CN107733897A - A kind of data security method and system - Google Patents
A kind of data security method and system Download PDFInfo
- Publication number
- CN107733897A CN107733897A CN201710986402.7A CN201710986402A CN107733897A CN 107733897 A CN107733897 A CN 107733897A CN 201710986402 A CN201710986402 A CN 201710986402A CN 107733897 A CN107733897 A CN 107733897A
- Authority
- CN
- China
- Prior art keywords
- damage
- request
- data
- save
- operation flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of data security method, applied to the preposition access system of data security system, including:The logging request of client traffic system is received, the identity information of the client traffic system is verified;After being verified, asked according to the operation flow template received, organize operation flow template corresponding with the request to return to the client traffic system;The client traffic system is received according to corresponding to the data respectively saved from damage a little and the upload that business scenario defines in the operation flow template.Invention additionally discloses a kind of preposition access system.The present invention, which solves data in the prior art and saves logic from damage, easily occurs confusion, produced during saving from damage it is invalid save data from damage, the problem of validity of data is saved in influence from damage.
Description
Technical field
The present invention relates to a kind of data security method and system.
Background technology
As computer internet is throughout application, electronic data is used as using computer as carrier, is entered using electronic form
Row obtains, fixed evidence form, not only has very high efficiency, and ensure that the safety of original document.Electronic data is not allowed
Easily distorted by people, and there is the legal effect equal with papery evidence.It is with spreadsheet format (text that electronic data, which is saved from damage,
Word, figure, letter, numeral, three-dimensional symbol, color combination and sound and above-mentioned factor combination etc.) existing for all kinds of electron numbers
It is believed that breath, carries out computing, encryption fixation, states clearly and save generation standard time, operation values, Docket No. etc. from damage, prevent from being distorted by people,
Ensure the program and method of electronic data primitiveness and objectivity.Saved from damage by data and the anti-of electronic data content is effectively ensured usurps
Change, ensure convenience and security that data are saved from damage.But electronic data, when progress data are saved from damage, each operation flow may
Save a point (save from damage and a little refer to that is deposited a card species) from damage comprising more than one, this requires, when progress data are saved from damage, to ensure to protect
Total evidence respectively save from damage a little save order from damage, confusion does not occur for the logic for saving data from damage so that saves data from damage according to making a reservation for
Rule of saving from damage saved from damage, while should also avoid producing during saving from damage it is invalid save data from damage, influence data and save effect from damage.
The operation flow that the data of different service types are saved from damage is different, how to ensure that data are saved from damage and is carried out according to operation flow order
Save from damage, saving the validity of data from damage turns into electronic data urgent problem to be solved when carrying out data and saving from damage.
The content of the invention
In view of technological deficiency present in prior art and technology drawback, the embodiment of the present invention provide overcome above mentioned problem or
A kind of data security method and system that person solves the above problems at least in part.
As the one side of the embodiment of the present invention, it is related to a kind of data security method, applied to data security system
Preposition access system, including:
The logging request of client traffic system is received, the identity information of the client traffic system is verified;
After being verified, asked according to the operation flow template received, organize Business Stream corresponding with the request
Journey template returns to the client traffic system;
The client traffic system is received according to correspond to that business scenario defines in the operation flow template respectively to be saved from damage a little
Data and upload.
In one embodiment, in described data security method, the client traffic system is received according to the business
The data respectively saved from damage a little that business scenario defines and upload are corresponded in flow template, is specifically included:
Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include described in save from damage a little corresponding to chain
Code and flow instance coding;
Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain code;
When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
In one embodiment, described data security method also includes:Checking user identity information by rear, it is raw
The client traffic system of request login is returned into authorization token token corresponding with the identity information of client traffic system;
When receiving the heartbeat request or service request of client traffic system, have to the token included in request
The checking of effect property;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one
It is or multinomial:
The request of point data is saved in the request of operation flow template, upload, which from damage, the request of result is saved in inquiry from damage, publishes system asks
Ask.
In one embodiment, described data security method also includes:Before obtaining operation flow template, to operation flow
The version number of template is verified, it is determined whether is newest operation flow template, if it is not, obtaining newest operation flow mould
Plate.
In one embodiment, described data security method also includes:After data are saved in reception from damage, save number from damage by described
According to caching to default message queue MQ.
As the other side of the embodiment of the present invention, it is related to a kind of preposition access system, including:Access server is with after
Platform processing server, the access server connect at least one client traffic system server;Wherein:
The access server, for logging request, the industry for sending each client traffic system server received
Business template asks summed data to save request from damage and is forwarded to the background process server, and by background process server to it is each ask into
The result that row processing obtains is back to corresponding client traffic system server;
The background process server, for the user identity according to the logging request to client traffic system server
Information is verified, after being verified, is asked according to the operation flow template, operation flow template corresponding to acquisition;And
The client traffic system is received according to corresponding to data respectively saved from damage a little that business scenario defines in the operation flow template simultaneously
Upload.
In one embodiment, the background process server of described preposition access system, it is additionally operable to obtain data
Save from damage save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance volume
Code, enter to join information described in checking by rear, point data is saved in reception from damage, save from damage described in checking a little whether be flow chain last
Save from damage a little, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server is additionally operable to next chain code saved from damage a little of return returning to client's industry
Business system server.
In one embodiment, the background server of described preposition access system is additionally operable to by generation and client
Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server
Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to request
In the token that includes carry out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:Operation flow template request, upload save from damage point data request,
Inquiry saves the request of result from damage, publishes system request.
In one embodiment, the access server of described preposition access system, it is additionally operable to obtaining Business Stream
Before journey template, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining
Take newest operation flow template.
In one embodiment, the access server of described preposition access system, is additionally operable to save number from damage in reception
According to afterwards, the data of saving from damage received are sent to default message queue MQ and cached;Accordingly,
The background process server, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
The embodiment of the present invention at least realizes following technique effect:
Data security method provided in an embodiment of the present invention, after the identity information checking to client traffic system, connect
The request of operation flow template is received, obtains operation flow template, according to each guarantor for business scenario is corresponded in operation flow template defining
Full dot sequency carries out data and saved from damage so that what data were saved from damage respectively save point data from damage is uploaded according to the order respectively saved from damage a little, guarantor
Card saves the logic that the validity of data and data are saved from damage from damage and confusion does not occur.
Data security method provided in an embodiment of the present invention, obtained for the different business scene of different client traffic systems
Operation flow template corresponding to taking, the operation flow of each client traffic system is different, and same client traffic system
It is also possible to that multiple operation flows can be related to, by verifying client traffic system identity information, identification client traffic system hair
What is risen is which specific operation flow, corresponding to obtain operation flow template, the operation flow mould that only client traffic system obtains
Respectively saving from damage for the business scenario for the operation flow template that plate gauge then provides with preposition access system is corresponding, and data save business from damage
It can be smoothed out, prevent that receiving malice personation saves data from damage.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write
Described structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention
Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is data security method schematic flow sheet provided in an embodiment of the present invention;
Fig. 2 is that data save operation flow schematic diagram from damage in data security method provided in an embodiment of the present invention;
Fig. 3 is the timing diagram of data security method provided in an embodiment of the present invention;
Fig. 4 is the structural representation of preposition access system provided in an embodiment of the present invention.
Embodiment
The exemplary embodiment of the present invention is more fully described below with reference to accompanying drawings.Although the present invention is shown in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the present invention without should be by embodiments set forth here
Limited.Conversely, there is provided these embodiments are to be able to be best understood from the present invention, and can be by the scope of the present invention
Completely it is communicated to those skilled in the art.
Separately below to a kind of data security method provided in an embodiment of the present invention and the various embodiments of system
It is described in detail.
Embodiment one:
Shown in reference picture 1, a kind of data security method of the offer of the embodiment of the present invention one, applied to data security system
Preposition access system, including:
S101:The logging request of client traffic system is received, the identity information of the client traffic system is verified;
S102:After being verified, asked according to the operation flow template received, organize industry corresponding with the request
Business flow template returns to the client traffic system;
S103:Receive each guarantor that the client traffic system defines according to business scenario is corresponded in the operation flow template
The data put entirely and upload.
Data security method provided in an embodiment of the present invention, after the identity information checking to client traffic system, connect
The request of operation flow template is received, obtains operation flow template, according to each guarantor for business scenario is corresponded in operation flow template defining
Full dot sequency carries out data and saved from damage so that what data were saved from damage respectively save point data from damage is uploaded according to the order respectively saved from damage a little, guarantor
Card saves the logic that the validity of data and data are saved from damage from damage and confusion does not occur.
Data security method provided in an embodiment of the present invention, obtained for the different business scene of different client traffic systems
Operation flow template corresponding to taking, the operation flow of each client traffic system is different, and same client traffic system
It is also possible to that multiple operation flows can be related to, by verifying client traffic system identity information, identification client traffic system hair
What is risen is which specific operation flow, corresponding to obtain operation flow template, the operation flow mould that only client traffic system obtains
Respectively saving from damage for the business scenario for the operation flow template that plate gauge then provides with preposition access system is corresponding, and data save business from damage
It can be smoothed out, prevent that receiving malice personation saves data from damage.
Shown in reference picture 2, in one embodiment, in the data security method of the embodiment of the present invention described in step S103
The client traffic system is received according to corresponding to data respectively saved from damage a little that business scenario defines in the operation flow template simultaneously
Upload, specifically include:
S1031:Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include described in save from damage a little pair
Chain code and the flow instance coding answered;
S1032:Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
S1033:When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain
Code;
S1034:When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
Data security method provided in an embodiment of the present invention, when the data for carrying out saving from damage a little every time are saved from damage, it is required for testing
Demonstrate,prove it and enter to join chain code and flow instance coding that information includes, only according to operation flow template, can just be received by checking
Save data from damage, and the next chain code saved from damage a little and flow instance brought back to life encode, ensure that data save from damage save from damage a little according to
Predetermined order is saved from damage, is avoided factor data from saving repetition from damage and submit and is caused logical miss and invalid save from damage.
Data security method provided in an embodiment of the present invention, by being verified to the chain code for entering to join information saved from damage a little,
When receiving when saving data from damage maliciously to palm off data, chain code can not be palmed off data and will not be received by checking, malice, guarantor
The validity and security that card data are saved from damage.
In one embodiment, described data security method, it is described save from damage a little for first save from damage when, it enters to join information
In chain code and flow instance be encoded to default character string;It is described save from damage a little for it is non-it is first save from damage when, it enters to join in information
Chain code and flow instance be encoded to according to preset rules generate random number.
Data security method provided in an embodiment of the present invention, traffic flow template is obtained, it is first when carrying out saving data receiver from damage
When the individual chain code saved from damage a little calls for the first time, it is default character string to enter the chain code joined in information, specifically, can be, it is described
Default character string be empty string " ", or other character strings for fixing are not limited in the embodiment of the present invention;It is first to save from damage
When the chain code of point calls for the first time, entering the flow instance joined in information is encoded to default character string, specifically, can be institute
The default character string stated is empty string " ", or the character string of other fixations, is not limited in the embodiment of the present invention.
In one embodiment, described data security method also includes:
According to the operation flow template, determine whether that last saves data a little from damage;
If so, after receiving last and saving point data from damage, terminate upload and save data from damage.
In one embodiment, described data security method, when a quantity of saving from damage for operation flow template only has one
When, when data are saved in reception from damage, verify that the chain code in ginseng information and flow instance are encoded to default character string, that is, receive and protect
That puts entirely saves data from damage, terminates upload data and saves from damage.
In one embodiment, described data security method, in addition to:
Receive save from damage a little include that chain code and flow instance encode enter to join information, when checking, this enters to join information wrong
When, terminate data and save from damage.
As an embodiment of the embodiment of the present invention, when verifying chain code mistake in ginseng information, return wrong
Response message by mistake, remind client traffic system server terminal to terminate upload and save data from damage.
In a specific embodiment, Ke Yishi, uploaded according to operation flow template and save data from damage, first the entering a little saved from damage
Chain code and flow instance coding in ginseng information are empty string " ", and data protection servicer verifies the first chain code and stream saved from damage a little
Journey example code is empty string " ", receives the first data of saving from damage saved from damage a little, and generate second according to preset rules and save from damage a little
The random number of chain code and flow instance coding, for example, it may be, second chain code saved from damage a little of generation is abc1, generation
Second flow instance saved from damage a little is encoded to ABC1.Data protection servicer returns to the chain code abc1 and flow reality of generation
Example coding ABC1, as second save from damage a little enter to join information, and ABC1 is encoded to the chain code abc1 and flow instance of generation and entered
Row caching process.
When upload second save from damage a little when saving data from damage, data protection servicer according to second save from damage a little enter join letter
The same caching for including flow instance coding ABC1 of flow instance coding ABC1 searching datas protection servicer caching in breath
Information, and the chain code abc1 in cache information is compared with entering the chain code joined in information, such as second save from damage a little enter to join
Chain code in information is also abc1, then second Information Authentication that enters to join saved from damage a little passes through data protection servicer reception second
It is individual save from damage a little save data from damage;If now second chain code joined in information that enters saved from damage a little is not abc1, second is protected
That puts entirely enters to join Information Authentication not by the way that data protection servicer does not receive second data of saving from damage saved from damage a little, and terminates number
According to saving from damage.Further, it is also possible that data protection servicer returns to false response messages, client traffic system service is reminded
Terminate upload and save data from damage in device end.
Save completion from damage in the data that second is saved from damage a little, data protection servicer, judge whether it is that last is saved from damage
Point, if it is not a little that last is saved from damage a little that second, which is saved from damage, data protection servicer can generate and return to next save from damage a little
Chain code and flow instance coding as it is next save from damage a little enter to join information, enter to join according to operation flow template, described in checking and believe
Breath, and receive after being verified this save from damage a little save data from damage, up to data protection servicer judges to save from damage a little as last
It is individual when saving from damage, receive last and save data of saving from damage a little from damage, terminate data and save flow from damage.
When operation flow template is only saved from damage including one, data protection servicer, checking is first save from damage a little enter to join
Chain code and flow instance coding in information are default character string, and e.g. empty string " ", reception saves data from damage, that is, terminate this
Secondary data save flow from damage.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Checking user identity information by rear, generate authorization token corresponding with the identity information of client traffic system
Token returns to the client traffic system that request logs in;
When receiving the heartbeat request or service request of client traffic system, have to the token included in request
The checking of effect property;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one
It is or multinomial:
The request of point data is saved in the request of operation flow template, upload, which from damage, the request of result is saved in inquiry from damage, publishes system asks
Ask.
In a specific embodiment, data security method provided in an embodiment of the present invention, data security system in advance will
Client traffic system is configured to SDK including user name, the user identity account information of encrypted message
In (Software Development Kit, SDK), this SDK is configured to client traffic system server, data security system
The logging request of client traffic system server transmission is received, according to the user name of SDK carryings, encrypted message, confirms the visitor
Family service system is the validated user of preposition access system accreditation, the client traffic system server that only certification passes through, is counted
Just data can be provided according to safety system for it and save business from damage, the client traffic system for pretending to be our validated user, served
Effective shielding action.For the client traffic system by certification, preposition access system can be to provide an authorization token
Token, the token are an interim authorization token, have the term of validity of certain time, token only before the deadline
Just the term of validity, token failures can be exceeded by the checking of preposition access system, preposition access system just will be considered that this client
Operation system has no longer maintained token validity, and client traffic system server abandons to be carried out subsequently using this token
The authority of operation.
As a specific implementation of the embodiment of the present invention, described token form and specific manifestation form can
To be unique string that numeral generates with monogram at random.Such as:f0d2a5558dee4aa9a6dee31213539fc9.
In a specific embodiment, data security method provided in an embodiment of the present invention, preposition access system pass through the heart
Functional verification token validity is jumped, and for extending the token term of validity, can be specifically:
The heartbeat request that client traffic system is sent includes the first heartbeat request and the second heartbeat request, the first heartbeat request
For verifying token validity, the second heartbeat request is used to verify token validity and extends the token terms of validity, extends visitor
Family operation system and preposition access system session effective time.
In the embodiment of the present invention, first heartbeat request, for verifying whether token is effective, when checking token is effective
When, preposition access system server can just receive the service request of client traffic system server, when verifying that token is invalid,
Preposition access system will refuse the service request of client traffic system;
Second heartbeat request, for verifying whether token is effective and extends the token terms of validity when verifying effective,
After verifying that token is effective, extend this token term of validity.There is provided to ensure that token can be continuously this client traffic system
Service, client traffic system can constantly ask to extend this token term of validity, by extending the token terms of validity, client traffic
System can carry out follow-up every service request using this token always, so avoid and frequently log on, frequent certification it is tired
It is angry.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Before obtaining operation flow template, the version number of operation flow template is verified, it is determined whether be newest industry
Business flow template, if it is not, obtaining newest operation flow template.
Specifically, Ke Yishi, in client traffic system server logging request certification by logging in preposition access system
After succeeding and asking heartbeat and the success of heartbeat first, it need to first call and obtain operation flow template, to verify operation flow mould
Whether plate has updated, if operation flow template has updated, obtains newest flow template, and client traffic system is according to selected
The dot sequency of respectively saving from damage that business scenario defines is corresponded in flow template asks upload to save data from damage successively.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
After data are saved in reception from damage, by it is described save from damage data buffer storage to default message queue (Message Queue,
MQ)。
The data security method of the embodiment of the present invention, because preposition access system accesses multiple client traffic system services
Device, when multiple client traffic system servers carry out service request simultaneously, the background server of preposition access system can not be real
When processing and real-time response client traffic system server initiate service request, in order to alleviate the impact to background server,
Temporal cache is carried out to service request data by message queue MQ, background service according to respective disposal ability without any confusion
Pending data are obtained from message queue MQ to be handled, can so improve preposition access system background service it is strong
Strong property and stability.During data are saved from damage, preposition access system checking token validity and the legitimacy of data, verification
After errorless, message call queue MQ, it would be desirable to the data buffer storage saved from damage, deposit card service for preposition access system and deposit data
Storage to database is solidified.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Receive inquiry and save result request from damage, the situation of saving from damage that data are saved from damage is inquired about, and looking into of saving from damage of returned data
Ask result.
The data security method of the embodiment of the present invention, when result is saved in inquiry from damage, also need to carry out the industry for verifying that data are saved from damage
Be engaged in flow legitimacy, and by operation flow the result return client traffic system server the step of.
Data security method provided in an embodiment of the present invention, when saving information from damage because of upload, preposition access system deposits data
Storage is in message queue MQ, then is uploaded to the background server of preposition access system, so client traffic system needs to pass through
Result is saved in inquiry from damage, is carried out timely synchrodata and is saved state from damage.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Request is published in reception, and token is authenticated and is set to failure, and data are saved in end from damage.
It is mainly two kinds of fields that client traffic system, which is initiated to publish request, in data security method provided in an embodiment of the present invention
Scape:
The first scene:Some client traffic systems are after having operated it and having needed to save data from damage, when having very long one section
Between do not recall preposition access system, due to token acquiescence the term of validity be present, received last from client traffic system
It is individual save from damage a little save data from damage, to the term of validity failure also for some time, in order to ensure that this period, token will not maliciously be made
With token can be set to failure by client traffic system with active request, ensure to withdraw authority in time;
Second of scene is saved from damage as third party's malice initiation data occur, preposition access system or client traffic system discovery
Token is used by third party's malice, in order to prevent stolen token operating right in time, can pass through client traffic system
Publish request actively timely withdraw authority.
Shown in reference picture 3, in a specific embodiment, the overall industry of data security system provided in an embodiment of the present invention
Business flow includes:
Login step:
Client traffic system server is initiated request and logged in, and access server receives request, and is sent to background server
Certification is asked, background server generation token, and returns to token authentication results, access server is to client traffic system service
Device returns to login result, and token is sent into client traffic system server.
Data security method provided in an embodiment of the present invention, client traffic system can not carry out any behaviour in the state of being not logged in
Make, only by authentication and can successfully take token, data could be carried out and save service request from damage.
Obtain operation flow template step:
Client traffic system carries token, and to access server acquisition request operation flow template, background server is carried out
Token legitimacy certifications, certification by and return to token authentication results, access server acquisition request operation flow template, after
Platform server returns to operation flow template according to the identity information of client traffic system.
Data security method provided in an embodiment of the present invention, client traffic system carry the token requests that login returns and obtained
Operation flow template is taken, has only passed through the token of authentication, client traffic system could successfully be initiated to obtain operation flow
Template is asked and takes the operation flow template of return.
Data step is saved in request upload from damage:
Client traffic system carries token, saves data from damage to access server request upload, background server is carried out
Token legitimacy certifications, certification by and return to token authentication results, then background server saves request from damage to this data
Verify whether operation flow is legal, return to operation flow the result, when operation flow is legal, data are saved in reception from damage, and are returned
Data result is saved in reception from damage, and access server returns to client traffic system server saves result from damage.
Data security method provided in an embodiment of the present invention, client traffic system are carried in the token requests for logging in and returning
Biography saves data from damage, has only passed through the token and operation flow legitimate verification of authentication, and client traffic system could succeed
Initiate to upload save data from damage and take return save state from damage.
Result step is saved in inquiry from damage:
Client traffic system carries token, saves result from damage to access server requesting query, background server is carried out
Token legitimacy certifications, certification by and return to token authentication results, then background server saves result from damage to this inquiry
Requests verification operation flow it is whether legal, return operation flow the result, when operation flow is legal, inquiry save data from damage,
And return and save result from damage, access server returns to client traffic system server saves result from damage.
Client traffic system carries the token requesting queries that login returns and saves result from damage, has only passed through authentication
Token and operation flow legitimate verification is by the way that client traffic system could successfully initiate inquiry and save result from damage and take return
Query Result.
Ask heartbeat step:
Being performed during data are saved from damage includes the request of operation flow template, uploads the request for saving point data from damage, inquiry guarantor
The request of full result, when publishing the service request including system request, client traffic system carries out asking the heart according to pre-defined rule
Jump for verifying whether token is effective, and access server receives heartbeat request, token legitimacies are recognized by background server
Card, token authentication results are returned to, or, client traffic system carries out being used for whether verifying token according to pre-defined rule request heartbeat
Effectively and ask to extend the token terms of validity, access server receives heartbeat request, by background server to token legitimacies
Certification, the token terms of validity can be extended when being verified, return to token authentication results, access server is to client's industry
Business system server returns to heartbeat result.
Data security method provided in an embodiment of the present invention, client traffic system carry the token request hearts for logging in and returning
Jump, can heartbeat successfully need to see whether token legal effectively.The certification of Token legitimacies is by the way that heartbeat request is successful, data
Safety system just may proceed to the service request to be performed.
Publish step:
Client traffic system is initiated request to access server and published, and background server is to token legitimacy certifications, certification
Token is set to failure after, is returned to access server and is set to fail result, access server returns to client traffic system
Return and publish result.
Data security method provided in an embodiment of the present invention, client traffic system carry the token requests that login returns and moved back
Go out, can exit successfully needs to see whether token is legal effectively, and in the embodiment of the present invention, client traffic system completes data
After saving from damage, or third party's malice occurs and initiates data when saving from damage, request can be published actively timely by client traffic system
The system-wide authority of client traffic system access packet is withdrawn, ensures that token is not used maliciously.
The embodiment of the present invention also provides a kind of preposition access system, including:Access server 2 and background process server 1,
The access server 2 connects at least one client traffic system server;Wherein:
The access server 2, for logging request, the industry for sending each client traffic system server received
Business template asks summed data to save request from damage and is forwarded to the background process server, and by background process server to it is each ask into
The result that row processing obtains is back to corresponding client traffic system server;
The background process server 1, for user's body according to the logging request to client traffic system server
Part information is verified, after being verified, is asked according to the operation flow template, operation flow template corresponding to acquisition;With
And receive the data respectively saved from damage a little that the client traffic system defines according to business scenario is corresponded in the operation flow template
And upload.
In one embodiment, the background process server 1 of the preposition access system, it is additionally operable to obtain data guarantor
Save from damage in full request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance encode,
Enter to join information described in checking by rear, point data is saved in reception from damage, and whether save from damage described in checking is a little that last of flow chain is protected
Quan Dian, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server 2 is additionally operable to next chain code saved from damage a little of return returning to the client
Business system server.
In one embodiment, the background server 1 of the preposition access system is additionally operable to by generation and client
Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server
Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to request
In the token that includes carry out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:Operation flow template request, upload save from damage point data request,
Inquiry saves the request of result from damage, publishes system request.
In one embodiment, the access server 2 of the preposition access system, it is additionally operable to obtaining operation flow
Before template, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining
Newest operation flow template.
In one embodiment, the access server 2 of the preposition access system, is additionally operable to save data from damage in reception
Afterwards, the data of saving from damage received are sent to default message queue MQ and cached;Accordingly,
The background process server 1, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.)
Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (10)
1. a kind of data security method, the preposition access system applied to data security system, it is characterised in that including:
The logging request of client traffic system is received, the identity information of the client traffic system is verified;
After being verified, asked according to the operation flow template received, organize operation flow mould corresponding with the request
Plate returns to the client traffic system;
Receive the number respectively saved from damage a little that the client traffic system defines according to business scenario is corresponded in the operation flow template
According to and upload.
2. the method as described in claim 1, it is characterised in that receive the client traffic system according to the operation flow mould
The data respectively saved from damage a little that business scenario defines and upload are corresponded in plate, is specifically included:
Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code with
Flow instance encodes;
Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain code;
When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
3. method as claimed in claim 1 or 2, it is characterised in that also include:Checking user identity information by rear,
Generation authorization token token corresponding with the identity information of client traffic system returns to the client traffic system that request logs in;
When receiving the heartbeat request or service request of client traffic system, validity is carried out to the token included in request
Checking;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one or more
:
The request of operation flow template, upload and save the request of point data from damage, inquire about and save the request of result from damage, publish system request.
4. the method as described in claim 1, it is characterised in that also include:Before obtaining operation flow template, to operation flow mould
The version number of plate is verified, it is determined whether is newest operation flow template, if it is not, obtaining newest operation flow template.
5. the method as described in claim 1, it is characterised in that also include:After data are saved in reception from damage, save data from damage by described
Cache to default message queue MQ.
A kind of 6. preposition access system, it is characterised in that including:Access server and background process server, the access clothes
Business device connects at least one client traffic system server;Wherein:
The access server, for each client traffic system server received is sent logging request, business mould
Plate asks summed data to save request from damage and is forwarded to the background process server, and by background process server to each request at
Manage obtained result and be back to corresponding client traffic system server;
The background process server, for the subscriber identity information according to the logging request to client traffic system server
Verified, after being verified, asked according to the operation flow template, operation flow template corresponding to acquisition;And receive
The client traffic system is according to corresponding to the data respectively saved from damage a little and the upload that business scenario defines in the operation flow template.
7. system as claimed in claim 6, it is characterised in that the background process server, be additionally operable to acquisition data and save from damage
Save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance encode, test
Enter to join information described in card by rear, point data is saved in reception from damage, and whether save from damage described in checking is a little that last of flow chain is saved from damage
Point, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server is additionally operable to next chain code saved from damage a little of return returning to the client traffic system
System server.
8. system as claimed in claims 6 or 7, it is characterised in that the background server is additionally operable to by generation and client
Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server
Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to being wrapped in request
The token contained carries out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:The request of operation flow template, upload the request for saving point data from damage, inquiry
Save the request of result from damage, publish system request.
9. system as claimed in claim 8, it is characterised in that the access server, be additionally operable to obtaining operation flow mould
Before plate, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining most
New operation flow template.
10. system as claimed in claim 6, it is characterised in that
The access server, is additionally operable to after data are saved in reception from damage, and the data of saving from damage received are sent to default and disappeared
Breath queue MQ is cached;Accordingly,
The background process server, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710986402.7A CN107733897A (en) | 2017-10-20 | 2017-10-20 | A kind of data security method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710986402.7A CN107733897A (en) | 2017-10-20 | 2017-10-20 | A kind of data security method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107733897A true CN107733897A (en) | 2018-02-23 |
Family
ID=61213170
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710986402.7A Pending CN107733897A (en) | 2017-10-20 | 2017-10-20 | A kind of data security method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107733897A (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
CN101882255A (en) * | 2009-05-07 | 2010-11-10 | 中兴通讯股份有限公司 | Workflow device, system and configuration method based on service-oriented architecture |
US20140258983A1 (en) * | 2013-03-08 | 2014-09-11 | Oracle International Corporation | Model for configuration independent process templates and business catalog |
US9128791B1 (en) * | 2011-03-21 | 2015-09-08 | Board Of Regents Of The University Of Texas System | Generation of distinct pseudorandom number streams based on program context |
CN105007275A (en) * | 2015-07-29 | 2015-10-28 | 浪潮(北京)电子信息产业有限公司 | Single-way safety isolation data transmission method and system |
CN105898438A (en) * | 2016-04-07 | 2016-08-24 | 广州华多网络科技有限公司 | Live broadcasting room dynamic configuration method, device, system and server |
CN106991339A (en) * | 2017-05-05 | 2017-07-28 | 国信嘉宁数据技术有限公司 | A kind of financial transaction data security method, server, client and system |
CN107124281A (en) * | 2017-05-05 | 2017-09-01 | 国信嘉宁数据技术有限公司 | A kind of data security method and related system |
CN107146153A (en) * | 2017-05-05 | 2017-09-08 | 国信嘉宁数据技术有限公司 | Data security method, server and the system of automatic reimbursement business |
-
2017
- 2017-10-20 CN CN201710986402.7A patent/CN107733897A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207482A (en) * | 2007-12-13 | 2008-06-25 | 深圳市戴文科技有限公司 | System and method for implementation of single login |
CN101882255A (en) * | 2009-05-07 | 2010-11-10 | 中兴通讯股份有限公司 | Workflow device, system and configuration method based on service-oriented architecture |
US9128791B1 (en) * | 2011-03-21 | 2015-09-08 | Board Of Regents Of The University Of Texas System | Generation of distinct pseudorandom number streams based on program context |
US20140258983A1 (en) * | 2013-03-08 | 2014-09-11 | Oracle International Corporation | Model for configuration independent process templates and business catalog |
CN105007275A (en) * | 2015-07-29 | 2015-10-28 | 浪潮(北京)电子信息产业有限公司 | Single-way safety isolation data transmission method and system |
CN105898438A (en) * | 2016-04-07 | 2016-08-24 | 广州华多网络科技有限公司 | Live broadcasting room dynamic configuration method, device, system and server |
CN106991339A (en) * | 2017-05-05 | 2017-07-28 | 国信嘉宁数据技术有限公司 | A kind of financial transaction data security method, server, client and system |
CN107124281A (en) * | 2017-05-05 | 2017-09-01 | 国信嘉宁数据技术有限公司 | A kind of data security method and related system |
CN107146153A (en) * | 2017-05-05 | 2017-09-08 | 国信嘉宁数据技术有限公司 | Data security method, server and the system of automatic reimbursement business |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110602052B (en) | Micro-service processing method and server | |
US9774606B2 (en) | Cross platform social networking authentication system | |
CN107645512A (en) | The method, apparatus and server of a kind of authentication | |
CN103220344B (en) | Microblogging licenses method and system | |
CN105306473B (en) | A kind of method for preventing injection attacks, client, server and system | |
CN107679045A (en) | Copyright authorization management method and system | |
US10778603B2 (en) | Systems and methods for controlling access to broker resources | |
CN112632629B (en) | Voting management method, device, medium and electronic equipment based on block chain | |
CN106713271A (en) | Web system log in constraint method based on single sign-on | |
JP2016521932A (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
CN110311891B (en) | Account management method and device, computer equipment and storage medium | |
JP2014534515A5 (en) | ||
CN106060097B (en) | A kind of management system and management method of information security contest | |
CN103428161A (en) | Phone authentication service system | |
CN107135076A (en) | A kind of participatory of without TTP perceives incentive mechanism implementation method | |
EP3926926B1 (en) | Method and system for delivering restricted-access resources using a content delivery network | |
CN103957189A (en) | Application program interaction method and device | |
CN109286498A (en) | Nuclear power station DCS leads to credit network method of calibration and device, electronic device | |
CN107659574A (en) | A kind of data access control system | |
JP5268785B2 (en) | Login restriction method for Web server system | |
CN107181747A (en) | A kind of Handle resolution systems comprising top mode | |
CN116647345A (en) | Method and device for generating permission token, storage medium and computer equipment | |
CN107733897A (en) | A kind of data security method and system | |
CN107566410A (en) | A kind of data save message request treating method and apparatus from damage | |
JP2024077638A (en) | Information processing device, information processing system, program, and information processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20210427 |