CN114765550A

CN114765550A - Service security processing method and system

Info

Publication number: CN114765550A
Application number: CN202011643586.5A
Authority: CN
Inventors: 张伯安; 沈村敬; 董俊峰; 强群力; 黄铮; 张栓洋; 赵彤
Original assignee: NetsUnion Clearing Corp
Current assignee: NetsUnion Clearing Corp
Priority date: 2020-12-31
Filing date: 2020-12-31
Publication date: 2022-07-19
Anticipated expiration: 2040-12-31
Also published as: CN114765550B

Abstract

The application discloses a service security processing method and a system, based on a service security processing system, the system comprises a proxy configuration server, an encryption machine proxy server and an encryption machine which are connected in sequence. The method comprises the following steps: receiving a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required when configuration is carried out on a plurality of attributes of the proxy server of the encryption machine; determining each attribute corresponding to the configuration request in the attributes of the encryption machine proxy server as a target attribute; according to the configuration request, determining configuration information adopted when each target attribute is configured as target information; and configuring the target attribute according to the target information to obtain a configured proxy server of the encryption machine, and further allocating encryption resources of the encryption machine according to the configured proxy server of the encryption machine. To enable configuration of multiple attributes with one configuration request.

Description

Service security processing method and system

Technical Field

The present application relates to the field of service security processing technologies, and in particular, to a method and a system for processing service security.

Background

At present, with the increasingly wide network applications and the increasingly rich service types in different fields, the continuous development of security processing technology makes it more and more important to perform security information interaction by means of an encryption engine.

In general, many encryptors are used in cooperation with an encryptor proxy server, which is responsible for allocating encryption resources provided by the encryptors. In an actual service processing process, a user generally needs to configure attributes of the proxy server of the encryption machine according to service requirements, so that encryption resources provided by the encryption machine can be suitable for a specific service scenario. However, the properties of the proxy server of the encryption engine are numerous, which results in more resources being consumed in the configuration process. Especially when the attribute configuration is performed on the encryption machine proxy server cluster, the configuration difficulty faced by the user will increase sharply.

Disclosure of Invention

The embodiment of the application provides a method and a system for business safety processing, so as to conveniently configure a plurality of attributes of an encryption machine proxy server in a business safety processing system.

The embodiment of the application adopts the following technical scheme:

in a first aspect, an embodiment of the present application provides a method for processing service security, where the method is based on a service security processing system, where the service security processing system includes an agent configuration server, an encryption engine agent server, and an encryption engine, which are connected in sequence, and the encryption engine agent server is configured to allocate encryption resources provided by the encryption engine, and the method includes:

receiving a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required when configuration is carried out on a plurality of attributes of the encryption machine proxy server;

determining each attribute corresponding to the configuration request in the attributes of the encryption machine proxy server as a target attribute;

according to the configuration request, determining configuration information adopted when each target attribute is configured as target information;

and configuring the target attribute according to the target information to obtain a configured proxy server of the encryption machine, and further allocating encryption resources of the encryption machine according to the configured proxy server of the encryption machine.

In an optional embodiment of the present specification, the number of the encryptor proxy servers is multiple, and the multiple encryptor proxy servers form a proxy server cluster; the attributes of any encryptor proxy include at least one of: the state of the encryptor proxy, the weight of the encryptor proxy in the proxy cluster.

In an optional embodiment of this specification, before the method, the method further includes:

receiving a query request, wherein the query request is used for acquiring current configuration information of at least part of attributes of the proxy server of the encryption machine;

and sending the current configuration information corresponding to the query request to a terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of this specification, sending the current configuration information corresponding to the query request to the terminal corresponding to the query request includes:

obtaining data for generating a front-end page according to the current configuration information corresponding to the query request;

and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present specification, receiving a configuration request includes:

a configuration request is received based on the front-end page.

In an optional embodiment of this specification, configuring the target attribute according to the target information includes:

judging whether the target information is matched with a preset configuration range of the target attribute;

if yes, generating a configuration instruction according to the target information, and sending the configuration instruction to the proxy server of the encryption machine, so that the proxy server of the encryption machine performs configuration according to the configuration instruction.

In an optional embodiment of this specification, generating a configuration instruction according to the target information, and sending the configuration instruction to the encryptor proxy server includes:

generating a configuration sub-instruction aiming at the target attribute according to the target information;

and aiming at each encryption machine proxy server, generating a configuration instruction according to the configuration sub-instruction corresponding to the encryption machine proxy server in each configuration sub-instruction, and sending the configuration instruction to the encryption machine proxy server.

In an alternative embodiment of the present disclosure, the configuration instruction is transmitted by using HTTP.

In an optional embodiment of this specification, the cryptographic proxy server includes a configuration instruction interface for receiving the configuration instruction, so that after the cryptographic proxy server receives the configuration instruction through the configuration instruction interface, the cryptographic proxy server obtains each configuration sub-instruction according to the received configuration instruction, and performs, for each configuration sub-instruction, configuration on an attribute corresponding to the configuration sub-instruction.

In an optional embodiment of the present description, the method further comprises: and if the target information is not matched with the preset configuration range of the target attribute, generating prompt information, and sending the prompt information to a terminal corresponding to the configuration request, so that the terminal displays the prompt information.

In an optional embodiment of this specification, after configuring the target attribute according to the target information, the method further includes:

generating feedback information and sending the feedback information to the terminal generating the configuration request; the feedback information is obtained according to at least one of the following: and the time length from the time when the encryption machine proxy server receives the configuration instruction to the time when the configuration result is generated is obtained.

In an alternative embodiment of the present description, the result of the configuration and/or the duration are obtained by the encryptor proxy server separately for each target attribute.

In an optional embodiment of the present specification, the number of the encryptor proxy servers is plural, and each encryptor proxy server has plural attributes; the attributes are divided into a plurality of grades from high to low according to the importance degree; attributes corresponding to the configuration request belong to different encryptor proxy servers and belong to different grades;

determining each attribute corresponding to the configuration request in the attributes of the proxy server of the encryption machine as a target attribute, wherein the method comprises the following steps:

determining a target grade in each grade according to the service processing condition of the service safety processing system;

and determining a target attribute in the attributes of the encryption machine proxy server, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

In a second aspect, an embodiment of the present application further provides a service security processing system, where the service security processing system includes an agent configuration server, an encryptor agent server, and an encryptor, which are connected in sequence; the encryption machine is configured to encrypt at least part of data in the service processing process;

the encryption machine proxy server is configured to distribute encryption resources provided by the encryption machine;

the proxy configuration server is configured to receive a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required by configuration aiming at a plurality of attributes of the encryption machine proxy server; determining each attribute corresponding to the configuration request in the attributes of the proxy server of the encryption machine as a target attribute; according to the configuration request, determining configuration information adopted when each target attribute is configured as target information; and configuring the target attribute according to the target information.

In a third aspect, an embodiment of the present application further provides a service security processing apparatus, where the apparatus is applied to a proxy configuration server, and the proxy configuration server belongs to a service security processing system; the service security processing system also comprises an encryptor proxy server and an encryptor, wherein the encryptor proxy server is respectively connected with the proxy configuration server and the encryptor. The apparatus comprises one or more of the following modules:

a configuration request receiving module configured to receive a configuration request, where the configuration request is generated by a terminal that sends the configuration request according to configuration information required when configuring the plurality of attributes of the proxy server of the encryption engine;

a target attribute determining module configured to determine, as target attributes, respective attributes corresponding to the configuration request among the attributes of the encryptor proxy server;

the target information determining module is configured to determine, according to the configuration request and for each target attribute, configuration information adopted when the target attribute is configured as target information;

and the configuration module is configured to configure the target attribute according to the target information to obtain a configured proxy server of the encryption machine, and further allocate encryption resources of the encryption machine according to the configured proxy server of the encryption machine.

In an optional embodiment of the present specification, the number of the encryption engine proxy servers is multiple, and multiple encryption engine proxy servers form a proxy server cluster; the attributes of any encryptor proxy include at least one of: the state of the encryptor proxy, the weight of the encryptor proxy in the proxy cluster.

In an optional embodiment of the present description, the apparatus may further include: and (5) a query module. The query module is configured to: and receiving a query request, wherein the query request is used for acquiring current configuration information of at least part of attributes of the proxy server of the encryption machine. And sending the current configuration information corresponding to the query request to a terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of the present specification, the query module is specifically configured to obtain data for generating a front-end page according to current configuration information corresponding to the query request; and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present description, the configuration request is received based on the front-end page.

In an alternative embodiment of the present disclosure, the configuration module may include a determination submodule and a configuration submodule.

And the judging submodule is configured to judge whether the target information is matched with a preset configuration range of the target attribute.

And the configuration submodule is configured to generate a configuration instruction according to the target information if the target information is matched with the preset configuration range of the target attribute, and send the configuration instruction to the proxy server of the encryption machine, so that the proxy server of the encryption machine is configured according to the configuration instruction.

In an optional embodiment of the present specification, the configuration submodule is specifically configured to generate a configuration sub-instruction for the target attribute according to the target information. And aiming at each encryption machine proxy server, generating a configuration instruction according to the configuration sub-instruction corresponding to the encryption machine proxy server in each configuration sub-instruction, and sending the configuration instruction to the encryption machine proxy server.

In an optional embodiment of this specification, the proxy server of the encryption engine includes a configuration instruction interface for receiving the configuration instruction, so that after the proxy server of the encryption engine receives the configuration instruction through the configuration instruction interface, each configuration sub-instruction is obtained according to the received configuration instruction, and for each configuration sub-instruction, the configuration of the attribute corresponding to the configuration sub-instruction is performed.

In an optional embodiment of the present description, the apparatus may further include a prompt information generation module. And the prompt information generation module is configured to generate prompt information and send the prompt information to a terminal corresponding to the configuration request if the target information is not matched with the preset configuration range of the target attribute, so that the terminal displays the prompt information.

In an optional embodiment of the present description, the apparatus may further include a feedback information generation module. The feedback information generating module is configured to generate feedback information and send the feedback information to a terminal generating the configuration request; the feedback information is obtained according to at least one of the following: and the encryptor proxy server configures the target attributes, and the time length from the time when the encryptor proxy server receives the configuration instruction to the time when the configuration result is generated.

In an optional embodiment of the present specification, the number of the encryptor proxy servers is plural, and each encryptor proxy server has plural attributes; the attributes are divided into a plurality of grades from high to low according to the importance degree; and the attributes corresponding to the configuration request belong to different encryptor proxy servers and belong to different grades.

In an optional embodiment of the present specification, the target attribute determining module is specifically configured to determine the target level in each level according to a service processing condition of the service security processing system. And determining a target attribute in the attributes of the proxy server of the encryption machine, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

In a fourth aspect, an embodiment of the present application further provides an electronic device, where the electronic device includes:

a processor; and

a memory arranged to store computer executable instructions that, when executed, cause the processor to perform any one of the methods provided by the first aspect of the specification, the method comprising:

receiving a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required when configuration is carried out on a plurality of attributes of the proxy server of the encryption machine;

determining each attribute corresponding to the configuration request in the attributes of the proxy server of the encryption machine as a target attribute;

and configuring the target attribute according to the target information to obtain a configured encryptor proxy server, and further allocating encryption resources of the encryptor according to the configured encryptor proxy server.

In a fifth aspect, embodiments of the present application further provide a computer readable storage medium storing one or more programs which, when executed by an electronic device including a plurality of application programs, cause the electronic device to perform any one of the methods provided in the first aspect of the present specification, the method including:

The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects: the service security processing method in this specification is based on a service security processing system, and the service security processing system includes an agent configuration server, an encryptor agent server, and an encryptor, which are connected in sequence. The attribute of the encryption machine proxy server is multiple. When the service security processing method and the service security processing system in the specification are used for configuring the plurality of attributes of the proxy server of the encryption machine, the plurality of attributes of the proxy server of the encryption machine can be configured according to the configuration requests corresponding to the plurality of attributes of the proxy server of the encryption machine, the effect of configuring the plurality of attributes through one configuration request can be achieved, and the convenience of attribute configuration is effectively improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

FIG. 1 is a schematic diagram of a conventional business security processing system;

fig. 2 is a schematic architecture diagram of a service security processing system provided in an embodiment of the present specification;

fig. 3 is a schematic process diagram of a service security process provided in an embodiment of the present specification;

FIG. 4 is a schematic diagram of a process for generating configuration instructions according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of a service security processing apparatus provided in an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application more clear, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the prior art, an encryptor proxy server is generally adopted to distribute encryption resources provided by an encryptor. In the scenario shown in fig. 1, the encryptor server cluster includes a plurality of encryptor proxy servers, each encryptor proxy server includes a plurality of attributes, and no matter whether a plurality of attributes of a certain encryptor proxy server are configured or attributes of different encryptor proxy servers are configured, the terminal needs to send a configuration instruction for each attribute that needs to be configured.

For example, in fig. 1, when the terminal configures the attribute 11 and the attribute 13 of the encryption device proxy server 1, it is necessary to transmit a configuration command 1 and a configuration command 2, respectively. If the terminal needs to configure the attribute 22 of the proxy server 2 of the encryption machine, the terminal needs to send a configuration instruction 3. Therefore, the existing attribute configuration process for the proxy server of the encryption machine is complicated, and the burden of the terminal is large.

In view of this, the technical solutions provided in the embodiments of the present specification are provided to at least partially solve the problems of a cumbersome attribute configuration process for the proxy server of the encryption engine and a heavy burden on the terminal.

The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.

The service security processing process in this specification is based on a service security processing system. Illustratively, the business security processing system in this specification may have an architecture as shown in fig. 2. In the architecture shown in fig. 2, the traffic security processing system includes a proxy configuration server, several encryptor proxy servers (i.e., encryptor proxy 1 to encryptor proxy n), and several encryptors (i.e., encryptor 1 to encryptor n). Each encryptor proxy server corresponds to one encryptor, so that encryption resources of the encryptors are distributed through the encryptor proxy servers. There may be a case where one encryptor corresponds to several encryptor agents (for example, one encryptor corresponds to two encryptor agents), and for convenience of description, the process in the present specification will be described by exemplifying that one encryptor corresponds to one encryptor agent server (as shown in fig. 2).

The proxy configuration server in the service security processing system is connected with each encryptor proxy server respectively, and is used for setting the attribute of each encryptor proxy server, and the process of setting the attribute can be specific to a plurality of attributes of one encryptor proxy server or a plurality of attributes of a plurality of encryptor proxy servers.

In this specification, the process of setting the attribute of the encryption equipment proxy server and performing the service security processing based on the encryption equipment proxy server after the attribute setting may include one or more of the following steps:

s300: a configuration request is received.

As can be seen from the foregoing, the process of configuring the attribute of the encryptor proxy server in this specification is performed by the proxy configuration server. The proxy configuration server is connected to the user's terminal to receive the configuration request sent by the terminal, as shown in fig. 2.

The specification does not limit the specific form of the terminal, and the terminal may be a mobile phone, a tablet computer, a personal computer, a notebook computer, a palm-top computer (PDA), a wearable device (such as smart glasses and smart watches), and the like.

The configuration request in the present specification triggers the proxy configuration server to execute the configuration of the encryption machine proxy server on one hand; and on the other hand, the configuration request also shows configuration information required when the plurality of attributes of the proxy server of the encryption machine are configured. The "plurality of attributes" may be a plurality of attributes corresponding to one encryptor proxy server, or may be a plurality of attributes corresponding to different encryptor proxy servers.

S302: and determining each attribute corresponding to the configuration request as a target attribute in the attributes of the encryption machine proxy server.

After receiving the configuration request, the proxy configuration server may determine, according to the configuration request, each attribute, that is, a target attribute, that the proxy server of the encryption engine needs to configure in the current service processing process.

Similarly, since the configuration request may correspond to multiple attributes, the target attributes determined according to the configuration request may not be unique, and m target attributes are determined in the scenario shown in fig. 2. Moreover, since the configuration request may correspond to different encryptor proxy servers, the target attribute determined according to the configuration request may also belong to different encryptor proxy servers, as shown in fig. 2, the target attribute 1 corresponds to the encryptor proxy server 1, and the target attribute 2 corresponds to the encryptor proxy server 2.

The attribute of the encryption machine proxy server can be determined according to a specific use scene and the type of the attribute of the encryption machine proxy server, and the description does not limit the specific attribute of the encryption machine proxy server.

For example, in an alternative embodiment of the present specification, the attribute of a cryptographic proxy server may be at least one of the following: state of the encryptor proxy, weight of the encryptor proxy in the proxy cluster.

The state of the encryption machine proxy server can comprise an opening state and a closing state. The weight of the proxy server of the encryption machine in the proxy server cluster can be a value in a certain range, and the weight of a certain proxy server of the encryption machine can show that when the service security processing system performs service processing, the proxy server of the encryption machine obtains the priority degree of the service to be processed from the service processing server, that is, the service processing server preferentially distributes the service to the proxy server of the encryption machine with higher weight.

In addition, the encryptor proxy may also have other configurable attributes, which are not described herein in detail.

S304: and determining configuration information adopted when the target attribute is configured as target information for each target attribute according to the configuration request.

In order to enable the proxy configuration server to determine the target attribute according to the configuration request, and further determine the target information corresponding to the target attribute, in an optional embodiment of this specification, before step S300, the terminal may determine, according to a preset service requirement, an encryption equipment proxy server that needs to perform attribute configuration in each encryption equipment proxy server, as the target encryption equipment proxy server. And then, determining the attribute of the target encryption machine proxy server needing to be configured as the target attribute. Then, for each target attribute, configuration information adopted when configuring the target attribute is determined as target information. After the target information of each target attribute is determined, a configuration request is generated according to each target information and sent to the proxy configuration server.

In some scenarios, the terminal is the end corresponding to the user, and the process of generating the configuration request by the terminal may be performed according to the operation of the user.

Therefore, through the process in this specification, the terminal can configure the multiple attributes of the proxy server of the encryption engine by only sending one configuration request, which is beneficial to reducing resources consumed when the terminal and the user corresponding to the terminal configure the multiple attributes of the proxy server of the encryption engine in the process of processing the service security in this specification.

S306: and configuring the target attribute according to the target information to obtain a configured proxy server of the encryption machine, further allocating encryption resources of the encryption machine to which the proxy server of the encryption machine belongs according to the configured proxy server of the encryption machine, and further performing service processing according to the encryption machine allocated with the encryption resources.

In an alternative embodiment of the present specification, the process of configuring the encryptor proxy server may be: based on the target information, a configuration sub-command for the target attribute is generated, and as shown in fig. 2, a configuration sub-command 1 is obtained based on the target information of the target attribute 1, and a configuration sub-command 2 is obtained based on the target information of the target attribute 2. And then, sending each configuration sub-instruction to the encryption machine proxy server corresponding to the configuration sub-instruction, so that the encryption machine proxy server performs attribute configuration according to the received configuration sub-instruction. Illustratively, in fig. 2, a configuration sub-instruction 1 is sent to the encryptor proxy server 1, and a configuration sub-instruction 2 is sent to the encryptor proxy server 2, so that the encryptor proxy server 1 performs configuration of itself according to the configuration sub-instruction 1, and so that the encryptor proxy server 2 performs configuration of itself according to the configuration sub-instruction 2.

As can be seen from the foregoing, in the service security processing process in this specification, when configuring the attribute, the number of the cipher machine proxy servers to which the service security processing process is directed may not be unique, and in another optional embodiment, the configuration instruction may be further generated, for each cipher machine proxy server, according to the configuration sub-instruction corresponding to the cipher machine proxy server in each configuration sub-instruction. The configuration instructions are then sent to the encryptor proxy.

Further, the encryptor proxy server in the present specification includes a configuration instruction interface for receiving the configuration instruction. The proxy server of the encryption machine can obtain each configuration sub-instruction according to the received configuration instruction after receiving the configuration instruction through the configuration instruction interface. And then, the proxy server of the encryption machine carries out configuration on the attribute corresponding to the configuration sub-instruction according to each received configuration sub-instruction.

The proxy configuration server completes the configuration of the encryption machine proxy server. Optionally, the service security processing system in this specification may further include a service server, as shown in fig. 2, the service server is connected to the encryptor proxy server, and the service server may perform subsequent service processing by using the configured encryptor proxy server. The specific content of the service in this specification may be determined according to the function of the encryption device and the actual service scenario. For example, in a financial scenario, a bank uses an encryption machine proxy server and an encryption machine to perform a transaction data encryption process, which is a service in this specification.

In addition, the process in this specification continues to monitor the effect of the configuration after the configuration of the encryption engine proxy server is completed.

Specifically, as shown in fig. 2, the process may be: and receiving at least one of a configuration result (for example, the configuration result may be one of "configuration success" and "configuration failure") of each target attribute, sent by the encryption machine proxy server, of the encryption machine proxy server and a time length between the encryption machine proxy server receiving the configuration instruction and generating the configuration result as the available information.

When a plurality of target attributes of a certain encryption machine proxy server are provided, the configuration result and the duration of each target attribute to be configured can be determined as the available sub-information of the target attribute. And then, obtaining the available information of the encryption machine proxy server according to the available sub-information of the encryption machine proxy server.

In an alternative embodiment of the present specification, in the case of the configuration timeout of the encryption engine proxy server, the time duration may be determined as a preset larger value, or the result of the configuration may be directly set as "configuration failure".

For example, in the scenario shown in fig. 2, only the encryptor proxy 2 returns the configuration result, the encryptor proxy 1 does not return any data, and a timeout occurs for the configuration of the encryptor proxy 1, the proxy configuration server may directly determine that the configuration result of the encryptor proxy 1 is "configuration failure".

After the available information is determined, feedback information for feeding back to the terminal can be generated according to the available information, so that the feedback information can show at least one of a result of the configuration of each target attribute by the encryption machine proxy server and a time length from the time when the encryption machine proxy server receives the configuration instruction to the time when the configuration result is generated. And then, sending the feedback information to the terminal generating the configuration request. After receiving the feedback information, the terminal can display the feedback information to the user in a mode of graphics, characters, sound and light and the like, so that the user can know the configuration result of the proxy server of the encryption machine.

When the available information received by the proxy configuration server and returned by the encryption machine proxy server corresponds to a plurality of target attributes, the proxy configuration server can integrate the configuration result and duration of each target attribute shown by the available information to obtain feedback information. The process in this specification can also show the adjustment situation for multiple target attributes through one piece of feedback information, so that the display performed by the terminal according to the feedback information is clearer and clearer, and the user experience is improved.

In an optional embodiment of the present specification, in order to facilitate the user's operation, the user may interact with the proxy configuration server through the terminal in the form of a page. In the example shown in FIG. 2, the proxy configuration server is based on the B/S architecture. Wherein, B is "Browser end", namely Browser end; s refers to a "Server side", i.e., a Server side. The Browser end corresponds to a user terminal, the Server end corresponds to an encryption machine proxy Server, and the Browser end is connected with the Server end. The Browser terminal is used for generating data required for determining the front page.

As can be seen from the foregoing, the service security processing procedure in this specification may be performed under the control of a user corresponding to the terminal. The proxy configuration server may receive, before the foregoing step S300, an inquiry request, as shown in fig. 2, where the inquiry request is used to obtain the current configuration information of at least part of the attributes of the encryptor proxy server, and the inquiry request may be generated by the terminal according to an operation of the user. Then, the proxy configuration server sends the current configuration information corresponding to the query request as a query result to the terminal corresponding to the query request, so that the terminal generates a configuration request based on the query result.

In the process that the proxy configuration server feeds back the result of the query to the terminal, the proxy configuration server (specifically, the Browser side of the proxy configuration server) may obtain data for generating the front-end page according to the current configuration information corresponding to the query request. Then, the proxy configuration server (specifically, the Browser end of the proxy configuration server) may send the data to the terminal corresponding to the query request, so that the terminal presents the front-end page according to the data.

Furthermore, the Browser terminal in this specification is not only used for transmitting data to the terminal, but also used for receiving data transmitted by the terminal, and the Browser terminal may receive a configuration request generated by the terminal based on the front page, so as to perform subsequent steps according to the configuration request.

It can be seen that the Browser terminal of the proxy configuration server of the present specification can implement interaction with the terminal and the user corresponding to the terminal. The Server side of the proxy configuration Server can execute the subsequent steps based on the configuration request received by the Browser side. Specifically, the Browser terminal can be used to execute the aforementioned steps S302 to S306.

In some cases, the target information corresponding to the configuration request may exceed an allowable configuration range, for example, the allowable configuration range of a certain attribute is a value between 0 and 10, and the target information shown by the configuration request for the attribute is 16, which exceeds the allowable configuration range, and if the attribute is configured according to the configuration request, configuration failure or other negative effects may be caused.

In order to avoid this phenomenon, in an optional embodiment of the present disclosure, the Browser terminal may further determine whether the target information matches the preset configuration range of the target attribute after obtaining the target information corresponding to the configuration request. If the judgment result is yes, generating a configuration instruction according to the target information, and sending the configuration instruction to the proxy server of the encryption machine to which the target attribute belongs as shown in fig. 3, so that the proxy server of the encryption machine performs configuration according to the configuration instruction; and if the judgment result is negative, generating data for obtaining the prompt information and sending the data to the Browser terminal, so that the Browser terminal displays the prompt information through the terminal according to the data for obtaining the prompt information.

Alternatively, if there are a plurality of target attributes corresponding to the configuration request, it may be determined, for each target attribute, whether the target information corresponding to the target attribute exceeds the allowable configuration range (for example, it is determined for the target information of the ith target attribute in each target attribute, as shown in fig. 4). Executing subsequent configuration steps aiming at the target attribute corresponding to the target information which does not exceed the allowable configuration range; and generating prompt information for the target attributes corresponding to the target information beyond the allowable configuration range, configuring the target attributes 1 and 2, and sending the prompt information for the target attributes 3 to m as shown in fig. 2.

In some scenarios, the number of encryptor proxy servers is multiple, each having multiple attributes. In order to effectively configure the attributes of the proxy server of the encryption machine, in an alternative embodiment of the present specification, the attributes may be divided into several levels according to the importance degree from high to low in advance. If the attributes corresponding to the configuration request received by the proxy configuration server belong to different encryptor proxy servers and belong to different grades, determining a target grade in each grade according to the service processing status of the service security processing system. And determining a target attribute in the attributes of the proxy server of the encryption machine, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

It can be seen that the target level is of a threshold nature, and that attributes of a level above the target level are not configurable. In an actual scenario, there may be a case where a user wishes to complete attribute configuration for a plurality of encryptor proxy servers through one operation, and when performing uniform configuration for a plurality of encryptor proxy servers, if the user is allowed to configure all attributes without distinguishing the attributes, once the user operates incorrectly, all the encryptor proxy servers may be affected, thereby affecting the process of service processing. The classification of the attributes in this specification can effectively cause such a phenomenon.

In an optional embodiment of the present specification, the proxy configuration server and the encryption machine proxy server perform data transmission by means of HTTP, for example, the foregoing configuration instruction may be transmitted by means of HTTP.

Based on the same idea, the embodiment of the present specification further provides a service security processing system. As shown in fig. 2, an exemplary service security processing system in this specification includes a proxy configuration server, an encryptor proxy server, and an encryptor, which are connected in sequence.

The encryption machine is configured to encrypt at least part of data in the service processing process.

The encryptor proxy server is configured to allocate the encryption resources provided by the encryptor.

By adopting the service security processing system in the specification, the service can be effectively processed on the basis of realizing quick and convenient configuration of the proxy server of the encryption machine. In addition, the service security processing system in this specification can also achieve the technical effects that can be achieved by any of the foregoing embodiments, which are not described herein again.

Further, based on the same idea, the embodiment of the present specification further provides a service security processing apparatus corresponding to the process shown in fig. 3, where the proxy configuration server belongs to the aforementioned service security processing system; the service security processing system also comprises an encryptor proxy server and an encryptor, wherein the encryptor proxy server is respectively connected with the proxy configuration server and the encryptor. The apparatus comprises one or more of the following modules:

a configuration request receiving module 500 configured to receive a configuration request, where the configuration request is generated by a terminal that sends the configuration request according to configuration information required for configuring the plurality of attributes of the encryptor proxy server;

a target attribute determining module 502 configured to determine, as a target attribute, each attribute corresponding to the configuration request among the attributes of the encryptor proxy server;

a target information determining module 504, configured to determine, for each target attribute, configuration information adopted when configuring the target attribute according to the configuration request, as target information;

the configuration module 506 is configured to configure the target attribute according to the target information to obtain a configured proxy server of the encryption engine, and further allocate the encryption resource of the encryption engine according to the configured proxy server of the encryption engine.

In an optional embodiment of the present description, the apparatus may further include: and a query module 508. The query module 508 is configured to: and receiving a query request, wherein the query request is used for acquiring the current configuration information of at least part of the attributes of the encryption machine proxy server. And sending the current configuration information corresponding to the query request to a terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of this specification, the query module 508 is specifically configured to obtain data for generating a front-end page according to current configuration information corresponding to the query request; and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present description, the configuration module 506 may include a determination sub-module 5060 and a configuration sub-module 5062.

The determining sub-module 5060 is configured to determine whether the target information matches a preset configuration range of the target attribute.

The configuration sub-module 5062 is configured to, if the target information matches the preset configuration range of the target attribute, generate a configuration instruction according to the target information, and send the configuration instruction to the proxy server of the encryption engine, so that the proxy server of the encryption engine performs configuration according to the configuration instruction.

In an optional embodiment of the present specification, the configuration sub-module 5062 is specifically configured to generate a configuration sub-instruction for the target attribute according to the target information. And aiming at each encryption machine proxy server, generating a configuration instruction according to the configuration sub-instruction corresponding to the encryption machine proxy server in each configuration sub-instruction, and sending the configuration instruction to the encryption machine proxy server.

In an optional embodiment of the present description, the apparatus may further include a prompt generation module 510. The prompt information generating module 510 is configured to generate a prompt information if the target information does not match the preset configuration range of the target attribute, and send the prompt information to the terminal corresponding to the configuration request, so that the terminal displays the prompt information.

In an optional embodiment of the present description, the apparatus may further include a feedback information generating module 512. The feedback information generating module 512 is configured to generate feedback information and send the feedback information to the terminal generating the configuration request; the feedback information is obtained according to at least one of the following: and the encryptor proxy server configures the target attributes, and the time length from the time when the encryptor proxy server receives the configuration instruction to the time when the configuration result is generated.

In an optional embodiment of the present specification, the number of the encryptor proxy servers is plural, and each encryptor proxy server has plural attributes; the attributes are divided into a plurality of grades according to the importance degree from high to low; and the attributes corresponding to the configuration request belong to different encryptor proxy servers and belong to different grades.

In an optional embodiment of this specification, the target attribute determining module 502 is specifically configured to determine a target level among the levels according to a service processing condition of the service security processing system. And determining a target attribute in the attributes of the proxy server of the encryption machine, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

Therefore, the technical effects of the methods in the foregoing embodiments can also be achieved by the apparatus in this specification, which is not described herein again.

Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 6, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, the network interface, and the memory may be connected to each other by an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.

And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.

The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the service safety processing device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:

The method executed by the service security processing apparatus according to the embodiment shown in fig. 3 of the present application may be applied to a processor, or may be implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.

The electronic device may further execute the method executed by the service security processing apparatus in fig. 5, and implement the function of the service security processing apparatus in the embodiment shown in fig. 3, which is not described herein again in this embodiment of the present application.

An embodiment of the present application further provides a computer-readable storage medium, which stores one or more programs, where the one or more programs include instructions, which, when executed by an electronic device including multiple application programs, enable the electronic device to perform the method performed by the service security processing apparatus in the embodiment shown in fig. 5, and are specifically configured to perform:

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the use of the phrase "comprising a. -. said" to define an element does not exclude the presence of other like elements in the process, method, article, or apparatus that comprises the element.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims

1. A service security processing method is based on a service security processing system, wherein the service security processing system comprises an agent configuration server, an encryptor agent server and an encryptor which are connected in sequence, the encryptor agent server is used for distributing encrypted resources provided by the encryptor, and the method comprises the following steps:

2. The method of claim 1, wherein the number of said encryption engine proxy servers is plural, the plural encryption engine proxy servers constituting a proxy server cluster; the attributes of any encryptor proxy include at least one of: the state of the encryptor proxy, the weight of the encryptor proxy in the proxy cluster.

3. The method of claim 1, wherein the method is preceded by:

4. The method of claim 3, wherein sending the current configuration information corresponding to the query request to the terminal corresponding to the query request comprises:

5. The method of claim 4, wherein receiving a configuration request comprises:

a configuration request is received based on the front-end page.

6. The method of claim 1, wherein configuring the target attribute according to the target information comprises:

7. The method of claim 6, wherein generating configuration instructions to send to the encryptor proxy server based on the destination information comprises:

8. The method of claim 6, wherein the configuration instructions are transmitted using HTTP.

9. The method of claim 7, wherein the proxy server of the encryption engine comprises a configuration instruction interface for receiving the configuration instruction, so that after the proxy server of the encryption engine receives the configuration instruction through the configuration instruction interface, each configuration sub-instruction is obtained according to the received configuration instruction, and for each configuration sub-instruction, the configuration of the attribute corresponding to the configuration sub-instruction is executed.

10. The method of claim 6, wherein the method further comprises: and if the target information is not matched with the preset configuration range of the target attribute, generating prompt information, and sending the prompt information to a terminal corresponding to the configuration request, so that the terminal displays the prompt information.

11. The method of claim 7, wherein after configuring the target attribute according to the target information, the method further comprises:

12. The method of claim 11, wherein the configured result and/or the duration are obtained by the encryptor proxy server separately for each target attribute.

13. The method of any one of claims 1 to 12, wherein the number of said encryptor proxy servers is plural, each encryptor proxy server having plural attributes; the attributes are divided into a plurality of grades from high to low according to the importance degree; attributes corresponding to the configuration request belong to different encryptor proxy servers and belong to different grades;

and determining a target attribute in the attributes of the proxy server of the encryption machine, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

14. A business safety processing system comprises an agent configuration server, an encryptor agent server and an encryptor which are connected in sequence;

the encryption machine is configured to encrypt at least part of data in the service processing process;

15. A computer readable storage medium storing one or more programs which, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of any of claims 1-13.