CN103401844B - The processing method of operation requests and system - Google Patents
The processing method of operation requests and system Download PDFInfo
- Publication number
- CN103401844B CN103401844B CN201310294089.2A CN201310294089A CN103401844B CN 103401844 B CN103401844 B CN 103401844B CN 201310294089 A CN201310294089 A CN 201310294089A CN 103401844 B CN103401844 B CN 103401844B
- Authority
- CN
- China
- Prior art keywords
- operation request
- request
- data packet
- terminal
- system server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides processing method and the system of a kind of operation requests, and wherein method includes: first terminal generates operation requests and sends to background system server;Operation requests, after verification operation request is legal, is sent to the second terminal by background system server;Operation requests packet is sent to authorization electronic signature token by the second terminal, and operation requests packet is pointed out by authorization electronic signature token, receives and confirms instruction, signs, it is thus achieved that signature packet;Signature packet is sent to the second terminal by authorization electronic signature token;Signature packet and operation requests packet are sent to background system server by the second terminal;Background system server, after checking signature packet is passed through, performs operation requests according to operation requests packet.Have employed processing method and the system of the operation requests of the present invention, can Electronically examine, while convenient use, also assures that safety and the non repudiation of examination & approval.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a method and a system for processing an operation request.
Background
At present, with the development of networks, no matter electronic commerce or online banking, respective services are realized through the network, the requirements of people on shopping and banking services are well met, and the use is convenient.
However, when the enterprise executes electronic commerce or online banking, the leader of the enterprise can authorize the staff to execute related operations; the individual may also authorize the agent to perform the associated action. However, the existing authorization is to sign and authorize or authorize a person to handle a relevant authorization procedure to perform relevant operations for an agent through enterprise leadership approval, at this time, the enterprise or the person must be authorized in the field, otherwise, the authorization needs to wait for the authorizer to be authorized in the field, which easily causes a business error and is very inconvenient to manage and authorize.
Disclosure of Invention
The invention aims to solve the problem that the existing authorization scheme is inconvenient.
The invention mainly aims to provide a processing method of an operation request;
another object of the present invention is to provide a system for processing operation requests.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides a method for processing an operation request, including: the first terminal acquires operation content; the first terminal acquires an operation request generation strategy and generates an operation request according to the operation request generation strategy and the operation content; the first terminal sends the operation request to the background system server; after the background system server obtains the operation request, verifying the validity of the operation request; after verifying that the operation request is legal, the background system server sends the operation request to a second terminal; the second terminal acquires a request sending strategy after obtaining the operation request, and sends an operation request data packet to the authorized electronic signature token according to the request sending strategy, wherein the operation request data packet is generated according to the request sending strategy and the operation request; the authorized electronic signature token prompts the operation request data packet; the authorization electronic signature token receives a confirmation instruction and signs the operation request data packet according to the confirmation instruction to obtain a signature data packet; the authorized electronic signature token sends the signature data packet to the second terminal; the second terminal sends the signature data packet and the operation request data packet to a background system server; the background system server verifies the signature data packet; and after verifying that the signature data packet passes, the background system server executes the operation request according to the operation request data packet.
In addition, the step of the first terminal obtaining an operation request generation policy and generating an operation request according to the operation request generation policy and the operation content includes: the first terminal acquires identity identification information and an authorization password; the first terminal generates the operation request according to the identity identification information, the authorization password and the operation content; after the background system server obtains the operation request, the step of verifying the validity of the operation request comprises the following steps: and after the background system server obtains the operation request, verifying the correctness of the authorization password according to the identity identification information, and if the authorization password is verified to be correct, verifying that the operation request is legal.
In addition, the authorization password is a dynamic password or a static password.
In addition, the step of the first terminal obtaining an operation request generation policy and generating an operation request according to the operation request generation policy and the operation content includes: the first terminal acquires identity identification information and signature information, wherein the signature information is obtained by signing the operation content; the first terminal generates the operation request according to the identity identification information, the signature information and the operation content; after the background system server obtains the operation request, the step of verifying the validity of the operation request comprises the following steps: and after the background system server obtains the operation request, verifying the correctness of the signature information according to the identity identification information and the operation content, and if the signature information is verified to be correct, verifying that the operation request is legal.
In addition, the step of obtaining a request sending policy after the second terminal obtains the operation request, and sending an operation request data packet to the authorized electronic signature token according to the request sending policy includes: the second terminal acquires a forwarding strategy after acquiring the operation request; and the second terminal sends the operation request as an operation request data packet to an authorized electronic signature token.
In addition, the step of obtaining a request sending policy after the second terminal obtains the operation request, and sending an operation request data packet to the authorized electronic signature token according to the request sending policy includes: the second terminal acquires, processes and sends the strategy after acquiring the operation request; and the second terminal processes the operation request according to the processing and sending strategy to generate an operation request data packet, and sends the operation request data packet to the authorization electronic signature token according to the processing and sending strategy.
Further, the operation contents include: transfer request information, logistics request information, access request information, or acquisition request information.
In addition, after verifying that the signature data packet passes, the step of executing the operation request according to the operation request data packet by the background system server includes: after the background system server verifies that the signature data packet passes, executing the transfer operation according to the transfer request information; after the background system server verifies that the signature data packet passes, the logistics operation is executed according to the logistics request information; after the background system server verifies that the signature data packet passes, the background system server executes access authority setting operation according to the access request information; or the background system server executes sending operation according to the acquisition request information after verifying that the signature data packet passes.
Another aspect of the present invention provides a system for processing an operation request, including: the system comprises a first terminal, a background system server, a second terminal and an authorized electronic signature token; the first terminal acquires operation content, acquires an operation request generation strategy, generates an operation request according to the operation request generation strategy and the operation content, and sends the operation request to the background system server; the background system server verifies the validity of the operation request after obtaining the operation request, sends the operation request to the second terminal after verifying the validity of the operation request, verifies a signature data packet, and executes the operation request according to the operation request data packet after verifying the passing of the signature data packet; the second terminal acquires a request sending strategy after obtaining the operation request, and sends an operation request data packet to the authorization electronic signature token according to the request sending strategy, wherein the operation request data packet is generated according to the request sending strategy and the operation request, and the signature data packet and the operation request data packet are sent to the background system server; and the authorized electronic signature token prompts the operation request data packet, receives a confirmation instruction, signs the operation request data packet according to the confirmation instruction, obtains a signature data packet, and sends the signature data packet to the second terminal.
In addition, the first terminal acquires identity identification information and an authorized password, and generates the operation request according to the identity identification information, the authorized password and the operation content; and after the background system server obtains the operation request, verifying the correctness of the authorization password according to the identity identification information, and if the authorization password is verified to be correct, verifying that the operation request is legal.
In addition, the authorization password is a dynamic password or a static password.
In addition, the first terminal acquires identity identification information and signature information, wherein the signature information is obtained by signing the operation content, and the operation request is generated according to the identity identification information, the signature information and the operation content; and after the background system server obtains the operation request, verifying the correctness of the signature information according to the identity identification information and the operation content, and if the signature information is verified to be correct, verifying that the operation request is legal.
In addition, the second terminal acquires a forwarding strategy after obtaining the operation request, and sends the operation request as an operation request data packet to the authorized electronic signature token.
In addition, after obtaining the operation request, the second terminal obtains a processing and sending strategy, processes the operation request according to the processing and sending strategy to generate an operation request data packet, and sends the operation request data packet to the authorization electronic signature token according to the processing and sending strategy.
Further, the operation contents include: transfer request information, logistics request information, access request information, or acquisition request information.
In addition, the background system server executes the transfer operation according to the transfer request information after verifying that the signature data packet passes; after the background system server verifies that the signature data packet passes, the logistics operation is executed according to the logistics request information; after the background system server verifies that the signature data packet passes, the background system server executes access authority setting operation according to the access request information; or the background system server executes sending operation according to the acquisition request information after verifying that the signature data packet passes.
According to the technical scheme provided by the invention, the method and the system for processing the operation request can be used for carrying out approval in an electronic form, are convenient to use and ensure the safety and the non-repudiation of the approval.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
FIG. 1 is a flow chart of a method for processing an operation request provided by the present invention;
fig. 2 is a schematic structural diagram of a system for processing an operation request according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart showing a processing method of an operation request of the present invention, and referring to fig. 1, the processing method of an operation request of the present invention includes:
step S101, a first terminal acquires operation content;
specifically, the first terminal may be a terminal adopted by an employee, a terminal adopted by an agent, or a terminal adopted by a requester; to fulfill the respective request by the first terminal.
The first terminal may be a fixed terminal or a mobile terminal, and the fixed terminal may be: PC, ATM or POS machine etc. mobile terminal can be: a notebook computer, a tablet computer, a smart phone, or a handheld POS machine, etc.
The first terminal can be connected with the background system server in a wired or wireless mode to realize a corresponding request.
The operation content of the invention can be any one of the following:
transfer request information, for example: requesting a transfer service of a bank;
logistics request information, for example: requesting the leader to approve the business sent by the logistics;
access request information, for example: requesting access to a service of a certain host or server;
acquiring request information; for example: requesting to acquire the authority from a certain host or server for file downloading, or requesting to acquire the decryption information of the downloaded encryption information from a certain host or server, and the like.
Of course, the operation contents of the present invention may also include the detail information and the like of the above request.
Step S102, a first terminal acquires an operation request generation strategy and generates an operation request according to the operation request generation strategy and operation content;
specifically, the operation request generation policy may include generating the operation request according to any one of the following:
identity identification information and an authorization code; if the authorized password is adopted, the method is simple and easy to implement; of course, the authorization password is a dynamic password or a static password, the dynamic password may be generated by the dynamic password token, and the static password may be preset. And the dynamic password is adopted, so that the security is higher, and the static password is adopted, so that the method is simple and easy to implement. Or
Or identity identification information and signature information; the signature information may be obtained by signing the operation content with a private key of a key held by the user, and if the signature information is adopted, the security is improved and the repudiation is prevented.
Of course, the invention can set different levels according to the complexity of the user operation request to obtain the static password, the dynamic password or the signature information, and the security levels are increased step by step. For example: when the transfer amount is small, the mode of obtaining the static password can be selected; when the transfer amount is large, the method for acquiring the signature information can be selected.
If the first terminal obtains the identity identification information and the authorization password, the first terminal generates an operation request according to the identity identification information, the authorization password and the operation content. The first terminal may combine the identity information, the authorization password, and the operation content to generate the operation request, or may combine the identity information, the computed authorization password, and the operation content to generate the operation request after computing the authorization password. The calculation of the authorized password may be a calculation of a MAC value of the authorized password or a calculation of a HASH value of the authorized password, and may be a truncation of a portion of the calculated MAC value or HASH value. The authorized password is calculated, so that the transmission safety of the authorized password can be ensured, and the authorized password is prevented from being acquired. The first terminal can also directly encrypt the identity identification information, the authorization password and the operation content to generate an operation request, and the security is improved through encryption transmission.
If the first terminal acquires the identity identification information and the signature information, wherein the signature information is obtained by signing the operation content, the first terminal generates an operation request according to the identity identification information, the signature information and the operation content. The first terminal can combine the identification information, the signature information and the operation content to generate an operation request and the like, or the first terminal encrypts the identification information, the signature information and the operation content to generate the operation request, and the encryption transmission improves the safety.
Step S103, the first terminal sends the operation request to a background system server;
step S104, after the background system server obtains the operation request, verifying the validity of the operation request;
if the first terminal acquires the identity identification information and the authorization password and generates the operation request according to the identity identification information, the authorization password and the operation content, the background system server verifies the correctness of the authorization password according to the identity identification information after acquiring the operation request, and if the authorization password is verified to be correct, the operation request is verified to be legal.
And if the operation request is encrypted information or contains the encrypted information, the background system server decrypts the encrypted information and then verifies the decrypted information.
When the authorization password is a static password, the static password can be prestored in a background system server, and has a corresponding relationship with the identity identification information, and the background system server searches the prestored static password according to the identity identification information. If the first terminal calculates the MAC value or the HASH value of the static password, the background system server also calculates the MAC value or the HASH value of the searched static password in the same way during verification, so that verification is performed.
When the authorization password is a dynamic password, the background system server can generate a verification password in the same way as the dynamic password generating the dynamic password, so as to compare whether the generated verification password is consistent with the received dynamic password. The method for generating the check password by the background system server is in corresponding relation with the identity identification information, the background system server searches the method for generating the check password according to the identity identification information and generates the check password, and if the first terminal calculates the MAC value or the HASH value of the dynamic password, the background system server also calculates the MAC value or the HASH value of the generated dynamic password in the same way during verification.
If the first terminal acquires the identity identification information and the signature information, wherein the signature information is obtained by signing the operation content, and the operation request is generated according to the identity identification information, the signature information and the operation content, the background system server verifies the correctness of the signature information according to the identity identification information and the operation content after acquiring the operation request, and if the signature information is verified to be correct, the operation request is verified to be legal. For example: the background system server is pre-stored with a public key of a key held by a user, the public key and the identity identification information have a corresponding relation, the background system server searches the public key according to the identity identification information, checks the signature information according to the searched public key and the received operation content, and if the signature passes the check, the operation request is verified to be legal.
Only after the background system server verifies that the operation request is legal can the subsequent operation be executed, so that the authenticity and the legality of the operation request and the safety of the subsequent operation are ensured.
Step S105, after verifying that the operation request is legal, the background system server sends the operation request to the second terminal;
specifically, the second terminal may be a terminal adopted by the leader, a terminal adopted by the authorizer, or a terminal adopted by the approver; so as to realize corresponding authorization operation through the second terminal.
The second terminal may be a fixed terminal or a mobile terminal, and the fixed terminal may be: PC, ATM or POS machine etc. mobile terminal can be: a notebook computer, a tablet computer, a smart phone, or a handheld POS machine, etc.
The second terminal can be connected with the background system server in a wired or wireless mode to realize corresponding authorization operation.
Step S106, after obtaining the operation request, the second terminal obtains a request sending strategy and sends an operation request data packet to the authorization electronic signature token according to the request sending strategy, wherein the operation request data packet is generated according to the request sending strategy and the operation request;
specifically, the second terminal may directly forward the operation request after obtaining the operation request, and may process the operation request and then send the operation request; if the operation request is directly forwarded, the operation is simple and convenient, and if the operation request is processed and then sent, the operation content can be increased, and the use is convenient.
After obtaining the operation request, the second terminal directly forwards the operation request in the following manner:
and the second terminal acquires the forwarding strategy and sends the operation request as an operation request data packet to the authorized electronic signature token.
After obtaining the operation request, the second terminal processes the operation request and then sends the operation request, which may be as follows:
and the second terminal acquires the processing and sending strategy, processes the operation request according to the processing and sending strategy to generate an operation request data packet, and sends the operation request data packet to the authorization electronic signature token according to the processing and sending strategy.
The processing may be any operation such as adding an authority setting when requesting access to a service of a certain host or server.
By processing the operation request, other operations related to the operation request can be added, and the safety is improved.
Step S107, authorizing the electronic signature token to prompt the operation request data packet;
specifically, the authorized electronic signature token is a key used by a leader, an authorizer or an approver, and may be any key capable of being connected with the second terminal in a matching manner, such as a usb key, a bluetooth key, an infrared key, an NFC key, an audio key, and the like.
Step S108, the authorized electronic signature token receives the confirmation instruction, and signs the operation request data packet according to the confirmation instruction to obtain a signature data packet;
specifically, if the user of the authorized electronic signature token confirms that the operation request is authentic and can be approved, the user presses a key (for example, an OK key) arranged on the authorized electronic signature token to send a confirmation instruction to the authorized electronic signature token, and after receiving the confirmation instruction, the authorized electronic signature token signs the operation request data packet according to a private key of the authorized electronic signature token to obtain a signature data packet.
The non-repudiation of the approval is ensured by authorizing the user of the electronic signature token to sign the operation request data packet.
Step S109, authorizing the electronic signature token to send the signature data packet to the second terminal;
step S110, the second terminal sends the signature data packet and the operation request data packet to a background system server;
step S111, the background system server verifies the signature data packet;
specifically, the background system server prestores a public key of the authorized electronic signature token, and after receiving the signature data packet and the operation request data packet, the background system server can find the public key corresponding to the authorized electronic signature token according to the identity information, and then verify the signature data packet according to the public key.
And step S112, after the signature data packet is verified to pass through, the background system server executes the operation request according to the operation request data packet.
At this time, only after the background system server verifies that the signature data packet passes, the background system server executes the operation request according to the operation request data packet, so that the authenticity and the safety of the operation request are ensured.
Of course, depending on the operation contents,
after the signature data packet is verified to pass through, the background system server can perform different operations as follows:
executing transfer operation according to the transfer request information;
carrying out logistics operation according to the logistics request information;
executing access authority setting operation according to the access request information; or
And executing sending operation according to the acquisition request information.
Therefore, the processing method of the operation request can be used for carrying out approval in an electronic form, is convenient to use and simultaneously ensures the safety and the non-repudiation of the approval.
Fig. 2 is a schematic structural diagram showing a processing system of an operation request, and the processing system of an operation request of the present invention adopts the above processing method of an operation request, which is not described one by one here, but only a simple description is made of the structure of the processing system of an operation request and its respective functions, and referring to fig. 2, the processing system of an operation request includes: a first terminal 201, a background system server 202, a second terminal 203 and an authorized electronic signature token 204; wherein,
the first terminal 201 acquires operation content, acquires an operation request generation policy, generates an operation request according to the operation request generation policy and the operation content, and sends the operation request to the background system server 202; wherein, the operation content may include: transfer request information, logistics request information, access request information, or acquisition request information.
The background system server 202 verifies the validity of the operation request after obtaining the operation request, sends the operation request to the second terminal 203 after verifying the validity of the operation request, verifies the signature data packet, and executes the operation request according to the operation request data packet after verifying the passing of the signature data packet;
after obtaining the operation request, the second terminal 203 obtains a request sending policy, and sends an operation request data packet to the authorized electronic signature token 204 according to the request sending policy, wherein the operation request data packet is generated according to the request sending policy and the operation request, and sends the signature data packet and the operation request data packet to the background system server 202;
the authorized electronic signature token 204 prompts the operation request data packet, receives the confirmation instruction, signs the operation request data packet according to the confirmation instruction, obtains a signature data packet, and sends the signature data packet to the second terminal 203.
In addition, the first terminal 201 may generate the operation request by:
the first method is as follows: the first terminal 201 acquires the identity identification information and the authorization password, and generates an operation request according to the identity identification information, the authorization password and the operation content; wherein, the authorization password is a dynamic password or a static password.
At this time, the background system server verifies the validity of the operation request in the following way:
after obtaining the operation request, the background system server 202 verifies the correctness of the authorization password according to the identity information, and if the authorization password is verified to be correct, the operation request is verified to be legal.
The second method comprises the following steps: the first terminal 201 acquires identity identification information and signature information, wherein the signature information is obtained by signing operation content, and generates an operation request according to the identity identification information, the signature information and the operation content;
at this time, the background system server verifies the validity of the operation request in the following way:
after obtaining the operation request, the background system server 202 verifies the correctness of the signature information according to the identity information and the operation content, and if the signature information is verified to be correct, the operation request is verified to be legal.
Of course, after obtaining the operation request, the second terminal 203 may send the operation request data packet to the authorized electronic signature token 204 by:
the first method is as follows: the second terminal 203 acquires the forwarding policy and sends the operation request as an operation request packet to the authorized electronic signature token 204.
The second method comprises the following steps: after obtaining the operation request, the second terminal 203 obtains a processing and sending policy, processes the operation request according to the processing and sending policy to generate an operation request data packet, and sends the operation request data packet to the authorization electronic signature token 204 according to the processing and sending policy.
In addition, after verifying that the signature data packet passes, the backend system server 202 may execute the operation request in the following manner:
executing transfer operation according to the transfer request information;
carrying out logistics operation according to the logistics request information;
executing access authority setting operation according to the access request information; or
And executing sending operation according to the acquisition request information.
Therefore, the processing system adopting the operation request can be used for carrying out approval in an electronic form, is convenient to use and simultaneously ensures the safety and the non-repudiation of the approval.
Of course, in the processing system of the operation request of the present invention, each device may execute the relevant operation by its own CPU or chip, each device may divide different modules to complete different operations, or may complete all operations by one module.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (16)
1. A method for processing operation requests is characterized by comprising the following steps:
the first terminal acquires operation content;
the first terminal acquires an operation request generation strategy and generates an operation request according to the operation request generation strategy and the operation content;
the first terminal sends the operation request to a background system server;
after the background system server obtains the operation request, verifying the validity of the operation request;
after verifying that the operation request is legal, the background system server sends the operation request to a second terminal;
the second terminal acquires a request sending strategy after obtaining the operation request, and sends an operation request data packet to the authorized electronic signature token according to the request sending strategy, wherein the operation request data packet is generated according to the request sending strategy and the operation request;
the authorized electronic signature token prompts the operation request data packet;
the authorization electronic signature token receives a confirmation instruction and signs the operation request data packet according to the confirmation instruction to obtain a signature data packet;
the authorized electronic signature token sends the signature data packet to the second terminal;
the second terminal sends the signature data packet and the operation request data packet to a background system server;
the background system server verifies the signature data packet;
and after verifying that the signature data packet passes, the background system server executes the operation request according to the operation request data packet.
2. The method of claim 1,
the step that the first terminal obtains an operation request generation strategy and generates an operation request according to the operation request generation strategy and the operation content comprises the following steps:
the first terminal acquires identity identification information and an authorization password;
the first terminal generates the operation request according to the identity identification information, the authorization password and the operation content;
after the background system server obtains the operation request, the step of verifying the validity of the operation request comprises the following steps:
and after the background system server obtains the operation request, verifying the correctness of the authorization password according to the identity identification information, and if the authorization password is verified to be correct, verifying that the operation request is legal.
3. The method of claim 2, wherein the authorization code is a dynamic code or a static code.
4. The method of claim 1,
the step that the first terminal obtains an operation request generation strategy and generates an operation request according to the operation request generation strategy and the operation content comprises the following steps:
the first terminal acquires identity identification information and signature information, wherein the signature information is obtained by signing the operation content;
the first terminal generates the operation request according to the identity identification information, the signature information and the operation content;
after the background system server obtains the operation request, the step of verifying the validity of the operation request comprises the following steps:
and after the background system server obtains the operation request, verifying the correctness of the signature information according to the identity identification information and the operation content, and if the signature information is verified to be correct, verifying that the operation request is legal.
5. The method according to any one of claims 1 to 4, wherein the step of the second terminal obtaining a request sending policy after obtaining the operation request, and sending an operation request data packet to the authorized electronic signature token according to the request sending policy comprises:
the second terminal acquires a forwarding strategy after acquiring the operation request;
and the second terminal sends the operation request as an operation request data packet to an authorized electronic signature token.
6. The method according to any one of claims 1 to 4, wherein the step of the second terminal obtaining a request sending policy after obtaining the operation request, and sending an operation request data packet to the authorized electronic signature token according to the request sending policy comprises:
the second terminal acquires, processes and sends the strategy after acquiring the operation request;
and the second terminal processes the operation request according to the processing and sending strategy to generate an operation request data packet, and sends the operation request data packet to the authorization electronic signature token according to the processing and sending strategy.
7. The method according to any one of claims 1 to 4, wherein the operation content comprises:
transfer request information, logistics request information, access request information, or acquisition request information.
8. The method of claim 7, wherein the step of the backend system server executing the operation request according to the operation request packet after verifying that the signature packet passes comprises:
after the background system server verifies that the signature data packet passes, executing the transfer operation according to the transfer request information;
after the background system server verifies that the signature data packet passes, the logistics operation is executed according to the logistics request information;
after the background system server verifies that the signature data packet passes, the background system server executes access authority setting operation according to the access request information; or
And after verifying that the signature data packet passes, the background system server executes sending operation according to the acquisition request information.
9. A system for processing an operation request, comprising: the system comprises a first terminal, a background system server, a second terminal and an authorized electronic signature token; wherein,
the first terminal acquires operation content, acquires an operation request generation strategy, generates an operation request according to the operation request generation strategy and the operation content, and sends the operation request to the background system server;
the background system server verifies the validity of the operation request after obtaining the operation request, sends the operation request to the second terminal after verifying the validity of the operation request, verifies a signature data packet, and executes the operation request according to the operation request data packet after verifying the passing of the signature data packet;
the second terminal acquires a request sending strategy after obtaining the operation request, and sends an operation request data packet to the authorization electronic signature token according to the request sending strategy, wherein the operation request data packet is generated according to the request sending strategy and the operation request, and the signature data packet and the operation request data packet are sent to the background system server;
and the authorized electronic signature token prompts the operation request data packet, receives a confirmation instruction, signs the operation request data packet according to the confirmation instruction, obtains a signature data packet, and sends the signature data packet to the second terminal.
10. The system of claim 9,
the first terminal acquires identity identification information and an authorization password, and generates the operation request according to the identity identification information, the authorization password and the operation content;
and after the background system server obtains the operation request, verifying the correctness of the authorization password according to the identity identification information, and if the authorization password is verified to be correct, verifying that the operation request is legal.
11. The system of claim 10, wherein the authorization code is a dynamic code or a static code.
12. The system of claim 9,
the first terminal acquires identity identification information and signature information, wherein the signature information is obtained by signing the operation content, and the operation request is generated according to the identity identification information, the signature information and the operation content;
and after the background system server obtains the operation request, verifying the correctness of the signature information according to the identity identification information and the operation content, and if the signature information is verified to be correct, verifying that the operation request is legal.
13. The system according to any one of claims 9 to 12, wherein the second terminal obtains the forwarding policy after obtaining the operation request, and sends the operation request as an operation request packet to the authorized electronic signature token.
14. The system according to any one of claims 9 to 12, wherein the second terminal, after obtaining the operation request, obtains a processing and sending policy, processes the operation request according to the processing and sending policy to generate an operation request packet, and sends the operation request packet to the authorization electronic signature token according to the processing and sending policy.
15. The system according to any one of claims 9 to 12, wherein the operation content includes:
transfer request information, logistics request information, access request information, or acquisition request information.
16. The system of claim 15,
after the background system server verifies that the signature data packet passes, executing the transfer operation according to the transfer request information;
after the background system server verifies that the signature data packet passes, the logistics operation is executed according to the logistics request information;
after the background system server verifies that the signature data packet passes, the background system server executes access authority setting operation according to the access request information; or
And after verifying that the signature data packet passes, the background system server executes sending operation according to the acquisition request information.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310294089.2A CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
| PCT/CN2014/076443 WO2015003521A1 (en) | 2013-07-12 | 2014-04-29 | Operation request processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310294089.2A CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103401844A CN103401844A (en) | 2013-11-20 |
| CN103401844B true CN103401844B (en) | 2016-09-14 |
Family
ID=49565370
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310294089.2A Active CN103401844B (en) | 2013-07-12 | 2013-07-12 | The processing method of operation requests and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103401844B (en) |
| WO (1) | WO2015003521A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103401844B (en) * | 2013-07-12 | 2016-09-14 | 天地融科技股份有限公司 | The processing method of operation requests and system |
| CN103701782A (en) * | 2013-12-16 | 2014-04-02 | 天地融科技股份有限公司 | Data transmission method and system |
| CN103944726B (en) * | 2014-04-25 | 2018-05-29 | 天地融科技股份有限公司 | Operation requests processing system |
| CN105656850B (en) * | 2014-11-13 | 2020-08-14 | 腾讯数码(深圳)有限公司 | Data processing method, related device and system |
| CN105827405A (en) * | 2015-01-05 | 2016-08-03 | 中国移动通信集团陕西有限公司 | Remotely-controlled safety lock device and remote control method thereof |
| CN104811309B (en) * | 2015-03-24 | 2018-07-17 | 天地融科技股份有限公司 | A kind of long-range method and system using intelligent cipher key equipment |
| CN106506496A (en) * | 2016-10-27 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | A kind of methods, devices and systems that withdraws the money without card |
| CN109474924A (en) * | 2017-09-07 | 2019-03-15 | 中兴通讯股份有限公司 | A kind of restoration methods, device, computer equipment and the storage medium of lock network file |
| CN110278083B (en) * | 2018-03-16 | 2021-11-30 | 腾讯科技(深圳)有限公司 | Identity authentication request processing method and device, and equipment resetting method and device |
| CN108763892A (en) * | 2018-04-18 | 2018-11-06 | Oppo广东移动通信有限公司 | Authority management method, device, mobile terminal and storage medium |
| CN108763884B (en) * | 2018-04-18 | 2022-01-11 | Oppo广东移动通信有限公司 | Authority management method, device, mobile terminal and storage medium |
| CN108600218B (en) * | 2018-04-23 | 2020-12-29 | 捷德(中国)科技有限公司 | Remote authorization system and remote authorization method |
| CN111784124A (en) * | 2020-06-12 | 2020-10-16 | 中信银行股份有限公司 | A task processing method, apparatus, device and computer-readable storage medium |
| CN112184150A (en) * | 2020-09-17 | 2021-01-05 | 杭州安恒信息技术股份有限公司 | Multi-party approval method, device and system in data sharing exchange and electronic device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
| CN102737313A (en) * | 2012-05-25 | 2012-10-17 | 天地融科技股份有限公司 | Method and system for authorizing verification on electronic signature tools and electronic signature tools |
| CN102870132A (en) * | 2009-12-15 | 2013-01-09 | 艾菲尼迪公司 | System, device, and method for identity verification and funds transfer via payment broker system |
| CN103077460A (en) * | 2012-10-31 | 2013-05-01 | 中华电信股份有限公司 | System and method for financial certificate transaction by mobile device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4474845B2 (en) * | 2002-06-12 | 2010-06-09 | 株式会社日立製作所 | Authentication infrastructure system with CRL issue notification function |
| CN102496125A (en) * | 2011-12-21 | 2012-06-13 | 成都英黎科技有限公司 | Transferring method and system based on mobile terminal |
| CN103401844B (en) * | 2013-07-12 | 2016-09-14 | 天地融科技股份有限公司 | The processing method of operation requests and system |
-
2013
- 2013-07-12 CN CN201310294089.2A patent/CN103401844B/en active Active
-
2014
- 2014-04-29 WO PCT/CN2014/076443 patent/WO2015003521A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102870132A (en) * | 2009-12-15 | 2013-01-09 | 艾菲尼迪公司 | System, device, and method for identity verification and funds transfer via payment broker system |
| CN102737313A (en) * | 2012-05-25 | 2012-10-17 | 天地融科技股份有限公司 | Method and system for authorizing verification on electronic signature tools and electronic signature tools |
| CN102724647A (en) * | 2012-06-06 | 2012-10-10 | 电子科技大学 | Method and system for access capability authorization |
| CN103077460A (en) * | 2012-10-31 | 2013-05-01 | 中华电信股份有限公司 | System and method for financial certificate transaction by mobile device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268303A (en) * | 2017-01-03 | 2018-07-10 | 北京润信恒达科技有限公司 | A kind of operation requests method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015003521A1 (en) | 2015-01-15 |
| CN103401844A (en) | 2013-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103401844B (en) | The processing method of operation requests and system | |
| CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
| US9521548B2 (en) | Secure registration of a mobile device for use with a session | |
| EP2556624B1 (en) | Credential provision and proof system | |
| CN101719250B (en) | Payment authentication method, platform and system | |
| US20160314462A1 (en) | System and method for authentication using quick response code | |
| CN100459488C (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| CN104618115B (en) | ID card information acquisition methods and system | |
| US8607050B2 (en) | Method and system for activation | |
| WO2015161699A1 (en) | Secure data interaction method and system | |
| CN105959287A (en) | Biological feature based safety certification method and device | |
| JP2019512192A (en) | Validation of Online Access to Secure Device Features | |
| JP2018532301A (en) | User authentication method and apparatus | |
| CN105184557B (en) | Payment authentication method and system | |
| CN103248491B (en) | A kind of backup method of electronic signature token private key and system | |
| KR101702748B1 (en) | Method, system and recording medium for user authentication using double encryption | |
| CN109992949A (en) | Device authentication method, air card writing method and device authentication device | |
| WO2015161690A1 (en) | Secure data interaction method and system | |
| KR20120108599A (en) | Credit card payment service using online credit card payment device | |
| TWI526871B (en) | Server, user device, and user device and server interaction method | |
| CN106022081B (en) | A kind of card reading method of identity card card-reading terminal, identity card card-reading terminal and system | |
| CN106469370A (en) | A kind of method of commerce, system and electronic signature equipment | |
| CN101944216A (en) | Double-factor online transaction security authentication method and system | |
| CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment | |
| CN105635164A (en) | Method and device for security authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1190523 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1190523 Country of ref document: HK |