CN113179230A

CN113179230A - Data acquisition method and device

Info

Publication number: CN113179230A
Application number: CN202110289026.2A
Authority: CN
Inventors: 高翔; 吴万港; 陈磊; 曾繁景; 陆景家; 杨智霖; 赵彦晖; 耿心伟; 曾源
Original assignee: Shenzhen Weizhong Credit Technology Co ltd
Current assignee: Shenzhen Weizhong Credit Technology Co ltd
Priority date: 2021-03-18
Filing date: 2021-03-18
Publication date: 2021-07-27
Anticipated expiration: 2041-03-18
Also published as: CN113179230B

Abstract

The embodiment of the application discloses a data acquisition method and a data acquisition device, which are applied to a data acquisition system, wherein the data acquisition system comprises a data acquisition mechanism, a first gateway and a second gateway, the first gateway and the second gateway are connected with the data acquisition mechanism, the first gateway is communicated with at least one banking mechanism, the second gateway is communicated with at least one tax mechanism, the first gateway receives an access request from a first banking mechanism in the at least one banking mechanism, the data acquisition mechanism sends an external access request to the second gateway, the second gateway matches a second routing rule according to the external access request and sends the external access request to a first tax mechanism in the at least one tax mechanism according to a matching result, and the second gateway receives feedback information sent by the first tax mechanism according to the external access request. By adopting the method of the embodiment of the application, the business communication problems of the data acquisition mechanism and the banking mechanism, as well as the data acquisition mechanism and the local tax authorities are solved.

Description

Data acquisition method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a data acquisition method and apparatus.

Background

With the continuous improvement of the economic level of China and the continuous development of the 'bank tax interaction' business, the market also puts higher requirements on the business communication service quality and the reliability between the banking institution and the tax institution. However, different banking institutions have higher network security communication requirements, and different tax institutions also have diversified and personalized requirements for network security communication, which leads to a problem that the network security communication requirements are not adapted in the "bank and tax interaction" service in the service communication process to a certain extent.

Disclosure of Invention

The embodiment of the application provides a data acquisition method and device, and the first gateway is connected between at least one banking institution and the data acquisition institution, and the second gateway is connected between the data acquisition institution and at least one tax institution, so that the requirements of internal network security communication requirements of different banking institutions and individualized network security communication requirements of different tax institutions can be met in a business communication process.

In a first aspect, an embodiment of the present application provides a data acquisition method, which is applied to a data acquisition system, where the data acquisition system includes a data acquisition mechanism, and a first gateway and a second gateway connected to the data acquisition mechanism, the first gateway communicates with at least one banking mechanism, and the second gateway communicates with at least one tax administration mechanism, where the method includes:

the method comprises the steps that a first gateway receives an access request from a first banking institution in at least one banking institution, wherein the access request is used for the first banking institution to request to access a data acquisition institution;

under the condition that the first gateway judges that the first banking mechanism is an authorized user, sending an access request to a data acquisition mechanism;

the data acquisition mechanism matches the first routing rule according to the access request and routes the access request to different service processing service types according to the matching result;

the data acquisition mechanism judges whether external data access is needed or not according to the type of the service processing service, and sends an external access request to the second gateway under the condition that the external data access is needed;

the second gateway matches the second routing rule according to the external access request, and sends the external access request to a first tax authority in at least one tax authority according to a matching result;

and the second gateway receives feedback information sent by the first tax authority according to the external access request.

In one possible example, the method further includes:

respectively acquiring response time lengths of a first gateway, a data acquisition mechanism and a second gateway, wherein the response time lengths comprise a time length from receiving an access request from the first banking mechanism to sending the access request to the data acquisition mechanism by the first gateway, a time length from receiving the access request from the first banking mechanism to sending an external access request to the second gateway by the data acquisition mechanism, and a time length from receiving the external access request from the data acquisition mechanism to sending the external access request to the first taxation mechanism by the second gateway;

if the response time length is longer than the first preset time length, judging that the state of the data acquisition system is abnormal in response;

acquiring network attack data causing response abnormity, and recording the network attack data in a defense log, wherein the defense log is arranged in a data acquisition system;

detecting the number of times that the state of the data acquisition system is abnormal in response within a second preset time length;

if the number of times of response abnormity is larger than a first preset number of times, judging that the data acquisition system has a fault;

storing a business processing service process in the data acquisition system, and restarting the data acquisition system;

reading a business processing service process after the data acquisition system is restarted;

and generating defense parameters according to the network attack data recorded in the defense log, and setting the defense parameters by the data acquisition system to defend the network attack data.

In one possible example, after the data acquisition system sets the defense parameters to defend against the network attack data, the method further includes:

acquiring the danger level of the network attack data according to the defense parameters, wherein the danger level comprises a first danger level, a second danger level and a third danger level;

if the network attack data is in the first danger level, the data acquisition system continues to perform the read service processing process;

if the network attack data is in the second danger level, the data acquisition system suspends the service processing progress and carries out repair processing;

and if the network attack data is in the third danger level, interrupting the service processing process of the service by the data acquisition system and carrying out alarm processing.

In a second aspect, an embodiment of the present application provides a data collection device, where the data collection device includes a data collection mechanism, a first gateway and a second gateway connected to the data collection mechanism, the first gateway communicates with at least one banking mechanism, and the second gateway communicates with at least one tax administration mechanism, where the data collection device includes:

the receiving unit is used for receiving an access request from a first banking institution in at least one banking institution by the first gateway, wherein the access request is used for the first banking institution to request to access the data acquisition institution;

the sending unit is used for sending the access request to the data acquisition mechanism under the condition that the first gateway judges that the first banking mechanism is an authorized user;

the first routing unit is used for the data acquisition mechanism to match the first routing rule according to the access request and route the access request to different service processing service types according to the matching result;

the external access unit is used for judging whether external data access is needed or not by the data acquisition mechanism according to the type of the service processing service, and sending an external access request to the second gateway under the condition that the external data access is needed;

the second routing unit is used for the second gateway to match the second routing rule according to the external access request and send the external access request to a first tax institution of at least one tax institution according to the matching result;

and the feedback unit is used for receiving the feedback information sent by the first tax authority according to the external access request by the second gateway.

In a third aspect, an embodiment of the present application provides a data acquisition apparatus, where the apparatus includes:

the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are mutually connected and finish mutual communication work;

the memory has stored thereon executable program code, the communication interface for wireless communication;

the processor is configured to retrieve the executable program code stored in the memory and execute some or all of the steps described in any of the methods according to the first aspect of the embodiments of the present application.

In a fourth aspect, the present application provides a computer program product, where the computer program product includes a computer program operable to cause a computer to perform some or all of the steps as described in any one of the methods of the first aspect of the embodiments of the present application. The computer program product may be a software installation package.

It can be seen that, in the embodiment of the application, at least one banking mechanism and a data acquisition mechanism are connected through a first gateway, the data acquisition mechanism and at least one tax mechanism are connected through a second gateway, the first gateway receives an access request from a first banking mechanism in the at least one banking mechanism, the access request is sent to the data acquisition mechanism when the first gateway determines that the first banking mechanism is an authorized user, the data acquisition mechanism matches a first routing rule according to the access request and routes the access request to different business processing service types according to a matching result, the data acquisition mechanism judges whether external data access is needed according to the business processing service types, the data acquisition mechanism sends an external access request to the second gateway when the external data access is needed, the second gateway matches a second routing rule according to the external access request and sends the external access request to the at least one tax mechanism according to the matching result The second gateway receives feedback information sent by the first tax authority according to the external access request. The method ensures that the 'bank and tax interaction' service can be compatible with the internal network security communication requirements of different banking institutions and can also meet the requirements of personalized network security communication requirements of different tax institutions in the service communication process.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1A is a schematic diagram illustrating a data acquisition system according to an embodiment of the present disclosure;

fig. 1B is a schematic flowchart of a data acquisition method according to an embodiment of the present application;

fig. 2A is a schematic diagram illustrating a polling algorithm used in a data acquisition method according to an embodiment of the present application;

fig. 2B is a schematic diagram illustrating a principle of a source address hashing algorithm used in a data acquisition method according to an embodiment of the present application;

fig. 3 is a schematic diagram illustrating a principle of a symmetric encryption algorithm used in a data acquisition method according to an embodiment of the present application;

fig. 4 is a schematic diagram illustrating a principle of an asymmetric encryption algorithm used in a data acquisition method according to an embodiment of the present application;

FIG. 5A is a schematic structural diagram of a data acquisition device according to an embodiment of the present application;

fig. 5B is a detailed structural diagram of a second routing unit of the data acquisition device according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of another data acquisition device according to an embodiment of the present application.

Detailed Description

In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. The word "a" or "an" does not exclude a plurality. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps is not limited to only those steps recited, but may alternatively include other steps not recited, or may alternatively include other steps inherent to such process, method, article, or apparatus. Also, the mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.

Based on this, the embodiment of the present application provides a data acquisition method applied to a data acquisition system, as shown in fig. 1A, fig. 1A is a schematic diagram of a data acquisition system of the embodiment of the present application, where the data acquisition system includes a data acquisition mechanism, a first gateway and a second gateway connected to the data acquisition mechanism, the first gateway communicates with at least one banking institution (banking institution 1, banking institution 2 … … banking institution N), the second gateway communicates with at least one tax institution (tax institution 1, tax institution 2 … … tax institution N), specifically to implement business data communication between the data acquisition mechanism and at least one banking institution (banking institution 1, banking institution 2 … … banking institution N) and between the data acquisition mechanism and at least one tax institution (tax institution 1, tax institution 2 … … tax institution N), the embodiments of the present application will be described in detail below with reference to the accompanying drawings.

Referring to fig. 1B, fig. 1B is a schematic flow chart of a data acquisition method provided in an embodiment of the present application, and as shown in fig. 1B, the embodiment of the present application provides a data acquisition method applied to a data acquisition system, where the data acquisition system includes a data acquisition mechanism, at least one banking mechanism and at least one tax administration mechanism, the data acquisition mechanism and the banking mechanism include a first gateway therebetween, and the data acquisition mechanism and the tax administration mechanism include a second gateway therebetween, and the data acquisition method described in the embodiment of the present application includes the following steps:

101: the first gateway receives an access request from a first banking institution of the at least one banking institution, wherein the access request is used for the first banking institution to request access to the data acquisition institution.

102: and under the condition that the first gateway judges that the first banking institution is the authorized user, sending the access request to the data acquisition institution.

The first gateway judges that the first banking mechanism is an authorized user, namely the first gateway can perform access authentication and real-name authentication on the first banking mechanism, and the security of the first banking mechanism accessing the data acquisition mechanism is guaranteed.

Illustratively, the first gateway determines an authentication method of the first banking institution as the authorized user, including Token authentication. After the first banking institution accesses the data acquisition institution for the first time, the server of the data acquisition institution generates a Token and sends the Token to the first banking institution, and then when the first banking institution accesses the data acquisition institution again, the server of the data acquisition institution can send an access request to the data acquisition institution only by using the Token to pass the verification of the server of the data acquisition institution, so that the authentication times are reduced to relieve the authentication pressure of the server.

Illustratively, according to the name of the enterprise and the credit code of the enterprise, the real-name authentication of the enterprise can be carried out, and the industrial and commercial information authentication of the enterprise can be verified.

103: the data acquisition mechanism matches the first routing rule according to the access request and routes the access request to different service processing service types according to the matching result.

The first routing rule is carried out according to a destination in the access request, the access request with the destination of a non-tax institution is carried out in the data acquisition institution, and the access request with the destination of a tax bureau is routed to the second gateway.

104: and the data acquisition mechanism judges whether external data access is needed or not according to the type of the service processing service, and sends an external access request to the second gateway under the condition that the external data access is needed.

The data acquisition mechanism judges whether external data access is needed according to the service processing service type, namely judges whether the service processing service type can complete service processing only by needing feedback information of the tax mechanism, and judges that the service processing service type needs external data access if the service processing can be completed by sending the feedback information to the data acquisition mechanism through the second gateway by the tax mechanism, so that the data acquisition mechanism sends an external access request to the second gateway.

105: and the second gateway matches the second routing rule according to the external access request and sends the external access request to a first tax authority in at least one tax authority according to a matching result.

And the second routing rule is carried out according to a target tax institution in the external access request, and the external access request is routed to the corresponding target tax institution according to the target tax institution in the external access request.

106: and the second gateway receives feedback information sent by the first tax authority according to the external access request.

The data transmission mode that the second gateway receives the feedback information sent by the first tax administration according to the external access request is data transparent transmission, namely, the first tax administration does not make corresponding changes to the feedback information due to different contents of the feedback information in the process of sending the feedback information to the second gateway, the feedback information does not change in form, and the data quality of the feedback information is ensured in the transmission process.

In one possible example, the determining whether external data access is required according to the type of the service processing service includes: and determining that external data access is required under the condition that the type of the business processing service is the external business processing service.

The business processing service type is an external business processing service, and access requests of the business processing service, including authentication authorization requests, tax data acquisition requests and the like, can be completed only by initiating a first banking institution and needing to obtain feedback information of a tax institution.

In one possible example, the method further includes:

under the condition that the type of the service processing service is internal service processing service, the data acquisition mechanism processes the service according to the access request to obtain a service processing result;

and the data acquisition mechanism sends the service processing result to the first banking mechanism.

The business processing service type is an internal business processing service, and access requests which are initiated by the first banking institution and can complete the business processing service in the data acquisition institution include work order query requests, data acquisition requests and the like.

Illustratively, a first banking institution initiates an access request with a work order query content to a data acquisition institution, and then the data acquisition institution matches a first routing rule according to the access request, and determines that the type of the business processing service queried by the work order is an internal business processing service, and then the data acquisition institution sends work order query request feedback information including work order information such as a work order number, a work order initiation date, and a work order processing result to the first banking institution.

In one possible example, after the first gateway receives the access request from the first banking institution of the at least one banking institution, the method further includes:

the first gateway judges whether the number of the received access requests reaches a first preset number or not;

and under the condition that the first preset number is determined, the first gateway adopts a cluster deployment mode, and the cluster deployment mode is used for carrying out load balancing processing on the plurality of access requests.

The first preset number is a parameter carried by the first gateway, and according to the actual situation of the number of the access requests, if the number of the access requests reaches the first preset number of the first gateway, a cluster deployment mode is adopted to reduce the probability of overload operation of the first gateway caused by overlarge load of a single first gateway server, accelerate the access speed of service communication and ensure the safety and stability of the operation of the first gateway.

Illustratively, the first preset number is the number of the received access requests, and if the number of the access requests received by the first gateway is 2 and the first preset number is greater than or equal to 2, and at this time, the first gateway determines that the number of the received access requests has reached the first preset number, the first gateway determines to perform service communication work in a cluster deployment mode.

In one possible example, the cluster deployment mode includes arranging a plurality of servers to the first gateway, and the load balancing the plurality of access requests includes at least one of:

allocating a plurality of access requests to a plurality of servers of the first gateway in turn by adopting a polling algorithm;

and distributing the access requests from the same banking institution in the plurality of access requests to the same server by adopting a source address hashing algorithm.

The polling algorithm does not need to record the states of all servers arranged in the first gateway at present, is a stateless scheduling algorithm and can realize the balance of the servers on pressure distribution; the source address hashing algorithm can ensure that under the condition that the server list arranged by the first gateway is not changed, the access requests from the same banking institution can be always distributed to the same target server for processing.

Exemplarily, referring to fig. 2A, fig. 2A is a schematic diagram illustrating a principle of a polling algorithm used in a data acquisition method, as shown in fig. 2A, a polling algorithm is used for load balancing, a first gateway is arranged with a server 1 and a server 2, the first gateway receives an access request 1, an access request 2, an access request 3, an access request 4, an access request 5, and an access request 6, the access request 1 is assigned to the server 1, the access request 2 is assigned to the server 2, the access request 3 is assigned to the server 1, the access request 4 is assigned to the server 2, the access request 5 is assigned to the server 1, and the access request 6 is assigned to the server 2, that is, the server 1 is assigned with the access requests 1, 3, 5, and the server 2 is assigned with the access requests 2, 4, 6. Therefore, by adopting the polling algorithm, the risk of overlarge server pressure caused by too many access requests carried by a single server can be effectively prevented, and the safety and the stability of the service communication process are ensured.

Illustratively, referring to fig. 2B, fig. 2B is a schematic diagram of a source address hashing algorithm used in a data acquisition method, as shown in fig. 2B, a load balancing process is performed by using the source address hashing algorithm, a first gateway is arranged with a server 1 and a server 2, the first gateway receives an access request 1 from a banking institution 1, an access request 2 from the banking institution 2, an access request 3 from a banking institution 3, an access request 4 from a banking institution 4, an access request 5 from a banking institution 5, and an access request 6 from a banking institution 6, after calculating a hash value for a source address of the banking institutions 1-6, a mapping relationship between the source address of the banking institutions 1-6 and the servers 1,2 is established, a target server of the source address of the banking institution 1 is the server 1, a target server of the source address of the banking institution 2 is the server 2, the destination server of the source address of the banking institution 3 is the server 2, the destination server of the source address of the banking institution 4 is the server 1, the destination server of the source address of the banking institution 5 is the server 1, and the destination server of the source address of the banking institution 6 is the server 2; thus, an access request 1 issued by a banking institution 1 is assigned to the server 1, an access request 2 issued by the banking institution 2 is assigned to the server 2, an access request 3 issued by a banking institution 3 is assigned to the server 2, an access request 4 issued by a banking institution 4 is assigned to the server 1, an access request 5 issued by a banking institution 5 is assigned to the server 1, an access request 6 issued by a banking institution 6 is assigned to the server 2, i.e., the server 1 is assigned access requests 1, 4, 5, and the server 2 is assigned access requests 2, 3, 6. Therefore, the source address hashing algorithm is adopted, so that access requests from the same source address can be distributed to the same target server, the division of labor work among different target servers is clear, and the orderliness and stability of a service communication process are guaranteed.

It can be seen that, in the embodiment of the present application, the first gateway determines whether to adopt a cluster deployment mode for service communication according to the number of received access requests, and dynamically expands the number of first gateway servers responding to the access requests and increases the number of servers of the first gateway under the condition that there are batch access requests, so that the first gateway with more servers can bear more access requests at the same time, thereby preventing the blocking of a service communication channel due to the excessive number of the access requests, ensuring the processing speed of the first gateway, and improving the safety and stability of the operation of the first gateway.

In one possible example, the external access request includes a fixed format header, and matching the second routing rule based on the external access request includes:

the second gateway obtains a message header of the external access request and determines a first tax authority corresponding to the external access request according to the message header;

the second gateway obtains a first message format corresponding to the first tax institution, and performs message format conversion on the external access request according to the first message format to obtain a converted external access request;

the second gateway sends a request for converting external access to the first tax authority.

The message header with the fixed format comprises information such as an encryption mode, a tax bureau communication protocol, service parameters and the like, and the service parameters comprise information such as a legal name, a unified social credit code, a legal certificate number, start time, deadline time, a client ID, a server ID, server time, a request type, a request address and the like. The message format for converting the external access request comprises information such as a request address, a client ID, a legal name, a unified social credit code, a legal certificate number, start time, deadline, a server ID, and server time.

Illustratively, the second gateway performs message format conversion on the external access request according to the requirement of the first message format corresponding to the first tax authority, to obtain a conversion external access request adapted to the network communication requirement of the first tax authority, where the format of the conversion external access request is as follows:

the request address adopts JSON format:

Url＝“https://sbf.shanxi.chinatax.gov.cn:9101/syhd/xxxxx”

the request format is as follows:

{

"clientid":"11400xxxx",

"swinfo" { "frmc": Liu

","nsrsbh":"92141121MA0GXYxxxx","frzjhm":"14232219920616xxxx","start":"2018-01-01","end":"2021-01-04"},

"serviceid":"100,101,102,103,104,200,300,400,500,50

1,204,205,202,203,900",

"servicetime":"2021010417xxxx"}"

It can be seen that the converted external access request obtained by converting the external access request includes service parameter information such as a request address "https:// sbf.shanxi.chinatax.gov.cn: 9101/syhd/xxxxx", and the request format includes a client ID "11400xxxx", a legal name "liu ×), a uniform social credit code" 92141121MA0 gxyxxxxx ", a legal certificate number" 14232219920616xxxx ", a start time" 2018-01-01", an expiration time" 2021-01-04", a service ID"100,101,102,103,104,200,300,400,500,501,204,205,202,203,900", and a service time" 2021010417xxxx ".

It can be seen that, in the embodiment of the present application, the unification of the message formats for converting the external access request is performed to adapt the communication protocols used by different tax agencies, so as to meet the adaptability support of the network security communication requirements with diversity for different tax agencies, and the unification of the message formats enables the processing of the service communication to be more efficient and easier.

In one possible example, the method further includes:

the second gateway determines a target encryption mode according to a message header of the external access request;

and the second gateway encrypts the converted external access request in a target encryption mode and stores a key corresponding to the converted external access request.

The target Encryption mode comprises a Data Encryption Standard (DES) Encryption algorithm, wherein the DES Encryption algorithm is a symmetric Encryption algorithm, namely, the same key is used in the process of encrypting and decrypting the external access request.

Illustratively, the second gateway determines that the target encryption mode is a DES encryption algorithm according to a message header of the external access request, the DES algorithm is adopted on the second gateway, a 64-bit key containing 8-bit parity check bits and 56-bit actual key length is used for encrypting the external access request to obtain a 64-bit ciphertext, the encryption process of the external access request is completed, and the 64-bit key is stored. The encryption and decryption process of the DES encryption algorithm is high in efficiency, fast in execution and high in safety.

In one possible example, the method further includes:

and setting a secure channel on the second gateway, wherein the secure channel is used for transmitting and converting a key corresponding to the external access request.

The key is used for encrypting or decrypting the external access request, and the encryption or decryption mode comprises a symmetric encryption algorithm or an asymmetric encryption algorithm.

For example, referring to fig. 3, fig. 3 is a schematic diagram illustrating a principle of a symmetric encryption algorithm used in a data acquisition method, and as shown in fig. 3, if an encryption algorithm used for converting an external access request is a symmetric encryption algorithm, a data acquisition mechanism encrypts the converted external access request into a ciphertext by using a key, transmits the key and the ciphertext to a tax administration mechanism in a secure channel of a second gateway, and the tax administration mechanism decrypts the ciphertext by using the key after receiving the key and the ciphertext and generates feedback information according to the converted external access request obtained after decryption.

For example, referring to fig. 4, fig. 4 is a schematic diagram illustrating a principle of an asymmetric encryption algorithm used in a data acquisition method, and as shown in fig. 4, if an encryption algorithm used for converting an external access request is an asymmetric encryption algorithm, a data acquisition mechanism generates a pair of keys, where the keys include a public key and a private key, the data acquisition mechanism encrypts the converted external access request into a ciphertext using the public key, transmits the private key and the ciphertext to a tax authority in a secure channel of a second gateway, and the tax authority decrypts the ciphertext using the private key after receiving the private key and the ciphertext and generates feedback information according to the converted external access request obtained after decryption.

It can be seen that, in the embodiment of the application, the secure channel is arranged on the second gateway, and the key for encrypting or decrypting the converted external access request is transmitted in the secure channel, so that the risk that the converted external access request is stolen and information is leaked in the transmission process between the data acquisition mechanism and the second gateway can be prevented, and the security of the transmission process is ensured.

In one possible example, the method further includes:

The state of the data acquisition system is judged to be abnormal in response as long as the response time of any one of the first gateway, the data acquisition mechanism and the second gateway is longer than a first preset time; the business processing service process in the data acquisition system is stored, so that the business processing service process in the data acquisition system can be read after the data acquisition system is restarted, and the data acquisition system is restored to a state before the data acquisition system is restarted, so that the normal operation of the business processing service in the data acquisition system is ensured; the network attack data causing response abnormity is recorded in the defense log to generate defense parameters, and the data acquisition system sets the defense parameters to defend the network attack data, so that the data acquisition system can defend various network attacks causing response abnormity, and the security and the flexibility of the data acquisition system in defense are improved.

Illustratively, the first preset time is 200ms, the second preset time is 2s, the first preset number of times is 2, if within 2s, the time from the receiving of the access request from the first banking mechanism to the sending of the access request to the data acquisition mechanism by the first gateway is 300ms, which is longer than the first preset time, the time from the receiving of the access request from the first banking mechanism to the sending of the external access request to the second gateway by the data acquisition mechanism is 400ms, which is longer than the first preset time, the time from the receiving of the external access request from the data acquisition mechanism to the sending of the external access request to the first tax mechanism by the second gateway is 500ms, which is longer than the first preset time, the number of times that the state of the data acquisition system within 2s, which is within the second preset time, is abnormal response is 3 times, and the number of times that the state of the data acquisition system is greater than the 2 times, which is greater than the first preset number of times, the data acquisition system is determined to be faulty, at the moment, the service processing service process in the data acquisition system is stored, the data acquisition system is restarted, the service processing service process is read after the data acquisition system is restarted, 3 network attack data corresponding to 3 times of response abnormity are recorded in the defense log to generate defense parameters, and the data acquisition system sets the defense parameters to defend the 3 network attack data.

It can be seen that in the embodiment of the present application, by obtaining the response time of the first gateway, the data acquisition mechanism, and the second gateway, determining the state of the data acquisition system as the number of times of response abnormality, obtaining the network attack data causing the response abnormality, and recording the network attack data in the defense log, determining that the data acquisition system has a fault if the number of times of response abnormality is greater than the first preset number within the second preset time, restarting the data acquisition system after storing the service processing service process in the data acquisition system, reading the service processing service process after restarting the data acquisition system, so that the data acquisition system can be restored to the state before restarting and continue to perform normal service communication, generating the defense parameter according to the network attack data recorded in the defense log, the data acquisition system setting the defense parameter to defend the network attack data, therefore, the intelligence and the stability of the service communication process are ensured, and the security and the flexibility of the data acquisition system in defense are improved.

Illustratively, the network attack data of the first risk level includes a low network delay, and since the low network delay may be caused by temporary blocking of the traffic communication channel, the data collection system can be easily and quickly recovered to normal, so that the data collection system can continue to execute the read traffic processing service process. Wherein the low network delay is a delay value of 0-500 ms.

Illustratively, the network attack data of the second risk level includes a high network delay, and since the high network delay may be caused by aging of the performance of the data acquisition system, the service process of the business process of the data acquisition system is suspended, and the data acquisition system is subjected to a repair process including updating a system patch. Wherein the high network delay is a delay value of more than 500 ms.

Illustratively, the network attack data of the third risk level is an active attack, and the active attack comprises tampering, counterfeiting and service denial; the falsification refers to a behavior of modifying message information of an access request and/or an external access request, and the falsification refers to a behavior that an attacker initiating network attack data impersonates any mechanism in a data acquisition system, generates false message information, adds the false message information into a service communication channel and intends to infringe the legal rights of others; denial of service refers to the act of disruption to the data acquisition system that causes interruption of the data acquisition system's traffic. Because the data acquisition system comprises at least one bank mechanism, at least one tax mechanism and a data acquisition mechanism, and the requirement of the bank and tax data on the network security is extremely high, when the network attack data is in a third dangerous level, namely the data acquisition system is seriously damaged, in order to protect the bank and tax data from being stolen and maliciously utilized, the data acquisition system interrupts the service processing service process, and each mechanism and gateway do not accept or send new requests and perform alarm processing aiming at the network attack data in the third dangerous level.

According to the method and the device, the danger levels of the network attack data are obtained according to the defense parameters, different defense measures are provided for the network attack data with different danger levels, and the data acquisition system can guarantee normal processing of service communication in low risk and protect system security and prevent data theft in high risk when facing different network attack data.

In one possible example, a first gateway request log is arranged on the first gateway, and the first gateway request log is used for recording a first request parameter of an access request initiated by a banking institution to the first gateway.

The first request parameter comprises a request path, request content and the like, the request path comprises a tax agency with the destination and a data acquisition agency with the destination, the request content is corresponding tax data, and when the stability of the server is affected, information contained in the first request parameter can be called from a first gateway request log to re-execute the service communication process of the access request.

In one possible example, after the second gateway receives the external access request from the data collection facility, the method further includes:

the second gateway judges whether the received external access requests reach a second preset number;

and under the condition that the second preset number is determined, the second gateway adopts a cluster deployment mode, and the cluster deployment mode is used for carrying out load balancing processing on the plurality of external access requests.

The second preset number is a parameter carried by the second gateway, and according to the actual situation of the number of the external access requests, if the number of the external access requests reaches the second preset number of the second gateway, a cluster deployment mode is adopted to reduce the probability of overload operation of the second gateway caused by overlarge load of a single second gateway server, accelerate the access speed of service communication and ensure the safety and stability of the operation of the second gateway.

Illustratively, the second preset number is the number of the received external access requests, and if the number of the external access requests received by the second gateway is 2 and the second preset number is that the number of the received external access requests is greater than or equal to 2, and at this time, the second gateway determines that the number of the received external access requests has reached the second preset number, the second gateway determines to perform service communication work in a cluster deployment mode.

In one possible example, the cluster deployment mode includes arranging a plurality of servers to the second gateway, and the load balancing the plurality of external access requests includes at least one of:

and adopting a polling algorithm to distribute the plurality of external access requests to a plurality of servers of the second gateway in turn.

In one possible example, a second gateway request log is provided on the second gateway, and the second gateway request log is used for recording a second request parameter of the external access request initiated by the data acquisition mechanism to the second gateway.

The second request parameter comprises a request path, request content and the like, the request path comprises different target tax mechanisms, the request content is corresponding tax data, and when the stability of the server is affected, information contained in the second request parameter can be called from a second gateway request log to re-execute the service communication process of the external access request.

Referring to fig. 5A, please refer to fig. 5A in accordance with the embodiment shown in fig. 1, where fig. 5A is a schematic structural diagram of a data acquisition device according to an embodiment of the present application, as shown in fig. 5A:

the utility model provides a data acquisition device, includes data acquisition mechanism in the data acquisition device, with first gateway and the second gateway that data acquisition mechanism is connected, first gateway and at least one bank organization communication, the second gateway and at least one tax organization communication, above-mentioned device includes:

501: the receiving unit is used for receiving an access request from a first banking institution in at least one banking institution by the first gateway, wherein the access request is used for the first banking institution to request to access the data acquisition institution;

502: the sending unit is used for sending the access request to the data acquisition mechanism under the condition that the first gateway judges that the first banking mechanism is an authorized user;

503: the first routing unit is used for the data acquisition mechanism to match the first routing rule according to the access request and route the access request to different service processing service types according to the matching result;

504: the external access unit is used for judging whether external data access is needed or not by the data acquisition mechanism according to the type of the service processing service, and sending an external access request to the second gateway under the condition that the external data access is needed;

505: the second routing unit is used for the second gateway to match the second routing rule according to the external access request and send the external access request to a first tax institution of at least one tax institution according to the matching result;

506: and the feedback unit is used for receiving the feedback information sent by the first tax authority according to the external access request by the second gateway.

It can be seen that, in the apparatus described in the embodiment of the present application, the receiving unit is configured to receive, by the first gateway, an access request from a first banking facility of the at least one banking facility, the sending unit is configured to send, by the first gateway, the access request to the data acquisition mechanism when the first banking facility is determined to be an authorized user, the first routing unit is configured to match the first routing rule according to the access request by the data acquisition mechanism and route the access request to a different business processing service type according to a matching result, the external access unit is configured to determine whether external data access is required according to the business processing service type by the data acquisition mechanism, and, when external data access is required, the external access request is sent to the second gateway, and the second routing unit is configured to match the second routing rule according to the external access request by the second gateway and send, according to the matching result, the external access request to the at least one banking facility And a first tax agency in the tax agency is used for receiving feedback information sent by the first tax agency according to the external access request through the second gateway by setting a feedback unit. The data acquisition device described in the embodiment of the application can ensure that the 'bank and tax interaction' service can be compatible with the internal network security communication requirements of different banking institutions and can also unify the requirements of personalized network security communication requirements of different tax institutions in the service communication process.

Specifically, the data acquisition device according to the embodiment of the present application may perform functional unit division according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.

In one possible example, the traffic handling service type comprises an internal traffic handling service and an external traffic handling service, the external access unit further comprises:

and the external business processing module is used for determining that external data access is required under the condition that the business processing service type is the external business processing service.

In one possible example, the apparatus further comprises an internal access unit, the internal access unit being configured to:

In one possible example, the apparatus further includes a cluster deployment unit, configured to, after the first gateway receives the access request from a first banking facility of the at least one banking facility, further:

In one possible example, the cluster deployment mode includes arranging a plurality of servers for the first gateway, and the load balancing the plurality of access requests includes at least one of:

In a possible example, the external access request includes a fixed format header, please refer to fig. 5B, where fig. 5B is a detailed structure diagram of a second routing unit of the data acquisition device according to an embodiment of the present application, and as shown in fig. 5B, the second routing unit includes:

5051: the determining module is used for the second gateway to obtain a message header of the external access request and determine a first tax authority corresponding to the external access request according to the message header;

5052: the conversion module is used for the second gateway to obtain a first message format corresponding to the first tax institution, and perform message format conversion on the external access request according to the first message format to obtain a converted external access request;

5053: and the sending module is used for sending the external access conversion request to the first tax authority by the second gateway.

In one possible example, the apparatus further includes an encryption unit configured to:

In one possible example, the apparatus further comprises:

and the secure channel unit is used for setting a secure channel on the second gateway, and the secure channel is used for transmitting and converting a key corresponding to the external access request.

Referring to fig. 6, in accordance with the embodiment shown in fig. 1, fig. 6 is a schematic structural diagram of another data acquisition device provided in the embodiment of the present application, as shown in fig. 6:

a data acquisition device comprising:

the processor is used for calling the executable program codes stored in the memory and executing part or all of the steps of any data acquisition method in the embodiment of the method, and the computer comprises the electronic terminal equipment.

The memory may be a volatile memory such as a dynamic random access memory DRAM, or a non-volatile memory such as a mechanical hard disk. The memory is used for storing a set of executable program codes, and the processor is used for calling the executable program codes stored in the memory, and can execute the following operations:

The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System for Mobile communications), GPRS (General Packet Radio Service), CDMA2000(Code Division Multiple Access 2000), WCDMA (Wideband Code Division Multiple Access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access), etc.

In one possible example, the memory is configured to store a set of executable program codes, and the processor is configured to call the executable program codes stored in the memory, to divide the service processing service type into an internal service processing service and an external service processing service, and to determine whether external data access is required according to the service processing service type, where the method includes:

and determining that external data access is required under the condition that the type of the business processing service is the external business processing service.

In one possible example, the memory is configured to store a set of executable program code, and the processor is configured to call the executable program code stored in the memory to:

In one possible example, the memory is configured to store a set of executable program code, and the processor is configured to call the executable program code stored in the memory, and further configured to, after the first gateway receives an access request from a first banking institution of the at least one banking institution:

In one possible example, the memory is configured to store a set of executable program code, and the processor is configured to call the executable program code stored in the memory, to arrange a plurality of servers for the first gateway in a cluster deployment mode, to load balance the plurality of access requests, and to load balance the plurality of access requests using an algorithm comprising at least one of:

In one possible example, the external access request includes a fixed-format header, the memory is configured to store a set of executable program codes, and the processor is configured to call the executable program codes stored in the memory, and is configured to match the second routing rule according to the external access request, specifically including:

Embodiments of the present application provide a computer program product, where the computer program product includes a computer program operable to make a computer perform part or all of the steps of any one of the data acquisition methods as described in the above method embodiments, and the computer program product may be a software installation package.

It should be noted that, for the sake of simplicity, any of the above embodiments of the data acquisition method are described as a series of action combinations, but those skilled in the art should understand that the present application is not limited by the described action sequence, because some steps may be performed in other sequences or simultaneously according to the present application. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

The above embodiments of the present application are introduced in detail, and specific embodiments are applied in this text to explain the principles and embodiments of a data acquisition method and apparatus of the present application, and the descriptions of the above embodiments are only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the data acquisition method and apparatus of the present application, there may be changes in the specific implementation and application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, hardware products and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. The memory may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.

It will be appreciated that all products, such as the apparatus and computer program products of the above-described flowcharts, that are controlled or configured to perform the method of processing of the flowcharts described in the method embodiments of a data acquisition method of the present application fall within the scope of the related products described herein.

It is apparent that those skilled in the art can make various changes and modifications to a data acquisition method and apparatus provided in the present application without departing from the spirit and scope of the present application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A data acquisition method is applied to a data acquisition system, and is characterized in that the data acquisition system comprises a data acquisition mechanism, a first gateway and a second gateway, wherein the first gateway and the second gateway are connected with the data acquisition mechanism, the first gateway is communicated with at least one banking mechanism, the second gateway is communicated with at least one tax administration mechanism, and the method comprises the following steps:

the first gateway receives an access request from a first banking institution in the at least one banking institution, wherein the access request is used for the first banking institution to request to access the data acquisition institution;

sending the access request to the data acquisition mechanism if the first gateway determines that the first banking mechanism is an authorized user;

the data acquisition mechanism matches a first routing rule according to the access request and routes the access request to different service processing service types according to a matching result;

the data acquisition mechanism judges whether external data access is needed or not according to the service processing service type, and sends an external access request to the second gateway under the condition that the external data access is needed;

the second gateway matches a second routing rule according to the external access request and sends the external access request to a first tax authority in the at least one tax authority according to a matching result;

2. The method of claim 1, wherein the service processing service types include an internal service processing service and an external service processing service, and the determining whether external data access is required according to the service processing service types comprises:

and determining that external data access is required under the condition that the service processing service type is the external service processing service.

3. The method of claim 2, further comprising:

under the condition that the service processing service type is an internal service processing service, the data acquisition mechanism performs service processing according to the access request to obtain a service processing result;

4. The method of any one of claims 1-3, wherein after the first gateway receives the access request from a first banking institution of the at least one banking institution, the method further comprises:

and under the condition that the first preset number is determined to be reached, the first gateway adopts a cluster deployment mode, and the cluster deployment mode is used for carrying out load balancing processing on a plurality of access requests.

5. The method of claim 4, wherein the cluster deployment mode comprises arranging a plurality of servers for the first gateway, and wherein load balancing the plurality of access requests comprises at least one of:

distributing the access requests to a plurality of servers of the first gateway in turn by adopting a polling algorithm;

6. The method of claim 1, wherein the external access request comprises a fixed format header, and wherein matching a second routing rule based on the external access request comprises:

the second gateway obtains a message header of the external access request, and determines a first tax authority corresponding to the external access request according to the message header;

the second gateway obtains a first message format corresponding to the first tax authority, and performs message format conversion on the external access request according to the first message format to obtain a converted external access request;

the second gateway sends the converted external access request to the first tax authority.

7. The method of claim 6, further comprising:

the second gateway determines a target encryption mode according to the message header of the external access request;

and the second gateway encrypts the converted external access request by adopting the target encryption mode and stores a key corresponding to the converted external access request.

8. The method of claim 7, further comprising:

and setting a secure channel on the second gateway, wherein the secure channel is used for transmitting a key corresponding to the external access request.

9. The utility model provides a data acquisition device, is applied to data acquisition system, its characterized in that, including data acquisition mechanism in the data acquisition system, with first gateway and the second gateway that data acquisition mechanism is connected, first gateway communicates with at least one bank mechanism, the second gateway communicates with at least one tax institution, the device includes:

a receiving unit, configured to receive, by the first gateway, an access request from a first banking institution in the at least one banking institution, where the access request is used by the first banking institution to request access to the data acquisition institution;

a sending unit, configured to send the access request to the data acquisition mechanism when the first gateway determines that the first banking mechanism is an authorized user;

the first routing unit is used for the data acquisition mechanism to match a first routing rule according to the access request and route the access request to different business processing service types according to a matching result;

the external access unit is used for judging whether external data access is needed or not by the data acquisition mechanism according to the service processing service type, and sending an external access request to the second gateway under the condition that the external data access is needed;

the second routing unit is used for matching a second routing rule according to the external access request by the second gateway and sending the external access request to a first tax authority in the at least one tax authority according to a matching result;

and the feedback unit is used for receiving feedback information sent by the first tax authority according to the external access request by the second gateway.

10. A data acquisition device, the device comprising:

the system comprises a processor, a memory and a communication interface, wherein the processor, the memory and the communication interface are connected with each other and complete the communication work among the processors;

the memory having stored thereon executable program code, the communication interface for wireless communication;

the processor is configured to retrieve the executable program code stored on the memory and execute the method of any one of claims 1-8.