CN106878378B - Scatter processing method in network communication management - Google Patents
Scatter processing method in network communication management Download PDFInfo
- Publication number
- CN106878378B CN106878378B CN201611214700.6A CN201611214700A CN106878378B CN 106878378 B CN106878378 B CN 106878378B CN 201611214700 A CN201611214700 A CN 201611214700A CN 106878378 B CN106878378 B CN 106878378B
- Authority
- CN
- China
- Prior art keywords
- communication
- server
- data
- message
- system client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Abstract
The invention discloses a scattered point processing method in network communication management, which comprises the steps of establishing a communication management node, wherein the communication management node intensively stores communication parameters and service functions of all systems in a bank transaction system and provides a communication parameter acquisition interface; after a business system client acquires server communication parameters from a communication management node through a specified communication parameter acquisition interface, the server communication parameters are stored in a local communication configuration file of the business system client, and the business system client acquires the server communication parameters from the local communication configuration file to communicate with a server during communication interaction; and if the communication fails, the communication parameters of the information server side are acquired again from the communication management node. The invention makes the bank business system client management more convenient and flexible, reduces the system integration cost, reduces the accident risk of transaction processing, and ensures the security and confidentiality of transaction approaches.
Description
Technical Field
The invention relates to the technical field of computer communication, in particular to a scattered point processing method in network communication management.
Background
In the financial industry, banking departments deploy multiple sets of business systems to process various types of transactions. With the increasing number of transaction types and transaction modes, the number of business systems of banks is increasing. The business system must communicate with other business systems inside and outside the line to complete a transaction, and because the number of banking business systems is large and there is a complex communication relationship, the business systems such as scattered communication nodes are distributed in the network, and how to manage the same communication parameters and communication relationship of the business systems becomes a big difficulty for bank operation and maintenance personnel. The following problems are encountered in operation and maintenance management at present:
1. a single "centralized" network deployment suffers from drawbacks
The centralized network deployment is a common mode in the network deployment of business systems of financial industry departments, and is beneficial to centralized management, but a certain risk is also associated, and if a management node system fails, the centralized network deployment has a large-scale influence on intra-row business transactions. As shown in fig. 1-2, all the business processes of the business systems must send the business data to the "centralized management system" for processing, and the "centralized management system" calls the "cipher machine device" to perform data encryption and decryption operations, and then sends the transaction data to other business systems for processing. If the centralized management system fails, the business system sends the transaction data to the centralized management system for processing, and the transaction of the business system fails because the centralized management system fails to process the failure. It also causes a large area of "paralysis" of the bank transaction.
2. The bus structure has high deployment cost
In recent years, more and more banks adopt a 'bus type architecture' or are migrating to the 'bus structure', although the 'bus structure' has the advantages of simple interconnection, easy management and the like, in the process of deployment, an inline business system is required to be transformed according to a uniform interface issued by the 'bus system', the development difficulty of the 'bus system' is higher, and the deployment cost of the 'bus type architecture' is higher.
3. Communication parameters are not easy to modify
If the network configuration files are manually configured, when the communication parameters of a certain node in the network are modified, the communication system associated with the node must be manually modified, so that the modification amount is large, the influence range is wide, hysteresis exists, and the business transaction efficiency is influenced. Meanwhile, as the configuration file is scattered in the file in the system, the situation of missed modification inevitably exists, and in severe cases, service interruption can be caused.
4. There is a hidden danger of system forgery
Because the communication information of the business system is manually configured, the communication information of the bank production system has leakage risk, and if the communication information is leaked, the non-production environment system is not allowed to communicate with the production environment system, so that production accidents are caused.
Disclosure of Invention
The purpose of the invention is: the scattered point processing method in the network communication management can avoid the problem that the transaction of a business system fails because the fault cannot be processed in a centralized management system, avoid the large-area paralysis of the bank transaction, and improve the security of the transaction so as to overcome the defects of the prior art.
The invention is realized by the following steps: a scattered point processing method in network communication management comprises the steps of establishing a communication management node, wherein the communication management node intensively stores communication parameters and service functions of all systems in a bank transaction system and provides a communication parameter acquisition interface; after a business system client acquires server communication parameters from a communication management node through a specified communication parameter acquisition interface, the server communication parameters are stored in a local communication configuration file of the business system client, and the business system client acquires the server communication parameters from the local communication configuration file to communicate with a server during communication interaction; and if the communication fails, the communication parameters of the information server side are acquired again from the communication management node. Therefore, the communication parameters of the service system client side are distributed, the independence of service processing is guaranteed, the problem of transaction stagnation caused by the fault of a node system is solved, and meanwhile, the communication parameters of the service system client side are managed in a centralized mode, so that the modification and addition of the communication parameters are more flexible and convenient.
In order to ensure the security of a communication parameter obtaining way and prevent a position system from illegally obtaining communication parameters, the method adopts a link address authentication and functional authority authentication mode to identify and authenticate the business system client side obtaining the communication parameters, and the specific implementation mode is as follows: the method comprises the steps that pre-stored data of a database are established in a communication management node, the pre-stored data are a system ID and a link IP of a service system client side which are allowed to access, when the communication management node receives a communication parameter acquisition request message of the service system client side, the system ID of a message initiator is acquired from the message, the link IP of the initiator is acquired from a link, then the comparison with the data in the database is carried out, whether a transaction function realized by a server side requested by the system is allowed or not is judged after the comparison is passed, and if the comparison is allowed, the communication parameters of the server side are issued. The authentication mode improves the confidentiality of the transaction and avoids the intervention of a specific transaction by a third-party system.
In order to guarantee the correctness, the integrity and the confidentiality of data in the communication process, the technology also adopts a mode of MAC verification. The principle is as follows: when a service system client needs to transmit communication data to a server, the service system client performs MAC calculation on the communication data and then assembles the communication data into a communication message; and after the server side obtains the message, recalculating the MAC on the message data, verifying the MAC data with the MAC data in the message, and performing the next step of processing if the verification is passed.
The business system client and the server firstly stipulate a communication key, the business system client encrypts the transaction data by using the communication key, and the server decrypts the transaction data by using the communication key after acquiring the message.
The invention adopts a network deployment mode of double combination of 'distributed' and 'centralized', takes 'distributed' as a main part and 'centralized' as an auxiliary part, sets a 'communication management node', and the node only realizes the unique function: the communication parameters and the service functions of all service system clients in the bank transaction system are stored in a centralized manner, and a communication parameter acquisition interface is provided to enable the service system client system to acquire the communication parameters of the server. And the transaction data is transmitted, the business system client-side carries out interaction in pairwise communication, and no intermediate management node is used for carrying out data processing and forwarding.
Compared with the prior art, the invention ensures that the bank business system client is more convenient and flexible to manage, reduces the system integration cost, reduces the accident risk of transaction processing, and ensures the safety and confidentiality of transaction approaches. The invention has the advantages of simple principle, low operation difficulty, wide applicability and good use effect.
Drawings
FIGS. 1-2 are schematic diagrams of the working principle and flow of the prior art;
FIG. 3 is a flow diagram of distributed system traffic communication of the present invention;
FIG. 4 is a flow chart of a communication parameter acquisition process of the present invention;
FIG. 5 is a flow chart of a communication management node identity authentication process of the present invention;
FIG. 6 is a flow chart of the transaction data processing inter-node processing of the present invention;
FIG. 7 is a flow of identification processing of a communication management node to a counterfeit system according to the present invention;
fig. 8 is a diagram of a communication management structure of an embodiment of the present invention.
Detailed Description
The invention will be described in further detail with reference to the following drawings, which are not intended to limit the invention in any way
The embodiment of the invention comprises the following steps: a scattered point processing method in network communication management is characterized in that an applicant tests on a 'communication management platform' of a Guizhou bank. The communication information and the service functions of 60 sets of service system clients in the Guizhou bank are uniformly registered in a communication management platform (namely, a communication management node), and the communication management node uniformly provides a system registration interface and a service function interface to be called by the service system clients in the bank. When the functional interface is called, the inside of the functional interface sends a message to the server to acquire the communication parameters of the server, stores the communication parameters in a local communication configuration file of the service system client, then carries out transaction operation, and directly sends transaction information to the server to carry out transaction verification.
As shown in fig. 3, each service system client independently completes the processing of the transaction data and directly sends the transaction data to other service system clients. If one of the nodes fails, normal service processing of other service system clients cannot be influenced.
As shown in fig. 4, the service terminal calls a specific interface to register an IP address and a port of the system to the "communication management platform", and the service system client obtains the IP and the port of the service terminal from the "communication management platform" in a message manner, and performs service communication with the server terminal after the IP and the port are successfully obtained.
As shown in fig. 6, two service systems first define a communication key, and a service system client (front-end system) encrypts transaction data using the communication key and performs MAC calculation on a communication packet. After the service end (back-end service system) acquires the message, MAC re-processing and verification are firstly carried out, and then the transaction data is decrypted by using the communication key.
As shown in fig. 7, the "communication management platform" performs MAC verification on the counterfeit system, and even if the verification is successful, the "communication management platform" also performs identification on the counterfeit system, and recognizes that the requesting system is counterfeit through identification processing, and returns an error message.
As shown in fig. 8, when the application system is planned, the core system, the collaboration system group and the management system group are required to implement channel independence, and the guizhou bank production system does not need to deploy a channel integration platform and an application integration platform product through the communication management system and the communication and message standardization.
The scheme simplifies the structure of the production system while enjoying the advantages provided by the SOA architecture, and is the basis for stable operation of the production system. For specific functions provided by the two platforms, for example, unified authentication and the like, an independent management system implementation can be deployed.
The communication management system of the above implementation provides support for the SOA architecture. Due to the low efficiency of the XML transaction message, the large and medium-sized banks do not adopt the XML message as an example of the transaction message of the core system at present. And the Guizhou bank intends to refer to the relevant international standards, select an efficient inline standard message format and use the efficient inline standard message format as a standard interface for online transactions among all systems in the whole line.
After the message standard is determined, the Guizhou bank intends to provide a standard communication interface program of a mainstream development language to realize the function of mutual access between systems. Meanwhile, the related safety management function is integrated in the standard communication interface program.
The standard communication interface program can obtain the communication parameters of all in-line systems which are authorized to access by the standard communication interface program through accessing the communication management system, thereby realizing the transparent access of the related systems.
When a new product and a service management system are on-line or updated, related parameters such as communication and the like need to be reported to the communication management system, and other systems automatically acquire the corresponding parameters through a standard communication interface program so as to support transaction execution.
The foregoing is merely a preferred embodiment of the invention and is not intended to limit the invention in any way, and any simple modifications, equivalent variations and modifications made to the above embodiments according to the technical spirit of the invention may still fall within the scope of the invention.
Claims (4)
1. A method for scatter processing in network communication management, comprising: establishing a communication management node, wherein the communication management node intensively stores communication parameters and service functions of all systems in a bank transaction system and provides a communication parameter acquisition interface; after a business system client acquires server communication parameters from a communication management node through a specified communication parameter acquisition interface, the server communication parameters are stored in a local communication configuration file of the business system client, and the business system client acquires the server communication parameters from the local communication configuration file to communicate with a server during communication interaction; and if the communication fails, the communication parameters of the information server side are acquired again from the communication management node.
2. A method of scatterpoint processing in the management of network communications according to claim 1, wherein: the method comprises the following specific implementation mode of adopting a link address authentication and functional authority authentication mode to identify and authenticate the client of the service system for obtaining the communication parameters: the method comprises the steps that pre-stored data of a database are established in a communication management node, the pre-stored data are a system ID and a link IP of a service system client side which are allowed to access, when the communication management node receives a communication parameter acquisition request message of the service system client side, the system ID of a message initiator is acquired from the message, the link IP of the initiator is acquired from a link, then the comparison with the data in the database is carried out, the comparison is passed, whether a transaction function realized by a server side requested by the system is allowed or not is judged, and if the comparison is allowed, the communication parameters of the server side are issued.
3. A method of scatterpoint processing in the management of network communications according to claim 1, wherein: when a service system client needs to transmit communication data to a server, the service system client performs MAC calculation on the communication data and then assembles the communication data into a communication message; and after the server side obtains the message, recalculating the MAC on the message data, verifying the MAC data with the MAC data in the message, and performing the next step of processing if the verification is passed.
4. A method of scatterpoint processing in the management of network communications according to claim 1, wherein: the business system client and the server firstly stipulate a communication key, the business system client encrypts the transaction data by using the communication key, and the server decrypts the transaction data by using the communication key after acquiring the message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611214700.6A CN106878378B (en) | 2016-12-26 | 2016-12-26 | Scatter processing method in network communication management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611214700.6A CN106878378B (en) | 2016-12-26 | 2016-12-26 | Scatter processing method in network communication management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106878378A CN106878378A (en) | 2017-06-20 |
| CN106878378B true CN106878378B (en) | 2020-02-21 |
Family
ID=59163979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611214700.6A Expired - Fee Related CN106878378B (en) | 2016-12-26 | 2016-12-26 | Scatter processing method in network communication management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106878378B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110751560B (en) * | 2019-10-22 | 2022-03-18 | 中国工商银行股份有限公司 | Transaction processing method and device, electronic equipment and readable storage medium |
| CN113450095A (en) * | 2020-03-24 | 2021-09-28 | 北京沃东天骏信息技术有限公司 | Method and device for configuring identification |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111378A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Signature verification system |
| CN103002444A (en) * | 2011-09-16 | 2013-03-27 | 北京新岸线数字图像技术有限公司 | Financial tool equipment and data communication method thereof |
| CN103246547A (en) * | 2012-02-14 | 2013-08-14 | 北京亿阳信通科技有限公司 | Remote object calling method and system |
| CN104050102A (en) * | 2014-06-26 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Object storing method and device in telecommunication system |
| CN104378362A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Method and device for carrying out conversion of message interfaces |
| CN104463670A (en) * | 2014-11-05 | 2015-03-25 | 浪潮软件集团有限公司 | Websocket-based bank preposition transaction system construction method |
| CN105786611A (en) * | 2014-12-16 | 2016-07-20 | 中国移动通信集团公司 | Method and device for task scheduling of distributed cluster |
| CN106453334A (en) * | 2016-10-19 | 2017-02-22 | 北京悦畅科技有限公司 | Communication protocol switching method, apparatus and system |
-
2016
- 2016-12-26 CN CN201611214700.6A patent/CN106878378B/en not_active Expired - Fee Related
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111378A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Signature verification system |
| CN103002444A (en) * | 2011-09-16 | 2013-03-27 | 北京新岸线数字图像技术有限公司 | Financial tool equipment and data communication method thereof |
| CN103246547A (en) * | 2012-02-14 | 2013-08-14 | 北京亿阳信通科技有限公司 | Remote object calling method and system |
| CN104050102A (en) * | 2014-06-26 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Object storing method and device in telecommunication system |
| CN104378362A (en) * | 2014-10-29 | 2015-02-25 | 中国建设银行股份有限公司 | Method and device for carrying out conversion of message interfaces |
| CN104463670A (en) * | 2014-11-05 | 2015-03-25 | 浪潮软件集团有限公司 | Websocket-based bank preposition transaction system construction method |
| CN105786611A (en) * | 2014-12-16 | 2016-07-20 | 中国移动通信集团公司 | Method and device for task scheduling of distributed cluster |
| CN106453334A (en) * | 2016-10-19 | 2017-02-22 | 北京悦畅科技有限公司 | Communication protocol switching method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106878378A (en) | 2017-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112311735B (en) | Credible authentication method, network equipment, system and storage medium | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| KR102119449B1 (en) | Aggregation open api platform system, method for prividing financial services using the same and computer program for the same | |
| CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
| CN107733861A (en) | It is a kind of based on enterprise-level intranet and extranet environment without password login implementation method | |
| CN111639327A (en) | Authentication method and device for open platform | |
| CN104333556B (en) | Based on resource service management system Security Certificate gateway decentralized configuration management method | |
| CN110535807B (en) | Service authentication method, device and medium | |
| CN102868702B (en) | System login device and system login method | |
| CN110958111A (en) | Electric power mobile terminal identity authentication mechanism based on block chain | |
| CN111131301A (en) | Unified authentication and authorization scheme | |
| CN109361753A (en) | A kind of Internet of things system framework and encryption method | |
| CN106060078A (en) | User information encryption method, user registration method and user validation method applied to cloud platform | |
| CN109448271A (en) | A kind of no card withdrawal method, computer readable storage medium and server | |
| CN105577639A (en) | Trusted device control messages | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN104125230A (en) | Short message authentication service system and authentication method | |
| CN112862487A (en) | Digital certificate authentication method, equipment and storage medium | |
| CN106878378B (en) | Scatter processing method in network communication management | |
| CN111371588A (en) | SDN edge computing network system based on block chain encryption, encryption method and medium | |
| WO2021170049A1 (en) | Method and apparatus for recording access behavior | |
| US11611435B2 (en) | Automatic key exchange | |
| CN107888548A (en) | A kind of Information Authentication method and device | |
| CN106936760A (en) | A kind of apparatus and method of login Openstack cloud system virtual machines | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200221 Termination date: 20201226 |