CN117061238A

CN117061238A - Service request processing method, device, computer equipment and storage medium

Info

Publication number: CN117061238A
Application number: CN202311271276.9A
Authority: CN
Inventors: 王慧杰; 罗涛; 赵海强
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2023-09-28
Filing date: 2023-09-28
Publication date: 2023-11-14

Abstract

The application relates to a service request processing method, a device, computer equipment and a storage medium, relates to the technical field of computers, and can be applied to the financial field or other technical fields. The method comprises the following steps: determining a target check rule from all candidate check rules issued by the application gateway, processing the service content and a first timestamp of the acquired service content according to the target check rule to obtain request check data, generating a service request according to the request check data, request check version information corresponding to the target check rule and the service content, and sending the service request to the application gateway so that the application gateway can perform security check on the service content according to the request check data and the request check version information, and sending the service content to the application server for processing under the condition that the security check is passed. By adopting the method, the service request can be flexibly and safely checked.

Description

Service request processing method, device, computer equipment and storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a service request processing method, apparatus, computer device, and storage medium, which can be applied to the financial field or other technical fields.

Background

The security of network transmission is an important factor that must be considered in the process of informatization in the financial industry, and therefore, in order to ensure the security of network transmission, a security check needs to be performed on a service processing request.

At present, a terminal generally adopts a fixed key to encrypt a service request to be transmitted, and a server adopts a corresponding key to decrypt the encrypted service request to realize the security check of the service request, thereby ensuring that the service request is not tampered in the transmission process.

However, with the current service request processing method, flexible verification of the service request cannot be realized through a fixed encryption and decryption mode.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a service request processing method, apparatus, computer device, and storage medium, which are capable of flexibly performing security check on a service request.

In a first aspect, the present application provides a service request processing method, which is applied to a terminal. The method comprises the following steps:

determining a target check rule from all candidate check rules issued by the application gateway;

processing the service content and the first time stamp for acquiring the service content according to the target verification rule to obtain request verification data;

Generating a service request according to the request verification data, the request verification version information corresponding to the target verification rule and the service content;

and sending a service request to the application gateway so that the application gateway performs security check on the service content according to the request check data and the request check version information, and sending the service content to the application server for processing under the condition that the security check is passed.

In one embodiment, processing the service content and the first timestamp of the acquired service content according to the target verification rule to obtain the request verification data includes:

extracting a target character string from service contents according to the appointed position information in the target verification rule; splicing the target character string, the first timestamp of the service content and the check character string to obtain a first initial check parameter; carrying out hash processing on the first initial inspection parameter by adopting a specified hash algorithm in the target verification rule to obtain a first security parameter; the first timestamp and the first security parameter are used as request verification data.

In one embodiment, determining the target verification rule from the candidate verification rules issued by the application gateway includes:

Determining a target check rule from the candidate check rules according to the issuing time of the candidate check rules issued by the application gateway; or determining the target check rule from the candidate check rules issued by the application gateway according to the service content.

In a second aspect, the present application provides a service request processing method, which is applied to an application gateway. The method comprises the following steps:

acquiring a service request sent by a terminal; the service request comprises service content, request verification data and request verification version information;

determining a target check rule from the candidate check rules according to the request check version information;

verifying the security of the service content according to the target verification rule and the request verification data;

and sending the business content to an application server for processing under the condition that the security check of the business content is passed.

In one embodiment, the request verification data includes a first timestamp of the service content acquired by the terminal; verifying the security of the service content according to the target verification rule and the request verification data, including:

acquiring a second timestamp of the received service request; determining a time difference between the first time stamp and the second time stamp; and if the time difference is smaller than the time threshold, verifying the safety of the service content according to the target verification rule and the first time stamp.

In one embodiment, the request verification data further includes a first security parameter; and verifying the security of the service content according to the target verification rule and the first timestamp, wherein the method comprises the following steps:

processing the business content and the first timestamp according to the target verification rule to obtain a second security parameter; and verifying the security of the business content according to the second security parameter and the first security parameter.

In one embodiment, processing the service content and the first timestamp according to the target verification rule to obtain the second security parameter includes:

extracting a target character string from service contents according to the appointed position information in the target verification rule; splicing the target character string, the first time stamp of the business content and the check character string to obtain a second initial check parameter; and carrying out hash processing on the second initial inspection parameter by adopting a specified hash algorithm in the target verification rule to obtain a second security parameter.

In one embodiment, verifying the security of the service content according to the second security parameter and the first security parameter includes:

consistency comparison is carried out on the second safety parameter and the first safety parameter; if the consistency comparison result is consistent, determining that the security check of the service content passes; if the consistency comparison result is inconsistent, determining that the security check of the service content is not passed.

In a third aspect, the application further provides a service request processing device. The device comprises:

the first rule determining module is used for determining a target check rule from all candidate check rules issued by the application gateway;

the data generation module is used for processing the service content and the first time stamp for acquiring the service content according to the target verification rule to obtain request verification data;

the request generation module is used for generating a service request according to the request verification data, the request verification version information corresponding to the target verification rule and the service content;

the request sending module is used for sending a service request to the application gateway so that the application gateway can carry out security check on the service content according to the request check data and the request check version information, and sends the service content to the application server for processing under the condition that the security check is passed.

In a fourth aspect, the application further provides a service request processing device. The device comprises:

the request acquisition module is used for acquiring a service request sent by the terminal; the service request comprises service content, request verification data and request verification version information;

the second rule determining module is used for determining a target check rule from the candidate check rules according to the request check version information;

The business verification module is used for verifying the safety of business content according to the target verification rule and the request verification data;

and the service sending module is used for sending the service content to the application server for processing under the condition that the security check of the service content is passed.

In a fifth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a sixth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a seventh aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In an eighth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a ninth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

In a tenth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

According to the service request processing method, the device, the computer equipment and the storage medium, the terminal processes the service content and the first timestamp for obtaining the service content according to the target verification rule to obtain request verification data, so as to generate a service request and send the service request to the application gateway; and the application gateway performs security check on the service content according to the request check data and the request check version information, and sends the service content to the application server for processing under the condition that the security check is passed. Compared with the prior art, the method and the device adopt a fixed encryption and decryption mode to carry out security verification on the service request, on one hand, the flexibility of service content processing and the suitability of the target verification rule and the service content can be ensured by determining the target verification rule from the candidate verification rules; on the other hand, through the interaction between the terminal and the application gateway, the effects of relieving the pressure of the server for processing the service request and ensuring the stability and the safety of the server can be achieved under the condition that the service request can be safely checked.

Drawings

FIG. 1 is an application environment diagram of a service request processing method in one embodiment;

FIG. 2 is a flow diagram of a method for processing a service request in one embodiment;

FIG. 3 is a flow diagram of generating request verification data in one embodiment;

FIG. 4 is a flow chart of a method for processing a service request according to another embodiment;

FIG. 5 is a flow diagram of security verification in one embodiment;

FIG. 6 is a flow chart of a security check in another embodiment;

FIG. 7 is a signaling diagram of a method of processing a service request in one embodiment;

FIG. 8 is a block diagram of a service request processing device in one embodiment;

fig. 9 is a block diagram of a service request processing apparatus in another embodiment;

fig. 10 is a block diagram showing the construction of a service request processing apparatus in yet another embodiment;

FIG. 11 is an internal block diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

The service request processing method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Wherein the terminal 102 communicates with the application gateway 104 via a network. The data storage system may store data that application gateway 104 needs to process. For example, data corresponding to the candidate verification rule. The data storage system may be integrated on application gateway 104 or may be located on the cloud or other network server. For example, the terminal 102 determines a target verification rule from the candidate verification rules issued by the application gateway 104, processes the service content and the first timestamp of the acquired service content according to the target verification rule to obtain request verification data, and generates a service request according to the request verification data, the request verification version information corresponding to the target verification rule, and the service content; then, a service request is sent to the application gateway 104, so that the application gateway 104 performs security verification on the service content according to the request verification data and the request verification version information, and sends the service content to the application server 106 for processing if the security verification passes. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and internet of things devices.

Based on this, in one embodiment, as shown in fig. 2, a service request processing method is provided, and an example in which the method is applied to the terminal in fig. 1 is described. Alternatively, the method may be performed by a terminal, in particular by an application client provided by an application server in the terminal, in particular comprising the steps of:

s201, determining a target check rule from all candidate check rules issued by the application gateway.

Wherein, the check rule refers to a mode for processing business content; the candidate check rules refer to all check rules stored in the terminal; the target check rule refers to a check rule selected from the candidate check rules.

Optionally, the user may input specific content of the service through an application client embedded in the terminal, and click a submit button on the application client; at this time, it may be determined that the user has a service processing requirement, and then a target verification rule is determined from the candidate verification rules issued by the application gateway.

For example, in order to enable flexible processing of a service request to be sent in a terminal, a plurality of candidate verification rules may be sent to the terminal through an application gateway; then, a target check rule is determined from the candidate check rules. For example, one candidate verification rule may be randomly selected from among the candidate verification rules as the target verification rule.

It may be appreciated that, in order to ensure the novelty of the target verification rule, the target verification rule may also be determined from the candidate verification rules according to the issuing time of each candidate verification rule issued by the application gateway. For example, according to the issuing time of each candidate verification rule issued by the application gateway, the candidate verification rule with the latest issuing time may be selected from the candidate verification rules as the target verification rule.

Or, in order to ensure the suitability between the target verification rule and the service content, the target verification rule may be determined from the candidate verification rules issued by the application gateway according to the service content. For example, a candidate verification rule matching the data format of the service memory may be selected from the candidate verification rules as the target verification rule according to the data format of the service content.

S202, processing the service content and the first time stamp for acquiring the service content according to the target verification rule to obtain request verification data.

The service content refers to specific content related to the service in the process of sending a request to the application gateway. The first timestamp refers to the time when the terminal acquires the service content; the request check data refers to a string for verifying whether the service contents are tampered with.

Optionally, the user can also acquire service content while determining that the user has service processing requirements, namely, the specific content of the service input by the user is used as the service content; at the same time, the time when the user submits the business content can be used as the first time stamp.

Further, after determining the target verification rule, training based on the target verification rule to obtain a data generation model; then, the business content and the first time stamp for acquiring the business content are input into a data generation model, and the data generation model generates request verification data according to the business content, the first time stamp and the model parameters.

S203, generating a service request according to the request verification data, the request verification version information corresponding to the target verification rule and the service content.

The identifier corresponding to the verification rule, for example, the version number corresponding to the verification rule, is referred to by the request verification version information; a service request refers to a request sent to an application gateway.

Optionally, the request verification data, the request verification version information corresponding to the target verification rule and the service content may be processed according to a preset processing manner, so as to generate the service request. For example, the request verification data, the request verification version information corresponding to the target verification rule and the service content may be directly spliced according to the format of "the service content-the request verification data-the request verification version information corresponding to the target verification rule", and the character string obtained after the splicing is used as the service request.

S204, sending a service request to the application gateway so that the application gateway performs security check on the service content according to the request check data and the request check version information, and sending the service content to the application server for processing under the condition that the security check is passed.

Optionally, after obtaining the service request, the service request needs to be sent to the application gateway. And the application gateway performs security verification on the service content in the service request according to the request verification data and the request verification version information in the service request. Further, if the security check is passed, the application gateway can send the service content to the application server for service processing; if the security check is not passed, the application gateway can process the service content according to the grade of the service content. For example, in the case that the service content is higher in level, the sending of the service content can be intercepted, and a prompt of processing failure is fed back to the terminal; in the case of a lower level of service content, the service content may be recorded at the application gateway as reference data for subsequent security detection after being sent to the application server.

In the service request processing method, a terminal processes service content and a first time stamp for acquiring the service content according to a target verification rule to obtain request verification data, so as to generate a service request and send the service request to an application gateway; and the application gateway performs security check on the service content according to the request check data and the request check version information, and sends the service content to the application server for processing under the condition that the security check is passed. Compared with the prior art, the method and the device adopt a fixed encryption and decryption mode to carry out security verification on the service request, on one hand, the flexibility of service content processing and the suitability of the target verification rule and the service content can be ensured by determining the target verification rule from the candidate verification rules; on the other hand, through the interaction between the terminal and the application gateway, the effects of relieving the pressure of the server for processing the service request and ensuring the stability and the safety of the server can be achieved under the condition that the service request can be safely checked.

In order to ensure the accuracy of the generation of the request check data, in this embodiment, an alternative way of generating the request check data is provided, as shown in fig. 3, and specifically includes the following steps:

S301, extracting a target character string from service contents according to the specified position information in the target verification rule.

In the embodiment of the application, the service content can be in a field form, and the designated position information can be the position information of the field in the service content.

Alternatively, the target character string may be extracted from the service content according to the specified position information. For example, the target character string can be obtained by respectively extracting and splicing partial fields from a parameter field (parameter), a header field (header), a simple field (cookies) and a text field (body) in the service content.

S302, splicing the target character string, the first time stamp of the business content and the check character string to obtain a first initial check parameter.

The check character string refers to a fixed character string stored in the terminal and the application gateway.

Alternatively, the target character string, the first timestamp of the service content, and the check character string may be spliced according to the format of "target character string-first timestamp-check character string", and the spliced character string is used as the first initial check parameter.

S303, carrying out hash processing on the first initial inspection parameter by adopting a specified hash algorithm in the target inspection rule to obtain a first security parameter.

Alternatively, in order to ensure the security of the first initial inspection parameter, a specified hash algorithm in the target inspection rule may be used to hash the first initial inspection parameter, and the character string obtained through the hash process may be used as the first security parameter.

S304, taking the first timestamp and the first security parameter as request verification data.

Optionally, in order to ensure the comprehensiveness of the request check data, after the first security parameter is obtained, the first timestamp and the first security parameter may be used as the request check data.

In this embodiment, the target verification rule is used to process the service content and the first timestamp for obtaining the service content, so that the obtained request verification data can be ensured to be more accurate.

On the basis of the foregoing embodiment, in this embodiment, another service request processing method is provided, and the method is applied to an application gateway, for example, as shown in fig. 4, and specifically includes the following steps:

s401, obtaining a service request sent by a terminal.

The service request comprises service content, request verification data and request verification version information.

Optionally, after the terminal sends the service request to the application gateway, the application gateway may directly obtain the service request.

S402, determining a target check rule from the candidate check rules according to the request check version information.

Alternatively, the target verification rule may be determined from the candidate verification rules stored in the application gateway according to the request verification version information in the service request based on the correspondence between the request verification version information and the candidate verification rules.

S403, checking the security of the service content according to the target check rule and the request check data.

Optionally, the service content can be processed by adopting a target verification rule and request verification data to obtain a character string for safety verification; the string for security verification may then be compared with the request verification data to effect security verification of the service content.

S404, when the security check of the business content is passed, the business content is sent to an application server for processing.

Optionally, in the case that the security check of the service content passes, the service content in the service request may be sent to the application server for processing; in the case that the security check of the service content is not passed, the operation of intercepting or transmitting the service content to the server according to the level of the service request may be performed.

In this embodiment, the security of the service content is verified according to the target verification rule and the request verification data, so that the accuracy of the security verification can be ensured, and the security of the server when processing the service content is further ensured.

On the basis of the foregoing embodiment, in this embodiment, the request verification data includes a first timestamp of the service content acquired by the terminal, and further, an optional method for security verification is provided, as shown in fig. 5, and specifically includes the following steps:

s501, a second timestamp of the received service request is obtained.

The second timestamp refers to a timestamp generated when the application gateway acquires the service request.

Optionally, when the application gateway acquires the service request, a corresponding second timestamp is automatically generated for the service request.

S502, determining a time difference between the first time stamp and the second time stamp.

Alternatively, the difference between the second time stamp and the first time stamp may be taken as the time difference between the first time stamp and the second time stamp.

And S503, if the time difference is smaller than the time threshold, verifying the safety of the service content according to the target verification rule and the first time stamp.

Wherein. The time threshold refers to a value used to determine whether the service request transmission time is too long.

Optionally, the time difference may be compared with a time threshold, and if the time difference is greater than the time threshold, the security check is failed; if the time difference is smaller than the time threshold, the security of the service content can be checked according to the target check rule and the first time stamp.

It can be understood that if the time difference is greater than the time threshold, it indicates that the transmission time of the service request is longer, and at this time, the possibility that the service request is attacked is greater, so the security check is failed; if the time difference is smaller than the time threshold, the transmission time of the service request is indicated to be relatively short, and at the moment, the possibility that the service request is attacked is relatively small, so that the security check can be continuously performed on the service request.

In this embodiment, a time threshold is introduced, and by comparing the time difference with the time threshold, service requests with longer transmission time can be screened out, so that the security of the application server is ensured.

In order to ensure accuracy of the security check, in this embodiment, the request check data further includes a first security parameter, and further, another alternative method of security check is provided, as shown in fig. 6, which specifically includes the following steps:

S601, processing the business content and the first timestamp according to the target verification rule to obtain a second security parameter.

Alternatively, the service content and the first timestamp may be directly input to the parameter generation model, and the parameter generation model directly outputs the second security parameter according to the service content, the first timestamp, and the model parameter.

Or extracting the target character string from the service content according to the specified position information in the target verification rule; then, splicing the target character string, the first time stamp of the business content and the check character string to obtain a second initial check parameter; and finally, carrying out hash processing on the second initial inspection parameter by adopting a specified hash algorithm in the target inspection rule to obtain a second security parameter.

Optionally, referring to step S301, the target character string may be directly extracted from the service content according to the specified position information in the target verification rule; then, referring to step S302, the target string, the first timestamp of the service content, and the check string are directly spliced to obtain a second initial check parameter; finally, referring to step S303, a specified hash algorithm in the target verification rule is used to hash the second initial verification parameter, so as to obtain a second security parameter.

S602, checking the security of the business content according to the second security parameter and the first security parameter.

Optionally, the second security parameter and the first security parameter may be subjected to consistency comparison, and if the consistency comparison result is consistent, the security verification of the service content is determined to pass; if the consistency comparison result is inconsistent, determining that the security check of the service content is not passed.

It can be understood that, because the first security parameter and the second security parameter are both obtained through the same target verification rule, if the consistency comparison of the second security parameter and the first security parameter is passed, it is indicated that the service request is not tampered in the process of being sent from the terminal to the application gateway, and at this time, the security verification of the service content can be determined to pass; if the consistency comparison of the second security parameter and the first security parameter is not passed, the service request may be tampered in the process of being sent from the terminal to the application gateway, and at this time, it may be determined that the security check of the service content is not passed.

In this embodiment, the first security parameter and the second security parameter are introduced, and the security of the service content is checked by comparing the consistency between the second security parameter and the first security parameter, so that the accuracy of security check can be ensured.

In one embodiment, an alternative example of a method for interactively implementing a service request processing method between a terminal and an application gateway is provided. In combination with the signaling interaction flow diagram of the service request processing method shown in fig. 7, the method can be specifically implemented by the following steps:

s701, the terminal determines a target check rule from all candidate check rules issued by the application gateway.

Optionally, the target verification rule may be determined from the candidate verification rules according to the issuing time of each candidate verification rule issued by the application gateway; or determining the target check rule from the candidate check rules issued by the application gateway according to the service content.

S702, the terminal processes the service content and the first time stamp for obtaining the service content according to the target verification rule to obtain the request verification data.

Alternatively, the target character string may be extracted from the service content according to the specified position information in the target verification rule; splicing the target character string, the first timestamp of the service content and the check character string to obtain a first initial check parameter; carrying out hash processing on the first initial inspection parameter by adopting a specified hash algorithm in the target verification rule to obtain a first security parameter; the first timestamp and the first security parameter are used as request verification data.

S703, the terminal generates a service request according to the request verification data, the request verification version information corresponding to the target verification rule and the service content.

S704, the terminal sends a service request to the application gateway.

S705, the application gateway determines a target check rule from the candidate check rules according to the request check version information in the service request.

S706, the application gateway checks the security of the service content according to the target check rule and the request check data in the service request.

Optionally, a second timestamp of the received service request may be obtained; determining a time difference between the first time stamp and the second time stamp; and if the time difference is smaller than the time threshold, verifying the safety of the service content according to the target verification rule and the first time stamp.

Further, the target character string can be extracted from the service content according to the specified position information in the target verification rule; splicing the target character string, the first time stamp of the business content and the check character string to obtain a second initial check parameter; carrying out hash processing on the second initial inspection parameter by adopting a specified hash algorithm in the target verification rule to obtain a second security parameter; consistency comparison is carried out on the second safety parameter and the first safety parameter; if the consistency comparison result is consistent, determining that the security check of the service content passes; if the consistency comparison result is inconsistent, determining that the security check of the service content is not passed.

And S707, the application gateway sends the business content to the application server for processing under the condition that the security check of the business content is passed.

The specific process of S701-S707 may refer to the description of the foregoing method embodiment, and the implementation principle and technical effects are similar, which are not repeated herein.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a service request processing device for realizing the service request processing method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiments of one or more service request processing devices provided below may refer to the limitation of the service request processing method hereinabove, and will not be repeated herein.

In one embodiment, as shown in fig. 8, there is provided a service request processing apparatus 1, including: a first rule determination module 110, a data generation module 120, a request generation module 130, and a request transmission module 140, wherein:

a first rule determining module 110, configured to determine a target check rule from the candidate check rules issued by the application gateway;

the data generating module 120 is configured to process the service content and the first timestamp for obtaining the service content according to the target verification rule, so as to obtain the request verification data;

the request generating module 130 is configured to generate a service request according to the request verification data, the request verification version information corresponding to the target verification rule, and the service content;

The request sending module 140 is configured to send a service request to the application gateway, so that the application gateway performs security verification on the service content according to the request verification data and the request verification version information, and sends the service content to the application server for processing if the security verification passes.

In one embodiment, the data generation module 120 is specifically configured to:

In one embodiment, the first rule determination module 110 is specifically configured to:

In one embodiment, as shown in fig. 9, there is provided another service request processing apparatus 2, including: a request acquisition module 210, a second rule determination module 220, a service verification module 230, and a service transmission module 240, wherein:

a request acquisition module 210, configured to acquire a service request sent by a terminal; the service request comprises service content, request verification data and request verification version information;

a second rule determining module 220, configured to determine a target verification rule from the candidate verification rules according to the request verification version information;

the service verification module 230 is configured to verify the security of the service content according to the target verification rule and the request verification data;

the service sending module 240 is configured to send the service content to the application server for processing if the security check of the service content passes.

In one embodiment, the request verification data includes a first timestamp that the terminal obtains the service content, as shown in fig. 10, and the service verification module 230 includes:

an acquiring unit 231 configured to acquire a second timestamp of the received service request;

a determining unit 232 for determining a time difference between the first time stamp and the second time stamp;

And the verification unit 233 is configured to verify the security of the service content according to the target verification rule and the first timestamp if the time difference is smaller than the time threshold.

In one embodiment, the request verification data further includes a first security parameter, and the verification unit 233 includes:

the first verification subunit is used for processing the business content and the first timestamp according to the target verification rule to obtain a second security parameter;

and the second verification subunit is used for verifying the security of the business content according to the second security parameter and the first security parameter.

In one embodiment, the first syndrome unit is specifically configured to:

In one embodiment, the second checking subunit is specifically configured to:

The above-described respective modules in the service request processing apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a terminal and/or an application gateway, the internal structure of which may be as shown in fig. 11. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a service request handling method. The display unit of the computer device is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in FIG. 11 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided for use in a terminal, the computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

In one embodiment, when the processor executes logic in the computer program for processing the service content and obtaining the first timestamp of the service content according to the target verification rule to obtain the request verification data, the following steps are specifically implemented:

In one embodiment, when the processor executes logic in the computer program for determining the target verification rule from each candidate verification rule issued by the application gateway, the following steps are specifically implemented:

In one embodiment, a computer device is provided for application to an application gateway, the computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

In one embodiment, the request verification data includes a first timestamp of the service content acquired by the terminal, and when the processor executes logic for verifying the security of the service content according to the target verification rule and the request verification data in the computer program, the processor specifically implements the following steps:

In one embodiment, the request verification data further includes a first security parameter, and when the processor executes logic for verifying the security of the service content according to the target verification rule and the first timestamp in the computer program, the processor specifically implements the following steps:

In one embodiment, when the processor executes logic in the computer program to process the service content and the first timestamp according to the target verification rule to obtain the second security parameter, the following steps are specifically implemented:

In one embodiment, when the processor executes logic for verifying the security of the service content according to the second security parameter and the first security parameter in the computer program, the following steps are specifically implemented:

In one embodiment, a computer readable storage medium is provided for use in a terminal, the computer readable storage medium having a computer program stored thereon, the computer program when executed by a processor performing the steps of:

In one embodiment, the code logic for processing the service content and obtaining the first timestamp of the service content according to the target verification rule in the computer program, when executed by the processor, obtains the request verification data, specifically implements the following steps:

In one embodiment, the code logic in the computer program for determining the target verification rule from the candidate verification rules issued by the application gateway, when executed by the processor, specifically performs the steps of:

In one embodiment, a computer readable storage medium is provided for application to an application gateway, the computer readable storage medium having a computer program stored thereon, the computer program when executed by a processor performing the steps of:

In one embodiment, the request verification data includes a first timestamp of the service content acquired by the terminal, and the code logic for verifying the security of the service content according to the target verification rule and the request verification data in the computer program is executed by the processor, and specifically implements the following steps:

In one embodiment, the request verification data further includes a first security parameter, and the code logic in the computer program for verifying the security of the service content according to the target verification rule and the first timestamp, when executed by the processor, specifically implements the following steps:

In one embodiment, the code logic for processing the service content and the first timestamp according to the target verification rule in the computer program to obtain the second security parameter when executed by the processor specifically implements the following steps:

In one embodiment, the code logic for verifying the security of the service content according to the second security parameter and the first security parameter in the computer program, when executed by the processor, specifically implements the steps of:

In one embodiment, a computer program product is provided for application to a terminal, the computer program product comprising a computer program which, when executed by a processor, performs the steps of:

In one embodiment, the computer program is executed by the processor to process the service content and the first timestamp of the acquired service content according to the target verification rule, and when the operation of requesting the verification data is obtained, the following steps are specifically implemented:

In one embodiment, the computer program is executed by the processor to determine the target verification rule from the candidate verification rules issued by the application gateway, and specifically implement the following steps:

In one embodiment, a computer program product is provided for application to an application gateway, the computer program product comprising a computer program which, when executed by a processor, performs the steps of:

In one embodiment, the request verification data includes a first timestamp of the service content acquired by the terminal, and the computer program is executed by the processor to perform the operation of verifying the security of the service content according to the target verification rule and the request verification data, so as to specifically implement the following steps:

In one embodiment, the request verification data further includes a first security parameter, and when the computer program is executed by the processor to verify the security of the service content according to the target verification rule and the first timestamp, the following steps are specifically implemented:

In one embodiment, when the computer program is executed by the processor to process the service content and the first timestamp according to the target verification rule to obtain the second security parameter, the following steps are specifically implemented:

In one embodiment, when the computer program is executed by the processor to verify the security of the service content according to the second security parameter and the first security parameter, the following steps are specifically implemented:

It should be noted that, the data (including, but not limited to, business content, etc.) related to the present application are all data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A service request processing method, which is applied to a terminal, the method comprising:

And sending the service request to the application gateway so that the application gateway performs security check on the service content according to the request check data and the request check version information, and sending the service content to an application server for processing under the condition that the security check is passed.

2. The method of claim 1, wherein the processing the service content and the first timestamp of the service content according to the target verification rule to obtain the request verification data comprises:

extracting a target character string from service content according to the appointed position information in the target verification rule;

splicing the target character string, the first time stamp of the business content and the check character string to obtain a first initial check parameter;

carrying out hash processing on the first initial inspection parameter by adopting a specified hash algorithm in the target verification rule to obtain a first security parameter;

and taking the first timestamp and the first security parameter as request verification data.

3. The method of claim 1, wherein determining the target verification rule from the candidate verification rules issued by the application gateway comprises:

Determining a target check rule from the candidate check rules according to the issuing time of the candidate check rules issued by the application gateway; or,

and determining a target check rule from the candidate check rules issued by the application gateway according to the service content.

4. A method for processing a service request, applied to an application gateway, the method comprising:

determining a target verification rule from the candidate verification rules according to the request verification version information;

5. The method according to claim 4, wherein the request check data includes a first timestamp of the terminal obtaining the service content; and verifying the security of the service content according to the target verification rule and the request verification data, including:

Acquiring a second timestamp for receiving the service request;

determining a time difference between the first and second time stamps;

and if the time difference is smaller than a time threshold, verifying the safety of the service content according to the target verification rule and the first time stamp.

6. The method of claim 5, wherein the request check data further includes a first security parameter; and verifying the security of the service content according to the target verification rule and the first timestamp, including:

processing the business content and the first timestamp according to the target verification rule to obtain a second security parameter;

and verifying the security of the business content according to the second security parameter and the first security parameter.

7. The method of claim 6, wherein the processing the business content and the first timestamp according to the target verification rule to obtain a second security parameter comprises:

Splicing the target character string, the first time stamp of the business content and the check character string to obtain a second initial check parameter;

and carrying out hash processing on the second initial inspection parameter by adopting a specified hash algorithm in the target inspection rule to obtain a second security parameter.

8. The method of claim 6, wherein verifying the security of the business content based on the second security parameter and the first security parameter comprises:

consistency comparison is carried out on the second safety parameter and the first safety parameter;

if the consistency comparison result is consistent, determining that the security check of the service content passes;

and if the consistency comparison result is inconsistent, determining that the security check of the service content is not passed.

9. A service request processing apparatus, the apparatus comprising:

and the request sending module is used for sending the service request to the application gateway so that the application gateway can carry out security check on the service content according to the request check data and the request check version information and send the service content to an application server for processing under the condition that the security check is passed.

10. A service request processing apparatus, the apparatus comprising:

the second rule determining module is used for determining a target check rule from all candidate check rules according to the request check version information;

the service verification module is used for verifying the safety of the service content according to the target verification rule and the request verification data;

and the service sending module is used for sending the service content to an application server for processing under the condition that the security check of the service content is passed.

11. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 8 when the computer program is executed.

12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 8.

13. A computer program product comprising a computer program, characterized in that the computer program, when executed by a processor, implements the steps of the method of any one of claims 1 to 8.