CN107070942A - A kind of data security method and related system - Google Patents

A kind of data security method and related system Download PDF

Info

Publication number
CN107070942A
CN107070942A CN201710313168.1A CN201710313168A CN107070942A CN 107070942 A CN107070942 A CN 107070942A CN 201710313168 A CN201710313168 A CN 201710313168A CN 107070942 A CN107070942 A CN 107070942A
Authority
CN
China
Prior art keywords
data
damage
save
default
saved
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710313168.1A
Other languages
Chinese (zh)
Other versions
CN107070942B (en
Inventor
徐茂兰
甄诚
赵伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guoxin Kaning Data Technology Co Ltd
Original Assignee
Guoxin Kaning Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guoxin Kaning Data Technology Co Ltd filed Critical Guoxin Kaning Data Technology Co Ltd
Priority to CN201710313168.1A priority Critical patent/CN107070942B/en
Publication of CN107070942A publication Critical patent/CN107070942A/en
Application granted granted Critical
Publication of CN107070942B publication Critical patent/CN107070942B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of data security method and related system.Methods described includes:The data for receiving the transmission of financial business server save request from damage;Parse the data and save the default data saved from damage a little that the financial business client included in request and/or financial business server are gathered in operation flow is performed from damage;The data saved from damage a little parsed are signed and encrypted;Solidified in signature and the data of encryption deposit database;The data backup solidified in the database is saved from damage standby system and be synchronized to default data security mechanism to default.The present invention carries out the data of transaction in the very first time collection and solidification of evidence; when occurring legal dispute for later stage client or loan platform; strong evidence chain is provided; and then protect the economic asset safety of validated user during loan; the saboteur of black economy behavior is punished, the well atmosphere of national economy environment is safeguarded.

Description

A kind of data security method and related system
Technical field
The present invention relates to areas of information technology, more particularly to a kind of data security method and related system.
Background technology
Current internet loan transaction is mainly the credit by being initiated for mobile phone A PP and two kinds of PC PC ends channel Behavior of lending, loan platform is generally the private enterprise among the people or national part financial institution, is borrowed in some internet financial platforms etc. Money platform runs away one after another, in the case of causing huge disaster to loan customer individual, has also upset the good of national economy environment Atmosphere.
On current internet financial transaction platform, transaction data is only stored in the server of loan platform provider, Data do not have the solidification of notary organs of third country, often can be by artificially changing data when there is loan dispute Storehouse data, cause the phenomenon of lack of evidence, and then cause loan customer after being run away by loan platform, it is impossible to provided to law court Testimonial material with legal effect, to ensure that oneself legal economic interests obtains the due protection of law.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on State a kind of data security method and related system of problem.
In a first aspect, the embodiment of the present invention provides a kind of data security method, including:
The data for receiving the transmission of financial business server save request from damage;
Parse the data and save the financial business client included in request and/or financial business server from damage in execution The default data saved from damage a little gathered in operation flow;
The data saved from damage a little parsed are signed and encrypted;
By by being solidified in signature and the data of encryption deposit database;
By the data backup solidified in the database to it is default save standby system from damage and be synchronized to default data protect Full mechanism.
In one embodiment, the data are parsed and save the financial business client and/or finance included in request from damage After the data saved from damage a little that service server is gathered in execution operation flow, in addition to:
To the data parsed, carry out file type and whether signable verification.
In one embodiment, the data save from damage request in comprising financial business client perform operation flow in adopt The default data saved from damage a little of collection are the data that default signature and encryption are carried out in financial business client-side;
The described pair of data that parse, carry out file type and whether after signable verification, in addition to:
The financial business client is gathered according to manner of decryption corresponding with financial business client and signature scheme The checking that is decrypted and signs of the default data saved from damage a little;
When decryption and after being verified of signature, the default data saved from damage are sent to default message queue.
In one embodiment, also include before the data saved from damage a little parsed being signed and encrypted:
The message queue is monitored, the default data saved from damage are read from the message queue;
The described pair of data saved from damage parsed are signed and encrypted, and will be stored in number by the data signed and encrypted According to being solidified in storehouse, specifically include:
The default data saved from damage are signed, after signing successfully, document is generated and is encrypted;
By the default MongoDB databases of data deposit encrypted of having signed.
In one embodiment, the data backup solidified in the database is saved from damage standby system and synchronous to default Save certification authority from damage to default, including:
The document one that the data solidified in database, the index of the data and the data are generated in signature And be sent to it is default save standby system from damage and backed up and be synchronized to default save certification authority from damage.
Second aspect, the embodiment of the present invention provides a kind of data and saves front-end system from damage, including:
Receiving module, the data for receiving the transmission of financial business server save request from damage;
Parsing module, saves the financial business client and/or financial circles that are included in request from damage for parsing the data The default data saved from damage a little that business server is gathered in operation flow is performed;
Sending module, saves core system from damage for the default data saved from damage a little to be sent into data.
In one embodiment, above-mentioned data save front-end system from damage, in addition to:
First correction verification module, for parse during the data save request from damage the financial business client that includes and/or Financial business server saves request from damage to the data and carries out IP before the data saved from damage a little gathered in performing operation flow White list is filtered and the verification of IP request headers compliance;After white list filtering and compliance verification pass through, to heading and message Volume data carries out non-NULL verification.
In one embodiment, above-mentioned data save front-end system from damage, in addition to:
Second inspection module, for parse during the data save request from damage the financial business client that includes and/or Financial business server is after the data saved from damage a little gathered in performing operation flow, to the data parsed, carries out file Type and whether signable verification.
In one embodiment, above-mentioned data save front-end system from damage, in addition to:Client saves Data Verification module from damage;
The data are saved from damage in request and default saved from damage comprising what financial business client was gathered in operation flow is performed The data of point are the data that default signature and encryption are carried out in financial business client-side;
Whether the client saves Data Verification module from damage, in the data to parsing, carrying out file type and may be used After the verification of signature, the default guarantor gathered according to manner of decryption corresponding with client and signature scheme to the client The checking that the data put entirely are decrypted and signed;
The sending module, specifically for when the client save from damage Data Verification module decryption and signature be verified Afterwards, the default data saved from damage are sent to default message queue.
The third aspect, the embodiment of the present invention provides a kind of data and saves core system from damage, including:
Acquisition module, saves the default data saved from damage a little of front-end system transmission from damage for obtaining data;
Signature blocks, are signed for parsing the default data saved from damage a little;
Encrypting module, the data after being signed for the signature blocks are encrypted;
Database curing module, for the data signed by the signature blocks and encrypting module is encrypted to be stored in into data Solidified in storehouse;
Backup module, for saving the data backup solidified in the database from damage standby system to default.
In one embodiment, the backup module, specifically for by the rope of the data solidified in database, the data Draw and data document for generating in signature is sent to default standby system of saving from damage and backed up in the lump.
Fourth aspect, the embodiment of the present invention provides a kind of data and saves standby system from damage, including:
Save data acquisition module from damage, save the message queue of core system transmission from damage for monitored data, it is standby to obtain needs Part save data from damage;It is described to need that backs up to save data from damage, it is included in data and saves the data solidified in core system, the number from damage According to index and the data document that generates in signature;
Correction verification module, for needing the data of saving from damage backed up to carry out compliance verification;
Curing module, saves the database that data write saves standby system itself from damage in data from damage for will verify after passing through In;
Save data simultaneous module from damage, for saving the data syn-chronization of saving from damage verified after passing through from damage certification authority to default.
5th aspect, the embodiment of the present invention provides a kind of data and saves integrated system from damage, including:Above-mentioned data save preposition system from damage Unite, above-mentioned data save core system from damage and above-mentioned data save standby system from damage.
In one embodiment, the data save that front-end system, the data save core system from damage and data save standby from damage from damage Part system is realized using server cluster.
The beneficial effect of above-mentioned technical proposal provided in an embodiment of the present invention at least includes:
The embodiments of the invention provide the solution that a kind of data of internet financial business are saved from damage, to internet finance The data of the key node of the operation flow of each in business carry out real-time cure, and are stored in the data with data survival capability Save center from damage, data save center from damage while self-curing electronic evidence, also save solidification from damage data syn-chronization to authority's Data security mechanism, carries out the data of transaction in the very first time collection and solidification of evidence, is that later stage client or loan are flat Pacify when legal dispute occurs for platform there is provided the economic asset of validated user during strong evidence chain, and then protection loan Entirely, the saboteur of black economy behavior is punished, the well atmosphere of national economy environment is safeguarded.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and constitutes a part for specification, the reality with the present invention Applying example is used to explain the present invention together, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is one of flow chart of data security method provided in an embodiment of the present invention;
Fig. 2 is the two of the flow chart of data security method provided in an embodiment of the present invention;
Fig. 3 is the three of the flow chart of data security method provided in an embodiment of the present invention;
Fig. 4 is that client SDK provided in an embodiment of the present invention gathers the flow chart for saving data a little from damage;
Fig. 5 is the process chart that data provided in an embodiment of the present invention save front-end system from damage;
Fig. 6 is the process chart that data provided in an embodiment of the present invention save core system from damage;
Fig. 7 is the process chart that data provided in an embodiment of the present invention save standby system from damage;
Fig. 8 is the structural representation that data provided in an embodiment of the present invention save front-end system from damage;
Fig. 9 is the structural representation that data provided in an embodiment of the present invention save core system from damage;
Figure 10 is the structural representation that data provided in an embodiment of the present invention save standby system from damage;
Figure 11 is that data provided in an embodiment of the present invention save the framework that integrated system uses server cluster mode to dispose from damage Figure.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
In order to which the both parties to financial transaction platform are that service provider and client provide the proof with legal effect Material carries out the preservation of evidence, it is necessary in the flow of financial business to each node of financial business flow, so, once hair Raw dispute, can be provided the evidence of transaction flow by the side of saving from damage with public credibility, it is ensured that the warp of the participation each side of financial transaction Ji interests obtain the due protection of law.
In order to which data security method provided in an embodiment of the present invention is better described, for the network rack involved by this method Structure is briefly described, be related in the network architecture financial business server, financial business client, data save from damage center with And data security mechanism (for example can be to save the more authoritative mechanism in center from damage compared with data);Wherein:
Financial business server, can be the server of various financial platforms, including but not limited to various commercial bank etc.;
Financial business client, including all kinds of can carry out mobile phone A PP, WEB edition client of internet financial business etc.;
At least one financial business client is connected with financial business server, is communicated by various communication modes.
Data save center from damage, typically can be the server clusters of the third-party platform with data survival capability.Data Saving center from damage can save that front-end system, data save core system from damage and data save standby system etc. from damage from damage comprising data, it is overall come The solidification and backup of data are performed, and is sent to and saves the functions such as certification authority from damage.
Data security mechanism for example can be to save center more authoritative mechanism, when there is legal dispute, energy from damage compared with data The data for enough saving center preservation from damage for data are saved offer evidence from damage and supported.
Data are saved center from damage and are connected with financial business server and data security mechanism.The embodiment of the present invention does not limit tool The connected mode of body.
A kind of data security method provided in an embodiment of the present invention, may be implemented in above-mentioned data and saves center from damage, such as Fig. 1 institutes Show, this method includes following flows:
The data that S11, reception financial business server are sent save request from damage;
S12, parse the data and save the financial business client that includes and/or financial business server in request from damage and exist Perform the default data saved from damage a little gathered in operation flow;
S13, the data saved from damage a little parsed are signed and encrypted;
Solidified in S14, the data deposit database that process is signed and encrypted;
S15, by the data backup solidified in database to it is default save standby system from damage and be synchronized to default data protect Full mechanism.
The embodiments of the invention provide the solution that a kind of data of internet financial business are saved from damage, to internet finance The data of the key node of the operation flow of each in business carry out real-time cure, and are stored in the data with data survival capability Save center from damage, data save center from damage while self-curing electronic evidence, also save solidification from damage data syn-chronization to authority's Data security mechanism, carries out the data of transaction in the very first time collection and solidification of evidence, is that later stage client or loan are flat Pacify when legal dispute occurs for platform there is provided the economic asset of validated user during strong evidence chain, and then protection loan Entirely, the saboteur of black economy behavior is punished, the well atmosphere of national economy environment is safeguarded.
In one embodiment, parsed in above-mentioned steps S12 the data save from damage in request the client that includes and/or Financial business server is before the data saved from damage a little gathered in performing operation flow, and the above method can also carry out following steps Suddenly:Data are saved from damage with request and carries out the filtering of IP white lists and the verification of IP request headers compliance;
The filtering of IP white lists, is mainly to ensure that and saves request from damage from legal source, for be not belonging to IP white lists and/ It is not further to be handled or the data of IP request headers compliance verification save request from damage.
After white list filtering and compliance verification pass through, then non-NULL verification is carried out to heading and message volume data.
After verification passes through, then data are saved from damage with the content of the message volume data of request parse.
In one embodiment, the data parsed in above-mentioned steps S12 save the client included in request and/or gold from damage Melt service server after the data saved from damage a little gathered in performing operation flow, the above method can also carry out following step:
To the data parsed, carry out file type and whether signable verification.
Because financial business client needs to transmit the electronic evidence of each client node by financial business server Save center from damage to data to be stored, on the one hand, in order to prevent client itself altered data, on the other hand, prevent from client Hold financial business server, electronic evidence is distorted from the transmitting procedure of financial business server, it is ensured that data it is true Reality, it is preferred that the data that the client that client collects itself saves node from damage are signed and are then forwarded to after being encrypted Financial business server, is then then forwarded to data by financial business server and saves center from damage.
Financial business server can save data a little from damage to the server of itself collection, and data guarantor is then forwarded to after encryption Full center, or the data saved from damage a little of the server for directly gathering itself are sent to data and save center from damage in clear text manner.
So, the default number saved from damage a little gathered in data save request from damage comprising client in operation flow is performed According to in the case of the data that client-side carries out default signature and encryption, the above-mentioned data to parsing carry out file Type and whether signable verification the step of after, as shown in Fig. 2 the above method can also carry out following step:
S21, default save from damage according to what manner of decryption corresponding with client and signature scheme were gathered to the client The checking that the data of point are decrypted and signed;
S22, when decryption and signature after being verified, the default data saved from damage are sent to default message team Row.
Such as message queue can use MQ (such as rabbitmq queues), and message queue is progress between server cluster A kind of mode of efficient communication, plays a part of message-oriented middleware, for example, saving center from damage in data, is responsible for processing financial business The data that the data that server is sended over save request from damage save front-end system from damage, are just sent to the data saved from damage after the completion of processing In message queue, the server of this kind of message is have subscribed, such as data save the server of core system from damage, the message team can be monitored Message in row, the data then carried out between the processing of next step, server are circulated by message queue, particularly with For the mode of cluster server, it can cause there is no longer man-to-man direct interaction between two interactive servers each other, Reduce the time that server waits other side's response so that server can handle the phase that book server should be handled with pooling of resources Service logic is closed, the efficiency of business processing is improved.
Based on this, the data of saving from damage a little of parsing are carried out in one embodiment, in above-mentioned steps S13 signature and It can also include before the step of encryption:The message queue is monitored, the default number saved from damage is read from message queue According to;
The data saved from damage parsed are signed and encrypted in above-mentioned steps S14, will pass through what is signed and encrypt The step of being solidified in data deposit database, as shown in figure 3, specifically including following step:
S31, the default data saved from damage are signed, after signing successfully, generation document is simultaneously encrypted;
For example with the hash algorithm of setting, data are signed, document data are generated, AES can be adopted With a variety of cipher modes in the prior art, such as AES (Advanced Encryption Standard, Advanced Encryption Standard), DES (data encryption standards), MD5 (Message-Digest Algorithm 5), RSA etc., the embodiment of the present invention is not done to this Limit.
S32, the data encrypted of having signed are stored in default MongoDB databases.
MongoDB can provide expansible high-performance data storage solution for WEB application, be one kind between relation Product between database and non-relational database, is that function is most abundant among non-relational database, is most like relational database. The data structure that it is supported is very loose, is similar Json bson forms, therefore can store more complicated data type. The characteristics of Mongo is maximum is that the query language that it is supported is very powerful, and its grammer is somewhat similarly to the query language of object-oriented, Most functions of similarity relation database list table inquiry can be almost realized, but also support to set up index to data.
After MongoDB is cured to, in order to ensure, when access exception occurs in database, can equally to get credible Electronic evidence, while again have certain confidence level, the data saved from damage a little for being cured to MongoDB can again be backed up to Data save standby system from damage.
In one embodiment, the data backup solidified in database is saved from damage standby system and be synchronized to pre- to default If save certification authority from damage, in the specific implementation, may be implemented as:By the data solidified in database, data in database Index (such as rowkey is database row unique index in database) and data in signature, the document that generates is in the lump It is sent to default data and saves standby system from damage and is backed up;
Data save standby system from damage can be further by the index and document of data, data after the completion of backup Default certification authority of saving from damage is synchronized in the lump to be preserved.
In order to which above-mentioned data security method provided in an embodiment of the present invention is better described, below with a specific example Illustrate.
In this example, the Data Concurrent that financial business client SDK collections client is saved from damage a little gives financial business Server, also acquisition server saves data a little from damage to financial business server during operation flow is performed, and by client End collection and itself collection the data saved from damage a little, which save request from damage by data and are sent to data, saves front-end system from damage, data guarantor Full front-end system is saved request from damage to the data and verified, and parses the data saved from damage a little wherein included, is sent to data Save core system from damage and carry out follow-up processing.Data save core system from damage and the data saved from damage a little are signed and encrypted, solidification Into the database of itself, then the data saved from damage a little of solidification, storage location of the data in database saved from damage a little are believed Breath such as rowkey and save the corresponding document information of data a little from damage and send in the lump to data and save standby system, data guarantor from damage Full backup system is then forwarded to more authoritative data security mechanism and saved from damage after being backed up.
Wherein, as shown in figure 4, the flow that data a little are saved in client SDK collections from damage includes:In the flow, financial circles Business APP (i.e. financial business client) assists data (message, picture, document etc.) to be saved from damage according to the interface appointed before Incoming SDK interfaces are discussed, SDK is collected evidence;After collecting evidence successfully, the data saved from damage a little are signed and added according to default mode Close, financial business APP sends data to the gateway of financial business platform, gateway parsing data, and sends data to finance Service server;Financial business server analytic message, and data write is put in storage, and storage result is returned into higher level system one by one System;Client-side evidence obtaining terminates.
As shown in figure 5, the handling process that data save front-end system from damage includes:Data save front-end system from damage and receive financial business What server was sent saves request from damage, and the filtering of IP white lists, the verification of IP request headers compliance are carried out first;After verification passes through, carry out Message request head, the parsing of message volume data;Then the verification of parameter non-NULL and resolution file data are carried out, to the message parsed Data, a series of flows verifications such as carry out necessary file type, whether can sign;Verification has been signed after passing through to saving from damage in data The part of name takes its hash document, and is compared with the document progress hash in message;When comparison passes through, tissue system Data message bag in system, sends to rabbitmq message queues;Then tissue response message, server end forensics process terminates.
As shown in fig. 6, the handling process that data save core system from damage includes:Core safety system acquiescence is monitored before signature Rabbitmq message queues;Message is taken out from message queue before signature, calls signature server to sign message;Sign into After work(, generate document and file is encrypted;By signed encrypted file deposit Mongodb databases consolidate Change;After solidifying successfully, tissue data will disappear after rowkey (database row unique index) and document hash values deposit signature Queue is ceased, saves standby system from damage for data and data is provided.
Data save signature and encryption of the core system to data from damage, can be using identical with financial business or differ Signature and cipher mode, although both are signed and encrypted to the data saved from damage a little, are used independently each Applicable signature and cipher mode, the embodiment of the present invention using which kind of specific encryption and signature scheme to not limited.
As shown in fig. 7, the handling process that data save standby system from damage includes:Data save standby system from damage and call supporting CA to demonstrate,prove Book, rabbitmq message queues after being signed by ssl protocol remote monitoring;Data are taken out from message queue, and data are carried out Compliance is verified;After upchecking, storage mysql database solidifications;Cured data are sent to data security mechanism for example National Information Center is solidified.
Based on same inventive concept, the embodiment of the present invention additionally provides that a kind of data save front-end system from damage and data save core from damage Feel concerned about system and data save integrated system from damage, by the principle that these systems solve problem is similar to preceding method, therefore this The implementation of a little systems may refer to the implementation of preceding method, repeats part and repeats no more.
A kind of data provided in an embodiment of the present invention save front-end system from damage, as shown in figure 8, including:
Receiving module 81, the data for receiving the transmission of financial business server save request from damage;
Parsing module 82, saves the financial business client and/or finance that are included in request from damage for parsing the data The default data saved from damage a little that service server is gathered in operation flow is performed;
Sending module 83, saves core system from damage for the default data saved from damage a little to be sent into data.
In one embodiment, above-mentioned data save front-end system from damage, as shown in figure 8, also including:
First correction verification module 84, for parse during the data save request from damage the financial business client that includes and/ Or financial business server is before the data saved from damage a little gathered in performing operation flow, the data are saved from damage with request and is carried out IP white lists are filtered and the verification of IP request headers compliance;After white list filtering and compliance verification pass through, to heading and report Style data carry out non-NULL verification.
In one embodiment, above-mentioned data save front-end system from damage, as shown in figure 8, also including:
Second inspection module 85, for parse during the data save request from damage the financial business client that includes and/ Or financial business server is after the data saved from damage a little gathered in performing operation flow, to the data parsed, enter style of writing Part type and whether signable verification.
In one embodiment, above-mentioned data save front-end system from damage, as shown in figure 8, also including:Client is saved data from damage and tested Demonstrate,prove module 86;
The data are saved from damage in request and default saved from damage comprising what financial business client was gathered in operation flow is performed The data of point are the data that default signature and encryption are carried out in financial business client-side;
The client saves Data Verification module 86 from damage, in the data to parsing, carry out file type and whether After signable verification, according to manner of decryption corresponding with client and signature scheme the client is gathered it is default The checking that the data saved from damage a little are decrypted and signed;
The sending module 83, specifically for leading to when the checking that the client is saved Data Verification module decryption from damage and signed Later, the default data saved from damage are sent to default message queue.
A kind of data provided in an embodiment of the present invention save core system from damage, as shown in figure 9, including:
Acquisition module 91, saves the default data saved from damage a little of front-end system transmission from damage for obtaining data;
Signature blocks 92, are signed for parsing the default data saved from damage a little;
Encrypting module 93, the data after being signed for the signature blocks are encrypted;
Database curing module 94, for the data signed by the signature blocks and encrypting module is encrypted to be stored in into number According to being solidified in storehouse;
Backup module 95, for saving the data backup solidified in the database from damage standby system to default.
In one embodiment, above-mentioned backup module 95, specifically for by the data solidified in database, the data The document that index and the data are generated in signature is sent to default standby system of saving from damage and backed up in the lump.
The embodiment of the present invention additionally provides a kind of data and saves standby system from damage, as shown in Figure 10, including:
Save data acquisition module 1001 from damage, save the message queue of core system transmission from damage for monitored data, needed with obtaining That to be backed up saves data from damage;It is described to need that backs up to save data from damage, it is included in data and saves the data solidified in core system, institute from damage State the document that the index and the data of data are generated in signature;
Correction verification module 1002, for needing the data of saving from damage backed up to carry out compliance verification;
Curing module 1003, saves the number that data write saves standby system itself from damage in data from damage for will verify after passing through According in storehouse;
Save data simultaneous module 1004 from damage, for saving the data syn-chronization of saving from damage verified after passing through from damage certification machine to default Structure.
The embodiment of the present invention additionally provides a kind of data and saves integrated system from damage, including above-mentioned data save from damage front-end system, on The data stated save core system from damage and above-mentioned data save standby system from damage.
In one embodiment, above-mentioned data save that front-end system, data save core system from damage and data save backup system from damage from damage System is realized using server cluster.
One data saves example that integrated system disposed using server cluster mode from damage as shown in figure 11, financial server Front server to data is saved from damage by Nginx proxy server send data and save request from damage, it is same that data save front server from damage When be connected with Redis caching servers, data save that front-end system, data save core system from damage and data save standby system from damage from damage Between interacted by HA proxy servers, it is several to realize the purpose communicated by MQ message queue cluster servers It is connected according to standby system is saved from damage with National Information Center, by the data syn-chronization saved from damage a little of backup to the mechanism.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (14)

1. a kind of data security method, it is characterised in that including:
The data for receiving the transmission of financial business server save request from damage;
Parse the data and save the financial business client included in request and/or financial business server from damage in execution business The default data saved from damage a little gathered in flow;
The data saved from damage a little parsed are signed and encrypted;
By by being solidified in signature and the data of encryption deposit database;
By the data backup solidified in the database to it is default save standby system from damage and be synchronized to default data save machine from damage Structure.
2. the method as described in claim 1, it is characterised in that parse the data and save the financial business included in request from damage After the data saved from damage a little that client and/or financial business server are gathered in execution operation flow, in addition to:
To the data parsed, carry out file type and whether signable verification.
3. method as claimed in claim 2, it is characterised in that the data are saved from damage to exist in request comprising financial business client It is to carry out default signature in financial business client-side and add to perform the default data saved from damage a little gathered in operation flow Close data;
The described pair of data that parse, carry out file type and whether after signable verification, in addition to:
According to manner of decryption corresponding with financial business client and signature scheme the financial business client is gathered it is pre- If the data saved from damage a little checking that is decrypted and signs;
When decryption and after being verified of signature, the default data saved from damage are sent to default message queue.
4. method as claimed in claim 3, it is characterised in that the data saved from damage a little parsed are signed and encrypted Also include before:
The message queue is monitored, the default data saved from damage are read from the message queue;
The described pair of data saved from damage parsed are signed and encrypted, and will be stored in database by the data signed and encrypted It is middle to be solidified, specifically include:
The default data saved from damage are signed, after signing successfully, document is generated and is encrypted;
By the default MongoDB databases of data deposit encrypted of having signed.
5. the method as described in claim 1, it is characterised in that protect the data backup solidified in the database to default Full backup system and be synchronized to it is default save certification authority from damage, including:
The document one that the data solidified in database, the index of the data and the data are generated in signature is concurrent Give it is default save standby system from damage and backed up and be synchronized to default save certification authority from damage.
6. a kind of data save front-end system from damage, it is characterised in that including:
Receiving module, the data for receiving the transmission of financial business server save request from damage;
Parsing module, saves the financial business client included in request and/or financial business clothes from damage for parsing the data The default data saved from damage a little that business device is gathered in operation flow is performed;
Sending module, saves core system from damage for the default data saved from damage a little to be sent into data.
7. system as claimed in claim 6, it is characterised in that also include:
First correction verification module, for parsing the financial business client and/or finance that include during the data save request from damage Service server saves request from damage to the data and carries out the white names of IP before the data saved from damage a little gathered in performing operation flow Single-filtering and the verification of IP request headers compliance;After white list filtering and compliance verification pass through, to heading and message body number According to progress non-NULL verification.
8. system as claimed in claim 7, it is characterised in that also include:
Second inspection module, for parsing the financial business client and/or finance that include during the data save request from damage Service server is after the data saved from damage a little gathered in performing operation flow, to the data parsed, carries out file type Whether signable verification.
9. system as claimed in claim 8, it is characterised in that also include:Client saves Data Verification module from damage;
The data are saved from damage in request and default saved from damage a little comprising what financial business client was gathered in operation flow is performed Data are the data that default signature and encryption are carried out in financial business client-side;
Whether the client saves Data Verification module from damage, in the data to parsing, carrying out file type and can sign Verification after, default save from damage a little according to what manner of decryption corresponding with client and signature scheme were gathered to the client The data checking that is decrypted and signs;
The sending module, specifically for saving Data Verification module decryption and after being verified of signature from damage when the client, The default data saved from damage are sent to default message queue.
10. a kind of data save core system from damage, it is characterised in that including:
Acquisition module, saves the default data saved from damage a little of front-end system transmission from damage for obtaining data;
Signature blocks, are signed for parsing the default data saved from damage a little;
Encrypting module, the data after being signed for the signature blocks are encrypted;
Database curing module, for will be stored in by the data that the signature blocks are signed and encrypting module is encrypted in database Solidified;
Backup module, for saving the data backup solidified in the database from damage standby system to default.
11. system as claimed in claim 10, it is characterised in that the backup module, specifically for will solidify in database Data, the index of the data and the data in signature the document that generates be sent to default save backup from damage in the lump System is backed up.
12. a kind of data save standby system from damage, it is characterised in that including:
Save data acquisition module from damage, save the message queue of core system transmission from damage for monitored data, need what is backed up to obtain Save data from damage;It is described to need that backs up to save data from damage, it is included in data and saves the data that solidify in core system, the data from damage The document that index and the data are generated in signature;
Correction verification module, for needing the data of saving from damage backed up to carry out compliance verification;
Curing module, saves data write from damage in the database that data save standby system itself from damage for will verify after passing through;
Save data simultaneous module from damage, for saving the data syn-chronization of saving from damage verified after passing through from damage certification authority to default.
13. a kind of data save integrated system from damage, it is characterised in that save from damage including the data as described in claim any one of 6-9 Front-end system, the data as described in claim 10 or 11 save core system from damage and data as claimed in claim 12 save standby from damage Part system.
14. such as the data security system of claim 13, it is characterised in that the data are saved front-end system, the data from damage and protected Full core system and data are saved from damage standby system and realized using server cluster.
CN201710313168.1A 2017-05-05 2017-05-05 Data security method and related system Expired - Fee Related CN107070942B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710313168.1A CN107070942B (en) 2017-05-05 2017-05-05 Data security method and related system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313168.1A CN107070942B (en) 2017-05-05 2017-05-05 Data security method and related system

Publications (2)

Publication Number Publication Date
CN107070942A true CN107070942A (en) 2017-08-18
CN107070942B CN107070942B (en) 2020-01-03

Family

ID=59596712

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313168.1A Expired - Fee Related CN107070942B (en) 2017-05-05 2017-05-05 Data security method and related system

Country Status (1)

Country Link
CN (1) CN107070942B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107577954A (en) * 2017-10-20 2018-01-12 国信嘉宁数据技术有限公司 A kind of electronic data saves centring system from damage and electronic data saves storage method from damage
CN107659579A (en) * 2017-10-20 2018-02-02 国信嘉宁数据技术有限公司 Deposit card method, equipment and related deposit system in a kind of scene
CN107809424A (en) * 2017-10-20 2018-03-16 国信嘉宁数据技术有限公司 Deposit card method, equipment and related deposit system in a kind of scene
CN108665243A (en) * 2018-05-09 2018-10-16 杭州安存网络科技有限公司 A kind of polymorphic type process flow automotive engine system of internet law court electronic evidence
CN109547426A (en) * 2018-11-14 2019-03-29 腾讯科技(深圳)有限公司 Service response method and server
CN109977696A (en) * 2019-03-26 2019-07-05 国信嘉宁数据技术有限公司 The data security method and relevant apparatus and system of discipline inspection system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242294A (en) * 2008-03-14 2008-08-13 江新 Network evidence fixing and reservation method
CN102223374A (en) * 2011-06-22 2011-10-19 熊志海 Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence
CN105007301A (en) * 2015-06-08 2015-10-28 杭州猿人数据科技有限公司 Electronic evidence processing system and method based on social platform
CN106254341A (en) * 2016-08-02 2016-12-21 北京工业大学 Data fingerprint extracting method and system for centralized electronic data safety system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242294A (en) * 2008-03-14 2008-08-13 江新 Network evidence fixing and reservation method
CN102223374A (en) * 2011-06-22 2011-10-19 熊志海 Third-party authentication security protection system and third-party authentication security protection method based on online security protection of electronic evidence
CN105007301A (en) * 2015-06-08 2015-10-28 杭州猿人数据科技有限公司 Electronic evidence processing system and method based on social platform
CN106254341A (en) * 2016-08-02 2016-12-21 北京工业大学 Data fingerprint extracting method and system for centralized electronic data safety system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107577954A (en) * 2017-10-20 2018-01-12 国信嘉宁数据技术有限公司 A kind of electronic data saves centring system from damage and electronic data saves storage method from damage
CN107659579A (en) * 2017-10-20 2018-02-02 国信嘉宁数据技术有限公司 Deposit card method, equipment and related deposit system in a kind of scene
CN107809424A (en) * 2017-10-20 2018-03-16 国信嘉宁数据技术有限公司 Deposit card method, equipment and related deposit system in a kind of scene
CN107809424B (en) * 2017-10-20 2020-02-11 国信嘉宁数据技术有限公司 On-site certificate storing method and device and related certificate storing system
CN108665243A (en) * 2018-05-09 2018-10-16 杭州安存网络科技有限公司 A kind of polymorphic type process flow automotive engine system of internet law court electronic evidence
CN109547426A (en) * 2018-11-14 2019-03-29 腾讯科技(深圳)有限公司 Service response method and server
CN109977696A (en) * 2019-03-26 2019-07-05 国信嘉宁数据技术有限公司 The data security method and relevant apparatus and system of discipline inspection system

Also Published As

Publication number Publication date
CN107070942B (en) 2020-01-03

Similar Documents

Publication Publication Date Title
CN107124281A (en) A kind of data security method and related system
CN107169364B (en) A kind of data security method and related system
CN107070942A (en) A kind of data security method and related system
US9843625B2 (en) System and method for aggregating and providing data from enterprise systems to mobile devices
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
CN112085504B (en) Data processing method and device, computer equipment and storage medium
US20160226830A1 (en) Systems and methods for providing data security services
US20170279720A1 (en) Real-Time Logs
CN111131416A (en) Business service providing method and device, storage medium and electronic device
WO2016122581A1 (en) Systems and methods for secure data exchange
CN107067321A (en) Data security method, server, client and the system of payment beforehand business
CN106991339A (en) A kind of financial transaction data security method, server, client and system
CN110189229A (en) Insure core business system in internet
US9332017B2 (en) Monitoring remote access to an enterprise network
CN114785524B (en) Electronic seal generation method, device, equipment and medium
CN112767113A (en) Account checking data processing method, device and system based on block chain
CN114500093A (en) Safe interaction method and system for message information
CN106991338A (en) Data security method, server and the client and system of cash application business
CN111383016A (en) Electronic invoice data processing method, device and system based on private chain
CN113132363B (en) Front-end and back-end security verification method and equipment
CN108833500B (en) Service calling method, service providing method, data transmission method and server
CN109985390B (en) Virtual asset management method and system
CN113129008A (en) Data processing method and device, computer readable medium and electronic equipment
CN103916237B (en) Method and system for managing user encrypted-key retrieval
US10231004B2 (en) Network recording service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200103

Termination date: 20210505

CF01 Termination of patent right due to non-payment of annual fee