CN114389904B - Service terminal delivery integrated system - Google Patents

Service terminal delivery integrated system Download PDF

Info

Publication number
CN114389904B
CN114389904B CN202210294057.1A CN202210294057A CN114389904B CN 114389904 B CN114389904 B CN 114389904B CN 202210294057 A CN202210294057 A CN 202210294057A CN 114389904 B CN114389904 B CN 114389904B
Authority
CN
China
Prior art keywords
preset
service
file
network environment
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210294057.1A
Other languages
Chinese (zh)
Other versions
CN114389904A (en
Inventor
李欢
黄乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Greatwin Technology Co ltd
Original Assignee
Hunan Greatwin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Greatwin Technology Co ltd filed Critical Hunan Greatwin Technology Co ltd
Priority to CN202210294057.1A priority Critical patent/CN114389904B/en
Publication of CN114389904A publication Critical patent/CN114389904A/en
Application granted granted Critical
Publication of CN114389904B publication Critical patent/CN114389904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0488Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures
    • G06F3/04883Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0487Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser
    • G06F3/0489Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using dedicated keyboard keys or combinations thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention relates to the technical field of communication, in particular to a service terminal delivery integrated system which comprises a service input end, a data transmission module, a service end control module, a data repository and a terminal control module. According to the invention, the data are arranged in a unified cloud end and are stored in a centralized manner, so that the safety of core data is protected, and strict safety control can be realized without complicated modification of the existing IT system; meanwhile, when the terminal transmits the instruction, the service end control module only transmits the instruction information of the data request and does not decode the information; the method has the advantages that instruction information is prevented from being stolen or modified, the safety of data transmission is enhanced, when the instruction information is transmitted, pages are numbered through setting, and meanwhile, coordinate marking is carried out on different pages, so that the purpose that the instruction cannot be acquired even if the instruction is intercepted is achieved, and the safety of data transmission is further enhanced.

Description

Service terminal delivery integrated system
Technical Field
The invention relates to the technical field of communication, in particular to a service terminal delivery integrated system.
Background
Service delivery platforms are demanding telecommunications and information technology capabilities, as well as breaking through technology and network limitations. Service delivery platforms tend to be optimized to ensure high quality of service delivery in a given technology or network domain (e.g., web pages, IP multimedia subsystem, IP television, mobile television). These platforms generally create environments that facilitate both service control, creation, integration and execution, as well as multimedia control, integration and other low level communication functions.
Chinese patent publication No.: CN102594832A discloses a method and a device for a service delivery platform to develop services, which includes: a service delivery platform SDP receives a service request sent by a service provider SP, wherein the service request comprises public information and service information; performing access authentication on the SP according to the public information in the service request, and determining the route of the service request in the SDP; determining the service capability called by the service request according to the public information in the service request, and determining the information required for calling the service capability according to the service information in the service request; converting the service request into an interface supported by a service capability module providing the service capability; and sending the converted service request to the service capability module.
However, as the application of the service delivery platform becomes more widespread, the data security problem when the service delivery platform is applied also becomes more serious, and therefore, a service delivery platform with high security is urgently needed.
Disclosure of Invention
Therefore, the invention provides a service terminal delivery integrated system, which is used for solving the problem of low data interaction safety when a service delivery platform is applied in the prior art.
To achieve the above object, the present invention provides a service terminal delivery integration system, comprising,
the service input end is used for inputting a service request and can upload and download files; the service input end comprises a display component, the control system is connected with the display component, and the display component can display service information to be handled;
the data transmission module is connected with the service input end and is used for transmitting data;
the service end control module is arranged inside the service input end; when the service end control module detects that the service input end has a data request, the service end control module only transmits the instruction information of the data request and does not decode the information;
the data repository is a cloud database and is used for storing data;
the terminal control module is connected with the data repository and the data transmission module respectively;
and the risk evaluation module is arranged in the terminal control module and used for carrying out risk evaluation on file uploading and downloading operations of the service input end and judging whether to execute the operation of the service input end according to an evaluation result.
Further, a display page matrix a0 is arranged in the service side control module, and for the display page matrix a0 (a 1, a2, A3,.., An), a1 is a first preset operation page, a2 is a second preset operation page, A3 is a third preset operation page, and An is An nth preset operation page;
for the ith preset operation page Ai, i =1,2, 3,., n, the service end control module establishes a plane rectangular coordinate system Bi, the central point of the operation page Ai is the origin of the coordinate system Bi, the horizontal direction of the operation page is an X axis, the positive direction of the X axis is rightward, the direction of the X axis passing through the origin in the coordinate system Bi is vertical to the direction of the X axis and is an Y axis, and the positive direction of the Y axis is upward;
the instruction information comprises selection instruction information and input instruction information; the selection instruction information is mouse operation or touch screen point touch selection operation; the input instruction information is keyboard input instruction information or touch screen handwriting input information;
when the service end control module detects that the service input end has a data request, the service end control module detects whether the data request information is selection instruction information or input instruction information.
Furthermore, a selection operation data group matrix Z0, Z0(Z1, Z2,.., Zm) is arranged in the terminal control module, wherein Z1 is a first preset selection operation data group, Z2 is a second preset selection operation data group, Zn is an nth preset selection operation data group, and different preset selection operation data groups correspond to different operation instructions;
for the kth preset selection operation data group Zk, Zk (Aa, Xb, Xc, Yd, Yf), k =1,2,. and m, wherein Aa is operation page information of the data group Zk, Xb is an abscissa minimum value of the data group Zk, Xc is an abscissa maximum value of the data group Zk, Yd is an ordinate minimum value of the data group Zk, and Yf is an ordinate maximum value of the data group Zk;
when the data request information is selection instruction information, the service end control module records a request operation page Aj and records an operation request coordinate point (xp, yq), and the service end control module generates a data group Z and Z (Aj, xp, yq) according to the operation page number and the request coordinate point and transmits the data group Z to the terminal control module through the data transmission module;
and the terminal control module compares the data group Z with the data group in the selection operation data group matrix Z0 to determine the target instruction of the data group Z.
Further, when the data request information is input instruction information, the service end control module records a request operation page Aj and image or character information P of the input instruction information, generates a data group W, W (Aj, P) according to the operation page number and the information P, and transmits the data group W to the terminal control module through the data transmission module;
in order to ensure the accuracy of the input instruction information, only a single input instruction information entry is stored in a single operation page.
Furthermore, the service input end is provided with a data interface which can carry out file entry and download, when the service input end requests to carry out file entry, the service input end transmits a file C to be entered to the risk evaluation module,
a sensitive information group D0 and D0 (D1, D2,.., Dt) are arranged in the risk evaluation module, wherein D1 is first preset sensitive information, D2 is second preset sensitive information, and Dt is tth preset sensitive information;
setting risk evaluation parameters for different sensitive information by the risk evaluation module, wherein the risk evaluation parameter of the first preset sensitive information D1 is E1, the risk evaluation parameter of the second preset sensitive information D2 is E2,. t the risk evaluation parameter of the tth preset sensitive information Dt is Et,
the risk evaluation module is used for carrying out risk analysis on the file C to be input, when the file C to be input contains sensitive information Ds, the risk evaluation module is used for recording the sensitive information Ds and recording the risk score Es, s =1,2,.
When the file C to be recorded contains a plurality of sensitive information, the risk evaluation module records the sensitive information contained in the file C to be recorded as Ds1, Ds2, and Dsv, which are the number of the sensitive information contained in the file C to be recorded,
and the risk evaluation module calculates the total risk score of the file C to be input according to the risk evaluation parameters of the sensitive information, the network environment of the service input end and the number of the sensitive information contained in the file C to be input, and judges whether the file C to be input is input or not according to the total risk score.
Further, when the file C to be entered contains a plurality of pieces of sensitive information, the risk evaluation module calculates a total risk score Ez of the file C to be entered, Ez = (Es 1+ Es2+.. + Esv) × α × β, where α is an adjustment parameter of the network environment on the total risk score, and β is an adjustment parameter of the number of pieces of sensitive information on the total risk score;
the risk evaluation module is internally provided with a first preset total risk score evaluation value Ez1, a second preset total risk score evaluation value Ez2, Ez1 is smaller than Ez2, the risk evaluation module compares the total risk score Ez of the file C to be recorded with the first preset total risk score evaluation value Ez1 and the second preset total risk score evaluation value Ez2,
when Ez is less than or equal to Ez1, the risk evaluation module judges that the risk level of the file C to be input is a low-level risk, and allows the file C to be input to the system;
when Ez1 is larger than Ez and is not larger than Ez2, the risk evaluation module judges that the risk level of the file C to be recorded is a medium-level risk, and command permission needs to be managed when the file C to be recorded is recorded;
and when Ez is larger than Ez2, the risk evaluation module judges that the risk level of the file C to be input is a high-level risk, and the file C to be input is not allowed to be input into the system.
Furthermore, a first preset network environment, a second preset network environment and a third preset network environment are arranged in the risk evaluation module, and a first preset network environment total risk score adjusting parameter value alpha 1, a second preset network environment total risk score adjusting parameter value alpha 2 and a third preset network environment total risk score adjusting parameter value alpha 3 are also arranged in the risk evaluation module;
when the file C to be input carries out request input, the risk evaluation module judges the network environment of the terminal equipment requesting to input the file C, determines the numerical value of the adjusting parameter alpha of the total risk score of the network environment according to the network environment,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module selects alpha 1 as the numerical value of the adjustment parameter alpha of the total risk score of the network environment;
when the network environment of the terminal equipment is a second preset network environment, the risk evaluation module selects alpha 2 as the value of the adjusting parameter alpha of the total risk score of the network environment;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module selects alpha 3 as the numerical value of the adjustment parameter alpha of the network environment for total risk score.
Further, a first preset sensitive information quantity evaluation value V1, a second preset sensitive information quantity evaluation value V2, an adjustment parameter β 1 of the first preset sensitive information quantity to the total risk score, an adjustment parameter β 2 of the second preset sensitive information quantity to the total risk score, and an adjustment parameter β 3 of the third preset sensitive information quantity to the total risk score are arranged in the risk evaluation module;
the risk evaluation module compares the detected number V of the sensitive information contained in the file C to be recorded with a first preset sensitive information number evaluation value V1 and a second preset sensitive information number evaluation value V2,
when V is less than or equal to V1, the risk evaluation module selects a regulating parameter beta 1 value of the first preset sensitive information number to the total risk score as a beta value;
when V is more than or equal to V1 and is not more than V2, the risk evaluation module selects a regulating parameter beta 2 value of the total risk score of the second preset sensitive information number as a beta value;
and when V is larger than V2, the risk evaluation module selects the adjustment parameter beta 3 value of the third preset sensitive information number to the total risk score as a beta value.
Further, when the service terminal requests to download the file in the data storage base, the risk evaluation module evaluates the network environment of the service terminal,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module allows file downloading;
when the network environment of the terminal equipment is a second preset network environment, the file needs to be allowed by a management instruction before being downloaded;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module does not allow file downloading.
Further, before the service terminal is used for delivering the integrated system, personnel login authentication needs to be carried out, and different personnel authentication levels correspond to different use authorities.
Compared with the prior art, the method has the advantages that the data are not scattered on the terminals of all users any more, are stored in a centralized manner, the safety of the core data is protected, and the strict safety control can be realized without complicated modification of the existing IT system. Meanwhile, when the terminal transmits the instruction, the service end control module only transmits the instruction information of the data request and does not decode the information; instruction information is prevented from being stolen or modified, and the safety of data transmission is enhanced.
Particularly, when instruction information is transmitted, the pages are numbered through setting, and meanwhile, coordinates of different pages are labeled, so that the purpose that the request instruction cannot be acquired even if the instruction is intercepted is achieved, and the safety of data transmission is further enhanced.
Particularly, when a file request is input, whether the input request is executed or not is judged according to the network environment of the terminal of the file to be input and the sensitive information quantity of the file to be input, and the safety of data transmission is further enhanced.
Particularly, the more the sensitive information is, the greater the risk is, so that when the sensitive information of the file to be entered is, the more the adjustment parameters of the total risk score of the sensitive information are increased, and the security of data transmission is further enhanced.
Drawings
Fig. 1 is a schematic structural diagram of a service terminal delivery integration system according to an embodiment of the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described in conjunction with the following examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principles of the present invention, and do not limit the scope of the present invention.
It should be noted that in the description of the present invention, the terms of direction or positional relationship indicated by the terms "upper", "lower", "left", "right", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, which are only for convenience of description, and do not indicate or imply that the device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Fig. 1 is a schematic structural diagram of a service terminal delivery integration system according to an embodiment of the present invention.
The invention provides a service terminal delivery integrated system, which comprises,
the service input end is used for inputting a service request and can upload and download files; the service input end comprises a display component, the control system is connected with the display component, and the display component can display service information to be handled;
the data transmission module is connected with the service input end and is used for transmitting data;
the service end control module is arranged inside the service input end; when the service end control module detects that the service input end has a data request, the service end control module only transmits the instruction information of the data request and does not decode the information;
the data repository is a cloud database and is used for storing data;
the terminal control module is connected with the data repository and the data transmission module respectively;
and the risk evaluation module is arranged in the terminal control module and used for carrying out risk evaluation on file uploading and downloading operations of the service input end and judging whether to execute the operation of the service input end according to an evaluation result.
Further, a display page matrix a0 is arranged in the service side control module, and for the display page matrix a0 (a 1, a2, A3,.., An), a1 is a first preset operation page, a2 is a second preset operation page, A3 is a third preset operation page, and An is An nth preset operation page;
for the ith preset operation page Ai, i =1,2, 3,., n, the service end control module establishes a plane rectangular coordinate system Bi, the central point of the operation page Ai is the origin of the coordinate system Bi, the horizontal direction of the operation page is an X axis, the positive direction of the X axis is rightward, the direction of the X axis passing through the origin in the coordinate system Bi is vertical to the direction of the X axis and is an Y axis, and the positive direction of the Y axis is upward;
the instruction information comprises selection instruction information and input instruction information; the selection instruction information is mouse operation or touch screen point touch selection operation; the input instruction information is keyboard input instruction information or touch screen handwriting input information;
when the service end control module detects that the service input end has a data request, the service end control module detects whether the data request information is selection instruction information or input instruction information.
The data of the invention is not scattered on the terminal of each user, but is arranged in a uniform cloud end for centralized storage, thereby protecting the safety of core data and realizing strict safety management and control without complicated modification of the existing IT system. Meanwhile, when the terminal transmits the instruction, the service end control module only transmits the instruction information of the data request and does not decode the information; instruction information is prevented from being stolen or modified, and the safety of data transmission is enhanced.
Furthermore, a selection operation data group matrix Z0, Z0(Z1, Z2,.., Zm) is arranged in the terminal control module, wherein Z1 is a first preset selection operation data group, Z2 is a second preset selection operation data group, Zn is an nth preset selection operation data group, and different preset selection operation data groups correspond to different operation instructions;
for the kth preset selection operation data group Zk, Zk (Aa, Xb, Xc, Yd, Yf), k =1,2,. and m, wherein Aa is operation page information of the data group Zk, Xb is an abscissa minimum value of the data group Zk, Xc is an abscissa maximum value of the data group Zk, Yd is an ordinate minimum value of the data group Zk, and Yf is an ordinate maximum value of the data group Zk;
when the data request information is selection instruction information, the service end control module records a request operation page Aj and records an operation request coordinate point (xp, yq), and the service end control module generates a data group Z and Z (Aj, xp, yq) according to the operation page number and the request coordinate point and transmits the data group Z to the terminal control module through the data transmission module;
and the terminal control module compares the data group Z with the data group in the selection operation data group matrix Z0 to determine a target instruction of the data group Z.
When instruction information is transmitted, the pages are numbered through setting, and meanwhile, coordinate marking is carried out on different pages, so that the purpose that the instruction is intercepted and the request instruction cannot be obtained is achieved, and the safety of data transmission is further enhanced.
Specifically, when the data request information is input instruction information, the service end control module records an operation page Aj request and image or text information P of the input instruction information, generates a data group W, W (Aj, P) according to an operation page number and the information P, and transmits the data group W to the terminal control module through the data transmission module;
in order to ensure the accuracy of the input instruction information, only a single input instruction information entry is stored in a single operation page.
Specifically, the service input end is provided with a data interface, which can perform file entry and download, when the service input end requests to perform file entry, the service input end transmits a file C to be entered to the risk evaluation module,
a sensitive information group D0 and D0 (D1, D2,.., Dt) are arranged in the risk evaluation module, wherein D1 is first preset sensitive information, D2 is second preset sensitive information, and Dt is tth preset sensitive information;
setting risk evaluation parameters for different sensitive information by the risk evaluation module, wherein the risk evaluation parameter of the first preset sensitive information D1 is E1, the risk evaluation parameter of the second preset sensitive information D2 is E2,. t the risk evaluation parameter of the tth preset sensitive information Dt is Et,
the risk evaluation module is used for carrying out risk analysis on the file C to be input, when the file C to be input contains sensitive information Ds, the risk evaluation module is used for recording the sensitive information Ds and recording the risk score Es of the file C to be input, wherein s =1,2,.
When the file C to be recorded contains a plurality of sensitive information, the risk evaluation module records the sensitive information contained in the file C to be recorded as Ds1, Ds2, and Dsv, which are the number of the sensitive information contained in the file C to be recorded,
and the risk evaluation module calculates the total risk score of the file C to be input according to the risk evaluation parameters of the sensitive information, the network environment of the service input end and the number of the sensitive information contained in the file C to be input, and judges whether the file C to be input is input or not according to the total risk score.
When a file request is input, whether the input request is executed is judged according to the network environment of the terminal of the file to be input and the sensitive information quantity of the file to be input, and the safety of data transmission is further enhanced.
Specifically, when the file C to be entered contains a plurality of sensitive information, the risk evaluation module calculates a total risk score Ez of the file C to be entered, wherein Ez = (Es 1+ Es2+. multidot. + Esv) x α × β, wherein α is an adjustment parameter of the network environment on the total risk score, and β is an adjustment parameter of the number of the sensitive information on the total risk score;
the risk evaluation module is internally provided with a first preset total risk score evaluation value Ez1, a second preset total risk score evaluation value Ez2, Ez1 is more than Ez2, the risk evaluation module compares the total risk score Ez of the file C to be recorded with the first preset total risk score evaluation value Ez1 and the second preset total risk score evaluation value Ez2,
when Ez is less than or equal to Ez1, the risk evaluation module judges that the risk level of the file C to be input is a low-level risk, and allows the file C to be input to the system;
when Ez1 is larger than Ez and is not larger than Ez2, the risk evaluation module judges that the risk level of the file C to be recorded is a medium-level risk, and command permission needs to be managed when the file C to be recorded is recorded;
and when Ez is larger than Ez2, the risk evaluation module judges that the risk level of the file C to be input is a high-level risk, and the file C to be input is not allowed to be input into the system.
Specifically, a first preset network environment, a second preset network environment and a third preset network environment are arranged in the risk evaluation module, and a total risk score adjusting parameter value α 1 of the first preset network environment, a total risk score adjusting parameter value α 2 of the second preset network environment and a total risk score adjusting parameter value α 3 of the third preset network environment are also arranged in the risk evaluation module; wherein alpha 1 is more than alpha 2 and less than alpha 3.
When the file C to be input carries out request input, the risk evaluation module judges the network environment of the terminal equipment requesting to input the file C, determines the numerical value of the adjusting parameter alpha of the total risk score of the network environment according to the network environment,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module selects alpha 1 as the numerical value of the adjustment parameter alpha of the total risk score of the network environment;
when the network environment of the terminal equipment is a second preset network environment, the risk evaluation module selects alpha 2 as the value of the adjusting parameter alpha of the network environment for total risk scoring;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module selects alpha 3 as the numerical value of the adjustment parameter alpha of the network environment for total risk score.
Specifically, a first preset sensitive information quantity evaluation value V1 and a second preset sensitive information quantity evaluation value V2 are arranged in the risk evaluation module, wherein the first preset sensitive information quantity is an adjusting parameter beta 1 of the total risk score, the second preset sensitive information quantity is an adjusting parameter beta 2 of the total risk score, and the third preset sensitive information quantity is an adjusting parameter beta 3 of the total risk score; beta 1 is more than beta 2 and less than beta 3.
The risk evaluation module compares the detected number V of the sensitive information contained in the file C to be recorded with a first preset sensitive information number evaluation value V1 and a second preset sensitive information number evaluation value V2,
when V is less than or equal to V1, the risk evaluation module selects a regulating parameter beta 1 value of the first preset sensitive information number to the total risk score as a beta value;
when V is more than or equal to V1 and is not more than V2, the risk evaluation module selects a regulating parameter beta 2 value of the total risk score of the second preset sensitive information number as a beta value;
and when V is larger than V2, the risk evaluation module selects the adjustment parameter beta 3 value of the third preset sensitive information number to the total risk score as a beta value.
The more the sensitive information is, the greater the risk is, so that when the sensitive information of the file to be entered is, the more the adjustment parameters of the total risk score of the sensitive information are increased, and the security of data transmission is further enhanced.
Specifically, when the service terminal requests to download the file in the data storage base, the risk evaluation module evaluates the network environment of the service terminal,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module allows file downloading;
when the network environment of the terminal equipment is a second preset network environment, the file needs to be allowed by a management instruction before being downloaded;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module does not allow file downloading.
Specifically, before the service terminal is used for delivering the integrated system, personnel login authentication needs to be carried out, and different personnel authentication levels correspond to different use authorities.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.

Claims (8)

1. A service terminal delivery integrated system is characterized by comprising,
the service input end is used for inputting a service request and can upload and download files; the service input end comprises a display component, the control system is connected with the display component, and the display component can display service information to be handled;
the data transmission module is connected with the service input end and used for transmitting data;
the service end control module is arranged inside the service input end; when the service end control module detects that the service input end has a data request, the service end control module only transmits the instruction information of the data request and does not decode the information;
the data repository is a cloud database and is used for storing data;
the terminal control module is connected with the data repository and the data transmission module respectively;
the risk evaluation module is arranged in the terminal control module and used for carrying out risk evaluation on file uploading and downloading operations of the service input end and judging whether to execute the operation of the service input end according to an evaluation result;
a display page matrix a0 is arranged in the service side control module, and for the display page matrix a0 (a 1, a2, A3,. An), a1 is a first preset operation page, a2 is a second preset operation page, A3 is a third preset operation page, and An is An nth preset operation page;
for the ith preset operation page Ai, i =1,2, 3.. and n, the service end control module establishes a plane rectangular coordinate system Bi, the central point of the operation page Ai is the origin of the coordinate system Bi, the horizontal direction of the operation page is an X axis, the positive direction of the X axis is rightward, the direction of the X axis passing through the origin in the coordinate system Bi is vertical to the X axis and is a Y axis, and the positive direction of the Y axis is upward;
the instruction information comprises selection instruction information and input instruction information; the selection instruction information is mouse operation or touch screen point touch selection operation; the input instruction information is keyboard input instruction information or touch screen handwriting input information;
when the service end control module detects that a data request exists at the service input end, the service end control module detects whether the data request information is selection instruction information or input instruction information;
a selection operation data group matrix Z0, Z0(Z1, Z2.., Zm) is arranged in the terminal control module, wherein Z1 is a first preset selection operation data group, Z2 is a second preset selection operation data group, Zn is an nth preset selection operation data group, and different preset selection operation data groups correspond to different operation instructions;
for the kth preset selection operation data group Zk, Zk (Aa, Xb, Xc, Yd, Yf), k =1,2,. and m, wherein Aa is operation page information of the data group Zk, Xb is an abscissa minimum value of the data group Zk, Xc is an abscissa maximum value of the data group Zk, Yd is an ordinate minimum value of the data group Zk, and Yf is an ordinate maximum value of the data group Zk;
when the data request information is selection instruction information, the service end control module records a request operation page Aj and records an operation request coordinate point (xp, yq), and the service end control module generates a data group Z and Z (Aj, xp, yq) according to the operation page number and the request coordinate point and transmits the data group Z to the terminal control module through the data transmission module;
and the terminal control module compares the data group Z with the data group in the selection operation data group matrix Z0 to determine the target instruction of the data group Z.
2. The service terminal delivery integrated system according to claim 1, wherein when the data request information is input instruction information, the service end control module records an image or text information P requesting an operation page Aj and the input instruction information, and the service end control module generates a data group W, W (Aj, P) according to the operation page number and the information P, and transmits the data group W to the terminal control module through the data transmission module;
in order to ensure the accuracy of the input instruction information, only a single input instruction information entry is stored in a single operation page.
3. The integrated service terminal delivery system according to claim 1, wherein the service input end is provided with a data interface capable of performing file entry and download, and when the service input end requests file entry, the service input end transmits a file C to be entered to the risk evaluation module,
a sensitive information group D0 and D0 (D1, D2,.., Dt) are arranged in the risk evaluation module, wherein D1 is first preset sensitive information, D2 is second preset sensitive information, and Dt is tth preset sensitive information;
the risk evaluation module is provided with risk evaluation parameters for different sensitive information, wherein the risk evaluation parameter of the first preset sensitive information D1 is E1, the risk evaluation parameter of the second preset sensitive information D2 is E2, the risk evaluation parameter of the tth preset sensitive information Dt is Et,
the risk evaluation module is used for carrying out risk analysis on the file C to be input, when the file C to be input contains sensitive information Ds, the risk evaluation module is used for recording the sensitive information Ds and recording the risk score Es, s =1,2,.
When the file C to be recorded contains a plurality of sensitive information, the risk evaluation module records the sensitive information contained in the file C to be recorded as Ds1, Ds2.. and Dsv, v are the number of the sensitive information contained in the file C to be recorded,
and the risk evaluation module calculates the total risk score of the file C to be input according to the risk evaluation parameters of the sensitive information, the network environment where the service input end is located and the number of the sensitive information contained in the file C to be input, and judges whether the file C to be input is input according to the total risk score.
4. The service terminal delivery integration system according to claim 3, wherein when the file C to be entered contains a plurality of sensitive information, the risk evaluation module calculates a total risk score Ez of the file C to be entered, Ez = (Es 1+ Es2+.. + Esv) × α × β, where α is an adjustment parameter of a network environment for the total risk score, and β is an adjustment parameter of the number of sensitive information for the total risk score;
the risk evaluation module is internally provided with a first preset total risk score evaluation value Ez1, a second preset total risk score evaluation value Ez2, Ez1 is smaller than Ez2, the risk evaluation module compares the total risk score Ez of the file C to be recorded with the first preset total risk score evaluation value Ez1 and the second preset total risk score evaluation value Ez2,
when Ez is less than or equal to Ez1, the risk evaluation module judges that the risk level of the file C to be input is a low-level risk, and allows the file C to be input to the system;
when Ez1 is larger than Ez and is not larger than Ez2, the risk evaluation module judges that the risk level of the file C to be recorded is a medium-level risk, and command permission needs to be managed when the file C to be recorded is recorded;
and when Ez is larger than Ez2, the risk evaluation module judges that the risk level of the file C to be input is a high-level risk, and the file C to be input is not allowed to be input into the system.
5. The service terminal delivery integrated system according to claim 4, wherein the risk evaluation module is provided with a first preset network environment, a second preset network environment, a third preset network environment, and further provided with a first preset network environment total risk score adjustment parameter value α 1, a second preset network environment total risk score adjustment parameter value α 2, and a third preset network environment total risk score adjustment parameter value α 3;
when the file C to be input carries out request input, the risk evaluation module judges the network environment of the terminal equipment requesting to input the file C, determines the numerical value of the adjusting parameter alpha of the total risk score of the network environment according to the network environment,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module selects alpha 1 as the numerical value of the adjustment parameter alpha of the total risk score of the network environment;
when the network environment of the terminal equipment is a second preset network environment, the risk evaluation module selects alpha 2 as the value of the adjusting parameter alpha of the total risk score of the network environment;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module selects alpha 3 as the numerical value of the adjustment parameter alpha of the network environment for total risk score.
6. The service terminal delivery integrated system according to claim 5, wherein a first preset sensitive information quantity evaluation value V1, a second preset sensitive information quantity evaluation value V2, a first preset sensitive information quantity regulation parameter β 1 for total risk score, a second preset sensitive information quantity regulation parameter β 2 for total risk score, and a third preset sensitive information quantity regulation parameter β 3 for total risk score are provided in the risk evaluation module;
the risk evaluation module compares the detected number V of the sensitive information contained in the file C to be recorded with a first preset sensitive information number evaluation value V1 and a second preset sensitive information number evaluation value V2,
when V is less than or equal to V1, the risk evaluation module selects a regulating parameter beta 1 value of the first preset sensitive information number to the total risk score as a beta value;
when V is more than or equal to V1 and is not more than V2, the risk evaluation module selects a regulating parameter beta 2 value of the total risk score of the second preset sensitive information number as a beta value;
and when V is larger than V2, the risk evaluation module selects the adjustment parameter beta 3 value of the third preset sensitive information number to the total risk score as a beta value.
7. The integrated service terminal delivery system according to claim 6, wherein the risk assessment module assesses the network environment of the service terminal when the service terminal requests the downloading of the file in the data repository,
when the network environment of the terminal equipment is a first preset network environment, the risk evaluation module allows file downloading;
when the network environment of the terminal equipment is a second preset network environment, the file needs to be allowed by a management instruction before being downloaded;
and when the network environment of the terminal equipment is a third preset network environment, the risk evaluation module does not allow file downloading.
8. The integrated service terminal delivery system as claimed in claim 1, wherein a person login authentication is required before the integrated service terminal delivery system is used, and different person authentication levels correspond to different usage rights.
CN202210294057.1A 2022-03-24 2022-03-24 Service terminal delivery integrated system Active CN114389904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210294057.1A CN114389904B (en) 2022-03-24 2022-03-24 Service terminal delivery integrated system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210294057.1A CN114389904B (en) 2022-03-24 2022-03-24 Service terminal delivery integrated system

Publications (2)

Publication Number Publication Date
CN114389904A CN114389904A (en) 2022-04-22
CN114389904B true CN114389904B (en) 2022-06-07

Family

ID=81205251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210294057.1A Active CN114389904B (en) 2022-03-24 2022-03-24 Service terminal delivery integrated system

Country Status (1)

Country Link
CN (1) CN114389904B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008077149A (en) * 2006-09-19 2008-04-03 Kgt Inc Document generation support program, document generation support device, and document generation support system
CN105590243A (en) * 2014-10-24 2016-05-18 阿里巴巴集团控股有限公司 Method, system, client, and server for centralized processing on discrete data
CN107454099A (en) * 2017-08-30 2017-12-08 努比亚技术有限公司 A kind of secure data management method, terminal and computer-readable recording medium
CN109391981A (en) * 2017-08-08 2019-02-26 维沃移动通信有限公司 A kind of completeness protection method and device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7284277B2 (en) * 2002-07-15 2007-10-16 Hewlett-Packard Development Company, L.P. Secured printing
CN101256466B (en) * 2008-02-29 2012-02-15 鹏智科技(深圳)有限公司 Electronic device and method capable of embodiment of electric document page-turning effect
US9781148B2 (en) * 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US8693025B2 (en) * 2011-09-19 2014-04-08 Ricoh Production Print Solutions Pre-authorization of print jobs in a printing system
US8984478B2 (en) * 2011-10-03 2015-03-17 Cisco Technology, Inc. Reorganization of virtualized computer programs
TWI563463B (en) * 2014-05-26 2016-12-21 Mitake Information Corp System and method of mobile check-in and a cloud system thereof
US10496808B2 (en) * 2016-10-25 2019-12-03 Apple Inc. User interface for managing access to credentials for use in an operation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008077149A (en) * 2006-09-19 2008-04-03 Kgt Inc Document generation support program, document generation support device, and document generation support system
CN105590243A (en) * 2014-10-24 2016-05-18 阿里巴巴集团控股有限公司 Method, system, client, and server for centralized processing on discrete data
CN109391981A (en) * 2017-08-08 2019-02-26 维沃移动通信有限公司 A kind of completeness protection method and device
CN107454099A (en) * 2017-08-30 2017-12-08 努比亚技术有限公司 A kind of secure data management method, terminal and computer-readable recording medium

Also Published As

Publication number Publication date
CN114389904A (en) 2022-04-22

Similar Documents

Publication Publication Date Title
US10200413B1 (en) Selective regulation of information transmission from mobile applications to third-party privacy compliant target systems
US9730044B2 (en) Telecommunications data usage management
EP2552079B1 (en) Server apparatus, information processing method, program, and storage medium
KR101177310B1 (en) Electronic document security transmission relay apparatus and method
EP3025229B1 (en) Data communications management
RU2009137022A (en) SYSTEMS AND METHODS FOR MANAGING ACCESS TO SERVICE ON A WIRELESS COMMUNICATION DEVICE
CN111382421A (en) Service access control method, system, electronic device and storage medium
CN101573691A (en) Time based permissioning
CN111447222A (en) Distributed system authority authentication system and method based on micro-service architecture
CN112507295A (en) Data processing method and system
JP2008242826A (en) Information processing system and control method and program of information processing system
CN107294955B (en) Electronic file encryption middleware control system and method
US8612754B2 (en) Digital fingerprinting via SQL filestream with common text exclusion
CN114389904B (en) Service terminal delivery integrated system
CN110427759B (en) Network resource browsing control method and system supporting service security mark
CN113064562A (en) Man-machine interaction printing method and system based on block chain
CN115242433B (en) Data processing method, system, electronic device and computer readable storage medium
CN110086826A (en) Information processing method
EP1466227B1 (en) System and method for platform activation
CN110929269B (en) System authority management method, device, medium and electronic equipment
US20070156602A1 (en) Information distribution apparatus, information processing apparatus, printing apparatus, control method of information distribution apparatus, control method of information processing apparatus, and control program
CN104539465A (en) Multisystem peripheral equipment sharing method and device and multisystem equipment
CN102663295B (en) General adapter system for E-DRM (enterprise digital rights management)
KR20190032778A (en) User interface device and computer security system using the same
KR101041474B1 (en) Apparatus and method for supporting state information in a ubiquitous

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant