CN116633725A - All-channel access gateway - Google Patents

All-channel access gateway Download PDF

Info

Publication number
CN116633725A
CN116633725A CN202310370296.5A CN202310370296A CN116633725A CN 116633725 A CN116633725 A CN 116633725A CN 202310370296 A CN202310370296 A CN 202310370296A CN 116633725 A CN116633725 A CN 116633725A
Authority
CN
China
Prior art keywords
channel
service
access
channel access
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310370296.5A
Other languages
Chinese (zh)
Inventor
郭宏博
张文
周春
陈亮
陈雁
万泉
赵婧
欧阳红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing China Power Information Technology Co Ltd
Original Assignee
Beijing China Power Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing China Power Information Technology Co Ltd filed Critical Beijing China Power Information Technology Co Ltd
Priority to CN202310370296.5A priority Critical patent/CN116633725A/en
Publication of CN116633725A publication Critical patent/CN116633725A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a full channel access gateway, which relates to the technical field of computers, wherein the full channel access gateway comprises: a full channel access service gateway and a full channel access management application; the full channel access service gateway is used for providing a unified access entrance for the channel through the front end of the full channel access gateway and sending a channel authentication request to the full channel access management application based on the accessed channel; the full channel access management application is used for receiving a channel authentication request, carrying out channel authentication on the channel to generate an authentication result, and sending the authentication result to the full channel access service gateway; the all-channel access service gateway is also used for receiving an authentication result, and accessing the channel to a marketing business center in the marketing service system when the authentication result is that the channel is authenticated.

Description

All-channel access gateway
Technical Field
The application relates to the technical field of computers, in particular to a full channel access gateway.
Background
The national network company initiates the construction of the marketing service system. In the construction process, the marketing service system channel business faces challenges of multiple channels, nonuniform access and the like, and at present, the marketing service system is difficult to ensure stable operation of channel access and management due to the variability of the multiple and different channels in access.
Disclosure of Invention
Therefore, the main purpose of the application is to provide a full channel access gateway to realize the unified access of the full channel.
The application provides a full channel access gateway, which is applied to a marketing service system, and comprises: a full channel access service gateway and a full channel access management application;
the full channel access service gateway is used for providing a unified access entrance for the channel through the front end of the full channel access gateway and sending a channel authentication request to the full channel access management application based on the accessed channel;
the full channel access management application is used for receiving a channel authentication request, carrying out channel authentication on the channel to generate an authentication result, and sending the authentication result to the full channel access service gateway;
the all-channel access service gateway is also used for receiving an authentication result, and accessing the channel to a marketing business center in the marketing service system when the authentication result is that the channel is authenticated.
Preferably, the all-channel access service gateway comprises: channel access module, channel calling module and encryption and decryption module;
the channel access module is used for receiving a channel access request sent by a channel and providing a channel access function for the channel by deploying RESTful service, socket service, webservice service and Tuxedo service;
The channel calling module is used for receiving a service interface calling request sent by a channel and providing a calling function of a channel service interface for the channel by deploying RESTful service, socket service, webservice service and Tuxedo service;
the encryption and decryption module is used for acquiring the channel access request, carrying out encryption and decryption processing on the channel access request, and sending the processed channel access request to the channel access module; and the channel calling module is also used for acquiring the service interface calling request, encrypting and decrypting the service interface calling request and sending the processed service interface calling request to the channel calling module.
Preferably, the all-channel access service gateway further comprises: a channel authentication module;
the channel authentication module is used for carrying out access authentication on the channel, and the access authentication comprises the following steps: authorization code authentication, client authentication, and password authentication; the method is also used for acquiring identity verification information of the channel and carrying out identity authentication on the channel according to the identity verification information, and the identity verification information comprises: channel account number, binding identification ID information and channel current state; and is also used for channel service authentication of the channel when the channel calls the channel service interface.
Preferably, the all-channel access service gateway further comprises: a service management module;
The service management module is used for collecting an interface call log of the channel service interface and analyzing the interface call log to generate an analysis result; the channel service interface is also used for fusing the channel service interface when the channel service interface is unavailable or the response time exceeds a preset threshold value; and the method is also used for recovering the calling link of the channel service interface when the fused channel service interface is recovered to be normal.
Preferably, the full channel access management application comprises: the system comprises a service authorization management module, a flow limiting configuration management module and a channel service monitoring module;
the service authorization management module is used for carrying out authorization management on channel services called through the channel service interface and service data returned by the channel services;
the flow limiting configuration management module is used for monitoring the real-time access flow condition of the channel service; the system is also used for acquiring a service flow limiting strategy of the marketing service system and limiting the channel service according to the service flow limiting strategy;
the channel business monitoring module is used for monitoring channel access abnormality and channel service abnormality and alarming when the channel access abnormality or the channel service abnormality occurs, and the channel service abnormality comprises: the channel service interface calls the abnormality and the channel service accesses the abnormality; the system is also used for monitoring abnormal transmission of the business file and alarming when the abnormal transmission occurs, and the business file is generated when a channel transacts business through channel service.
Preferably, the full channel access management application further comprises: a channel service management module;
the channel service management module is used for managing the registration information of the channel service and the interface parameters of the channel service interface; the method is also used for carrying out arrangement simulation on the channel service, generating service arrangement simulation configuration information, carrying out joint debugging test on the channel service interface according to the service arrangement simulation configuration information, and registering information comprises the following steps: interface code, interface name, interface mode, interface provider, interface caller and service address.
Preferably, the full channel access management application comprises: a channel access management module;
the channel access management module is used for managing application information, payment information and deduction account information of the channel, wherein the application information comprises: application code, application name, application type, deployment style, deployment location, and application description, the payment information includes: payment channel number, payment channel name, channel status, and channel type, the deduction account information includes: merchant number, account number, and payment channel name.
Preferably, the network architecture of the all-channel access gateway includes: the system comprises an Internet large area, a management information large area and a private line access area, wherein the private line access area comprises an intranet private line access area and an Internet private line access area;
The full channel access service gateway and the full channel access management application are deployed in the management information area, and the full channel access gateway is pre-deployed in the private line access area and the Internet area.
Preferably, a physical isolation device is adopted between the management information area and the Internet area for safety protection, and a firewall is adopted between the management information area and the private line access area for safety protection.
Preferably, the management information area deploys a platform micro service, a cloud platform component and a platform management interface based on an alicloud platform, and the platform micro service comprises: the cloud platform component comprises a message queue, a management information large area cache service, a database and a log library;
the Internet large area deploys all-channel access gateway micro-service, intranet and extranet penetration micro-service and Internet large area cache service;
the private line access area deploys all-channel access gateway micro-service and private line access area caching service.
The technical scheme provided by the application has the following beneficial effects:
the all-channel access gateway applied to the marketing service system comprises an all-channel access service gateway and an all-channel access management application; the full channel access service gateway is used for providing a unified access entrance for the channel through the front end of the full channel access gateway and sending a channel authentication request to the full channel access management application based on the accessed channel; the full channel access management application is used for receiving a channel authentication request, carrying out channel authentication on the channel to generate an authentication result, and sending the authentication result to the full channel access service gateway; the all-channel access service gateway is also used for receiving an authentication result, and accessing the channel to the marketing business center in the marketing service system when the authentication result is that the channel is authenticated, thereby realizing the unified access from the all-channel to the marketing business center in the marketing service system.
Drawings
Fig. 1 is a schematic diagram of a full channel access gateway according to an embodiment of the present application;
fig. 2 is a schematic diagram of a full channel access service gateway according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a full channel access management application according to an embodiment of the present application;
fig. 4 is an application architecture diagram of a full channel access service gateway according to an embodiment of the present application;
fig. 5 is an application architecture diagram of a full channel access management application according to an embodiment of the present application;
fig. 6 is a technical architecture diagram of a full channel access gateway according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "first," "second," "third," "fourth" and the like in the description and in the claims and in the above drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Referring to fig. 1, an embodiment of the present application provides a full channel access service gateway, which is applied to a marketing service system, and includes: the all channel access service gateway 10 and the all channel access management application 20.
The full channel access service gateway is used for providing a unified access entrance for the channel through the front end of the full channel access gateway and sending a channel authentication request to the full channel access management application based on the accessed channel;
in the embodiment of the application, the channel is accessed through the Internet community and the private line access area comprising the intranet private line access area and the Internet private line access area, and the front of the all-channel access gateway integrates the channels accessed through the private line access area or the Internet community to provide a unified access entrance.
In an embodiment of the present application, the channel may include: terminal channel, online national net APP channel, electronic e table channel, third party API channel, government affair channel, bank channel, wherein, third party channel is for example pay treasures, weChat etc.. Specifically, the terminal channel refers to a channel in which products or services are directly provided to the end consumer; the online national network APP channel refers to a channel for providing products or services through a mobile Application (APP) developed by a national network company; the electricity e meter channel refers to a channel for providing services through an electronic electricity meter; third party API channels refer to channels that provide products or services through a third party Application Program Interface (API). For example, third party payment channels such as payment treasures, weChat and the like can embed payment functions into other application programs through an API interface; government agencies provide public services through government portals, mobile phone APP and other channels; a banking channel refers to a channel that provides services through a bank.
In the embodiment of the application, the channel is firstly accessed at the front of the all-channel access gateway and finally accessed to the all-channel access service gateway, and then the all-channel access service gateway authenticates the accessed channel based on the accessed channel to the all-channel access management application request, so that the aim of authentication is to avoid that an illegal channel is accessed to a marketing business center in an information intranet, thereby endangering the network security of a marketing service system.
The full channel access management application is used for receiving the channel authentication request, carrying out channel authentication on the channel to generate an authentication result, and sending the authentication result to the full channel access service gateway.
In the embodiment of the application, the purpose of authenticating the channel is to confirm whether the channel has legal identity for accessing to the marketing service center, and the full-channel access service gateway can judge whether the channel can access to the marketing service center of the marketing service system according to the authentication result.
The all-channel access service gateway is also used for receiving an authentication result, and accessing the channel to a marketing business center in the marketing service system when the authentication result is that the channel is successfully authenticated.
Specifically, in the marketing service system, the marketing service center refers to a distributed integration architecture, and the main functions are to integrate channel services of the marketing service system and to perform unified management in the marketing service center.
Referring to fig. 2, as an implementation manner of the embodiment of the present application, the all-channel access service gateway includes: channel access module 101, channel call module 102, and encryption/decryption module 103;
the channel access module 101 is configured to receive a channel access request sent by a channel, and provide a channel access function for the channel by deploying a RESTful service, a Socket service, a Webservice service, and a Tuxedo service.
In the embodiment of the application, RESTful is deployed for transmitting channel access requests, so that channel access efficiency is improved; the lightweight connection is established by deploying the socket, so that the data transmission efficiency in channel access is improved; the cross-language communication is realized by deploying WebService, so that channels are easier to access; and through the expandability of the Tucedo service, the operability of optimizing the subsequent channel access flow is improved. In the whole, by deploying RESTful service, socket service, webservice service and Tuxedo service, the channel access adaptation capability is effectively improved.
The channel calling module 102 is configured to receive a service interface calling request sent by a channel, and provide a calling function of a channel service interface for the channel by deploying a RESTful service, a Socket service, a Webservice service and a Tuxedo service.
In the embodiment of the application, the channel accesses the channel service by calling the channel service interface so as to realize the handling of various marketing services. In addition, as an alternative implementation manner, the channel calling module can also realize the uploading and downloading of the FTP file through connecting with a file transfer protocol (FileTransferProtocol, FTP) service, wherein the FTP file can be a text file generated by a channel calling service interface.
The encryption and decryption module 103 is used for obtaining a channel access request, encrypting and decrypting the channel access request, and sending the processed channel access request to the channel access module; and the channel calling module is also used for acquiring the service interface calling request, encrypting and decrypting the service interface calling request and sending the processed service interface calling request to the channel calling module.
In the embodiment of the application, the encryption and decryption module supports end-to-end unidirectional authentication and bidirectional authentication based on a secure socket layer protocol (SecureSocketsLayer, SSL)/transport layer security protocol (TransportLayer Security, TLS) as a secure communication protocol in terms of data communication security; in terms of data transmission security, encryption and decryption are unified by adopting a national encryption algorithm, wherein the national encryption algorithm refers to a series of algorithms which are standardized by the national cipher administration, such as an SM2 algorithm, an SM3 algorithm, an SM4 algorithm and the like, wherein SM2 is a public key algorithm with encryption strength of 256 bits, SM3 is a cipher hash algorithm with hash value length of 32 bytes, and SMS4 is a symmetric encryption algorithm with encryption strength of 128 bits. In addition, the encryption and decryption module can be further used for signing and verifying the service interface call request, and the signing is performed on the signed service interface call request to prevent the service interface call request from being tampered, specifically, signing refers to generating a digital signature of the channel interface call request by using a private key, and verifying refers to decrypting the digital signature of the channel interface call request by using a public key.
Referring to fig. 2, in some implementations of embodiments of the application, the full channel access service gateway may further include: channel authentication module 104.
A channel authentication module 104, configured to perform access authentication on a channel; the system is also used for acquiring identity verification information of the channel and carrying out identity authentication on the channel according to the identity verification information; and is also used for channel service authentication of the channel when the channel calls the channel service interface.
Wherein the access authentication comprises: authorization code authentication, client authentication, password authentication, and easy authentication, the identity verification information includes: channel account number, binding identification ID information, and channel current status.
In the embodiment of the application, the channel authentication module is used for carrying out unified authentication, identity authentication and channel authentication on the channel.
In terms of access authentication, multiple authentication modes are implemented based on OAuth protocol, including: authorization code authentication, client authentication and password authentication, and in addition, simple authentication can be further adopted to meet different access authentication mode requirements. The simple authentication means that the channel can determine the identity of the channel and pass the authentication only by providing some simple information or credentials such as an IP address, a domain name and the like. The channel authentication module realizes unified identity authentication, unified authorization, token issuance, session management and authority control on the channel through various authentication modes. In addition, other authentication centers can be integrated to further extend the authentication mode.
In the aspect of identity authentication, identity authorization verification is carried out on the accessed channels according to the preset specification of the all-channel access service gateway, and the failed channels can be blocked in response to the fact that the identity authorization verification is failed, namely the channels which are failed to be verified are not allowed to be accessed. In particular, the information for performing the identity authorization check may include: channel account number, channel identification ID information and channel current state, wherein the channel account number refers to a unique identifier used by channels in a marketing service system, and each channel account number corresponds to one channel and can be used for distinguishing different channels similar to a user name; the binding identifier ID information is information used by the marketing service system to identify and verify the identity of the channel, for example, when the identity verification is required, the marketing service system generates a binding identifier ID information consisting of a series of numbers or characters for the channel, and when the channel is accessed to the marketing system, the correct binding identifier ID information needs to be provided so that the marketing system verifies the authenticity of the identity; the current state of the channel refers to the activity state of the channel in the marketing service system, and the marketing system can perform identity authentication on the channel according to the current state of the channel, for example, disable a certain channel and not pass the identity authentication on the disabled channel.
In the aspect of channel authentication, authority control is carried out on channel service, and after the channel is responded, the channel without access authority is prevented from calling a channel service interface.
Referring to fig. 2, in some implementations of the application, the all channel access service gateway further includes: service remediation module 105.
The service management module 105 is used for collecting an interface call log of the channel service interface and analyzing the interface call log to generate an analysis result; the channel service interface is also used for fusing the channel service interface when the channel service interface is unavailable or the response time exceeds a preset threshold value; and the method is also used for recovering the calling link of the channel service interface when the fused channel service interface is recovered to be normal.
In the embodiment of the application, on one hand, the collected call log of the interface is analyzed, valuable information such as the call condition of the interface, the request time, the request times, the return data of the interface and the like is extracted from the log, and the analyzed information can be used for monitoring the call condition of the interface, positioning the problem of the interface and the like, so that basis is provided for the optimization of the service interface of the subsequent channel. On the other hand, the channel service interface is led into a fusing state by introducing a fusing mechanism, so that the interface response time is prevented from being increased due to blocking caused by abnormal channel service interfaces, the processing efficiency of the all-channel access gateway is further improved, and the stability and the dependability of the marketing service system are improved.
In some implementations of the embodiments of the present application, the service management module may also be configured to control the number of threads concurrently accessed by the channel, so as to protect system resources from being excessively occupied by the control of the number of concurrent threads of the channel, and avoid the increase in delay caused by thread congestion. In addition, the method can be used for acquiring a service flow limiting strategy, and realizing single-machine flow limiting or distributed flow limiting according to the service flow limiting strategy, so that the service is protected from being attacked by the flow, and the system stability is ensured.
Referring to fig. 3, in some implementations of embodiments of the application, the full channel access management application 20 includes: a service authorization management module 201, a flow restriction configuration management module 202, and a channel traffic monitoring module 203.
The service authorization management module 201 is configured to perform authorization management on the channel service invoked through the channel service interface and the service data returned by the channel service.
In the embodiment of the application, the channel authorization management module can manage the access rights of the channel service according to the rules preset by the marketing service system, only authorize the channel service which allows the channel access, and not allow the channel access to the channel service which is not authorized. The method can also authorize the service data returned by the channel service and can individually control the return data of the channel service, wherein the return data can be null value, original value or desensitization value, and the purpose is to protect the return data from being seen by the channel and avoid the network security problem caused by the leakage of the return data.
The flow limiting configuration management module 202 is used for monitoring the real-time access flow condition of the channel service; the system is also used for acquiring a service flow limiting strategy of the marketing service system and limiting the channel service according to the service flow limiting strategy;
in the embodiment of the application, the access flow can refer to the total number of requests received by the channel service in a certain period of time, can be used for reflecting the access pressure and the service condition of the current channel service, can be used as an index for judging the channel load condition, can check the flow condition of the channel service by monitoring the real-time access flow so as to provide reference for the optimization of the subsequent channel service, and can also analyze the shortage of the channel service so as to improve the utilization rate of the channel service.
In the embodiment of the application, the service flow limiting strategy refers to a flow limiting rule set by a marketing service system for channel service, and is used for controlling the access flow of the channel service and ensuring the reliability and stability of the service. For example, limiting the number of accesses to a certain channel service per channel, preventing excessive access traffic from causing excessive pressure on the channel service; limiting the request frequency of each channel to a certain channel service, and preventing the too fast request frequency from affecting the service. The channel services are limited according to the service limiting policy, and when the access flow or the request frequency of the channel services reaches the limiting threshold, the system automatically limits the channel services, such as refusing the request or delaying the response. Thus, the access flow of the channel service can be effectively controlled, and the stable operation of the channel service is ensured.
The channel business monitoring module 203 is configured to monitor channel access abnormality and channel service abnormality, and alarm when channel access abnormality or channel service abnormality occurs; and the system is also used for monitoring abnormal transmission of the business file and alarming when abnormal transmission occurs.
Wherein the channel service anomalies include: the channel service interface calls the abnormality and the channel service access abnormality, and the business file is generated by the channel through the channel service.
In the embodiment of the application, the channel access abnormality may refer to channel no access or channel access frequency abnormality; the abnormal call of the channel service interface can refer to that the timeout rate or failure rate of the call of the channel service interface reaches a specified threshold; channel service access anomalies may refer to simulating channel timing to give up access to the channel service for a specified threshold number of consecutive access failures.
In the embodiment of the present application, the service file is a related file generated by a channel handling service through a channel service, and the abnormal transmission of the service file may specifically include: abnormal sending, abnormal feedback and abnormal receiving, wherein the abnormal sending can refer to that the service file cannot be successfully sent due to network faults and other reasons in the transmission process; abnormal feedback may refer to the situation that the marketing service system cannot properly process and return abnormal information after receiving the business file, for example, the business file format is wrong or a necessary field is lacking; abnormal reception may refer to a situation in which a channel cannot properly process and return abnormal information after receiving feedback information of a marketing service system. For example, feedback information returned from the channel cannot be resolved correctly by the marketing service system. The channel business monitoring module provides a guarantee for the continuous operation of channel services by monitoring and guaranteeing the normal use of channels or channel services.
In addition, the channel business monitoring module can be used for monitoring the channel account checking business and the channel deduction business, and alarming when the account checking or the deduction is failed, so that the supervision organization can timely find out and take corresponding measures to avoid economic loss. The channel business monitoring module can also be used for monitoring channels with the quantity of single accounts or the single account occupation ratio higher than a preset threshold value, so that business hidden dangers can be found in time, and the channel transaction safety is better ensured.
Referring to fig. 3, in some implementations of the embodiments of the present application, the full channel access management application further includes: channel services management module 204.
A channel service management module 204, configured to manage registration information of a channel service and interface parameters of a channel service interface; and the system is also used for carrying out arrangement simulation on the channel service, generating service arrangement simulation configuration information and carrying out joint debugging test on the channel service interface according to the service arrangement simulation configuration information.
Wherein the registration information includes: interface code, interface name, interface mode, interface provider, interface caller and service address. Specifically, the registration information can be used for identifying the channel service, specifically, the interface code can be used for identifying the channel service, so that the channel service can be conveniently searched; the interface name can be used for knowing the function and effect of the channel service, so that the channel service is convenient to use; the interface mode can be used for positioning specific functions which can be provided by certain channel services for channels; the interface provider and the interface caller can be used for identifying the identity of the interface provider and the identity of the caller, so that the subsequent interface maintenance and debugging can be conveniently carried out; the service address can be used for facilitating the call of the channel service and ensuring the timeliness of the channel service.
In the embodiment of the application, managing channel service interface parameters can be understood as maintaining parameter entering, parameter exiting and message examples of the channel service interface, wherein parameter entering refers to input parameters of the interface when the channel service interface is called; the parameter outputting refers to the output parameters of the interface after the channel service interface is called; the message examples refer to message examples sent and received by the interface when the channel service interface is called.
In the embodiment of the application, the channel service is simulated by arranging and simulating the channel service, and the service arrangement simulation configuration information is generated so as to prepare for channel service interface joint debugging test. The channel service joint debugging test can be carried out under the condition that an actual channel is not configured through the channel service management module, so that the availability of a channel service interface is ensured, and the channel service quality is improved.
In some implementations of the embodiments of the present application, the channel service management module may also be configured to maintain a mapping relationship between a channel service and a calling service, so as to support adaptive access of an original service. The channel service management module can also be used for generating a multidimensional configuration flow access strategy, providing the multidimensional configuration flow access strategy aiming at channels, applications, users, channel services, IP addresses and the like, and supporting and maintaining the optimization of the performance of the all-channel access gateway, and improving the service quality.
Referring to fig. 3, in some implementations of the application, a full channel access management application includes: channel access management module 205.
The channel access management module 205 is configured to obtain and manage application information, payment information, and deduction account information of a channel.
The application information comprises: application code, application name, application type, deployment style, deployment location, and application description, the payment information includes: payment channel number, payment channel name, channel status, and channel type, the deduction account information includes: merchant number, account number, and payment channel name. It should be noted that, the merchant number refers to a string of character strings allocated to the merchant by a payment mechanism or a bank in the electric power payment field, for uniquely identifying the identity of the merchant; the account number refers to a string of characters assigned to the customer by a bank or financial institution for uniquely identifying the customer; briefly, the merchant is used to identify the merchant identity and the account number is used to identify the customer identity.
In the embodiment of the application, the channel access management module is responsible for managing channel related information of each channel, including application information, payment information and deduction account information. And according to the channel related information of the different channels, ensuring the normal operation and payment safety of the channels.
In some implementations of the present application, a specific application architecture of the full channel access service gateway may be as shown in fig. 4, where the full channel access service gateway may further include a protocol conversion module, a file service module, a pass through service module, and an SDK component module, based on the one shown in fig. 2.
And the protocol conversion module is used for converting the communication protocol or the data protocol of the channel into a target communication protocol or a target data protocol so as to provide a unified channel access standard. The target communication protocol or the target data protocol is set based on the own requirement of the marketing service system, namely different communication protocols or data protocols are integrated according to the appointed channel access standard, the data transmission mode of the channel is unified, and the usability of the marketing service system is improved.
And the file service module is used for uploading or downloading the disc-out file, the disc-returning file and the account checking file. The outgoing file is used for recording external expenditure data, the return file is used for recording feedback result data of external expenditure, and the reconciliation file is used for recording bill data generated in the outgoing and return flow, in a specific implementation manner, the file service module can integrate the FTP service, and the functions of uploading file slices and downloading the file slices are realized, so that the file uploading and downloading performance is improved.
And the penetration service module is used for sending the channel access file or the channel access data in the information intranet to the information intranet through the isolation equipment. In the marketing service system, channel access files or channel access files need to enter an information intranet through isolation equipment, and the penetration service module has the functions of traditionally isolating the channel access files and the channel access data and callback service or receiving the files from the isolation equipment so as to meet the bidirectional interaction requirement.
The SDK component module includes: the client access component, the security encryption and decryption component and the proxy forwarding component are connected through the SDK component module, so that different access requirements can be met through the providing component. The SDK component is used as a software development kit and is mainly used for providing functions of interface calling, data encryption and decryption, network communication and the like for a third party developer, so that the developer can conveniently integrate and use the SDK component in application of the SDK component. The SDK assembly module comprises a client access assembly, a security encryption and decryption assembly and a proxy forwarding assembly, wherein the client access assembly mainly has the function of realizing communication between a client and a server and providing an interface calling capability for a developer. The client access assembly uses RESTful API technology to support HTTP and HTTPS protocols, and can easily realize data transmission and request response. The main function of the safety encryption and decryption component is to provide encryption and decryption services for data so as to ensure the safety of the data in the transmission process. The main function of the proxy forwarding component is to realize the forwarding service of the proxy server, so that the problems of partial network, such as network proxy, firewall and the like, can be solved. The components communicate by using HTTP and HTTPS protocols, support TCP/IP and SSL protocols and the like, and can transmit data under different network environments. The three components together form the SDK component module, different access requirements can be met, and the SDK component module can be conveniently integrated into various application programs by providing the components, so that stable, safe and efficient interface calling service is provided.
In some implementations of the present application, on the basis of the illustration shown in fig. 3, a specific application architecture of the full channel access management application may be as shown in fig. 5, and the full channel access management application may further include a terminal application management module, which is specifically as follows:
the terminal application management module is used for realizing the following functions: establishing a terminal group and providing a modification function of the terminal group; configuring parameter information of a terminal to generate a function customization task; modifying the parameter information of the terminal with abnormal parameter information or parameter information needing to be changed, and setting configuration information through the self-service charging terminal or the POS terminal to generate an operation parameter configuration task; managing a software version used by the terminal; and formulating a time setting task for the terminal.
In an embodiment of the present application, a network architecture of a full channel access gateway includes: management information district, internet district and private line access district, private line access district includes: an internet private line access area and an intranet private line access area.
In the embodiment of the application, the full channel access service gateway and the full channel access management application are deployed in the management information area, and the full channel access service gateway is pre-deployed in the private line access area and the Internet area.
Specifically, the management information area is deployed in an information intranet and used for ensuring network information security in the marketing service system. The internet large area and the private line access area are deployed in the information external network, wherein the internet large area adopts the internet and related network technology to realize the access of the channel to the marketing service system, and the private line access area adopts the private line access technology to realize the channel access. In addition, the main channels of access in the Internet large area are Internet APP and online self-established channels including WeChat public numbers and Payment personal life numbers, the main channels of access in the Internet private line access area are government channels including government affair platforms, and the main channels of access in the Internet private line access area are third party socialization channels including banks, payment personal and WeChat.
In the embodiment of the application, a physical isolation device is adopted between the management information large area and the Internet large area for safety protection, and a firewall is adopted between the management information large area and the private line access area for safety protection.
Specifically, the physical isolation device may also be referred to as a strong isolation device, which is a device that physically isolates a network. Typically through switches, routers, etc. A firewall is a network security device implemented in software or hardware. The two are different in that the physical isolation device is mainly used for isolating the network by physical means, and the firewall is used for monitoring and filtering the network data flow by software or hardware so as to prevent malicious attack and illegal access. In view of the higher network security requirement between the Internet large area and the management information large area, the strong isolation device with higher security coefficient is used for physical isolation, and the strong isolation device can also be called a physical isolation device, only supports unidirectional transmission of data, and can effectively cut off the connection of illegal access information intranet.
In the embodiment of the application, the management information large area is used for deploying platform micro services, cloud platform components and platform management interfaces based on the Arian platform. Wherein the platform micro-service comprises: full channel management application micro-service, intranet and extranet penetration micro-service and full channel access service gateway micro-service, the cloud platform assembly comprises: message queues, management information large area cache service, database and log library.
The Internet large area deploys all-channel access gateway micro-service, intranet and extranet penetration micro-service and Internet large area cache service.
The private line access area deploys all-channel access gateway micro-service and private line access area caching service.
Specifically, the platform micro-service is composed of a full-channel management application micro-service, an intranet-extranet penetration micro-service and a full-channel access network gateway micro-service, and a complete information management platform is formed by the three micro-services so as to meet channel management requirements, wherein the full-channel management application micro-service is mainly responsible for managing information data of all channels, the intranet-extranet penetration micro-service is responsible for realizing interaction between an internal network and an external network of a marketing service system, and the full-channel access service gateway micro-service is used as an entrance of various channels to realize channel access.
The cloud platform component is a cloud platform component on which the running of the platform micro-services depends, and mainly comprises a message queue, a cache service, a database and a log library, wherein the message queue is mainly used for coordinating the message transmission among the platform micro-services so that the micro-services can run efficiently and stably; the management information large area cache service refers to a remote dictionary service (Remote DictionaryServer, redis) cache service on which the management information large area runs; the database is used for storing data with large data volume, such as channel information, and the log database is mainly used for ensuring log record of the whole platform so as to facilitate subsequent monitoring and improvement.
The platform management interface adopts the nginx as a WEB server, provides a simple and easy-to-use management interface, and can be used for checking and managing the information state of each channel.
The Internet large area cache service and the private line access area cache service are Redis cache services which are depended on the operation of the Internet large area or the private line access area respectively.
Referring to fig. 6, in the implementation of the technical architecture of the all-channel access gateway, according to the componentized and dynamic software technology, a uniform sharable data model is utilized, and a multi-layer technical architecture design is implemented by a tapping layer, an application layer, a service layer, a data layer, a public service layer and a basic setting layer in the technical architecture, specifically:
Access layer: and providing access service for the channel so as to realize the interaction of the marketing service system and the external channel. Mainly realized by RESTful, socket, webService, tuxedo and other technologies. Specifically, the channel access request of the external channel is forwarded to the service layer for processing, and meanwhile, the response result of the service layer is returned to the channel, so that the channel is accessed to the full channel access gateway, and the subsequent channel is accessed to the marketing service center in the marketing service system. Through the access layer, the channel may invoke various channel services provided by the marketing services system.
Application layer: consists of interactive friendly management application components. The technology of html, css, javascript, jsp, vue and the like is mainly adopted to realize the full channel access management application. Specifically, the application layer is mainly responsible for managing the front-end interface of channel access, including aspects of interface design, use, interaction and the like, and provides a friendly operation interface and good user experience for users. The application layer also includes business logic that passes the interface call request to the service layer for processing and returns the processing results to the channel so that the channel calls the channel service through the channel service interface.
Service layer: as a core part of the full channel access gateway, for providing channel services for channels. And supporting the response to the request sent by the application layer and the access layer by deploying the service logic component to complete the service processing of two parts of channel service calling and channel access management. Mainly adopts JavaEE, spring-boot, redis, log j and other technologies to realize. The system comprises business logic of the system, channel access requests and service interface calling requests of channels are converted into processing procedures conforming to the business logic through a service layer, and then processing results are returned to an application layer or an access layer.
Data layer: the system consists of a model component and a data access component for providing data support for a service layer. The data access mode is JDBC adapter, JNDI, redis, FTP. The method is mainly responsible for storing and managing data, including operations such as adding, deleting, checking and the like. Through the data layer, the service layer can conveniently acquire the required data and perform corresponding service processing.
Public service layer: the public service layer is a component based on a development platform and is used for realizing public services such as cache management, task management, log management, a registration center, a configuration center, a message queue, distributed transactions, exception management and the like. The system is mainly responsible for managing public services and public resources in the system and providing unified service and resource management for each layer.
Infrastructure layer: the infrastructure layer is an infrastructure component supporting the operation of the whole system and is used for supporting a marketing service system operation network environment, a software environment and hardware resources, wherein the network environment can comprise a network topology structure, network equipment, a network protocol and the like and provides basic support for network communication and data transmission; the software environment may include an operating system, an application server, a Web server, etc. for providing a runtime environment and basic services; the hardware resources may include servers, storage devices, backup devices, etc., providing basic resource support for data storage and computing capabilities, etc.
In the technical architecture of the all-channel access gateway shown in fig. 6, the all-channel access gateway includes an access layer, an application layer, a service layer, a data layer, a public service layer and a basic setting layer, and each layer has different functions and technical implementation manners. The technical architecture realizes the design of a multi-layer technical system through componentized and dynamic software technology and a consistent sharable data model. The technical architecture can provide access service, channel service and other functions for channels, support the operation of the all-channel gateway on different network environments, software environments and hardware resources, and provide friendly user interfaces and good interactive experience.
Finally, it should also be noted that in embodiments of the present application, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A full channel access gateway for use in a marketing services system, the full channel access gateway comprising: a full channel access service gateway and a full channel access management application;
the full channel access service gateway is used for providing a unified access entrance for channels through the front end of the full channel access gateway and sending a channel authentication request to the full channel access management application based on the accessed channels;
the full channel access management application is used for receiving the channel authentication request, carrying out channel authentication on the channel to generate an authentication result, and sending the authentication result to the full channel access service gateway;
The all-channel access service gateway is further configured to receive the authentication result, and when the authentication result is that the channel is authenticated, access the channel to a marketing service center in the marketing service system.
2. The method of claim 1, wherein the full channel access service gateway comprises: channel access module, channel calling module and encryption and decryption module;
the channel access module is used for receiving a channel access request sent by the channel and providing a channel access function for the channel by deploying RESTful service, socket service, webservice service and Tuxedo service;
the channel calling module is used for receiving a service interface calling request sent by the channel and providing a calling function of a channel service interface for the channel by deploying the RESTful service, the Socket service, the Webservice service and the Tuxedo service;
the encryption and decryption module is used for acquiring the channel access request, carrying out encryption and decryption processing on the channel access request, and sending the processed channel access request to the channel access module; and the channel calling module is also used for acquiring the service interface calling request, carrying out encryption and decryption processing on the service interface calling request and sending the processed service interface calling request to the channel calling module.
3. The all channel access gateway of claim 2, wherein the all channel access service gateway further comprises: a channel authentication module;
the channel authentication module is configured to perform access authentication on the channel, where the access authentication includes: authorization code authentication, client authentication, and password authentication; the method is also used for acquiring identity verification information of the channel and carrying out identity authentication on the channel according to the identity verification information, and the identity verification information comprises the following steps: channel account number, binding identification ID information and channel current state; and the channel service authentication module is also used for carrying out channel service authentication on the channel when the channel calls the channel service interface.
4. The all channel access gateway of claim 2, wherein the all channel access service gateway further comprises: a service management module;
the service management module is used for collecting an interface call log of the channel service interface and analyzing the interface call log to generate an analysis result; the channel service interface is used for fusing the channel service interface when the channel service interface is unavailable or the response time exceeds a preset threshold; and the method is also used for recovering the calling link of the channel service interface when the fused channel service interface is recovered to be normal.
5. The all channel access gateway of claim 2, wherein the all channel access management application comprises: the system comprises a service authorization management module, a flow limiting configuration management module and a channel service monitoring module;
the service authorization management module is used for carrying out authorization management on channel services called through the channel service interface and service data returned by the channel services;
the flow limiting configuration management module is used for monitoring the real-time access flow condition of the channel service; the system is also used for acquiring a service flow limiting strategy of the marketing service system and limiting the channel service according to the service flow limiting strategy;
the channel business monitoring module is used for monitoring channel access abnormality and channel service abnormality and alarming when the channel access abnormality or the channel service abnormality occurs, and the channel service abnormality comprises: the channel service interface calls the abnormality and the channel service accesses the abnormality; the system is also used for monitoring abnormal transmission of the business file and giving the alarm when the abnormal transmission occurs, wherein the business file is generated when the channel transacts business through the channel service.
6. The all channel access gateway of claim 5, wherein the all channel access management application further comprises: a channel service management module;
the channel service management module is used for managing the registration information of the channel service and the interface parameters of the channel service interface; the method is also used for carrying out arrangement simulation on the channel service, generating service arrangement simulation configuration information and carrying out joint debugging test on the channel service interface according to the service arrangement simulation configuration information, and the registration information comprises: interface code, interface name, interface mode, interface provider, interface caller and service address.
7. The all channel access gateway of claim 1, wherein the all channel access management application comprises: a channel access management module;
the channel access management module is used for managing application information, payment information and deduction account information of the channel, and the application information comprises: application code, application name, application type, deployment style, deployment location and application description, the payment information comprises: payment channel number, payment channel name, channel status, and channel type, the deduction account information includes: merchant number, account number and the payment channel name.
8. The all channel access gateway of claim 1, wherein the network architecture of the all channel access gateway comprises: an Internet large area, a management information large area and a private line access area;
the all-channel access service gateway and the all-channel access management application are deployed in the management information area, and the all-channel access gateway is deployed in the private line access area and the Internet area in advance.
9. The full channel access gateway of claim 8, wherein a physical isolation device is used for security protection between the management information area and the internet area, and a firewall is used for security protection between the management information area and the private line access area.
10. The full channel access gateway of claim 8, wherein;
the management information large area deploys a platform micro service, a cloud platform component and a platform management interface based on an Arian platform, wherein the platform micro service comprises: the cloud platform assembly comprises a message queue, a management information large-area cache service, a database and a log library;
The Internet large area deploys the all-channel access gateway micro-service, the intranet and extranet penetration micro-service and the Internet large area cache service;
and the private line access area deploys the all-channel access gateway micro service and the private line access area cache service.
CN202310370296.5A 2023-04-07 2023-04-07 All-channel access gateway Pending CN116633725A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310370296.5A CN116633725A (en) 2023-04-07 2023-04-07 All-channel access gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310370296.5A CN116633725A (en) 2023-04-07 2023-04-07 All-channel access gateway

Publications (1)

Publication Number Publication Date
CN116633725A true CN116633725A (en) 2023-08-22

Family

ID=87590919

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310370296.5A Pending CN116633725A (en) 2023-04-07 2023-04-07 All-channel access gateway

Country Status (1)

Country Link
CN (1) CN116633725A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117689499A (en) * 2024-02-01 2024-03-12 云南电网有限责任公司信息中心 Middle-long time sharing accounting method and system for electric quantity of power grid

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117689499A (en) * 2024-02-01 2024-03-12 云南电网有限责任公司信息中心 Middle-long time sharing accounting method and system for electric quantity of power grid
CN117689499B (en) * 2024-02-01 2024-04-12 云南电网有限责任公司信息中心 Middle-long time sharing accounting method and system for electric quantity of power grid

Similar Documents

Publication Publication Date Title
CN101438255B (en) Network and application attack protection based on application layer message inspection
CN108234653A (en) A kind of method and device of processing business request
US20050188080A1 (en) Methods, systems and computer program products for monitoring user access for a server application
US20050188079A1 (en) Methods, systems and computer program products for monitoring usage of a server application
CN112073400A (en) Access control method, system and device and computing equipment
US20050188221A1 (en) Methods, systems and computer program products for monitoring a server application
US20050187934A1 (en) Methods, systems and computer program products for geography and time monitoring of a server application user
CN108390881A (en) A kind of distribution high concurrent real-time messages method for pushing and system
CN112149105A (en) Data processing system, method, related device and storage medium
WO2005069823A2 (en) Centralized transactional security audit for enterprise systems
CN107493291A (en) A kind of identity identifying method and device based on safety element SE
CN112235266B (en) Data processing method, device, equipment and storage medium
CN112468481A (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN111314381A (en) Safety isolation gateway
CN110198297A (en) Data on flows monitoring method, device, electronic equipment and computer-readable medium
CN110971622A (en) Bidirectional access method and system between public network application system and intranet application system
KR20200074474A (en) Data storage method using block chain based IoT platform
CN115118705A (en) Industrial edge management and control platform based on micro-service
US11468189B1 (en) Method, system, apparatus and device for data exchange
CN112862487A (en) Digital certificate authentication method, equipment and storage medium
CN116633725A (en) All-channel access gateway
US20230244797A1 (en) Data processing method and apparatus, electronic device, and medium
Wang et al. A framework for formal analysis of privacy on SSO protocols
CN108881484A (en) A method of whether detection terminal can access internet
US11568069B1 (en) Data security protection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination