CN114765550B

CN114765550B - Business security processing method and system

Info

Publication number: CN114765550B
Application number: CN202011643586.5A
Authority: CN
Inventors: 张伯安; 沈村敬; 董俊峰; 强群力; 黄铮; 张栓洋; 赵彤
Original assignee: NetsUnion Clearing Corp
Current assignee: NetsUnion Clearing Corp
Priority date: 2020-12-31
Filing date: 2020-12-31
Publication date: 2023-11-21
Anticipated expiration: 2040-12-31
Also published as: CN114765550A

Abstract

The application discloses a business safety processing method and a system, which are based on a business safety processing system. The method comprises the following steps: receiving a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required by configuring a plurality of attributes of the encryptor proxy server; determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute; according to the configuration request, determining configuration information adopted when configuring the target attribute as target information aiming at each target attribute; and configuring the target attribute according to the target information to obtain a configured encryptor proxy server, and further distributing the encryption resources of the affiliated encryptor according to the configured encryptor proxy server. To enable configuration of multiple attributes via a configuration request.

Description

Business security processing method and system

Technical Field

The present application relates to the field of business security processing technologies, and in particular, to a business security processing method and system.

Background

At present, with the increasing wide application of networks and the increasing abundance of service types in different fields, the continuous development of security processing technology, and the interaction of security information by means of an encryption machine, become more and more important.

In general, the encryptor is often used in cooperation with an encryptor proxy server, which is responsible for distributing the encryption resources provided by the encryptor. In an actual service processing process, the attribute of the proxy server of the encryptor needs to be configured by a user according to service requirements, so that the encryption resource provided by the encryptor can be suitable for a specific service scenario. However, the encryption agent has numerous attributes, which results in more resources being consumed in the configuration process. Particularly, when attribute configuration is performed on the encryptor proxy server cluster, the configuration difficulty faced by the user is increased sharply.

Disclosure of Invention

The embodiment of the application provides a method and a system for processing business safety, which are used for conveniently configuring a plurality of attributes of an encryptor proxy server in a business safety processing system.

The embodiment of the application adopts the following technical scheme:

in a first aspect, an embodiment of the present application provides a service security processing method, where the method is based on a service security processing system, where the service security processing system includes a proxy configuration server, an encryptor proxy server, and an encryptor that are sequentially connected, where the encryptor proxy server is configured to allocate an encryption resource provided by the encryptor, and the method includes:

Receiving a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required by configuring a plurality of attributes of the encryptor proxy server;

determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute;

according to the configuration request, determining configuration information adopted when configuring the target attribute as target information aiming at each target attribute;

and configuring the target attribute according to the target information to obtain a configured encryptor proxy server, and further distributing the encryption resources of the affiliated encryptor according to the configured encryptor proxy server.

In an optional embodiment of the present disclosure, the number of the encryptor proxy servers is plural, and the plural encryptor proxy servers form a proxy server cluster; the attributes of any encryptor proxy server include at least one of: the state of the encryptor proxy server, the weights of the encryptor proxy server in the proxy server cluster.

In an alternative embodiment of the present specification, before the method, the method further includes:

Receiving a query request, wherein the query request is used for acquiring the current configuration information of at least part of the attribute of the encryptor proxy server;

and sending the current configuration information corresponding to the query request to the terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of the present disclosure, sending, to a terminal corresponding to the query request, current configuration information corresponding to the query request includes:

obtaining data for generating a front page according to the current configuration information corresponding to the query request;

and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present specification, receiving a configuration request includes:

and receiving a configuration request based on the front-end page.

In an optional embodiment of the present disclosure, configuring the target attribute according to the target information includes:

judging whether the target information is matched with a preset configuration range of the target attribute;

if yes, generating a configuration instruction according to the target information, and sending the configuration instruction to the encryptor proxy server, so that the encryptor proxy server performs configuration according to the configuration instruction.

In an optional embodiment of the present disclosure, generating a configuration instruction according to the target information, and sending the configuration instruction to the encryptor proxy server, where the configuration instruction includes:

generating a configuration sub-instruction aiming at the target attribute according to the target information;

and generating a configuration instruction for each encryptor proxy server according to the configuration sub-instruction corresponding to the encryptor proxy server in the configuration sub-instructions, and sending the configuration instruction to the encryptor proxy server.

In an alternative embodiment of the present specification, the configuration instructions are transmitted by means of HTTP.

In an optional embodiment of the present disclosure, the encryptor proxy server includes a configuration instruction interface configured to receive the configuration instruction, so that after the encryptor proxy server receives the configuration instruction through the configuration instruction interface, each configuration sub-instruction is obtained according to the received configuration instruction, and for each configuration sub-instruction, the attribute corresponding to the configuration sub-instruction is configured.

In an alternative embodiment of the present specification, the method further comprises: if the target information is not matched with the preset configuration range of the target attribute, generating prompt information, and sending the prompt information to a terminal corresponding to the configuration request, so that the terminal displays the prompt information.

In an optional embodiment of the present disclosure, after configuring the target attribute according to the target information, the method further includes:

generating feedback information and sending the feedback information to a terminal generating the configuration request; the feedback information is obtained according to at least one of the following: and the encryptor proxy server receives the configuration instruction until the configured result is generated.

In an alternative embodiment of the present description, the result of the configuration and/or the duration is obtained by the encryptor proxy server for each target attribute separately.

In an optional embodiment of the present disclosure, the number of encryptor proxy servers is plural, and each encryptor proxy server has plural attributes; the attribute is divided into a plurality of grades from high to low according to the importance degree; the attribute corresponding to the configuration request belongs to different encryptor proxy servers and belongs to different grades;

and determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute, wherein the attribute comprises:

determining a target grade in each grade according to the service processing condition of the service security processing system;

And determining a target attribute from the attributes of the encryptor proxy server, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

In a second aspect, the embodiment of the application also provides a service security processing system, wherein the service security processing system comprises a proxy configuration server, an encryptor proxy server and an encryptor which are sequentially connected; the encryption machine is configured to encrypt at least part of data in the service processing process;

the encryptor proxy server is configured to allocate encryption resources provided by the encryptor;

the proxy configuration server is configured to receive a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required by configuring a plurality of attributes of the encryptor proxy server; determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute; according to the configuration request, determining configuration information adopted when configuring the target attribute as target information aiming at each target attribute; and configuring the target attribute according to the target information.

In a third aspect, an embodiment of the present application further provides a service security processing apparatus, where the apparatus is applied to a proxy configuration server, where the proxy configuration server belongs to a service security processing system; the business safety processing system also comprises an encryptor proxy server and an encryptor, wherein the encryptor proxy server is respectively connected with the proxy configuration server and the encryptor. The apparatus includes one or more of the following modules:

a configuration request receiving module configured to receive a configuration request, where the configuration request is generated by a terminal that sends the configuration request according to configuration information required when configuring a plurality of attributes of the encryptor proxy server;

the target attribute determining module is configured to determine each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute;

the target information determining module is configured to determine, according to the configuration request, for each target attribute, configuration information adopted when the target attribute is configured as target information;

the configuration module is configured to configure the target attribute according to the target information to obtain a configured encryptor proxy server, and further allocate the encryption resources of the affiliated encryptor according to the configured encryptor proxy server.

In an alternative embodiment of the present specification, the apparatus may further include: and a query module. The query module is configured to: and receiving a query request, wherein the query request is used for acquiring the current configuration information of at least part of the attributes of the encryptor proxy server. And sending the current configuration information corresponding to the query request to the terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of the present disclosure, the query module is specifically configured to obtain, according to current configuration information corresponding to the query request, data for generating a front-end page; and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present description, a configuration request is received based on the front-end page.

In an alternative embodiment of the present disclosure, the configuration module may include a determination sub-module and a configuration sub-module.

The judging submodule is configured to judge whether the target information is matched with a preset configuration range of the target attribute.

The configuration submodule is configured to generate a configuration instruction according to the target information if the target information is matched with a preset configuration range of the target attribute, and send the configuration instruction to the encryptor proxy server so that the encryptor proxy server performs configuration according to the configuration instruction.

In an optional embodiment of the disclosure, the configuration sub-module is specifically configured to generate a configuration sub-instruction for the target attribute according to the target information. And generating a configuration instruction for each encryptor proxy server according to the configuration sub-instruction corresponding to the encryptor proxy server in the configuration sub-instructions, and sending the configuration instruction to the encryptor proxy server.

In an optional embodiment of the present disclosure, the apparatus may further include a prompt information generating module. The prompt information generation module is configured to generate prompt information and send the prompt information to a terminal corresponding to the configuration request if the target information is not matched with the preset configuration range of the target attribute, so that the terminal displays the prompt information.

In an alternative embodiment of the present specification, the apparatus may further include a feedback information generating module. The feedback information generation module is configured to generate feedback information and send the feedback information to the terminal generating the configuration request; the feedback information is obtained according to at least one of the following: and the encryptor proxy server receives the configuration instruction until the configured result is generated.

In an optional embodiment of the present disclosure, the number of encryptor proxy servers is plural, and each encryptor proxy server has plural attributes; the attribute is divided into a plurality of grades from high to low according to the importance degree; the attribute corresponding to the configuration request belongs to different encryptor proxy servers and belongs to different grades.

In an optional embodiment of the present disclosure, the target attribute determining module is specifically configured to determine, according to a service processing condition of the service security processing system, a target level to be determined among the levels. And determining a target attribute from the attributes of the encryptor proxy server, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

In a fourth aspect, an embodiment of the present application further provides an electronic device, including:

a processor; and

a memory arranged to store computer executable instructions that when executed cause the processor to perform any of the methods provided in the first aspect of the present specification, the method comprising:

In a fifth aspect, embodiments of the present application also provide a computer-readable storage medium storing one or more programs, which when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform any of the methods provided in the first aspect of the present specification, the method comprising:

and configuring the target attribute according to the target information to obtain a configured encryptor proxy server, and further distributing the encryption resources of the encryptor according to the configured encryptor proxy server.

The above at least one technical scheme adopted by the embodiment of the application can achieve the following beneficial effects: the business safety processing method in the specification is based on a business safety processing system, and the business safety processing system comprises a proxy configuration server, an encryptor proxy server and an encryptor which are connected in sequence. Wherein the attribute of the encryptor proxy server is a plurality of. When the service security processing method and the service security processing system are used for configuring the plurality of attributes of the encryption proxy server, the configuration of the plurality of attributes of the encryption proxy server can be realized according to the configuration request corresponding to the plurality of attributes of the encryption proxy server, the effect of configuring the plurality of attributes through one configuration request can be realized, and the convenience of attribute configuration is effectively improved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a schematic diagram of a conventional business security processing system;

fig. 2 is a schematic architecture diagram of a service security processing system according to an embodiment of the present disclosure;

Fig. 3 is a schematic diagram of a business security process according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram of a process for generating configuration instructions according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of a service security processing apparatus according to an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

In the prior art, a proxy server of the encryptor is generally adopted to allocate encryption resources provided by the encryptor. In the scenario shown in fig. 1, the encryptor server cluster includes a plurality of encryptor proxy servers, each encryptor proxy server includes a plurality of attributes, whether a plurality of attributes of a encryptor proxy server are configured, or attributes of different encryptor proxy servers are configured, and the terminal needs to send a configuration instruction for each attribute that needs to be configured.

For example, in fig. 1, when the terminal configures the attribute 11 and the attribute 13 of the encryptor proxy server 1, the configuration instruction 1 and the configuration instruction 2 need to be sent respectively. If the terminal needs to configure the attribute 22 of the encryptor proxy server 2, the configuration instruction 3 needs to be sent again. Therefore, the existing attribute configuration process for the encryption agent server is complicated, and the burden of the terminal is large.

In view of this, the technical solutions provided by the embodiments of the present disclosure are provided to at least partially solve the problem that the attribute configuration process for the encryptor proxy server is tedious and the burden of the terminal is large.

The following describes in detail the technical solutions provided by the embodiments of the present specification with reference to the accompanying drawings.

The business security processing procedure in this specification is based on a business security processing system. By way of example, the business security processing system in this specification may have an architecture as shown in fig. 2. In the architecture shown in fig. 2, the traffic safety processing system includes a proxy configuration server, a number of encryptor proxy servers (i.e., encryptor proxy servers 1 to encryptor proxy servers n), and a number of encryptors (i.e., encryptors 1 to encryptor n). Wherein each encryptor proxy server corresponds to one encryptor, so that the encryption resources of the encryptor can be allocated through the encryptor proxy server. There may be a case where one encryptor corresponds to several encryptor agents (e.g., one encryptor corresponds to two encryptor agent servers), and for convenience of description, the procedure in this specification will be described by taking one encryptor corresponds to one encryptor agent server as an example (as shown in fig. 2).

The proxy configuration server in the service security processing system is respectively connected with each encryptor proxy server and is used for setting the attribute of each encryptor proxy server, and the attribute setting process can be aimed at a plurality of attributes of a certain encryptor proxy server or aimed at a plurality of attributes of a plurality of encryptor proxy servers.

The process of setting the attribute of the encryptor proxy server and performing service security processing based on the encryptor proxy server after the attribute setting in the present specification may include one or more of the following steps:

s300: a configuration request is received.

From the foregoing, it can be seen that the process of configuring attributes of the encryptor proxy server in the present specification is performed by the proxy configuration server. The proxy configuration server is connected to the user's terminal to receive the configuration request sent by the terminal, as shown in fig. 2.

The specific form of the terminal is not limited in this specification, and the terminal may be a mobile phone, a tablet computer, a personal computer, a notebook computer, a palm computer (PDA), a wearable device (e.g., smart glasses, smart watch), etc.

The configuration request in the specification triggers the proxy configuration server to execute the configuration of the encryptor proxy server on one hand; the other party, the configuration request, also shows the configuration information required when configuring the plurality of attributes of the encryptor proxy server at this time. The "plurality of attributes" may be a plurality of attributes corresponding to a particular cryptographic proxy server, or may be a plurality of attributes corresponding to different cryptographic proxy servers.

S302: and determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute.

After receiving the configuration request, the proxy configuration server can determine each attribute, namely the target attribute, which the encryptor proxy server needs to configure in the service processing process according to the configuration request.

Similarly, since the configuration request may correspond to a plurality of attributes, the target attributes determined according to the configuration request may not be unique, as in the scenario shown in fig. 2, m target attributes are determined in total. And, since the configuration request may correspond to different cryptographic proxy servers, the target attribute determined according to the configuration request may also belong to different cryptographic proxy servers, as shown in fig. 2, the target attribute 1 corresponds to the cryptographic proxy server 1, and the target attribute 2 corresponds to the cryptographic proxy server 2.

The attribute of the encryptor proxy server can be determined according to the specific usage scenario and the type of the attribute of the encryptor proxy server, and the specification does not limit the attribute of the encryptor proxy server.

Illustratively, in an alternative embodiment of the present specification, the attribute of a cryptographic proxy may be at least one of: the state of the encryptor proxy server, the weights of the encryptor proxy server in the proxy server cluster.

The states of the encryptor proxy server may include an on state and an off state. The weights of the encryptor proxy servers in the proxy server cluster may be values within a certain range, and the weights of a certain encryptor proxy server may show that when the service security processing system processes the service, the encryptor proxy server obtains the priority degree of the service to be processed from the service processing server, that is, the service processing server preferentially distributes the service to the encryptor proxy server with higher weight.

In addition, the encryptor proxy server may also have other configurable attributes, which are not described in detail herein.

S304: and determining configuration information adopted when configuring the target attribute as target information according to the configuration request aiming at each target attribute.

In order that the proxy configuration server can determine the target attribute according to the configuration request and further determine the target information corresponding to the target attribute, in an alternative embodiment of the present disclosure, before step S300, the terminal may determine, according to a preset service requirement, an encryptor proxy server that needs to perform attribute configuration in each encryptor proxy server, as the target encryptor proxy server. Then, the attribute of the target encryptor proxy server, which needs to be configured, is determined as the target attribute. Then, for each target attribute, configuration information adopted when the target attribute is configured is determined as target information. After the target information of each target attribute is determined, a configuration request is generated according to each target information and sent to the proxy configuration server.

In some scenarios, where the terminal is the end corresponding to the user, the process of the terminal generating the configuration request may be performed in accordance with the user's operation.

Therefore, through the process in the specification, the terminal can configure the plurality of attributes of the encryption agent server only by sending one configuration request, which is beneficial to reducing resources consumed by the terminal and the corresponding user of the terminal in the process of service security processing in the specification when configuring the plurality of attributes of the encryption agent server.

S306: and configuring the target attribute according to the target information to obtain a configured encryptor proxy server, further distributing the encryption resources of the encryptor to which the configured encryptor proxy server belongs according to the configured encryptor proxy server, and further carrying out service processing according to the encryptor with the encryption resources distributed.

In an alternative embodiment of the present disclosure, the process of configuring the encryptor proxy server may be: according to the target information, a configuration sub-instruction aiming at the target attribute is generated, as shown in fig. 2, the configuration sub-instruction 1 is obtained according to the target information of the target attribute 1, and the configuration sub-instruction 2 is obtained according to the target information of the target attribute 2. And then, each configuration sub-instruction is sent to the encryptor proxy server corresponding to the configuration sub-instruction, so that the encryptor proxy server performs attribute configuration according to the received configuration sub-instruction. Illustratively, in fig. 2, the configuration sub-instruction 1 is sent to the encryptor proxy server 1, and the configuration sub-instruction 2 is sent to the encryptor proxy server 2, so that the encryptor proxy server 1 performs its own configuration according to the configuration sub-instruction 1, and so that the encryptor proxy server 2 performs its own configuration according to the configuration sub-instruction 2.

As can be seen from the foregoing, in the service security processing procedure in this specification, when configuring the attribute, the number of the encryptor proxy servers targeted may not be unique, and in another alternative embodiment, for each encryptor proxy server, a configuration instruction may also be generated according to a configuration sub-instruction corresponding to the encryptor proxy server in each configuration sub-instruction. The configuration instruction is then sent to the cryptographic proxy.

Further, the encryptor proxy server in the present specification includes a configuration instruction interface for receiving the configuration instruction. The encryptor proxy server receives the configuration instructions through its configuration instruction interface, and then obtains each configuration sub-instruction according to the received configuration instructions. And then, the encryptor proxy server executes the configuration of the attribute corresponding to each configuration sub-instruction received by the encryptor proxy server.

The proxy configuration server thus completes the configuration of the encryptor proxy server. Optionally, the service security processing system in the present specification may further include a service server, as shown in fig. 2, where the service server is connected to the encryptor proxy server, and the service server may use the configured encryptor proxy server to perform subsequent service processing. The specific content of the service in the specification can be determined according to the function of the encryption machine and the actual service scene. For example, in a financial scenario, a transaction data encryption process performed by a bank using an encryptor proxy server and an encryptor is the business in this specification.

In addition, the process in this specification continues to supervise the effect of the configuration after the configuration of the encryptor proxy server is completed.

Specifically, as shown in fig. 2, the process may be: and receiving a result (for example, the configuration result may be one of "configuration success" and "configuration failure") sent by the encryptor proxy server, and a duration between the encryptor proxy server receiving the configuration instruction and generating the configuration result, as the available information.

When the target attribute of a certain encryptor proxy server is multiple, the configuration result and duration of the target attribute can be determined as the available sub-information of the target attribute according to each target attribute to be configured. And then, obtaining the available information of the encryptor proxy server according to the available sub-information of the encryptor proxy server.

In an alternative embodiment of the present specification, in the case of a timeout of the encryptor proxy server configuration, the duration may be determined to be a larger value preset, or the result of the configuration may be set directly to "configuration failure".

For example, in the scenario shown in fig. 2, where only the encryptor proxy server 2 returns the configuration result, the encryptor proxy server 1 does not return any data, and a timeout occurs for the configuration of the encryptor proxy server 1, the proxy configuration server may directly determine that the configuration result of the encryptor proxy server 1 is "configuration failure".

After determining the available information, feedback information for feeding back to the terminal may be generated according to the available information, so that the feedback information may show at least one of a result of the encryptor proxy server configuring each target attribute and a time period between receiving the configuration instruction by the encryptor proxy server and generating the configured result. And then, the feedback information is sent to the terminal generating the configuration request. After receiving the feedback information, the terminal can display the feedback information to the user in a pattern, characters, sound and light mode and the like, so that the user can know the configuration result of the encryption machine proxy server.

When the available information returned by the encryptor proxy server and received by the proxy configuration server corresponds to a plurality of target attributes, the proxy configuration server can integrate the configuration result and duration of each target attribute shown by the available information to obtain feedback information. The process in the specification can also show the adjustment conditions aiming at a plurality of target attributes through one piece of feedback information, so that the display of the terminal according to the feedback information is clearer and clearer, and the user experience is improved.

In an alternative embodiment of the present specification, to be able to facilitate the operation of the user, the interaction between the user and the proxy configuration server through the terminal may be performed in the form of a page. In the example shown in FIG. 2, the proxy configuration server is based on a B/S architecture. Wherein B is a "Browser end", i.e., a Browser end; s refers to a "Server side", i.e., a Server side. The Browser end corresponds to a terminal of a user, the Server end corresponds to an encryptor proxy Server, and the Browser end is connected with the Server end. The Browser end is used for generating data needed for determining the front-end page.

As can be seen from the foregoing, the service security processing procedure in the present specification may be performed under the control of the user corresponding to the terminal. The proxy configuration server may receive a query request for obtaining the current configuration information of at least part of the attributes of the encryptor proxy server, as shown in fig. 2, before the aforementioned step S300, and the query request may be generated by the terminal according to the operation of the user. Then, the proxy configuration server sends the current configuration information corresponding to the query request to the terminal corresponding to the query request as a query result, so that the terminal generates a configuration request based on the query result.

The proxy configuration server (specifically, the Browser end of the proxy configuration server) may obtain data for generating the front-end page according to the current configuration information corresponding to the query request in the process that the proxy configuration server feeds back the query result to the terminal. And then, the proxy configuration server (specifically, a Browser end of the proxy configuration server) can send the data to the terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In addition, the Browser end in the present specification is not only used for sending data to the terminal, but also used for receiving data sent by the terminal, and the Browser end may receive a configuration request generated by the terminal based on the front-end page, so as to execute subsequent steps according to the configuration request.

It can be seen that the Browser end of the proxy configuration server of the present specification can implement interaction with the terminal and the user corresponding to the terminal. The Server end of the proxy configuration Server can then execute subsequent steps based on the configuration request received by the Browser end. Specifically, the Browser end may be used to perform steps S302 to S306 described above.

In some cases, the target information corresponding to the configuration request may exceed the allowed configuration range, for example, the allowed configuration range of a certain attribute is a value between 0 and 10, while the target information shown by the configuration request for the attribute is 16, and if the configuration request is configured according to the configuration request, the configuration may fail or have other negative effects.

In order to avoid this, in an alternative embodiment of the present disclosure, the Browser end may further determine whether the target information matches the preset configuration range of the target attribute after obtaining the target information corresponding to the configuration request. If the result is yes, generating a configuration instruction according to the target information, and sending the configuration instruction to an encryptor proxy server to which the target attribute belongs as shown in fig. 3, so that the encryptor proxy server performs configuration according to the configuration instruction; if the judgment result is negative, generating data for obtaining the prompt information and sending the data to the Browser end, so that the Browser end displays the prompt information through the terminal according to the data for obtaining the prompt information.

Alternatively, if the configuration request corresponds to a plurality of target attributes, it may be determined for each target attribute whether the target information corresponding to the target attribute exceeds the allowable configuration range (for example, determining for the target information of the ith target attribute in the target attributes, as shown in fig. 4). Executing the subsequent configuration steps aiming at the target attribute corresponding to the target information which does not exceed the allowed configuration range; for the target attribute corresponding to the target information beyond the allowable configuration range, generating prompt information, configuring for the target attribute 1 and the target attribute 2, and sending out the prompt information for the target attribute 3 to the target attribute m as shown in fig. 2.

In some scenarios, the number of encryptor proxy servers is multiple, each encryptor proxy server having multiple attributes. In order to enable efficient configuration of the attributes of the encryptor proxy server, in an alternative embodiment of the present specification, the respective attributes may be classified into several levels in advance according to the importance level from high to low. If the attribute corresponding to the configuration request received by the proxy configuration server belongs to different encryptor proxy servers and belongs to different grades, determining a target grade in each grade according to the service processing condition of the service security processing system. And determining a target attribute from the attributes of the encryptor proxy server, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

It can be seen that the target level has the property of a threshold and that attributes having a level higher than the target level are not configurable. In an actual scenario, there may be a case where a user wants to complete attribute configuration for multiple encryptor proxy servers through one operation, when the multiple encryptor proxy servers are configured uniformly, if the attributes are not distinguished, the user is allowed to configure all the attributes indiscriminately, once the user operates incorrectly, all the encryptor proxy servers may be affected, and thus the business processing process may be affected. In the present specification, classification of attributes can effectively cause such a phenomenon.

In an alternative embodiment of the present disclosure, the proxy configuration server and the encryptor proxy server are data transmitted by means of HTTP, and for example, the foregoing configuration instructions may be transmitted by means of HTTP.

Based on the same thought, the embodiment of the specification also provides a business security processing system. As shown in fig. 2, the service security processing system in this specification includes a proxy configuration server, a encryptor proxy server, and an encryptor connected in this order.

The encryption machine is configured to encrypt at least part of data in the service processing process.

The encryptor proxy server is configured to allocate encryption resources provided by the encryptor.

By adopting the service security processing system in the specification, the processing of the service can be effectively realized on the basis of realizing the rapid and convenient configuration of the proxy server of the encryption machine. In addition, the service security processing system in the present specification can also achieve the technical effects that can be achieved by any of the foregoing embodiments, which is not described in detail herein.

Further, based on the same thought, the embodiment of the present disclosure further provides a service security processing apparatus corresponding to the process shown in fig. 3, where the proxy configuration server belongs to the foregoing service security processing system; the business safety processing system also comprises an encryptor proxy server and an encryptor, wherein the encryptor proxy server is respectively connected with the proxy configuration server and the encryptor. The apparatus includes one or more of the following modules:

a configuration request receiving module 500 configured to receive a configuration request, where the configuration request is generated by a terminal that sends the configuration request according to configuration information required for configuring a plurality of attributes of the encryptor proxy server;

the target attribute determining module 502 is configured to determine each attribute corresponding to the configuration request from the attributes of the encryptor proxy server, and the determined attribute is used as a target attribute;

A target information determining module 504 configured to determine, for each target attribute, configuration information adopted when configuring the target attribute, as target information, according to the configuration request;

the configuration module 506 is configured to configure the target attribute according to the target information to obtain a configured encryptor proxy server, and further allocate the encryption resource of the affiliated encryptor according to the configured encryptor proxy server.

In an alternative embodiment of the present specification, the apparatus may further include: a query module 508. The query module 508 is configured to: and receiving a query request, wherein the query request is used for acquiring the current configuration information of at least part of the attributes of the encryptor proxy server. And sending the current configuration information corresponding to the query request to the terminal corresponding to the query request, so that the terminal generates a configuration request according to the received configuration information.

In an optional embodiment of the present disclosure, the query module 508 is specifically configured to obtain data for generating a front-end page according to current configuration information corresponding to the query request; and sending the data to a terminal corresponding to the query request, so that the terminal displays the front-end page according to the data.

In an alternative embodiment of the present disclosure, the configuration module 506 may include a determination submodule 5060 and a configuration submodule 5062.

The judging submodule 5060 is configured to judge whether the target information matches with a preset configuration range of the target attribute.

The configuration submodule 5062 is configured to generate a configuration instruction according to the target information if the target information is matched with a preset configuration range of the target attribute, and send the configuration instruction to the encryptor proxy server, so that the encryptor proxy server performs configuration according to the configuration instruction.

In an alternative embodiment of the present disclosure, the configuration sub-module 5062 is specifically configured to generate, according to the target information, a configuration sub-instruction for the target attribute. And generating a configuration instruction for each encryptor proxy server according to the configuration sub-instruction corresponding to the encryptor proxy server in the configuration sub-instructions, and sending the configuration instruction to the encryptor proxy server.

In an optional embodiment of the present disclosure, the apparatus may further include a prompt generation module 510. The prompt information generating module 510 is configured to generate prompt information if the target information does not match the preset configuration range of the target attribute, and send the prompt information to the terminal corresponding to the configuration request, so that the terminal displays the prompt information.

In an alternative embodiment of the present disclosure, the apparatus may further include a feedback information generation module 512. The feedback information generating module 512 is configured to generate feedback information, and send the feedback information to the terminal that generates the configuration request; the feedback information is obtained according to at least one of the following: and the encryptor proxy server receives the configuration instruction until the configured result is generated.

In an alternative embodiment of the present disclosure, the target attribute determining module 502 is specifically configured to determine, according to a service processing status of the service security processing system, a target level to be determined among the levels. And determining a target attribute from the attributes of the encryptor proxy server, so that the target attribute corresponds to the configuration request, and the grade of the target attribute is lower than the target grade.

It can be seen that the technical effects of the method in the foregoing embodiments can be achieved by the apparatus in the present specification, which is not described herein.

Fig. 6 is a schematic structural view of an electronic device according to an embodiment of the present application. Referring to fig. 6, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.

The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 6, but not only one bus or type of bus.

And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.

The processor reads the corresponding computer program from the nonvolatile memory to the memory and then runs, and the business security processing device is formed on the logic level. The processor is used for executing the programs stored in the memory and is specifically used for executing the following operations:

The method performed by the service security processing apparatus disclosed in the embodiment of fig. 3 of the present application may be applied to a processor or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.

The electronic device may also execute the method executed by the service security processing apparatus in fig. 5, and implement the functions of the service security processing apparatus in the embodiment shown in fig. 3, which is not described herein again.

The embodiment of the present application also proposes a computer readable storage medium storing one or more programs, the one or more programs including instructions, which when executed by an electronic device comprising a plurality of application programs, enable the electronic device to perform a method performed by a service security processing apparatus in the embodiment shown in fig. 5, and specifically configured to perform:

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims

1. A service security processing method, the method being based on a service security processing system, wherein the service security processing system comprises a proxy configuration server, an encryptor proxy server and an encryptor, which are sequentially connected, the encryptor proxy server being used for distributing encryption resources provided by the encryptor, the method comprising:

configuring the target attribute according to the target information to obtain a configured encryptor proxy server, and further distributing encryption resources of the affiliated encryptor according to the configured encryptor proxy server;

the number of the encryptor proxy servers is multiple, and each encryptor proxy server has multiple attributes; the attribute is divided into a plurality of grades from high to low according to the importance degree; the attribute corresponding to the configuration request belongs to different encryptor proxy servers and belongs to different grades;

2. The method of claim 1, wherein the number of encryptor proxy servers is a plurality, the plurality of encryptor proxy servers comprising a proxy server cluster; the attributes of any encryptor proxy server include at least one of: the state of the encryptor proxy server, the weights of the encryptor proxy server in the proxy server cluster.

3. The method of claim 1, wherein prior to the method, further comprising:

4. The method of claim 3, wherein transmitting the current configuration information corresponding to the query request to the terminal corresponding to the query request comprises:

5. The method of claim 4, wherein receiving a configuration request comprises:

and receiving a configuration request based on the front-end page.

6. The method of claim 1, wherein configuring the target attribute according to the target information comprises:

7. The method of claim 6, wherein generating a configuration instruction from the target information and sending the configuration instruction to the encryptor proxy server includes:

8. The method of claim 6, wherein the configuration instructions are transmitted using HTTP.

9. The method of claim 7, wherein the encryptor proxy server includes a configuration instruction interface for receiving the configuration instruction, so that after the encryptor proxy server receives the configuration instruction through the configuration instruction interface, each configuration sub-instruction is obtained according to the received configuration instruction, and for each configuration sub-instruction, the attribute corresponding to the configuration sub-instruction is configured.

10. The method of claim 6, wherein the method further comprises: if the target information is not matched with the preset configuration range of the target attribute, generating prompt information, and sending the prompt information to a terminal corresponding to the configuration request, so that the terminal displays the prompt information.

11. The method of claim 7, wherein after configuring the target attribute according to the target information, the method further comprises:

12. The method of claim 11, wherein the result of the configuration and/or the duration is obtained separately for each target attribute by a encryptor proxy server.

13. The service security processing system comprises a proxy configuration server, an encryptor proxy server and an encryptor which are connected in sequence;

the encryption machine is configured to encrypt at least part of data in the service processing process;

the proxy configuration server is configured to receive a configuration request, wherein the configuration request is generated by a terminal sending the configuration request according to configuration information required by configuring a plurality of attributes of the encryptor proxy server; determining each attribute corresponding to the configuration request from the attributes of the encryptor proxy server as a target attribute; according to the configuration request, determining configuration information adopted when configuring the target attribute as target information aiming at each target attribute; configuring the target attribute according to the target information;

14. A computer readable storage medium storing one or more programs, which when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform the method of any of claims 1-12.