CN117172893A

CN117172893A - Service processing method and device and computer equipment

Info

Publication number: CN117172893A
Application number: CN202310875754.0A
Authority: CN
Inventors: 唐锆; 屈贯伟; 张顺; 王聪
Original assignee: Bank of China Ltd
Current assignee: Bank of China Ltd
Priority date: 2023-07-17
Filing date: 2023-07-17
Publication date: 2023-12-05

Abstract

The application relates to a business processing method, a business processing device, computer equipment and a computer readable storage medium, which can be used for processing flow of financial business in the financial field. Wherein the method comprises the following steps: the method comprises the steps of receiving service handling information and first identity identification information sent by a first terminal, generating a first consignment certificate, uploading the service handling information, the first identity identification information and the first consignment certificate to a blockchain, identifying a second consignment certificate and second identity identification information provided by a second terminal of a consignee, verifying the identity of the consignee according to the blockchain, and starting a corresponding service processing flow according to the service handling information. The service handling information in the scheme is stored in the blockchain, the consignee can carry the delegation certificate to go to the off-line network point, acquire information from the blockchain and handle corresponding service, and the consignee cannot acquire the service information because the data of the blockchain cannot be forged, so that the risk of information leakage of a user can be reduced, and the information security is improved.

Description

Service processing method and device and computer equipment

Technical Field

The present disclosure relates to the field of blockchain technology, and in particular, to a service processing method, apparatus, computer device, computer readable storage medium, and computer program product.

Background

The business systems such as banks and the like have a large number of private businesses, and many types of the businesses do not support online transaction, and the businesses can only be transacted by users going to off-line network sites. In many cases, the user may not be able to arrive at the site due to the outside of the body or busy business, for which some institutions allow for a mode of commission, and the user commissions others to go to an off-line network to transact business of the user's own account.

However, this mode of consignment is not only cumbersome, but also requires that the consignee provide a large amount of proof materials such as principal identity document, principal account, consigned business information, consigned book, etc. on line, and there is a possibility that counterfeit materials and materials are used for other purposes, which easily causes leakage of principal information, and has a high security risk.

Disclosure of Invention

In view of the above, there is provided a business processing method, apparatus, computer device, computer readable storage medium, and computer program product, for the above technical problems. The technical scheme of the present disclosure is as follows:

according to an aspect of the embodiments of the present disclosure, there is provided a service processing method, including:

receiving business handling information and first identity identification information sent by a first terminal;

generating a first delegated certificate according to the business handling information and the first identity identification information;

uploading the business handling information, the first identity identification information and the first delegated certificate to a blockchain;

identifying a second delegated certificate and second identity information provided by a second terminal;

and under the condition that the first identity information is matched with the second identity information, starting a corresponding service processing flow according to the service handling information.

In one embodiment, the first delegated credential includes a validity period, and after identifying the second delegated credential and the second identity information provided by the second terminal, the method further includes:

querying the blockchain for the validity period of the first delegate credential from the blockchain according to the second delegate credential;

and detecting whether the first identity information is matched with the second identity information or not under the condition that the current time is within the valid period.

In one embodiment, after detecting whether the first identification information and the second identification information match, the method further includes:

acquiring a face image corresponding to the first identity identification information from a third party system;

and carrying out face recognition verification on the user corresponding to the second terminal according to the face image, and starting a service processing flow under the condition that verification is passed.

In one embodiment, the first delegated credential includes a credential number, a credential type, and a validity period.

In one embodiment, the starting the corresponding service processing flow according to the service handling information includes:

sending a verification request to the first terminal in a preset mode;

and receiving verification information sent by the first terminal, and performing identity verification according to the verification information.

In one embodiment, the preset manner is a 5G message.

According to another aspect of the embodiments of the present disclosure, there is provided a service processing apparatus, including:

the data acquisition module is used for receiving business handling information and first identity identification information sent by the first terminal;

the certificate generation module is used for generating a first delegated certificate according to the business handling information and the first identity identification information;

the information uploading module is used for uploading the business handling information, the first identity identification information and the first delegation certificate to a blockchain;

the information identification module is used for identifying a second delegated certificate and second identity information provided by the second terminal;

and the service processing module is used for starting a corresponding service processing flow according to the service handling information under the condition that the first identity information is matched with the second identity information.

According to another aspect of the embodiments of the present disclosure, there is also provided a computer device including a memory storing a computer program and a processor implementing the steps of the above method when the processor executes the computer program.

According to another aspect of the disclosed embodiments, there is also provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the above method.

According to another aspect of the disclosed embodiments, there is also provided a computer program product comprising a computer program which, when executed by a processor, implements the steps of the above method.

In the technical scheme provided by the embodiment of the disclosure, the service handling information and the first identity identification information sent by the first terminal can be received, the first commission certificate is generated, then the service handling information, the first identity identification information and the first commission certificate are uploaded to the blockchain, the identity identification information of the consignee can be matched and verified according to the first identity identification information in the blockchain by identifying the second commission certificate and the second identity identification information provided by the second terminal of the consignee, and after the matching is passed, the corresponding service processing flow is started according to the service handling information. According to the scheme, the service handling information is stored in the blockchain, the consignee can carry the consignee certificate to go to the off-line network point, and after the consignee is authenticated according to the consignee certificate, the information is acquired from the blockchain and corresponding service is handled.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the following description will briefly explain the embodiments or the drawings used in the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments described in the present description, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

FIG. 1 is a schematic diagram of an application scenario of a business processing method in one embodiment;

FIG. 2 is a flow diagram of a business processing method in one embodiment;

FIG. 3 is a flow chart of a business processing method in another embodiment;

FIG. 4 is a flow diagram of verifying the identity of a delegate in one embodiment;

FIG. 5 is a flow diagram of a request for authentication from a principal terminal in one embodiment;

FIG. 6 is a schematic diagram of a service processing device in one embodiment;

FIG. 7 is a schematic diagram of the internal architecture of a computer device in one embodiment.

Detailed Description

In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.

It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the foregoing figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the disclosure described herein may be capable of operation in sequences other than those illustrated or described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, it is not excluded that additional identical or equivalent elements may be present in a process, method, article, or apparatus that comprises a described element. For example, if first, second, etc. words are used to indicate a name, but not any particular order.

The terms "vertical," "horizontal," "left," "right," "upper," "lower," "front," "rear," "circumferential," "direction of travel," and the like as used herein are based on the orientation or positional relationship shown in the drawings and are merely for convenience of description and to simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be constructed and operated in a particular orientation, and therefore should not be construed as limiting the application.

Unless defined otherwise, technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein in the description of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. The term "and/or", "at least one of …" as used herein includes any and all combinations of one or more of the associated listed items. The connection, etc. described in the present disclosure may be a direct connection through an interface or a pin between devices, or may be a connection through a wire, or may be a wireless connection (communication connection).

At present, when a principal commits financial services, the principal needs to give information such as identity documents, copies, accounts and the like to the principal, and inform the principal of specific service contents to be transacted, so that the risk of leakage of the identity information of the principal and the services transacted by the principal exists, and the possibility of counterfeiting of materials such as the identity information, the trust certificate and the like is not excluded. In addition, the consignee needs to ensure that materials such as the certificate of the consignee, the consignee certificate and the like are intact, and a plurality of business processes are finished according to the instruction of the consignee, so that the procedure is complicated.

To solve the above technical problem, according to an aspect of an embodiment of the present disclosure, a service processing method is provided. The business processing method provided by the embodiment of the application can be applied to the application environment shown in figure 1. Wherein the terminal 102 may communicate with the server 104 via a network. The terminal 102 may include a mobile phone, a computer, a tablet, etc. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers. There may be multiple terminals 102, and the terminals 102 and the server 104 may form a blockchain system as nodes of the blockchain.

The blockchain refers to a chain data structure formed by combining data blocks in a sequential connection mode according to time sequence in a narrow sense, and is a distributed account book which is not tamperable and not counterfeitable and is ensured in a cryptographic mode. The generalized blockchain technology is a brand new distributed infrastructure and calculation paradigm for verifying and storing data by utilizing a block chain data structure, generating and updating the data by utilizing a distributed node consensus algorithm, ensuring the safety of data transmission and access by utilizing a cryptography mode, and programming and operating the data by utilizing an intelligent contract consisting of an automatic script code.

In the blockchain system formed by the terminals 102 and the servers 104 serving as nodes, the terminals 102 and the servers 104 serving as the nodes can store complete data according to a block chain structure, and each node storage of the blockchain is independent and equivalent in position, and storage consistency is ensured by means of a consensus mechanism.

In some specific application scenarios, the terminal 102 may be a device such as a mobile phone used by a banking user, or may be a self-service terminal device such as an ATM of a banking, where the terminal device may be used to process a data processing task related to a banking service, and the server 104 may be a server where a service system such as a banking background is located. The server 104 acts as a node of the blockchain, and may receive information sent by a user through the terminal 104 and record the information into the blockchain, and other nodes in the blockchain may synchronously record the information. Blockchains involved in embodiments of the present disclosure may employ pre-deployed federation chains and may enable the trusted exchange of identity-autonomous-controllable and data through distributed identity technology DID (Decentralized Identity ). For example, a financial institution such as a bank related to a business can be incorporated into a alliance chain as a node, a consensus mechanism can be formulated, and data related to a business flow is encrypted and then is uplink to form an account book which is trusted in all links, witnessed in all nodes and not tamperable.

Compared with the traditional identity system based on PKI (Public Key Infrastructure ), the DID digital identity system established based on the blockchain has the characteristics of ensuring the authenticity and credibility of data, protecting the privacy safety of users, having strong portability and the like, and has the advantages that:

1) Decentralizing: based on the blockchain, the identity data is prevented from being controlled by a single centralized authority.

2) The identity is autonomously controllable: based on DPKI (distributed public key infrastructure), each user's identity is not controlled by a trusted third party, but by its owner, and the individual can manage his own identity autonomously.

3) Trusted data exchange: the identity-related data is anchored on the blockchain and the authentication process need not depend on the party providing the identity.

In one embodiment, as shown in fig. 2, a service processing method is provided, and the method is applied to the server 104 in fig. 1 for illustration, and the method includes the following steps:

step S210, receiving business handling information and first identity identification information sent by a first terminal.

The first terminal may be a terminal used by the principal. The business transaction information may include business transaction-related information such as business type, business transaction time, account information of the principal, etc. The first identity information may be identification information for representing the identity of the delegate.

Taking banking as an example, a user can be taken as a principal of entrusting business and can designate a consignee, and the principal can send business handling information such as business type, business handling time, principal account and the like and consignee identity identification information such as identity card number of the consignee to a banking system through a terminal so as to apply for handling business by the consignee in a entrusting agent mode.

In some specific embodiments, the bank can provide a service delegation module through a mobile phone bank APP or an applet and the like, a delegator and a delegate can register in the module in advance, and the bank can grant the authority of delegation or accepting delegation to a registered user after the authentication of the user by calling a third party system.

Step S220, a first consignment certificate is generated according to the business handling information and the first identity identification information.

The first delegated credential may be a two-dimensional code or a data string generated from a hash value.

Specifically, the service system may generate a delegate credential according to the service handling information and the delegate identity information, where the delegate credential may include a credential ID (credential number), a credential type, a credential description, a version number, the delegate identity information, a time of issue, a validity period, service system digital signature information, and the like. In some other embodiments, the service system may also generate a delegation certificate directly according to a delegation request initiated by the first terminal, and associate the delegation certificate with the service transaction information and the delegate identity information.

Step S230, uploading the service handling information, the first identity information, and the first delegated certificate to a blockchain.

Specifically, after obtaining the delegated credentials, the business system may upload business transaction information, delegated credentials, and other information to the blockchain. In some other embodiments, the banking system may encrypt the information before uploading the information to the blockchain, and upload the encrypted information to the blockchain. The blockchain includes a plurality of nodes that may include a principal's terminal, an account opening service system, other banking systems, and the like. It should be noted that the banking system may encrypt the messages uploaded to the blockchain beforehand by means of an asymmetric encryption algorithm, the keys of which may be kept by the bank and the principal, respectively.

Step S240, the second delegated certificate and the second identity information provided by the second terminal are identified.

Wherein the second terminal may be a terminal used by the delegate. The second delegate credential may be a delegate credential that the delegate presents to a banking person or a banking self-service device via the second terminal.

Specifically, the principal can send the delegate certificate to the delegate terminal, the delegate can display the delegate certificate to the self-service terminal device or the counter business staff through the second terminal after going to the off-line network point, and the business staff can identify the delegate certificate by using the scanning device. In some other embodiments, the delegate may also apply for a credential pickup to the business system by the identity registered at the business delegation module, with the business system issuing delegate credentials for the delegate to delegate business under its name.

Step S250, when the first identity information is matched with the second identity information, starting a corresponding service processing flow according to the service handling information.

Specifically, after identifying the delegate provided by the delegate, the offline website can query the corresponding first delegate from the blockchain according to the delegate, perform identity verification on the delegate according to the delegate identity information in the blockchain, and transact the delegate service after the verification is passed. For example, when the identity information of the delegate is a delegate identity document, the delegate may be requested to provide an identity master or to input an identity document number, and to compare with the identity document recorded in the blockchain, and if the comparison is consistent, the service corresponding to the delegate document may be transacted.

In one embodiment, the first delegated credential includes a validity period, as shown in fig. 3, and after identifying the second delegated credential and the second identification information provided by the second terminal, the method further includes:

step S242, querying the blockchain for the validity period of the first delegate credential according to the second delegate credential.

Specifically, after the delegate presents the delegate credential through the second terminal, the scanning device can be utilized to identify the credential and query the blockchain for the expiration date of the delegate credential.

Step S244, detecting whether the first identification information and the second identification information are matched when the current time is within the validity period.

Specifically, the current machine time of the system server may be obtained, whether the current time is still within the validity period of the delegate certificate may be determined, and if the current time is still within the validity period, whether the first identity information stored in the blockchain is matched with the second identity information provided under the delegate line may be detected, for example, whether the identity document original presented by the delegate is scanned and whether the identity document original presented by the delegate is consistent with the delegate identity information in the blockchain may be determined. In some other embodiments, if the current time is not within the expiration date, the delegate may be informed that the delegate credential has expired and that the business cannot be transacted.

In the above embodiment, the validity period may be queried from the blockchain according to the delegate credential provided by the delegate, the current time may be obtained and whether the current time is within the validity period may be determined, if so, the identity information of the delegate may be detected, so as to continue to push the processing flow of the delegation service, so that the delegation credential may be prevented from being used without limit, and security of delegation authorization information may be ensured.

In one embodiment, as shown in fig. 4, after detecting whether the first identification information and the second identification information match, the method further includes:

step S246, the face image corresponding to the first identity identification information is obtained from a third party system.

Step S248, performing face recognition verification on the user corresponding to the second terminal according to the face image, and starting a service processing flow when the verification is passed.

Wherein the third party system may be a public system managing identity document information.

Specifically, the banking system may verify the identity document of the consignee from the third party system according to the identity information of the consignee such as the identity document number of the consignee, and acquire the face image of the consignee.

In the above embodiment, the face image corresponding to the certificate information of the delegate can be obtained from the third party system, the delegate is identified according to the face image, and the process flow of the delegate service is started after the identification is passed, so that the identity of the delegate can be ensured to be correct, and the security of the service flow is improved.

In one embodiment, as shown in fig. 5, the starting the corresponding service processing flow according to the service handling information includes:

step S252, a verification request is sent to the first terminal in a preset manner.

Step S254, receiving verification information sent by the first terminal, and performing identity verification according to the verification information.

The preset mode may include a 5G message, a short message, an email, and the like. The 5G message is an upgrade of the short message service, which is a basic telecommunication service of the operator. The verification request may be authorization verification information that needs to be provided by the principal in the service processing flow, and may include inputting a payment password, a verification code, an electronic signature, face recognition, and the like. Accordingly, the verification information may be a payment password, a verification code, an electronic signature, a face image, etc., which are sent to the banking system by the principal through a terminal such as a mobile phone.

Specifically, after the authentication of the consignee passes, a service processing flow can be started, the content requiring authentication of the consignee in the service flow is sent to the consignee terminal in a 5G message, a short message, a mail and the like, and user authentication is performed according to authentication information returned by the consignee terminal, so that the service required to be transacted by the consignee can be continuously processed until the service transaction is finished.

In the above embodiment, the user verification information can be transmitted through modes such as 5G message, so that the information types are more various, the form of authorization verification is more flexible, the security authentication is performed in combination with various forms, the risk of information leakage can be reduced, and the security of service data is improved.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

The related identity information or verification information and the like possibly related in the embodiments of the application are all data information related to the service, which is actively provided by a user in the service operation process, is processed based on the reasonable purpose of the service scene according to legal, legal and necessary principles and strictly according to the requirements of laws and regulations.

According to another aspect of the embodiments of the present disclosure, as shown in fig. 6, there is also provided a service processing apparatus, including:

a data acquisition module 310, configured to receive service handling information and first identity identification information sent by a first terminal;

a credential generating module 320, configured to generate a first delegated credential according to the service handling information and the first identity identification information;

an information uploading module 330, configured to upload the service handling information, the first identity information, and the first delegated certificate to a blockchain;

the information identifying module 340 is configured to identify a second delegated credential and second identity information provided by a second terminal;

and the service processing module 350 is configured to start a corresponding service processing flow according to the service handling information when the first identity information is matched with the second identity information.

The specific limitation of the processing apparatus may be referred to above as limitation of the processing method, and will not be described herein. According to the processing method, the processing device can add the first module, the second module and the like to realize the steps in the corresponding method embodiment. Each of the modules in the processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

It should be noted that, the business processing method and the processing device of the present application can be used for business processing procedures in the financial field, and can also be used in any field other than the financial field, and the application fields of the method and the device of the present application are not limited.

According to another aspect of the embodiments of the present disclosure, there is provided a computer device, which may be a terminal, and an internal structure diagram thereof may be as shown in fig. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement the above-described detection method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

According to another aspect of the disclosed embodiments, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof.

Claims

1. A method for processing a service, comprising:

2. The method of claim 1, wherein the first delegated credential includes a validity period, and wherein after identifying the second delegated credential, the second identity information, provided by the second terminal, further comprises:

3. The method of claim 2, further comprising, after detecting whether the first identification information matches the second identification information:

4. The method of claim 1, wherein the first delegated credential comprises a credential number, a credential type, a validity period.

5. The method of claim 1, wherein the initiating a corresponding business process flow based on the business transaction information comprises:

sending a verification request to the first terminal in a preset mode;

6. The method of claim 5, wherein the predetermined manner is a 5G message.

7. A service processing apparatus, comprising:

8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.

9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.

10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.