CN115189956A - File security sharing method - Google Patents
File security sharing method Download PDFInfo
- Publication number
- CN115189956A CN115189956A CN202210842001.5A CN202210842001A CN115189956A CN 115189956 A CN115189956 A CN 115189956A CN 202210842001 A CN202210842001 A CN 202210842001A CN 115189956 A CN115189956 A CN 115189956A
- Authority
- CN
- China
- Prior art keywords
- file
- bank
- file transmission
- terminal
- banking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000005540 biological transmission Effects 0.000 claims abstract description 176
- 238000012795 verification Methods 0.000 claims description 14
- 230000004044 response Effects 0.000 claims description 12
- 230000001360 synchronised effect Effects 0.000 claims description 10
- 230000008569 process Effects 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Abstract
The present disclosure provides a file security sharing method, which is applied to a banking system; the method comprises the following steps: acquiring the state of a server of a business object of a banking business system; selecting a file security sharing mode according to the state of the server of the business object, wherein the mode comprises the following steps: uploading and/or downloading files to a third-party server to respond to the file requirements of the business object; by the method, the requirements of the business object on the shared file can be met by cross-network file transmission under the conditions of facing to the problems and challenges of complex network environment, multiple transmission scenes, data safety protection and the like.
Description
Technical Field
The invention belongs to the technical field of internet security, and particularly relates to a file security sharing method.
Background
At present, when a bank carries out various services, cross-network file transmission is generally required between the bank and a branch bank and between the bank and a third-party organization. Including, for example, reconciliation files, end-of-day files, account information, transaction information, etc., need to be transmitted over the network. In actual service, the problems and challenges of complex network environment, many transmission scenes, data security protection and the like can be faced. How to realize the safe sharing of the files under the condition that the network has huge potential safety hazards also becomes a problem which needs to be solved urgently.
Disclosure of Invention
In view of the above problems in the prior art, the present invention provides a secure and reliable file sharing method that is implemented quickly across network devices.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
the file security sharing method is applied to a banking system; the method comprises the following steps: acquiring the state of a server of a business object of a banking business system; selecting a file security sharing mode according to the state of the server of the service object, wherein the mode comprises the following steps: and uploading and/or downloading files to a third-party server so as to respond to the file requirements of the business object.
In some embodiments of the present disclosure, the upload file comprises a synchronous upload file and an asynchronous upload file; the download files include synchronous download files and asynchronous download files.
In some embodiments of the present disclosure, the synchronizing uploading the file comprises the steps of:
the method comprises the following steps that firstly, a banking system side uploads a file to a file storage side;
step two, the file storage end responds to the uploading result and sends a file storage address to the banking system end;
step three, based on the file transmission request of the business object, the banking business system end sends the identification code of the business object and the storage address of the file corresponding to the file transmission request to a banking file transmission end;
step four, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal downloads a file corresponding to the file transmission request from the file storage terminal;
step five, the file storage terminal responds to the downloading request of the bank file transmission terminal and returns the file corresponding to the downloading request to the bank file transmission terminal; the bank file transmission terminal stores the file locally;
step six, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step seven, the third-party server responds to the uploading result and sends the uploading result to the bank file transmission terminal;
and step eight, the bank file transmission terminal responds to the uploading result and returns the uploading result to the banking system terminal.
In some embodiments of the present disclosure, the sending, by the banking system end, the identification code of the business object and the storage address of the file corresponding to the file transmission request to the banking file transmission end based on the file transmission request of the business object further includes: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
In some embodiments of the present disclosure, the asynchronous uploading of the file comprises the steps of:
the method comprises the following steps that firstly, a banking system side uploads a file to a file storage side;
step two, the file storage end responds to an uploading result and sends the file storage address to the banking system end;
step three, based on the file transmission request of the business object, the banking business system end sends the identification code of the business object and the file storage address corresponding to the file transmission request to a banking file transmission end;
step four, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file uploading request to a file transmission service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file uploading request of the banking system terminal and sends file uploading acceptance information and the asynchronous message identifier to the banking system terminal;
step five, the bank file transmission terminal downloads the file corresponding to the file transmission request from the file storage terminal;
step six, the file storage end returns the file to the bank file transmission end, and the bank file transmission end stores the file locally;
step seven, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step eight, the third-party server responds to an uploading result and sends the uploading result to the bank file transmission terminal;
step nine, the bank file transmission terminal sends the uploading result and the asynchronous message identification to a bank message queue terminal;
step ten, the banking system end monitors the information of the bank information queue end and obtains the uploading result when the information is matched with the asynchronous information identification.
In some embodiments of the present disclosure, the sending, by the banking system end, the identification code of the business object and the file storage address corresponding to the file transmission request to the banking file transmission end based on the file transmission request of the business object further includes: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
In some embodiments of the present disclosure, the synchronizing the download file includes:
step one, a banking business system terminal calls a file downloading interface of a banking file transmission terminal, and sends an identification code of a business object and file information of a file to be downloaded to the banking file transmission terminal;
step two, the bank file transmission end verifies the identification code and the file speed limit, and when the verification result is yes, the bank file transmission end logs in the third-party server and downloads the file;
step three, the third-party server transmits response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file locally;
step four, the bank file transmission end carries out security scanning on the file, and after the security scanning is passed, the bank file transmission uploads the file to the file storage end;
step five, the file storage end sends the file storage address to the bank file transmission end;
step six, the bank file transmission terminal sends the storage address to the banking system terminal;
step seven, based on the storage address, the banking system side downloads the file from the file storage side;
and step eight, the file storage end sends a file downloading response result to the banking system end.
In some embodiments of the present disclosure, the banking system terminal invokes a file downloading interface of a bank file transmission terminal, and sends the identification code of the service object and the file information of the file to be downloaded to the bank file transmission terminal, and further includes: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
In some embodiments of the present disclosure, the asynchronous downloading of the file comprises the steps of:
step one, a banking business system terminal calls a file downloading interface of a banking file transmission terminal, and sends an identification code of a business object, a file storage directory and file information of a file to be downloaded to the banking file transmission terminal;
step two, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file downloading request to a file downloading service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file downloading request of the banking system terminal and sends file downloading acceptance information and the asynchronous message identifier to the banking system terminal;
step three, based on the identification code of the business object, the bank file transmission terminal logs in the third-party server and downloads files based on the file storage directory;
step four, the third-party server sends response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file to the local;
step five, the bank file transmission end carries out security scanning on the file, and when the security scanning result is yes, the file is stored in the file storage end, and a file storage address is obtained;
step six, the file storage end transmits the file storage address to the bank file transmission end;
step seven, the bank file transmission terminal sends the asynchronous message identification and the file storage address to a bank message queue terminal;
step eight, the banking system end monitors a downloading queue message of the banking message queue end, and when the downloading queue message is matched with the asynchronous message identification, uploading result information and the file storage address are obtained;
step nine, the banking system terminal downloads a file corresponding to the file storage address from the file storage terminal;
step ten, the file storage terminal sends the download result of the response file to the banking system terminal.
Compared with the prior art, the invention has the beneficial effects that:
by the file security sharing method, under the state of the server for acquiring the business object, the file security sharing mode is selected according to the state of the server, so that operation and maintenance complexity and potential security risks caused by the fact that a bank side provides an SFTP server are avoided; and the illegal stealing or monitoring by the network in the process of implementing file sharing is effectively avoided by means of a key pair, SFTP and the like.
By constructing a uniform file sharing platform, each business system of the bank can be conveniently and rapidly accessed in a configuration mode, the butt joint efficiency of file sharing between the business system and a business object is improved, and a uniform safety protection and speed limit strategy is provided.
Drawings
In the drawings, which are not necessarily drawn to scale, like reference numerals may describe similar parts throughout the different views. Like reference numerals having letter suffixes or different letter suffixes may represent different instances of similar components. The drawings illustrate various embodiments generally by way of example, and not by way of limitation, and together with the description and claims serve to explain the disclosed embodiments. The same reference numbers will be used throughout the drawings to refer to the same or like parts, where appropriate. Such embodiments are illustrative, and are not intended to be exhaustive or exclusive embodiments of the present apparatus or method.
FIG. 1 is a flowchart of a file security sharing method according to an embodiment of the present invention;
fig. 2 is a timing diagram of synchronous uploading of files in the file security sharing method according to the embodiment of the present invention;
FIG. 3 is a flowchart illustrating synchronous file uploading in a file security sharing method according to an embodiment of the present invention;
FIG. 4 is a timing diagram illustrating asynchronous file uploading in a file security sharing method according to an embodiment of the present invention;
fig. 5 is a flowchart of asynchronously uploading a file in a file security sharing method according to an embodiment of the present invention;
FIG. 6 is a timing chart illustrating the synchronous downloading of files in the file security sharing method according to the embodiment of the present invention;
FIG. 7 is a flowchart illustrating synchronous downloading of files in the file security sharing method according to an embodiment of the present invention;
FIG. 8 is a timing diagram illustrating asynchronous downloading of files in the file security sharing method according to an embodiment of the present invention;
fig. 9 is a flowchart of asynchronous file downloading in a file security sharing method according to an embodiment of the present invention.
Detailed Description
The following detailed description of specific embodiments of the present invention is provided in connection with the accompanying drawings, which are not intended to limit the invention. The following detailed description is provided to enable those skilled in the art to better understand the technical solutions of the present disclosure, with reference to the accompanying drawings and specific embodiments. Embodiments of the disclosure are described in further detail below with reference to the figures and the detailed description, but the disclosure is not limited thereto.
All terms (including technical or scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs unless specifically defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
At present, when a bank carries out various services, cross-network file transmission is generally required between the bank and a branch bank and between the bank and a third-party organization. Including, for example, account reconciliation files, day to day files, account information, transaction information, etc., need to be transmitted over the network. In actual service, the problems and challenges of complex network environment, multiple transmission scenes, data security protection and the like can be faced. How to realize the safe sharing of the files under the condition that the network has huge potential safety hazards also becomes a problem which needs to be solved urgently. To this end, the present invention provides the following idea.
The design concept is as follows: the method is initiated by a business system in a bank to upload or download files to a third party, at the moment, the third party is required to provide an FTP/SFTP server, and the file transfer service performs related file operation by logging in the FTP/SFTP server. The bank does not provide FTP/SFTP to the outside, thereby effectively avoiding unnecessary risks caused by key leakage in the use process of a third party.
The file transmission service is configured based on different corresponding scenes of uploading and downloading, and the configuration parameters mainly comprise inline service system codes, addresses of third-party servers, user name passwords, speed limit, whether asynchronous transmission is performed or not, and whether keys are used or not. The above configuration is associated with a unique identification code (GroupID). When the inline service system calls the file transfer service to download the file, other configuration details are shielded by transmitting the identification code. For example, in the first scenario, the bank file transfer terminal logs in to the third-party server and initiates a file downloading operation, and then for the third-party server, it responds to the file for the bank file transfer terminal; in a second scenario, the bank file transmission end or the banking system end accesses the bank file storage end, and the bank file storage end responds to the request, which is also a specific application scenario of the response file. Correspondingly, the downloading result corresponding to the first scenario may be that the bank file transmission terminal (caller) is only notified, and the downloading result is successful or failed, if the downloading result is successful (that is, the downloading of the file is finished, the file downloading process is ensured to be safe and reliable, and the downloaded file is complete), the banking system (client) is notified of relevant information such as a file path, and if the downloading is failed, the banking system is notified of the reason of the failure. So far, the following technical scheme is constructed based on the application scenario and the corresponding design concept.
The invention provides a file security sharing method, which is applied to a banking system and is shown in figure 1; the method comprises the following steps:
s001, acquiring the state of a server of a business object of a banking system;
step S002, selecting a file security sharing mode according to the state of the server of the service object, wherein the mode comprises the following steps: and uploading and/or downloading files to a third-party server so as to respond to the file requirements of the business object.
In this embodiment, the states of the server of the business object include a disabled state, an unavailable state or a non-access state, that is, the business object cannot provide an effective and secure server for uploading and/or downloading files at least in the current state of the business occurrence, and the banking system implements a corresponding processing manner for the states, so that the business can be performed normally in a secure and reliable manner. In the embodiment of the invention, as the banking system does not directly provide a server for sharing files, such as an SFTP server, the operation and maintenance complexity and potential security risk caused by the provision of the SFTP server on the banking system side are avoided; and the illegal stealing or monitoring by the network in the process of implementing file sharing is effectively avoided by a key peer-to-peer mode.
In an embodiment of the present invention, the upload file includes a synchronous upload file and an asynchronous upload file; the download files include synchronous download files and asynchronous download files. The process steps of the specific upload and download will be described in detail below.
It should be noted that the file security sharing method in the embodiment of the present invention is implemented based on a standard protocol, and the standard network protocol supported by the file sharing method includes: FTP and SFTP, but not limited to, cover the current mainstream protocol to the maximum extent, and further can be compatible with more business objects, thereby facilitating the realization of a general and safe file sharing scheme, and facilitating the business development.
In an embodiment of the present invention, with reference to fig. 2 and fig. 3, the synchronizing uploading the file includes the following steps:
step one, S101, a banking system side uploads a file to a file storage side; here, the Storage medium at the file Storage end may be selected according to a bank technology stack, such as Object-based Storage (Object-based Storage), NAS, and the like, where both the Object-based Storage and the NAS belong to a new network Storage architecture.
Object storage is a computer data storage architecture that manages data as objects, as opposed to other storage architectures (e.g., file systems that manage data as a file hierarchy) and block storage that manages data as blocks and blocks within sectors. Each object typically includes the data itself, a variable amount of metadata, and a globally unique identifier.
Object storage may be implemented at a number of levels, including a device level (object storage device), a system level, and an interface level. In each case, the object store attempts to implement functionality that is not addressed by other storage architectures. For example, the interface, which can be directly programmed by an application, the namespace spanning multiple physical hardware instances, and data management functions, such as data replication and data distribution, are at object level granularity. Compared with a database, namely a technology for oriented to structured data storage, the object storage is mainly oriented to storage of a large amount of unstructured data, and the daily business of banks belongs to unstructured data. These daily generated data are all suitable for storage in the object store. Particularly, the object storage provides massive, safe, low-cost and highly reliable cloud storage service by using the current mainstream cloud storage. Further, the Object-based Storage Device is called an Object-based Storage Device (OSD) for short. NAS storage, adopt NFS or CIFS command set to visit the data, regard file as the transport protocol, realize the network storage through TCP/IP, have the advantage that it is easy to expand and competent, the price is cheap, users manage. Such as the currently more NFS file systems used in cluster computing.
Step two S102, the file storage end responds to the uploading result and sends a file storage address to the banking system end;
step three S103, based on the file transmission request of the service object, the banking service system end sends the identification code of the service object and the storage address of the file corresponding to the file transmission request to a banking file transmission end; further, the third step further comprises: the banking system side sends the FTP directory information of the third-party server to the bank file transmission side; in this embodiment, the file transfer request further includes information for uploading the file to a third-party server.
Step four S104, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal downloads a file corresponding to the file transmission request from the file storage terminal; in the embodiment, redis is used as a global file sharing speed-limiting strategy, and the following steps are carried out; in step four, the identification code is checked for security purposes. As banking business mainly relates to capital business transaction and personal privacy of users, necessary verification is needed for safety and prevention of related information leakage, and verification of different levels is carried out according to division of information safety levels, so that safety is guaranteed, and the speed of operating data is not influenced. The main purpose of checking the file speed limit is to avoid system breakdown caused by overload or prevent other clients from performing relevant data operation due to the fact that individual users occupy network channels for a long time in the process of uploading or downloading files based on service overload protection.
Step five S105, the file storage terminal responds to the downloading request of the bank file transmission terminal and returns the file corresponding to the downloading request to the bank file transmission terminal; the bank file transmission terminal stores the file locally;
step six S106, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step seven S107, the third party server responds to the uploading result and sends the uploading result to the bank file transmission terminal;
step eight S108, the bank file transmission terminal responds to the uploading result and returns the uploading result to the banking system terminal.
In an embodiment of the present invention, with reference to fig. 4 and fig. 5, the asynchronous uploading a file includes the following steps:
step one, S201, a banking system side uploads a file to a file storage side;
step two S202, the file storage end responds to the uploading result and sends the file storage address to the banking system end;
step three S203, based on the file transmission request of the business object, the banking business system end sends the identification code of the business object and the file storage address corresponding to the file transmission request to a banking file transmission end; further, the third step further comprises: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side. In this embodiment, the file transfer request further includes information for uploading the file to a third-party server.
Step four S204, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file uploading request to a file transmission service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file uploading request of the banking system terminal and sends file uploading acceptance information and the asynchronous message identifier to the banking system terminal;
step S205, the bank file transmission terminal downloads the file corresponding to the file transmission request from the file storage terminal;
step six S206, the file storage end returns the file to the bank file transmission end, and the bank file transmission end stores the file locally;
step seven S207, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step eight S208, the third party server responds to the uploading result and sends the uploading result to the bank file transmission terminal;
step nine S209, the bank file transmission terminal sends the uploading result and the asynchronous message identifier to a bank message queue terminal; in this step, the bank message queue terminal may select a corresponding message queue according to a bank technology stack, such as Kafka, rabbitmq, and the like. Kafka is an open source stream processing platform developed by the Apache software foundation, and is a high-throughput distributed publish-subscribe messaging system that can process all the action stream data of a consumer in a website. Such actions (including web browsing, searching and other user actions) are a key factor in many social functions on modern networks. The relevant data is typically addressed by handling logs and log aggregations due to throughput requirements. The purpose of Kafka is to unify online and offline message processing through the Hadoop parallel load mechanism, and also to provide real-time messages through clustering. In particular, it is possible to solve a problem that a message is blocked or a service cannot be normally accessed due to various defects.
And rabbitmq is open source message agent software implementing Advanced Message Queuing Protocol (AMQP), which has scalability for cluster services; and the method also has message persistence, and can persist messages from the memory to the hard disk and then load the messages from the hard disk to the memory.
Step ten S210, the banking system end monitors the information of the bank information queue end and obtains the uploading result when the information is matched with the asynchronous information identification.
In an embodiment of the present invention, with reference to fig. 6 and fig. 7, the step of synchronously downloading the file includes the following steps:
step one S301, a banking business system terminal calls a file downloading interface of a banking file transmission terminal and sends an identification code of a business object and file information of a file to be downloaded to the banking file transmission terminal; further, the first step further comprises: the banking system side sends the FTP directory information of the third-party server to the bank file transmission side; in this embodiment, the file information may include: the file name, file size, file address, etc. may be adjusted according to the requirements of the business object and the banking system, and are not limited herein. The file information comprises the FTP directory and the file name of a third party outside the bank, and the included information can be adjusted correspondingly according to different application scenes.
Step two S302, the bank file transmission terminal verifies the identification code and the file speed limit, and when the verification result is yes, the bank file transmission terminal logs in the third-party server and downloads the file;
step three S303, the third party server transmits the response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file locally;
step four S304, the bank file transmission end carries out security scanning on the file, and after the security scanning is passed, the bank file transmission uploads the file to the file storage end; in this embodiment, different security tools may be selected according to the technology stack, for example, by using clamAv open source software for file security scanning, the same applies below;
step S305, the file storage terminal sends the file storage address to the bank file transmission terminal;
step six S306, the bank file transmission terminal sends the storage address to the banking system terminal;
step seven S307, based on the storage address, the banking system side downloads the file from the file storage side;
step eight S308, the file storage terminal sends the result of responding to downloading the file to the banking system terminal.
In an embodiment of the present invention, with reference to fig. 8 and fig. 9, the asynchronous downloading of the file includes the following steps:
step one S401, a banking business system terminal calls a file downloading interface of a banking file transmission terminal, and sends an identification code of a business object, a file storage directory and file information of a file to be downloaded to the banking file transmission terminal;
step two S402, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file downloading request to a file downloading service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file downloading request of the banking system terminal and sends file downloading acceptance information and the asynchronous message identifier to the banking system terminal;
step three S403, based on the identification code of the business object, the bank file transmission terminal logs in the third-party server and downloads files based on the file storage directory;
step four S404, the third party server sends the response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file to the local;
step S405, the bank file transmission terminal performs security scanning on the file, and when the security scanning result is yes, the file is stored in the file storage terminal, and a file storage address is obtained;
step six S406, the file storage end transmits the file storage address to the bank file transmission end;
step seven S407, the bank file transmission terminal sends the asynchronous message identifier and the file storage address to a bank message queue terminal;
step eight S408, the banking business system end monitors the downloading queue information of the banking information queue end, and when the downloading queue information is matched with the asynchronous information identification, the uploading result information and the file storage address are obtained; when the matching is successful, the file downloading is indicated to be finished.
Step nine S409, the banking system side downloads the file corresponding to the file storage address from the file storage side;
step ten S410, the file storage terminal sends the download result of the response file to the banking system terminal.
Moreover, although illustrative embodiments have been described herein, the scope includes any and all embodiments having equivalent elements, modifications, omissions, combinations (e.g., of aspects across various embodiments), adaptations or alterations based on the present disclosure. The elements of the claims are to be interpreted broadly based on the language employed in the claims and not limited to examples described in the specification or during the life of the application. Further, the steps of the disclosed methods may be modified in any manner, including by reordering steps or inserting or deleting steps. It is intended, therefore, that the description be regarded as illustrative only, with a true scope being indicated by the following claims and their full scope of equivalents.
The above description is intended to be illustrative and not restrictive. For example, the above-described examples (or one or more aspects thereof) may be used in combination with each other. Other embodiments may be utilized, for example, by one of ordinary skill in the art, upon reading the above description. Also, in the foregoing detailed description, various features may be combined together to simplify the present disclosure. This should not be interpreted as intending that an unclaimed disclosed feature is essential to any claim. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, with each claim standing on its own as a separate embodiment, and it is contemplated that these embodiments may be combined with each other in various combinations or permutations. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
Claims (9)
1. A file security sharing method is characterized in that the method is applied to a banking system; the method comprises the following steps:
acquiring the state of a server of a business object of a banking business system;
selecting a file security sharing mode according to the state of the server of the service object, wherein the mode comprises the following steps: and uploading and/or downloading files to a third-party server so as to respond to the file requirements of the business object.
2. The method of claim 1,
the uploading files comprise synchronous uploading files and asynchronous uploading files;
the download files include synchronous download files and asynchronous download files.
3. The method of claim 2, wherein synchronizing the upload file comprises:
the method comprises the following steps that firstly, a banking system side uploads a file to a file storage side;
step two, the file storage end responds to the uploading result and sends a file storage address to the banking system end;
step three, based on the file transmission request of the business object, the banking business system end sends the identification code of the business object and the storage address of the file corresponding to the file transmission request to a banking file transmission end;
step four, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal downloads a file corresponding to the file transmission request from the file storage terminal;
step five, the file storage terminal responds to the downloading request of the bank file transmission terminal and returns the file corresponding to the downloading request to the bank file transmission terminal; the bank file transmission terminal stores the file locally;
step six, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step seven, the third-party server responds to the uploading result and sends the uploading result to the bank file transmission terminal;
and step eight, the bank file transmission terminal responds to the uploading result and returns the uploading result to the banking system terminal.
4. The method according to claim 3, wherein the banking system side sends the identification code of the business object and the storage address of the file corresponding to the file transmission request to a banking file transmission side based on the file transmission request of the business object, further comprising: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
5. The method of claim 2, wherein the asynchronously uploading the file comprises the steps of:
the method comprises the following steps that firstly, a banking system side uploads a file to a file storage side;
step two, the file storage end responds to an uploading result and sends the file storage address to the banking system end;
step three, based on the file transmission request of the business object, the banking business system end sends the identification code of the business object and the file storage address corresponding to the file transmission request to a banking file transmission end;
step four, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file uploading request to a file transmission service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file uploading request of the banking system terminal and sends file uploading acceptance information and the asynchronous message identifier to the banking system terminal;
step five, the bank file transmission terminal downloads the file corresponding to the file transmission request from the file storage terminal;
step six, the file storage end returns the file to the bank file transmission end, and the bank file transmission end stores the file locally;
step seven, based on the address of the third-party server mapped by the identification code, the bank file transmission terminal logs in the third-party server and uploads the file to the third-party server;
step eight, the third-party server responds to an uploading result and sends the uploading result to the bank file transmission terminal;
step nine, the bank file transmission terminal sends the uploading result and the asynchronous message identification to a bank message queue terminal;
step ten, the banking system end monitors the information of the bank information queue end and obtains the uploading result when the information is matched with the asynchronous information identification.
6. The method according to claim 5, wherein the banking system side sends the identification code of the business object and the file storage address corresponding to the file transmission request to a banking file transmission side based on the file transmission request of the business object, further comprising: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
7. The method of claim 2, wherein synchronizing the download file comprises:
step one, a banking business system terminal calls a file downloading interface of a banking file transmission terminal, and sends an identification code of a business object and file information of a file to be downloaded to the banking file transmission terminal;
step two, the bank file transmission end verifies the identification code and the file speed limit, and when the verification result is yes, the bank file transmission end logs in the third-party server and downloads the file;
step three, the third-party server transmits response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file locally;
step four, the bank file transmission end carries out security scanning on the file, and after the security scanning is passed, the bank file transmission uploads the file to a file storage end;
step five, the file storage end sends the file storage address to the bank file transmission end;
step six, the bank file transmission terminal sends the storage address to the banking system terminal;
step seven, based on the storage address, the banking system side downloads the file from the file storage side;
and step eight, the file storage end sends a file downloading response result to the banking system end.
8. The method as claimed in claim 7, wherein the banking system terminal calls a file downloading interface of a bank file transmission terminal to send the identification code of the service object and the file information of the file to be downloaded to the bank file transmission terminal, and further comprising: and the banking system side sends the FTP directory information of the third-party server to the bank file transmission side.
9. The method of claim 2, wherein said asynchronously downloading a file comprises the steps of:
step one, a banking business system terminal calls a file downloading interface of a banking file transmission terminal, and sends an identification code of a business object, a file storage directory and file information of a file to be downloaded to the banking file transmission terminal;
step two, the bank file transmission end verifies the identification code and the file speed limit; when the verification result is yes, the bank file transmission terminal submits the file downloading request to a file downloading service thread pool, and after generating an asynchronous message identifier, the bank file transmission terminal responds to the file downloading request of the banking system terminal and sends file downloading acceptance information and the asynchronous message identifier to the banking system terminal;
thirdly, based on the identification code of the business object, the bank file transmission terminal logs in the third-party server and downloads files based on the file storage directory;
step four, the third-party server sends response file information to the bank file transmission terminal, and the bank file transmission terminal stores the file to the local;
step five, the bank file transmission end carries out security scanning on the file, and when the security scanning result is yes, the file is stored in the file storage end, and a file storage address is obtained;
step six, the file storage end transmits the file storage address to the bank file transmission end;
step seven, the bank file transmission terminal sends the asynchronous message identification and the file storage address to a bank message queue terminal;
step eight, the banking system end monitors the download queue information of the banking information queue end, and when the download queue information is matched with the asynchronous information identification, the upload result information and the file storage address are obtained;
step nine, the banking system terminal downloads a file corresponding to the file storage address from the file storage terminal;
step ten, the file storage terminal sends the download result of the response file to the banking system terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210842001.5A CN115189956A (en) | 2022-07-18 | 2022-07-18 | File security sharing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210842001.5A CN115189956A (en) | 2022-07-18 | 2022-07-18 | File security sharing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115189956A true CN115189956A (en) | 2022-10-14 |
Family
ID=83519447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210842001.5A Pending CN115189956A (en) | 2022-07-18 | 2022-07-18 | File security sharing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189956A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116126812A (en) * | 2023-02-27 | 2023-05-16 | 开元数智工程咨询集团有限公司 | Method and system for storing and integrating engineering industry files |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487768A (en) * | 2015-08-31 | 2017-03-08 | 北京国双科技有限公司 | A kind of file sharing method and device |
| US20170093840A1 (en) * | 2015-09-28 | 2017-03-30 | Mastercard International Incorporated | Secure file transfer with secure ssh key authentication |
| CN111368173A (en) * | 2020-03-05 | 2020-07-03 | 五八有限公司 | File transmission method and device, electronic equipment and readable storage medium |
| CN111694797A (en) * | 2020-06-04 | 2020-09-22 | 中国建设银行股份有限公司 | File uploading and analyzing method, device, server and medium |
| CN112579321A (en) * | 2020-12-23 | 2021-03-30 | 京东数字科技控股股份有限公司 | Method, device and equipment for downloading service data |
| CN112714198A (en) * | 2021-03-29 | 2021-04-27 | 北京宇信科技集团股份有限公司 | File transmission method and system of ESB system |
| CN113179301A (en) * | 2021-04-20 | 2021-07-27 | 微民保险代理有限公司 | File downloading method and device, storage medium and electronic device |
| CN113656107A (en) * | 2021-08-23 | 2021-11-16 | 天津中新智冠信息技术有限公司 | Mobile application loading method and device and electronic equipment |
-
2022
- 2022-07-18 CN CN202210842001.5A patent/CN115189956A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487768A (en) * | 2015-08-31 | 2017-03-08 | 北京国双科技有限公司 | A kind of file sharing method and device |
| US20170093840A1 (en) * | 2015-09-28 | 2017-03-30 | Mastercard International Incorporated | Secure file transfer with secure ssh key authentication |
| CN111368173A (en) * | 2020-03-05 | 2020-07-03 | 五八有限公司 | File transmission method and device, electronic equipment and readable storage medium |
| CN111694797A (en) * | 2020-06-04 | 2020-09-22 | 中国建设银行股份有限公司 | File uploading and analyzing method, device, server and medium |
| CN112579321A (en) * | 2020-12-23 | 2021-03-30 | 京东数字科技控股股份有限公司 | Method, device and equipment for downloading service data |
| CN112714198A (en) * | 2021-03-29 | 2021-04-27 | 北京宇信科技集团股份有限公司 | File transmission method and system of ESB system |
| CN113179301A (en) * | 2021-04-20 | 2021-07-27 | 微民保险代理有限公司 | File downloading method and device, storage medium and electronic device |
| CN113656107A (en) * | 2021-08-23 | 2021-11-16 | 天津中新智冠信息技术有限公司 | Mobile application loading method and device and electronic equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116126812A (en) * | 2023-02-27 | 2023-05-16 | 开元数智工程咨询集团有限公司 | Method and system for storing and integrating engineering industry files |
| CN116126812B (en) * | 2023-02-27 | 2024-02-23 | 开元数智工程咨询集团有限公司 | Method and system for storing and integrating engineering industry files |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6835999B2 (en) | Virtual service provider zone | |
| AU2019203266B2 (en) | System, method and computer-readable storage medium for customizable event-triggered computation at edge locations | |
| US20210075881A1 (en) | Customizable event-triggered computation at edge locations | |
| US10048996B1 (en) | Predicting infrastructure failures in a data center for hosted service mitigation actions | |
| CN106156359B (en) | A kind of data synchronization updating method under cloud computing platform | |
| CN105247529B (en) | The synchronous voucher hash between directory service | |
| US10223506B2 (en) | Self-destructing files in an object storage system | |
| CA3061265A1 (en) | Processing and storing blockchain data under a trusted execution environment | |
| CN110266872B (en) | Address book data management and control method and device, cloud address book system, computer equipment and computer readable storage medium | |
| EP2797010A2 (en) | System and method for distributed interaction media storage and retrieval | |
| US20180367596A1 (en) | Optimizing internet data transfers using an intelligent router agent | |
| Gururaj et al. | Blockchain: A new era of technology | |
| CN113517985B (en) | File data processing method and device, electronic equipment and computer readable medium | |
| CN103248670A (en) | Connection management in a computer networking environment | |
| US11943260B2 (en) | Synthetic request injection to retrieve metadata for cloud policy enforcement | |
| CN115189956A (en) | File security sharing method | |
| US11625368B1 (en) | Data migration framework | |
| US11895212B2 (en) | Read-only data store replication to edge locations | |
| Chowdhury et al. | Secured blockchain based decentralised internet: a proposed new internet | |
| Gokulakrishnan et al. | Data integrity and Recovery management in cloud systems | |
| US11811894B2 (en) | Reduction of data transmissions based on end-user context | |
| Nguyen et al. | A probabilistic integrity checking approach for dynamic data in untrusted cloud storage | |
| CN114925044A (en) | Data synchronization method, device and equipment based on cloud storage and storage medium | |
| Liu et al. | HASG: Security and efficient frame for accessing cloud storage | |
| Fong et al. | Secure Server Storage Based IPFS through Multi-Authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |