CN106951483A - Based on storing process realize across logic isolate by force and security audit communication means - Google Patents
Based on storing process realize across logic isolate by force and security audit communication means Download PDFInfo
- Publication number
- CN106951483A CN106951483A CN201710141606.0A CN201710141606A CN106951483A CN 106951483 A CN106951483 A CN 106951483A CN 201710141606 A CN201710141606 A CN 201710141606A CN 106951483 A CN106951483 A CN 106951483A
- Authority
- CN
- China
- Prior art keywords
- storing process
- web service
- security audit
- logic
- isolate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000012550 audit Methods 0.000 title claims abstract description 24
- 238000004891 communication Methods 0.000 title claims abstract description 19
- 238000012546 transfer Methods 0.000 claims abstract description 22
- 230000002596 correlated effect Effects 0.000 claims abstract description 5
- 238000012795 verification Methods 0.000 claims description 21
- 238000013475 authorization Methods 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
- G06F16/211—Schema design and management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Water Supply & Treatment (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- General Health & Medical Sciences (AREA)
- Public Health (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses it is a kind of based on storing process realize across logic isolate by force and security audit communication means, including:Request storing process is built, and defines correlated inputs parameter;Perform the security audit function of storing process;Transfer Web Service are asked, and escape request results generate legal character format;Dynamic call Web Service, and return result to storing process.The present invention need not consider the trans-regional security access restriction of power system, and lower security hierarchical region directly invokes the Web Service interfaces in high safety region;Meet electrical power system network safety requirement, and disclosure satisfy that all Web Service demands, the communication support of safety convenient is provided for the Mobile solution in power system.
Description
Technical field
The invention belongs to communication technical field, it is related to a kind of realized based on storing process and isolates by force and security audit across logic
Communication means.
Background technology
With developing rapidly for mobile network in the last few years, Mobile solution is also widely used in power system,
Requirement due to power system to network security, although power system heterogeneous networks region can be realized by being isolated by force by logic
Isolation, lower security hierarchical region can access the database in high safety grade region, transmitted in both directions file, but can not call Gao An
The Web Service of full hierarchical region, limit the functional development of application with using, in the urgent need to a kind of offer of technology directly across
The Web Service communications of network area, and can be required by security audit.
The content of the invention
It is of the prior art not enough strong across logic based on storing process realization there is provided one kind it is an object of the invention to overcome
Isolation and the communication means of security audit, the Web in high safety grade region can not be called by solving lower security hierarchical region
Service, the functional development for limiting application and the technical problem used.
In order to solve the above technical problems, the technical solution adopted in the present invention is:Realized based on storing process strong across logic
Isolation and the communication means of security audit, methods described include:
Request storing process is built, and defines correlated inputs parameter;
Perform the security audit function of storing process;
Transfer Web Service are asked, and escape request results generate legal character format;
Dynamic call Web Service, and return result to storing process.
Described to build request storing process, the input parameter of storing process includes:Act on behalf of Web Service addresses, target
Web Service addresses, target Web Service solicited message, value transfer name, character code name.
The security audit includes:Input parameter is verified, using registration checking and function authority checking.
Whether the application registration checking is registered according to application message checking application;The application message includes:Using
Numbering, Apply Names, account, password.
The function authority checking be according to function authorization message checking request whether function mandate;The function mandate letter
Breath includes:Function title, function numbering, reference address, authorized account.
The input parameter verification includes:
Verification " it is not empty to act on behalf of Web Service addresses ", verification " target Web Service addresses are not empty ", verification " biography value
" character code is not for the entitled GET or POST " of method, verification " during using post requests, solicited message be empty ", verification
Sky ", verification " type of coding for being encoded to storing process support ".
The specific method of transfer Web Service request is:Proxy requests are decoded, according to request address,
Request data, the request of value transfer dynamic construction.
The transfer Web Service requests are to realize that storing process is directly adjusted by calling oracle database to strengthen bag
With transfer Web Service.
The dynamic call Web Service are that transfer Web Service check incoming parameter, including:Target Web
Service addresses and destination request parameter, parameter testing pass through rear, dynamic call target Web Service and incoming target
Required parameter.
Compared with prior art, the beneficial effect that is reached of the present invention is:
1st, the trans-regional security access restriction of power system need not be considered, lower security hierarchical region directly invokes high safety region
Web Service interfaces;
2nd, meet electrical power system network safety requirement, and disclosure satisfy that all Web Service demands, be the shifting in power system
Dynamic application provides the communication support of safety convenient.
Brief description of the drawings
Fig. 1 is flow chart of the present invention.
Embodiment
The invention will be further described below in conjunction with the accompanying drawings.Following examples are only used for clearly illustrating the present invention
Technical scheme, and can not be limited the scope of the invention with this.
The inventive method is before implementation, it is necessary first to which it is direct there is provided storing process to install enhancing bag to oracle database
Call Web Service related dependant storehouse.
As shown in figure 1, be the flow chart of the present invention, including:
(1)Request storing process is built, and defines correlated inputs parameter;
Request storing process is built in electric power lower security area database, the correlated inputs parameter of storing process includes:Act on behalf of Web
Service addresses, target Web Service addresses, target Web Service solicited message(Copyright is accorded with and registration symbol needs
Oneself escape), value transfer name, character code name.
(2)The security audit function of storing process is performed, the identity and input parameter of caller is audited, shielding is illegally called
Request, it is ensured that incoming application, password are legal effectively when calling.
Security audit includes:Input parameter is verified, using registration checking and function authority checking.
Input parameter verification includes:Verification " it is not sky to act on behalf of Web Service addresses ", verification " target Web Service
Address for sky ", verification " the entitled GET or POST " of value transfer, verification " using post request when, solicited message for sky ",
Verification " character code name is not sky ", verification " type of coding for being encoded to storing process support ".
Using registration checking whether registered according to application message checking application.Application message includes:Application numbers, application
Title, account, password.
Function authority checking be according to function authorization message checking request whether function mandate.Function authorization message includes:
Function title, function numbering, reference address, authorized account.
Need to record detailed authority record after the completion of security audit, authority record includes account title, function title, awarded
Power state and mandate time.
(3)Transfer Web Service are asked, and escape request results generate legal character format, to the Web for needing to access
Service enters address line character escape, it is to avoid fail because the character do not supported causes to access;Transfer Web Service are asked
It is to realize that storing process directly invokes transfer Web Service by calling oracle database to strengthen bag.Specific method is:It is right
Proxy requests are decoded, and are asked according to request address, request data, value transfer dynamic construction.
(4)Dynamic call Web Service, and storing process is returned result to, transfer Web Service check incoming
Parameter, including target Web Service addresses and destination request parameter, parameter testing pass through rear dynamic call target Web
Service and incoming destination request parameter, then pass to storing process by the target Web Service results returned.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, on the premise of the technology of the present invention principle is not departed from, some improvement and deformation can also be made, these improve and deformed
Also it should be regarded as protection scope of the present invention.
Claims (9)
1. based on storing process realize across logic isolate by force and security audit communication means, it is characterised in that methods described bag
Include:
Request storing process is built, and defines correlated inputs parameter;
Perform the security audit function of storing process;
Transfer Web Service are asked, and escape request results generate legal character format;
Dynamic call Web Service, and return result to storing process.
2. it is according to claim 1 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, described to build request storing process, the input parameter of storing process includes:Act on behalf of Web Service addresses, target
Web Service addresses, target Web Service solicited message, value transfer name, character code name.
3. it is according to claim 1 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, the security audit includes:Input parameter is verified, using registration checking and function authority checking.
4. it is according to claim 3 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, whether the application registration checking is registered according to application message checking application;The application message includes:Using
Numbering, Apply Names, account, password.
5. it is according to claim 3 based on storing process realize across logic isolate by force and security audit communication means, its
Be characterised by, the function authority checking be according to function authorization message checking request whether function mandate;The function mandate
Information includes:Function title, function numbering, reference address, authorized account.
6. it is according to claim 3 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, the input parameter verification includes:
Verification " it is not empty to act on behalf of Web Service addresses ", verification " target Web Service addresses are not empty ", verification " biography value
" character code is not for the entitled GET or POST " of method, verification " during using post requests, solicited message be empty ", verification
Sky ", verification " type of coding for being encoded to storing process support ".
7. it is according to claim 1 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, the specific method of the transfer Web Service requests is:Proxy requests are decoded, according to request address,
Request data, the request of value transfer dynamic construction.
8. it is according to claim 7 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, the transfer Web Service requests are to realize that storing process is direct by calling oracle database to strengthen bag
Call transfer Web Service.
9. it is according to claim 1 based on storing process realize across logic isolate by force and security audit communication means, its
It is characterised by, the dynamic call Web Service are that transfer Web Service check incoming parameter, including:Target Web
Service addresses and destination request parameter, parameter testing pass through rear, dynamic call target Web Service and incoming target
Required parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710141606.0A CN106951483A (en) | 2017-03-10 | 2017-03-10 | Based on storing process realize across logic isolate by force and security audit communication means |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710141606.0A CN106951483A (en) | 2017-03-10 | 2017-03-10 | Based on storing process realize across logic isolate by force and security audit communication means |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106951483A true CN106951483A (en) | 2017-07-14 |
Family
ID=59467936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710141606.0A Pending CN106951483A (en) | 2017-03-10 | 2017-03-10 | Based on storing process realize across logic isolate by force and security audit communication means |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106951483A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108255967A (en) * | 2017-12-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Call method, device, storage medium and the terminal of storing process |
| CN108965283A (en) * | 2018-07-06 | 2018-12-07 | 中国电力财务有限公司 | A kind of means of communication, device, application server and communication system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| CN101848241A (en) * | 2010-05-06 | 2010-09-29 | 安徽省电力公司合肥供电公司 | Ies500 automatic real-time data and information system transmission interface |
| CN103036903A (en) * | 2012-12-26 | 2013-04-10 | 北京中电普华信息技术有限公司 | Data processing method and web service assembly |
| CN104298756A (en) * | 2014-10-22 | 2015-01-21 | 浪潮软件集团有限公司 | Method for exchanging data between databases based on internal and external networks |
| CN105530254A (en) * | 2015-12-17 | 2016-04-27 | 浙江工业大学 | Data communication method between internal and external networks |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
-
2017
- 2017-03-10 CN CN201710141606.0A patent/CN106951483A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820449A (en) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | Cross-safety zone application service isolation platform |
| CN101848241A (en) * | 2010-05-06 | 2010-09-29 | 安徽省电力公司合肥供电公司 | Ies500 automatic real-time data and information system transmission interface |
| CN103036903A (en) * | 2012-12-26 | 2013-04-10 | 北京中电普华信息技术有限公司 | Data processing method and web service assembly |
| CN104298756A (en) * | 2014-10-22 | 2015-01-21 | 浪潮软件集团有限公司 | Method for exchanging data between databases based on internal and external networks |
| CN105530254A (en) * | 2015-12-17 | 2016-04-27 | 浙江工业大学 | Data communication method between internal and external networks |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108255967A (en) * | 2017-12-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Call method, device, storage medium and the terminal of storing process |
| CN108255967B (en) * | 2017-12-26 | 2021-03-02 | 平安科技(深圳)有限公司 | Method and device for calling storage process, storage medium and terminal |
| CN108965283A (en) * | 2018-07-06 | 2018-12-07 | 中国电力财务有限公司 | A kind of means of communication, device, application server and communication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| CN101447872B (en) | User identity authentication method, system thereof and identifying code generating maintenance subsystem | |
| EP2215747B1 (en) | Method and devices for enhanced manageability in wireless data communication systems | |
| CN111083220A (en) | Method for providing financial service application | |
| CN102823218A (en) | Method and apparatus for identity federation gateway | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN102546532A (en) | Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system | |
| CN103619020A (en) | Mobile payment security system for wireless data private network physical isolation internet | |
| CN106060034A (en) | Account login method and device | |
| CN115460606B (en) | Method and device for enhancing security of control plane based on 5G core network | |
| CN103391539A (en) | Internet protocol multimedia subsystem (IMS) account opening method, device and system | |
| CN105025480B (en) | The method and system of subscriber card digital signature authentication | |
| CN116193440B (en) | User plane method and device for improving service security of 5G heterogeneous network | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| CN106713315A (en) | Login method and device for plug-in application | |
| CN106951483A (en) | Based on storing process realize across logic isolate by force and security audit communication means | |
| CN111818491A (en) | Decentralized identity management method under 5G environment D2D scene | |
| CN101977379A (en) | Authentication method and device of mobile terminal | |
| CN102811369A (en) | Security authentication method during video sharing and handheld equipment | |
| CN110474922A (en) | A kind of communication means, PC system and access control router | |
| CN103957189A (en) | Application program interaction method and device | |
| CN102255904A (en) | Communication network and terminal authentication method thereof | |
| WO2021129803A1 (en) | Information processing method and communication apparatus | |
| CN117278988A (en) | 5G high-security private network application trusted identity dual authentication access method, network element and system | |
| CN100349495C (en) | Adaptive hierarchical discrimination algorithm in LCS system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170714 |
|
| RJ01 | Rejection of invention patent application after publication |