CN114244525A - Request data processing method, device, equipment and storage medium - Google Patents

Request data processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN114244525A
CN114244525A CN202111519089.9A CN202111519089A CN114244525A CN 114244525 A CN114244525 A CN 114244525A CN 202111519089 A CN202111519089 A CN 202111519089A CN 114244525 A CN114244525 A CN 114244525A
Authority
CN
China
Prior art keywords
access
request
receiving
service
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111519089.9A
Other languages
Chinese (zh)
Other versions
CN114244525B (en
Inventor
张警威
王程龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202111519089.9A priority Critical patent/CN114244525B/en
Publication of CN114244525A publication Critical patent/CN114244525A/en
Application granted granted Critical
Publication of CN114244525B publication Critical patent/CN114244525B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/215Flow control; Congestion control using token-bucket
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Abstract

The embodiment of the invention discloses a method, a device, equipment and a storage medium for processing request data. Receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag; the access requests are checked in sequence; if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system; receiving a service request sent by an ERP system; the service request comprises an encrypted and signed message and a dynamic access token; the service requests are checked in sequence; and if the verification is passed, processing the service request, and returning a processing result to the ERP system. The data transmitted between systems can be processed, and the safety of the data is improved.

Description

Request data processing method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of library processing, in particular to a method, a device, equipment and a storage medium for processing request data.
Background
With the rapid development and business model evolution of electronic commerce, in actual production, Enterprise-level customers often put forward the requirement of interfacing with the e-commerce platform system, so as to widen their own sales channels or make up for some of the deficiencies of the Enterprise Resource management Planning (ERP) system in their own ability, especially in the B2B electronic commerce field. From the perspective of the e-commerce platform, how to meet the requirement of the docking of a plurality of enterprise ERP systems on the premise of not affecting the existing platform system becomes a ring which is not negligible in the business development.
In addition, for the e-commerce platform, it is impossible to develop the corresponding function every time an enterprise ERP system is connected, so the e-commerce platform establishes a standard API gateway to process the request sent by the enterprise ERP system and forwards the relevant service request to the existing service system of the e-commerce platform for processing, thereby achieving the effect of avoiding repeated development. When the enterprise ERP system communicates with the E-commerce platform API gateway, network environments of most scenes are interacted through a public network, so that communication data between the two parties can be subjected to risks of attack, stealing and tampering at any time, data transmission safety is quite important at the moment, and the safety protection function of the E-commerce platform API gateway system is required to be complete.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a device, and a storage medium for processing request data, which can process data transmitted between systems and improve data security.
In a first aspect, an embodiment of the present invention provides a method for processing request data, including:
receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag;
the access requests are checked in sequence;
if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system;
receiving a service request sent by the ERP system; the service request comprises an encrypted and signed message and the dynamic access token;
the service requests are checked in sequence;
and if the verification is passed, processing the service request, and returning a processing result to the ERP system.
In a second aspect, an embodiment of the present invention further provides a method for processing request data, including:
receiving an access unique identifier, a unique private key and a digital signature certificate which are sent by an e-commerce platform;
signing the access unique identifier according to the digital signature certificate to generate an access request, and sending the access request to the e-commerce platform;
receiving a dynamic access token sent by the E-commerce platform;
generating a service request according to the dynamic access token and the unique private key, and sending the service request to the e-commerce platform;
and receiving a processing result sent by the E-commerce platform.
In a third aspect, an embodiment of the present invention further provides a request data processing apparatus, including:
the access request sending module is used for receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag;
the first checking module is used for checking the access requests in sequence;
the dynamic access token generation module is used for generating a dynamic access token if the access request passes the verification and sending the dynamic access token to the ERP system;
the service request receiving module is used for receiving a service request sent by the ERP system; the service request comprises an encrypted and signed message and the dynamic access token;
the second check module is used for sequentially checking the service requests;
and the processing module is used for processing the service request and returning a processing result to the ERP system if the service request passes the verification.
In a fourth aspect, an embodiment of the present invention further provides a request data processing apparatus, including:
the access unique identifier receiving module is used for receiving an access unique identifier, a unique private key and a digital signature certificate which are sent by the e-commerce platform;
the access request generation module is used for signing the access unique identifier according to the digital signature certificate, generating an access request and sending the access request to the e-commerce platform;
the dynamic access token receiving module is used for receiving a dynamic access token sent by the E-commerce platform;
the business request generating module is used for generating a business request according to the dynamic access token and the unique private key and sending the business request to the e-commerce platform;
and the processing result receiving module is used for receiving the processing result sent by the E-commerce platform.
In a fifth aspect, an embodiment of the present invention further provides a computer device, where the computer device includes: comprising a memory, a processor and a computer program stored on the memory and operable on the processor, the processor implementing the method for processing request data according to an embodiment of the invention when executing the program.
In a sixth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processing apparatus, implements the method for processing request data according to the embodiment of the present invention.
The embodiment of the invention discloses a method, a device, equipment and a storage medium for processing request data. Receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag; the access requests are checked in sequence; if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system; receiving a service request sent by an ERP system; the service request comprises an encrypted and signed message and a dynamic access token; the service requests are checked in sequence; and if the verification is passed, processing the service request, and returning a processing result to the ERP system. The data transmitted between systems can be processed, and the safety of the data is improved.
Drawings
FIG. 1 is a flowchart of a method for processing request data according to a first embodiment of the present invention;
fig. 2 is a schematic diagram of an ERP system accessing an e-commerce platform in the first embodiment of the present invention;
FIG. 3 is a diagram illustrating verification of an access request to an enterprise ERP system according to a first embodiment of the present invention;
FIG. 4 is a flowchart of a method for processing request data according to a second embodiment of the present invention;
fig. 5 is a signaling diagram of an enterprise ERP system accessing an e-commerce platform in the second embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a request data processing apparatus according to a third embodiment of the present invention;
FIG. 7 is a schematic structural diagram of a request data processing apparatus according to a fourth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a computer device in the fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
In an actual butt-joint application scene, because the enterprise ERP systems are various and have different skills, the difference of the multiple ERP systems needs to be solved on the E-business platform side, the technical access is unified, and the adopted method is to provide sdk packaging devices (such as the unification of technical contents of a signature algorithm, an encryption algorithm, a character set code and the like) for the enterprise ERP systems, so that the butt-joint difficulty and period of the two systems are reduced, and the manpower and financial resources are saved.
Example one
Fig. 1 is a flowchart of a request data processing method according to an embodiment of the present invention, where this embodiment is applicable to a case of processing request data sent by an ERP system to an e-commerce platform, and the method may be executed by a request data processing device disposed in the e-commerce platform. As shown in fig. 1, the method specifically includes S110-S160.
Fig. 2 is a schematic diagram of the ERP system accessing the e-commerce platform in this embodiment. As shown in fig. 2, the e-commerce platform provides an enterprise ERP system with a Software Development Kit (SDK) package through which the enterprise ERR system performs system functionality expansion.
The SDK package includes an Application Programming Interface (API) component, an API document, and an API use case (Demo case). The API component can be developed by adopting programming languages such as java, php or c #. The API component provides functions of signature calculation, encryption and decryption and message format unification required when accessing the E-commerce platform API gateway for the ERP system, and simultaneously supports the mode of configuring a plurality of system configuration files to dynamically switch the docking account number, thereby meeting part of special service requirements. The API document may be a document of an API that the e-commerce platform API gateway provides access to, including details of the request message and the return message. The Demo example is used to demonstrate how to quickly use the API components, including the access token, use examples of all business APIs.
For an enterprise ERP system, an e-commerce platform needs to apply for an access unique identifier (AppId), a unique private key (AppSecret) and a digital signature certificate, and before accessing an API gateway of the e-commerce platform, the access unique identifier needs to be signed according to the digital signature certificate (a sha256WithRsa signature algorithm can be adopted), so that an access request is obtained.
And S110, receiving an access request sent by the ERP system.
The access request carries the signed access unique identifier. The ERP system is an enterprise internal management system. Specifically, an API gateway of the e-commerce platform receives an access request sent by the enterprise ERP system.
And S120, checking the access requests in sequence.
The verification processing sequentially comprises flow control verification, replay attack verification, black and white list verification and signature verification. The flow control verification can adopt a token bucket algorithm to carry out flow control; replay attack checks may be an attack prevention means to prevent an attacker from sending a packet that the API gateway has received in order to spoof the system. The black-and-white list check can be understood as preventing the enterprise ERP system in the black list from accessing the system. Signature verification may be understood as verifying a signature that accesses a unique identity.
And S130, if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system.
Wherein the dynamic access token (token) may be an access token dynamically generated by the API gateway. For example, fig. 3 is a schematic diagram illustrating verification of an access request of an enterprise ERP system in this embodiment. As shown in fig. 3, a component in the enterprise ERP system uses a digital signature certificate to sign an AppID and then sends a request for obtaining a token to an API gateway, the API gateway verifies the request, if the verification is passed, the token is returned to the enterprise ERP system, the API component signs a message and uses the token to initiate a service request to the API gateway, a micro-service module in the e-commerce platform processes the service request, obtains a processing result, and returns the processing result to the enterprise ERP system.
And S140, receiving a service request sent by the ERP system.
The service request comprises an encrypted and signed message and a dynamic access token. In this embodiment, after receiving the token, the enterprise ERP system encrypts the service access packet according to the unique private key, signs the encrypted service access packet by using a set signature algorithm, adds the dynamic access token to the head of the service access packet, obtains the service request, and sends the service request to the gateway of the e-commerce platform.
The service access message may be encrypted by using a symmetric encryption algorithm or a hybrid encryption algorithm. The set signature algorithm may be sha256, sm3 signature algorithm.
And S150, checking the service requests in sequence.
The verification processing sequentially comprises flow control verification, replay attack verification, black and white list verification and signature verification.
And S160, if the verification is passed, processing the service request, and returning a processing result to the ERP system.
And if the service request passes the verification, the e-commerce platform calls the micro-service to process the service request to obtain a processing result.
According to the technical scheme of the embodiment, an access request sent by an enterprise resource management plan (ERP) system is received; the access request carries an access unique identifier with a tag; the access requests are checked in sequence; if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system; receiving a service request sent by an ERP system; the service request comprises an encrypted and signed message and a dynamic access token; the service requests are checked in sequence; and if the verification is passed, processing the service request, and returning a processing result to the ERP system. The data transmitted between systems can be processed, and the safety of the data is improved.
Example two
Fig. 4 is a flowchart of a requested data processing method according to a second embodiment of the present invention, where the method may be executed by a requested data processing apparatus disposed in an enterprise ERP system. As shown in FIG. 1, the method specifically comprises S210-S150
S210, receiving the access unique identification, the unique private key and the digital signature certificate sent by the E-commerce platform.
And S220, signing the access unique identifier according to the digital signature certificate, generating an access request, and sending the access request to the e-commerce platform.
And S230, receiving the dynamic access token sent by the E-commerce platform.
And S240, generating a service request according to the dynamic access token and the unique private key, and sending the service request to the e-commerce platform.
And S250, receiving the processing result sent by the E-commerce platform.
The process of generating the service request according to the dynamic access token and the unique private key may be: encrypting the service access message according to the unique private key, and signing the encrypted service access message by adopting a set signature algorithm; and adding the dynamic access token to the head of the service access message to obtain a service request.
For example, fig. 5 is a signaling diagram of the access of the enterprise ERP system to the e-commerce platform in this embodiment. As shown in fig. 5, the e-commerce platform includes a gateway security control layer, a gateway APU interaction layer, a gateway cache database, and an authentication server. The enterprise ERP system uses the digital signature certificate to sign the AppId, and accesses the target system to acquire the identity token. And the E-commerce platform API gateway receives a request of the ERP system for obtaining the token, sequentially performs flow control verification, replay verification, black and white list verification and signature verification, and generates the token and returns the token to the source system after the verification is passed. If the enterprise ERP system successfully acquires the token, the AppSecret is used for sequentially encrypting (AES symmetric encryption) and signing (supporting sha256 and sm3 signature algorithms) the normal service access message, the token is put in the head of the message, and the E-commerce platform API gateway is accessed. After receiving the service request of the ERP system, the E-business platform API gateway performs flow control validation, replay validation, black and white list validation and signature validation in sequence, after validation is passed, the API interaction layer maps the service request to the corresponding micro-service processing, after processing is finished, a result is returned to the API gateway, and the gateway returns the result to the ERP system.
According to the technical scheme of the embodiment, the access unique identifier, the unique private key and the digital signature certificate which are sent by the e-commerce platform are received; signing the access unique identifier according to the digital signature certificate to generate an access request, and sending the access request to the e-commerce platform; receiving a dynamic access token sent by an e-commerce platform; generating a service request according to the dynamic access token and the unique private key, and sending the service request to the e-commerce platform; and receiving the processing result sent by the e-commerce platform. The data transmitted between systems can be processed, and the safety of the data is improved.
EXAMPLE III
Fig. 6 is a schematic structural diagram of a request data processing apparatus according to a third embodiment of the present invention. As shown in fig. 6, the apparatus includes:
an access request sending module 610, configured to receive an access request sent by an enterprise resource management plan ERP system; the access request carries an access unique identifier with a tag;
a first checking module 620, configured to check the access requests in sequence;
the dynamic access token generation module 630 is configured to generate a dynamic access token if the access request passes the verification, and send the dynamic access token to the ERP system;
the service request receiving module 640 is configured to receive a service request sent by the ERP system; the service request comprises an encrypted and signed message and a dynamic access token;
the second checking module 650 is configured to perform checking processing on the service requests in sequence;
and the processing module 660 is configured to process the service request and return a processing result to the ERP system if the service request passes the verification.
Optionally, the verification processing sequentially includes flow control verification, replay attack verification, black and white list verification, and signature verification.
Optionally, the method further includes: a software development kit sending module for:
sending a software development kit to the ERP system, so that the ERP system expands functions based on the software development kit; the software development kit comprises an Application Programming Interface (API) component and an API document.
Optionally, the method further includes: an access unique identifier sending module, configured to:
and sending the access unique identifier, the unique private key and the digital signature certificate to the ERP system, so that the ERP system signs the access unique identifier according to the digital signature certificate and encrypts the data request according to the unique private key.
Example four
Fig. 7 is a schematic structural diagram of a request data processing apparatus according to a third embodiment of the present invention. As shown in fig. 7, the apparatus includes:
the access unique identifier receiving module 710 is used for receiving an access unique identifier, a unique private key and a digital signature certificate which are sent by the e-commerce platform;
the access request generating module 720 is configured to sign the access unique identifier according to the digital signature certificate, generate an access request, and send the access request to the e-commerce platform;
the dynamic access token receiving module 730 is used for receiving a dynamic access token sent by the e-commerce platform;
the service request generation module 740 is configured to generate a service request according to the dynamic access token and the unique private key, and send the service request to the e-commerce platform;
and a processing result receiving module 750, configured to receive a processing result sent by the e-commerce platform.
Optionally, the service request generating module 740 is further configured to:
encrypting the service access message according to the unique private key, and signing the encrypted service access message by adopting a set signature algorithm;
and adding the dynamic access token to the head of the service access message to obtain a service request.
The device can execute the methods provided by all the embodiments of the invention, and has corresponding functional modules and beneficial effects for executing the methods. For details not described in detail in this embodiment, reference may be made to the methods provided in all the foregoing embodiments of the present invention.
EXAMPLE five
Fig. 8 is a schematic structural diagram of a computer device according to a fifth embodiment of the present invention. FIG. 3 illustrates a block diagram of a computer device 312 suitable for use in implementing embodiments of the present invention. The computer device 312 shown in FIG. 3 is only an example and should not bring any limitations to the functionality or scope of use of embodiments of the present invention. Device 312 is a typical computing device requesting data processing functionality.
As shown in FIG. 3, computer device 312 is in the form of a general purpose computing device. The components of computer device 312 may include, but are not limited to: one or more processors 316, a storage device 328, and a bus 318 that couples the various system components including the storage device 328 and the processors 316.
Bus 318 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an enhanced ISA bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnect (PCI) bus.
Computer device 312 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 312 and includes both volatile and nonvolatile media, removable and non-removable media.
Storage 328 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 330 and/or cache Memory 332. The computer device 312 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 334 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 3, and commonly referred to as a "hard drive"). Although not shown in FIG. 3, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a Compact disk-Read Only Memory (CD-ROM), a Digital Video disk (DVD-ROM), or other optical media) may be provided. In these cases, each drive may be connected to bus 318 by one or more data media interfaces. Storage 328 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
Program 336 having a set (at least one) of program modules 326 may be stored, for example, in storage 328, such program modules 326 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which may comprise an implementation of a network environment, or some combination thereof. Program modules 326 generally carry out the functions and/or methodologies of embodiments of the invention as described herein.
The computer device 312 may also communicate with one or more external devices 314 (e.g., keyboard, pointing device, camera, display 324, etc.), with one or more devices that enable a user to interact with the computer device 312, and/or with any devices (e.g., network card, modem, etc.) that enable the computer device 312 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 322. Also, computer device 312 may communicate with one or more networks (e.g., a Local Area Network (LAN), Wide Area Network (WAN), etc.) and/or a public Network, such as the internet, via Network adapter 320. As shown, network adapter 320 communicates with the other modules of computer device 312 via bus 318. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the computer device 312, including but not limited to: microcode, device drivers, Redundant processing units, external disk drive Arrays, disk array (RAID) systems, tape drives, and data backup storage systems, to name a few.
The processor 316 executes various functional applications and data processing, for example, implementing the requested data processing method provided by the above-described embodiment of the present invention, by executing programs stored in the storage 328.
EXAMPLE six
Embodiments of the present invention provide a computer-readable storage medium having stored thereon a computer program that, when executed by a processing apparatus, implements a method of screening asset data as in embodiments of the present invention. The computer readable medium of the present invention described above may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag; the access requests are checked in sequence; if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system; receiving a service request sent by the ERP system; the service request comprises an encrypted and signed message and the dynamic access token; the service requests are checked in sequence; and if the verification is passed, processing the service request, and returning a processing result to the ERP system.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A method for processing request data, comprising:
receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag;
the access requests are checked in sequence;
if the verification is passed, generating a dynamic access token, and sending the dynamic access token to the ERP system;
receiving a service request sent by the ERP system; the service request comprises an encrypted and signed message and the dynamic access token;
the service requests are checked in sequence;
and if the verification is passed, processing the service request, and returning a processing result to the ERP system.
2. The method of claim 1, wherein the verification process comprises flow control verification, replay attack verification, black and white list verification, and signature verification, in that order.
3. The method of claim 1, prior to receiving the access request sent by the enterprise resource management plan, ERP, system, further comprising:
sending a software development kit to the ERP system, so that the ERP system expands functions based on the software development kit; wherein the software development kit comprises an Application Programming Interface (API) component and an API document.
4. The method of claim 1, prior to receiving the access request sent by the enterprise resource management plan, ERP, system, further comprising:
and sending an access unique identifier, a unique private key and a digital signature certificate to the ERP system, so that the ERP system signs the access unique identifier according to the digital signature certificate and encrypts a data request according to the unique private key.
5. A method for processing request data, comprising:
receiving an access unique identifier, a unique private key and a digital signature certificate which are sent by an e-commerce platform;
signing the access unique identifier according to the digital signature certificate to generate an access request, and sending the access request to the e-commerce platform;
receiving a dynamic access token sent by the E-commerce platform;
generating a service request according to the dynamic access token and the unique private key, and sending the service request to the e-commerce platform;
and receiving a processing result sent by the E-commerce platform.
6. The method of claim 5, wherein generating a service request based on the dynamic access token and the unique private key comprises:
encrypting the service access message according to the unique private key, and signing the encrypted service access message by adopting a set signature algorithm;
and adding the dynamic access token to the head of the service access message to obtain a service request.
7. A request data processing apparatus, comprising:
the access request sending module is used for receiving an access request sent by an enterprise resource management plan (ERP) system; the access request carries an access unique identifier with a tag;
the first checking module is used for checking the access requests in sequence;
the dynamic access token generation module is used for generating a dynamic access token if the access request passes the verification and sending the dynamic access token to the ERP system;
the service request receiving module is used for receiving a service request sent by the ERP system; the service request comprises an encrypted and signed message and the dynamic access token;
the second check module is used for sequentially checking the service requests;
and the processing module is used for processing the service request and returning a processing result to the ERP system if the service request passes the verification.
8. A request data processing apparatus, comprising:
the access unique identifier receiving module is used for receiving an access unique identifier, a unique private key and a digital signature certificate which are sent by the e-commerce platform;
the access request generation module is used for signing the access unique identifier according to the digital signature certificate, generating an access request and sending the access request to the e-commerce platform;
the dynamic access token receiving module is used for receiving a dynamic access token sent by the E-commerce platform;
the business request generating module is used for generating a business request according to the dynamic access token and the unique private key and sending the business request to the e-commerce platform;
and the processing result receiving module is used for receiving the processing result sent by the E-commerce platform.
9. A computer device, the device comprising: comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of processing request data according to any one of claims 1 to 6 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processing device, carries out a method of processing request data according to any one of claims 1 to 6.
CN202111519089.9A 2021-12-13 2021-12-13 Request data processing method, device, equipment and storage medium Active CN114244525B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111519089.9A CN114244525B (en) 2021-12-13 2021-12-13 Request data processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111519089.9A CN114244525B (en) 2021-12-13 2021-12-13 Request data processing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114244525A true CN114244525A (en) 2022-03-25
CN114244525B CN114244525B (en) 2024-03-01

Family

ID=80755217

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111519089.9A Active CN114244525B (en) 2021-12-13 2021-12-13 Request data processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114244525B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749531A (en) * 2024-02-20 2024-03-22 中国信息通信研究院 Data platform management method, device, equipment and medium based on industrial Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413057A (en) * 2011-12-22 2012-04-11 北京新媒传信科技有限公司 Method and system for providing service application in internet
US20140365659A1 (en) * 2013-06-05 2014-12-11 Sap Ag Load controller framework
CN110809011A (en) * 2020-01-08 2020-02-18 医渡云(北京)技术有限公司 Access control method and system, and storage medium
CN111556006A (en) * 2019-12-31 2020-08-18 远景智能国际私人投资有限公司 Third-party application system login method, device, terminal and SSO service platform
CN112417425A (en) * 2020-12-03 2021-02-26 腾讯科技(深圳)有限公司 Equipment authentication method, device, system, terminal equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413057A (en) * 2011-12-22 2012-04-11 北京新媒传信科技有限公司 Method and system for providing service application in internet
US20140365659A1 (en) * 2013-06-05 2014-12-11 Sap Ag Load controller framework
CN111556006A (en) * 2019-12-31 2020-08-18 远景智能国际私人投资有限公司 Third-party application system login method, device, terminal and SSO service platform
CN110809011A (en) * 2020-01-08 2020-02-18 医渡云(北京)技术有限公司 Access control method and system, and storage medium
CN112417425A (en) * 2020-12-03 2021-02-26 腾讯科技(深圳)有限公司 Equipment authentication method, device, system, terminal equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117749531A (en) * 2024-02-20 2024-03-22 中国信息通信研究院 Data platform management method, device, equipment and medium based on industrial Internet

Also Published As

Publication number Publication date
CN114244525B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
TWI701623B (en) Logistics information transmission method, system and device based on blockchain
TWI672648B (en) Business process method and device, data share system, and storage medium
US11244054B2 (en) Method and apparatus for trusted computing
US20230014599A1 (en) Data processing method and apparatus for blockchain system
CN108923925B (en) Data storage method and device applied to block chain
CN116491098A (en) Certificate-based security using post-use quantum cryptography
US10305693B2 (en) Anonymous secure socket layer certificate verification in a trusted group
US20200412535A1 (en) Authentication information transmission method, apparatus, and storage medium
CN107920060B (en) Data access method and device based on account
CN109146482B (en) Block chain-based user rights and interests providing method and device
CN114244525B (en) Request data processing method, device, equipment and storage medium
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
CN112600830A (en) Service data processing method and device, electronic equipment and storage medium
CN114499893B (en) Bidding file encryption and evidence storage method and system based on block chain
CN111832046B (en) Trusted data certification method based on blockchain technology
CN116471327B (en) Cloud resource processing method, device, equipment and storage medium
CN110659476A (en) Method and apparatus for resetting password
KR102560596B1 (en) Zero-knowledge proof and edge computing based baas system and method to improve data privacy vulnerabilities
US11201856B2 (en) Message security
CN113626873B (en) Authentication method, device, electronic equipment and computer readable medium
CN115952518B (en) Data request method, device, electronic equipment and storage medium
CN115766830B (en) Computing power network processing method, device, equipment and storage medium
CN116226932A (en) Service data verification method and device, computer medium and electronic equipment
CN116017436A (en) Data access method, device, equipment and storage medium
CN117874830A (en) License processing method and device based on application service and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant