CN112559825B - Service processing method, device, computing equipment and medium - Google Patents
Service processing method, device, computing equipment and medium Download PDFInfo
- Publication number
- CN112559825B CN112559825B CN202011584913.4A CN202011584913A CN112559825B CN 112559825 B CN112559825 B CN 112559825B CN 202011584913 A CN202011584913 A CN 202011584913A CN 112559825 B CN112559825 B CN 112559825B
- Authority
- CN
- China
- Prior art keywords
- data
- shielding
- identifier
- original data
- original
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 18
- 238000012545 processing Methods 0.000 claims abstract description 61
- 238000000034 method Methods 0.000 claims abstract description 41
- 238000004590 computer program Methods 0.000 claims description 17
- 230000000873 masking effect Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000013507 mapping Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000009472 formulation Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000000758 substrate Substances 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present disclosure provides a service processing method, which can be used in the fields of information security and the like. The method comprises the following steps: receiving a query request from a terminal device; determining first original data and a first data identifier according to a service processing query request; shielding the first original data to obtain first shielding data; transmitting the first shielding data and the first data identifier to terminal equipment; receiving a service processing request comprising second shielding data and a second data identifier from the terminal equipment; acquiring second original data corresponding to the second data identifier, and performing shielding treatment on the second original data to obtain third shielding data; and executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data. The present disclosure also provides a business processing apparatus, a computing device, and a computer storage medium.
Description
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a service processing method, apparatus, a computing device, and a computer storage medium.
Background
Information exchange in the internet is more frequent, and the safety of interactive information of users is more and more important. In order to ensure the safety of the interactive information of the user, the related technology encrypts and decrypts the data when the front end and the rear end transmit the data in the process of processing the service. This method requires encryption and decryption operations, and is inefficient and difficult to implement fast response.
Disclosure of Invention
One aspect of the present disclosure provides a service processing method, including: receiving a query request from a terminal device; determining first original data and a first data identifier of the first original data according to the query request; performing shielding processing on the first original data to obtain first shielding data; transmitting the first shielding data and the first data identifier to the terminal equipment; receiving a service processing request from a terminal device, wherein the service processing request comprises second shielding data and a second data identifier corresponding to the second shielding data, and the second shielding data is one of at least one first shielding data received by the terminal device; acquiring second original data corresponding to the second data identifier, and performing shielding processing on the second original data to obtain third shielding data; and executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data.
Optionally, the determining the first data identifier of the first original data includes: and generating a random character string as the first data identifier according to a preset random number algorithm and the first original data.
Optionally, the first original data is stored in a preset array; the determining the first data identifier of the first original data includes: and determining the subscript of the first original data in the preset array as the first data identifier.
Optionally, the masking the first raw data or the second raw data includes: determining at least one critical data bit from a plurality of data bits in the first raw data or the second raw data; and replacing the character in the at least one key data bit with a preset character.
Optionally, the service processing request further includes a session identifier; the method further comprises the steps of: checking the session identifier; and generating error information under the condition that the session identification fails verification.
Optionally, the method further comprises: and storing the corresponding relation between the first shielding data and the first data identifier into a cache.
Optionally, the acquiring the second original data corresponding to the second data identifier includes: and reading second original data corresponding to the second data identifier in the cache.
Another aspect of the present disclosure provides a service processing apparatus, including: the first receiving module is used for receiving a query request from the terminal equipment; the determining module is used for determining first original data and a first data identifier of the first original data according to the query request; the shielding module is used for carrying out shielding processing on the first original data to obtain first shielding data; the sending module is used for sending the first shielding data and the first data identifier to the terminal equipment; a second receiving module, configured to receive a service processing request from a terminal device, where the service processing request includes second mask data and a second data identifier corresponding to the second mask data, where the second mask data is one of at least one first mask data received by the terminal device; the acquisition module is used for acquiring second original data corresponding to the second data identifier, and carrying out shielding processing on the second original data to obtain third shielding data; and the execution module is used for executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data.
Another aspect of the present disclosure provides a computing device comprising: one or more processors; and a storage means for storing one or more programs, which when executed by the one or more processors cause the one or more processors to implement the methods as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, are configured to implement a method as described above.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which when executed are for implementing a method as described above.
According to the business processing method disclosed by the embodiment of the invention, encryption and decryption of transmission data of front and rear ends are not needed, so that business processing services can be provided for users more efficiently. In addition, according to the embodiment of the disclosure, the shielding data transmitted to the terminal device reserves key information of the original data, so that a user can identify required information through the key information, meanwhile, the shielding data is incomplete relative to the original data, illegal activities cannot be performed by illegal molecules through the incomplete information, and information security of the original data can be protected.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates a system architecture of a service processing method and a service processing apparatus according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flow chart of a business processing method according to an embodiment of the disclosure;
fig. 3 schematically illustrates a traffic processing method according to another embodiment of the present disclosure;
fig. 4 schematically illustrates a block diagram of a traffic processing apparatus according to an embodiment of the present disclosure; and
fig. 5 schematically illustrates a block diagram of a computer system suitable for implementing the methods of embodiments of the present disclosure, in accordance with an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a formulation similar to at least one of "A, B or C, etc." is used, in general such a formulation should be interpreted in accordance with the ordinary understanding of one skilled in the art (e.g. "a system with at least one of A, B or C" would include but not be limited to systems with a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some of the block diagrams and/or flowchart illustrations are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, when executed by the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). Additionally, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon, the computer program product being for use by or in connection with an instruction execution system.
The embodiment of the disclosure provides a service processing method and a service processing device capable of applying the method. The method comprises the steps of receiving a query request from a terminal device; determining first original data and a first data identifier of the first original data according to the query request; shielding the first original data to obtain first shielding data; transmitting the first shielding data and the first data identifier to terminal equipment; receiving a service processing request from a terminal device, wherein the service processing request comprises second shielding data and a second data identifier corresponding to the second shielding data; acquiring second original data corresponding to the second data identifier, and performing shielding treatment on the second original data to obtain third shielding data; and executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data.
It should be noted that, the service processing method and apparatus according to the embodiments of the present disclosure may be used in the field of information security, and may also be used in any field other than the field of information security, and the application fields of the service processing method and apparatus are not limited in the present disclosure.
Fig. 1 schematically illustrates a system architecture of a service processing method and a service processing apparatus according to an embodiment of the present disclosure. It should be noted that fig. 1 is merely an example of a scenario in which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a backend management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The backend management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that, the service processing method provided in the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the service processing apparatus provided in the embodiments of the present disclosure may be generally disposed in the server 105. The service processing method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the service processing apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Fig. 2 schematically shows a flow chart of a traffic handling method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S210 to S270.
In operation S210, a query request from a terminal device is received.
According to an embodiment of the present disclosure, a query request is used to request a server to query specified data and feed back the specified data to a terminal device.
In operation S220, first original data and a first data identification of the first original data are determined according to the query request.
According to the embodiment of the disclosure, a server obtains specified data corresponding to a query request, namely first original data, according to the query request, and obtains an identifier of the specified data, namely a first data identifier.
According to embodiments of the present disclosure, the mapping relationship of the first raw data and the first data identifier may be stored in a cache for subsequent queries.
For example, in this embodiment, a random string may be generated as the first data identifier according to a preset random number algorithm and the first original data. The subscript of the first original data in the preset array can also be determined and used as the first data identifier. It should be noted that the above method for determining the first original data identifier is merely an example, and the disclosure is not limited thereto.
In operation S230, masking processing is performed on the first raw data to obtain first masked data.
According to the embodiment of the disclosure, the data queried by the terminal device cannot be directly transmitted to the terminal device for reasons of data confidentiality and the like. Based on this, the server can perform a masking process on the acquired data before transmitting the data to the terminal device.
According to the embodiment of the disclosure, at least one key data bit can be determined from a plurality of data bits in the first original data, characters in the at least one key data bit are replaced by preset characters, so that shielding processing of the first original data is completed, and data obtained after the shielding processing of the first original data is first shielding data. The preset characters can be, for example, numerals, letters, symbols or any combination of numerals, letters and symbols. For example, in this embodiment, the preset character may be "×".
According to embodiments of the present disclosure, the critical data bits masked in the masking process may be different for different types of data. For example, if the data to be masked is an 11-bit mobile phone number, the key data bits may be bits 4 to 7. If the data to be masked is a bank card number, other data bits except the last 4 bits can be used as key data bits.
The first mask data and the first data identity are transmitted to the terminal device in operation S240.
In operation S250, a service processing request from a terminal device is received.
Wherein the service processing request includes second mask data and a second data identifier corresponding to the second mask data. Wherein the second shielding data is one of at least one first shielding data received by the terminal equipment.
According to the embodiment of the disclosure, after receiving the shielding data sent by the server and the data identifier corresponding to the shielding data, the terminal device can display the shielding data. In this embodiment, the number of the shielding data sent to the terminal device by the server may be multiple, and the terminal device may display the multiple shielding data to the user, so that the user may select the required data from the multiple shielding data, where the shielding data selected by the user is the second shielding data, and the identifier corresponding to the second shielding data is the second data identifier.
In operation S260, second original data corresponding to the second data identifier is obtained, and masking processing is performed on the second original data to obtain third masked data.
According to the embodiment of the disclosure, the server may search the original data corresponding to the second data identifier, that is, the second original data, according to the mapping relationship in the cache. And executing the same shielding treatment on the second original data as when the first original data is shielded, and obtaining second original data after shielding the key position, namely third shielding data.
According to the embodiment of the present disclosure, the terminal device may also transmit the session identifier to the server through the service processing request, and the server may check the session identifier, and in case the session identifier passes the check, operations S260 to S270 are performed again. In case the session identification does not pass the verification, an error message is generated and operations S260 to S270 are not performed any more. In this embodiment, the session identifier may be a token, for example.
In operation S270, in case that the second mask data is identical to the third mask data, a service operation corresponding to the service processing request is performed according to the second original data.
According to the business processing method disclosed by the embodiment of the invention, encryption and decryption of transmission data of front and rear ends are not needed, so that business processing services can be provided for users more efficiently. In addition, according to the embodiment of the disclosure, the shielding data transmitted to the terminal device reserves key information of the original data, so that a user can identify required information through the key information, meanwhile, the shielding data is incomplete relative to the original data, illegal activities cannot be performed by illegal molecules through the incomplete information, and information security of the original data can be protected.
The method illustrated in fig. 2 is further described below with reference to fig. 3 in conjunction with an exemplary embodiment.
Those skilled in the art will appreciate that the following example embodiments are merely for the understanding of the present disclosure, and the present disclosure is not limited thereto.
Fig. 3 schematically illustrates a traffic processing method according to another embodiment of the present disclosure.
As shown in fig. 3, the terminal device is located as a front end, in an external network, and the server is located as a rear end, in an internal network. The back end queries the data according to the request of the front end, processes the actual data after the query, and establishes a mapping relation between the actual data and the data identification to a mapping cache module. The back end performs shielding treatment on the data key bits of the actual data, and returns the data after shielding treatment and the data identification corresponding to the data to the front end. And the front end displays the data according to the data returned by the back end. The front end transmits the data selected by the user, the identification (array subscript or random dynamic number) corresponding to the data and the current session identification token of the user to the back end. The back end transmits the information according to the front end: and checking whether the current customer token is valid or not, then calling an information checking module, calling a mapping cache module, acquiring actual data and a data corresponding identifier, and performing shielding processing on the actual data to acquire shielded data. And comparing and checking the acquired data and the data identifier with the data transmitted by the front end. And if the mapping relation is consistent, checking is passed, and continuing to process the service. If the verification is inconsistent, the verification fails, and the subsequent business processing is not performed.
Fig. 4 schematically shows a block diagram of a traffic processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 4, the service processing apparatus 400 includes a first receiving module 410, a determining module 420, a shielding module 430, a transmitting module 440, a second receiving module 450, an acquiring module 460, and an executing module 470. The service processing apparatus 400 may perform the methods described above with reference to fig. 2 to 3.
Specifically, the first receiving module 410 may be configured to receive a query request from a terminal device.
The determining module 420 may be configured to determine, according to the query request, first original data and a first data identifier of the first original data.
The masking module 430 may be configured to mask the first raw data to obtain first masked data.
The sending module 440 may be configured to send the first mask data and the first data identifier to the terminal device.
The second receiving module 450 may be configured to receive a service processing request from a terminal device, where the service processing request includes second mask data and a second data identifier corresponding to the second mask data, where the second mask data is one of at least one first mask data received by the terminal device.
The obtaining module 460 may be configured to obtain second original data corresponding to the second data identifier, and perform a masking process on the second original data to obtain third masked data.
The execution module 470 may be configured to execute, according to the second original data, a service operation corresponding to the service processing request when the second mask data is consistent with the third mask data.
According to the business processing device disclosed by the embodiment of the invention, the transmission data of the front end and the rear end do not need to be encrypted and decrypted, so that business processing services can be provided for users more efficiently. In addition, according to the embodiment of the disclosure, the shielding data transmitted to the terminal device reserves key information of the original data, so that a user can identify required information through the key information, meanwhile, the shielding data is incomplete relative to the original data, illegal activities cannot be performed by illegal molecules through the incomplete information, and information security of the original data can be protected.
Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
For example, any of the first receiving module 410, the determining module 420, the shielding module 430, the transmitting module 440, the second receiving module 450, the obtaining module 460, and the executing module 470 may be combined in one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the first receiving module 410, the determining module 420, the shielding module 430, the transmitting module 440, the second receiving module 450, the obtaining module 460, and the executing module 470 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable way of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three. Alternatively, at least one of the first receiving module 410, the determining module 420, the shielding module 430, the transmitting module 440, the second receiving module 450, the obtaining module 460, and the executing module 470 may be at least partially implemented as a computer program module, which may perform the corresponding functions when being executed.
Fig. 5 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in fig. 5 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present disclosure.
As shown in fig. 5, computer system 500 includes a processor 510 and a computer-readable storage medium 520. The computer system 500 may perform methods according to embodiments of the present disclosure.
In particular, processor 510 may include, for example, a general purpose microprocessor, an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 510 may also include on-board memory for caching purposes. Processor 510 may be a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
Computer-readable storage medium 520, which may be, for example, a non-volatile computer-readable storage medium, specific examples include, but are not limited to: magnetic storage devices such as magnetic tape or hard disk (HDD); optical storage devices such as compact discs (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; etc.
The computer-readable storage medium 520 may include a computer program 521, which computer program 521 may include code/computer-executable instructions that, when executed by the processor 510, cause the processor 510 to perform a method according to an embodiment of the present disclosure or any variation thereof.
The computer program 521 may be configured with computer program code comprising, for example, computer program modules. For example, in an example embodiment, code in computer program 521 may include one or more program modules, including, for example, 521A, 521B, … …. It should be noted that the division and number of modules is not fixed, and that a person skilled in the art may use suitable program modules or combinations of program modules according to the actual situation, which when executed by the processor 510, enable the processor 510 to perform the method according to embodiments of the present disclosure or any variations thereof.
At least one of the first receiving module 410, the determining module 420, the shielding module 430, the transmitting module 440, the second receiving module 450, the obtaining module 460 and the executing module 470 may be implemented as computer program modules described with reference to fig. 5, which when executed by the processor 510, may implement the respective operations described above.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
While the present disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by the appended claims and their equivalents. The scope of the disclosure should, therefore, not be limited to the above-described embodiments, but should be determined not only by the following claims, but also by the equivalents of the following claims.
Claims (10)
1. A business processing method, comprising:
receiving a query request from a terminal device;
determining first original data and a first data identifier of the first original data according to the query request;
performing shielding processing on the first original data to obtain first shielding data;
transmitting the first shielding data and the first data identifier to the terminal equipment;
receiving a service processing request from a terminal device, wherein the service processing request comprises second shielding data and a second data identifier corresponding to the second shielding data, and the second shielding data is one of at least one first shielding data received by the terminal device;
acquiring second original data corresponding to the second data identifier, and performing shielding processing on the second original data to obtain third shielding data; and
and executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data.
2. The method of claim 1, wherein the determining the first data identification of the first raw data comprises:
and generating a random character string as the first data identifier according to a preset random number algorithm and the first original data.
3. The method of claim 1, wherein the first raw data is stored in a preset array; the determining the first data identifier of the first original data includes:
and determining the subscript of the first original data in the preset array as the first data identifier.
4. The method of claim 1, wherein the masking the first raw data or the second raw data comprises:
determining at least one critical data bit from a plurality of data bits in the first raw data or the second raw data; and
and replacing the characters in the at least one key data bit with preset characters.
5. The method of claim 1, wherein the traffic handling request further comprises a session identification; the method further comprises the steps of:
checking the session identifier; and
and generating error information under the condition that the session identification fails to pass the verification.
6. The method of claim 1, further comprising:
and storing the corresponding relation between the first shielding data and the first data identifier into a cache.
7. The method of claim 1, wherein the obtaining second raw data corresponding to the second data identification comprises:
and reading second original data corresponding to the second data identifier in the cache.
8. A traffic processing apparatus comprising:
the first receiving module is used for receiving a query request from the terminal equipment;
the determining module is used for determining first original data and a first data identifier of the first original data according to the query request;
the shielding module is used for carrying out shielding processing on the first original data to obtain first shielding data;
the sending module is used for sending the first shielding data and the first data identifier to the terminal equipment;
a second receiving module, configured to receive a service processing request from a terminal device, where the service processing request includes second mask data and a second data identifier corresponding to the second mask data, where the second mask data is one of at least one first mask data received by the terminal device;
the acquisition module is used for acquiring second original data corresponding to the second data identifier, and carrying out shielding processing on the second original data to obtain third shielding data; and
and the execution module is used for executing the business operation corresponding to the business processing request according to the second original data under the condition that the second shielding data is consistent with the third shielding data.
9. A computing device, comprising:
one or more processors;
a memory for storing one or more computer programs,
wherein the one or more computer programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 7.
10. A computer readable storage medium having stored thereon executable instructions which when executed by a processor cause the processor to implement the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011584913.4A CN112559825B (en) | 2020-12-28 | 2020-12-28 | Service processing method, device, computing equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011584913.4A CN112559825B (en) | 2020-12-28 | 2020-12-28 | Service processing method, device, computing equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112559825A CN112559825A (en) | 2021-03-26 |
| CN112559825B true CN112559825B (en) | 2024-02-23 |
Family
ID=75034162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011584913.4A Active CN112559825B (en) | 2020-12-28 | 2020-12-28 | Service processing method, device, computing equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112559825B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN110401630A (en) * | 2019-05-21 | 2019-11-01 | 杭州米雅信息科技有限公司 | Verification method, device, electronic equipment and the medium of transaction certificate |
| CN110442608A (en) * | 2019-07-31 | 2019-11-12 | 中国工商银行股份有限公司 | Information processing method, device, electronic equipment, medium and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10606851B1 (en) * | 2018-09-10 | 2020-03-31 | Palantir Technologies Inc. | Intelligent compute request scoring and routing |
-
2020
- 2020-12-28 CN CN202011584913.4A patent/CN112559825B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407843A (en) * | 2016-10-17 | 2017-02-15 | 深圳中兴网信科技有限公司 | Data desensitization method and data desensitization device |
| CN110401630A (en) * | 2019-05-21 | 2019-11-01 | 杭州米雅信息科技有限公司 | Verification method, device, electronic equipment and the medium of transaction certificate |
| CN110442608A (en) * | 2019-07-31 | 2019-11-12 | 中国工商银行股份有限公司 | Information processing method, device, electronic equipment, medium and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112559825A (en) | 2021-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10848310B2 (en) | Method and device for identifying user identity | |
| CN112019493B (en) | Identity authentication method, identity authentication device, computer equipment and medium | |
| US10032037B1 (en) | Establishing application trust levels using taint propagation as a service | |
| CN112333198A (en) | Secure cross-domain login method, system and server | |
| CN107248984B (en) | Data exchange system, method and device | |
| CN108154038B (en) | Data processing method and device | |
| US11354437B2 (en) | System and methods for providing data analytics for secure cloud compute data | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| CN114500093B (en) | Safe interaction method and system for message information | |
| CN108418679B (en) | Method and device for processing secret key under multiple data centers and electronic equipment | |
| US11133926B2 (en) | Attribute-based key management system | |
| CN114584381A (en) | Security authentication method and device based on gateway, electronic equipment and storage medium | |
| US10049222B1 (en) | Establishing application trust levels using taint propagation | |
| CN114222288A (en) | Equipment identifier generation method, equipment identifier verification method and device | |
| CN114240347A (en) | Business service secure docking method and device, computer equipment and storage medium | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN110399706B (en) | Authorization authentication method, device and computer system | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN114357472B (en) | Data tagging method, system, electronic device and readable storage medium | |
| CN112907268A (en) | Attribution method, apparatus, device and medium | |
| CN112559825B (en) | Service processing method, device, computing equipment and medium | |
| CN112769565B (en) | Method, device, computing equipment and medium for upgrading cryptographic algorithm | |
| CN112767142B (en) | Processing method, device, computing equipment and medium for transaction file | |
| CN114448722A (en) | Cross-browser login method and device, computer equipment and storage medium | |
| US20240089105A1 (en) | Systems and methods for user control and exclusion of cryptographic tokenized data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |