CN109347869A - Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety - Google Patents

Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety Download PDF

Info

Publication number
CN109347869A
CN109347869A CN201811438712.6A CN201811438712A CN109347869A CN 109347869 A CN109347869 A CN 109347869A CN 201811438712 A CN201811438712 A CN 201811438712A CN 109347869 A CN109347869 A CN 109347869A
Authority
CN
China
Prior art keywords
communication
cluster
factor
safety
inter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811438712.6A
Other languages
Chinese (zh)
Other versions
CN109347869B (en
Inventor
刘明浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JD Digital Technology Holdings Co Ltd
Jingdong Technology Holding Co Ltd
Original Assignee
Beijing Jingdong Financial Technology Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Financial Technology Holding Co Ltd filed Critical Beijing Jingdong Financial Technology Holding Co Ltd
Priority to CN201811438712.6A priority Critical patent/CN109347869B/en
Publication of CN109347869A publication Critical patent/CN109347869A/en
Application granted granted Critical
Publication of CN109347869B publication Critical patent/CN109347869B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

The embodiment of the invention provides generation method, device, medium and the electronic equipments of a kind of inter-cluster communication factor of safety, comprising: based on timestamp acquired in current cluster and the preset time window of current cluster, determines factor of safety process scalar;The preset random string merging of factor of safety process scalar sum is converted into hexadecimal character string, and character string is determined as the communication security factor;In response to communication instruction, by the identification information of current cluster and the secure communication factor to object set pocket transmission.The technical solution of the embodiment of the present invention passes through connector between cluster, realizes the basis communicated between more clustered nodes.Before cluster communication, clustered node generates certainty factor by algorithm, carries out handshake authentication using this dynamic certainty factor, once it authenticates successfully, inter-cluster communication link establishment, the malicious requests initiated so as to effective protection malicious attacker.

Description

Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety
Technical field
The present invention relates to field of computer technology, in particular to a kind of generation side of inter-cluster communication factor of safety Method, device, medium and electronic equipment.
Background technique
Cloud computing is one kind of distributed computing technology, and cloud computing is that huge, complicated program is passed through internet point Issue the calculation processing program being distributed in all over the world, in this process can processing routine it is split into automatically it is numerous compared with Small subprogram, then huge system composed by distributed server is transferred to, processing result is returned into use after calculating by it Family, by this technology, Internet Service Provider can handle within the several seconds and complete number even hundred million letters counted in terms of necessarily Breath.
Financial cloud system uses on a large scale in financial industry such as insurance, bank, the consumer finance, security, funds.Therefore, it protects The communication for demonstrate,proving the safety and stability between each distributed unit, distributed type assemblies seems more and more crucial.Financial cloud safety protection System should externally provide flexile policy mechanism, including Security application interface, middleware etc..
But current financial cloud guard system is to carry out safe guarantor by way of simple authentication and multi-computer back-up mostly Shield, low efficiency is at high cost, can not protect the communication security clustered node.
It should be noted that information is only used for reinforcing the reason to background of the invention disclosed in above-mentioned background technology part Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Summary of the invention
A kind of generation method for being designed to provide inter-cluster communication factor of safety of the embodiment of the present invention, device, medium And electronic equipment, and then guard system low efficiency in the related technology is overcome at least to a certain extent, and it is at high cost, it can not be to cluster Communication security between node does the one or more problems protected.
Other characteristics and advantages of the invention will be apparent from by the following detailed description, or partially by the present invention Practice and acquistion.
According to a first aspect of the embodiments of the present invention, a kind of generation method of inter-cluster communication factor of safety is provided, is wrapped It includes:
Based on timestamp acquired in current cluster and the preset time window of the current cluster, factor of safety is determined Process scalar;
The preset random string merging of the factor of safety process scalar sum is converted into hexadecimal character string, and The character string is determined as the communication security factor;
In response to communication instruction, the identification information of the current cluster and the secure communication factor are mass-sended to object set It send.
In one embodiment of the invention, the above method further include:
The current cluster is after acquisition time stamp in dynamic clock assembly, by the identification information of the current cluster in institute The position that acquisition time is stabbed in dynamic clock component is stated to be marked.
In one embodiment of the invention, above-mentioned pre- based on timestamp acquired in current cluster and the current cluster If time window, determine factor of safety process scalar, comprising:
Pass through formula:
Determine the factor of safety process scalar;Wherein, C indicates the factor of safety process scalar;T indicates current collection Timestamp acquired in group;△tIndicate the preset time window of the current cluster.
In one embodiment of the invention, it is above-mentioned the character string is determined as the communication security factor after, the side Method further include: the communication security factor determined is stored in factors memory.
In one embodiment of the invention, above-mentioned to close the preset random string of the factor of safety process scalar sum And be converted to hexadecimal character string, comprising:
Using the preset random string of factor of safety process scalar sum as the defeated of preset HMAC SHA256 algorithm Enter value, output length is the hexadecimal string of 20 bytes.
In one embodiment of the invention, above-mentioned to close the preset random string of the factor of safety process scalar sum And before being converted to hexadecimal character string, the method also includes:
By preset random seed as primary condition, 32 random strings are generated.
According to a second aspect of the embodiments of the present invention, a kind of verification method of inter-cluster communication factor of safety is provided, is wrapped It includes:
In response to requesting the communication request of communication cluster, the communication request is parsed, the request communication is obtained The communication security factor and identification information of cluster;
Determine process scalar based on the identification information, and inverse operation carried out to the process scalar, obtain it is to be tested with Machine character string;
The random string to be tested and the random string of the communication security factor are compared, comparison knot is obtained Fruit;
When comparing result is consistent, the cluster communicated is requested to establish communication link with described.
In one embodiment of the invention, the above-mentioned communication request in response to requesting communication cluster, asks the communication It asks and is parsed, obtain the communication security factor and identification information of the request communication cluster, comprising:
The communication request is indicated with vector;
After receiving the communication request, request communication cluster is extracted from the communication request indicated with vector The communication security factor and identification information.
It is in one embodiment of the invention, above-mentioned that process scalar is determined based on the identification information, comprising:
Mark position by the identification information in dynamic clock component identification information compares, and determines matched Mark position, and obtain the timestamp of the mark position;
Pass through formula:
Determine process scalar;Wherein, C' indicates the process scalar;T' indicates the timestamp of the mark position;△t Indicate preset time window.
In one embodiment of the invention, above-mentioned that inverse operation is carried out to the process scalar, obtain random character to be tested String, comprising:
The communication security factor of communication cluster is requested to be calculated as preset HMAC SHA256 using described in the process scalar sum The input value of method, the character string to be tested of output 32.
According to a third aspect of the embodiments of the present invention, a kind of generating means of inter-cluster communication factor of safety, comprising:
Determining module, for based on timestamp acquired in current cluster and the preset time window of the current cluster, Determine factor of safety process scalar;
Conversion module, for by the factor of safety process scalar sum preset random string merging be converted to 16 into The character string of system, and the character string is determined as the communication security factor;
Sending module, in response to communication instruction, by the identification information of the current cluster and the secure communication because Son is to object set pocket transmission.
According to a fourth aspect of the embodiments of the present invention, a kind of verifying device of inter-cluster communication factor of safety, comprising:
Parsing module parses the communication request for the communication request in response to requesting communication cluster, obtains The communication security factor and identification information of the request communication cluster;
Computing module for determining process scalar based on the identification information, and carries out inverse fortune to the process scalar It calculates, obtains random string to be tested;
Contrast module, for carrying out pair the random string of the random string to be tested and the communication security factor Than obtaining comparing result;
Communication link establishes module, for requesting the cluster communicated to establish communication with described when comparing result is consistent Link.
According to a fifth aspect of the embodiments of the present invention, a kind of computer-readable medium is provided, computer is stored thereon with Program, which is characterized in that the inter-cluster communication factor of safety of above-mentioned first aspect is realized when described program is executed by processor The verification method of the inter-cluster communication factor of safety of generation method or second aspect.
According to a sixth aspect of the embodiments of the present invention, a kind of electronic equipment is provided, comprising: one or more processors; Storage device, for storing one or more programs, when one or more programs are executed by one or more processors, so that One or more processors realize the generation method of the inter-cluster communication factor of safety of above-mentioned first aspect or the collection of second aspect The verification method of the communication security factor between group.
Technical solution provided in an embodiment of the present invention can include the following benefits:
The embodiment of the invention provides generation method, device, medium and the electronics of a kind of inter-cluster communication factor of safety to set It is standby, comprising: based on timestamp acquired in current cluster and the preset time window of the current cluster, to determine factor of safety Process scalar;The preset random string merging of the factor of safety process scalar sum is converted into hexadecimal character string, And the character string is determined as the communication security factor;In response to communication instruction, by the identification information of the current cluster and institute The secure communication factor is stated to object set pocket transmission.The technical solution of the embodiment of the present invention passes through connector between cluster, realizes more The basis communicated between clustered node.Before cluster communication, clustered node generates certainty factor by algorithm, utilizes this dynamic Certainty factor carry out handshake authentication, once authenticate successfully, inter-cluster communication link establishment, so as to effective protection maliciously attack The malicious requests that the person of hitting initiates.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not It can the limitation present invention.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows and meets implementation of the invention Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.In the accompanying drawings:
Fig. 1 diagrammatically illustrates the generation method stream of inter-cluster communication factor of safety according to an embodiment of the invention Cheng Tu;
Fig. 2 diagrammatically illustrates the verification method stream of inter-cluster communication factor of safety according to an embodiment of the invention Cheng Tu;
Fig. 3 diagrammatically illustrates the schematic diagram of safe communication system between cluster according to an embodiment of the invention;
Fig. 4 schematically illustrates the structural schematic diagram of factor generator according to an embodiment of the invention;
Fig. 5 schematically illustrates factor generator according to an embodiment of the invention and generates the secure communication factor Flow chart;
Fig. 6 diagrammatically illustrates the generating means of inter-cluster communication factor of safety according to an embodiment of the invention Block diagram;
Fig. 7 diagrammatically illustrates the verifying device of inter-cluster communication factor of safety according to an embodiment of the invention Block diagram;
Fig. 8 shows the structural schematic diagram for being suitable for the computer system for the electronic equipment for being used to realize the embodiment of the present invention.
Specific embodiment
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to provide and fully understand to the embodiment of the present invention.However, It will be appreciated by persons skilled in the art that technical solution of the present invention can be practiced without one or more in specific detail, Or it can be using other methods, constituent element, device, step etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in the drawings is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in the drawings is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to change according to the actual situation.
Fig. 1 diagrammatically illustrates the generation method stream of inter-cluster communication factor of safety according to an embodiment of the invention Cheng Tu.
Shown in referring to Fig.1, the generation method of inter-cluster communication factor of safety according to an embodiment of the invention, including Following steps:
Step S110 determines to pacify based on timestamp acquired in current cluster and the preset time window of current cluster Total divisor process scalar.
In one embodiment of the invention, current cluster will currently collect after acquisition time stamp in dynamic clock assembly The identification information of the group position that acquisition time is stabbed in dynamic clock component is marked, can be in cluster in the dynamic clock component The position of acquired timestamp records the identification information of the cluster.
In one embodiment of the invention, it is carried out between each data-base cluster when communication or fragment etc. operate to each The time difference of cluster requires, and needs to provide fiducial time using dynamic time component, such as: ntpdate etc., to realize to each The synchronization of a cluster.
In one embodiment of the invention, pass through formula:
Determine factor of safety process scalar;Wherein, C indicates factor of safety process scalar;T is indicated acquired in current cluster Timestamp;△tIndicate the preset time window of current cluster.
The preset random string merging of factor of safety process scalar sum is converted to hexadecimal character by step S120 String, and character string is determined as the communication security factor.
In one embodiment of the invention, the preset random string merging of factor of safety process scalar sum is converted to Before hexadecimal character string, by preset random seed as primary condition, 32 random strings are generated.
In one embodiment of the invention, the input preset random string of factor of safety process scalar sum being used as Value exports the hexadecimal string that length is 20 bytes by preset HMAC SHA256 algorithm.
In one embodiment of the invention, the communication security factor determined is stored in factors memory.
Step S130, in response to communication instruction, by the identification information of current cluster and the secure communication factor to target cluster It sends.
In one embodiment of the invention, after receiving communication instruction, the cluster is recalled from factors memory The communication security factor, to object set pocket transmission.
Fig. 2 diagrammatically illustrates the verification method stream of inter-cluster communication factor of safety according to an embodiment of the invention Cheng Tu.
Referring to shown in Fig. 2, the verification method of inter-cluster communication factor of safety according to an embodiment of the invention, including Following steps:
Step S210 parses communication request, acquisition request communication in response to requesting the communication request of communication cluster The communication security factor and identification information of cluster.
In one embodiment of the invention, communication request is indicated with vector;After receiving communication request, from The communication security factor and identification information of request communication cluster are extracted in the communication request that vector indicates.
In one embodiment of the invention, the communication that request communication cluster can be received by dedicated communication pipe is asked It asks.
In one embodiment of the invention, vector (ret, CID) mark can be used in communication request, wherein ret is indicated The communication security factor, CID indicate the identification information of request communication cluster.
Step S220 determines process scalar based on identification information, and carries out inverse operation to process scalar, obtain it is to be tested with Machine character string.
In one embodiment of the invention, by identification information dynamic clock component identification information mark position into Row comparison, determines matched mark position, and obtain the timestamp of mark position;
Pass through formula:
Determine process scalar;Wherein, C' indicates process scalar;The timestamp of T' expression mark position;△tIndicate default Time window.
In one embodiment of the invention, all labels of traversal in dynamic clock component, and compare therewith, After being matched to the label of above-mentioned request communication cluster, corresponding timestamp is obtained.
In one embodiment of the invention, using the communication security factor of process scalar sum request communication cluster as default HMAC SHA256 algorithm input value, 32 character strings to be tested of output.
In one embodiment of the invention, it is known that after process scalar sum requests the communication security factor of communication cluster, lead to The inverse operation for crossing HMAC SHA256 algorithm, determines random string.
Random string to be tested and the random string of the communication security factor are compared, are compared by step S230 As a result.
In one embodiment of the invention, random words will be determined above by the inverse operation of HMAC SHA256 algorithm Symbol string and the character string of request communication cluster compare, and obtain comparing result.
Step S240, when comparing result is consistent, the cluster communicated with request establishes communication link.
In one embodiment of the invention, when comparing result is inconsistent, then authentification failure, refusal are communicated from request The communication request of cluster.
In one embodiment of the invention, when random string is determined in the inverse operation by HMAC SHA256 algorithm When equal with the request character string of communication cluster, then it is proved to be successful, establishes communication link;As unequal, then authentication failed, refuses Communication request.
Fig. 3 diagrammatically illustrates the schematic diagram of safe communication system between cluster according to an embodiment of the invention.
Referring to shown in Fig. 3, safe communication system between cluster according to an embodiment of the invention, comprising:
Collect group connector 301, for the connection and communication between each clustered node.
In one embodiment of the invention, a cluster (cluster) refers to that machine runs required necessary resource Combination, include load balancing, the cloud resources such as node of Cloud Server.What collection group connector realized between clustered node reliable leads to Letter.Under normal circumstances, distributed communication system can be realized with HTTP, SOCKET or RPC, here by using RPC service. Each clustered node can dispose a set of collection group connector, and open RPC process, externally provide service.Due to collecting group connector It is the only way which must be passed that public network (VPC) arrives internal network, therefore connector is designed to the mode that multiple clusters are mutually redundant, that is, After the connector of one cluster stops working, which will be born by the connector of other clusters.
Factor generator 302, for generating the believable secure communication factor by dynamic algorithm.
In one embodiment of the invention, financial cloud physics computer room is deposited positioned at the region of different geography.Therefore each A physics computer room requires to dispose more nested factor maker modules, that is, once a set of modules is impaired, other modules can still be held Continuous, stable external offer service, to guarantee the normal operation of business.
Fig. 4 schematically illustrates the structural schematic diagram of factor generator according to an embodiment of the invention;
In one embodiment of the invention, as shown in figure 4, factor generator mainly includes three components, when (1) dynamic Clock 401;(2) factor arithmetic unit 402;(3) factors memory 403;Wherein, dynamic clock 401 provides stable Scheduler-Service, protects The timestamp for demonstrate,proving each computer room cluster is unique;Factor arithmetic unit 402 calculates certainty factor by dynamic generation algorithm;The factor Memory 403, a kind of nonvolatile memory.For saving the certainty factor of generation.
Fig. 5 schematically illustrates factor generator according to an embodiment of the invention and generates the secure communication factor Flow chart;
In one embodiment of the invention, as shown in figure 5, firstly, factor arithmetic unit initializes, when setting Between window △t(default value 1min) works as secondly, factor arithmetic unit is pulled by dedicated communication pipe from dynamic clock assembly Preceding timestamp, and when pulling timestamp each time, a label can be all played in dynamic clock component here labeled as T, Label substance is the cluster unique identifier, be labeled as CID, secondly, factor arithmetic unit by random seed generate a string 32 Value, be labeled as K, secondly, pass through time stamp T and time window △tProcess scalar is calculated, C is labeled as.Calculation formula is such as Under:
Secondly, factor arithmetic unit uses (C, K) to be used as input value, calculating length by HMAC SHA256 algorithm is 20 The hexadecimal string of a byte is labeled as ret.Ret value is exactly certainty factor;Finally, by certainty factor ret be saved in because In sub memory.
Distributed type assemblies 303, comprising: multiple clusters can communicate between cluster, realize the functions such as cloud computing.
In one embodiment of the invention, when cluster N is communicated with cluster M, progress message is had between the two and is recognized Card, message authentication process are as follows: certainty factor ret, label C ID are sent to cluster M by dedicated communication pipe by cluster N;This In, vector (ret, CID) expression can be used in certification message, is labeled as Ciphering Key h;When cluster M receives the authentication proof of cluster N After message, the CID parameter (in order to distinguish the CID in cluster N, here labeled as CID') in Ciphering Key h is taken out, then, collection Group M can be in all labels of traversal in dynamic clock component, and compare therewith, and as CID=CID', acquisition is corresponding to it When timestamp T'.To calculate process scalar C' by following formula,
And then K' is calculated by the inverse operation of algorithm.As random train K=K', cluster N and cluster M are authenticated successfully, are built Vertical communication connection, cluster M allow the communication request from cluster N;Otherwise, authentification failure, cluster M can then refuse to come from cluster N Communication.
Bottom component 304, comprising: the underlying physical hardwares resource such as server, network, storage, for mentioning for upper layer finance cloud For reliable infrastructure service.
The embodiment of the invention provides a kind of generation of inter-cluster communication factor of safety and verification methods, by connecting between cluster Device is connect, the basis communicated between more clustered nodes is realized.Before cluster communication, clustered node by algorithm generate it is credible because Son carries out handshake authentication using this dynamic certainty factor, once it authenticates successfully, inter-cluster communication link establishment, so as to The malicious requests initiated with effective protection malicious attacker.
The device of the invention embodiment introduced below can be used for executing the above-mentioned inter-cluster communication factor of safety of the present invention Generation and verification method.
Fig. 6 diagrammatically illustrates the generating means of inter-cluster communication factor of safety according to an embodiment of the invention Block diagram.
Referring to shown in Fig. 6, the generating means 600 of inter-cluster communication factor of safety according to an embodiment of the invention, Include:
Determining module 601, for based on timestamp acquired in current cluster and the preset time window of current cluster, really Make factor of safety process scalar;
Conversion module 602, for by the preset random string merging of factor of safety process scalar sum be converted to 16 into The character string of system, and character string is determined as the communication security factor;
Sending module 603, in response to communication instruction, by the identification information of current cluster and the secure communication factor to mesh Mark collection pocket transmission.
Due to the inter-cluster communication factor of safety of example embodiments of the present invention generating means each functional module with The step of example embodiment of the generation method of the inter-cluster communication factor of safety of above-mentioned first aspect, is corresponding, therefore for this hair Undisclosed details in bright Installation practice please refers to the life of the inter-cluster communication factor of safety of the above-mentioned first aspect of the present invention At method.
Fig. 7 diagrammatically illustrates the verifying device of inter-cluster communication factor of safety according to an embodiment of the invention Block diagram.
Referring to shown in Fig. 7, the verifying device 700 of inter-cluster communication factor of safety according to an embodiment of the invention, Include:
Parsing module 701 parses communication request for the communication request in response to requesting communication cluster, obtains Request the communication security factor and identification information of communication cluster;
Computing module 702 for determining process scalar based on identification information, and carries out inverse operation to process scalar, obtains Obtain random string to be tested;
Contrast module 703 is obtained for comparing random string to be tested and the random string of the communication security factor Obtain comparing result;
Communication link establishes module 704, for when comparing result is consistent, the cluster communicated with request to establish communication chain Road.
Due to example embodiments of the present invention inter-cluster communication factor of safety verifying device each functional module with The step of example embodiment of the verification method of the inter-cluster communication factor of safety of above-mentioned second aspect, is corresponding, therefore for this hair Undisclosed details in bright Installation practice please refers to testing for the inter-cluster communication factor of safety of the above-mentioned second aspect of the present invention Card method.
Below with reference to Fig. 8, it illustrates the computer systems 800 for the electronic equipment for being suitable for being used to realize the embodiment of the present invention Structural schematic diagram.The computer system 800 of electronic equipment shown in Fig. 8 is only an example, should not be to the embodiment of the present invention Function and use scope bring any restrictions.
As shown in figure 8, computer system 800 includes central processing unit (CPU) 801, it can be read-only according to being stored in Program in memory (ROM) 802 or be loaded into the program in random access storage device (RAM) 803 from storage section 808 and Execute various movements appropriate and processing.In RAM 803, it is also stored with various programs and data needed for system operatio.CPU 801, ROM 802 and RAM 803 is connected with each other by bus 804.Input/output (I/O) interface 805 is also connected to bus 804。
I/O interface 805 is connected to lower component: the importation 806 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 807 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 808 including hard disk etc.; And the communications portion 809 of the network interface card including LAN card, modem etc..Communications portion 809 via such as because The network of spy's net executes communication process.Driver 810 is also connected to I/O interface 805 as needed.Detachable media 811, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 810, in order to read from thereon Computer program be mounted into storage section 808 as needed.
Particularly, according to an embodiment of the invention, may be implemented as computer above with reference to the process of flow chart description Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium On computer program, which includes the program code for method shown in execution flow chart.In such reality It applies in example, which can be downloaded and installed from network by communications portion 809, and/or from detachable media 811 are mounted.When the computer program is executed by central processing unit (CPU) 801, executes and limited in the system of the application Above-mentioned function.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter Calculation machine readable storage medium storing program for executing either the two any combination.Computer readable storage medium for example can be --- but not Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or any above combination.Meter The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, just of one or more conducting wires Taking formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type may be programmed read-only storage Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device, Or above-mentioned any appropriate combination.In the present invention, computer readable storage medium can be it is any include or storage journey The tangible medium of sequence, the program can be commanded execution system, device or device use or in connection.And at this In invention, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, Wherein carry computer-readable program code.The data-signal of this propagation can take various forms, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By the use of instruction execution system, device or device or program in connection.Include on computer-readable medium Program code can transmit with any suitable medium, including but not limited to: wireless, electric wire, optical cable, RF etc. are above-mentioned Any appropriate combination.
Flow chart and block diagram in attached drawing are illustrated according to the system of various embodiments of the invention, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard The mode of part realizes that described unit also can be set in the processor.Wherein, the title of these units is in certain situation Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which be can be Included in electronic equipment described in above-described embodiment;It is also possible to individualism, and without in the supplying electronic equipment. Above-mentioned computer-readable medium carries one or more program, when the electronics is set by one for said one or multiple programs When standby execution, so that the electronic equipment realizes the generation method such as the inter-cluster communication factor of safety in above-described embodiment.
For example, above-mentioned electronic equipment may be implemented as shown in Figure 1: step S110, in response to acquired data Query argument, generation include the first instance class according to query argument;Step S120 parses first instance class, generates Query statement executes query statement and obtains query result;Query result is written second instance class, and exported by step S130.
It should be noted that although being referred to several modules or list for acting the equipment executed in the above detailed description Member, but this division is not enforceable.In fact, embodiment according to the present invention, it is above-described two or more Module or the feature and function of unit can embody in a module or unit.Conversely, an above-described mould The feature and function of block or unit can be to be embodied by multiple modules or unit with further division.
Through the above description of the embodiments, those skilled in the art is it can be readily appreciated that example described herein is implemented Mode can also be realized by software realization in such a way that software is in conjunction with necessary hardware.Therefore, according to the present invention The technical solution of embodiment can be embodied in the form of software products, which can store non-volatile at one Property storage medium (can be CD-ROM, USB flash disk, mobile hard disk etc.) in or network on, including some instructions are so that a calculating Equipment (can be personal computer, server, touch control terminal or network equipment etc.) executes embodiment according to the present invention Method.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (14)

1. a kind of generation method of inter-cluster communication factor of safety characterized by comprising
Based on timestamp acquired in current cluster and the preset time window of the current cluster, factor of safety process is determined Scalar;
The factor of safety process scalar sum preset random string merging is converted into hexadecimal character string, and by institute It states character string and is determined as the communication security factor;
In response to communication instruction, by the identification information of the current cluster and the secure communication factor to object set pocket transmission.
2. the generation method of the secure communication factor between cluster according to claim 1, which is characterized in that the method is also wrapped It includes:
The current cluster is after acquisition time stamp in dynamic clock assembly, by the identification information of the current cluster described dynamic The position that acquisition time is stabbed in state clock assembly is marked.
3. the generation method of the secure communication factor between cluster according to claim 1, which is characterized in that described based on current Timestamp acquired in cluster and the preset time window of the current cluster, determine factor of safety process scalar, comprising:
Pass through formula:
Determine the factor of safety process scalar;Wherein, C indicates the factor of safety process scalar;T indicates current cluster institute The timestamp of acquisition;△tIndicate the preset time window of the current cluster.
4. the generation method of the secure communication factor between cluster according to claim 1, which is characterized in that described by the word Symbol string is determined as after the communication security factor, the method also includes: by the communication security factor determined deposit factor storage In device.
5. the generation method of the secure communication factor between cluster according to claim 1, which is characterized in that described by the peace The preset random string merging of total divisor process scalar sum is converted to hexadecimal character string, comprising:
Using the preset random string of factor of safety process scalar sum as the input of preset HMAC SHA256 algorithm Value, output length are the hexadecimal string of 20 bytes.
6. the generation method of the secure communication factor between cluster according to claim 1, which is characterized in that described by the peace Before the preset random string merging of total divisor process scalar sum is converted to hexadecimal character string, the method is also wrapped It includes:
By preset random seed as primary condition, 32 random strings are generated.
7. a kind of verification method of inter-cluster communication factor of safety characterized by comprising
In response to requesting the communication request of communication cluster, the communication request is parsed, the request communication cluster is obtained The communication security factor and identification information;
Process scalar is determined based on the identification information, and inverse operation is carried out to the process scalar, obtains random words to be tested Symbol string;
The random string to be tested and the random string of the communication security factor are compared, comparing result is obtained;
When comparing result is consistent, the cluster communicated is requested to establish communication link with described.
8. the verification method of inter-cluster communication factor of safety according to claim 7, which is characterized in that described in response to asking The communication request for seeking communication cluster parses the communication request, obtain it is described request communication cluster communication security because Son and identification information, comprising:
The communication request is indicated with vector;
After receiving the communication request, the logical of request communication cluster is extracted from the communication request indicated with vector Believe factor of safety and identification information.
9. the verification method of inter-cluster communication factor of safety according to claim 7, which is characterized in that described based on described Identification information determines process scalar, comprising:
Mark position by the identification information in dynamic clock component identification information compares, and determines matched label Position, and obtain the timestamp of the mark position;
Pass through formula:
Determine process scalar;Wherein, C' indicates the process scalar;T' indicates the timestamp of the mark position;△tIt indicates Preset time window.
10. according to the verification method for the inter-cluster communication factor of safety that claim 7 is stated, which is characterized in that described to the mistake Journey scalar carries out inverse operation, obtains random string to be tested, comprising:
Request the communication security factor of communication cluster as preset HMAC SHA256 algorithm for described in the process scalar sum Input value, the character string to be tested of output 32.
11. a kind of generating means of inter-cluster communication factor of safety characterized by comprising
Determining module, for determining based on timestamp acquired in current cluster and the preset time window of the current cluster Factor of safety process scalar out;
Conversion module, it is hexadecimal for being converted to the preset random string merging of the factor of safety process scalar sum Character string, and the character string is determined as the communication security factor;
Sending module, in response to communication instruction, by the identification information of the current cluster and the secure communication factor to Object set pocket transmission.
12. a kind of verifying device of inter-cluster communication factor of safety characterized by comprising
Parsing module parses the communication request, described in acquisition for the communication request in response to requesting communication cluster Request the communication security factor and identification information of communication cluster;
Computing module for determining process scalar based on the identification information, and carries out inverse operation to the process scalar, obtains Obtain random string to be tested;
Contrast module, for the random string to be tested and the random string of the communication security factor to be compared, Obtain comparing result;
Communication link establishes module, for requesting the cluster communicated to establish communication link with described when comparing result is consistent.
13. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor It realizes in the generation method or 7 to 10 such as inter-cluster communication factor of safety described in any one of claims 1 to 6 and appoints when row The verification method of inter-cluster communication factor of safety described in one.
14. a kind of electronic equipment characterized by comprising
One or more processors;
Storage device, for storing one or more programs, when one or more of programs are by one or more of processing When device executes, so that one or more of processors realize that inter-cluster communication described in any one of claims 1 to 6 such as is pacified The verification method of inter-cluster communication factor of safety described in any one of generation method of total divisor or 7 to 10.
CN201811438712.6A 2018-11-28 2018-11-28 Method, device, medium and electronic equipment for generating inter-cluster communication security factor Active CN109347869B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811438712.6A CN109347869B (en) 2018-11-28 2018-11-28 Method, device, medium and electronic equipment for generating inter-cluster communication security factor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811438712.6A CN109347869B (en) 2018-11-28 2018-11-28 Method, device, medium and electronic equipment for generating inter-cluster communication security factor

Publications (2)

Publication Number Publication Date
CN109347869A true CN109347869A (en) 2019-02-15
CN109347869B CN109347869B (en) 2021-07-06

Family

ID=65318714

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811438712.6A Active CN109347869B (en) 2018-11-28 2018-11-28 Method, device, medium and electronic equipment for generating inter-cluster communication security factor

Country Status (1)

Country Link
CN (1) CN109347869B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102487502A (en) * 2010-12-01 2012-06-06 电子科技大学 Cluster communication safety method
CN102647461A (en) * 2012-03-29 2012-08-22 奇智软件(北京)有限公司 Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol)
US20140325601A1 (en) * 2013-04-27 2014-10-30 Xiao Sun Managing private information in instant messaging
CN105528454A (en) * 2015-12-25 2016-04-27 北京奇虎科技有限公司 Log treatment method and distributed cluster computing device
CN106357776A (en) * 2016-09-23 2017-01-25 北京奇虎科技有限公司 Method and device for selecting transmission resource of streaming data
CN106453122A (en) * 2016-09-23 2017-02-22 北京奇虎科技有限公司 Method and device for selecting streaming data transmission node
CN106921754A (en) * 2017-05-04 2017-07-04 泰康保险集团股份有限公司 The load-balancing method of group system, device, medium and electronic equipment
CN107888615A (en) * 2017-12-01 2018-04-06 郑州云海信息技术有限公司 A kind of safety certifying method of Node registry
CN107888543A (en) * 2016-09-30 2018-04-06 江苏神州信源系统工程有限公司 Based on the method and system that company-data safety is protected under distributed type assemblies environment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102487502A (en) * 2010-12-01 2012-06-06 电子科技大学 Cluster communication safety method
CN102647461A (en) * 2012-03-29 2012-08-22 奇智软件(北京)有限公司 Communication method, server and terminal based on HTTP (Hypertext Transfer Protocol)
US20140325601A1 (en) * 2013-04-27 2014-10-30 Xiao Sun Managing private information in instant messaging
CN105528454A (en) * 2015-12-25 2016-04-27 北京奇虎科技有限公司 Log treatment method and distributed cluster computing device
CN106357776A (en) * 2016-09-23 2017-01-25 北京奇虎科技有限公司 Method and device for selecting transmission resource of streaming data
CN106453122A (en) * 2016-09-23 2017-02-22 北京奇虎科技有限公司 Method and device for selecting streaming data transmission node
CN107888543A (en) * 2016-09-30 2018-04-06 江苏神州信源系统工程有限公司 Based on the method and system that company-data safety is protected under distributed type assemblies environment
CN106921754A (en) * 2017-05-04 2017-07-04 泰康保险集团股份有限公司 The load-balancing method of group system, device, medium and electronic equipment
CN107888615A (en) * 2017-12-01 2018-04-06 郑州云海信息技术有限公司 A kind of safety certifying method of Node registry

Also Published As

Publication number Publication date
CN109347869B (en) 2021-07-06

Similar Documents

Publication Publication Date Title
US9015845B2 (en) Transit control for data
Abbasi et al. Veidblock: Verifiable identity using blockchain and ledger in a software defined network
US20150074390A1 (en) Method and device for classifying risk level in user agent by combining multiple evaluations
CN109739478A (en) Front end project automated construction method, device, storage medium and electronic equipment
US9906518B2 (en) Managing exchanges of sensitive data
CN109861992A (en) A kind of information interacting method and across scene method for tracing of monitor terminal
US11972241B2 (en) Validation of payload for deployment to a target environment
CN110445745A (en) Information processing method and its system, computer system and computer-readable medium
CN110175474A (en) Merging method, device, medium, server and the user terminal of Electronic Signature
CN109978551A (en) A kind of account information confirmation and method for retrieving and device based on block chain
US20210286899A1 (en) Embedded Device for Control of Data Exposure
JP2022541929A (en) Method and apparatus for issuing smart contracts
CN110336781A (en) A kind of method and apparatus based on browser identification terminal uniqueness
CN110493239A (en) The method and apparatus of authentication
CN109635529A (en) Account shares detection method, device, medium and electronic equipment
CN109766319A (en) Compression duty processing method, device, storage medium and electronic equipment
CN106709281A (en) Patch releasing and obtaining method and device
CN109522683A (en) Software source tracing method, system, computer equipment and storage medium
CN113792301A (en) Block chain-based Internet of things data access method and device
CN110531989A (en) Believable internet of things data processing method, system, equipment and storage medium
CN109347869A (en) Generation method, device, medium and the electronic equipment of inter-cluster communication factor of safety
CN116633725A (en) All-channel access gateway
CN109683942A (en) Script management method, device, medium and electronic equipment
CN112926981B (en) Transaction information processing method, device and medium for block chain and electronic equipment
CN114780932A (en) Cross-block chain data interaction verification method, system and equipment for management three-mode platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 221, 2nd floor, Block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone, 100176

Applicant after: JINGDONG DIGITAL TECHNOLOGY HOLDINGS Co.,Ltd.

Address before: Room 221, 2nd floor, Block C, 18 Kechuang 11th Street, Daxing Economic and Technological Development Zone, Beijing, 100176

Applicant before: BEIJING JINGDONG FINANCIAL TECHNOLOGY HOLDING Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176

Patentee after: Jingdong Technology Holding Co.,Ltd.

Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176

Patentee before: Jingdong Digital Technology Holding Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP03 Change of name, title or address

Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176

Patentee after: Jingdong Digital Technology Holding Co.,Ltd.

Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Beijing Economic and Technological Development Zone, 100176

Patentee before: JINGDONG DIGITAL TECHNOLOGY HOLDINGS Co.,Ltd.

CP03 Change of name, title or address