key is demonstrate,proved, and using hashed value as new secret authentication key.
6. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
In step S2, according to load-balancing algorithm by the distribution of computation tasks of encryption and decryption service to each computing unit.
7. cloud platform encryption and decryption according to claim 6 services cut-in method, which is characterized in that
The load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, static load balancing algorithm packet
It includes: polling method, weighted polling method, priority method;
Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response tachometric method, observation, anticipation method, dynamic polling
Method.
8. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Encryption, the algorithm that the rule of decryption uses include at least MD5, RSA, DES, AES, Base64.
9. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
The gateway channel customer end to gateway send service access application when, first verify channel customer end title,
Physical address, network type, IP address.
10. a kind of cloud platform encryption and decryption service access system characterized by comprising
Safety certification secret key authentication module, for receiving and verifying certain one kind for a certain channel that channel customer end is sent to gateway
The service of business accesses application;
Encryption and decryption services computing module, for providing encryption and decryption service, returns to corresponding encryption and decryption service meter for channel customer end
Calculate result;
Services Code generation module, for judging secret authentication key mistake in safety certification secret key authentication module or not pacifying
In the case where full certification secret key, Services Code and signature authentication information corresponding with Services Code are generated;
Qualification approval module, for being authenticated to qualification information needed for certain a kind of business described in channel customer end;
Encryption and decryption service plan distribution module, for dividing certain a kind of business described in channel after qualification information is by certification
With secret authentication key and encryption and decryption service plan, and the secret authentication key, encryption and decryption service plan and Services Code pair
It answers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910650539.4A CN110505205B (en) | 2019-07-18 | 2019-07-18 | Cloud platform encryption and decryption service access method and access system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910650539.4A CN110505205B (en) | 2019-07-18 | 2019-07-18 | Cloud platform encryption and decryption service access method and access system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110505205A true CN110505205A (en) | 2019-11-26 |
CN110505205B CN110505205B (en) | 2021-04-23 |
Family
ID=68586067
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910650539.4A Active CN110505205B (en) | 2019-07-18 | 2019-07-18 | Cloud platform encryption and decryption service access method and access system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110505205B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113806725A (en) * | 2021-11-17 | 2021-12-17 | 北京翰凌科技有限公司 | Financial business data cloud interaction method |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1734484A (en) * | 2004-08-12 | 2006-02-15 | 华为技术有限公司 | Network bank system and method by means of e-mail to pay |
US20070143623A1 (en) * | 2000-02-15 | 2007-06-21 | Silverbrook Research Pty Ltd | Method of validating consumable authentication chip |
CN101848090A (en) * | 2010-05-11 | 2010-09-29 | 武汉珞珈新世纪信息有限公司 | Authentication device and system and method using same for on-line identity authentication and transaction |
CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
CN103546284A (en) * | 2012-07-10 | 2014-01-29 | 北京虎符科技有限公司 | Hufu token authentication system |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
CN107403077A (en) * | 2016-05-20 | 2017-11-28 | 中文在线数字出版集团股份有限公司 | A kind of strong copyrighted product management system for adapting to right and splitting and combining |
-
2019
- 2019-07-18 CN CN201910650539.4A patent/CN110505205B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070143623A1 (en) * | 2000-02-15 | 2007-06-21 | Silverbrook Research Pty Ltd | Method of validating consumable authentication chip |
CN1734484A (en) * | 2004-08-12 | 2006-02-15 | 华为技术有限公司 | Network bank system and method by means of e-mail to pay |
CN101848090A (en) * | 2010-05-11 | 2010-09-29 | 武汉珞珈新世纪信息有限公司 | Authentication device and system and method using same for on-line identity authentication and transaction |
CN103546284A (en) * | 2012-07-10 | 2014-01-29 | 北京虎符科技有限公司 | Hufu token authentication system |
CN102916968A (en) * | 2012-10-29 | 2013-02-06 | 北京天诚盛业科技有限公司 | Identity authentication method, identity authentication server and identity authentication device |
CN105323062A (en) * | 2014-06-03 | 2016-02-10 | 北京收付宝科技有限公司 | Mobile terminal digital certificate electronic signature method |
CN107403077A (en) * | 2016-05-20 | 2017-11-28 | 中文在线数字出版集团股份有限公司 | A kind of strong copyrighted product management system for adapting to right and splitting and combining |
CN106302449A (en) * | 2016-08-15 | 2017-01-04 | 中国科学院信息工程研究所 | A kind of ciphertext storage cloud service method open with searching ciphertext and system |
CN106921678A (en) * | 2017-04-27 | 2017-07-04 | 中国舰船研究设计中心 | A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113806725A (en) * | 2021-11-17 | 2021-12-17 | 北京翰凌科技有限公司 | Financial business data cloud interaction method |
CN113806725B (en) * | 2021-11-17 | 2022-02-25 | 北京翰凌科技有限公司 | Financial business data cloud interaction method |
Also Published As
Publication number | Publication date |
---|---|
CN110505205B (en) | 2021-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110692214B (en) | Method and system for ownership verification using blockchain | |
AU2017240682B2 (en) | Systems and methods for providing data privacy in a private distributed ledger | |
US9756023B2 (en) | Token-based secure data management | |
US11521276B2 (en) | Decentralized computing with auditability and taxability | |
US9406186B2 (en) | System and method for providing limited access to data | |
Industry | Data security standard | |
CN112287379B (en) | Service data using method, device, equipment, storage medium and program product | |
CN105978855B (en) | Personal information safety protection system and method under a kind of system of real name | |
US20230298012A1 (en) | Systems and methods for substitute low-value tokens in secure network transactions | |
US11233772B1 (en) | Methods and systems for secure cross-platform token exchange | |
KR20170140215A (en) | Methods and systems for transaction security | |
CN110471908A (en) | A kind of joint modeling method and device | |
CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
KR102211033B1 (en) | Agency service system for accredited certification procedures | |
CN115409511B (en) | Personal information protection system based on block chain | |
Sung et al. | Mobile Payment Based on Transaction Certificate Using Cloud Self‐Proxy Server | |
CN110505205A (en) | Cloud platform encryption and decryption services cut-in method and access system | |
CN201327659Y (en) | Credible card reading device | |
KR102199486B1 (en) | Authorized authentication agency for content providers | |
Awwad et al. | Development of a Secure Model for Mobile Government Applications in Jordan | |
Nosrati et al. | A review of mobile banking security | |
CN113344551A (en) | Multi-head credit granting method, device, equipment and medium based on zero-knowledge proof technology | |
CN112929177A (en) | Block chain anonymous user auditing method and system applied to block chain server | |
Dass et al. | Security framework for addressing the issues of trust on mobile financial services | |
CN112257084A (en) | Personal information storage and monitoring method, system and storage medium based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |