[go: up one dir, main page]

WO2017016272A1 - Method, apparatus and system for processing virtual resource data - Google Patents

Method, apparatus and system for processing virtual resource data Download PDF

Info

Publication number
WO2017016272A1
WO2017016272A1 PCT/CN2016/081565 CN2016081565W WO2017016272A1 WO 2017016272 A1 WO2017016272 A1 WO 2017016272A1 CN 2016081565 W CN2016081565 W CN 2016081565W WO 2017016272 A1 WO2017016272 A1 WO 2017016272A1
Authority
WO
WIPO (PCT)
Prior art keywords
challenge code
digital signature
virtual resource
server
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/081565
Other languages
French (fr)
Chinese (zh)
Inventor
李建立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Publication of WO2017016272A1 publication Critical patent/WO2017016272A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce

Definitions

  • the present invention belongs to the field of communications technologies, and in particular, to a method, device, and system for processing virtual resource data.
  • a partial key pair in the payment request is first digitally signed using the private key in the client digital certificate, and then the signed data is used as a The new field is submitted to the payment backend server along with other information in the payment request.
  • the background server decrypts the signature using the public key of the certificate. If the decryption is successful and the decrypted data is correct, it is considered correct by the user. Payment request. Since the private key of the client certificate is only available on the user's terminal device, it is difficult for others to fake the user's signature.
  • the user's signature encrypted by the asymmetric encryption algorithm needs to be decrypted in real time, and the efficiency of the asymmetric encryption algorithm is relatively low.
  • Public key encryption algorithm (RSA, RSA
  • the algorithm has an encryption and decryption speed equivalent to about 1/1000 of the symmetric encryption algorithm of the same encryption strength. Under this design, the pressure exerted by the certificate user on the background server is obviously greater than that of the non-certificate user, and the operation efficiency is relatively low.
  • the first aspect of the embodiments of the present invention provides:
  • a method for processing virtual resource data including:
  • a method for processing virtual resource data including:
  • the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated;
  • a processing device for virtual resource data comprising a processor, the processor is configured to:
  • a processing device for virtual resource data comprising a processor, the processor is configured to:
  • the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated;
  • a processing system for virtual resource data comprising a client and a server, wherein the client is a processing device for virtual resource data provided by the third aspect, and the server is a processing device for virtual resource data provided by the fourth aspect.
  • a storage medium having stored therein processor-executable instructions, wherein the processor-executable instructions are for causing the processor to:
  • the server generates a challenge code for the user by using the public key in the client certificate in advance; the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; and then according to the challenge after decryption
  • the code and the field information related to the request generate a digital signature; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, the challenge of the public key cannot be encrypted.
  • the code is decrypted so it cannot mimic the user's signature.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed.
  • FIG. 1 is a schematic flowchart of a method for processing virtual resource data according to a first embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for processing virtual resource data according to a second embodiment of the present invention
  • FIG. 3 is a schematic flowchart of a method for processing virtual resource data according to a third embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a device for processing virtual resource data according to a fourth embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a device for processing virtual resource data according to a fifth embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a system for processing virtual resource data according to a sixth embodiment of the present invention.
  • the principles of the present invention operate using many other general purpose or special purpose computing, communication environments, or configurations.
  • Examples of well-known computing systems, environments, and configurations suitable for use with the present invention may include, but are not limited to, hand-held phones, personal computers, servers, multi-processor systems, microcomputer-based systems, mainframe computers, and A distributed computing environment, including any of the above systems or devices.
  • module as used herein may be taken to mean a software object that is executed on the computing system.
  • the different components, modules, engines, and services described herein can be considered as implementation objects on the computing system.
  • the apparatus and method described herein are preferably implemented in software, and may of course be implemented in hardware, all of which are within the scope of the present invention.
  • the order of the following embodiments is not limited by the embodiment number, that is, the non-optimal embodiment of the first embodiment may be set according to actual needs.
  • the first embodiment may be implemented as the second preferred embodiment.
  • the third embodiment is implemented as a first preferred embodiment, and the like, and the descriptions of the first, second, and the like are merely for convenience of expression.
  • FIG. 1 is a schematic flowchart of a method for processing virtual resource data according to a first embodiment of the present invention. The method includes:
  • step S101 a transfer request of virtual resource data is transmitted, and the transfer request carries field information related to the request.
  • the processing method of the virtual resource data can be run on a client, and the client can be a notebook computer or a tablet PC (Personal) Computers, mobile phones, and the like, which have a storage unit and are equipped with a microprocessor and have a computing capability, are not specifically limited in the present invention.
  • the client can be a notebook computer or a tablet PC (Personal) Computers, mobile phones, and the like, which have a storage unit and are equipped with a microprocessor and have a computing capability, are not specifically limited in the present invention.
  • the request for the transfer of the virtual resource data in the embodiment of the present invention may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.
  • step S102 according to the transfer request, the first challenge code preset by the server is acquired, and the first challenge code is generated by encrypting the public key of the client certificate.
  • step S103 the private key of the client certificate is obtained, and the first challenge code is decrypted by using the private key of the client certificate.
  • step S104 a first digital signature is generated according to the decrypted first challenge code and the field information.
  • the step S102 to the step S104 may be specifically:
  • a challenge code also called a challenge password
  • a challenge code refers to a set of encrypted passwords generated following a handshake authentication protocol, which is used to ensure that the user's real password is not leaked during transmission.
  • the first challenge code in the embodiment of the present invention refers to a challenge code generated by the server after the public key of the client certificate is encrypted. It is easy to think that the “first” and “second” in this embodiment are only for distinguishing. The description does not constitute a limitation.
  • the client After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. Since the attacker does not have the client's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be imitated, and the transaction security is improved.
  • step S105 when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.
  • the server in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed.
  • FIG. 2 is a schematic flowchart diagram of a method for processing virtual resource data according to a second embodiment of the present invention.
  • the embodiment provides a method for processing virtual resource data corresponding to the first embodiment.
  • the method is based on running on a server, and the server receives a transfer request of the virtual resource sent by the client, and the virtual resource is The transfer request is processed; wherein the client may be a terminal computer having a storage unit and a microprocessor and having a computing capability, such as a notebook computer, a tablet PC, a mobile phone, etc.; the virtual resource data in the embodiment of the present invention
  • the transfer request may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.
  • the method includes:
  • step S201 a transfer request of virtual resource data is received, and the transfer request carries field information related to the request.
  • step S202 according to the transfer request, a preset first challenge code is sent to the client, and the first challenge code is generated by encrypting the public key of the client certificate.
  • step S203 the first digital signature sent by the client is received, and the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first
  • the challenge code and the field information are generated.
  • the step S201 and the step S203 may be specifically:
  • the challenge code also called challenge password
  • the challenge code refers to a set of encrypted passwords generated according to the handshake authentication protocol, and is used to ensure that the user's real password is not leaked during the transmission process.
  • the first challenge code in the embodiment of the present invention refers to a challenge code generated by the server after being encrypted by using the public key of the client certificate.
  • the client After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. And sent to the server; because the attacker does not have the user's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be imitated, and the transaction security is improved.
  • step S204 when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.
  • the server in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed.
  • FIG. 3 is a schematic flowchart diagram of a method for processing virtual resource data according to a third embodiment of the present invention.
  • the method includes:
  • step S301 the server receives user information
  • step S302 the server generates a corresponding second challenge code according to the user information, where the second challenge code carries a corresponding challenge code plaintext and a challenge code ciphertext;
  • step S303 the server acquires a public key of the user client certificate indicated by the user information
  • step S304 the server encrypts the challenge code by using the public key of the client certificate, generates a first challenge code, and stores the challenge code plaintext and the challenge code ciphertext.
  • the step S301 to the step S304 may be specifically: the first challenge code preset in the server may be set before the virtual resource is transferred, and the first challenge code is generated after the server encrypts the public key of the client certificate.
  • the server performs processing according to the user information to generate a first challenge code, where the process includes: the server Acquiring, according to the second challenge code corresponding to the user information, a public key of the client certificate indicated by the user information, the server encrypting the second challenge code by using a public key of the client certificate, and generating First challenge code.
  • step S305 the client sends a transfer request of virtual resource data, where the transfer request carries field information related to the request;
  • the request for the transfer of the virtual resource data in the embodiment of the present invention may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.
  • step S306 the server sends a preset first challenge code to the client according to the transfer request.
  • step S307 the client obtains the private key of the client certificate, and decrypts the first challenge code by using the private key of the client certificate;
  • step S308 the client generates a first digital signature according to the decrypted first challenge code and the field information.
  • the step S306 to the step S308 may be specifically:
  • the client generates a first digital signature by using a one-way hash algorithm according to the decrypted first challenge code and the order number field in the field information.
  • the client After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. And sending the first digital signature and the field information to the server; since the attacker does not have the user's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be simulated, and the transaction is improved. safety.
  • step S309 the server acquires the first digital signature and compares the first digital signature with a second digital signature in the server;
  • the same algorithm such as the one-way hash algorithm, may be used to generate the second digital signature according to the challenge code plaintext and the field information;
  • the server obtains the first digital signature generated by the client, compares the first digital signature with the second digital signature, obtains a comparison result, and sends the comparison result to the client.
  • the client receives the comparison result sent by the server, and the comparison result is generated by the server according to the challenge code plaintext and the field information to generate a second digital signature, and the first digital signature is The second digital signature is obtained by comparison.
  • step S310 when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.
  • the client when the client determines that the first digital signature is consistent with the second digital signature according to the comparison result, it indicates that the virtual resource transfer is allowed.
  • the virtual resource transfer specifically refers to the payment processing between the client and the server, where the server may be specifically a payment background server, and the client may be specifically a mobile phone;
  • the steps include:
  • Step S1 The client sends a payment request to the payment background server
  • Step S2 The payment background server receives the payment request, and returns a first challenge code encrypted by using a public key of the client certificate;
  • the payment background server detects the legality of the order, returns the first challenge code, and details of the order, supported payment methods, and the like.
  • Step S3 After receiving the first challenge code, the client pops up a payment confirmation interface for the user to confirm the correctness of the payment method and the order information.
  • Step S4 The client decrypts the first challenge code by using a private key in the client certificate, and then uses the MD5 algorithm to generate a signature field by using the MD5 algorithm in the decrypted first challenge code and the order number and the payment method selected by the user. Signstr (ie the first digital signature); then sends the SignStr along with the order number, payment method and other payment related information to the payment backend server.
  • Signstr ie the first digital signature
  • Step S5 the payment background server uses the same algorithm of the client to generate the signature field (ie, the second digital signature) using the same algorithm of the challenge code and the order number, and compares and verifies the signature field sent by the client, and if the signature verification is passed, Then, according to the payment success can be directly returned to the client, or the user is required to check the payment password and the SMS verification code before completing the payment.
  • the signature field ie, the second digital signature
  • the server in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed. Further, the business operation cost of the fast payment based on the client digital certificate is reduced.
  • the embodiment of the present invention further provides an apparatus for processing the virtual resource data.
  • the meaning of the noun is the same as the method for processing the virtual resource in the foregoing first embodiment.
  • FIG. 4 is a schematic structural diagram of a virtual resource data processing apparatus according to an embodiment of the present invention, where the virtual resource data processing apparatus may be run on a client, and the client may be a notebook computer.
  • the tablet PC, the mobile phone, and the like have a terminal unit having a storage unit and a microprocessor and having a computing capability, which is not specifically limited in the present invention.
  • the processing device of the virtual resource data of the present invention may include a first sending module 401, a first obtaining module 402, a decrypting module 403, a first generating module 404, and a first indicating module 405.
  • the first sending module 401 is configured to send a virtual resource data transfer request, where the transfer request carries field information related to the request; the first obtaining module 402 is configured to obtain a server pre-requisite according to the transfer request. a first challenge code, wherein the first challenge code is generated by using a public key of the client certificate;
  • the decryption module 403 is configured to obtain a private key of the client certificate, and decrypt the first challenge code by using a private key of the client certificate; the first generating module 404 is configured to perform, according to the decrypted The first challenge code and the field information generate a first digital signature; the first indication module 405 is configured to: when the first digital signature is determined to be consistent with the second digital signature in the server, Virtual resource transfer.
  • the first generating module 404 is specifically configured to: generate a first digital signature by using a one-way hash algorithm according to the decrypted first challenge code and the order number field in the field information.
  • the device may further include: a second sending module, configured to send the first digital signature and the field information to a server; and a first receiving module, configured to receive a comparison result sent by the server, The comparison result is generated by the server according to the challenge code plaintext and the field information, and the first digital signature is compared with the second digital signature; based on the first
  • the indicating module 405 is specifically configured to: when determining that the first digital signature is consistent with the second digital signature according to the comparison result, indicating that the virtual resource transfer is allowed.
  • the server generates the challenge code for the user by using the public key in the client certificate in advance; when the user requests the virtual resource transfer, the challenge code is decrypted by using the private key of the client certificate; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed.
  • FIG. 5 is a schematic structural diagram of a device for processing virtual resource data according to an embodiment of the present disclosure, where the meaning of a noun is the same as the method for processing a virtual resource in the second embodiment, and specific implementation details may be referred to. Description in the method embodiment.
  • the processing device of the virtual resource data includes a second receiving module 501, a third sending module 502, a third receiving module 503, and a second indicating module 504;
  • the second receiving module 501 is configured to receive a transfer request of the virtual resource data, where the transfer request carries the field information related to the request, and the third sending module 502 is configured to send the request to the client according to the transfer request.
  • the third receiving module 503 is configured to receive a first digital signature sent by the client, where the first digital signature is used by the client to decrypt the first challenge code by using a private key of the client certificate, and according to the Decoding the first challenge code and the field information generated; the second indication module 504, configured to: when the first digital signature is determined to be consistent with the second digital signature in the server, Virtual resource transfer.
  • the device may further include: a fourth receiving module, configured to receive user information; and a second generating module, configured to generate a corresponding second challenge code according to the user information, where the second challenge code carries Corresponding challenge code plaintext and challenge code ciphertext; a second obtaining module, configured to acquire a public key of the user client certificate indicated by the user information; and an encryption storage module, configured to use the public key pair of the client certificate
  • the challenge code is encrypted, a first challenge code is generated, and the challenge code plaintext and the challenge code ciphertext are stored.
  • the device may further include: a fifth receiving module, configured to receive the first digital signature and the field information sent by the client; and a third generating module, configured to use the challenge code to be a plaintext And generating, by the field information, a second digital signature; the comparing module is configured to compare the first digital signature with the second digital signature to obtain a comparison result; and the fourth sending module is configured to send the comparison result To the client.
  • a fifth receiving module configured to receive the first digital signature and the field information sent by the client
  • a third generating module configured to use the challenge code to be a plaintext And generating, by the field information, a second digital signature
  • the comparing module is configured to compare the first digital signature with the second digital signature to obtain a comparison result
  • the fourth sending module is configured to send the comparison result To the client.
  • the server generates the challenge code for the user by using the public key in the client certificate in advance; when the user requests the virtual resource transfer, the challenge code is decrypted by using the private key of the client certificate; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked.
  • the generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment.
  • the load pressure increases the server's operating speed.
  • FIG. 6 is a schematic structural diagram of a processing system of a virtual resource according to an embodiment of the present invention.
  • the processing system of the virtual resource includes: a server 601 and a client 602, where the client 602 may be specifically The processing device for virtual resource data according to the fourth embodiment, wherein the server 601 is a processing device for virtual resource data according to the fifth embodiment.
  • the client 602 is configured to send a virtual resource data transfer request, where the transfer request carries field information related to the request; and according to the transfer request, acquire a first challenge code preset by the server, where the first challenge code is The public key of the client certificate is encrypted and generated; the private key of the client certificate is obtained, and the first challenge code is decrypted by using the private key of the client certificate; according to the decrypted first challenge code and the The field information generates a first digital signature; when it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.
  • the server 601 is configured to receive a transfer request of the virtual resource data, where the transfer request carries the field information related to the request, and send, according to the transfer request, a preset first challenge code to the client, where the first challenge code is utilized. And generating, by the client, the first digital signature sent by the client, where the first digital signature is decrypted by the client by using the private key of the client certificate, and according to the The decrypted first challenge code and the field information are generated; when it is determined that the first digital signature is consistent with the second digital signature in the server, indicating that the virtual resource transfer is allowed.
  • the processing device of the virtual resource data provided by the embodiment of the present invention, for example, a computer, a tablet computer, a mobile phone with a touch function, and the like, the processing device of the virtual resource data and the processing of the virtual resource data in the above embodiment
  • the method belongs to the same concept, and any method provided in the embodiment of the method for processing the virtual resource data can be executed on the processing device of the virtual resource data, and the specific implementation process is described in the embodiment of the method for processing the virtual resource data. , will not repeat them here.
  • the processing method of the virtual resource data of the present invention a common tester in the art can understand all or part of the process for implementing the processing method of the virtual resource data in the embodiment of the present invention, which can be obtained by a computer program.
  • the computer program may be stored in a computer readable storage medium, such as in a memory of the terminal, and executed by at least one processor in the terminal, and may include, for example, during execution.
  • the storage medium may be a magnetic disk, an optical disk, a read only memory (ROM, Read) Only Memory), random access memory (RAM, Random Access Memory), etc.
  • each functional module may be integrated into one processing chip, or each module may exist physically separately, or two or more modules may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated module if implemented in the form of a software functional module and sold or used as a standalone product, may also be stored in a computer readable storage medium, such as a read only memory, a magnetic disk or an optical disk, etc. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

Provided is a method for processing virtual resource data. The method comprises: sending a virtual resource transfer request; acquiring a first challenge code, which is generated by means of encryption using a public key of a client certificate, and a private key of the client certificate, and using the private key to decrypt the first challenge code; generating a first digital signature according to the decrypted first challenge code; and when the first digital signature is consistent with a second digital signature in a server, allowing virtual resource transfer. Further provided are an apparatus and system for processing virtual resource data.

Description

一种虚拟资源数据的处理方法、装置及系统 Method, device and system for processing virtual resource data

本申请要求于2015年07月29日提交中国专利局、申请号为201510455785.6、发明名称为“一种虚拟资源数据的处理方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510455785.6, entitled "Processing, Apparatus and System for Processing Virtual Resource Data", filed on July 29, 2015, the entire contents of which are incorporated by reference. Combined in this application.

技术领域Technical field

本发明属于通信技术领域,尤其涉及一种虚拟资源数据的处理方法、装置及系统。The present invention belongs to the field of communications technologies, and in particular, to a method, device, and system for processing virtual resource data.

背景技术Background technique

随着互联网络技术的不断进步,人们对互联网络安全的要求也越来越高。With the continuous advancement of Internet technology, people are increasingly demanding the security of the Internet.

以基于客户端数字证书的快捷支付为例,目前通常在发起支付请求时,首先使用客户端数字证书中的私钥对支付请求中的部分字段对进行数字签名,然后将签名后的数据作为一个新的字段和支付请求中的其他信息一起提交到支付后台服务器,后台服务器收到请求后,使用证书的公钥对签名进行解密,如果解密成功且解密后的数据正确,则认为是用户的正确支付请求。由于客户端证书的私钥只有用户的终端设备上才可以获得,其他人很难仿冒用户的签名。Taking the fast payment based on the client digital certificate as an example, at present, when a payment request is initiated, a partial key pair in the payment request is first digitally signed using the private key in the client digital certificate, and then the signed data is used as a The new field is submitted to the payment backend server along with other information in the payment request. After receiving the request, the background server decrypts the signature using the public key of the certificate. If the decryption is successful and the decrypted data is correct, it is considered correct by the user. Payment request. Since the private key of the client certificate is only available on the user's terminal device, it is difficult for others to fake the user's signature.

技术问题technical problem

后台处理用户的支付请求时,需要实时的对用户的使用非对称加密算法加密的签名进行解密,而非对称加密算法加解密的效率是相当低的。以公钥加密算法(RSA,RSA algorithm)为例,其加解密速度相当于同等加密强度的对称加密算法的1/1000左右。在这种设计下,证书用户对后台服务器造成的压力必然显著大于非证书用户,运行效率相对较低。When the user's payment request is processed in the background, the user's signature encrypted by the asymmetric encryption algorithm needs to be decrypted in real time, and the efficiency of the asymmetric encryption algorithm is relatively low. Public key encryption algorithm (RSA, RSA As an example, the algorithm has an encryption and decryption speed equivalent to about 1/1000 of the symmetric encryption algorithm of the same encryption strength. Under this design, the pressure exerted by the certificate user on the background server is obviously greater than that of the non-certificate user, and the operation efficiency is relatively low.

技术解决方案Technical solution

本发明的目的在于提供一种虚拟资源数据的处理方法及装置,旨在减轻服务器的负载压力,提高服务器的运行速率。It is an object of the present invention to provide a method and apparatus for processing virtual resource data, which aims to reduce the load pressure of the server and improve the operating speed of the server.

为解决上述技术问题,本发明实施例第一方面提供:To solve the above technical problem, the first aspect of the embodiments of the present invention provides:

一种虚拟资源数据的处理方法,其中包括:A method for processing virtual resource data, including:

发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request;

根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate;

获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate;

根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information;

当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

本发明实施例第二方面提供:The second aspect of the embodiments of the present invention provides:

一种虚拟资源数据的处理方法,其中包括:A method for processing virtual resource data, including:

接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Receiving a transfer request of the virtual resource data, where the transfer request carries field information related to the request;

根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And sending, according to the transfer request, a preset first challenge code to the client, where the first challenge code is generated by using a public key of the client certificate;

接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;Receiving a first digital signature sent by the client, the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated;

当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

本发明实施例第三方面提供:The third aspect of the embodiments of the present invention provides:

一种虚拟资源数据的处理装置,其中包括处理器,所述处理器用于:A processing device for virtual resource data, comprising a processor, the processor is configured to:

发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request;

根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate;

获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate;

根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information;

当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

本发明实施例第四方面提供:The fourth aspect of the embodiments of the present invention provides:

一种虚拟资源数据的处理装置,其中包括处理器,所述处理器用于:A processing device for virtual resource data, comprising a processor, the processor is configured to:

接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Receiving a transfer request of the virtual resource data, where the transfer request carries field information related to the request;

根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And sending, according to the transfer request, a preset first challenge code to the client, where the first challenge code is generated by using a public key of the client certificate;

接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;Receiving a first digital signature sent by the client, the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated;

当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

本发明实施例第五方面提供:The fifth aspect of the embodiments of the present invention provides:

一种虚拟资源数据的处理系统,包括客户端和服务器,其中,所述客户端为第三方面提供的虚拟资源数据的处理装置,所述服务器为第四方面提供的虚拟资源数据的处理装置。A processing system for virtual resource data, comprising a client and a server, wherein the client is a processing device for virtual resource data provided by the third aspect, and the server is a processing device for virtual resource data provided by the fourth aspect.

另外,一种存储介质,其内存储有处理器可执行指令,其中该处理器可执行指令用于让处理器完成以下操作:Additionally, a storage medium having stored therein processor-executable instructions, wherein the processor-executable instructions are for causing the processor to:

发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request;

根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate;

获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate;

根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information;

当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

有益效果 Beneficial effect

相对于现有技术,本实施例,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。Compared with the prior art, in this embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; and then according to the challenge after decryption The code and the field information related to the request generate a digital signature; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, the challenge of the public key cannot be encrypted. The code is decrypted so it cannot mimic the user's signature. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed.

附图说明DRAWINGS

下面结合附图,通过对本发明的具体实施方式详细描述,将使本发明的技术方案及其它有益效果显而易见。The technical solutions and other advantageous effects of the present invention will be apparent from the following detailed description of embodiments of the invention.

图1是本发明第一实施例提供的虚拟资源数据的处理方法的流程示意图;1 is a schematic flowchart of a method for processing virtual resource data according to a first embodiment of the present invention;

图2为本发明第二实施例提供的虚拟资源数据的处理方法的流程示意图;2 is a schematic flowchart of a method for processing virtual resource data according to a second embodiment of the present invention;

图3为本发明第三实施例提供的虚拟资源数据的处理方法的流程示意图;3 is a schematic flowchart of a method for processing virtual resource data according to a third embodiment of the present invention;

图4为本发明第四实施例提供的虚拟资源数据的处理装置的结构示意图;4 is a schematic structural diagram of a device for processing virtual resource data according to a fourth embodiment of the present invention;

图5为本发明第五实施例提供的虚拟资源数据的处理装置的结构示意图;FIG. 5 is a schematic structural diagram of a device for processing virtual resource data according to a fifth embodiment of the present invention;

图6为本发明第六实施例提供的虚拟资源数据的处理系统的结构示意图。FIG. 6 is a schematic structural diagram of a system for processing virtual resource data according to a sixth embodiment of the present invention.

本发明的最佳实施方式BEST MODE FOR CARRYING OUT THE INVENTION

请参照图式,其中相同的组件符号代表相同的组件,本发明的原理是以实施在一适当的运算环境中来举例说明。以下的说明是基于所例示的本发明具体实施例,其不应被视为限制本发明未在此详述的其它具体实施例。Referring to the drawings, wherein like reference numerals refer to the same components, the principles of the invention are illustrated in the context of a suitable computing environment. The following description is based on the specific embodiments of the invention, which are not to be construed as limiting the invention.

在以下的说明中,本发明的具体实施例将参考由一部或多部计算机所执行的步骤及符号来说明,除非另有述明。因此,这些步骤及操作将有数次提到由计算机执行,本文所指的计算机执行包括了由代表了以一结构化型式中的数据的电子信号的计算机处理单元的操作。此操作转换该数据或将其维持在该计算机的内存系统中的位置处,其可重新配置或另外以本领域测试人员所熟知的方式来改变该计算机的运作。该数据所维持的数据结构为该内存的实体位置,其具有由该数据格式所定义的特定特性。但是,本发明原理以上述文字来说明,其并不代表为一种限制,本领域测试人员将可了解到以下所述的多种步骤及操作亦可实施在硬件当中。In the following description, specific embodiments of the present invention will be described with reference to the steps and symbols that are executed by one or more computers, unless otherwise stated. Thus, these steps and operations will be referred to several times by a computer, and the computer execution referred to herein includes the operation of a computer processing unit that represents an electronic signal in data in a structured version. This operation converts the data or maintains it at a location in the computer's memory system, which can be reconfigured or otherwise altered in a manner well known to those skilled in the art. The data structure maintained by the data is the physical location of the memory, which has specific characteristics defined by the data format. However, the principles of the present invention are described in the above text, which is not intended to be a limitation, and those skilled in the art will appreciate that the various steps and operations described below can also be implemented in hardware.

本发明的原理使用许多其它泛用性或特定目的运算、通信环境或组态来进行操作。所熟知的适合用于本发明的运算系统、环境与组态的范例可包括(但不限于)手持电话、个人计算机、服务器、多处理器系统、微电脑为主的系统、主架构型计算机、及分布式运算环境,其中包括了任何的上述系统或装置。The principles of the present invention operate using many other general purpose or special purpose computing, communication environments, or configurations. Examples of well-known computing systems, environments, and configurations suitable for use with the present invention may include, but are not limited to, hand-held phones, personal computers, servers, multi-processor systems, microcomputer-based systems, mainframe computers, and A distributed computing environment, including any of the above systems or devices.

本文所使用的术语「模块」可看做为在该运算系统上执行的软件对象。本文所述的不同组件、模块、引擎及服务可看做为在该运算系统上的实施对象。而本文所述的装置及方法优选的以软件的方式进行实施,当然也可在硬件上进行实施,均在本发明保护范围之内。The term "module" as used herein may be taken to mean a software object that is executed on the computing system. The different components, modules, engines, and services described herein can be considered as implementation objects on the computing system. The apparatus and method described herein are preferably implemented in software, and may of course be implemented in hardware, all of which are within the scope of the present invention.

应当理解是,以下实施例的顺序不受实施例序号限制,即第一实施例非最佳实施例,可以根据实际需求设定,比如,可以将第一实施例作为第二优选实施例实施,第三实施例作为第一优选实施例实施等等,第一、第二之类的描述仅为便于表述使用。It should be understood that the order of the following embodiments is not limited by the embodiment number, that is, the non-optimal embodiment of the first embodiment may be set according to actual needs. For example, the first embodiment may be implemented as the second preferred embodiment. The third embodiment is implemented as a first preferred embodiment, and the like, and the descriptions of the first, second, and the like are merely for convenience of expression.

第一实施例First embodiment

请参阅图1,图1是本发明第一实施例提供的虚拟资源数据的处理方法的流程示意图。所述方法包括:Referring to FIG. 1, FIG. 1 is a schematic flowchart of a method for processing virtual resource data according to a first embodiment of the present invention. The method includes:

在步骤S101中,发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息。In step S101, a transfer request of virtual resource data is transmitted, and the transfer request carries field information related to the request.

可以理解的是,所述虚拟资源数据的处理方法可基于一客户端上运行,所述客户端可以为笔记型计算机、平板PC(Personal Computer)、手机等具备储存单元并安装有微处理器而具有运算能力的终端机构成,本发明对此不作具体限定。It can be understood that the processing method of the virtual resource data can be run on a client, and the client can be a notebook computer or a tablet PC (Personal) Computers, mobile phones, and the like, which have a storage unit and are equipped with a microprocessor and have a computing capability, are not specifically limited in the present invention.

本发明实施例中所述虚拟资源数据的转移请求可以包括移动支付处理、扣款处理,转账处理等,此处不作具体限定。The request for the transfer of the virtual resource data in the embodiment of the present invention may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.

在步骤S102中,根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成。In step S102, according to the transfer request, the first challenge code preset by the server is acquired, and the first challenge code is generated by encrypting the public key of the client certificate.

在步骤S103中,获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密。In step S103, the private key of the client certificate is obtained, and the first challenge code is decrypted by using the private key of the client certificate.

在步骤S104中,根据解密后的第一挑战码以及所述字段信息生成第一数字签名。In step S104, a first digital signature is generated according to the decrypted first challenge code and the field information.

其中,所述步骤S102至步骤S104可具体为:The step S102 to the step S104 may be specifically:

可以理解的是, 挑战码(challenge)也称作挑战口令,是指遵循握手验证协议生成的一组加密口令,用于在传输过程中保证用户的真实密码不被泄露。本发明实施例中所述第一挑战码是指服务器利用客户端证书的公钥加密后生成的挑战码;容易想到的是,本实施例中“第一”、“第二”仅为便于区别说明,并不构成限定。Understandably, A challenge code, also called a challenge password, refers to a set of encrypted passwords generated following a handshake authentication protocol, which is used to ensure that the user's real password is not leaked during transmission. The first challenge code in the embodiment of the present invention refers to a challenge code generated by the server after the public key of the client certificate is encrypted. It is easy to think that the “first” and “second” in this embodiment are only for distinguishing. The description does not constitute a limitation.

客户端获取服务器所述第一挑战码后,利用客户端证书的私钥对所述第一挑战码进行解密,然后根据解密后的第一挑战码以及请求相关的字段信息生成第一数字签名,由于攻击者没有用户的客户端证书,无法对公钥加密的第一挑战码进行解密,因此无法模仿用户的数字签名,提高交易安全性。After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. Since the attacker does not have the client's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be imitated, and the transaction security is improved.

在步骤S105中,当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。In step S105, when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.

服务器获取所述客户端生成的第一数字签名,将所述第一数字签名与其生成的第二数字签名进行比较,若确定出第一数字签名与第二数字签名一致时,则接受所述客户端发送的虚拟资源转移请求,所述客户端向用户指示允许所述虚拟资源转移。Obtaining, by the server, the first digital signature generated by the client, comparing the first digital signature with a second digital signature generated by the server, and if the first digital signature is determined to be consistent with the second digital signature, accepting the client The virtual resource transfer request sent by the terminal, the client indicating to the user that the virtual resource transfer is allowed.

由上述可知,本实施例提供的虚拟资源数据的处理方法,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。It can be seen from the foregoing that, in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed.

第二实施例Second embodiment

请参阅图2,图2为本发明第二实施例提供的虚拟资源数据的处理方法的流程示意图。Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of a method for processing virtual resource data according to a second embodiment of the present invention.

其中,本实施例提供与第一实施例相对应的虚拟资源数据的处理方法;该方法基于一服务器上运行,所述服务器接收客户端发送的虚拟资源的转移请求,并对所述虚拟资源的转移请求进行处理;其中,所述客户端可以为笔记型计算机、平板PC、手机等具备储存单元并安装有微处理器而具有运算能力的终端机构成;本发明实施例中所述虚拟资源数据的转移请求可以包括移动支付处理、扣款处理,转账处理等,此处不作具体限定。The embodiment provides a method for processing virtual resource data corresponding to the first embodiment. The method is based on running on a server, and the server receives a transfer request of the virtual resource sent by the client, and the virtual resource is The transfer request is processed; wherein the client may be a terminal computer having a storage unit and a microprocessor and having a computing capability, such as a notebook computer, a tablet PC, a mobile phone, etc.; the virtual resource data in the embodiment of the present invention The transfer request may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.

所述方法包括:The method includes:

在步骤S201中,接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息。In step S201, a transfer request of virtual resource data is received, and the transfer request carries field information related to the request.

在步骤S202中,根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成。In step S202, according to the transfer request, a preset first challenge code is sent to the client, and the first challenge code is generated by encrypting the public key of the client certificate.

在步骤S203中,接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成。In step S203, the first digital signature sent by the client is received, and the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first The challenge code and the field information are generated.

其中,所述步骤S201与步骤S203可具体为:The step S201 and the step S203 may be specifically:

可以理解的是,挑战码也称作挑战口令,是指遵循握手验证协议生成的一组加密口令,用于在传输过程中保证用户的真实密码不被泄露。本发明实施例中所述第一挑战码是指服务器利用客户端证书的公钥加密后生成的挑战码。It can be understood that the challenge code, also called challenge password, refers to a set of encrypted passwords generated according to the handshake authentication protocol, and is used to ensure that the user's real password is not leaked during the transmission process. The first challenge code in the embodiment of the present invention refers to a challenge code generated by the server after being encrypted by using the public key of the client certificate.

客户端获取服务器所述第一挑战码后,利用客户端证书的私钥对所述第一挑战码进行解密,然后根据解密后的第一挑战码以及请求相关的字段信息生成第一数字签名,并发送至所述服务器;由于攻击者没有用户的客户端证书,无法对公钥加密的第一挑战码进行解密,因此无法模仿用户的数字签名,提高交易安全性。After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. And sent to the server; because the attacker does not have the user's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be imitated, and the transaction security is improved.

在步骤S204中,当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。In step S204, when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.

服务器获取所述客户端生成的第一数字签名,将所述第一数字签名与其生成的第二数字签名进行比较,若确定出第一数字签名与第二数字签名一致时,则接受所述客户端发送的虚拟资源转移请求,所述客户端向用户指示允许所述虚拟资源转移。Obtaining, by the server, the first digital signature generated by the client, comparing the first digital signature with a second digital signature generated by the server, and if the first digital signature is determined to be consistent with the second digital signature, accepting the client The virtual resource transfer request sent by the terminal, the client indicating to the user that the virtual resource transfer is allowed.

由上述可知,本实施例提供的虚拟资源数据的处理方法,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。It can be seen from the foregoing that, in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed.

第三实施例Third embodiment

请参阅图3,图3为本发明第三实施例提供的虚拟资源数据的处理方法的流程示意图。所述方法包括:Referring to FIG. 3, FIG. 3 is a schematic flowchart diagram of a method for processing virtual resource data according to a third embodiment of the present invention. The method includes:

在步骤S301中、服务器接收用户信息;In step S301, the server receives user information;

在步骤S302中、服务器根据所述用户信息,生成相对应的第二挑战码,所述第二挑战码携带对应的挑战码明文和挑战码密文;In step S302, the server generates a corresponding second challenge code according to the user information, where the second challenge code carries a corresponding challenge code plaintext and a challenge code ciphertext;

在步骤S303中、服务器获取所述用户信息指示的用户客户端证书的公钥;In step S303, the server acquires a public key of the user client certificate indicated by the user information;

在步骤S304中、服务器利用所述客户端证书的公钥对所述挑战码进行加密,生成第一挑战码,并存储所述挑战码明文和挑战码密文。In step S304, the server encrypts the challenge code by using the public key of the client certificate, generates a first challenge code, and stores the challenge code plaintext and the challenge code ciphertext.

其中,所述步骤S301至步骤S304可具体为:服务器中预设的第一挑战码可以在虚拟资源转移之前进行设置,所述第一挑战码是服务器利用客户端证书的公钥加密后生成。The step S301 to the step S304 may be specifically: the first challenge code preset in the server may be set before the virtual resource is transferred, and the first challenge code is generated after the server encrypts the public key of the client certificate.

可以理解的是,针对于客户端,在发送虚拟资源的转移请求之前,发送用户信息,以使所述服务器根据所述用户信息进行处理以生成第一挑战码,所述处理包括:所述服务器根据所述用户信息相对应的第二挑战码,获取所述用户信息指示的客户端证书的公钥,所述服务器利用所述客户端证书的公钥对所述第二挑战码进行加密,生成第一挑战码。It can be understood that, for the client, before transmitting the transfer request of the virtual resource, the user information is sent, so that the server performs processing according to the user information to generate a first challenge code, where the process includes: the server Acquiring, according to the second challenge code corresponding to the user information, a public key of the client certificate indicated by the user information, the server encrypting the second challenge code by using a public key of the client certificate, and generating First challenge code.

在步骤S305中,客户端发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;In step S305, the client sends a transfer request of virtual resource data, where the transfer request carries field information related to the request;

其中,本发明实施例中所述虚拟资源数据的转移请求可以包括移动支付处理、扣款处理,转账处理等,此处不作具体限定。The request for the transfer of the virtual resource data in the embodiment of the present invention may include a mobile payment process, a chargeback process, a transfer process, and the like, which are not specifically limited herein.

在步骤S306中,服务器根据所述转移请求,向客户端发送预设的第一挑战码;In step S306, the server sends a preset first challenge code to the client according to the transfer request.

在步骤S307中,客户端获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;In step S307, the client obtains the private key of the client certificate, and decrypts the first challenge code by using the private key of the client certificate;

在步骤S308中,客户端根据解密后的第一挑战码以及所述字段信息生成第一数字签名;In step S308, the client generates a first digital signature according to the decrypted first challenge code and the field information.

其中,所述步骤S306至步骤S308可具体为:The step S306 to the step S308 may be specifically:

优选的,所述客户端根据解密后的第一挑战码以及所述字段信息中的订单号字段,使用单向散列算法生成第一数字签名。Preferably, the client generates a first digital signature by using a one-way hash algorithm according to the decrypted first challenge code and the order number field in the field information.

客户端获取服务器所述第一挑战码后,利用客户端证书的私钥对所述第一挑战码进行解密,然后根据解密后的第一挑战码以及请求相关的字段信息生成第一数字签名,并将所述第一数字签名以及所述字段信息发送至服务器;由于攻击者没有用户的客户端证书,无法对公钥加密的第一挑战码进行解密,因此无法模仿用户的数字签名,提高交易安全性。After obtaining the first challenge code of the server, the client decrypts the first challenge code by using a private key of the client certificate, and then generates a first digital signature according to the decrypted first challenge code and request related field information. And sending the first digital signature and the field information to the server; since the attacker does not have the user's client certificate, the first challenge code of the public key encryption cannot be decrypted, so the digital signature of the user cannot be simulated, and the transaction is improved. safety.

在步骤S309中,服务器获取所述第一数字签名,并将所述第一数字签名与所述服务器中第二数字签名进行比较;In step S309, the server acquires the first digital signature and compares the first digital signature with a second digital signature in the server;

可以理解的是,服务器获取到第一数字签名以及所述字段信息之后,可根据所述挑战码明文和所述字段信息,利用同样的算法,如上述单向散列算法生成第二数字签名;服务器获取客户端生成的第一数字签名,将第一数字签名与第二数字签名进行比较,得到比较结果,并将比较结果发送至客户端。It can be understood that, after the server obtains the first digital signature and the field information, the same algorithm, such as the one-way hash algorithm, may be used to generate the second digital signature according to the challenge code plaintext and the field information; The server obtains the first digital signature generated by the client, compares the first digital signature with the second digital signature, obtains a comparison result, and sends the comparison result to the client.

针对于客户端,客户端接收所述服务器发送的比较结果,所述比较结果由服务器根据所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较而得到。For the client, the client receives the comparison result sent by the server, and the comparison result is generated by the server according to the challenge code plaintext and the field information to generate a second digital signature, and the first digital signature is The second digital signature is obtained by comparison.

在步骤S310中,当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。In step S310, when it is determined that the first digital signature is consistent with the second digital signature in the server, then the virtual resource transfer is allowed to be allowed.

针对于客户端,当客户端根据所述比较结果确定所述第一数字签名与所述第二数字签名一致时,则指示允许所述虚拟资源转移。For the client, when the client determines that the first digital signature is consistent with the second digital signature according to the comparison result, it indicates that the virtual resource transfer is allowed.

为方便理解本发明技术方案,基于上述实施例,下面以一具体应用场景对所述虚拟资源数据的处理方法进行分析说明:In order to facilitate the understanding of the technical solution of the present invention, based on the foregoing embodiment, the following describes the processing method of the virtual resource data in a specific application scenario:

该场景中,虚拟资源转移具体指客户端与服务器之间的支付处理,其中,该服务器可具体为支付后台服务器,该客户端可具体为手机;In this scenario, the virtual resource transfer specifically refers to the payment processing between the client and the server, where the server may be specifically a payment background server, and the client may be specifically a mobile phone;

其步骤包括:The steps include:

步骤S1、客户端向支付后台服务器发送一个支付请求;Step S1: The client sends a payment request to the payment background server;

即用户使用客户端下单后点击支付,以触发向服务器发起支付请求。That is, the user clicks the payment after the client places the order, and triggers the payment request to the server.

步骤S2、支付后台服务器接收该支付请求,返回一个使用客户端证书的公钥加密的第一挑战码;Step S2: The payment background server receives the payment request, and returns a first challenge code encrypted by using a public key of the client certificate;

支付后台服务器检测该订单的合法性,返回所述第一挑战码,以及该订单的详情、支持的支付方式等信息。The payment background server detects the legality of the order, returns the first challenge code, and details of the order, supported payment methods, and the like.

步骤S3、客户端收到第一挑战码后,弹出支付确认界面,以供用户确认支付方式及订单信息的正确性。Step S3: After receiving the first challenge code, the client pops up a payment confirmation interface for the user to confirm the correctness of the payment method and the order information.

用户点击确定后进入步骤S4。The user clicks OK and proceeds to step S4.

步骤S4、客户端使用客户端证书中的私钥对所述第一挑战码进行解密,然后将解密后的第一挑战码,同订单号、用户选择的支付方式等字段使用MD5算法生成签名字段Signstr(即第一数字签名);然后将SignStr和订单号、支付方式及其他支付相关信息一起发送到支付后台服务器。Step S4: The client decrypts the first challenge code by using a private key in the client certificate, and then uses the MD5 algorithm to generate a signature field by using the MD5 algorithm in the decrypted first challenge code and the order number and the payment method selected by the user. Signstr (ie the first digital signature); then sends the SignStr along with the order number, payment method and other payment related information to the payment backend server.

步骤S5、支付后台服务器使用挑战码明文和订单号等信息采用客户端同样的算法生成签名字段(即第二数字签名),并同客户端传来的签名字段进行比较验证,若签名验证通过,则根据可以直接向客户端返回支付成功,或者要求用户加验支付密码、短信验证码后再完成支付。Step S5: the payment background server uses the same algorithm of the client to generate the signature field (ie, the second digital signature) using the same algorithm of the challenge code and the order number, and compares and verifies the signature field sent by the client, and if the signature verification is passed, Then, according to the payment success can be directly returned to the client, or the user is required to check the payment password and the SMS verification code before completing the payment.

由上述可知,本实施例提供的虚拟资源数据的处理方法,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。进一步的,减低基于客户端数字证书的快捷支付的业务运营成本。It can be seen from the foregoing that, in the method for processing virtual resource data provided by the embodiment, the server generates a challenge code for the user by using the public key in the client certificate in advance; and the user decrypts the challenge code by using the private key of the client certificate when requesting the virtual resource transfer; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed. Further, the business operation cost of the fast payment based on the client digital certificate is reduced.

第四实施例Fourth embodiment

为便于更好的实施本发明实施例提供的虚拟资源数据的处理方法,本发明实施例还提供一种基于上述虚拟资源数据的处理方法的装置。其中名词的含义与上述第一实施例中的虚拟资源的处理的方法中相同,具体实现细节可以参考方法实施例中的说明。In order to facilitate the implementation of the method for processing the virtual resource data provided by the embodiment of the present invention, the embodiment of the present invention further provides an apparatus for processing the virtual resource data. The meaning of the noun is the same as the method for processing the virtual resource in the foregoing first embodiment. For specific implementation details, reference may be made to the description in the method embodiment.

请参阅图4,图4为本发明实施例提供的虚拟资源数据的处理装置的结构示意图,其中所述虚拟资源数据的处理装置可基于一客户端上运行,所述客户端可以为笔记型计算机、平板PC、手机等具备储存单元并安装有微处理器而具有运算能力的终端机构成,本发明对此不作具体限定。Referring to FIG. 4, FIG. 4 is a schematic structural diagram of a virtual resource data processing apparatus according to an embodiment of the present invention, where the virtual resource data processing apparatus may be run on a client, and the client may be a notebook computer. The tablet PC, the mobile phone, and the like have a terminal unit having a storage unit and a microprocessor and having a computing capability, which is not specifically limited in the present invention.

如图4所示,本发明所述虚拟资源数据的处理装置可以包括第一发送模块401、第一获取模块402、解密模块403、第一生成模块404以及第一指示模块405。As shown in FIG. 4, the processing device of the virtual resource data of the present invention may include a first sending module 401, a first obtaining module 402, a decrypting module 403, a first generating module 404, and a first indicating module 405.

其中,所述第一发送模块401,用于发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;所述第一获取模块402,用于根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;The first sending module 401 is configured to send a virtual resource data transfer request, where the transfer request carries field information related to the request; the first obtaining module 402 is configured to obtain a server pre-requisite according to the transfer request. a first challenge code, wherein the first challenge code is generated by using a public key of the client certificate;

所述解密模块403,用于获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;所述第一生成模块404,用于根据解密后的第一挑战码以及所述字段信息生成第一数字签名;所述第一指示模块405,用于当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。The decryption module 403 is configured to obtain a private key of the client certificate, and decrypt the first challenge code by using a private key of the client certificate; the first generating module 404 is configured to perform, according to the decrypted The first challenge code and the field information generate a first digital signature; the first indication module 405 is configured to: when the first digital signature is determined to be consistent with the second digital signature in the server, Virtual resource transfer.

基于图4提供的虚拟资源数据的处理装置,还可以作出以下优选设置:Based on the processing device of the virtual resource data provided in FIG. 4, the following preferred settings can also be made:

所述第一生成模块404具体用于:根据解密后的第一挑战码以及所述字段信息中的订单号字段,使用单向散列算法生成第一数字签名。The first generating module 404 is specifically configured to: generate a first digital signature by using a one-way hash algorithm according to the decrypted first challenge code and the order number field in the field information.

进一步优选的,所述装置还可以包括:第二发送模块,用于将所述第一数字签名以及所述字段信息发送至服务器;第一接收模块,用于接收所述服务器发送的比较结果,所述比较结果由服务器根据所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较而得到;基于此,所述第一指示模块405具体用于:当根据所述比较结果确定所述第一数字签名与所述第二数字签名一致时,则指示允许所述虚拟资源转移。Further preferably, the device may further include: a second sending module, configured to send the first digital signature and the field information to a server; and a first receiving module, configured to receive a comparison result sent by the server, The comparison result is generated by the server according to the challenge code plaintext and the field information, and the first digital signature is compared with the second digital signature; based on the first The indicating module 405 is specifically configured to: when determining that the first digital signature is consistent with the second digital signature according to the comparison result, indicating that the virtual resource transfer is allowed.

可以理解的是,在该实施例中没有详述的部分,可以参见上文第一和第三实施例中针对虚拟资源数据的处理方法的详细描述,此处不再赘述。It can be understood that, in the parts that are not detailed in this embodiment, reference may be made to the detailed description of the processing method for the virtual resource data in the foregoing first and third embodiments, and details are not described herein again.

由上述可知,本实施例提供的虚拟资源数据的处理装置,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。As described above, the virtual resource data processing apparatus provided by the embodiment, the server generates the challenge code for the user by using the public key in the client certificate in advance; when the user requests the virtual resource transfer, the challenge code is decrypted by using the private key of the client certificate; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed.

第五实施例Fifth embodiment

请参阅图5,图5为本发明实施例提供的虚拟资源数据的处理装置的结构示意图,其中名词的含义与上述第二实施例中的虚拟资源的处理的方法中相同,具体实现细节可以参考方法实施例中的说明。Referring to FIG. 5, FIG. 5 is a schematic structural diagram of a device for processing virtual resource data according to an embodiment of the present disclosure, where the meaning of a noun is the same as the method for processing a virtual resource in the second embodiment, and specific implementation details may be referred to. Description in the method embodiment.

优选的,所述虚拟资源数据的处理装置包括第二接收模块501、第三发送模块502、第三接收模块503以及第二指示模块504;Preferably, the processing device of the virtual resource data includes a second receiving module 501, a third sending module 502, a third receiving module 503, and a second indicating module 504;

其中,所述第二接收模块501,用于接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;所述第三发送模块502,用于根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;The second receiving module 501 is configured to receive a transfer request of the virtual resource data, where the transfer request carries the field information related to the request, and the third sending module 502 is configured to send the request to the client according to the transfer request. Sending a preset first challenge code, where the first challenge code is encrypted by using a public key of the client certificate;

所述第三接收模块503,用于接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;所述第二指示模块504,用于当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。The third receiving module 503 is configured to receive a first digital signature sent by the client, where the first digital signature is used by the client to decrypt the first challenge code by using a private key of the client certificate, and according to the Decoding the first challenge code and the field information generated; the second indication module 504, configured to: when the first digital signature is determined to be consistent with the second digital signature in the server, Virtual resource transfer.

进一步的,基于图5提供的虚拟资源数据的处理装置,还可以作出以下优选设置:Further, based on the processing device of the virtual resource data provided in FIG. 5, the following preferred settings may also be made:

优选的,所述装置还可以包括:第四接收模块,用于接收用户信息;第二生成模块,用于根据所述用户信息,生成相对应的第二挑战码,所述第二挑战码携带对应的挑战码明文和挑战码密文;第二获取模块,用于获取所述用户信息指示的用户客户端证书的公钥;加密存储模块,用于利用所述客户端证书的公钥对所述挑战码进行加密,生成第一挑战码,并存储所述挑战码明文和挑战码密文。Preferably, the device may further include: a fourth receiving module, configured to receive user information; and a second generating module, configured to generate a corresponding second challenge code according to the user information, where the second challenge code carries Corresponding challenge code plaintext and challenge code ciphertext; a second obtaining module, configured to acquire a public key of the user client certificate indicated by the user information; and an encryption storage module, configured to use the public key pair of the client certificate The challenge code is encrypted, a first challenge code is generated, and the challenge code plaintext and the challenge code ciphertext are stored.

进一步优选的,所述装置还可以包括:第五接收模块,用于接收所述客户端发送的所述第一数字签名以及所述字段信息;第三生成模块,用于使用所述挑战码明文和所述字段信息生成第二数字签名;比较模块,用于将所述第一数字签名与所述第二数字签名进行比较,得到比较结果;第四发送模块,用于将所述比较结果发送给客户端。Further preferably, the device may further include: a fifth receiving module, configured to receive the first digital signature and the field information sent by the client; and a third generating module, configured to use the challenge code to be a plaintext And generating, by the field information, a second digital signature; the comparing module is configured to compare the first digital signature with the second digital signature to obtain a comparison result; and the fourth sending module is configured to send the comparison result To the client.

可以理解的是,在该实施例中没有详述的部分,可以参见上文第二和第三实施例中针对虚拟资源数据的处理方法的详细描述,此处不再赘述。It is to be understood that the detailed description of the processing method for the virtual resource data in the second and third embodiments above is not described in detail in the section which is not detailed in this embodiment.

由上述可知,本实施例提供的虚拟资源数据的处理装置,服务器提前使用客户端证书中的公钥为用户生成挑战码;用户请求虚拟资源转移时使用客户端证书的私钥解密挑战码;然后根据将解密后的挑战码和请求相关的字段信息生成数字签名;服务器通过验证客户端生成的数字签名的正确性来确认该虚拟资源转移请求是否合法;由于攻击者没有用户的客户端证书,无法对公钥加密的挑战码进行解密,因此无法模仿用户的签名。生成的数字签名包含与对应支付请求的相关信息,且该签名只能用于本次交易,更能保证交易的安全性;并且,由于挑战码提前设置,大大降低了支付高峰时给服务器带来的负载压力,提高服务器的运行速率。As described above, the virtual resource data processing apparatus provided by the embodiment, the server generates the challenge code for the user by using the public key in the client certificate in advance; when the user requests the virtual resource transfer, the challenge code is decrypted by using the private key of the client certificate; Generating a digital signature according to the decrypted challenge code and the field information related to the request; the server confirms whether the virtual resource transfer request is legal by verifying the correctness of the digital signature generated by the client; since the attacker does not have the client's client certificate, The challenge code for public key encryption is decrypted, so the user's signature cannot be mimicked. The generated digital signature contains information related to the corresponding payment request, and the signature can only be used for the transaction, which ensures the security of the transaction; and, because the challenge code is set in advance, the server is brought to the server during the peak payment. The load pressure increases the server's operating speed.

第六实施例Sixth embodiment

请参阅图6,图6为本发明实施例提供的虚拟资源的处理系统的结构示意图,所述虚拟资源的处理系统包括:服务器601以及客户端602,其中,所述客户端602可具体为第四实施例所述的虚拟资源数据的处理装置,所述服务器601为第五实施例所述的虚拟资源数据的处理装置。Referring to FIG. 6, FIG. 6 is a schematic structural diagram of a processing system of a virtual resource according to an embodiment of the present invention. The processing system of the virtual resource includes: a server 601 and a client 602, where the client 602 may be specifically The processing device for virtual resource data according to the fourth embodiment, wherein the server 601 is a processing device for virtual resource data according to the fifth embodiment.

其中,所述客户端602用于发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;根据解密后的第一挑战码以及所述字段信息生成第一数字签名;当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。The client 602 is configured to send a virtual resource data transfer request, where the transfer request carries field information related to the request; and according to the transfer request, acquire a first challenge code preset by the server, where the first challenge code is The public key of the client certificate is encrypted and generated; the private key of the client certificate is obtained, and the first challenge code is decrypted by using the private key of the client certificate; according to the decrypted first challenge code and the The field information generates a first digital signature; when it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed.

所述服务器601用于接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。The server 601 is configured to receive a transfer request of the virtual resource data, where the transfer request carries the field information related to the request, and send, according to the transfer request, a preset first challenge code to the client, where the first challenge code is utilized. And generating, by the client, the first digital signature sent by the client, where the first digital signature is decrypted by the client by using the private key of the client certificate, and according to the The decrypted first challenge code and the field information are generated; when it is determined that the first digital signature is consistent with the second digital signature in the server, indicating that the virtual resource transfer is allowed.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见上文针对虚拟资源数据的处理方法的详细描述,此处不再赘述。In the above-mentioned embodiments, the descriptions of the various embodiments are different. For details that are not detailed in an embodiment, refer to the foregoing detailed description of the processing method for the virtual resource data, and details are not described herein again.

本发明实施例提供的所述虚拟资源数据的处理装置,譬如为计算机、平板电脑、具有触摸功能的手机等等,所述虚拟资源数据的处理装置与上文实施例中的虚拟资源数据的处理方法属于同一构思,在所述虚拟资源数据的处理装置上可以运行所述虚拟资源数据的处理方法实施例中提供的任一方法,其具体实现过程详见所述虚拟资源数据的处理方法实施例,此处不再赘述。The processing device of the virtual resource data provided by the embodiment of the present invention, for example, a computer, a tablet computer, a mobile phone with a touch function, and the like, the processing device of the virtual resource data and the processing of the virtual resource data in the above embodiment The method belongs to the same concept, and any method provided in the embodiment of the method for processing the virtual resource data can be executed on the processing device of the virtual resource data, and the specific implementation process is described in the embodiment of the method for processing the virtual resource data. , will not repeat them here.

需要说明的是,对本发明所述虚拟资源数据的处理方法而言,本领域普通测试人员可以理解实现本发明实施例所述虚拟资源数据的处理方法的全部或部分流程,是可以通过计算机程序来控制相关的硬件来完成,所述计算机程序可存储于一计算机可读取存储介质中,如存储在终端的存储器中,并被该终端内的至少一个处理器执行,在执行过程中可包括如所述虚拟资源数据的处理方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储器(ROM,Read Only Memory)、随机存取记忆体(RAM,Random Access Memory)等。It should be noted that, in the processing method of the virtual resource data of the present invention, a common tester in the art can understand all or part of the process for implementing the processing method of the virtual resource data in the embodiment of the present invention, which can be obtained by a computer program. Controlling the related hardware to complete, the computer program may be stored in a computer readable storage medium, such as in a memory of the terminal, and executed by at least one processor in the terminal, and may include, for example, during execution. A flow of an embodiment of a method of processing virtual resource data. Wherein, the storage medium may be a magnetic disk, an optical disk, a read only memory (ROM, Read) Only Memory), random access memory (RAM, Random Access Memory), etc.

对本发明实施例的所述虚拟资源数据的处理装置而言,其各功能模块可以集成在一个处理芯片中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中,所述存储介质譬如为只读存储器,磁盘或光盘等。For the processing device of the virtual resource data in the embodiment of the present invention, each functional module may be integrated into one processing chip, or each module may exist physically separately, or two or more modules may be integrated into one module. in. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. The integrated module, if implemented in the form of a software functional module and sold or used as a standalone product, may also be stored in a computer readable storage medium, such as a read only memory, a magnetic disk or an optical disk, etc. .

以上对本发明实施例所提供的一种虚拟资源数据的处理方法及装置进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The method and device for processing virtual resource data provided by the embodiments of the present invention are described in detail. The principles and implementation manners of the present invention are described in the specific examples. The description of the above embodiments is only for helping. The method of the present invention and its core idea are understood; at the same time, those skilled in the art, according to the idea of the present invention, will have some changes in the specific embodiments and application scopes. It is understood to be a limitation of the invention.

Claims (17)

一种虚拟资源数据的处理方法,其特征在于,包括:A method for processing virtual resource data, comprising: 发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request; 根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate; 获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate; 根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information; 当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed. 根据权利要求1所述的虚拟资源数据的处理方法,其特征在于,所述发送虚拟资源的转移请求之前,还包括:The method for processing virtual resource data according to claim 1, wherein before the transmitting the virtual resource transfer request, the method further includes: 发送用户信息,以使所述服务器根据所述用户信息进行处理以生成第一挑战码,所述处理包括:所述服务器根据所述用户信息相对应的第二挑战码,获取所述用户信息指示的客户端证书的公钥,所述服务器利用所述客户端证书的公钥对所述第二挑战码进行加密,生成第一挑战码。Sending user information, so that the server performs processing according to the user information to generate a first challenge code, where the processing includes: the server acquiring the user information indication according to a second challenge code corresponding to the user information. a public key of the client certificate, the server encrypting the second challenge code by using a public key of the client certificate to generate a first challenge code. 根据权利要求2所述的虚拟资源数据的处理方法,其特征在于,所述根据解密后的第一挑战码以及所述字段信息生成第一数字签名之后,还包括:The method for processing virtual resource data according to claim 2, wherein after the generating the first digital signature according to the decrypted first challenge code and the field information, the method further includes: 将所述第一数字签名以及所述字段信息发送至服务器;Transmitting the first digital signature and the field information to a server; 接收所述服务器发送的比较结果,所述比较结果由服务器根据所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较而得到;Receiving a comparison result sent by the server, where the comparison result is generated by the server according to the challenge code plaintext and the field information, and comparing the first digital signature with the second digital signature. get; 所述当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移,包括:当根据所述比较结果确定所述第一数字签名与所述第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, indicating that the virtual resource transfer is permitted, including: determining, according to the comparison result, the first digital signature and the first When the two digital signatures are consistent, it indicates that the virtual resource transfer is allowed. 根据权利要求1所述的虚拟资源数据的处理方法,其特征在于,所述根据解密后的第一挑战码以及所述字段信息生成第一数字签名,包括:The method for processing virtual resource data according to claim 1, wherein the generating the first digital signature according to the decrypted first challenge code and the field information comprises: 根据解密后的第一挑战码以及所述字段信息中的订单号字段,使用单向散列算法生成第一数字签名。A first digital signature is generated using a one-way hash algorithm based on the decrypted first challenge code and the order number field in the field information. 一种虚拟资源数据的处理方法,其特征在于,包括:A method for processing virtual resource data, comprising: 接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Receiving a transfer request of the virtual resource data, where the transfer request carries field information related to the request; 根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And sending, according to the transfer request, a preset first challenge code to the client, where the first challenge code is generated by using a public key of the client certificate; 接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;Receiving a first digital signature sent by the client, the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated; 当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed. 根据权利要求5所述的虚拟资源数据的处理方法,其特征在于,所述接收虚拟资源的转移请求之前,还包括:The method for processing virtual resource data according to claim 5, wherein before the receiving the transfer request of the virtual resource, the method further includes: 接收用户信息;Receiving user information; 根据所述用户信息,生成相对应的第二挑战码,所述第二挑战码携带对应的挑战码明文和挑战码密文;And generating, according to the user information, a corresponding second challenge code, where the second challenge code carries a corresponding challenge code plaintext and a challenge code ciphertext; 获取所述用户信息指示的用户客户端证书的公钥;Obtaining a public key of the user client certificate indicated by the user information; 利用所述客户端证书的公钥对所述挑战码进行加密,生成第一挑战码,并存储所述挑战码明文和挑战码密文。And encrypting the challenge code by using a public key of the client certificate, generating a first challenge code, and storing the challenge code plaintext and the challenge code ciphertext. 根据权利要求6所述的虚拟资源数据的处理方法,其特征在于,所述当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移之前,还包括:The method for processing virtual resource data according to claim 6, wherein when determining that the first digital signature is consistent with a second digital signature in the server, indicating that the virtual resource is allowed to be transferred, Also includes: 接收所述客户端发送的所述第一数字签名以及所述字段信息;Receiving the first digital signature and the field information sent by the client; 使用所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较,得到比较结果;Generating a second digital signature by using the challenge code plaintext and the field information, and comparing the first digital signature with the second digital signature to obtain a comparison result; 将所述比较结果发送给客户端。Send the comparison result to the client. 一种虚拟资源数据的处理装置,其特征在于,包括处理器,所述处理器用于:A processing device for virtual resource data, comprising: a processor, wherein the processor is configured to: 发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request; 根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate; 获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate; 根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information; 当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed. 根据权利要求8所述的虚拟资源数据的处理装置,其特征在于,所述处理器用于:The processing device for virtual resource data according to claim 8, wherein the processor is configured to: 将所述第一数字签名以及所述字段信息发送至服务器;Transmitting the first digital signature and the field information to a server; 接收所述服务器发送的比较结果,所述比较结果由服务器根据所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较而得到;Receiving a comparison result sent by the server, where the comparison result is generated by the server according to the challenge code plaintext and the field information, and comparing the first digital signature with the second digital signature. get; 当根据所述比较结果确定所述第一数字签名与所述第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature according to the comparison result, indicating that the virtual resource transfer is allowed. 根据权利要求8所述的虚拟资源数据的处理装置,其特征在于,所述处理器用于:根据解密后的第一挑战码以及所述字段信息中的订单号字段,使用单向散列算法生成第一数字签名。The processing device of the virtual resource data according to claim 8, wherein the processor is configured to: generate, according to the decrypted first challenge code and the order number field in the field information, using a one-way hash algorithm The first digital signature. 一种虚拟资源数据的处理装置,其特征在于,包括处理器,所述处理器用于:A processing device for virtual resource data, comprising: a processor, wherein the processor is configured to: 接收虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Receiving a transfer request of the virtual resource data, where the transfer request carries field information related to the request; 根据所述转移请求,向客户端发送预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And sending, according to the transfer request, a preset first challenge code to the client, where the first challenge code is generated by using a public key of the client certificate; 接收客户端发送的第一数字签名,所述第一数字签名由所述客户端利用客户端证书的私钥对所述第一挑战码进行解密,并根据解密后的第一挑战码以及所述字段信息所生成;Receiving a first digital signature sent by the client, the first digital signature is decrypted by the client by using a private key of the client certificate, and according to the decrypted first challenge code and the Field information is generated; 当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed. 根据权利要求11所述的虚拟资源数据的处理装置,其特征在于,所述处理器用于:The processing device for virtual resource data according to claim 11, wherein the processor is configured to: 接收用户信息;Receiving user information; 根据所述用户信息,生成相对应的第二挑战码,所述第二挑战码携带对应的挑战码明文和挑战码密文;And generating, according to the user information, a corresponding second challenge code, where the second challenge code carries a corresponding challenge code plaintext and a challenge code ciphertext; 获取所述用户信息指示的用户客户端证书的公钥;Obtaining a public key of the user client certificate indicated by the user information; 利用所述客户端证书的公钥对所述挑战码进行加密,生成第一挑战码,并存储所述挑战码明文和挑战码密文。And encrypting the challenge code by using a public key of the client certificate, generating a first challenge code, and storing the challenge code plaintext and the challenge code ciphertext. 根据权利要求12所述的虚拟资源数据的处理装置,其特征在于,所述处理器用于:The processing device for virtual resource data according to claim 12, wherein the processor is configured to: 接收所述客户端发送的所述第一数字签名以及所述字段信息;Receiving the first digital signature and the field information sent by the client; 使用所述挑战码明文和所述字段信息生成第二数字签名;Generating a second digital signature by using the challenge code plaintext and the field information; 将所述第一数字签名与所述第二数字签名进行比较,得到比较结果;Comparing the first digital signature with the second digital signature to obtain a comparison result; 将所述比较结果发送给客户端。Send the comparison result to the client. 一种存储介质,其内存储有处理器可执行指令,其中该处理器可执行指令用于让处理器完成以下操作:A storage medium having stored therein processor-executable instructions, wherein the processor-executable instructions are for causing a processor to: 发送虚拟资源数据的转移请求,所述转移请求携带请求相关的字段信息;Sending a transfer request of virtual resource data, where the transfer request carries field information related to the request; 根据所述转移请求,获取服务器预设的第一挑战码,所述第一挑战码利用客户端证书的公钥加密后生成;And acquiring, according to the transfer request, a first challenge code preset by the server, where the first challenge code is generated by using a public key of the client certificate; 获取客户端证书的私钥,并利用所述客户端证书的私钥对所述第一挑战码进行解密;Obtaining a private key of the client certificate, and decrypting the first challenge code by using a private key of the client certificate; 根据解密后的第一挑战码以及所述字段信息生成第一数字签名;Generating a first digital signature according to the decrypted first challenge code and the field information; 当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, then indicating that the virtual resource transfer is allowed. 根据权利要求14所述的存储介质,其特征在于,所述处理器可执行指令用于让处理器完成以下操作:The storage medium of claim 14 wherein the processor-executable instructions are for causing the processor to: 发送用户信息,以使所述服务器根据所述用户信息进行处理以生成第一挑战码,所述处理包括:所述服务器根据所述用户信息相对应的第二挑战码,获取所述用户信息指示的客户端证书的公钥,所述服务器利用所述客户端证书的公钥对所述第二挑战码进行加密,生成第一挑战码。Sending user information, so that the server performs processing according to the user information to generate a first challenge code, where the processing includes: the server acquiring the user information indication according to a second challenge code corresponding to the user information. a public key of the client certificate, the server encrypting the second challenge code by using a public key of the client certificate to generate a first challenge code. 根据权利要求15所述的存储介质,其特征在于,所述处理器可执行指令用于让处理器完成以下操作:The storage medium of claim 15 wherein the processor-executable instructions are for causing the processor to: 将所述第一数字签名以及所述字段信息发送至服务器;Transmitting the first digital signature and the field information to a server; 接收所述服务器发送的比较结果,所述比较结果由服务器根据所述挑战码明文和所述字段信息生成第二数字签名,并将所述第一数字签名与所述第二数字签名进行比较而得到;Receiving a comparison result sent by the server, where the comparison result is generated by the server according to the challenge code plaintext and the field information, and comparing the first digital signature with the second digital signature. get; 所述当确定所述第一数字签名与所述服务器中第二数字签名一致时,则指示允许所述虚拟资源转移,包括:当根据所述比较结果确定所述第一数字签名与所述第二数字签名一致时,则指示允许所述虚拟资源转移。When it is determined that the first digital signature is consistent with the second digital signature in the server, indicating that the virtual resource transfer is permitted, including: determining, according to the comparison result, the first digital signature and the first When the two digital signatures are consistent, it indicates that the virtual resource transfer is allowed. 根据权利要求14所述的存储介质,其特征在于,所述处理器可执行指令用于让处理器完成以下操作:The storage medium of claim 14 wherein the processor-executable instructions are for causing the processor to: 根据解密后的第一挑战码以及所述字段信息中的订单号字段,使用单向散列算法生成第一数字签名。A first digital signature is generated using a one-way hash algorithm based on the decrypted first challenge code and the order number field in the field information.
PCT/CN2016/081565 2015-07-29 2016-05-10 Method, apparatus and system for processing virtual resource data Ceased WO2017016272A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510455785.6A CN106411520B (en) 2015-07-29 2015-07-29 Method, device and system for processing virtual resource data
CN201510455785.6 2015-07-29

Publications (1)

Publication Number Publication Date
WO2017016272A1 true WO2017016272A1 (en) 2017-02-02

Family

ID=57884144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/081565 Ceased WO2017016272A1 (en) 2015-07-29 2016-05-10 Method, apparatus and system for processing virtual resource data

Country Status (2)

Country Link
CN (1) CN106411520B (en)
WO (1) WO2017016272A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113011945A (en) * 2021-03-16 2021-06-22 深圳市微创云启科技有限公司 Order number generation method and device, terminal equipment and storage medium
CN114219484A (en) * 2021-12-15 2022-03-22 广州品唯软件有限公司 Payment system interface management method and device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108596581B (en) * 2017-12-04 2020-08-18 阿里巴巴集团控股有限公司 Verification method and device for resource transfer and electronic payment verification method and device
CN111213147B (en) 2019-07-02 2023-10-13 创新先进技术有限公司 Systems and methods for blockchain-based cross-entity authentication
CN111164594B (en) 2019-07-02 2023-08-25 创新先进技术有限公司 System and method for mapping decentralized identities to real entities
CN114006705B (en) * 2021-12-28 2022-03-18 深圳市名竹科技有限公司 Digital signature processing method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1477810A (en) * 2003-06-12 2004-02-25 上海格尔软件股份有限公司 Dynamic password authentication method based on digital certificate implement
WO2004079985A1 (en) * 2003-03-06 2004-09-16 Tim Italia S.P.A. Method and software program product for mutual authentication in a communications network
CN1859097A (en) * 2006-01-19 2006-11-08 华为技术有限公司 Verifying method and system based on general weight discrimination framework
CN101083556A (en) * 2007-07-02 2007-12-05 蔡水平 Region based layered wireless information publishing, searching and communicating application system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222333B (en) * 2007-12-24 2010-11-10 北京握奇数据系统有限公司 Data transaction processing method and apparatus
US20140359034A1 (en) * 2013-05-31 2014-12-04 David A. Hernandez Methods and Systems for Automatically Making Acts of Advocacy Based on Content in Electronic Information Streams
CN103532719B (en) * 2013-10-22 2017-01-18 天地融科技股份有限公司 Dynamic password generation method, dynamic password generation system, as well as processing method and processing system of transaction request
CN104320261B (en) * 2014-11-05 2018-06-15 北京大唐智能卡技术有限公司 Identity authentication method, financial smart card and terminal are realized on financial smart card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004079985A1 (en) * 2003-03-06 2004-09-16 Tim Italia S.P.A. Method and software program product for mutual authentication in a communications network
CN1477810A (en) * 2003-06-12 2004-02-25 上海格尔软件股份有限公司 Dynamic password authentication method based on digital certificate implement
CN1859097A (en) * 2006-01-19 2006-11-08 华为技术有限公司 Verifying method and system based on general weight discrimination framework
CN101083556A (en) * 2007-07-02 2007-12-05 蔡水平 Region based layered wireless information publishing, searching and communicating application system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113011945A (en) * 2021-03-16 2021-06-22 深圳市微创云启科技有限公司 Order number generation method and device, terminal equipment and storage medium
CN114219484A (en) * 2021-12-15 2022-03-22 广州品唯软件有限公司 Payment system interface management method and device

Also Published As

Publication number Publication date
CN106411520B (en) 2020-08-04
CN106411520A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
WO2017016272A1 (en) Method, apparatus and system for processing virtual resource data
US12381728B2 (en) Accessory assisted account recovery
WO2020171538A1 (en) Electronic device and method for providing digital signature service of block chain using the same
US7987374B2 (en) Security chip
WO2020186775A1 (en) Service data providing method, apparatus and device, and computer-readable storage medium
WO2016169410A1 (en) Login method and device, server and login system
WO2018133686A1 (en) Method and device for password protection, and storage medium
WO2018030707A1 (en) Authentication system and method, and user equipment, authentication server, and service server for performing same method
WO2014008858A1 (en) Method for implementing cross-domain jump, browser, and domain name server
WO2019132272A1 (en) Id as blockchain based service
WO2016206530A1 (en) Highly secure mobile payment method, apparatus, and system
WO2014063455A1 (en) Instant messaging method and system
JP6671701B1 (en) Arithmetic device, arithmetic method, arithmetic program, and arithmetic system
WO2020253120A1 (en) Webpage registration method, system and device, and computer storage medium
WO2020091525A1 (en) Payment method using biometric authentication and electronic device therefor
WO2020231177A1 (en) Electronic device and method for receiving push message stored in blockchain
WO2025236608A1 (en) Information verification method and related device
WO2020235733A1 (en) Device and method for authenticating user and obtaining user signature using user's biometrics
WO2016064041A1 (en) User terminal using hash value to detect whether application program has been tampered and method for tamper detection using the user terminal
WO2012149717A1 (en) License dynamic management method, device and system based on tcm or tpm
WO2019182377A1 (en) Method, electronic device, and computer-readable recording medium for generating address information used for transaction of blockchain-based cryptocurrency
WO2020032351A1 (en) Method for establishing anonymous digital identity
WO2018053904A1 (en) Information processing method and terminal
WO2017111483A1 (en) Biometric data-based authentication device, control server and application server linked to same, and method for operating same
WO2020096180A1 (en) Method for confirming indication of intent which is capable of ensuring anonymity and preventing sybil attacks, and method for registering and authenticating identification information storage module

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16829639

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16829639

Country of ref document: EP

Kind code of ref document: A1