CN112446613A - External access client wind control method, device, equipment and storage medium - Google Patents
External access client wind control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112446613A CN112446613A CN202011346602.4A CN202011346602A CN112446613A CN 112446613 A CN112446613 A CN 112446613A CN 202011346602 A CN202011346602 A CN 202011346602A CN 112446613 A CN112446613 A CN 112446613A
- Authority
- CN
- China
- Prior art keywords
- client
- risk
- resource exchange
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
Abstract
The application relates to a method, a device, equipment and a storage medium for controlling a wind of an external access client. The method comprises the following steps: receiving resource exchange entrusted data sent by an externally accessed client, and acquiring information of the client; acquiring access control information required under each monitoring dimension from the information of the client; analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension; when the client is determined not to be a risk client, performing risk analysis on the resource exchange commission data; and when the risk exists in the analysis of the resource exchange entrustment data, performing order rejection processing on the client. The method can improve the safety of resource exchange.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for controlling a client.
Background
In the resource exchange process, the client needs to access the resource exchange system through the resource exchange proxy system to realize resource exchange. Such as: the investor logs on the dealer system using the terminal, thereby accessing the exchange system of the exchange to trade securities.
If the risk client accesses the resource exchange agent system, for example: the hacker client accesses the resource exchange proxy system, or the number of clients accessing the resource exchange proxy system exceeds the system load limit, or the traffic of the clients accessing the resource exchange proxy system is too large, etc., which brings great risk to the resource exchange proxy system. In order to ensure the security of the resource exchange process, it is very important that the resource exchange agent platform performs effective security monitoring on these externally accessed clients.
However, in the conventional method, the resource exchange proxy platform does not have the capability of comprehensively monitoring the externally accessed client, so that it is difficult to ensure the security of the resource exchange process, and the security problem is easy to occur.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an external access client wind control method, an external access client wind control apparatus, a computer device, and a storage medium, which can improve resource exchange security.
An external access client wind control method, the method comprising:
receiving resource exchange entrusted data sent by an externally accessed client, and acquiring information of the client;
acquiring access control information required under each monitoring dimension from the information of the client;
analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension; the risk client is a client which has risk for the access system;
when the client is determined not to be a risk client, performing risk analysis on the resource exchange commission data;
and when the risk exists in the analysis of the resource exchange entrustment data, performing order rejection processing on the client.
In one embodiment, the receiving resource exchange delegation data sent by an externally accessed client, and collecting information of the client includes:
receiving resource exchange entrusted data sent by an externally accessed client through a uniform access application program interface, and acquiring information of the client;
and performing primary risk verification on the client by uniformly accessing an application program interface.
In one embodiment, the monitoring dimension includes at least one of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, and black and white list monitoring.
In one embodiment, the analyzing, according to the access control information in each monitoring dimension, whether the client is a risk client includes:
analyzing access control information under each monitoring dimension according to a preset risk condition corresponding to each monitoring dimension;
when the access control information under at least one monitoring dimension meets a preset risk condition, judging that the client is a risk client;
and when the access control information under each monitoring dimension does not meet the preset risk condition, judging that the client is not a risk client.
In one embodiment, after analyzing whether the client is a risk client according to the access control information in each monitoring dimension, the method further includes:
and when the client is determined to be the risk client, performing order rejection processing on the client.
In one embodiment, after the risk analyzing the resource exchange delegation data when it is determined that the client is not a risk client, the method further comprises:
and when no risk exists in the analysis of the resource exchange entrustment data, sending the resource exchange entrustment data to a resource exchange system so that the resource exchange system carries out resource exchange processing according to the resource exchange entrustment data.
An external access client wind control device, the device comprising:
the data acquisition module is used for receiving resource exchange entrusted data sent by an externally accessed client and acquiring information of the client;
the access control module is used for acquiring access control information required under each monitoring dimension from the information of the client;
the access analysis module is used for analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension; the risk client is a client which has risk for the access system;
the data analysis module is used for carrying out risk analysis on the resource exchange commission data when the client is determined not to be a risk client;
and the processing module is used for performing order rejection processing on the client when the risk exists in the analysis of the resource exchange entrustment data.
In one embodiment, the data acquisition module is further configured to receive, through a unified access application program interface, resource exchange delegation data sent by an externally accessed client, and acquire information of the client; and performing primary risk verification on the client by uniformly accessing an application program interface.
A computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to perform the steps of the external access client wind control method according to embodiments of the present application.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, causes the processor to perform the steps of the external access client wind control method according to embodiments of the present application.
The method, the device, the computer equipment and the storage medium for the wind control of the external access client receive the resource exchange entrusted data sent by the external access client, acquire the information of the client, acquire the access control information required under each monitoring dimension from the information of the client, and analyze whether the client is a risk client according to the access control information under each monitoring dimension, so that the information of the client can be comprehensively analyzed under each monitoring dimension, when the client is determined not to be a risk client, the resource exchange entrusted data is subjected to risk analysis, the resource exchange entrusted data transmitted by the client can be further subjected to risk analysis, further wind control is performed on the external access client, when the resource exchange entrusted data is analyzed to have risks, the client is subjected to order processing, and thus the risk control of the external access client can be refused, and risk control can be performed on the resource exchange commission data of the client, so that comprehensive risk analysis and timely processing of the externally accessed client are realized, and the safety of resource exchange can be improved.
Drawings
FIG. 1 is a diagram of an application environment of a method for external access client wind control in one embodiment;
FIG. 2 is a flow diagram illustrating a method for external access client wind control in one embodiment;
FIG. 3 is a schematic diagram illustrating an overall flow of a method for external access client wind control in one embodiment;
FIG. 4 is an overall architecture diagram of the external access client wind control method in one embodiment;
FIG. 5 is a block diagram of an external access client wind control device in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The external access client wind control method provided by the application can be applied to the application environment shown in fig. 1. The client 102 accessed from outside communicates with the server 104 of the resource exchange proxy system through a network, and the server 104 of the resource exchange proxy system communicates with the server 106 of the resource exchange system through a network. The resource exchange proxy system comprises a resource exchange proxy system server 104, a resource exchange client 102 and a resource exchange proxy system server 104, wherein the resource exchange proxy system server 104 sends resource exchange proxy data to the resource exchange proxy system server 104, the resource exchange proxy system server 104 performs wind control on the externally accessed client 102, and when there is a risk in analyzing the resource exchange proxy data, the resource exchange proxy system server 104 can perform order rejection processing on the externally accessed client 102 without transmitting the resource exchange proxy data to the resource exchange system server 106, so that the security of resource exchange processing performed by the resource exchange system server 106 is guaranteed. The externally accessed client 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server 104 of the resource exchange proxy system may be implemented as a stand-alone server or as a server cluster comprised of multiple servers. The server 106 of the resource exchange system may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, there is provided an external access client-side wind control method, which is described by taking the method as an example applied to a server of the resource exchange proxy system in fig. 1, and includes the following steps:
s202, receiving resource exchange entrusted data sent by an externally accessed client, and collecting information of the client.
The resource exchange means performing equivalent exchange on resources. Resources may be real or virtual. The resource exchange agent system is a system that accepts the request of others and exchanges resources in the resource exchange system on behalf of others. A resource exchange system is a system for exchanging resources. The client accessed from outside refers to the client accessing and entrusting the resource exchange agent system to perform resource exchange in the resource exchange system. The resource exchange request data is data which is sent to the resource exchange agent system by an externally accessed client and is used for requesting the resource exchange agent system to perform resource exchange in the resource exchange system. The information of the client refers to information of the client itself.
It is understood that the resource exchange proxy system may receive the resource exchange delegation data sent by the client through the external access client, and then perform resource exchange in the resource exchange system on behalf of the client according to the resource exchange delegation data. Such as: in a stock exchange scenario, the resource exchange system may be a stock exchange system and the resource exchange broker system may be a stock company (i.e., dealer) system. The security trader system can receive security trading entrusting data sent by an investor through a client, and then the investor carries out security trading in the security exchange system according to the security trading entrusting data.
In one embodiment, the resource exchange may be at least one trade action of exchanging shares, options, or commodities in bulk.
In one embodiment, the information of the client may include at least one of hardware information, software information, access authorization information, and the like of the client.
Specifically, the server of the resource exchange proxy system may receive, through the unified access application program interface, resource exchange delegation data sent by the externally accessed client, collect information of the externally accessed client, and then may transmit the resource exchange delegation data and the information of the externally accessed client to the resource exchange access platform in the resource exchange proxy system.
The unified access application program interface (i.e., unified access application Programming interface) may be compatible with various types of externally accessed clients and may be matched with each resource exchange system. And the resource exchange access platform is used for managing and controlling the externally accessed client, providing a docking interface matched with the standard of the wind control platform in the resource exchange agent system, and being capable of realizing control functions such as wind control, multi-dimensional blocking and the like by matching with the wind control platform.
And S204, acquiring access control information required under each monitoring dimension from the information of the client.
The monitoring dimension is a dimension for monitoring the information of the client by the resource exchange agent system. The access control information is information required for analyzing the information of the client under the monitoring dimension.
Specifically, the server of the resource exchange agent system may obtain access control information required in each monitoring dimension from information of the client through the resource exchange access platform, and then send the access control information and the resource exchange commission data to the wind control platform in the resource exchange agent system. The wind control platform is used for risk monitoring in the resource exchange agent system.
In one embodiment, a resource exchange access platform includes an access gateway and an access controller. The server of the resource exchange agent system can firstly send the resource exchange commission data and the information of the externally accessed client to the access controller through the access gateway, then the access controller acquires the access control information required under each monitoring dimension from the information of the client, and then the access controller sends the access control information and the resource exchange commission data to the wind control platform in the resource exchange agent system.
And S206, analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension. The risk client is a client having a risk to the access system.
The risky client refers to a client having a risk for accessing the resource exchange broker system.
Specifically, the server of the resource exchange proxy system may analyze whether the client is a risk client according to access control information in each monitoring dimension through the wind control platform.
In one embodiment, the wind-controlled platform includes an access manager. And the server of the resource exchange agent system can analyze whether the client is a risk client or not according to the access control information under each monitoring dimension through the access manager of the wind control platform.
And S208, when the client is determined not to be the risk client, performing risk analysis on the resource exchange commission data.
Specifically, when it is determined that the client is not a risk client, the server of the resource exchange proxy system may perform risk analysis on the resource exchange delegation data through the wind control platform.
In one embodiment, the wind control platform further comprises a rules processing engine. When the client is determined not to be the risk client, the server of the resource exchange agent system can perform risk analysis on the resource exchange commission data through a rule processing engine of the wind control platform. In one embodiment, when it is determined that the client is not a risk client, the access manager may send a trigger to the rule processing engine to cause the rule processing engine to perform a risk analysis on the resource exchange delegation data.
S210, when the analysis of the resource exchange entrustment data has risks, the client is subjected to order rejection processing.
The order rejection processing refers to rejecting resource exchange processing delegated by an externally accessed client, that is, not performing resource exchange processing in a resource exchange system according to resource exchange delegation data sent by the externally accessed client.
Specifically, when the resource exchange commission data is analyzed and determined to be risky, the server of the resource exchange agent system can perform order rejection processing on the client through the wind control platform.
In one embodiment, after performing the rejection processing for the client, the server of the resource exchange proxy system may return the rejection information to the client. In one embodiment, the server of the resource exchange proxy system may return the rejection information to the client through the resource exchange access platform.
In one embodiment, the server of the resource exchange proxy system may further disconnect the external qualification of the client after performing the order rejection process for the client.
In the method for the wind control of the external access client, resource exchange commission data sent by the externally accessed client is received, the information of the client is collected, then access control information required under each monitoring dimension is obtained from the information of the client, whether the client is a risk client or not is analyzed according to the access control information under each monitoring dimension, so that the information of the client can be comprehensively analyzed under each monitoring dimension, when the client is determined not to be a risk client, the risk analysis is carried out on the resource exchange commission data, the risk analysis can be further carried out on the resource exchange commission data transmitted by the client, further wind control is carried out on the externally accessed client, when the resource exchange commission data is analyzed to have risks, order rejection processing is carried out aiming at the client, and thus the risk control can be carried out on the externally accessed client, and risk control can be performed on the resource exchange commission data of the client, so that comprehensive risk analysis and timely processing of the externally accessed client are realized, and the safety of resource exchange can be improved. The method is easy to implement, does not need to modify the resource exchange system, and realizes zero modification of the resource exchange system.
In one embodiment, the step of receiving resource exchange commission data sent by an externally accessed client and collecting information of the client comprises the following steps: receiving resource exchange entrusted data sent by an externally accessed client through a uniform access application program interface, and acquiring information of the client; and performing primary risk verification on the client by uniformly accessing an application program interface.
The preliminary risk verification is to perform preliminary verification on whether the client has risks.
Specifically, a server of the resource exchange proxy system may receive resource exchange delegation data sent by an externally accessed client through a unified access application program interface, acquire information of the client, and then perform preliminary risk verification on the client. After the client passes the preliminary risk verification, the server of the resource exchange agent system can transmit the resource exchange entrusted data and the information of the externally accessed client to the resource exchange access platform in the resource exchange agent system through the unified access application program interface.
In one embodiment, the server of the resource exchange proxy system may perform risk analysis on the network environment of the externally accessed client through the unified access application program interface to verify whether the network environment of the client has a risk. In other embodiments, the server of the resource exchange proxy system may also perform preliminary risk verification on the client in other aspects through the unified access application program interface, which is not limited.
In this embodiment, the server of the resource exchange proxy system may receive resource exchange delegation data sent by an externally accessed client through a unified access application program interface, acquire information of the client, and perform preliminary risk verification on the client. Therefore, the risk of the externally accessed client can be preliminarily analyzed, the client with the risk can be blocked in time, the wind control efficiency is improved, and the safety of resource exchange is improved.
In one embodiment, the monitoring dimension includes at least one of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, and black and white list monitoring.
Specifically, the server of the resource exchange proxy system may obtain, from the information of the client, access control information required in at least one monitoring dimension of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, black and white list monitoring, and the like through the resource exchange access platform, so as to report the access control information of the client. And then the access control information and the resource exchange commission data are sent to a wind control platform in the resource exchange agent system.
In one embodiment, the acquired access control information may include at least one of hardware information, software information, and access authorization information of the client. In an embodiment, the hardware information of the client may include at least one of a Media Access Control Address (MAC Address), an Internet Protocol Address (IP Address), and a serial number of the hard disk of the client. In one embodiment, the software information of the client may include information such as a software version of the resource exchange software in the client.
In this embodiment, the server of the resource exchange proxy system may obtain, from the information of the client, access control information required in at least one monitoring dimension of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, and black and white list monitoring through the resource exchange access platform, so that the client can be subjected to wind control in multiple monitoring dimensions, and the client can be subjected to comprehensive wind control, thereby improving the security of resource exchange. The flow rate of each accessed client can be controlled through flow monitoring, and the service operation of the client is limited after the upper limit of the flow rate is reached. Through function number monitoring, multi-dimensional flow control (flow control) according to client numbers, capital accounts, stockholder account numbers, function numbers, request sources, business departments and the like is supported, and control dimensions can be expanded. The flow control can be carried out according to a plurality of time units of seconds, minutes, hours, days and total amount. And supporting to set a flow control rule effective time period.
Through the monitoring of the black and white list, the control can be carried out according to the multidimensional black and white list control of client numbers, capital accounts, shareholder accounts, function numbers, request sources, business departments and the like, the control dimension can be expanded, and the setting of the effective time period of the black and white list is supported. And setting an upper limit on the number of the investor transaction clients connected with the external access monitoring system through connection number monitoring, and stopping accessing a new client when the connected client has excessive data. The information of the external access client can be monitored, and the information comprises information such as an access terminal, an access account and an access protocol. And when the authorization certificate carried by the client passes verification, the client is allowed to access an external access monitoring system. And controlling client information (telephone numbers, IP addresses, MAC addresses, mobile phone identification codes and other feature codes capable of identifying the transaction system and the terminal of the investor), wherein the information can assist in carrying out black-and-white list monitoring (when the IP address of the client is matched with the slave information in the black list, the client is not allowed to access the external access monitoring system).
In one embodiment, the step of analyzing whether the client is a risk client according to the access control information in each monitoring dimension includes: analyzing the access control information under each monitoring dimension according to the preset risk condition corresponding to each monitoring dimension; when the access control information under at least one monitoring dimension meets a preset risk condition, judging that the client is a risk client; and when the access control information under each monitoring dimension does not meet the preset risk condition, judging that the client is not a risk client.
Specifically, the server of the resource exchange proxy system may analyze access control information in each monitoring dimension according to a preset risk condition corresponding to each monitoring dimension through the wind control platform, so as to determine whether the client is a risk client.
In an embodiment, a server of the resource exchange proxy system may analyze access control information in each monitoring dimension according to a preset risk condition corresponding to each monitoring dimension through an access manager in the wind control platform, so as to determine whether the client is a risk client.
It can be understood that the preset risk conditions corresponding to the access control information may be set in advance according to the actual management and control scheme for the access control information. In one embodiment, the preset risk condition may be that a value of the access control information is greater than or equal to a preset threshold corresponding to the access control information. In another embodiment, the preset risk condition may be that a value of the access control information is less than or equal to a preset threshold corresponding to the access control information.
In this embodiment, the server of the resource exchange agent system may analyze the access control information in each monitoring dimension according to the preset risk condition corresponding to each monitoring dimension, so as to determine whether the client is a risk client, so that the client can be subjected to wind control in multiple monitoring dimensions, the client can be subjected to comprehensive wind control, and the security of resource exchange is improved.
In one embodiment, after the step of analyzing whether the client is a risk client according to the access control information in each monitoring dimension, the method further includes: and when the client is determined to be the risk client, performing order rejection processing on the client.
Specifically, when the client is determined to be a risk client, the server of the resource exchange proxy system may perform order rejection processing for the client through the wind control platform.
In one embodiment, after performing the rejection processing for the client, the server of the resource exchange proxy system may return the rejection information to the client. In one embodiment, the server of the resource exchange proxy system may return the rejection information to the client through the resource exchange access platform.
In one embodiment, the server of the resource exchange proxy system may further disconnect the external qualification of the client after performing the order rejection process for the client.
In this embodiment, when it is determined that the client is the risk client, the server of the resource exchange proxy system may perform order rejection processing for the client, so that the risk brought by the risk client can be blocked in time, and the security of resource exchange is improved.
In one embodiment, after the step of risk analyzing the resource exchange delegation data when it is determined that the client is not a risk client, the method further comprises: and when no risk exists in the analysis of the resource exchange entrustment data, the resource exchange entrustment data is sent to the resource exchange system so that the resource exchange system carries out resource exchange processing according to the resource exchange entrustment data.
In particular, when the analysis determines that there is no risk of the resource exchange delegation data, then the server of the resource exchange broker system may send the resource exchange delegation data to the server of the resource exchange system. The server of the resource exchange system may perform resource exchange processing according to the resource exchange delegation data, and return a result (i.e., a report) of the resource exchange processing to the server of the resource exchange broker system. The server of the resource exchange broker system may return the reward to the client.
In this embodiment, when there is no risk in analyzing the resource exchange delegation data, the resource exchange delegation data is sent to the resource exchange system, so that resource exchange can be performed under the condition that there is no risk in the resource exchange delegation data sent by the client and the client, and the security of resource exchange is improved.
Fig. 3 is a schematic overall flow chart of the external access client wind control method in the embodiments of the present application. The resource exchange agent system comprises an external access client-side wind control system, and the external access client-side wind control system comprises an access gateway, an access controller, an access manager and a rule processing engine. The external access client wind control system may obtain access data (i.e., resource exchange delegation data and information of the client) from the client through the unified access API and transmit to the access gateway, which may then transmit the access data to the access controller. After the access controller obtains the access control information required by each monitoring dimension from the access data, the access controller can transmit the access control information and the resource exchange commission data to the access manager. The access manager can analyze whether the client is a risk client or not according to the access control information under each monitoring dimension. And when the client is the risk client, performing order rejection processing on the client through the access gateway. And when the client is not a risk client, the rule processing engine carries out risk analysis on the resource exchange commission data. And when the resource exchange entrusted data has risk, performing order rejection processing on the client through the access gateway. And when the resource exchange entrusting data has no risk, transmitting the resource exchange entrusting data to a resource exchange system, and carrying out resource exchange processing by the resource exchange system according to the resource exchange entrusting data. In one embodiment, when there is no risk of resource exchange delegation data, the resource exchange delegation data may be submitted to a protocol adapter, which sends the resource exchange delegation data to a resource exchange system for resource exchange.
Fig. 4 is a diagram illustrating an overall architecture of a method for controlling a client for external access in various embodiments of the present application. Taking the security trading scenario as an example, the security trading agent system comprises an external access monitoring system in the figure. The external access monitoring system comprises a transaction access platform (namely, a resource exchange access platform) and a wind control platform. The transaction access platform comprises an access gateway and an access controller. The wind control platform comprises an access manager and a rule processing engine. First, a server of the securities trading system can acquire information of a client of an investor and trading entrusted data (i.e., resource exchange entrusted data) through a unified access API, and perform preliminary verification on trading security. Namely, the unified access API has functions of terminal information acquisition, delegated data transmission, and preliminary verification of transaction security. Then, the access gateway in the transaction access platform can receive the transaction entrustment data and the information of the client and transmit the transaction entrustment data and the information to the access controller in the transaction access platform. The access controller may obtain access control information required in each monitoring dimension from the information of the client. The monitoring dimension includes terminal authorization control (i.e., monitoring), function number authority control, connection number control, flow control, and black and white list control. The access controller may transmit the access control information and the transaction commission data to the wind-controlled platform. And the access controller in the wind control platform can analyze whether the client is a risk client or not according to the access control information under each monitoring dimension. When the client is not a risk client, the rule processing engine may perform a risk analysis on the transaction commitment data. When the transaction entrustment data has no risk, the security transaction agent system can report the transaction entrustment data to a security transaction system (namely, the transaction system in the figure). The securities trading system may be a variety of heterogeneous trading systems.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
In one embodiment, as shown in fig. 5, there is provided an external access client wind control device 500 comprising: a data acquisition module 502, an access control module 504, an access analysis module 506, a data analysis module 508, and a handling module 510, wherein:
the data obtaining module 502 is configured to receive resource exchange delegation data sent by an externally accessed client, and collect information of the client.
And an access control module 504, configured to obtain access control information required in each monitoring dimension from information of the client.
And an access analysis module 506, configured to analyze whether the client is a risk client according to the access control information in each monitoring dimension. The risk client is a client having a risk to the access system.
A data analysis module 508, configured to perform risk analysis on the resource exchange delegation data when it is determined that the client is not a risk client.
A handling module 510, configured to, when there is a risk in analyzing the resource exchange delegation data, perform a rejection process for the client.
In one embodiment, the data obtaining module 502 is further configured to receive, through the unified access application program interface, resource exchange delegation data sent by an externally accessed client, and collect information of the client; and performing primary risk verification on the client by uniformly accessing an application program interface.
In one embodiment, the monitoring dimension includes at least one of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, and black and white list monitoring.
In an embodiment, the data analysis module 508 is further configured to analyze the access control information in each monitoring dimension according to a preset risk condition corresponding to each monitoring dimension; when the access control information under at least one monitoring dimension meets a preset risk condition, judging that the client is a risk client; and when the access control information under each monitoring dimension does not meet the preset risk condition, judging that the client is not a risk client.
In one embodiment, the handling module 510 is further configured to, when it is determined that the client is a risky client, perform a rejection process for the client.
In one embodiment, the handling module 510 is further configured to send the resource exchange delegation data to the resource exchange system when there is no risk in analyzing the resource exchange delegation data, so that the resource exchange system performs the resource exchange processing according to the resource exchange delegation data.
In an embodiment, the data analysis module 508 is further configured to perform risk analysis on the resource exchange delegation data through the rule processing engine to obtain a rule processing result, and send the rule processing result to the report processing unit. The handling module 510 is further configured to, when the rule processing result is that there is a risk in the resource exchange delegation data, perform order rejection processing for the client through the report processing unit. The processing module 510 is further configured to perform a report processing on the resource exchange system through the report processing unit when the rule processing result indicates that there is no risk in the resource exchange delegation data; receiving the return returned by the resource exchange system through a report processing unit; the report is transmitted to the client.
In the wind control device of the external access client, resource exchange commission data sent by the externally accessed client is received, the information of the client is collected, then the access control information required under each monitoring dimension is obtained from the information of the client, whether the client is a risk client is analyzed according to the access control information under each monitoring dimension, so that the information of the client can be comprehensively analyzed under each monitoring dimension, when the client is determined not to be a risk client, the risk analysis is carried out on the resource exchange commission data, the risk analysis can be further carried out on the resource exchange commission data transmitted by the client, further wind control is carried out on the external access client, when the resource exchange commission data is analyzed to have risks, the order rejection processing is carried out aiming at the client, and thus the risk control can be carried out on the externally accessed client, and risk control can be performed on the resource exchange commission data of the client, so that comprehensive risk analysis and timely processing of the externally accessed client are realized, and the safety of resource exchange can be improved. The method is easy to implement, does not need to modify the resource exchange system, and realizes zero modification of the resource exchange system.
For specific limitations of the external access client wind control device, reference may be made to the above limitations of the external access client wind control method, which is not described herein again. All or part of each module in the external access client wind control device can be realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is for storing resource exchange data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an external access client-side wind control method.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. An external access client wind control method, characterized in that the method comprises:
receiving resource exchange entrusted data sent by an externally accessed client, and acquiring information of the client;
acquiring access control information required under each monitoring dimension from the information of the client;
analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension; the risk client is a client which has risk for the access system;
when the client is determined not to be a risk client, performing risk analysis on the resource exchange commission data;
and when the risk exists in the analysis of the resource exchange entrustment data, performing order rejection processing on the client.
2. The method of claim 1, wherein the receiving resource exchange delegation data sent by an externally accessed client and collecting information of the client comprises:
receiving resource exchange entrusted data sent by an externally accessed client through a uniform access application program interface, and acquiring information of the client;
and performing primary risk verification on the client by uniformly accessing an application program interface.
3. The method of claim 1, wherein the monitoring dimension comprises at least one of terminal authorization monitoring, function number authority monitoring, connection number monitoring, traffic monitoring, and black and white list monitoring.
4. The method of claim 1, wherein analyzing whether the client is a risk client according to the access control information in each monitoring dimension comprises:
analyzing access control information under each monitoring dimension according to a preset risk condition corresponding to each monitoring dimension;
when the access control information under at least one monitoring dimension meets a preset risk condition, judging that the client is a risk client;
and when the access control information under each monitoring dimension does not meet the preset risk condition, judging that the client is not a risk client.
5. The method of claim 1, wherein after analyzing whether the client is a risk client according to the access control information in each monitoring dimension, the method further comprises:
and when the client is determined to be the risk client, performing order rejection processing on the client.
6. The method of claim 1, wherein after said risk analyzing said resource exchange delegation data when said client is determined not to be a risky client, said method further comprises:
and when no risk exists in the analysis of the resource exchange entrustment data, sending the resource exchange entrustment data to a resource exchange system so that the resource exchange system carries out resource exchange processing according to the resource exchange entrustment data.
7. An external access client wind control device, the device comprising:
the data acquisition module is used for receiving resource exchange entrusted data sent by an externally accessed client and acquiring information of the client;
the access control module is used for acquiring access control information required under each monitoring dimension from the information of the client;
the access analysis module is used for analyzing whether the client is a risk client or not according to the access control information under each monitoring dimension; the risk client is a client which has risk for the access system;
the data analysis module is used for carrying out risk analysis on the resource exchange commission data when the client is determined not to be a risk client;
and the processing module is used for performing order rejection processing on the client when the risk exists in the analysis of the resource exchange entrustment data.
8. The device of claim 7, wherein the data obtaining module is further configured to receive, through a unified access application program interface, resource exchange delegation data sent by an externally accessed client, and collect information of the client; and performing primary risk verification on the client by uniformly accessing an application program interface.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011346602.4A CN112446613A (en) | 2020-11-26 | 2020-11-26 | External access client wind control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011346602.4A CN112446613A (en) | 2020-11-26 | 2020-11-26 | External access client wind control method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112446613A true CN112446613A (en) | 2021-03-05 |
Family
ID=74737571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011346602.4A Pending CN112446613A (en) | 2020-11-26 | 2020-11-26 | External access client wind control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112446613A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916474A (en) * | 2010-06-23 | 2010-12-15 | 中国工商银行股份有限公司 | System, device and method for monitoring risks in bank login process |
| CN107491885A (en) * | 2017-08-25 | 2017-12-19 | 上海找钢网信息科技股份有限公司 | A kind of air control platform and risk control management method for steel trade financial business |
| US20180365625A1 (en) * | 2013-03-11 | 2018-12-20 | American Airlines, Inc. | Reserve Airline Staffing Levels |
| CN110675159A (en) * | 2019-09-29 | 2020-01-10 | 中国工商银行股份有限公司 | Financial market transaction advance risk control method and system and electronic equipment |
| CN111311136A (en) * | 2020-05-14 | 2020-06-19 | 深圳索信达数据技术有限公司 | Wind control decision method, computer equipment and storage medium |
-
2020
- 2020-11-26 CN CN202011346602.4A patent/CN112446613A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101916474A (en) * | 2010-06-23 | 2010-12-15 | 中国工商银行股份有限公司 | System, device and method for monitoring risks in bank login process |
| US20180365625A1 (en) * | 2013-03-11 | 2018-12-20 | American Airlines, Inc. | Reserve Airline Staffing Levels |
| CN107491885A (en) * | 2017-08-25 | 2017-12-19 | 上海找钢网信息科技股份有限公司 | A kind of air control platform and risk control management method for steel trade financial business |
| CN110675159A (en) * | 2019-09-29 | 2020-01-10 | 中国工商银行股份有限公司 | Financial market transaction advance risk control method and system and electronic equipment |
| CN111311136A (en) * | 2020-05-14 | 2020-06-19 | 深圳索信达数据技术有限公司 | Wind control decision method, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017421179B2 (en) | Autonomic incident triage prioritization by performance modifier and temporal decay parameters | |
| US10341367B1 (en) | System and method for inquiring IOC information by P2P protocol | |
| US20160212060A1 (en) | Network service request throttling system | |
| US9654480B2 (en) | Systems and methods for profiling client devices | |
| US20190377832A1 (en) | Systems and Methods for Enabling a Global Aggregated Search, While Allowing Configurable Client Anonymity | |
| CN110619206B (en) | Operation and maintenance risk control method, system, equipment and computer readable storage medium | |
| CN110533286B (en) | Block chain-based coalition member management method and device and computer equipment | |
| CN111614624A (en) | Risk detection method, device, system and storage medium | |
| CN112491930A (en) | System risk dynamic monitoring method, system, computer equipment and storage medium | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| CN112446613A (en) | External access client wind control method, device, equipment and storage medium | |
| US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN114221807A (en) | Access request processing method and device, monitoring equipment and storage medium | |
| CN113687800A (en) | File printing processing method and device, computer equipment and storage medium | |
| CN113450149A (en) | Information processing method and device, electronic equipment and computer readable medium | |
| CN112767166A (en) | Method and device for controlling risk of transaction behavior, computer equipment and storage medium | |
| CN113360575A (en) | Method, device, equipment and storage medium for supervising transaction data in alliance chain | |
| CN111447199A (en) | Server risk analysis method, server risk analysis device, and medium | |
| CN110233814B (en) | Intelligent virtual private network system for industrial Internet of things | |
| CN112330458B (en) | Wind control processing method, device, equipment and storage medium based on wind control platform | |
| CN111770181B (en) | Access method, device and equipment of Internet of things equipment | |
| CN114844662B (en) | Network security policy management method, device and equipment | |
| CN114443666A (en) | Data processing method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210305 |