CN115242433A - Data processing method, system, electronic device and computer readable storage medium - Google Patents
Data processing method, system, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN115242433A CN115242433A CN202210660992.5A CN202210660992A CN115242433A CN 115242433 A CN115242433 A CN 115242433A CN 202210660992 A CN202210660992 A CN 202210660992A CN 115242433 A CN115242433 A CN 115242433A
- Authority
- CN
- China
- Prior art keywords
- data
- service
- condition
- request
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 27
- 238000013523 data management Methods 0.000 claims abstract description 187
- 238000000034 method Methods 0.000 claims abstract description 79
- 238000012545 processing Methods 0.000 claims description 209
- 230000008569 process Effects 0.000 claims description 48
- 230000015654 memory Effects 0.000 claims description 21
- 238000013475 authorization Methods 0.000 claims description 12
- 230000000977 initiatory effect Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 4
- 230000001681 protective effect Effects 0.000 claims description 2
- 230000001105 regulatory effect Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000009466 transformation Effects 0.000 abstract description 2
- 238000012800 visualization Methods 0.000 description 51
- 238000004458 analytical method Methods 0.000 description 39
- 230000006870 function Effects 0.000 description 28
- 238000012986 modification Methods 0.000 description 23
- 230000004048 modification Effects 0.000 description 23
- 238000011161 development Methods 0.000 description 19
- 230000000007 visual effect Effects 0.000 description 15
- 230000003993 interaction Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 238000007689 inspection Methods 0.000 description 10
- 238000000586 desensitisation Methods 0.000 description 9
- 230000004044 response Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 7
- 238000001914 filtration Methods 0.000 description 6
- 230000003044 adaptive effect Effects 0.000 description 4
- 230000006978 adaptation Effects 0.000 description 3
- 238000013079 data visualisation Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 235000014510 cooky Nutrition 0.000 description 2
- 238000013479 data entry Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 241001622623 Coeliadinae Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004445 quantitative analysis Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present application relates to the field of computer technologies, and in particular, to a data processing method and system, an electronic device, and a computer-readable storage medium. The method comprises the following steps: the routing module sends the acquired first request data for the target service to the data control module; the data management and control module judges whether the first request data meet a first condition, wherein the first condition is used for checking validity and safety of the first request data processed by the request target service module; the data management and control module sends the first request data to the target service module after confirming that the first request data meet the first condition; and confirming that the first request data does not meet the first condition, modifying the first request data by the data management and control module to obtain second request data meeting the first condition, and sending the second request data to the target service module by the data management and control module. According to the scheme, the safety performance and the scene adaptability of each service module can be effectively enhanced, and the service function transformation cost can be saved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing method, a data processing system, an electronic device, and a computer-readable storage medium.
Background
With the development of computer technology, more and more clients provide products and services to users depending on corresponding service platforms, that is, the clients can respond to user operations and acquire the products and services provided by the service platforms in a butt joint manner to process corresponding services, and then the clients can display corresponding service processing results to the users based on service processing data fed back by the service platforms. For example, an insurance business client can provide insurance-related service modules to users needing insurance by relying on a network insurance platform. It can be understood that, depending on the client of the service platform, the client may be a service system Application (APP) running on an electronic device such as a mobile phone, or may be a web-based service system application, which is not limited herein.
As a business platform, in order to provide more comprehensive products and services to clients, it is generally necessary to integrate some third-party services, such as a link query service, a visualization service, and a third-party open source service module. In other embodiments, the third-party service may also be a micro-service operating under kubernets, and the service platform may interface a service request for such a third-party service to the corresponding third-party service to process, where kubernets is an open source system for automatically deploying, expanding, and managing containerized applications. However, some third party services, which may be software developed under some old frameworks, may exist incompatible with the system framework of the business platform; still other third party services may have authorization restrictions, etc. Therefore, when the service platform integrates or accesses the third-party services, some transformation is often required to be performed on the software source codes of the third-party services according to individual case requirements. Such modifications are, for example, some adaptations to adapt to the system framework of the service, or modifications to remove authorization restrictions, etc. Moreover, when a third-party service is upgraded or some entry parameters are updated, the code modification according to individual case requirements cannot automatically complete adaptive updating, and only developers can perform corresponding code modification again.
Therefore, when a service scenario changes or in order to meet security requirements of some service modules provided by a service platform, functions of some third-party services integrated on the service platform, such as security performance, scene adaptation performance, and the like, need to be enhanced, and if function enhancement and modification are performed according to individual requirements when the third-party services are integrated, a relatively large development cost is undoubtedly generated. Therefore, a data processing scheme is needed to solve the problem of enhancing the functions of the third-party services integrated or accessed to the service platform.
Disclosure of Invention
The embodiment of the application provides a data processing method, a data processing system, an electronic device and a computer readable storage medium, solves the problems of great difficulty and great development amount in function enhancement and modification of service modules such as a third-party service integrated on a service platform at present, and can effectively enhance the safety performance and the scene adaptability of each service module, so that function enhancement and modification with higher cost on the third-party service are not required, and the service development cost is saved. Moreover, the service platform realized based on the scheme of the application can be used for easily docking the third-party service and performing some safety or scene adaptability function upgrades without modifying the related codes of the third-party service, and is beneficial to improving the multi-end use experience of a client, a development end, a third-party service end and the like.
In a first aspect, an embodiment of the present application provides a data processing method, where the method is applied to a service platform including a routing module, a data management and control module, and a service module, where the service module includes a third-party service, and the method includes:
the routing module acquires first request data for a target service;
the routing module sends first request data to the data management and control module, wherein the first request data at least comprises identification information of a target service module and a target data acquisition parameter for a target service;
the data management and control module judges whether the first request data meet a first condition, wherein the first condition is used for checking validity and safety of the first request data processed by the request target service module;
the data management and control module sends the first request data to the target service module after confirming that the first request data meet the first condition;
and confirming that the first request data do not meet the first condition, modifying the first request data by the data management and control module to obtain second request data meeting the first condition, and sending the second request data to the target service module by the data management and control module.
The method includes the steps of screening, for example, validity and security check of the first request data based on the preset first condition and the like, the data related to the service request accessed by the service platform through the data management and control module having the data management and control function. The request data (i.e., the first request data) that satisfies some inspection requirements associated with the target service module is finally transmitted to the target service module. The target service module includes a third-party service, which may be, for example, a visualization service (Kibana) as exemplified in the following specific embodiment 2, and the first request data may be, for example, visualization service request data requiring Kibana processing.
In one possible implementation of the first aspect, the first condition is dynamically determined based on at least one of a normative requirement of API entry parameters of the target service module and a service data security requirement of the target service module.
For example, the first condition preset by the visualization service (Kibana) may be determined based on requirements such as API entry parameter thresholds of Kibana, and requirements such as data content source to be visually displayed and data content security of Kibana. In other embodiments, the first condition may also include, for example and without limitation, a definition in a data table format corresponding to the data content to be visually displayed.
In a possible implementation of the first aspect, the determining, by the data management and control module, whether the first request data satisfies a first condition includes: the data management and control module judges whether the value of a first parameter in the first request data is within a preset first parameter threshold range or not; if the value of the first parameter is within the first parameter threshold range, the data management and control module confirms that the first request data meets a first condition; if the value of the first parameter is not within the first parameter threshold range, the data management and control module confirms that the first request data does not meet the first condition.
In a possible implementation of the first aspect, determining that the first request data does not satisfy the first condition, and the data management and control module modifies the first request data to obtain second request data that satisfies the first condition, including: and adjusting the value of the first parameter which is not in the first parameter threshold range to be in the first parameter threshold range.
That is, for the service request data (i.e., the first request data) that does not meet the API entry parameter threshold requirement of the target service module, the corresponding API entry parameter in the request data may be adjusted to be within the threshold requirement range, so that the service request data is smoothly accessed to the target service module for processing in the subsequent process.
In a possible implementation of the first aspect, the target service module is configured to process request data sent by the data management and control module, where the request data includes a first request data and a second request data, and the method includes:
the target service module processes the received request data to obtain first processing data;
the target service module returns first processing data to the data management and control module;
the data management and control module judges whether the first processing data meet a second condition, wherein the second condition is used for carrying out security check on the first processing data to be returned to the service request end, and the service request end is a client end for initiating a target service;
the data management and control module sends the first processing data to the routing module after confirming that the first processing data meets the second condition;
and confirming that the first processing data do not meet the second condition, modifying the first processing data by the data management and control module to obtain second processing data meeting the second condition, and sending the second processing data to the routing module by the data management and control module.
Namely, the target service module processes the service processing data obtained by the corresponding service request data (namely, the first request data), namely, the first processing data, and some security checks can be performed through the data management and control module, so as to improve the security of the corresponding service provided by the target service module and the processing data, and further, the service request end receiving the service processing data can also obtain higher security guarantee.
In a possible implementation of the first aspect, the second condition is dynamically determined based on at least one of a security check parameter, a permission check parameter, and a data protection check parameter of the service request end.
In one possible implementation of the first aspect, the second condition includes a sensitive data identification parameter as a security check parameter; and the data management and control module judges whether the first processing data meet a second condition, including:
the data management and control module judges whether the first processing data contains sensitive data or not based on the sensitive data identification parameters;
if the first processed data does not contain sensitive data, confirming that the first processed data meets a second condition;
and if the first processing data contains sensitive data, confirming that the first processing data does not meet the second condition.
In a possible implementation of the foregoing first aspect, determining that the first processing data does not satisfy the second condition, and the modifying, by the data management and control module, the first processing data to obtain second processing data that satisfies the second condition includes: deleting sensitive data in the first processing data; alternatively, sensitive data in the first processed data is encrypted.
In a possible implementation of the first aspect, the second condition includes an authorization information verification parameter as a permission check parameter; and, the data management and control module judges whether the first processing data meets the second condition, including:
the data management and control module confirms whether a terminal receiver of the first processing data has the authority for acquiring all data contents of the first processing data or not based on the authorization information verification parameter;
if the terminal receiving party of the first processing data has the authority of acquiring all data contents of the first processing data, the first processing data is confirmed to meet a second condition;
and if the terminal receiver of the first processing data does not have the acquisition authority for all the data contents of the first processing data, confirming that the first processing data does not meet the second condition.
In a possible implementation of the foregoing first aspect, determining that the first processing data does not satisfy the second condition, and the modifying, by the data management and control module, the first processing data to obtain second processing data that satisfies the second condition includes:
and if the terminal receiver of the first processing data does not have the acquisition right for all the data contents of the first processing data, deleting the first processing data.
In a possible implementation of the first aspect, the second condition includes a preset time threshold used for protecting service platform data as a data protective check parameter; and the data management and control module judges whether the first processing data meet a second condition, including:
the data management and control module judges whether the first processing data comprise data of which the acquisition time is earlier than a preset time threshold;
if the first processing data does not comprise data with the acquisition time being earlier than the preset time threshold, determining that the first processing data meets a second condition;
and if the first processing data comprise data with the acquisition time being earlier than the preset time threshold, determining that the first processing data do not meet the second condition.
In a possible implementation of the foregoing first aspect, determining that the first processing data does not satisfy the second condition, and modifying, by the data management and control module, the first processing data to obtain second processing data that satisfies the second condition includes: and deleting the data of which the acquisition time is earlier than a preset time threshold in the first processing data.
In a possible implementation of the first aspect described above, the routing module is any one of Nginx, traefik, envoy, kong.
It is to be understood that, in other embodiments, the routing module may also be some other service module capable of accessing the service data and having a routing function, which is not limited herein.
In a second aspect, an embodiment of the present application provides a data processing system, including:
the routing module is used for acquiring first request data for the target service and sending the first request data to the data management and control module, wherein the first request data at least comprises identification information of the target service module and target data acquisition parameters for the target service;
the data management and control module is used for judging whether the first request data meet a first condition, wherein the first condition is used for carrying out validity and security check on the first request data processed by the request target service module; when the first request data is confirmed to meet the first condition, the first request data is used for sending the first request data to the target service module; when the first request data are confirmed not to meet the first condition, the first request data are modified to obtain second request data meeting the first condition, and the second request data are sent to the target service module;
and the target service module is used for processing the received first request data or second request data to obtain first processing data and returning the first processing data to the data management and control module.
It is to be understood that the target service module may be a local service module developed in the service platform described in the following embodiment, or may be a third-party service module integrated or accessed by the service platform, such as the link query service (kbana) illustrated in the following embodiment 1 and the visualization service (kbana) illustrated in embodiment 2, which is not limited herein.
In a possible implementation of the second aspect, the data management and control module is further configured to determine whether the first processed data meets a second condition, where the second condition is used to perform security check on the first processed data to be returned to the service request end, and the service request end is a client that initiates a target service; when the first processing data meet the second condition, the routing module is used for sending the first processing data to the routing module;
and when the first processing data are confirmed not to meet the second condition, the router is used for modifying the first processing data to obtain second processing data meeting the second condition, and sending the second processing data to the routing module.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; one or more memories; the one or more memories store one or more programs that, when executed by the one or more processors, cause the electronic device to perform the data processing method provided by the first aspect described above.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, which includes a computer program/instruction, and when the computer program/instruction is executed by a processor, the computer program/instruction implements the data processing method provided in the first aspect.
Drawings
Fig. 1 is a schematic view of an interaction scenario between a client and a service platform according to an embodiment of the present application.
Fig. 2a is a schematic diagram illustrating a processing process of service interaction data between a client and a service platform according to an embodiment of the present application.
Fig. 2b is a schematic diagram illustrating a processing procedure of service interaction data between a client and a service platform according to another embodiment of the present disclosure.
Fig. 3 is a schematic implementation flow diagram of a data processing method according to an embodiment of the present application.
Fig. 4 is a schematic diagram illustrating an implementation flow of a data processing method corresponding to a link query service according to embodiment 1 of the present application.
Fig. 5 is a schematic flow chart illustrating an implementation of a data processing method corresponding to Kibana according to embodiment 2 of the present application.
Fig. 6 is a schematic structural diagram of an electronic device 600 for operating a service platform or a client according to an embodiment of the present application.
Detailed Description
Fig. 1 shows a schematic view of an interaction scenario between a client and a service platform according to an embodiment of the present application.
As shown in fig. 1, the scenario includes a client program (abbreviated as client 100 a) running on the device 100a, a development end program (abbreviated as development end 100 b) running on the device 100b, a third party service provider (abbreviated as third party service end 100 b) running on the device 100c, and a service platform (abbreviated as service platform 200) running on the device 200.
Wherein the client 100a may be a program product developed by a merchant such as an insurance company and oriented to a terminal consumer group, and is used for providing insurance-related business services or other non-insurance-related business services for the terminal consumer group (i.e. a user).
The development end 100b is used to provide a development platform for developers, and the developers can develop service modules providing various services in the service platform 200 through the development end 100b, including technical services providing functions such as analysis or visual display, business services providing functions such as business processing, and the like. In addition, the service module includes both a local service developed for the service platform 200 and a third-party service integrated into the service platform 200 or accessed to the service platform 200 through a correspondingly developed program interface to provide corresponding service contents, which is not limited herein.
For example, the third-party service end 100c may provide some open-source accessible third-party services for interfacing with corresponding service requests transferred in the service platform 200, or some third-party services provided by the third-party service end 100c may also be integrated into the service platform 200 for correspondingly processing corresponding service requests. The third-party service accessed or integrated into the business platform 200 may be, for example, a mail service, a payment service, a link query service, a visualization service, etc., and is not limited herein.
The service platform 200 is used to access the service request initiated by the client 100a and arrange the corresponding service module to process the service request. It is understood that the business platform 200 can be communicatively connected to the client 100a, the development 100b and the third party service 100c respectively to form a business service system or a data processing system.
It is understood that the device 100a running the client program or the device 100b running the development end program may be an electronic device such as a mobile phone, a notebook computer, a tablet computer, etc., running a third party service, for example. The device 200 running the service platform may be, for example, a server, a desktop computer, a laptop computer, a handheld computer, a netbook, or other electronic devices embedded or coupled with one or more processors or capable of accessing a network, and the like, without limitation.
With continued reference to fig. 1, the user may initiate a service request through the client 100a, for example, the user may fill an insurance order through the client 100a of the insurance service, or initiate a service request such as a query for an insurance service order. Accordingly, the service platform 200 may implement a routing function to access service requests from the clients 100 b. If the service module required by the service request is a local service module of the service platform 200 or a third-party service integrated into the service platform 200, the service platform 200 may call the corresponding service module to process the service request; if the service module required by the service request is a third-party service running on the device 100c, the service platform 200 may forward the accessed service request to the corresponding third-party service. Thus, the service platform 200 accesses the service request of the client 100a and sends the service request to the corresponding service module for processing.
The routing function implemented by the service platform 200 may be implemented by open source software having an edge router (edge router) function, such as Nginx, traefik, envoy, kong, and the like, without limitation. In the embodiment of the present application, the service module with a routing function implemented in the service platform 200 based on the above open source software is referred to as a routing module. That is, the routing module may forward the corresponding service request to the corresponding service module in the service platform 200 according to the obtained target service identification information of each service request.
As shown in fig. 1, the service module provided on the service platform 200 responds to the service request sent by the client, and after performing corresponding service processing, may return the service processing data to the corresponding client through the routing module.
As mentioned above, the third-party service integrated or accessed on the service platform 200 is modified as necessary according to the actual requirements of the service platform when integrating or developing the program interface. However, in the process of processing the client service request by using the third-party service, if the service platform 200 is to meet the requirement of service processing security or to adapt the third-party program to different service scenarios, the service module needs to be modified with corresponding function-enhancing codes, including code modification in the aspects of security enhancement, scenario adaptation performance enhancement, and the like. In this case, the third-party service integrated by the service platform 200 needs to be modified at a higher development cost, and the third-party service accessed by the service platform 200 cannot be modified in such a function enhancement property. For example, a developer of the business platform 200 may not know the existing code of the third-party service, and thus it takes time and effort to understand the integrated existing code of the third-party service; for another example, the technology stack adopted by some third-party services is different from the technology stack adopted by the development service platform 200, so that developers of the service platform 200 need to spend time and effort to learn the technology stacks and the like corresponding to some third-party services, and the function enhancement and modification of the third-party services may be possible to be realized. That is, these all add significantly to the cost of making functional enhancements to third party services.
In order to solve the above technical problem, the present application provides a data processing method, which implements data check and control on request data sent to a service module and on service processing data returned by the service module by adding a data control module in a service platform. Namely, the added data management and control module can perform data check and management and control on the request data and the service processing data transmitted between the unified routing module for accessing the request data and the service module of the service platform, including identifying whether a requester of the request data has access authority, whether parameters such as API entry parameters of the request data meet legitimacy requirements, and whether service processing data returned by the service module in response to a service request meet security requirements, whether data filtering is needed, and the like. It can be understood that the service module includes both a local service developed for the service platform and a third-party service integrated into the service platform, and the third-party service accessed by the service platform through the program interface, and the like. Therefore, by the data processing method provided by the embodiment of the application, the safety performance and the scene adaptability of each service module can be effectively enhanced, so that higher-cost function enhancement and modification of a third-party service are not required, and the service development cost is saved.
It can be understood that the data management and control module may set some data management and control functions in a customized manner according to the service module requirements provided by the service platform 200 to the client, for example, a data processing function supported by multiple tenants may be further added, so that a third-party service is adapted to a multiple tenants scenario, and the like. And are not intended to be limiting herein.
For example, after the service platform performs necessary minor modification on the third-party service when integrating the third-party service, based on the data processing method provided by the embodiment of the present application, the request data that originally does not meet the service request form or content requirement processed by the third-party service can be accessed to the corresponding third-party service after being processed by the data management and control platform, so that the service platform can smoothly interface the service request initiated by each client by using the third-party service. In addition, in the data processing method provided by the embodiment of the application, the data management and control module can also perform security screening on the service processing data returned by the service module, for example, delete some sensitive data, filter historical data before a preset time length, and the like, so that the security of the service platform providing the corresponding service module can be effectively improved.
As an example, fig. 2a shows a schematic diagram of a processing procedure of service interaction data between a client and a service platform.
As shown in fig. 2a, a service request from a client 100a, for example, is received by the service platform 200 through a unified routing module 201a, and after the routing module 201a identifies a target service of the corresponding service request, the target service is forwarded to a corresponding service module 202a for processing, that is, a "data entry" process shown in fig. 2 a. After the service module 202a processes the corresponding service request, the corresponding service processing data is returned to the routing module 201a, and the routing module 201a forwards the service processing data to the client 100a, i.e. the "data return" process shown in fig. 2 a.
Fig. 2b is a schematic diagram illustrating another processing procedure of service interaction data between a client and a service platform according to an embodiment of the present application.
As shown in fig. 2b, after the service platform 200 receives a service request from the client 100a through the unified routing module 201b, the routing module 201b identifies a target service of the corresponding service request, first sends request data of the service request to the data management and control module 202b, and the data management and control module 202b performs data check on the request data, for example, identifies whether a requester of the request data has an access right, whether parameters such as API entry parameters of the request data meet legitimacy requirements, and the like. The data management and control module 202b may also perform modification processing on the request data that does not meet the data checking requirement, for example, adaptively modify the request data parameter that does not meet the validity requirement, and the like. Then, the data management and control module 202b sends the qualified request data after the data inspection or the qualified request data after modification to the corresponding service module 202b in the service platform 200 for processing. I.e. the "data entry" procedure shown in fig. 2 b.
As shown in fig. 2b, after the service module 202b processes the corresponding service request, the service module 202b sends the corresponding service processing data to the data management and control module 202b, and the data management and control module 202b screens the returned service processing data based on a preset return condition, where the preset return condition is, for example, used to determine whether the returned service processing data meets a security requirement, and includes whether it is necessary to filter out historical data that easily causes a security problem, whether it relates to a sensitive field, and the like. For the service processing data that does not satisfy the preset return condition, the data management and control module 202b may perform some adaptive modifications, for example, delete the historical data before the preset time length for the returned service processing data, or perform desensitization processing on the returned service processing data. Then, the data management and control module 202b sends the service processing data meeting the preset return condition or meeting the modified return condition to the routing module 201b, and the routing module 201b forwards the service processing data to the client 100a, which is the "data return" process shown in fig. 2 b.
It can be seen that, compared to the service interaction data processing process shown in fig. 2a, in the service interaction data processing process shown in fig. 2b, the security of "incoming" or "returning" data is higher, and the security and the scene adaptability of the service module provided by the service platform 200 for processing various service data are also stronger. In addition, in the process of delivering the service data to the corresponding third-party service for processing, if the security function of the third-party service or the enhancement of the functions in the aspects of the scene adaptability and the like need to be realized, only corresponding parameter adjustment or some adaptive code modification needs to be performed on the data management and control module of the service platform 200, and the third-party service does not need to be modified. In this way, the development of some functional enhancements can be greatly reduced. In addition, the service platform 200 can also access the third-party service more flexibly based on the data management and control module, when accessing the third-party service, the service platform can be sent to the third-party service for processing only by adjusting the data management and control module to process the accessed service request into request data meeting the requirements of the third-party service, such as the entry parameters, and the like, and the data management and control module can also filter some useless data or data threatening the security returned by the third-party service, so that the security of the process of accessing the third-party service can also be ensured.
Fig. 3 is a schematic diagram illustrating an implementation flow of a data processing method according to an embodiment of the present application. The flow shown in fig. 3 shows the interaction among the unified routing module 201, the data management and control module 202, and the service modules 203, where as described above, the service modules 203 include third-party services integrated or accessed by the service platform 200.
Specifically, as shown in fig. 3, the process includes the following steps:
301: the routing module 201 acquires service request data (as first request data) for a target service.
Illustratively, taking the routing module 201 as the Traefik software as one of the reverse proxy tools as an example, it has functions of HTTP reverse proxy and load balancing, and may intercept HTTP request data, that is, service request data, sent by a client to the service module 203.
The aforementioned "interception" may be understood as obtaining, referring to the scenario shown in fig. 1, that is, the routing module 201 may obtain the service request data sent by the client 100a or 100b to the service platform 200. The service request data may include, for example, requester identification information, service module identification information, and specifically requested service content, and the specifically requested service content may be defined by, for example, the target data acquisition parameter, which is not limited herein. The requestor identification information, the service module identification information, and the like may be sent in the form of a domain name or a path, for example, and are not limited herein.
302: the routing module 201 forwards the service request data to the data management and control module 202.
For example, before sending the service request data to the corresponding service module 203, the routing module 201 may send the service request data to a data management and control module 202 preset in the service platform 200 for processing. It can be understood that, for the service request data that needs to be forwarded to the data management and control module 202, relevant information of the service module corresponding to the corresponding service request and the like may be pre-configured in the routing module 201, so that when the routing module 201 receives the corresponding service request data, the received service request data can be sent to the data management and control module for processing based on the configuration.
It can be understood that, after intercepting the service request data, the routing module 201 (e.g., traefik) may forward the service request data to the corresponding service module 203 based on a corresponding preset forwarding rule based on a domain name or a path in the request data. For example, the routing module 201 forwards/web 1/prefixed traffic requests to the service module 203-1, forwards/web 2/prefixed traffic requests to the service module 203-2, and so on. For another example, the routing module 201 may also determine the target service receiving the request data according to the API path of the request data, that is, the routing module 201 may match the corresponding forwarding rule according to the API path and forward the service request data to the corresponding service module. And are not intended to be limiting herein. In this embodiment, when forwarding the service request data, the routing module 201 may forward the request data that is originally to be sent to the corresponding target service module 203 to the data management and control module 202. It can be understood that, when forwarding the service request data to the corresponding data management and control module 202, the routing module 201 may also forward the identification information corresponding to the identified target service module 203 to the data management and control module 202, so that the data management and control module 202 performs management and control processing such as corresponding data checking and modification, and then sends the service request data to the target service module 203.
303: the data management and control module 202 confirms the access authority of the requester according to the received request data.
Illustratively, the data management and control module 202 performs analysis processing on the received service request forwarded by the routing module 201. For example, the data management and control module 202 may first determine whether the requester has the access right according to the requester identification information in the request data. That is, the data management and control module 202 may authenticate a requester who initiates service request data, for example, check whether the requester user has authority authentication, whether the requester user has access authority to the requested service content, and the like. The authority authentication means whether the requesting user completes the legal identity authentication in the corresponding service system, and the user who completes the legal identity authentication can verify the own legal identity information by providing a user name and a password. If the user name is consistent with the password, the user is considered to pass the authentication, and the user has the authority authentication and has the access authority to the corresponding service content.
Referring to the scenario shown in fig. 1, as an example, if the user a queries the historical policy data of the user B from the operation of the client 100a, after the routing module 201 forwards the service request data initiated by the client 100a to the data management and control module 202, the data management and control module 202 may first identify, according to the requester identification information in the request data, whether the user a has an access right to the historical policy data of the user B. If user a is an administrator of the insurance service platform, for example, has the right to query the historical policy data of user B in the last week, it can be confirmed that the account of user a to which client 100a logs in has access right, i.e., that client 100a belongs to the authorized requester.
If the user a is another insurance user, not an administrator, the user a does not have the right to query the historical policy data of the user B, and at this time, the data management and control module 202 may confirm that the client 100a used by the user a is used as a service request initiator and does not have an access right, that is, the client 100a belongs to an unauthorized requester.
It can be understood that, in other embodiments, the user a may also have a restricted permission, for example, the permission of the user a may limit that the user a can only query policy service data of a next week, in this case, the data management and control module 202 may add the restricted query condition to corresponding service request data, and then continue to execute the following steps 305 to 308, and after the data check is completed, send the service request data added with the restricted query condition to the corresponding service module 203 for processing, which is not described herein again.
304: for an unauthorized requester, the data management and control module 202 returns a message of denying access to the routing module 201.
For example, if it is determined that the requester of the received service request data does not have corresponding access right, that is, it is determined that the requester is an unauthorized requester, the data management and control module 202 may return a message of denying access to the requester through the routing module 201. In other embodiments, the data management module 202 may also feed back an error prompt message or the like to the requester through the routing module 201, which is not limited herein. It is understood that the routing module 201 may forward the received access denial message returned by the data management and control module 202 to the requester initiating the response service request data.
305: for an authorized requester, the data management and control module 202 checks whether the received request data satisfies the data check requirement (as a first condition).
For example, if it is determined that the requester of the received service request data is an authorized requester, the data management and control module 202 may further perform data check on the received service request data. The data check includes, for example, checking whether the relevant parameters in the service request data meet the legitimacy requirement, or whether the relevant parameters are in compliance, and the like. If the requested data meets the data checking requirement, for example, each parameter is compliant and legal, the following step 306 may be continuously executed, and the requested data is sent to the corresponding service module for processing; if the requested data does not meet the data checking requirements, e.g., some parameters do not meet the legitimacy requirements or are not in compliance, the following step 307 needs to be performed to modify the relevant parameters.
For example, the data management module 202 may check whether the API entry parameter in the request data meets the validity requirement, such as that a reasonable age range of a certain API entry parameter for querying the insured person should be between 0 and 65, and if the value of the corresponding API entry parameter in the received certain request data is 70, the received request data may be considered as illegal. If the value of the corresponding API entry parameter in a certain received request data is 55, the API entry parameter of the received request data may be considered to be legal.
In other embodiments, in addition to checking whether the API entry parameter in the request data meets the validity requirement, the content of the data check may be other, for example, checking whether the option parameter related to the insurance risk type in the request data is valid, and the like, and the first condition according to which the data check is performed by the specific data management and control 202 may be customized, preset, or adjusted according to the service scenario requirement, which is not limited herein.
306: the data management and control module 202 sends request data satisfying the data check requirement to the service module 203.
For example, after completing the data check, the data management and control module 202 may send the service request data that passes the check, that is, the request data that meets the data check requirement, for example, the request data whose relevant parameters meet the legitimacy requirement, to the corresponding service module 203 for performing the corresponding service processing.
307: the data management and control module 202 modifies the requested data that does not meet the data checking requirements.
For example, for request data that does not meet the data checking requirement, for example, request data whose API entry parameter does not meet the legitimacy requirement, the data management and control module 202 may modify the relevant parameter. For example, for the foregoing example, if a value of a corresponding API entry parameter in received certain request data is 70, which does not meet the legitimacy requirement, the data management and control module 202 may modify the parameter value according to a preset reasonable age range, for example, modify "70" to "65". And are not intended to be limiting herein.
For another example, if there is no age parameter in the request data and the API entry parameter of the target service module needs to match the age parameter, the data management and control module 202 may supplement the age parameter in the request data, for example, using a preset wildcard value, for example, 50, as a supplement value of the age parameter in the request data.
For another example, the received request data includes an age parameter, but the API entry parameter needs to be matched with a birth year parameter, and the data management and control module 202 may update the corresponding birth year parameter obtained by converting the age parameter in the request data into the request data.
In other embodiments, the content of the data inspection may be other, for example, in the option parameter related to the insurance category in the inspection request data, the option parameter of the personal insurance category mixed with the risk category option parameter of the enterprise group insurance, etc., and may also need to be modified, which is not limited herein.
308: the data management and control module 202 sends the modified request data (as second request data) to the service module 203.
For example, for request data that does not satisfy the data checking requirement, the data management and control module 202 may modify the checked out data such as illegal parameters so that the request data satisfies the data checking requirement corresponding to the corresponding service module, for example, modify relevant parameters to be within a legal range in the request data that has illegal parameters.
309: the service module 203 responds to the received request data and performs corresponding service processing.
For example, after receiving the service request data sent by the data management and control module 202, the service module 203 may perform corresponding service processing in response to the service content requested by the request data.
In this embodiment, the service module 203 may serve a third party. Because the data management and control module 202 has processed the request data, the acquired request data meets the API interface parameter requirement of the service module 203. That is, regardless of whether the request data sent by the client meets the requirements of the service module 203 for the API interface parameters, the service module 203 can respond to the request sent by the client without modifying the service module 203. In other embodiments, the service module 203 may also be a service module (non-third party service) provided by the platform itself.
In addition, it can be understood that, due to the data processing function of the data management and control module 202, when the service platform 200 integrates a new third-party service or develops a new program interface to access a new third-party service, the service platform 200 does not need to modify the program code or related entry parameters of the third-party service, or the interface program code or related entry parameters of the access third-party service, or the program code or related entry parameters of the routing module, so that the development amount can be reduced.
It can be understood that the service request data received by the service module 203 may be the request data that is sent by the data management and control module 202 in the step 306 and meets the data check requirement, or may be the modified request data sent by the data management and control module 202 in the step 308, which is not limited herein.
310: the service module 203 returns the business process data (as the first process data) to the data management and control module 202.
For example, after the service module 203 completes the corresponding service processing, the processed service processing data may be returned to the data management and control module 202. That is, the service module 203 responds to the service processing data returned by the corresponding service request, and may also return the service processing data to the requester through the routing module 201 after further processing is performed by the data management and control module 202. For specific reference, detailed descriptions thereof are omitted.
311: the data management and control module 202 checks whether the returned business processing data meets a preset return condition (as a second condition). If the checked result is yes, it indicates that the service processing data can be returned, i.e. the following step 312 can be executed; if the checked result is negative, it indicates that the service processing data needs to be further checked and processed, and then returns, so that the following step 313 may be performed.
For example, after the data management and control module 202 receives the business processing data returned by the service module 203, the business processing data may be checked according to a preset return condition. The preset returning condition can be set according to specific service content and service scene. For example, in the embodiment of the present application, the preset return condition may include checking whether the returned business processing data meets the corresponding business security requirement, for example, checking whether some historical data in the business processing data that may cause a security problem needs to be filtered, whether a sensitive field exists in the business processing data, and the like.
312: the data management and control module 202 returns the service processing data meeting the preset return condition to the routing module 201.
For example, for the service processing data meeting the preset return condition, the data management and control module 202 may directly send the data to the routing module 201, and the data is forwarded by the routing module 201 to a corresponding client, that is, a service requester.
313: the data management and control module 202 modifies the service processing data that does not satisfy the preset return condition.
For example, for the business processing data which does not satisfy the preset return condition, further checking processing needs to be performed on the business processing data. For example, for the foregoing example, if there is historical data that may cause a security problem and needs to be filtered in the business process data, the data management and control module 202 may perform filtering processing on the historical data, for example, delete a part of policy data with an effective period of less than 3 months in the returned policy data, and complete data filtering. For another example, if there is a sensitive field in the service processing data, the data management and control module 202 may perform encryption processing or desensitization processing on the returned service processing data, for example, replace a necessary sensitive field with encrypted data, or delete an unnecessary sensitive field to desensitize, and the like, which is not limited herein.
As an example, for the foregoing example, for example, the returned service processing data is a processing result of historical policy data corresponding to user a inquiring user B, where the authority of user a can only inquire policy service data of user B in a week, and when the corresponding service module 203 returns the service processing data to the data management and control module 202 after inquiring the result, the data management and control module 202 may perform filtering and desensitization processing on the returned service processing data according to the authority of user a. For example, sensitive information such as policy service data before a week and a bank account of the user B in the returned service processing data is deleted, and then the processed service processing data is sent to the client through the routing module 201.
314: the data management and control module 202 returns the modified service processing data (as second processing data) to the routing module 201.
For example, after the data management and control module 202 completes modification of the service processing data that does not meet the data check requirement, the modified service processing data may be sent to the routing module 201, and the routing module 201 returns the modified service processing data to the service requester.
315: the routing module 201 returns the received service processing data to the service requester.
For example, the routing module 201 may return, to a requester that initiates a service request, for example, the client 100a or 100b shown in fig. 1, service processing data that meets a preset return condition after being checked by the data management and control module 202, or service processing data that is modified and processed by the data management and control module 202, and the like, which is not limited herein.
It can be understood that, based on the data processing method implemented by the flow shown in fig. 3, a certain degree of data management and control can be implemented, including security management and control, management and control in terms of data related parameter legal compliance, and the like, and the data management and control module 202 implementing this data management and control function may also preset (or called customize) an adaptive data management and control policy according to different service modules, including a data check policy for service request data, a data check policy for service processing data returned by the service module, and the like. Thus, if the third-party service integrated or accessed to the service platform 200 needs to be functionally enhanced and modified in terms of security performance, scene adaptability, and the like, the function enhancement can be realized by adjusting the corresponding data management and control conditions in the data management and control module 202 and further based on the transfer transition processing of the data management and control module 202. Based on the scheme, the code execution logic of the third-party service does not need to be upgraded and modified, and the labor and resource cost spent on the aspect of function upgrading of the third-party service and some local services and other service modules of the service platform 200 is reduced.
In order to more clearly understand the technical solution of the present application, based on the above interaction flow shown in fig. 3 and the structure of the data management and control module 202 shown in fig. 4, a specific implementation process of the data processing method provided in this embodiment in another service scenario is described below with reference to a specific service scenario.
Example 1
In the embodiment of the present application, a service module 203 is taken as an example of a link query service (jaeger-query) 203-1, and a specific implementation process of the data processing method provided in the embodiment of the present application is introduced, so as to achieve a purpose of enhancing a function of the link query service 203-1. Wherein the link query service 203-1 mainly provides query capability for invoking link information by an application.
It can be understood that in the distributed microservice scenario, a service request initiated by a user through a client may be processed by responses of a plurality of service modules after accessing a service platform. If the user wants to query which link (i.e., which service module) the service request consumes more time, the user can query through the link query service 203-1, and the service platform can analyze whether each service module operates abnormally according to the time consumption of the service request queried by the link query service 203-1 in the processing link of each service module. It can be understood that the link query service 203-1 is mainly used for providing query capability for invoking link information by an application, and the service can realize analysis on application performance (or service performance) and analysis on invoking link rationalization degree and the like.
Fig. 4 shows a schematic flow chart of an implementation of a data processing method corresponding to the link query service 203-1 according to an embodiment of the present application. It is understood that the flow shown in fig. 4 relates to the interaction between the routing module 201, the data policing module 202 and the link query service 203-1.
Specifically, as shown in fig. 4, the method specifically includes the following steps:
401: the routing module 201 obtains link analysis request data.
Illustratively, the requester initiating the link analysis request to request the link query service 203-1 to provide the corresponding link information query service may be, for example, an administrator account corresponding to a certain client program and corresponding to a development merchant, and when it needs to detect whether each service module called by the service platform 200 to process the service request is operating normally, the administrator account may log in the client 100a and initiate the link analysis request to the service platform 200. In other embodiments, some clients may also initiate the above-mentioned link analysis request to the service platform 200 based on other service requirements, which is not limited herein.
It can be understood that the data for invoking the link query service to request the link analysis usually includes some query parameter options for determining the query condition, and the parameter types corresponding to these options may include, for example, traced (for marking a monitoring object), an interface name of the service call, an application name of the client, an IP of the client (i.e., an IP of a service call initiator), a name of the service called by the query, a time-consuming threshold (for example, the time consumed for calling is greater than a specified number of milliseconds), a call type, whether to invoke abnormally, a service main key (i.e., a field on which a corresponding service event is searched), a response code, and the like, which are not described herein again.
For a specific process of acquiring the request data, reference may be made to step 301, which is not described herein again.
402: the routing module 201 forwards the link analysis request data to the data management and control module 202.
For a specific process of forwarding the request data, refer to step 302 above, which is not described herein again.
403: the data management and control module 202 analyzes the request data according to the received link, and confirms the access authority of the requesting party.
For example, the data management and control module 202 may confirm, according to the received link analysis request data, whether an account logged in by the client initiating the link analysis request is a management account authorized by the service platform 200, and if so, may confirm that the requestor is an authorized requestor; if not, the requester can be confirmed as an unauthorized requester.
For a specific process of confirming the access right of the requester, reference may be made to step 303 above, which is not described herein again.
404: for an unauthorized requester, the data management and control module 202 returns a message of denying access to the routing module 201.
Illustratively, the data management module 202 may reject the link analysis request of the requester if it is confirmed that the requester initiating the link analysis request is not an administrative account authorized by the service platform 200 and the requester is an unauthorized requester.
For a specific procedure of denying access, refer to step 304 above, which is not described herein again.
405: for authorized requestors, the data management and control module 202 performs data check on the received link analysis request data.
For example, if it is confirmed that the requester initiating the link analysis request is an administrative account authorized by the service platform 200, and it can be confirmed that the requester is an authorized requester, the data management and control module 202 may further perform corresponding data check on the received link analysis request data. For example, the data management and control module 202 may perform data check through the preset Cookie and the content of the link analysis request, and if the link analysis request data meets the data check requirement, the following step 406 may be continuously performed to send the link analysis request data to the link query service 203-1 for processing.
If the link analysis request data does not satisfy the data checking requirement, for example, the link analysis request data lacks an interface name of a service call as a query parameter, or the interface name is inaccurate, and the link query service 203-1 needs to query the corresponding service data based on the interface name, and also cannot support fuzzy search of the query parameter of the interface name, that is, lacks a relevant parameter of necessary information. At this time, the following step 407 needs to be executed to modify the portion of the request data that does not meet the inspection requirement, for example, matching the interface name of the corresponding service based on other related parameters in the link analysis request data, or performing fuzzy search on the fuzzy interface name to obtain an accurate interface name, and replacing the original interface name in the request data.
After step 407, step 408, described below, is performed to send a link analysis request to the link query service 203-1. For a specific data checking process, reference may be made to step 305, which is not described herein again.
406: the data management and control module 202 sends link analysis request data satisfying the data check requirement to the link query service 203-1.
407: the data management and control module 202 modifies the link analysis request data that does not meet the data inspection requirements.
Illustratively, the modification of the link analysis request data that does not satisfy the data check requirement includes information complementation of a parameter lacking necessary information in the request data, and the like. Specifically, refer to step 307, which is not described herein.
408: data policing module 202 sends the modified link analysis request data to link query service 203-1.
409: the link query service 203-1 queries the time-consuming data of each link service module in the service link in response to the received link analysis request data. Illustratively, the time-consuming data includes a time length for each service module to receive a corresponding service request and perform corresponding service processing, a time length consumed by each service module in the process of performing service processing, and the like, which is not limited herein.
410: the link query service 203-1 returns the queried time-consuming data to the data governance module 202.
411: the data management and control module 202 checks whether the returned time-consuming data meets a preset return condition.
Illustratively, the data management and control module 202 receives original data (i.e., time-consuming data) returned by the link query service 203-1, and checks whether a preset return condition is satisfied, for example, whether sensitive data exists is checked, and if the sensitive data exists, desensitization processing is required, for example, sensitive data that does not need to be returned is deleted. For another example, the data management and control module 202 may further check whether the returned time-consuming data includes the relevant authorization information of the requesting party, for example, based on the client IP preset in the link analysis request data, to confirm whether the time-consuming data returned by the link analysis service 203-1 corresponds to the client IP information and whether the client IP information includes the corresponding client authorization information. If no authorization information exists, it indicates that the client IP has not been authorized by the corresponding client temporarily, i.e. the requesting party is not authorized, the time-consuming data returned by the link query service 203-1 is deleted.
For the specific checking and determining process, reference may be made to step 311, which is not described herein again.
412: the data management and control module 202 returns the time-consuming data meeting the preset return condition to the routing module 201.
For example, the time-consuming data meeting the preset return condition after the check may be returned to the client of the requesting party, and displayed on the corresponding link analysis page. The preset returning condition may not only include the conditions of no sensitive data and authorization information of the requesting party, etc. exemplified in step 411, but also include other preset returning conditions. And are not intended to be limiting herein.
For example, the relevant parameters of the link analysis request data responded by the link query service 203-1 may further include, for example, a time consumption threshold, a service name called by the query, and the like, and then, of the time consumption data returned by the link query service 203-1 in response to the link analysis request, the corresponding time consumption of calling should be greater than a specified number of milliseconds, and the time consumption data should correspond to the service name called by the query, and the like. However, the time-consuming data obtained by the link query service 203-1 may include time-consuming data that called the service within the last year, such as time-consuming data that called a policy data management service. The service platform 200, for example, a service platform providing corresponding services for insurance services, may only allow the time-consuming data for invoking the service in the last 3 months based on security considerations. In this case, the preset return condition set in the data management and control module 202 includes a time filtering condition, that is, the data management and control module 202 can control to filter the time-consuming data before 3 months, and only return the time-consuming data of the latest 3 months to the routing module.
413: the data management and control module 202 modifies the time-consuming data that does not satisfy the preset return condition.
For example, if the data management and control module 202 detects that there is sensitive data in the time-consuming data returned by the link query service 203-1, desensitization processing needs to be performed, for example, corresponding sensitive data is deleted, or encryption processing is performed on corresponding sensitive data, that is, the above modification process is performed. For another example, referring to the example shown in the step 412, if the preset return condition set in the data management and control module 202 includes the time filtering condition of "last 3 months", the time-consuming data returned by the link query service 203-1 is the time-consuming data before 3 months, and the data management and control module 202 may delete the time-consuming data from the time-consuming data to be returned.
For a specific modification process, reference may be made to the related description in step 313, which is not described herein again.
414: the data administration module 202 returns the modified time-consuming data to the routing module 201.
415: the routing module 201 returns the received time-consuming data to the requestor.
It can be understood that the data processing method corresponding to the link query service 203-1, which is implemented based on the flow shown in fig. 4, can perform authentication and control on the link analysis request requesting the link query service 203-1, and can also perform sensitive data check and desensitization on the time-consuming data returned by the link query service 203-1, or check whether the time-consuming data meets the security requirement of some service module related data, so as to improve the security of the link query service provided by the link query service 203-1. Moreover, this security enhancement can be achieved without upgrading or modifying the link query service 203-1.
Example 2
In the embodiment of the present application, a service module 203 is taken as a visualization service, that is, kibana203-2 is taken as an example, and how to implement a process of performing function enhancement on a data visualization service by implementing the data processing method provided in the embodiment of the present application is described. The Kibana203-2 is a visualization platform, and data analysis and visualization can be realized by Kibana searching, viewing and interacting with data stored in a retrieval (elastic search) index, for example, displaying the searched data in a chart form.
It can be understood that in the operation, maintenance and management scenario of some distributed service systems, a user of some distributed service systems may wish to show some service statistics data in the form of a chart or the like on an interface of a client, so as to facilitate analysis and management. At this time, the user may initiate a visualization service request for Kibana203-2 to the service platform 200 through the corresponding client, so as to request target data visually displayed through Kibana203-2 search and a page of the visually displayed data.
FIG. 5 is a schematic diagram illustrating an implementation flow of a data processing method corresponding to Kibana203-2 according to an embodiment of the present application. It is understood that the flow shown in fig. 5 involves interaction between the routing module 201, the data governance module 202 and Kibana 203-2.
Specifically, as shown in fig. 5, the method specifically includes the following steps:
501: the routing module 201 obtains the visual service request data.
Illustratively, a requester initiating a visualization service request to request the Kibana203-2 to provide corresponding data search and visualization service may be, for example, an administrator account of a development merchant corresponding to a certain client program, and when it is necessary to analyze user-related business data served by the client program, the requester may initiate a Kibana203-2 visualization service request to the business platform 200 through an operation and maintenance client of the business system to request to provide the client program with a running log or related link information of a service module of the corresponding service processing corresponding business request through the Kibana203-2 search, so as to obtain corresponding business data, and provide a page for visually displaying the searched corresponding business data.
In other embodiments, some clients may also initiate the visualization service request to the business platform 200 based on business requirements of other aspects, which is not limited herein.
For a specific process of acquiring the request data, reference may be made to step 301, which is not described herein again.
502: the routing module 201 sends the visualization service request data to the data management and control module 202.
For a specific process of forwarding the request data, reference may be made to step 302, which is not described herein again.
503: the data management and control module 202 confirms the access authority of the requester according to the received visualization service request data.
For example, the data management and control module 202 may confirm whether the client initiating the visualization service request has the right to obtain data such as the running log of the corresponding service module according to the received visualization service request data. For example, if the visual service request is a service request for visually displaying the number of newly added insurance applicants, the number of intended insurance applicants, the number of maintained insurance applicants, and the like on the insurance service platform, the client initiating the service request or the account (i.e., requester) logged in the client should have the management authority to view and acquire the relevant data of the insurance applicants on the insurance service platform. If the requester has the authority to acquire the related data and the like of the applicant to be visualized, the requester can be confirmed to be an authority requester; if the request party does not have the acquisition authority, the request party can be confirmed to be an unauthorized request party.
For a specific process of confirming the access right of the requester, reference may also be made to step 303 above, which is not described herein again.
504: for an unauthorized requester, the data management and control module 202 returns a message of denying access to the routing module 201.
For example, if it is confirmed that the requestor initiating the visualization service request does not have the authority to obtain data such as the running log of the corresponding service module, and it can be confirmed that the requestor is an unauthorized requestor, the data management and control module 202 may reject the visualization service request of the requestor.
For a specific procedure of denying access, refer to step 304 above, which is not described herein again.
505: for authorized requestors, the data management and control module 202 performs data check on the received visualization service request data.
For example, if it is confirmed that the requestor initiating the visualization service request has the authority to obtain data such as the running log of the corresponding service module, and it can be confirmed that the requestor is an authorized requestor, the data management and control module 202 may further perform corresponding data check on the received visualization service request data. For example, the data management and control module 202 may perform data check through a preset Cookie and the content of the visualization service request, for example, check whether the relevant request parameters lack necessary information, and the like. If the visualization service request data meets the data checking requirement, for example, each set descriptive parameter corresponding to the requested related data in the visualization service request data is complete and accurate, and does not lack necessary information. Then the following step 506 may be continued to send the visualization service request data to Kibana203-2 for processing.
If the visualization service request data does not satisfy the data inspection requirement, for example, there is a lack or inaccuracy in each descriptive parameter set corresponding to the related data requested in the visualization service request data, for example, there is a lack of policy data time sequence parameters to be obtained, that is, the collection time of the policy data needs to be missing or setting a mistake corresponding to the set start time and end time, where the setting mistake may be, for example, setting the start time or end time to a certain time in the future, which means that there is a lack of necessary information. Then the following step 507 needs to be performed to modify the portion of the requested data that does not meet the inspection requirements. For example, the data management and control module 202 may set the missing start time to a certain date before 6 months according to the 6-month time span usually set by the Kibana203-2 providing the visualization service, and set the end time to a certain date corresponding to the start time span of 6 months, that is, set to obtain the policy data of about 6 months to extract the number of policyholders for visualization display, so as to complete the completion of the missing information.
Thereafter, the data governance module 202 may proceed to step 508, described below, to send a visualization service request to Kibana 203-2. For a specific data checking process, refer to step 305 above, which is not described herein again.
506: the data management and control module 202 sends the visualization service request data satisfying the data inspection requirement to the Kibana 203-2.
507: the data governance module 202 modifies visualization service request data that does not meet data inspection requirements.
Illustratively, the modification of the visualization service request data which does not meet the data checking requirement includes information complementation of parameters lacking necessary information in the request data, and the like.
For the foregoing example, for example, the data management and control module 202 may complement the visualization service request data requesting to display the analysis result of the number of applicant according to the 6 month time span typically set by Kibana203-2 providing visualization service. For example, the data management and control module 202 sets the missing start time to a certain date before 6 months, and sets the end time to a certain date corresponding to the start time span of 6 months, that is, sets to acquire policy data of nearly 6 months to extract the number of policemen for visual display, so as to complete the completion of the missing information.
Specifically, the process of modifying the visualization service request data that does not meet the data checking requirement may also refer to step 307, which is not described herein again.
508: the data governance module 202 sends the modified visualization service request data to Kibana 203-2.
509: in response to the received visualization service request data, the Kibana203-2 searches the running log or link information of the corresponding service module to process the visualization data of the corresponding business system.
Illustratively, the business data correspondingly requested by the visualization service request data may be policy data, for example, kibana203-2 may obtain an operation log of a corresponding policy data management service and the like and/or call link information of the policy data management service and the like in the insurance business platform, and further process to obtain visualization data for forming a visualization page based on the applicant related information extracted from the operation log or the call link information. The visualization data includes corresponding service data obtained based on the running logs of the corresponding service modules, and visualization page related parameters obtained by processing the corresponding service data through the data visualization processing capability provided by the Kibana203-2, for example, chart path parameters such as adopted bar charts, pie charts, and the like, which are not limited herein.
510: the Kibana203-2 returns the processed visual data to the data management and control module 202.
511: the data management and control module 202 checks whether the returned visual data meets a preset return condition.
Illustratively, the data management and control module 202 checks whether the original data (i.e., the visual data) returned by the Kibana203-2 meets a preset return condition, for example, checks whether there is sensitive data such as the premium data or the identification number of the applicant in the visual data corresponding to the result of the quantitative analysis of the applicant. If there is sensitive data, desensitization processing is required, for example, sensitive data which is not required to be returned is deleted. For another example, the data management and control module 202 may further check whether there is authorization information related to the requester in the returned visualization data, and if there is no authorization information, for example, the requester is not authorized, delete the visualization data returned by Kibana 203-2.
For a specific checking and determining process, refer to step 311 above, which is not described herein.
512: the data management and control module 202 returns the visual data meeting the preset return condition to the routing module 201.
Illustratively, the visual data meeting the preset return condition after the check can be returned to the client of the requesting party, and visually displayed on the corresponding client business interface.
513: the data management and control module 202 modifies the visual data which do not meet the preset return condition.
Illustratively, the data management and control module 202 checks that there is sensitive data in the visual data returned by Kibana203-2, for example, there is information such as the share data of some policyholders or the identification numbers of some policyholders in the visual data corresponding to the analysis result of the number of policyholders. Then desensitization processing is required, such as deleting sensitive data, such as the premium data and the applicant's identification number, in the visual data corresponding to the analysis result of the number of applicant, or encrypting the corresponding sensitive data, i.e. the above modification process.
For a specific modification process, reference may also be made to the related description in step 313, which is not described herein again.
514: the data administration module 202 returns the modified visual data to the routing module 201.
515: the routing module 201 returns the received visualization data to the requestor.
It can be understood that the data processing method corresponding to Kibana203-2, which is implemented based on the flow shown in fig. 5, can perform authentication control on the visualization service request data requesting Kibana203-2, and can also perform sensitive data check, desensitization processing, and the like on the visualization data returned by Kibana203-2, thereby improving the security of Kibana203-2 in providing data search and visualization service. Moreover, the enhancement of the safety performance can be realized without upgrading and modifying Kibana 203-2.
Fig. 6 shows a schematic structural diagram of an electronic device 600 according to an embodiment of the present application. In this embodiment, the electronic device 600 may run the service platform 200. In other embodiments, the electronic device 600 may also operate some clients of the business system, such as an insurance business client, and the like, without limitation.
As shown in fig. 6, in some embodiments, server 200 may include one or more processors 604, system control logic 608 coupled to at least one of processors 604, system memory 612 coupled to system control logic 608, non-volatile memory (NVM) 616 coupled to system control logic 608, and network interface 620 coupled to system control logic 608.
In some embodiments, processor 604 may include one or more single-core or multi-core processors. In some embodiments, processor 604 may include any combination of general-purpose processors and special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In embodiments where server 200 employs an eNB (enhanced Node B) or RAN (Radio Access Network) controller, processor 604 may be configured to perform various suitable embodiments, e.g., one or more of the various embodiments shown in fig. 2-5.
In some embodiments, system control logic 608 may include any suitable interface controllers to provide any suitable interface to at least one of processors 604 and/or to any suitable device or component in communication with system control logic 608.
In some embodiments, system control logic 608 may include one or more memory controllers to provide an interface to system memory 612. System memory 612 may be used to load and store data and/or instructions. The memory 612 of the server 200 may comprise any suitable volatile memory in some embodiments, such as suitable Dynamic Random Access Memory (DRAM).
NVM/memory 616 may include one or more tangible, non-transitory computer-readable media for storing data and/or instructions. In some embodiments, the NVM/memory 616 may include any suitable non-volatile memory, such as flash memory, and/or any suitable non-volatile storage device, such as at least one of a HDD (Hard Disk Drive), CD (Compact Disc) Drive, DVD (Digital Versatile Disc) Drive.
The NVM/memory 616 may comprise a portion of the storage resource on the apparatus on which the server 200 is installed or it may be accessible by, but not necessarily a part of, the device. For example, the NVM/storage 616 may be accessed over a network via the network interface 620.
In particular, system memory 612 and NVM/storage 616 may each include: a temporary copy and a permanent copy of instructions 624. The instructions 624 may include: instructions that when executed by at least one of the processors 604 cause the server 200 to implement the method as shown in fig. 3-4. In some embodiments, instructions 624, hardware, firmware, and/or software components thereof may additionally/alternatively be located in system control logic 608, network interface 620, and/or processor 604.
The network interface 620 may further include any suitable hardware and/or firmware to provide a multiple-input multiple-output radio interface. For example, network interface 620 may be a network adapter, a wireless network adapter, a telephone modem, and/or a wireless modem.
In one embodiment, at least one of processors 604 may be packaged together with logic for one or more controllers of system control logic 608 to form a System In Package (SiP). In one embodiment, at least one of processors 604 may be integrated on the same die with logic for one or more controllers of system control logic 608 to form a system on a chip (SoC).
The server 200 may further include: input/output (I/O) devices 632.I/O devices 632 may include user interfaces to enable a user to interact with server 200; the design of the peripheral component interface enables peripheral components to also interact with the server 200. In some embodiments, server 200 further comprises sensors for determining at least one of environmental conditions and location information associated with server 200.
In some embodiments, the user interface may include, but is not limited to, a display (e.g., a liquid crystal display, a touch screen display, etc.), a speaker, a microphone, one or more cameras (e.g., still image cameras and/or video cameras), a flashlight (e.g., a light emitting diode flash), and a keyboard.
In some embodiments, the peripheral component interfaces may include, but are not limited to, a non-volatile memory port, an audio jack, and a power interface.
In some embodiments, the sensors may include, but are not limited to, a gyroscope sensor, an accelerometer, a proximity sensor, an ambient light sensor, and a positioning unit. The positioning unit may also be part of the network interface 620 or interact with the network interface 620 to communicate with components of a positioning network, such as Global Positioning System (GPS) satellites.
Reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one example embodiment or technique disclosed according to the embodiment of the application. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment.
The disclosure of the embodiment of the application also relates to an operating device for executing the text. This apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, magnetic-optical disks, read-only memories (ROMs), random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, application Specific Integrated Circuits (ASICs), or any type of media suitable for storing electronic instructions, and each may be coupled to a computer system bus. Further, the computers referred to in the specification may include a single processor or may be architectures employing multiple processor designs for increased computing capability.
Moreover, the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the disclosed subject matter. Accordingly, the disclosure of the embodiments of the present application is intended to be illustrative, but not limiting, of the scope of the concepts discussed herein.
Claims (17)
1. A data processing method is applied to a service platform comprising a routing module, a data management and control module and a service module, wherein the service module comprises a third-party service, and the method comprises the following steps:
the routing module acquires first request data for a target service;
the routing module sends the first request data to the data management and control module, wherein the first request data at least comprises the identification information of the target service module and a target data acquisition parameter for the target service;
the data management and control module judges whether the first request data meet a first condition, wherein the first condition is used for carrying out validity and security check on the first request data processed by a request target service module;
confirming that the first request data meets the first condition, and sending the first request data to the target service module by the data management and control module;
confirming that the first request data does not satisfy the first condition, the data management and control module modifies the first request data to obtain second request data satisfying the first condition, and the data management and control module sends the second request data to the target service module.
2. The method of claim 1, wherein the first condition is dynamically determined based on at least one of a regulatory requirement of an API entry parameter of the target service module and a service data security requirement of the target service module.
3. The method of claim 2, wherein the first condition comprises a parameter threshold determination condition preset for at least one API entry parameter of the target service module, and wherein,
the data management and control module judges whether the first request data meets a first condition, and the method comprises the following steps:
the data management and control module judges whether the value of a first parameter in the first request data is within a preset first parameter threshold range;
if the value of the first parameter is within the first parameter threshold range, the data management and control module confirms that the first request data meets the first condition;
if the value of the first parameter is not within the first parameter threshold range, the data management and control module confirms that the first request data does not satisfy the first condition.
4. The method according to claim 3, wherein confirming that the first requested data does not satisfy the first condition, the data management and control module modifying the first requested data to obtain a second requested data satisfying the first condition, includes:
adjusting the value of the first parameter, which is not within the first parameter threshold range, to be within the first parameter threshold range.
5. The method according to claim 1, wherein the target service module is configured to process request data sent by the data management module, the request data including the first request data and the second request data, and the method includes:
the target service module processes the received request data to obtain first processing data;
the target service module returns the first processing data to the data management and control module;
the data management and control module judges whether the first processing data meet a second condition, wherein the second condition is used for carrying out security check on the first processing data to be returned to a service request end, and the service request end is a client end for initiating the target service;
confirming that the first processing data meets the second condition, and sending the first processing data to the routing module by the data management and control module;
confirming that the first processing data does not satisfy the second condition, the data management and control module modifies the first processing data to obtain second processing data satisfying the second condition, and the data management and control module sends the second processing data to the routing module.
6. The method of claim 5, wherein the second condition is dynamically determined based on at least one of a security check parameter, a permission check parameter, and a data protection check parameter of the service request end.
7. The method of claim 6, wherein the second condition comprises a sensitive data identification parameter as the security check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module judges whether the first processing data contain sensitive data or not based on the sensitive data identification parameters;
if the first processed data does not contain sensitive data, confirming that the first processed data meets the second condition;
and if the first processing data contains sensitive data, confirming that the first processing data does not meet the second condition.
8. The method of claim 7, wherein the confirming that the first processed data does not satisfy the second condition, the data governance module modifying the first processed data to obtain second processed data that satisfies the second condition, comprises:
deleting sensitive data in the first processing data; or,
and encrypting the sensitive data in the first processing data.
9. The method of claim 6, wherein the second condition comprises an authorization information verification parameter as the permission check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module confirms whether a terminal receiving party of the first processing data has the authority of acquiring all data contents of the first processing data or not based on the authorization information verification parameter;
if the terminal receiving party of the first processing data has the acquisition permission of all data contents of the first processing data, confirming that the first processing data meets the second condition;
and if the terminal receiving party of the first processing data does not have the acquisition authority for all the data contents of the first processing data, confirming that the first processing data does not meet the second condition.
10. The method of claim 9, wherein the confirming that the first processed data does not satisfy the second condition, the data governance module modifying the first processed data to obtain second processed data that satisfies the second condition comprises:
and if the terminal receiving party of the first processing data does not have the authority of acquiring all data contents of the first processing data, deleting the first processing data.
11. The method according to claim 6, wherein the second condition includes a preset time threshold for protecting service platform data as the data protective check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module judges whether the first processing data comprise data of which the acquisition time is earlier than the preset time threshold;
if the first processed data does not include data with the acquisition time earlier than the preset time threshold, confirming that the first processed data meets the second condition;
and if the first processing data comprise data with the acquisition time being earlier than the preset time threshold, confirming that the first processing data do not meet the second condition.
12. The method according to claim 11, wherein the confirming that the first processed data does not satisfy the second condition, the data policing module modifying the first processed data to obtain second processed data satisfying the second condition comprises:
and deleting the data of which the acquisition time is earlier than the preset time threshold in the first processing data.
13. The method according to any of claims 1 to 12, wherein the routing module is any of Nginx, traefik, envoy, kong.
14. A data processing system, comprising:
the system comprises a routing module, a data management and control module and a service module, wherein the routing module is used for acquiring first request data for a target service and sending the first request data to the data management and control module, and the first request data at least comprises identification information of a target service module and a target data acquisition parameter for the target service;
the data management and control module is used for judging whether the first request data meet a first condition, wherein the first condition is used for carrying out validity and security check on the first request data processed by the request target service module; when the first request data is confirmed to meet the first condition, the first request data is used for sending the first request data to a target service module; when the first request data are confirmed not to meet the first condition, the first request data are modified to obtain second request data meeting the first condition, and the second request data are sent to a target service module;
and the target service module is used for processing the received first request data or the second request data to obtain first processing data and returning the first processing data to the data management and control module.
15. The data processing system according to claim 14, wherein the data management and control module is further configured to determine whether the first processed data meets a second condition, where the second condition is used to perform security check on the first processed data to be returned to a service request end, where the service request end is a client that initiates the target service; and the number of the first and second electrodes,
when the first processing data is confirmed to meet the second condition, the routing module is used for sending the first processing data to the routing module;
and when the first processing data are confirmed not to meet the second condition, the router is used for modifying the first processing data to obtain second processing data meeting the second condition, and sending the second processing data to the routing module.
16. An electronic device, comprising: one or more processors; one or more memories; the one or more memories store one or more programs that, when executed by the one or more processors, cause the electronic device to perform the data processing method of any of claims 1-12.
17. A computer-readable storage medium, comprising computer programs/instructions which, when executed by a processor, implement the data processing method of any one of claims 1 to 12.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660992.5A CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
PCT/CN2023/097671 WO2023241366A1 (en) | 2022-06-13 | 2023-06-01 | Data processing method and system, and electronic device and computer-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660992.5A CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115242433A true CN115242433A (en) | 2022-10-25 |
CN115242433B CN115242433B (en) | 2024-02-09 |
Family
ID=83669605
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210660992.5A Active CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN115242433B (en) |
WO (1) | WO2023241366A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023241366A1 (en) * | 2022-06-13 | 2023-12-21 | 易保网络技术(上海)有限公司 | Data processing method and system, and electronic device and computer-readable storage medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
CN110225039A (en) * | 2019-06-14 | 2019-09-10 | 无锡华云数据技术服务有限公司 | Authority models acquisition, method for authenticating, gateway, server and storage medium |
CN112270011A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Method, device and system for protecting service and data security of existing application system |
CN112702336A (en) * | 2020-12-22 | 2021-04-23 | 数字广东网络建设有限公司 | Security control method and device for government affair service, security gateway and storage medium |
CN113268420A (en) * | 2021-05-21 | 2021-08-17 | 北京大米科技有限公司 | Development method, device and system of data interface and computer storage medium |
CN113704744A (en) * | 2021-07-21 | 2021-11-26 | 阿里巴巴(中国)有限公司 | Data processing method and device |
CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9729506B2 (en) * | 2014-08-22 | 2017-08-08 | Shape Security, Inc. | Application programming interface wall |
US11381564B2 (en) * | 2020-10-09 | 2022-07-05 | Sap Se | Resource security integration platform |
CN115242433B (en) * | 2022-06-13 | 2024-02-09 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
-
2022
- 2022-06-13 CN CN202210660992.5A patent/CN115242433B/en active Active
-
2023
- 2023-06-01 WO PCT/CN2023/097671 patent/WO2023241366A1/en unknown
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
CN110225039A (en) * | 2019-06-14 | 2019-09-10 | 无锡华云数据技术服务有限公司 | Authority models acquisition, method for authenticating, gateway, server and storage medium |
CN112270011A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Method, device and system for protecting service and data security of existing application system |
CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
CN112702336A (en) * | 2020-12-22 | 2021-04-23 | 数字广东网络建设有限公司 | Security control method and device for government affair service, security gateway and storage medium |
CN113268420A (en) * | 2021-05-21 | 2021-08-17 | 北京大米科技有限公司 | Development method, device and system of data interface and computer storage medium |
CN113704744A (en) * | 2021-07-21 | 2021-11-26 | 阿里巴巴(中国)有限公司 | Data processing method and device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023241366A1 (en) * | 2022-06-13 | 2023-12-21 | 易保网络技术(上海)有限公司 | Data processing method and system, and electronic device and computer-readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2023241366A1 (en) | 2023-12-21 |
CN115242433B (en) | 2024-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200304485A1 (en) | Controlling Access to Resources on a Network | |
CN110266764B (en) | Gateway-based internal service calling method and device and terminal equipment | |
US10127401B2 (en) | Redacting restricted content in files | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
US20150347773A1 (en) | Method and system for implementing data security policies using database classification | |
US20120291089A1 (en) | Method and system for cross-domain data security | |
US20200344230A1 (en) | Digital identity network interface system | |
US12045264B2 (en) | Local data classification based on a remote service interface | |
US10282461B2 (en) | Structure-based entity analysis | |
US10192262B2 (en) | System for periodically updating backings for resource requests | |
US12034689B2 (en) | Systems and methods for electronically distributing information | |
CN112947945A (en) | Multi-type application publishing method and device, computer equipment and storage medium | |
WO2023241366A1 (en) | Data processing method and system, and electronic device and computer-readable storage medium | |
US10013237B2 (en) | Automated approval | |
US11443058B2 (en) | Processing requests at a remote service to implement local data classification | |
CN112560006B (en) | Single sign-on method and system under multi-application system | |
CN116644473A (en) | Data desensitization method and device | |
US20200356644A1 (en) | User-specific watermark for maintaining security of data files | |
CN107517177B (en) | Interface authorization method and device | |
KR20210045628A (en) | The method of proving download and view of insurance contract document at mobile insurance process | |
CN115906131B (en) | Data management method, system, equipment and storage medium | |
CN111800382B (en) | Cooperative system docking method, apparatus, system and computer readable storage medium | |
US20240250992A1 (en) | Analyzing cloud computing services (ccs) accounts using ccs application programming interfaces to enforce security policies | |
CN113961890A (en) | User behavior tracking method, system, computer and readable storage medium | |
CN116975802A (en) | Method and device for adding authority control for server software system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |