[go: up one dir, main page]

CN104361489B - A kind of mark system and method for sensitive information - Google Patents

A kind of mark system and method for sensitive information Download PDF

Info

Publication number
CN104361489B
CN104361489B CN201410609081.5A CN201410609081A CN104361489B CN 104361489 B CN104361489 B CN 104361489B CN 201410609081 A CN201410609081 A CN 201410609081A CN 104361489 B CN104361489 B CN 104361489B
Authority
CN
China
Prior art keywords
platform
information
transaction
sensitive information
transaction request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410609081.5A
Other languages
Chinese (zh)
Other versions
CN104361489A (en
Inventor
谈剑锋
梅庆
杨党团
钱金金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ouxin Technology Co ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201410609081.5A priority Critical patent/CN104361489B/en
Publication of CN104361489A publication Critical patent/CN104361489A/en
Application granted granted Critical
Publication of CN104361489B publication Critical patent/CN104361489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明涉及信息安全领域,尤其涉及一种信息的标识化系统及其方法,包括:交易平台,用于获取敏感信息,同时形成并发送交易请求;网关,与交易平台连接,为交易平台接入支付平台提供接入口;支付平台,与网关连接,用于实现交易请求的支付;密钥管理平台,与支付平台连接,管理和分配交易平台的密钥信息;第一FPE加密机,与网关连接,用于实现交易请求中的敏感信息的标识化;第二FPE加密机,与密钥管理平台连接,用于实现标识化后的敏感信息的解密。本发明以密钥管理平台为中心,将密钥分发给各个交易平台,同时使用FPE对敏感信息进行加密,保障了敏感信息在传输过程中数据长度不发生改变,同时确保了敏感信息的安全。

The present invention relates to the field of information security, in particular to an information identification system and method thereof, including: a transaction platform for obtaining sensitive information and simultaneously forming and sending a transaction request; a gateway connected to the transaction platform for accessing the transaction platform The payment platform provides an access port; the payment platform is connected to the gateway to realize the payment of the transaction request; the key management platform is connected to the payment platform to manage and distribute the key information of the transaction platform; the first FPE encryption machine is connected to the gateway , used to implement identification of the sensitive information in the transaction request; the second FPE encryption machine, connected to the key management platform, is used to implement the decryption of the identified sensitive information. The invention takes the key management platform as the center, distributes the key to each trading platform, and uses FPE to encrypt sensitive information at the same time, which ensures that the data length of the sensitive information does not change during the transmission process, and at the same time ensures the security of the sensitive information.

Description

一种敏感信息的标识化系统及其方法A system and method for identifying sensitive information

技术领域technical field

本发明涉及信息安全领域,尤其涉及一种信息的标识化系统及其方法。The present invention relates to the field of information security, in particular to an information marking system and method thereof.

背景技术Background technique

随着计算机技术和网络技术的飞速发展,数据库信息的安全问题日益严重,如2011年末中国互联网发生的大量敏感信息的泄露事件,其根本的原因就在于这些信息多以明文形式存储,存在着重大的安全隐患。With the rapid development of computer technology and network technology, the security problem of database information is becoming more and more serious. For example, the leakage of a large amount of sensitive information occurred on the Internet in China at the end of 2011. The fundamental reason is that this information is mostly stored in plain text. security risks.

尤其是目前,网上支付的普及,其作为电子商务的基础,电子支付的普遍应用推动了电子商务的快速发展,但是在整个支付过程中也带来了个人敏感信息特别是银行卡信息泄露的问题。Especially at present, the popularity of online payment, as the basis of e-commerce, the widespread application of electronic payment has promoted the rapid development of e-commerce, but it has also brought about the leakage of personal sensitive information, especially bank card information, during the entire payment process. .

在实际应用中,对信用卡号、身份证号等敏感数据进行加密非常必要,然而使用传统分组密码通常会扩展数据,使数据长度和类型发生变化,需要修改数据库结构或应用程序来适应这些变化,成本非常高;另外,传统的信息标识化方法中以口令管理器为中心,这需要建立集中的口令服务器,采用集中部署,采购相关设备,投入大量的成本。In practical applications, it is very necessary to encrypt sensitive data such as credit card numbers and ID numbers. However, the use of traditional block ciphers usually expands data and changes the length and type of data. It is necessary to modify the database structure or application to adapt to these changes. The cost is very high; in addition, the password manager is the center of the traditional information identification method, which requires the establishment of a centralized password server, centralized deployment, procurement of related equipment, and a large amount of cost.

发明内容Contents of the invention

针对传统的分组密码会对数据进行扩展,是数据长度和类型发生改变的问题,本发明以密钥管理平台为中心,将密钥分发给各个交易平台,同时使用FPE对敏感信息进行加密,保障了敏感信息在传输过程中数据长度不发生改变,同时确保了敏感信息的安全。Aiming at the problem that the traditional block cipher will expand the data, the length and type of the data change, the present invention takes the key management platform as the center, distributes the key to each trading platform, and uses FPE to encrypt sensitive information at the same time, ensuring This ensures that the data length of sensitive information does not change during transmission, and at the same time ensures the security of sensitive information.

本发明提供的敏感信息的标识化系统及方法,技术方案如下:The technical solution of the sensitive information identification system and method provided by the present invention is as follows:

一种敏感信息的标识化系统,包括:A sensitive information identification system, including:

交易平台,网关,支付平台,密钥管理平台,第一FPE(FormatPreservingEncryption,格式保留加密)加密机,以及第二FPE加密机,其中,Trading platform, gateway, payment platform, key management platform, a first FPE (Format Preserving Encryption, format preserving encryption) encryption machine, and a second FPE encryption machine, wherein,

所述交易平台,用于获取所述敏感信息,同时形成并发送交易请求;The transaction platform is used to obtain the sensitive information, and simultaneously form and send a transaction request;

所述网关,与所述交易平台连接,为所述交易平台接入所述支付平台提供接入口;The gateway is connected to the transaction platform and provides an access port for the transaction platform to access the payment platform;

所述支付平台,与所述网关连接,用于实现所述交易请求的支付;The payment platform, connected to the gateway, is used to realize the payment of the transaction request;

所述密钥管理平台,与所述支付平台连接,管理和分配所述交易平台的密钥信息;The key management platform is connected to the payment platform to manage and distribute the key information of the transaction platform;

所述第一FPE加密机,与所述网关连接,用于实现所述交易请求中的敏感信息的标识化;The first FPE encryption machine, connected to the gateway, is used to realize the identification of sensitive information in the transaction request;

所述第二FPE加密机,与所述密钥管理平台连接,用于实现标识化后的敏感信息的解密。The second FPE encryption machine is connected to the key management platform, and is used to decrypt the marked sensitive information.

格式保留加密式一种对称密码,要求密文与明文具有相同的格式。对于数据库敏感信息的格式保留加密,需要保证密文满足数据库对于数据格式的约束,主要包括:数据不能被扩充,即当加密N位的数字时,必须输出另外一个N位数字;数据类型不能被改变;数据必须能被确定性地加密,对于数据库中作为主键或者索引字段的数据,其被加密后将被保留其所在的列作为主键或者索引的特征;以及加解密过程可逆。Format-preserving encryption is a symmetric cipher that requires the ciphertext to have the same format as the plaintext. For the format-retaining encryption of sensitive information in the database, it is necessary to ensure that the ciphertext meets the constraints of the database on the data format, mainly including: the data cannot be expanded, that is, when encrypting an N-digit number, another N-digit number must be output; the data type cannot be changed Change; data must be able to be encrypted deterministically, for the data in the database as the primary key or index field, after being encrypted, it will retain the characteristics of the column where it is located as the primary key or index; and the encryption and decryption process is reversible.

优选地,所述网关为所述交易平台的支付网关或所述支付平台的在线网关。Preferably, the gateway is a payment gateway of the transaction platform or an online gateway of the payment platform.

网关(Gateway)又称网间连接器、协议转换器。网关在网络层以上实现网络互连,是最复杂的网络互连设备,仅用于两个高层协议不同的网络互连。网关既可以用于广域网互连,也可以用于局域网互连。网关是一种充当转换重任的计算机系统或设备。在使用不同的通信协议、数据格式或语言,甚至体系结构完全不同的两种系统之间,网关是一个翻译器。与网桥只是简单地传达信息不同,网关对收到的信息要重新打包,以适应目的系统的需求。Gateway (Gateway) is also called Internet connector and protocol converter. The gateway implements network interconnection above the network layer and is the most complex network interconnection device, which is only used for the interconnection of two networks with different high-level protocols. Gateways can be used for both WAN interconnection and LAN interconnection. A gateway is a computer system or device that acts as a switch. A gateway is a translator between two systems that use different communication protocols, data formats or languages, or even completely different architectures. Unlike bridges, which simply convey information, gateways repackage received information to suit the needs of the destination system.

网关实质上是一个网络通向其他网络的IP地址。比如有网络A和网络B,网络A的IP地址范围为“192.168.1.1~192.168.1.254”,子网掩码为255.255.255.0;网络B的IP地址范围为“192.168.2.1~192.168.2.254”,子网掩码为255.255.255.0。在没有路由器的情况下,两个网络之间是不能进行TCP/IP通信的,即使是两个网络连接在同一台交换机(或集线器)上,TCP/IP协议也会根据子网掩码(255.255.255.0)判定两个网络中的主机处在不同的网络里。而要实现这两个网络之间的通信,则必须通过网关。如果网络A中的主机发现数据包的目的主机不在本地网络中,就把数据包转发给它自己的网关,再由网关转发给网络B的网关,网络B的网关再转发给网络B的某个主机(如附图所示)。网络A向网络B转发数据包的过程。A gateway is essentially an IP address from one network to another. For example, there are network A and network B, the IP address range of network A is "192.168.1.1~192.168.1.254", the subnet mask is 255.255.255.0; the IP address range of network B is "192.168.2.1~192.168.2.254" , the subnet mask is 255.255.255.0. In the absence of a router, TCP/IP communication cannot be performed between two networks. Even if the two networks are connected to the same switch (or hub), the TCP/IP protocol will use the subnet mask (255.255 .255.0) to determine that the hosts in the two networks are in different networks. And to realize the communication between these two networks, you must go through the gateway. If the host in network A finds that the destination host of the data packet is not in the local network, it forwards the data packet to its own gateway, and then forwards the data packet to the gateway of network B, and the gateway of network B forwards it to a certain network B host (as shown in the attached picture). The process of forwarding data packets from network A to network B.

所以说,只有设置好网关的IP地址,TCP/IP协议才能实现不同网络之间的相互通信。那么这个IP地址是哪台机器的IP地址呢?网关的IP地址是具有路由功能的设备的IP地址,具有路由功能的设备有路由器、启用了路由协议的服务器(实质上相当于一台路由器)、代理服务器(也相当于一台路由器)。Therefore, only by setting the IP address of the gateway, the TCP/IP protocol can realize the mutual communication between different networks. So which machine's IP address is this IP address? The IP address of the gateway is the IP address of the device with routing function. The devices with routing function include routers, servers with routing protocols enabled (essentially equivalent to a router), and proxy servers (also equivalent to a router).

在和Novell NetWare网络交互操作的上下文中,网关在Windows网络中使用的服务器信息块(SMB)协议以及NetWare网络使用的NetWare核心协议(NCP)之间起着桥梁的作用。网关也被称为IP路由器。In the context of interoperating with Novell NetWare networks, a gateway acts as a bridge between the Server Message Block (SMB) protocol used in Windows networks and the NetWare Core Protocol (NCP) used in NetWare networks. Gateways are also known as IP routers.

优选地,所述敏感信息包括用于唯一标识用户的信息和支付卡号。Preferably, the sensitive information includes information for uniquely identifying the user and a payment card number.

一种敏感信息的标识化方法,应用于上述敏感信息的标识化系统,其特征在于,包括以下步骤:A sensitive information identification method, applied to the above sensitive information identification system, is characterized in that it includes the following steps:

S1所述交易平台获取所述敏感信息,形成并发送所述交易请求;S1 The transaction platform obtains the sensitive information, forms and sends the transaction request;

S2所述网关接收所述交易请求,同时将所述交易请求发送至所述第一FPE加密机;S2 The gateway receives the transaction request, and at the same time sends the transaction request to the first FPE encryption machine;

S3所述第一FPE加密机实现所述交易请求中的所述敏感信息的标识化,形成新的交易请求;S3 the first FPE encryption machine implements the identification of the sensitive information in the transaction request to form a new transaction request;

S4所述支付平台获取所述新的交易请求,同时将请求发送至所述密钥管理平台;S4 The payment platform acquires the new transaction request, and simultaneously sends the request to the key management platform;

S5所述密钥管理平台将所述新的交易请求发送至所述第二EPF加密机进行解密;S5, the key management platform sends the new transaction request to the second EPF encryption machine for decryption;

S6发送所述解密信息至所述支付平台实现所述交易请求的交易。S6 Send the decrypted information to the payment platform to implement the transaction requested by the transaction.

优选地,其特征在于:在实现所述交易平台的交易之前,所述交易平台在所述标识化系统中进行注册,且获取所述密钥管理平台发送的加密密钥和初始向量,完成所述交易平台的注册;且在所述第一FPE加密机中存储所述初始向量,解密密钥,FPE加密密钥,以及数据格式;在密钥管理平台中存储与所述交易平台注册信息关联的所述敏感信息的密文,所述初始向量,以及所述数据格式。Preferably, it is characterized in that: before realizing the transaction of the transaction platform, the transaction platform registers in the identification system, and obtains the encryption key and initial vector sent by the key management platform, and completes all The registration of the transaction platform; and store the initial vector, decryption key, FPE encryption key, and data format in the first FPE encryption machine; store the registration information associated with the transaction platform in the key management platform The ciphertext of the sensitive information, the initialization vector, and the data format.

具体地,易平台与第一FPE加密机之间通讯要经过公网传输,所以采了非对称算法加密,交易请求首先在交易平台中使用公钥加密,即上述加密密钥,其在交易平台注册的过程中形成;随后在第一FPE加密机内通过交易平台的私钥去解密,即上述第一FPE加密机中的解密密钥,用FPE加密密钥对解密出来的信息再用标识化加密算法FPE加密。Specifically, the communication between the easy platform and the first FPE encryption machine needs to be transmitted through the public network, so an asymmetric algorithm is used for encryption. The transaction request is first encrypted with the public key on the trading platform, that is, the above-mentioned encryption key, which is encrypted on the trading platform. Formed during the registration process; then decrypted in the first FPE encryption machine through the private key of the trading platform, that is, the decryption key in the above-mentioned first FPE encryption machine, and then use the FPE encryption key to decrypt the decrypted information. Encryption algorithm FPE encryption.

优选地,在步骤S1中具体包括:Preferably, step S1 specifically includes:

S11所述交易平台获取包含所述敏感信息的交易信息,形成所述交易请求;S11 The transaction platform obtains the transaction information including the sensitive information, and forms the transaction request;

S12在交易平台中使用所述加密密钥实现所述交易请求的加密生成加密信息;S12 uses the encryption key in the transaction platform to realize the encryption of the transaction request to generate encrypted information;

S13所述交易平台将所述加密信息发出去。S13 The trading platform sends the encrypted information.

优选地,所述交易请求包括所述敏感信息和所述交易平台注册信息。Preferably, the transaction request includes the sensitive information and the transaction platform registration information.

优选地,在步骤S3中具体包括:Preferably, step S3 specifically includes:

S31所述第一FPE加密机接收所述加密信息;S31, the first FPE encryption machine receives the encrypted information;

S32所述第一FPE加密机使用所述解密密钥和初始向量实现所述加密信息的解密,获取所述敏感信息;S32 The first FPE encryption machine implements decryption of the encrypted information by using the decryption key and the initial vector, and acquires the sensitive information;

S33所述第一FPE加密机使用所述初始向量,所述FPE加密密钥,以及所述数据格式实现所述敏感信息的标识化形成密文,同时形成新的交易请求;S33 The first FPE encryption machine uses the initial vector, the FPE encryption key, and the data format to realize the identification of the sensitive information to form a ciphertext, and at the same time form a new transaction request;

S34所述第一FPE加密机将所述交易请求发送出去。S34 The first FPE encryptor sends the transaction request.

优选地,在步骤S5中具体包括:Preferably, step S5 specifically includes:

S51所述密钥管理平台根据接收到的所述密文信息获取与所述密文关联的所述初始向量,所述数据格式,以及存储在所述密钥管理平台中的密文信息;S51 The key management platform acquires the initial vector associated with the ciphertext, the data format, and ciphertext information stored in the key management platform according to the received ciphertext information;

S52所述密钥管理平台将接收到所述密文信息与存储的密文信息进行比对,实现所述密文信息的确认;S52, the key management platform compares the received ciphertext information with the stored ciphertext information, and realizes the confirmation of the ciphertext information;

S53若比对成功,则所述密钥管理平台将所述初始向量和所述数据格式,以及接收的所述密文一起发送至所述第二FPE加密机;S53 If the comparison is successful, the key management platform sends the initial vector, the data format, and the received ciphertext to the second FPE encryption machine;

S53所述第二FPE加密机实现所述密文的解密得到敏感信息;S53, the second FPE encryption machine implements decryption of the ciphertext to obtain sensitive information;

S54所述第二FPE加密机将所述敏感信息发送至所述支付平台,实现所述交易请求的支付。S54 The second FPE encryption machine sends the sensitive information to the payment platform to realize the payment of the transaction request.

本发明提供的敏感信息的标识化系统及方法,其有益效果在于:The system and method for identifying sensitive information provided by the present invention have the beneficial effects of:

1.本发明的敏感信息的标识化系统中使用FPE对敏感信息进行加密,保障了在整个通信过程中敏感信息的数据长度不发生改变,同时确保了敏感信息的安全;且在本发明中,只要根据加密密钥和初始向量,即可实现敏感信息的加密,生成口令信息,确保生成的口令信息唯一的对应于交易平台;1. In the identification system of sensitive information of the present invention, FPE is used to encrypt sensitive information, which ensures that the data length of sensitive information does not change during the entire communication process, and at the same time ensures the security of sensitive information; and in the present invention, As long as the encryption key and the initial vector are used, the encryption of sensitive information can be realized, and the password information can be generated to ensure that the generated password information uniquely corresponds to the trading platform;

2.本发明中以密钥管理平台为中心,将密钥下发给各个交易平台,各个交易平台使用FPE加密相应的敏感信息,实现系统的分布布置,相较于传统的系统,在改动较小的同时达到了成本更低的效果。2. In the present invention, the key management platform is the center, and the key is sent to each trading platform, and each trading platform uses FPE to encrypt the corresponding sensitive information, so as to realize the distributed arrangement of the system. Compared with the traditional system, it is easier to change It is small and achieves the effect of lower cost at the same time.

附图说明Description of drawings

下面结合附图和具体实施方式对本发明作进一步详细说明:Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

图1为本发明中敏感信息的标识化系统的结构示意图;Fig. 1 is a schematic structural diagram of the identification system of sensitive information in the present invention;

图2为本发明中敏感信息的标识化方法的流程示意图。Fig. 2 is a schematic flowchart of a method for identifying sensitive information in the present invention.

具体实施方式detailed description

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面结合附图和实施例对本发明进行具体的描述。下面描述中的附图仅仅是本发明的一些实施例。对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be specifically described below in conjunction with the accompanying drawings and embodiments. The drawings in the following description are only some embodiments of the invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.

如图1所示,本发明提供了一种敏感信息的标识化系统,具体包括:交易平台,网关,支付平台,密钥管理平台,第一FPE加密机,以及第二FPE加密机。As shown in Fig. 1, the present invention provides a sensitive information identification system, which specifically includes: a transaction platform, a gateway, a payment platform, a key management platform, a first FPE encryption machine, and a second FPE encryption machine.

具体地,交易平台,用于获取敏感信息,同时形成并发送交易请求。在实际应用中,交易平台包括电商平台,如京东、淘宝,苏宁等。且交易平台在使用本发明的系统进行交易之前,要在密钥管理平台中进行注册,注册的信息包括:商户名称,组织构代码,法人证件及联系方式等,则密钥管理平台为交易平台分配加密用的加密密钥及初始向量,同时将交易平台与初始向量等信息的关联存储在密钥管理平台。进一步的,交易平台中的加密密钥,如果交易可以请求进行定期更换。特别地,本发明对交易平台的具体形式,交易平台注册信息的具体形式都不做具体限定,只要其能实现本发明的目的,都包括在本发明的内容中。Specifically, the trading platform is used to obtain sensitive information, and at the same time form and send a transaction request. In practical applications, trading platforms include e-commerce platforms, such as JD.com, Taobao, Suning, etc. And the trading platform needs to register in the key management platform before using the system of the present invention to conduct transactions. The registered information includes: merchant name, organization code, legal person certificate and contact information, etc., then the key management platform is a trading platform Allocate encryption keys and initial vectors for encryption, and at the same time store the association between the transaction platform and initial vectors and other information on the key management platform. Furthermore, the encryption key in the trading platform, if the transaction can request regular replacement. In particular, the present invention does not specifically limit the specific form of the transaction platform and the specific form of the registration information of the transaction platform, as long as they can achieve the purpose of the present invention, they are all included in the content of the present invention.

进一步的,为了保障信息在传输过程的安全性能,在交易平台注册的过程中,密钥管理平台还会相应的分配安全控件对数据加密时所用的证书。特别地,交易平台与第一FPE加密机之间通讯要经过公网传输,所以采了非对称算法加密,交易平台在密钥管理平台进行注册的过程中生成公钥和私钥,其中,公钥用于加密交易平台中的交易请求,同时公钥打包进入安全控件;私钥用于解密私钥存储于第一FPE加密机。Furthermore, in order to ensure the security performance of the information during the transmission process, during the registration process of the trading platform, the key management platform will also correspondingly distribute the certificate used by the security control to encrypt the data. In particular, the communication between the trading platform and the first FPE encryption machine must be transmitted through the public network, so an asymmetric algorithm is used for encryption. The trading platform generates a public key and a private key during the registration process of the key management platform. Among them, the public key The key is used to encrypt the transaction request in the trading platform, and the public key is packaged into the security control; the private key is used to decrypt the private key and stored in the first FPE encryption machine.

网关,与交易平台连接,为交易平台接入支付平台提供接入口。进一步地,在本发明中,网关为交易平台的支付网关或支付平台的在线网关,即本发明提供的系统,包括了两种支付方式,用户即可以选择通过使用交易平台的支付网关与支付平台通信连接,也可以选择通过支付平台的在线网关与支付平台通信连接。具体地,支付平台的在线网关包括银联或银行的在先支付网关;交易平台的支付网关,可以是,如支付宝等。The gateway is connected to the transaction platform and provides an access port for the transaction platform to access the payment platform. Further, in the present invention, the gateway is the payment gateway of the transaction platform or the online gateway of the payment platform, that is, the system provided by the present invention includes two payment methods, and the user can choose to use the payment gateway of the transaction platform and the payment platform Communication connection, or you can choose to communicate with the payment platform through the online gateway of the payment platform. Specifically, the online gateway of the payment platform includes the previous payment gateway of UnionPay or the bank; the payment gateway of the transaction platform may be, for example, Alipay.

支付平台,与网关连接,用于实现交易请求的支付,即实现交易请求的清算。具体地,本发明中的支付平台包括银行的清算系统,即接收交易平台发送的交易请求,包括交易金额、交易卡号等信息实现清算过程。The payment platform, connected with the gateway, is used to realize the payment of the transaction request, that is, to realize the settlement of the transaction request. Specifically, the payment platform in the present invention includes a bank's clearing system, which receives the transaction request sent by the transaction platform, including transaction amount, transaction card number and other information to implement the clearing process.

密钥管理平台,与支付平台连接,管理和分配交易平台的密钥信息。在实际应用中,除了负责管理和分配密钥信息,还包括密钥的维护。存储交易平台注册信息相关联的加密密钥,敏感信息的密文,初始向量,证书等信息。特别地,在本发明中,密钥管理平台中分发给各个交易平台的密钥是通过加密机等硬件产生的随机数,当然,本发明对FPE加密密钥的生成形式不做限定,只要其能实现本发明的目的,都包括在本发明的内容中。The key management platform is connected with the payment platform to manage and distribute the key information of the transaction platform. In practical applications, in addition to being responsible for managing and distributing key information, it also includes key maintenance. Store the encryption key associated with the registration information of the trading platform, the ciphertext of sensitive information, the initial vector, certificate and other information. In particular, in the present invention, the key distributed to each trading platform in the key management platform is a random number generated by hardware such as an encryption machine. Of course, the present invention does not limit the generation form of the FPE encryption key, as long as it All that can realize the purpose of the present invention are included in the content of the present invention.

第一FPE加密机,与网关连接,用于实现交易请求中的敏感信息的标识化。在实际应用中,在使用之前,即系统的初始化过程中,需要对加密机进行配置,包括存储密钥管理平台分发给商户导入了交易平台解密密钥(即私钥)的证书,用于给敏感信息加密的FPE加密密钥、初始向量、以及数据格式等信息。特别地,这里说的FPE加密密钥为加密机的生成的安全的随机数,当然,本发明对FPE加密密钥的生成形式不做限定,只要其能实现本发明的目的,都包括在本发明的内容中。The first FPE encryption machine is connected to the gateway and is used to realize the identification of sensitive information in the transaction request. In practical applications, before use, that is, during the initialization process of the system, it is necessary to configure the encryption machine, including storing the certificate distributed by the key management platform to the merchant and importing the decryption key (that is, the private key) of the trading platform for giving Sensitive information encrypted FPE encryption key, initialization vector, and data format and other information. In particular, the FPE encryption key mentioned here is a safe random number generated by the encryption machine. Of course, the present invention does not limit the generation form of the FPE encryption key. As long as it can realize the purpose of the present invention, it is included in this document. the content of the invention.

进一步地,上述敏感信息包括用于唯一标识用户的信息和支付卡号等,如SSN号(Social Security Number社会安全号)。Further, the above-mentioned sensitive information includes information for uniquely identifying the user, payment card number, etc., such as SSN (Social Security Number).

本发明还提供了一种敏感信息的标识化方法,应用于上述敏感信息的标识化系统,包括以下步骤:The present invention also provides a sensitive information identification method, which is applied to the above sensitive information identification system, including the following steps:

S1交易平台获取敏感信息,形成并发送交易请求;S1 trading platform obtains sensitive information, forms and sends transaction requests;

S2网关接收交易请求,同时将交易请求发送至第一FPE加密机;The S2 gateway receives the transaction request and sends the transaction request to the first FPE encryption machine at the same time;

S3第一FPE加密机实现交易请求中的敏感信息的标识化,形成新的交易请求;The S3 first FPE encryption machine realizes the identification of sensitive information in the transaction request and forms a new transaction request;

S4支付平台获取新的交易请求,同时将请求发送至密钥管理平台;The S4 payment platform obtains a new transaction request and sends the request to the key management platform at the same time;

S5密钥管理平台将新的交易请求发送至第二EPF加密机进行解密;The S5 key management platform sends the new transaction request to the second EPF encryption machine for decryption;

S6发送解密信息至支付平台实现交易请求的交易。S6 sends the decrypted information to the payment platform to implement the transaction requested by the transaction.

具体的,在实现交易平台的交易之前,交易平台在标识化系统中进行注册,且获取密钥管理平台发送的加密密钥和初始向量,完成交易平台的注册;且在第一FPE加密机中存储初始向量,解密密钥,FPE加密密钥,以及数据格式;在密钥管理平台中存储与交易平台注册信息关联的敏感信息的密文,初始向量,以及数据格式。Specifically, before realizing the transaction on the trading platform, the trading platform registers in the identification system, and obtains the encryption key and initial vector sent by the key management platform to complete the registration of the trading platform; and in the first FPE encryption machine Store the initial vector, decryption key, FPE encryption key, and data format; store the ciphertext, initial vector, and data format of sensitive information associated with the registration information of the trading platform in the key management platform.

进一步地,在步骤S1,交易平台获取敏感信息,形成并发送交易请求中具体包括:Further, in step S1, the transaction platform obtains sensitive information, forms and sends a transaction request which specifically includes:

S11交易平台获取包含敏感信息的交易信息,形成交易请求。特别地,这里说的敏感信息,包括交易过程中要使用到的卡号,身份证信息等;交易请求包括敏感信息和交易平台注册信息,即交易请求信息除了包括敏感信息,还包括交易平台机构信息等。The S11 trading platform obtains transaction information containing sensitive information and forms a transaction request. In particular, the sensitive information mentioned here includes the card number and ID information to be used in the transaction process; the transaction request includes sensitive information and transaction platform registration information, that is, the transaction request information includes not only sensitive information but also transaction platform organization information Wait.

S12在交易平台中使用加密密钥实现交易请求的加密生成加密信息。特别地,为了进一步保障信息在传输过程中的安全,本发明中还使用相应的安全控件和证书实现数据的加密,特别地,本发明描述的安全控件,包括是一种浏览器按全控件包括在IE中安装的OCX安全控件。S12 uses the encryption key in the trading platform to encrypt the transaction request and generate encrypted information. In particular, in order to further ensure the security of information during transmission, the present invention also uses corresponding security controls and certificates to implement data encryption. In particular, the security controls described in the present invention include a browser that includes all controls OCX security control installed in IE.

S13交易平台将加密信息发出去。The S13 trading platform sends encrypted information.

进一步地,在步骤S3,第一FPE加密机实现交易请求中的敏感信息的标识化,形成新的交易请求中,具体包括:Further, in step S3, the first FPE encryption machine implements the identification of sensitive information in the transaction request to form a new transaction request, specifically including:

S31第一FPE加密机接收加密信息;S31 The first FPE encryption machine receives the encrypted information;

S32第一FPE加密机使用解密密钥和初始向量实现加密信息的解密,获取敏感信息。特别地,若交易平台中使用了安全控件和证书对数据进行了加密,则在第一FPE加密机中使用相应的存储在内部的证书对其进行解密。S32 The first FPE encryption machine uses the decryption key and the initial vector to decrypt the encrypted information and obtain sensitive information. In particular, if the transaction platform uses security controls and certificates to encrypt the data, it will be decrypted in the first FPE encryption machine using the corresponding internally stored certificates.

S33第一FPE加密机使用初始向量,FPE加密密钥,以及数据格式实现敏感信息的标识化形成密文,同时形成新的交易请求。具体地,一般来说,对敏感信息进行加密,在中间部加密,头尾4位会相应的保留,例如:SSN为7412345678900000,则经过FPE加密后的密文为7412342335260000,随后再将加密后的信息发送至第二FPE进行解密。S33 The first FPE encryption machine uses the initial vector, FPE encryption key, and data format to realize the identification of sensitive information to form ciphertext, and at the same time form a new transaction request. Specifically, in general, sensitive information is encrypted, and the middle part is encrypted, and the first and last four digits will be reserved accordingly. For example, if the SSN is 7412345678900000, the ciphertext after FPE encryption is 7412342335260000, and then the encrypted The information is sent to the second FPE for decryption.

S34第一FPE加密机将交易请求发送出去。S34 The first FPE encryption machine sends out the transaction request.

进一步地,在步骤S5中,密钥管理平台将新的交易请求发送至第二EPF加密机进行解密具体包括:Further, in step S5, the key management platform sends the new transaction request to the second EPF encryption machine for decryption, which specifically includes:

S51密钥管理平台根据接收到的密文信息获取与密文关联的初始向量,数据格式,以及存储在密钥管理平台中的密文信息。具体地,密钥管理平台在接收到密文之后,即根据接收到的密文在内部存储的关联表中进行查找,同时找到其他相关的信息,如果没有找到,则说明密文在传输的过程中被篡改过,则终止交易。S51 The key management platform obtains the initial vector associated with the ciphertext, the data format, and the ciphertext information stored in the key management platform according to the received ciphertext information. Specifically, after the key management platform receives the ciphertext, it searches the internally stored association table according to the received ciphertext, and finds other relevant information at the same time. If not found, it means that the ciphertext is being transmitted. If it has been tampered with, the transaction will be terminated.

S52密钥管理平台将接收到密文信息与存储的密文信息进行比对,实现密文信息的确认;The S52 key management platform compares the received ciphertext information with the stored ciphertext information to realize the confirmation of the ciphertext information;

S53若比对成功,则密钥管理平台将初始向量和数据格式,以及接收的密文一起发送至第二FPE加密机;若比对失败,则终止交易。S53 If the comparison is successful, the key management platform sends the initial vector, the data format, and the received ciphertext to the second FPE encryption machine; if the comparison fails, the transaction is terminated.

S53第二FPE加密机实现密文的解密得到敏感信息;S53 second FPE encryption machine implements decryption of ciphertext to obtain sensitive information;

S54第二FPE加密机将敏感信息发送至支付平台,实现交易请求的支付。支付平台中的清算系统即根据解密出来的敏感信息,如卡号,金额等信息进行清算。清算结束之后,将清算结果发送至交易平台中,供用户进行确认。S54 The second FPE encryption machine sends the sensitive information to the payment platform to realize the payment of the transaction request. The settlement system in the payment platform performs settlement based on the decrypted sensitive information, such as card number, amount and other information. After the liquidation is completed, the liquidation result will be sent to the trading platform for the user to confirm.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所做任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (5)

1.一种敏感信息的标识化系统,其特征在于,包括:1. An identification system for sensitive information, characterized in that it includes: 交易平台,网关,支付平台,密钥管理平台,第一FPE加密机,以及第二FPE加密机,其中,Trading platform, gateway, payment platform, key management platform, first FPE encryption machine, and second FPE encryption machine, wherein, 所述交易平台,用于获取敏感信息,同时形成并发送交易请求;交易请求包括敏感信息和交易平台注册信息;在交易平台中使用加密秘钥实现交易请求的加密生成加密信息,交易平台将加密信息发出去;The transaction platform is used to obtain sensitive information, and simultaneously form and send a transaction request; the transaction request includes sensitive information and transaction platform registration information; the encryption key is used in the transaction platform to realize the encryption of the transaction request to generate encrypted information, and the transaction platform will encrypt information sent out; 所述网关,与所述交易平台连接,为所述交易平台接入所述支付平台提供接入口;The gateway is connected to the transaction platform and provides an access port for the transaction platform to access the payment platform; 所述支付平台,与所述网关连接,用于实现所述交易请求的支付;The payment platform, connected to the gateway, is used to realize the payment of the transaction request; 所述密钥管理平台,与所述支付平台连接,管理和分配所述交易平台的密钥信息;根据接收到的密文信息获取密文关联的初始向量,数据格式,以及存储在密钥管理平台的中的密文信息;将接收到密文信息与存储的密文信息进行比对;若比对成功,密钥管理平台将初始向量和数据格式,以及接收的密文一起发送至第二FPE加密机;The key management platform is connected with the payment platform, manages and distributes the key information of the transaction platform; obtains the initial vector associated with the ciphertext according to the received ciphertext information, the data format, and stores in the key management The ciphertext information in the platform; compare the received ciphertext information with the stored ciphertext information; if the comparison is successful, the key management platform will send the initial vector and data format, as well as the received ciphertext to the second FPE encryption machine; 所述第一FPE加密机,与所述网关连接,用于实现所述交易请求中的敏感信息的标识化;使用解密密钥和初始向量实现加密信息的解密,获取敏感信息;使用初始向量,FPE加密密钥,以及数据格式实现敏感信息的标识化形成密文,同时形成新的交易请求;将新的交易请求发送出去;The first FPE encryption machine is connected with the gateway, and is used to realize the identification of sensitive information in the transaction request; use the decryption key and the initial vector to realize the decryption of the encrypted information, and obtain sensitive information; use the initial vector, FPE encryption key and data format realize the identification of sensitive information to form ciphertext, and at the same time form a new transaction request; send the new transaction request; 所述第二FPE加密机,与所述密钥管理平台连接,用于实现标识化后的敏感信息的解密。The second FPE encryption machine is connected to the key management platform, and is used to decrypt the marked sensitive information. 2.如权利要求1所述敏感信息的标识化系统,其特征在于:所述网关为所述交易平台的支付网关或所述支付平台的在线网关。2. The system for identifying sensitive information according to claim 1, wherein the gateway is a payment gateway of the transaction platform or an online gateway of the payment platform. 3.如权利要求1所述敏感信息的标识化系统,其特征在于:所述敏感信息包括用于唯一标识用户的信息和支付卡号。3. The system for identifying sensitive information according to claim 1, wherein the sensitive information includes information for uniquely identifying a user and a payment card number. 4.一种敏感信息的标识化方法,应用于如权利要求1-3任一所述敏感信息的标识化系统,其特征在于,包括以下步骤:4. A method for marking sensitive information, applied to the marking system for sensitive information according to any one of claims 1-3, characterized in that it comprises the following steps: S1所述交易平台获取所述敏感信息,形成并发送所述交易请求;S1 The transaction platform obtains the sensitive information, forms and sends the transaction request; S2所述网关接收所述交易请求,同时将所述交易请求发送至所述第一FPE加密机;S2 The gateway receives the transaction request, and at the same time sends the transaction request to the first FPE encryption machine; S3所述第一FPE加密机实现所述交易请求中的所述敏感信息的标识化,形成新的交易请求;S3 the first FPE encryption machine implements the identification of the sensitive information in the transaction request to form a new transaction request; S4所述支付平台获取所述新的交易请求,同时将请求发送至所述密钥管理平台;S4 The payment platform acquires the new transaction request, and simultaneously sends the request to the key management platform; S5所述密钥管理平台将所述新的交易请求发送至所述第二FEP加密机进行解密;S5, the key management platform sends the new transaction request to the second FEP encryption machine for decryption; S6发送所述解密信息至所述支付平台实现所述交易请求的交易;S6 sends the decrypted information to the payment platform to implement the transaction requested by the transaction; 在步骤S1中具体包括:S11所述交易平台获取包含所述敏感信息的交易信息,形成所述交易请求;Step S1 specifically includes: S11, the transaction platform obtains the transaction information including the sensitive information, and forms the transaction request; S12在交易平台中使用所述加密密钥实现所述交易请求的加密生成加密信息;S12 uses the encryption key in the transaction platform to realize the encryption of the transaction request to generate encrypted information; S13所述交易平台将所述加密信息发出去;S13, the trading platform sends the encrypted information; 在步骤S3中具体包括:S31所述第一FPE加密机接收所述加密信息;In step S3, it specifically includes: S31, the first FPE encryption machine receives the encrypted information; S32所述第一FPE加密机使用所述解密密钥和初始向量实现所述加密信息的解密,获取所述敏感信息;S32 The first FPE encryption machine implements decryption of the encrypted information by using the decryption key and the initial vector, and obtains the sensitive information; S33所述第一FPE加密机使用所述初始向量,所述FPE加密密钥,以及所述数据格式实现所述敏感信息的标识化形成密文,同时形成新的交易请求;S33 The first FPE encryption machine uses the initial vector, the FPE encryption key, and the data format to realize the identification of the sensitive information to form a ciphertext, and at the same time form a new transaction request; S34所述第一FPE加密机将所述交易请求发送出去;S34 The first FPE encryption machine sends the transaction request; 在步骤S5中具体包括:S51所述密钥管理平台根据接收到的所述密文信息获取与所述密文关联的所述初始向量,所述数据格式,以及存储在所述密钥管理平台中的密文信息;Step S5 specifically includes: S51 The key management platform obtains the initial vector associated with the ciphertext according to the received ciphertext information, the data format, and stores it in the key management platform The ciphertext information in; S52所述密钥管理平台将接收到所述密文信息与存储的密文信息进行比对,实现所述密文信息的确认;S52, the key management platform compares the received ciphertext information with the stored ciphertext information, and realizes the confirmation of the ciphertext information; S53若比对成功,则所述密钥管理平台将所述初始向量和所述数据格式,以及接收的所述密文一起发送至所述第二FPE加密机;S53 If the comparison is successful, the key management platform sends the initial vector, the data format, and the received ciphertext to the second FPE encryption machine; S53所述第二FPE加密机实现所述密文的解密得到敏感信息;S53, the second FPE encryption machine implements decryption of the ciphertext to obtain sensitive information; S54所述第二FPE加密机将所述敏感信息发送至所述支付平台,实现所述交易请求的支付。S54 The second FPE encryption machine sends the sensitive information to the payment platform to realize the payment of the transaction request. 5.如权利要求4所述敏感信息的标识化方法,其特征在于:5. The method for identifying sensitive information according to claim 4, characterized in that: 在实现所述交易平台的交易之前,所述交易平台在所述标识化系统中进行注册,且获取所述密钥管理平台发送的加密密钥和初始向量,完成所述交易平台的注册;在密钥管理平台中存储与所述交易平台注册信息关联的敏感信息的密文,初始向量,以及数据格式;且在所述第一FPE加密机中存储所述步骤S31~S34中使用到的初始向量,解密密钥,FPE加密密钥,以及数据格式。Before realizing the transaction of the transaction platform, the transaction platform registers in the identification system, and obtains the encryption key and initial vector sent by the key management platform, and completes the registration of the transaction platform; The key management platform stores the ciphertext of the sensitive information associated with the transaction platform registration information, the initial vector, and the data format; and stores the initial data used in the steps S31 to S34 in the first FPE encryption machine. vector, decryption key, FPE encryption key, and data format.
CN201410609081.5A 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information Active CN104361489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410609081.5A CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410609081.5A CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Publications (2)

Publication Number Publication Date
CN104361489A CN104361489A (en) 2015-02-18
CN104361489B true CN104361489B (en) 2018-01-09

Family

ID=52528747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410609081.5A Active CN104361489B (en) 2014-11-03 2014-11-03 A kind of mark system and method for sensitive information

Country Status (1)

Country Link
CN (1) CN104361489B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295366B (en) * 2016-08-15 2020-11-24 北京奇虎科技有限公司 Sensitive data identification method and device
CN106295367A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 Data ciphering method and device
CN109729063B (en) * 2018-05-14 2022-02-25 网联清算有限公司 Information processing method and information processing system applied to encryption machine
CN109543399B (en) * 2018-11-12 2022-12-23 中国联合网络通信有限公司重庆市分公司 A Method of Preventing the OCX Control of the Second Generation ID Card Reader from being Tampered
CN111553667B (en) * 2020-04-02 2024-11-12 中国银联股份有限公司 Transaction method, gateway device, payment platform, merchant device and transaction system
CN112769759B (en) * 2020-12-22 2021-10-26 北京深思数盾科技股份有限公司 Information processing method, information gateway, server and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018130A (en) * 2007-02-15 2007-08-15 物方恒德(北京)投资咨询有限公司 Finance business system and finance business processing method
CN101685512A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Computer, payment system and method thereof for realizing on-line payment
CN102592107A (en) * 2011-12-31 2012-07-18 成都天钥科技有限公司 Method, device and system for realizing commodity business on handheld terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018130A (en) * 2007-02-15 2007-08-15 物方恒德(北京)投资咨询有限公司 Finance business system and finance business processing method
CN101685512A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Computer, payment system and method thereof for realizing on-line payment
CN102592107A (en) * 2011-12-31 2012-07-18 成都天钥科技有限公司 Method, device and system for realizing commodity business on handheld terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于多种终端接入和数据安全的电子支付平台设计";周蔚林;《中国优秀硕士学位论文全文数据库 经济与管理科学辑》;20120515(第05期);第2章,图2.6 *

Also Published As

Publication number Publication date
CN104361489A (en) 2015-02-18

Similar Documents

Publication Publication Date Title
CN104361489B (en) A kind of mark system and method for sensitive information
CN111431713B (en) Private key storage method and device and related equipment
US9306905B2 (en) Secure access to application servers using out-of-band communication
CN105009509B (en) It is expanded in the information by trust anchor based on title/prefix Routing Protocol in heart network
WO2017084273A1 (en) Handshake method, device and system for client and server
CN101534192B (en) System used for providing cross-domain token and method thereof
CN103051628A (en) Method and system for obtaining authentication token based on servers
CN102594823A (en) Trusted system for remote secure access of intelligent home
EP3639498A1 (en) Certificate pinning in highly secure network environments using public key certificates obtained from a dhcp (dynamic host configuration protocol) server
US20170070486A1 (en) Server public key pinning by url
CN111935213A (en) Distributed trusted authentication virtual networking system and method
KR101348079B1 (en) System for digital signing using portable terminal
CN107347073A (en) A kind of resource information processing method
JP2012181662A (en) Account information cooperation system
WO2014040537A1 (en) Terminal data encryption method and device
CN114127764A (en) Destination addressing associated with distributed ledger
CN109995723B (en) Method, device and system for DNS information interaction of domain name resolution system
CN114398688A (en) A Communication System Based on Quantum Encryption Box
AU2022263492B2 (en) Method and system for performing cryptocurrency asset transactions
CN107040401A (en) Wired local network user management system and method with safety and function expansion
CN107809412A (en) The method and apparatus being decrypted using the website certificate and private key of targeted website
CN104980276B (en) Identity identifying method for safety information interaction
CN101827079A (en) Blocking and attacking-resistant terminal connection building method and terminal access authenticating system
CN107689867B (en) A key protection method and system in an open environment
CN113688405B (en) Bidirectional authentication hybrid encryption method based on blockchain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160310

Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China

Applicant after: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4

Applicant before: SHANGHAI PEOPLENET TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241016

Address after: Room 503, Building 3, No. 6 Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province 364031

Patentee after: Xie Xinyong

Country or region after: China

Address before: 201821 211, room 4, 1411 Yecheng Road, Jiading Industrial Zone, Shanghai.

Patentee before: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241024

Address after: 201111 floor 2, building 2, No. 1508, Kunyang Road, Minhang District, Shanghai

Patentee after: Shanghai Ouxin Technology Co.,Ltd.

Country or region after: China

Address before: Room 503, Building 3, No. 6 Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province 364031

Patentee before: Xie Xinyong

Country or region before: China