CN114172743A - Safety authentication system and method for medical insurance terminal - Google Patents
Safety authentication system and method for medical insurance terminal Download PDFInfo
- Publication number
- CN114172743A CN114172743A CN202111652592.1A CN202111652592A CN114172743A CN 114172743 A CN114172743 A CN 114172743A CN 202111652592 A CN202111652592 A CN 202111652592A CN 114172743 A CN114172743 A CN 114172743A
- Authority
- CN
- China
- Prior art keywords
- medical insurance
- terminal
- authentication
- insurance terminal
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000012795 verification Methods 0.000 claims description 18
- 206010048669 Terminal state Diseases 0.000 claims description 6
- 230000006870 function Effects 0.000 description 6
- 230000004913 activation Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Medical Treatment And Welfare Office Work (AREA)
Abstract
本发明公开一种用于医保终端的安全认证系统和方法,包括S1:构建终端认证网关;S2:终端认证网关对医保终端进行身份认证,认证成功后将医保终端的身份信息列入白名单,医保终端激活成功;S3:医保终端激活成功后,发送业务请求到终端认证网关,终端认证网关检测医保终端的ip是否在白名单内,如果ip在白名单内且是医保终端管理的请求则转发到医保终端管理平台从而建立联系。终端认证网关部署在各区域的医保终端管理平台的接入区,解决网络通信不稳定的问题;另外,终端认证网关集成了安全认证的功能,即将安全认证功能从医保终端管理平台转移到终端认证网关,降低了医保终端管理平台安全认证的压力,减少了计算资源的使用,从而提高稳定性。The invention discloses a security authentication system and method for a medical insurance terminal, including S1: constructing a terminal authentication gateway; S2: the terminal authentication gateway performs identity authentication on the medical insurance terminal, and whitelists the identity information of the medical insurance terminal after the authentication is successful; The medical insurance terminal is successfully activated; S3: After the medical insurance terminal is successfully activated, it sends a service request to the terminal authentication gateway, and the terminal authentication gateway detects whether the IP of the medical insurance terminal is in the whitelist, and forwards the request if the IP is in the whitelist and is a medical insurance terminal management request. Go to the medical insurance terminal management platform to establish contact. The terminal authentication gateway is deployed in the access area of the medical insurance terminal management platform in each region to solve the problem of unstable network communication; in addition, the terminal authentication gateway integrates the function of security authentication, that is, the security authentication function is transferred from the medical insurance terminal management platform to the terminal authentication. The gateway reduces the pressure of security certification of the medical insurance terminal management platform, reduces the use of computing resources, and improves stability.
Description
Technical Field
The invention relates to the technical field of medical insurance security, in particular to a security authentication system and a security authentication method for a medical insurance terminal.
Background
A medical insurance integrated service terminal (hereinafter referred to as a medical insurance terminal) is a terminal supporting code scanning application, face brushing application and medical insurance mobile payment application, is an important carrier for popularizing medical insurance electronic certificate application and realizing full-flow card-off hospitalization and hospitalization convenience service, and is an important component of national medical insurance informatization construction.
When the medical insurance terminal is accessed to the national medical insurance private network, strict safety requirements exist, safety certification is required, and the medical insurance terminal is allowed to access the national medical insurance private network after passing the safety certification. The whole safety certification process comprises three processes of safety certificate filling, medical insurance terminal activation certification and medical insurance terminal management system safety certification.
However, in the implementation of falling to the ground, some problems exist in the whole set of technical process of discovering the security authentication of the medical insurance terminal, which are mainly embodied in the following aspects:
1. medical insurance terminals are installed and deployed all over the country, and in some remote places, when the IPSec virtual VPN technology is used for carrying out network communication with a national medical insurance private network, the problem of unstable network signals exists, the state information of the terminals cannot be accurately acquired, and the APP and firmware upgrading is carried out on the terminals, so that disconnection occurs.
2. As medical insurance terminals in the whole country carry out safety certification through the medical insurance terminal management system, the monitoring of computing resources shows that the use of computing resources such as a memory, a CPU and the like of the medical insurance terminal management system is overhigh and sometimes exceeds a threshold value, and the stability of the system is reduced.
Disclosure of Invention
Aiming at the problem of low safety authentication stability of a medical insurance terminal in the prior art, the invention provides a safety authentication system and a method for the medical insurance terminal, a terminal authentication gateway is constructed based on OpenResty + Redis + Lua, and the communication stability is improved by deploying the terminal authentication gateway in each area; meanwhile, the safety certification function is integrated, the calculated amount of a medical insurance terminal management platform is reduced, and therefore the stability of safety certification is improved.
In order to achieve the purpose, the invention provides the following technical scheme:
a safety authentication system for a medical insurance terminal comprises a terminal authentication gateway; the terminal authentication gateway collects identity information of the medical insurance terminal, after authentication is successful, the medical insurance terminal and the medical insurance terminal management platform establish communication connection, and start to carry out service interaction with other service systems.
Preferably, the terminal authentication gateway communicates with the medical insurance terminal through a GRE tunnel.
Preferably, the terminal authentication gateway comprises an identity authentication unit, a communication unit and a storage unit; the identity authentication unit verifies and authenticates the identity information of the medical insurance terminal through the communication unit, and after the authentication is successful, the identity information of the medical insurance terminal is recorded into the storage unit as a white list.
Based on the system, the invention also provides a safety authentication method for the medical insurance terminal, which specifically comprises the following steps:
s1: constructing a terminal authentication gateway based on OpenResty + Redis + Lua;
s2: the terminal authentication gateway performs identity authentication on the medical insurance terminal, after the authentication is successful, the identity information of the medical insurance terminal is listed in a white list, and the medical insurance terminal is successfully activated;
s3: after the medical insurance terminal is successfully activated, a service request is sent to a terminal authentication gateway, the terminal authentication gateway detects whether the ip of the medical insurance terminal is in a white list, and if the ip is not in the white list, error information with insufficient authority is returned to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, the ip is forwarded to the medical insurance terminal management platform so as to establish the connection, and if not, the ip is forwarded to the service system corresponding to the requested domain name.
Preferably, in S1, the method for constructing the terminal authentication gateway includes:
firstly, using yum commands to install a database corresponding to the OpenResty system, then installing the OpenResty system and a Redis cache database, and then installing a Lua script and an OpenResty configuration file, thereby constructing a terminal authentication gateway; and after the establishment is successful, checking the connection state of the terminal authentication gateway and the identity authentication center, if the connection is successful, finishing the connection, and if the connection is unsuccessful, checking the network communication state and the working state of the identity authentication center.
Preferably, the S2 includes:
s2-1: the terminal authentication gateway monitors the 8081 port, receives a request original text signal sent by the medical insurance terminal, and the identity authentication unit returns original text data to the medical insurance terminal after receiving the request original text signal;
s2-2: the medical insurance terminal calculates a signature according to the original text and sends a request Token signal to the terminal authentication gateway, the terminal authentication gateway detects whether the signature exists in the request Token signal, if not, the signature is acquired from the medical insurance terminal management platform, if so, the medical insurance terminal state is acquired from the medical insurance terminal management platform and the medical insurance terminal state and the Token value are returned to the medical insurance terminal after the signature exists and the signature passes the authentication of the identity authentication center;
s2-3: the medical insurance terminal sends a Token verification request signal to the terminal authentication gateway, whether Token verification is successful or not is judged, if Token verification is successful, the ip of the medical insurance terminal is listed in a white list and is input into the storage unit, meanwhile, a verification success signal is returned to the medical insurance terminal, the medical insurance terminal is activated successfully, and if Token verification is failed, the medical insurance terminal is activated unsuccessfully.
Preferably, the S3 includes:
s3-1: when the service request is an http request, adding a Lua code at an access _ by _ Lua _ block stage of the OpenResty system, judging whether the ip of the medical insurance terminal is in a white list, and if the ip is not in the white list, returning error information with insufficient authority to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, forwarding the ip to the medical insurance terminal management platform to establish a connection, and if not, forwarding the ip to a service system corresponding to the requested domain name;
s3-2: when the service request is an https request, opening a ssl _ read function, embedding a Lua code in a read _ by _ Lua _ block stage of the OpenResty system to judge a white list, and if the ip is not in the white list, returning error information with insufficient authority to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, the ip is forwarded to the medical insurance terminal management platform so as to establish the connection, and if not, the ip is forwarded to the business system corresponding to the requested domain name.
In summary, due to the adoption of the technical scheme, compared with the prior art, the invention at least has the following beneficial effects:
the method and the system construct a terminal authentication gateway based on OpenResty + Redis + Lua, install and deploy in the access area of the medical insurance terminal management platform of each area, and solve the problem of unstable network communication; in addition, the terminal authentication gateway integrates the function of safety authentication, namely the safety authentication function is transferred from the medical insurance terminal management platform to the terminal authentication gateway, the pressure of safety authentication is reduced, the waste of computing resources is reduced, and the stability is improved.
Description of the drawings:
fig. 1 is a schematic diagram of a security authentication system for a medical insurance terminal according to an exemplary embodiment of the invention.
Fig. 2 is a schematic diagram of a security authentication method for a medical insurance terminal according to an exemplary embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to examples and embodiments. It should be understood that the scope of the above-described subject matter is not limited to the following examples, and any techniques implemented based on the disclosure of the present invention are within the scope of the present invention.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience of description and for simplicity of description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, are not to be construed as limiting the present invention.
The technical scheme of the invention is that a terminal authentication gateway is deployed in a medical insurance core private network access area of each province, a communication operator is responsible for constructing a GRE tunnel to enable network requests of medical insurance terminals to pass through the terminal authentication gateway deployed in the area, the terminal authentication gateway performs security authentication on the network requests through an identity authentication (CA) gateway, and the network requests are allowed to be forwarded to a medical insurance terminal management platform after the security authentication is successful.
As shown in fig. 1, the present invention provides a security authentication system for a medical insurance terminal, which includes a medical insurance terminal, a terminal authentication gateway and a medical insurance terminal management platform;
the medical insurance terminal sends the identity information to the terminal authentication gateway through a GRE tunnel (point-to-point connection is realized, and the transmission speed and stability of signals are improved), and after the identity information authentication is successful, the medical insurance terminal and the medical insurance terminal management platform establish connection communication.
In this embodiment, the terminal authentication gateway includes an identity authentication unit, a communication unit, and a storage unit.
The identity authentication unit verifies and authenticates the identity of the medical insurance terminal through the communication unit, and after the identity authentication is successful, the identity information of the medical insurance terminal is used as a white list and is recorded into the storage unit.
As shown in fig. 2, the present invention provides a security authentication method for a medical insurance terminal, which specifically includes the following steps:
s1: constructing a terminal authentication gateway based on OpenResty + Redis + Lua:
firstly, an yum command is used for installing a database required by the OpenResty device, then the OpenResty device and the Redis cache database are installed, and then a Lua script and an OpenResty configuration file are installed, so that the terminal authentication gateway is constructed. And after the establishment is successful, checking the connection state of the terminal authentication gateway and the identity authentication center, if the connection is successful, finishing the connection, and if the connection is unsuccessful, checking whether the network communication is in problem or not and whether the identity authentication center is not started or not. After the connection is successful, the connection state of the terminal authentication gateway and the identity authentication center is checked
S2: and the terminal authentication gateway performs identity authentication on the medical insurance terminal, after the authentication is successful, the identity information of the medical insurance terminal is listed in a white list, and the medical insurance terminal is successfully activated.
In this embodiment, for a network request of the medical insurance terminal security authentication, the openness of the terminal authentication gateway does not perform white list verification, the parameters are directly assembled in the Lua script, the network request is forwarded to the identity authentication (CA) gateway, once the security authentication passes, the ip address of the terminal is written into a white list data structure of the Redis database, and meanwhile, the interface of the medical insurance terminal prompts successful activation.
In this embodiment, the network request for the security authentication of the medical insurance terminal includes a request original text, a request Token, and a Token check.
S2-1: the terminal authentication gateway monitors the 8081 port, receives the original text request signal sent by the medical insurance terminal, and the identity authentication unit returns the original text data to the medical insurance terminal after receiving the original text request signal.
S2-2: the medical insurance terminal calculates a signature according to the original text and sends a request Token signal (including the signature, the original text, a security certificate and the like) to the terminal authentication gateway, the terminal authentication gateway detects whether the signature exists in the request Token signal, if not, the signature is acquired from the medical insurance terminal management platform, if so, and after the authentication succeeds through the identity authentication center, the medical insurance terminal state (activated, inactivated, frozen and locked) is acquired from the medical insurance terminal management platform, and then the medical insurance terminal state and the Token value are returned to the medical insurance terminal.
S2-3: the medical insurance terminal sends a Token verification request signal to the terminal authentication gateway, whether Token verification is successful is judged, if Token verification is successful, the ip of the medical insurance terminal is listed in a white list and is input into the storage unit, meanwhile, a verification success signal is returned to the medical insurance terminal, and the medical insurance terminal is activated successfully; if the token check fails, the medical insurance terminal fails to activate, all service requests on the medical insurance terminal cannot succeed, the cause of the problem needs to be checked, and after the problem is solved, the machine is restarted and the activating process is carried out again.
In this embodiment, the Token value is used as a security Token, and there is a security risk of interception and tampering in the transmission process, so that the Token value needs to be verified, and the ip of the medical insurance terminal is listed in the white list only if verification is successful.
S3: after the medical insurance terminal is successfully activated, sending a service request (an http protocol, an https protocol, an ntp protocol and an mqtt protocol) to a terminal authentication gateway, detecting whether an ip of the medical insurance terminal is in a white list by the terminal authentication gateway, and if the ip is not in the white list, returning error information with insufficient authority to the medical insurance terminal; if the ip is in the white list and the request is the request of the medical insurance terminal management, the ip is forwarded to the medical insurance terminal management platform so as to establish the connection, and if the ip is not the request of the medical insurance terminal management, the ip is forwarded to other business systems corresponding to the request domain name.
In this embodiment, if the medical insurance terminal sends a non-service related network request, for example, an ntp protocol request for time synchronization, the terminal authentication gateway does not perform security authentication, and directly forwards the request to the medical insurance terminal management platform.
In this embodiment, when the terminal authentication gateway sends a service request, a function of white list verification is added to the http request and the https request at different processing stages of openreserve, so that the terminal is prevented from performing identity verification too frequently, resource consumption is reduced, and stability is improved.
S3-1: when the service request is an http request, adding a Lua code at an access _ by _ Lua _ block stage of an OpenResty system, wherein the Lua code is realized by firstly obtaining a Redis connection from a Redis cache database connection pool to obtain an operation example of the Redis, judging whether the IP of the medical insurance terminal is stored in a white list or not through the operation example of the Redis (so that the phenomenon that the Redis example is frequently created and memory overflow is caused can be avoided), if not, prompting error report is carried out, and if the IP is in the white list, forwarding the service request to a medical insurance terminal management platform through a proxy _ pass instruction.
S3-2: when the service request is an https request, the ssl _ read function is required to be opened, and the version of the used TSL communication protocol is required to be above v1.2, because the target domain name is to be acquired, if the TSL version is too low, the field of the target domain name is not provided, and cannot be acquired. In addition, for the processing of https requests, it is particularly necessary to embed Lua codes in the pre _ by _ Lua _ block stage for white list control.
In this embodiment, because https communication is encrypted communication, the destination domain name of the request can only be obtained in a handshake phase, that is, a pre _ by _ lua _ block phase, and the access _ by _ lua _ block phase already enters an encrypted communication phase for the https request, and therefore the destination domain name of the request cannot be obtained.
According to the invention, the terminal authentication gateway is directly deployed in the access area of the private network of the medical insurance in each area, and meanwhile, the GRE tunnel technology is used in the environment of the Internet of things, so that the network connection is more stable and reliable, the services such as the activation authentication of the medical insurance terminal interface, the face-brushing settlement and the like are more efficient, and the problems of unstable network connection, failure in activation authentication and the like do not occur. Meanwhile, each area is provided with a deployment terminal authentication gateway, so that the concurrence pressure of a medical insurance terminal management platform is effectively relieved, and the condition that the computing resources exceed the threshold value is avoided.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.
Claims (7)
1. A safety certification system for a medical insurance terminal is characterized by comprising a terminal certification gateway; the terminal authentication gateway collects identity information of the medical insurance terminal, and after the authentication is successful, the medical insurance terminal and the medical insurance terminal management platform establish communication connection.
2. The security authentication system for the medical insurance terminal as claimed in claim 1, wherein the terminal authentication gateway communicates with the medical insurance terminal through a GRE tunnel.
3. The security authentication system of claim 1, wherein the terminal authentication gateway comprises an identity authentication unit, a communication unit, and a storage unit; the identity authentication unit verifies and authenticates the identity information of the medical insurance terminal through the communication unit, and after the authentication is successful, the identity information of the medical insurance terminal is recorded into the storage unit as a white list.
4. A safety authentication method for a medical insurance terminal is characterized by comprising the following steps:
s1: constructing a terminal authentication gateway based on OpenResty + Redis + Lua;
s2: the terminal authentication gateway performs identity authentication on the medical insurance terminal, after the authentication is successful, the identity information of the medical insurance terminal is listed in a white list, and the medical insurance terminal is successfully activated;
s3: after the medical insurance terminal is successfully activated, a service request is sent to a terminal authentication gateway, the terminal authentication gateway detects whether the ip of the medical insurance terminal is in a white list, and if the ip is not in the white list, error information with insufficient authority is returned to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, the ip is forwarded to the medical insurance terminal management platform so as to establish the connection, and if not, the ip is forwarded to the service system corresponding to the requested domain name.
5. The security authentication method for the medical insurance terminal according to claim 4, wherein in S1, the terminal authentication gateway is constructed by:
firstly, using yum commands to install a database corresponding to the OpenResty system, then installing the OpenResty system and a Redis cache database, and then installing a Lua script and an OpenResty configuration file, thereby constructing a terminal authentication gateway; and after the establishment is successful, checking the connection state of the terminal authentication gateway and the identity authentication center, if the connection is successful, finishing the connection, and if the connection is unsuccessful, checking the network communication state and the working state of the identity authentication center.
6. The security authentication method for the medical insurance terminal according to claim 4, wherein the S2 includes:
s2-1: the terminal authentication gateway monitors the 8081 port, receives a request original text signal sent by the medical insurance terminal, and the identity authentication unit returns original text data to the medical insurance terminal after receiving the request original text signal;
s2-2: the medical insurance terminal calculates a signature according to the original text and sends a request Token signal to the terminal authentication gateway, the terminal authentication gateway detects whether the signature exists in the request Token signal, if not, the signature is acquired from the medical insurance terminal management platform, if so, the medical insurance terminal state is acquired from the medical insurance terminal management platform and the medical insurance terminal state and the Token value are returned to the medical insurance terminal after the signature exists and the signature passes the authentication of the identity authentication center;
s2-3: the medical insurance terminal sends a Token verification request signal to the terminal authentication gateway, whether Token verification is successful or not is judged, if Token verification is successful, the ip of the medical insurance terminal is listed in a white list and is input into the storage unit, meanwhile, a verification success signal is returned to the medical insurance terminal, the medical insurance terminal is activated successfully, and if Token verification is failed, the medical insurance terminal is activated unsuccessfully.
7. The security authentication method for the medical insurance terminal according to claim 4, wherein the S3 includes:
s3-1: when the service request is an http request, adding a Lua code at an access _ by _ Lua _ block stage of the OpenResty system, judging whether the ip of the medical insurance terminal is in a white list, and if the ip is not in the white list, returning error information with insufficient authority to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, forwarding the ip to the medical insurance terminal management platform to establish a connection, and if not, forwarding the ip to a service system corresponding to the requested domain name;
s3-2: when the service request is an https request, opening a ssl _ read function, embedding a Lua code in a read _ by _ Lua _ block stage of the OpenResty system to judge a white list, and if the ip is not in the white list, returning error information with insufficient authority to the medical insurance terminal; if the ip is in the white list and the request is the medical insurance terminal management, the ip is forwarded to the medical insurance terminal management platform so as to establish the connection, and if not, the ip is forwarded to the business system corresponding to the requested domain name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652592.1A CN114172743B (en) | 2021-12-30 | 2021-12-30 | Safety authentication system and method for medical insurance terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652592.1A CN114172743B (en) | 2021-12-30 | 2021-12-30 | Safety authentication system and method for medical insurance terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114172743A true CN114172743A (en) | 2022-03-11 |
| CN114172743B CN114172743B (en) | 2024-07-05 |
Family
ID=80488683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111652592.1A Active CN114172743B (en) | 2021-12-30 | 2021-12-30 | Safety authentication system and method for medical insurance terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172743B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116188180A (en) * | 2023-04-25 | 2023-05-30 | 浩然加中医疗科技(山东)有限公司 | Medical insurance reimbursement settlement method, system and equipment based on GRE network |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019052526A1 (en) * | 2017-09-14 | 2019-03-21 | 北京金山云网络技术有限公司 | Api invoking system, method and apparatus, electronic device and storage medium |
| CN109920525A (en) * | 2019-03-11 | 2019-06-21 | 聂良刚 | A kind of medical treatment medicare system |
| CN110784527A (en) * | 2019-10-18 | 2020-02-11 | 三体云智能科技有限公司 | Information management system and method |
| CN112953745A (en) * | 2019-12-10 | 2021-06-11 | 顺丰科技有限公司 | Service calling method, system, computer device and storage medium |
| CN113067868A (en) * | 2021-03-18 | 2021-07-02 | 中国平安财产保险股份有限公司 | Method, device and computer equipment for maintaining long connection |
-
2021
- 2021-12-30 CN CN202111652592.1A patent/CN114172743B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019052526A1 (en) * | 2017-09-14 | 2019-03-21 | 北京金山云网络技术有限公司 | Api invoking system, method and apparatus, electronic device and storage medium |
| CN109920525A (en) * | 2019-03-11 | 2019-06-21 | 聂良刚 | A kind of medical treatment medicare system |
| CN110784527A (en) * | 2019-10-18 | 2020-02-11 | 三体云智能科技有限公司 | Information management system and method |
| CN112953745A (en) * | 2019-12-10 | 2021-06-11 | 顺丰科技有限公司 | Service calling method, system, computer device and storage medium |
| CN113067868A (en) * | 2021-03-18 | 2021-07-02 | 中国平安财产保险股份有限公司 | Method, device and computer equipment for maintaining long connection |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116188180A (en) * | 2023-04-25 | 2023-05-30 | 浩然加中医疗科技(山东)有限公司 | Medical insurance reimbursement settlement method, system and equipment based on GRE network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114172743B (en) | 2024-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102206562B1 (en) | System for managing control flow for remote execution code based node and method thereof | |
| JP6231054B2 (en) | Verification and management of wireless device platforms | |
| CN110213215B (en) | Resource access method, device, terminal and storage medium | |
| US11349831B2 (en) | Technique for downloading a network access profile | |
| CN104754582B (en) | Safeguard the client and method of BYOD safety | |
| CN111490981B (en) | Access management method and device, bastion machine and readable storage medium | |
| CN108833122A (en) | Awakening method, device and the storage medium of vehicle-carrying communication controller | |
| CN107623698B (en) | Method and device for remotely debugging network equipment | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| CN110557318B (en) | Method for realizing safe remote operation of IOT equipment | |
| US12277424B2 (en) | Cloud-based provisioning of UEFI-enabled systems | |
| CN100559763C (en) | A Method for Integrity Checking of Remote Network Services | |
| CN114172743A (en) | Safety authentication system and method for medical insurance terminal | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| KR101900710B1 (en) | Management method of trusted application download, management server, device and system using it | |
| CN108664805B (en) | Application program safety verification method and system | |
| CN106919812B (en) | Application process authority management method and device | |
| CN102158480A (en) | Method, system and device for controlling system service recovery | |
| KR20220041706A (en) | Authentication method and device, computing equipment and medium | |
| CN116962149A (en) | Network fault detection method and device, storage medium and electronic equipment | |
| CN113852596B (en) | Application authentication proxy method and system based on Kubernetes | |
| CN116233507A (en) | Android intelligent television box management method and device | |
| US12166759B2 (en) | System for remote execution code-based node control flow management, and method therefor | |
| CN116386170A (en) | Entrance guard door opening method and system based on intelligent watch, device and intelligent watch | |
| CN116319637B (en) | Method and device for handling process exceptions when uploading instant messaging chat data to a chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20250310 Address after: Floor 2, No. 101, Minzu Road, Yuzhong District, Chongqing 400010 Patentee after: Chongqing Medicine Exchange Co.,Ltd. Country or region after: China Address before: 401336 No. 132, Nanbin Road, Nan'an District, Chongqing Patentee before: CHONGQING MEDICAL DATA & INFO. TECH. CO.,LTD. Country or region before: China |