CN107733897A - A kind of data security method and system - Google Patents

A kind of data security method and system Download PDF

Info

Publication number
CN107733897A
CN107733897A CN201710986402.7A CN201710986402A CN107733897A CN 107733897 A CN107733897 A CN 107733897A CN 201710986402 A CN201710986402 A CN 201710986402A CN 107733897 A CN107733897 A CN 107733897A
Authority
CN
China
Prior art keywords
damage
request
data
save
operation flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710986402.7A
Other languages
Chinese (zh)
Inventor
徐茂兰
袁飞
曲明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guoxin Kaning Data Technology Co Ltd
Original Assignee
Guoxin Kaning Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guoxin Kaning Data Technology Co Ltd filed Critical Guoxin Kaning Data Technology Co Ltd
Priority to CN201710986402.7A priority Critical patent/CN107733897A/en
Publication of CN107733897A publication Critical patent/CN107733897A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of data security method, applied to the preposition access system of data security system, including:The logging request of client traffic system is received, the identity information of the client traffic system is verified;After being verified, asked according to the operation flow template received, organize operation flow template corresponding with the request to return to the client traffic system;The client traffic system is received according to corresponding to the data respectively saved from damage a little and the upload that business scenario defines in the operation flow template.Invention additionally discloses a kind of preposition access system.The present invention, which solves data in the prior art and saves logic from damage, easily occurs confusion, produced during saving from damage it is invalid save data from damage, the problem of validity of data is saved in influence from damage.

Description

A kind of data security method and system
Technical field
The present invention relates to a kind of data security method and system.
Background technology
As computer internet is throughout application, electronic data is used as using computer as carrier, is entered using electronic form Row obtains, fixed evidence form, not only has very high efficiency, and ensure that the safety of original document.Electronic data is not allowed Easily distorted by people, and there is the legal effect equal with papery evidence.It is with spreadsheet format (text that electronic data, which is saved from damage, Word, figure, letter, numeral, three-dimensional symbol, color combination and sound and above-mentioned factor combination etc.) existing for all kinds of electron numbers It is believed that breath, carries out computing, encryption fixation, states clearly and save generation standard time, operation values, Docket No. etc. from damage, prevent from being distorted by people, Ensure the program and method of electronic data primitiveness and objectivity.Saved from damage by data and the anti-of electronic data content is effectively ensured usurps Change, ensure convenience and security that data are saved from damage.But electronic data, when progress data are saved from damage, each operation flow may Save a point (save from damage and a little refer to that is deposited a card species) from damage comprising more than one, this requires, when progress data are saved from damage, to ensure to protect Total evidence respectively save from damage a little save order from damage, confusion does not occur for the logic for saving data from damage so that saves data from damage according to making a reservation for Rule of saving from damage saved from damage, while should also avoid producing during saving from damage it is invalid save data from damage, influence data and save effect from damage. The operation flow that the data of different service types are saved from damage is different, how to ensure that data are saved from damage and is carried out according to operation flow order Save from damage, saving the validity of data from damage turns into electronic data urgent problem to be solved when carrying out data and saving from damage.
The content of the invention
In view of technological deficiency present in prior art and technology drawback, the embodiment of the present invention provide overcome above mentioned problem or A kind of data security method and system that person solves the above problems at least in part.
As the one side of the embodiment of the present invention, it is related to a kind of data security method, applied to data security system Preposition access system, including:
The logging request of client traffic system is received, the identity information of the client traffic system is verified;
After being verified, asked according to the operation flow template received, organize Business Stream corresponding with the request Journey template returns to the client traffic system;
The client traffic system is received according to correspond to that business scenario defines in the operation flow template respectively to be saved from damage a little Data and upload.
In one embodiment, in described data security method, the client traffic system is received according to the business The data respectively saved from damage a little that business scenario defines and upload are corresponded in flow template, is specifically included:
Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include described in save from damage a little corresponding to chain Code and flow instance coding;
Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain code;
When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
In one embodiment, described data security method also includes:Checking user identity information by rear, it is raw The client traffic system of request login is returned into authorization token token corresponding with the identity information of client traffic system;
When receiving the heartbeat request or service request of client traffic system, have to the token included in request The checking of effect property;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one It is or multinomial:
The request of point data is saved in the request of operation flow template, upload, which from damage, the request of result is saved in inquiry from damage, publishes system asks Ask.
In one embodiment, described data security method also includes:Before obtaining operation flow template, to operation flow The version number of template is verified, it is determined whether is newest operation flow template, if it is not, obtaining newest operation flow mould Plate.
In one embodiment, described data security method also includes:After data are saved in reception from damage, save number from damage by described According to caching to default message queue MQ.
As the other side of the embodiment of the present invention, it is related to a kind of preposition access system, including:Access server is with after Platform processing server, the access server connect at least one client traffic system server;Wherein:
The access server, for logging request, the industry for sending each client traffic system server received Business template asks summed data to save request from damage and is forwarded to the background process server, and by background process server to it is each ask into The result that row processing obtains is back to corresponding client traffic system server;
The background process server, for the user identity according to the logging request to client traffic system server Information is verified, after being verified, is asked according to the operation flow template, operation flow template corresponding to acquisition;And The client traffic system is received according to corresponding to data respectively saved from damage a little that business scenario defines in the operation flow template simultaneously Upload.
In one embodiment, the background process server of described preposition access system, it is additionally operable to obtain data Save from damage save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance volume Code, enter to join information described in checking by rear, point data is saved in reception from damage, save from damage described in checking a little whether be flow chain last Save from damage a little, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server is additionally operable to next chain code saved from damage a little of return returning to client's industry Business system server.
In one embodiment, the background server of described preposition access system is additionally operable to by generation and client Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to request In the token that includes carry out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:Operation flow template request, upload save from damage point data request, Inquiry saves the request of result from damage, publishes system request.
In one embodiment, the access server of described preposition access system, it is additionally operable to obtaining Business Stream Before journey template, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining Take newest operation flow template.
In one embodiment, the access server of described preposition access system, is additionally operable to save number from damage in reception According to afterwards, the data of saving from damage received are sent to default message queue MQ and cached;Accordingly,
The background process server, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
The embodiment of the present invention at least realizes following technique effect:
Data security method provided in an embodiment of the present invention, after the identity information checking to client traffic system, connect The request of operation flow template is received, obtains operation flow template, according to each guarantor for business scenario is corresponded in operation flow template defining Full dot sequency carries out data and saved from damage so that what data were saved from damage respectively save point data from damage is uploaded according to the order respectively saved from damage a little, guarantor Card saves the logic that the validity of data and data are saved from damage from damage and confusion does not occur.
Data security method provided in an embodiment of the present invention, obtained for the different business scene of different client traffic systems Operation flow template corresponding to taking, the operation flow of each client traffic system is different, and same client traffic system It is also possible to that multiple operation flows can be related to, by verifying client traffic system identity information, identification client traffic system hair What is risen is which specific operation flow, corresponding to obtain operation flow template, the operation flow mould that only client traffic system obtains Respectively saving from damage for the business scenario for the operation flow template that plate gauge then provides with preposition access system is corresponding, and data save business from damage It can be smoothed out, prevent that receiving malice personation saves data from damage.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Described structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is data security method schematic flow sheet provided in an embodiment of the present invention;
Fig. 2 is that data save operation flow schematic diagram from damage in data security method provided in an embodiment of the present invention;
Fig. 3 is the timing diagram of data security method provided in an embodiment of the present invention;
Fig. 4 is the structural representation of preposition access system provided in an embodiment of the present invention.
Embodiment
The exemplary embodiment of the present invention is more fully described below with reference to accompanying drawings.Although the present invention is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the present invention without should be by embodiments set forth here Limited.Conversely, there is provided these embodiments are to be able to be best understood from the present invention, and can be by the scope of the present invention Completely it is communicated to those skilled in the art.
Separately below to a kind of data security method provided in an embodiment of the present invention and the various embodiments of system It is described in detail.
Embodiment one:
Shown in reference picture 1, a kind of data security method of the offer of the embodiment of the present invention one, applied to data security system Preposition access system, including:
S101:The logging request of client traffic system is received, the identity information of the client traffic system is verified;
S102:After being verified, asked according to the operation flow template received, organize industry corresponding with the request Business flow template returns to the client traffic system;
S103:Receive each guarantor that the client traffic system defines according to business scenario is corresponded in the operation flow template The data put entirely and upload.
Data security method provided in an embodiment of the present invention, after the identity information checking to client traffic system, connect The request of operation flow template is received, obtains operation flow template, according to each guarantor for business scenario is corresponded in operation flow template defining Full dot sequency carries out data and saved from damage so that what data were saved from damage respectively save point data from damage is uploaded according to the order respectively saved from damage a little, guarantor Card saves the logic that the validity of data and data are saved from damage from damage and confusion does not occur.
Data security method provided in an embodiment of the present invention, obtained for the different business scene of different client traffic systems Operation flow template corresponding to taking, the operation flow of each client traffic system is different, and same client traffic system It is also possible to that multiple operation flows can be related to, by verifying client traffic system identity information, identification client traffic system hair What is risen is which specific operation flow, corresponding to obtain operation flow template, the operation flow mould that only client traffic system obtains Respectively saving from damage for the business scenario for the operation flow template that plate gauge then provides with preposition access system is corresponding, and data save business from damage It can be smoothed out, prevent that receiving malice personation saves data from damage.
Shown in reference picture 2, in one embodiment, in the data security method of the embodiment of the present invention described in step S103 The client traffic system is received according to corresponding to data respectively saved from damage a little that business scenario defines in the operation flow template simultaneously Upload, specifically include:
S1031:Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include described in save from damage a little pair Chain code and the flow instance coding answered;
S1032:Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
S1033:When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain Code;
S1034:When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
Data security method provided in an embodiment of the present invention, when the data for carrying out saving from damage a little every time are saved from damage, it is required for testing Demonstrate,prove it and enter to join chain code and flow instance coding that information includes, only according to operation flow template, can just be received by checking Save data from damage, and the next chain code saved from damage a little and flow instance brought back to life encode, ensure that data save from damage save from damage a little according to Predetermined order is saved from damage, is avoided factor data from saving repetition from damage and submit and is caused logical miss and invalid save from damage.
Data security method provided in an embodiment of the present invention, by being verified to the chain code for entering to join information saved from damage a little, When receiving when saving data from damage maliciously to palm off data, chain code can not be palmed off data and will not be received by checking, malice, guarantor The validity and security that card data are saved from damage.
In one embodiment, described data security method, it is described save from damage a little for first save from damage when, it enters to join information In chain code and flow instance be encoded to default character string;It is described save from damage a little for it is non-it is first save from damage when, it enters to join in information Chain code and flow instance be encoded to according to preset rules generate random number.
Data security method provided in an embodiment of the present invention, traffic flow template is obtained, it is first when carrying out saving data receiver from damage When the individual chain code saved from damage a little calls for the first time, it is default character string to enter the chain code joined in information, specifically, can be, it is described Default character string be empty string " ", or other character strings for fixing are not limited in the embodiment of the present invention;It is first to save from damage When the chain code of point calls for the first time, entering the flow instance joined in information is encoded to default character string, specifically, can be institute The default character string stated is empty string " ", or the character string of other fixations, is not limited in the embodiment of the present invention.
In one embodiment, described data security method also includes:
According to the operation flow template, determine whether that last saves data a little from damage;
If so, after receiving last and saving point data from damage, terminate upload and save data from damage.
In one embodiment, described data security method, when a quantity of saving from damage for operation flow template only has one When, when data are saved in reception from damage, verify that the chain code in ginseng information and flow instance are encoded to default character string, that is, receive and protect That puts entirely saves data from damage, terminates upload data and saves from damage.
In one embodiment, described data security method, in addition to:
Receive save from damage a little include that chain code and flow instance encode enter to join information, when checking, this enters to join information wrong When, terminate data and save from damage.
As an embodiment of the embodiment of the present invention, when verifying chain code mistake in ginseng information, return wrong Response message by mistake, remind client traffic system server terminal to terminate upload and save data from damage.
In a specific embodiment, Ke Yishi, uploaded according to operation flow template and save data from damage, first the entering a little saved from damage Chain code and flow instance coding in ginseng information are empty string " ", and data protection servicer verifies the first chain code and stream saved from damage a little Journey example code is empty string " ", receives the first data of saving from damage saved from damage a little, and generate second according to preset rules and save from damage a little The random number of chain code and flow instance coding, for example, it may be, second chain code saved from damage a little of generation is abc1, generation Second flow instance saved from damage a little is encoded to ABC1.Data protection servicer returns to the chain code abc1 and flow reality of generation Example coding ABC1, as second save from damage a little enter to join information, and ABC1 is encoded to the chain code abc1 and flow instance of generation and entered Row caching process.
When upload second save from damage a little when saving data from damage, data protection servicer according to second save from damage a little enter join letter The same caching for including flow instance coding ABC1 of flow instance coding ABC1 searching datas protection servicer caching in breath Information, and the chain code abc1 in cache information is compared with entering the chain code joined in information, such as second save from damage a little enter to join Chain code in information is also abc1, then second Information Authentication that enters to join saved from damage a little passes through data protection servicer reception second It is individual save from damage a little save data from damage;If now second chain code joined in information that enters saved from damage a little is not abc1, second is protected That puts entirely enters to join Information Authentication not by the way that data protection servicer does not receive second data of saving from damage saved from damage a little, and terminates number According to saving from damage.Further, it is also possible that data protection servicer returns to false response messages, client traffic system service is reminded Terminate upload and save data from damage in device end.
Save completion from damage in the data that second is saved from damage a little, data protection servicer, judge whether it is that last is saved from damage Point, if it is not a little that last is saved from damage a little that second, which is saved from damage, data protection servicer can generate and return to next save from damage a little Chain code and flow instance coding as it is next save from damage a little enter to join information, enter to join according to operation flow template, described in checking and believe Breath, and receive after being verified this save from damage a little save data from damage, up to data protection servicer judges to save from damage a little as last It is individual when saving from damage, receive last and save data of saving from damage a little from damage, terminate data and save flow from damage.
When operation flow template is only saved from damage including one, data protection servicer, checking is first save from damage a little enter to join Chain code and flow instance coding in information are default character string, and e.g. empty string " ", reception saves data from damage, that is, terminate this Secondary data save flow from damage.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Checking user identity information by rear, generate authorization token corresponding with the identity information of client traffic system Token returns to the client traffic system that request logs in;
When receiving the heartbeat request or service request of client traffic system, have to the token included in request The checking of effect property;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one It is or multinomial:
The request of point data is saved in the request of operation flow template, upload, which from damage, the request of result is saved in inquiry from damage, publishes system asks Ask.
In a specific embodiment, data security method provided in an embodiment of the present invention, data security system in advance will Client traffic system is configured to SDK including user name, the user identity account information of encrypted message In (Software Development Kit, SDK), this SDK is configured to client traffic system server, data security system The logging request of client traffic system server transmission is received, according to the user name of SDK carryings, encrypted message, confirms the visitor Family service system is the validated user of preposition access system accreditation, the client traffic system server that only certification passes through, is counted Just data can be provided according to safety system for it and save business from damage, the client traffic system for pretending to be our validated user, served Effective shielding action.For the client traffic system by certification, preposition access system can be to provide an authorization token Token, the token are an interim authorization token, have the term of validity of certain time, token only before the deadline Just the term of validity, token failures can be exceeded by the checking of preposition access system, preposition access system just will be considered that this client Operation system has no longer maintained token validity, and client traffic system server abandons to be carried out subsequently using this token The authority of operation.
As a specific implementation of the embodiment of the present invention, described token form and specific manifestation form can To be unique string that numeral generates with monogram at random.Such as:f0d2a5558dee4aa9a6dee31213539fc9.
In a specific embodiment, data security method provided in an embodiment of the present invention, preposition access system pass through the heart Functional verification token validity is jumped, and for extending the token term of validity, can be specifically:
The heartbeat request that client traffic system is sent includes the first heartbeat request and the second heartbeat request, the first heartbeat request For verifying token validity, the second heartbeat request is used to verify token validity and extends the token terms of validity, extends visitor Family operation system and preposition access system session effective time.
In the embodiment of the present invention, first heartbeat request, for verifying whether token is effective, when checking token is effective When, preposition access system server can just receive the service request of client traffic system server, when verifying that token is invalid, Preposition access system will refuse the service request of client traffic system;
Second heartbeat request, for verifying whether token is effective and extends the token terms of validity when verifying effective, After verifying that token is effective, extend this token term of validity.There is provided to ensure that token can be continuously this client traffic system Service, client traffic system can constantly ask to extend this token term of validity, by extending the token terms of validity, client traffic System can carry out follow-up every service request using this token always, so avoid and frequently log on, frequent certification it is tired It is angry.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Before obtaining operation flow template, the version number of operation flow template is verified, it is determined whether be newest industry Business flow template, if it is not, obtaining newest operation flow template.
Specifically, Ke Yishi, in client traffic system server logging request certification by logging in preposition access system After succeeding and asking heartbeat and the success of heartbeat first, it need to first call and obtain operation flow template, to verify operation flow mould Whether plate has updated, if operation flow template has updated, obtains newest flow template, and client traffic system is according to selected The dot sequency of respectively saving from damage that business scenario defines is corresponded in flow template asks upload to save data from damage successively.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
After data are saved in reception from damage, by it is described save from damage data buffer storage to default message queue (Message Queue, MQ)。
The data security method of the embodiment of the present invention, because preposition access system accesses multiple client traffic system services Device, when multiple client traffic system servers carry out service request simultaneously, the background server of preposition access system can not be real When processing and real-time response client traffic system server initiate service request, in order to alleviate the impact to background server, Temporal cache is carried out to service request data by message queue MQ, background service according to respective disposal ability without any confusion Pending data are obtained from message queue MQ to be handled, can so improve preposition access system background service it is strong Strong property and stability.During data are saved from damage, preposition access system checking token validity and the legitimacy of data, verification After errorless, message call queue MQ, it would be desirable to the data buffer storage saved from damage, deposit card service for preposition access system and deposit data Storage to database is solidified.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Receive inquiry and save result request from damage, the situation of saving from damage that data are saved from damage is inquired about, and looking into of saving from damage of returned data Ask result.
The data security method of the embodiment of the present invention, when result is saved in inquiry from damage, also need to carry out the industry for verifying that data are saved from damage Be engaged in flow legitimacy, and by operation flow the result return client traffic system server the step of.
Data security method provided in an embodiment of the present invention, when saving information from damage because of upload, preposition access system deposits data Storage is in message queue MQ, then is uploaded to the background server of preposition access system, so client traffic system needs to pass through Result is saved in inquiry from damage, is carried out timely synchrodata and is saved state from damage.
In one embodiment, data security method provided in an embodiment of the present invention can also carry out following steps:
Request is published in reception, and token is authenticated and is set to failure, and data are saved in end from damage.
It is mainly two kinds of fields that client traffic system, which is initiated to publish request, in data security method provided in an embodiment of the present invention Scape:
The first scene:Some client traffic systems are after having operated it and having needed to save data from damage, when having very long one section Between do not recall preposition access system, due to token acquiescence the term of validity be present, received last from client traffic system It is individual save from damage a little save data from damage, to the term of validity failure also for some time, in order to ensure that this period, token will not maliciously be made With token can be set to failure by client traffic system with active request, ensure to withdraw authority in time;
Second of scene is saved from damage as third party's malice initiation data occur, preposition access system or client traffic system discovery Token is used by third party's malice, in order to prevent stolen token operating right in time, can pass through client traffic system Publish request actively timely withdraw authority.
Shown in reference picture 3, in a specific embodiment, the overall industry of data security system provided in an embodiment of the present invention Business flow includes:
Login step:
Client traffic system server is initiated request and logged in, and access server receives request, and is sent to background server Certification is asked, background server generation token, and returns to token authentication results, access server is to client traffic system service Device returns to login result, and token is sent into client traffic system server.
Data security method provided in an embodiment of the present invention, client traffic system can not carry out any behaviour in the state of being not logged in Make, only by authentication and can successfully take token, data could be carried out and save service request from damage.
Obtain operation flow template step:
Client traffic system carries token, and to access server acquisition request operation flow template, background server is carried out Token legitimacy certifications, certification by and return to token authentication results, access server acquisition request operation flow template, after Platform server returns to operation flow template according to the identity information of client traffic system.
Data security method provided in an embodiment of the present invention, client traffic system carry the token requests that login returns and obtained Operation flow template is taken, has only passed through the token of authentication, client traffic system could successfully be initiated to obtain operation flow Template is asked and takes the operation flow template of return.
Data step is saved in request upload from damage:
Client traffic system carries token, saves data from damage to access server request upload, background server is carried out Token legitimacy certifications, certification by and return to token authentication results, then background server saves request from damage to this data Verify whether operation flow is legal, return to operation flow the result, when operation flow is legal, data are saved in reception from damage, and are returned Data result is saved in reception from damage, and access server returns to client traffic system server saves result from damage.
Data security method provided in an embodiment of the present invention, client traffic system are carried in the token requests for logging in and returning Biography saves data from damage, has only passed through the token and operation flow legitimate verification of authentication, and client traffic system could succeed Initiate to upload save data from damage and take return save state from damage.
Result step is saved in inquiry from damage:
Client traffic system carries token, saves result from damage to access server requesting query, background server is carried out Token legitimacy certifications, certification by and return to token authentication results, then background server saves result from damage to this inquiry Requests verification operation flow it is whether legal, return operation flow the result, when operation flow is legal, inquiry save data from damage, And return and save result from damage, access server returns to client traffic system server saves result from damage.
Client traffic system carries the token requesting queries that login returns and saves result from damage, has only passed through authentication Token and operation flow legitimate verification is by the way that client traffic system could successfully initiate inquiry and save result from damage and take return Query Result.
Ask heartbeat step:
Being performed during data are saved from damage includes the request of operation flow template, uploads the request for saving point data from damage, inquiry guarantor The request of full result, when publishing the service request including system request, client traffic system carries out asking the heart according to pre-defined rule Jump for verifying whether token is effective, and access server receives heartbeat request, token legitimacies are recognized by background server Card, token authentication results are returned to, or, client traffic system carries out being used for whether verifying token according to pre-defined rule request heartbeat Effectively and ask to extend the token terms of validity, access server receives heartbeat request, by background server to token legitimacies Certification, the token terms of validity can be extended when being verified, return to token authentication results, access server is to client's industry Business system server returns to heartbeat result.
Data security method provided in an embodiment of the present invention, client traffic system carry the token request hearts for logging in and returning Jump, can heartbeat successfully need to see whether token legal effectively.The certification of Token legitimacies is by the way that heartbeat request is successful, data Safety system just may proceed to the service request to be performed.
Publish step:
Client traffic system is initiated request to access server and published, and background server is to token legitimacy certifications, certification Token is set to failure after, is returned to access server and is set to fail result, access server returns to client traffic system Return and publish result.
Data security method provided in an embodiment of the present invention, client traffic system carry the token requests that login returns and moved back Go out, can exit successfully needs to see whether token is legal effectively, and in the embodiment of the present invention, client traffic system completes data After saving from damage, or third party's malice occurs and initiates data when saving from damage, request can be published actively timely by client traffic system The system-wide authority of client traffic system access packet is withdrawn, ensures that token is not used maliciously.
The embodiment of the present invention also provides a kind of preposition access system, including:Access server 2 and background process server 1, The access server 2 connects at least one client traffic system server;Wherein:
The access server 2, for logging request, the industry for sending each client traffic system server received Business template asks summed data to save request from damage and is forwarded to the background process server, and by background process server to it is each ask into The result that row processing obtains is back to corresponding client traffic system server;
The background process server 1, for user's body according to the logging request to client traffic system server Part information is verified, after being verified, is asked according to the operation flow template, operation flow template corresponding to acquisition;With And receive the data respectively saved from damage a little that the client traffic system defines according to business scenario is corresponded in the operation flow template And upload.
In one embodiment, the background process server 1 of the preposition access system, it is additionally operable to obtain data guarantor Save from damage in full request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance encode, Enter to join information described in checking by rear, point data is saved in reception from damage, and whether save from damage described in checking is a little that last of flow chain is protected Quan Dian, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server 2 is additionally operable to next chain code saved from damage a little of return returning to the client Business system server.
In one embodiment, the background server 1 of the preposition access system is additionally operable to by generation and client Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to request In the token that includes carry out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:Operation flow template request, upload save from damage point data request, Inquiry saves the request of result from damage, publishes system request.
In one embodiment, the access server 2 of the preposition access system, it is additionally operable to obtaining operation flow Before template, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining Newest operation flow template.
In one embodiment, the access server 2 of the preposition access system, is additionally operable to save data from damage in reception Afterwards, the data of saving from damage received are sent to default message queue MQ and cached;Accordingly,
The background process server 1, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more The shape for the computer program product that usable storage medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.) Formula.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (10)

1. a kind of data security method, the preposition access system applied to data security system, it is characterised in that including:
The logging request of client traffic system is received, the identity information of the client traffic system is verified;
After being verified, asked according to the operation flow template received, organize operation flow mould corresponding with the request Plate returns to the client traffic system;
Receive the number respectively saved from damage a little that the client traffic system defines according to business scenario is corresponded in the operation flow template According to and upload.
2. the method as described in claim 1, it is characterised in that receive the client traffic system according to the operation flow mould The data respectively saved from damage a little that business scenario defines and upload are corresponded in plate, is specifically included:
Obtain data save from damage save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code with Flow instance encodes;
Enter described in checking and join information, and save data a little from damage described in receiving after being verified;
When it is described save from damage a little it is non-last save from damage when, return generation it is next save from damage a little corresponding to chain code;
When it is described save from damage a little save from damage for last when, terminate upload and save data from damage.
3. method as claimed in claim 1 or 2, it is characterised in that also include:Checking user identity information by rear, Generation authorization token token corresponding with the identity information of client traffic system returns to the client traffic system that request logs in;
When receiving the heartbeat request or service request of client traffic system, validity is carried out to the token included in request Checking;When being verified, the request is handled;Otherwise, the request is refused;The service request includes following one or more :
The request of operation flow template, upload and save the request of point data from damage, inquire about and save the request of result from damage, publish system request.
4. the method as described in claim 1, it is characterised in that also include:Before obtaining operation flow template, to operation flow mould The version number of plate is verified, it is determined whether is newest operation flow template, if it is not, obtaining newest operation flow template.
5. the method as described in claim 1, it is characterised in that also include:After data are saved in reception from damage, save data from damage by described Cache to default message queue MQ.
A kind of 6. preposition access system, it is characterised in that including:Access server and background process server, the access clothes Business device connects at least one client traffic system server;Wherein:
The access server, for each client traffic system server received is sent logging request, business mould Plate asks summed data to save request from damage and is forwarded to the background process server, and by background process server to each request at Manage obtained result and be back to corresponding client traffic system server;
The background process server, for the subscriber identity information according to the logging request to client traffic system server Verified, after being verified, asked according to the operation flow template, operation flow template corresponding to acquisition;And receive The client traffic system is according to corresponding to the data respectively saved from damage a little and the upload that business scenario defines in the operation flow template.
7. system as claimed in claim 6, it is characterised in that the background process server, be additionally operable to acquisition data and save from damage Save from damage in request a little enter to join information, it is described enter join information include it is described save from damage a little corresponding to chain code and flow instance encode, test Enter to join information described in card by rear, point data is saved in reception from damage, and whether save from damage described in checking is a little that last of flow chain is saved from damage Point, save from damage if so, terminating data, if it is not, the next chain code saved from damage a little of generation, and return to the access server;
Accordingly, the access server is additionally operable to next chain code saved from damage a little of return returning to the client traffic system System server.
8. system as claimed in claims 6 or 7, it is characterised in that the background server is additionally operable to by generation and client Authorization token token corresponding to the identity information of operation system returns to client's industry of request login by the access server Business system;And
When receiving the heartbeat request or service request of client traffic system of the access server forwarding, to being wrapped in request The token contained carries out validation verification;When being verified, the request is handled;Otherwise, the request is refused;
The service request includes following one or more:The request of operation flow template, upload the request for saving point data from damage, inquiry Save the request of result from damage, publish system request.
9. system as claimed in claim 8, it is characterised in that the access server, be additionally operable to obtaining operation flow mould Before plate, the version number of operation flow template is verified, it is determined whether be newest operation flow template, if it is not, obtaining most New operation flow template.
10. system as claimed in claim 6, it is characterised in that
The access server, is additionally operable to after data are saved in reception from damage, and the data of saving from damage received are sent to default and disappeared Breath queue MQ is cached;Accordingly,
The background process server, the data of saving from damage for being additionally operable to read caching from the MQ are uploaded.
CN201710986402.7A 2017-10-20 2017-10-20 A kind of data security method and system Pending CN107733897A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710986402.7A CN107733897A (en) 2017-10-20 2017-10-20 A kind of data security method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710986402.7A CN107733897A (en) 2017-10-20 2017-10-20 A kind of data security method and system

Publications (1)

Publication Number Publication Date
CN107733897A true CN107733897A (en) 2018-02-23

Family

ID=61213170

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710986402.7A Pending CN107733897A (en) 2017-10-20 2017-10-20 A kind of data security method and system

Country Status (1)

Country Link
CN (1) CN107733897A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101882255A (en) * 2009-05-07 2010-11-10 中兴通讯股份有限公司 Workflow device, system and configuration method based on service-oriented architecture
US20140258983A1 (en) * 2013-03-08 2014-09-11 Oracle International Corporation Model for configuration independent process templates and business catalog
US9128791B1 (en) * 2011-03-21 2015-09-08 Board Of Regents Of The University Of Texas System Generation of distinct pseudorandom number streams based on program context
CN105007275A (en) * 2015-07-29 2015-10-28 浪潮(北京)电子信息产业有限公司 Single-way safety isolation data transmission method and system
CN105898438A (en) * 2016-04-07 2016-08-24 广州华多网络科技有限公司 Live broadcasting room dynamic configuration method, device, system and server
CN106991339A (en) * 2017-05-05 2017-07-28 国信嘉宁数据技术有限公司 A kind of financial transaction data security method, server, client and system
CN107124281A (en) * 2017-05-05 2017-09-01 国信嘉宁数据技术有限公司 A kind of data security method and related system
CN107146153A (en) * 2017-05-05 2017-09-08 国信嘉宁数据技术有限公司 Data security method, server and the system of automatic reimbursement business

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207482A (en) * 2007-12-13 2008-06-25 深圳市戴文科技有限公司 System and method for implementation of single login
CN101882255A (en) * 2009-05-07 2010-11-10 中兴通讯股份有限公司 Workflow device, system and configuration method based on service-oriented architecture
US9128791B1 (en) * 2011-03-21 2015-09-08 Board Of Regents Of The University Of Texas System Generation of distinct pseudorandom number streams based on program context
US20140258983A1 (en) * 2013-03-08 2014-09-11 Oracle International Corporation Model for configuration independent process templates and business catalog
CN105007275A (en) * 2015-07-29 2015-10-28 浪潮(北京)电子信息产业有限公司 Single-way safety isolation data transmission method and system
CN105898438A (en) * 2016-04-07 2016-08-24 广州华多网络科技有限公司 Live broadcasting room dynamic configuration method, device, system and server
CN106991339A (en) * 2017-05-05 2017-07-28 国信嘉宁数据技术有限公司 A kind of financial transaction data security method, server, client and system
CN107124281A (en) * 2017-05-05 2017-09-01 国信嘉宁数据技术有限公司 A kind of data security method and related system
CN107146153A (en) * 2017-05-05 2017-09-08 国信嘉宁数据技术有限公司 Data security method, server and the system of automatic reimbursement business

Similar Documents

Publication Publication Date Title
CN110602052B (en) Micro-service processing method and server
US9774606B2 (en) Cross platform social networking authentication system
CN107645512A (en) The method, apparatus and server of a kind of authentication
CN103220344B (en) Microblogging licenses method and system
CN105306473B (en) A kind of method for preventing injection attacks, client, server and system
CN107679045A (en) Copyright authorization management method and system
US10778603B2 (en) Systems and methods for controlling access to broker resources
CN112632629B (en) Voting management method, device, medium and electronic equipment based on block chain
CN106713271A (en) Web system log in constraint method based on single sign-on
JP2016521932A (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
CN110311891B (en) Account management method and device, computer equipment and storage medium
JP2014534515A5 (en)
CN106060097B (en) A kind of management system and management method of information security contest
CN103428161A (en) Phone authentication service system
CN107135076A (en) A kind of participatory of without TTP perceives incentive mechanism implementation method
EP3926926B1 (en) Method and system for delivering restricted-access resources using a content delivery network
CN103957189A (en) Application program interaction method and device
CN109286498A (en) Nuclear power station DCS leads to credit network method of calibration and device, electronic device
CN107659574A (en) A kind of data access control system
JP5268785B2 (en) Login restriction method for Web server system
CN107181747A (en) A kind of Handle resolution systems comprising top mode
CN116647345A (en) Method and device for generating permission token, storage medium and computer equipment
CN107733897A (en) A kind of data security method and system
CN107566410A (en) A kind of data save message request treating method and apparatus from damage
JP2024077638A (en) Information processing device, information processing system, program, and information processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20210427