CN115242433B - Data processing method, system, electronic device and computer readable storage medium - Google Patents
Data processing method, system, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN115242433B CN115242433B CN202210660992.5A CN202210660992A CN115242433B CN 115242433 B CN115242433 B CN 115242433B CN 202210660992 A CN202210660992 A CN 202210660992A CN 115242433 B CN115242433 B CN 115242433B
- Authority
- CN
- China
- Prior art keywords
- data
- service
- condition
- module
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 27
- 238000013523 data management Methods 0.000 claims abstract description 198
- 238000000034 method Methods 0.000 claims abstract description 96
- 238000012545 processing Methods 0.000 claims description 200
- 230000008569 process Effects 0.000 claims description 69
- 230000015654 memory Effects 0.000 claims description 21
- 238000013475 authorization Methods 0.000 claims description 11
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006978 adaptation Effects 0.000 abstract description 8
- 230000009466 transformation Effects 0.000 abstract description 7
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000004458 analytical method Methods 0.000 description 43
- 230000000007 visual effect Effects 0.000 description 43
- 238000007689 inspection Methods 0.000 description 41
- 230000006870 function Effects 0.000 description 28
- 238000012800 visualization Methods 0.000 description 23
- 238000012986 modification Methods 0.000 description 20
- 230000004048 modification Effects 0.000 description 20
- 238000011161 development Methods 0.000 description 17
- 230000003993 interaction Effects 0.000 description 12
- 238000007726 management method Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 9
- 238000000586 desensitisation Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 7
- 238000001914 filtration Methods 0.000 description 6
- 230000003044 adaptive effect Effects 0.000 description 4
- 230000002708 enhancing effect Effects 0.000 description 4
- 238000013079 data visualisation Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 235000014510 cooky Nutrition 0.000 description 2
- 238000013479 data entry Methods 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure relates to the field of computer technologies, and in particular, to a data processing method, a system, an electronic device, and a computer readable storage medium. The method comprises the following steps: the routing module sends the acquired first request data for the target service to the data management and control module; the data management and control module judges whether the first request data meets a first condition or not, wherein the first condition is used for checking the effectiveness and the safety of the first request data processed by the request target service module; confirming that the first request data meets a first condition, and sending the first request data to a target service module by a data management and control module; and the data management and control module modifies the first request data to obtain second request data meeting the first condition, and sends the second request data to the target service module. According to the scheme, the safety performance and scene adaptation performance of each service module can be effectively enhanced, and the service function transformation cost can be saved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing method, a system, an electronic device, and a computer readable storage medium.
Background
With the development of computer technology, more and more clients provide products and services for users by means of corresponding service platforms, namely, the clients can respond to user operation and acquire the products and services provided by the butted service platforms to process corresponding services, and further, the clients can display corresponding service processing results to the users based on service processing data fed back by the service platforms. For example, an insurance service client may rely on a network insurance platform to provide insurance-related service modules to users who need to be insured. It can be understood that, depending on the client of the service platform, the client may be a service system application (application) running in an electronic device such as a mobile phone, or may be a web-based service system application, which is not limited herein.
As a business platform, to provide more comprehensive products and services to clients, it is generally required to integrate some third party services, such as link query services, visualization services, and third party open source service modules. In other embodiments, the third party services may also be micro services running under Kubernetes, which is an open source system for automatically deploying, expanding and managing containerized applications, and the business platform may process business requests for such third party services to the corresponding third party services. However, some third party services may be software developed under some old frameworks, i.e., the development framework may be incompatible with the system framework of the business platform; still other third party services may have authorization restrictions, etc. Therefore, when integrating or accessing these third party services, the service platform often needs to modify the software source code of the third party services according to individual needs. These modifications are, for example, some adaptations to adapt to the system framework of the service, modifications to release the authorization restrictions, and the like. Moreover, when a third party service upgrades or updates some entry parameters, the above code transformation according to individual needs cannot automatically complete the adaptive updating, and only the developer can re-perform the corresponding code transformation.
Therefore, when the service scenario changes, or in order to meet the security requirement of some service modules provided by the service platform, the functions of some third party services integrated on the service platform, such as security performance, scenario adaptation performance, etc., are required to be enhanced, and if the function enhancement modification is performed according to the individual requirement adopted when the third party services are integrated, a large development cost is definitely generated. Therefore, there is a need for a data processing scheme to solve the problem of enhancing the functionality of third party services integrated or accessed by a service platform.
Disclosure of Invention
The embodiment of the application provides a data processing method, a system, electronic equipment and a computer readable storage medium, which solve the problems of high difficulty in function enhancement and transformation and large development amount of service modules such as third party service integrated on a service platform at present, and can effectively enhance the safety performance and scene adaptation performance of each service module, so that the higher-cost function enhancement and transformation of the third party service are not needed, and the service development cost is saved. In addition, the service platform realized based on the scheme of the application can easily interface with the third party service and perform some security or scene adaptability function upgrades, does not need to modify related codes of the third party service, and is beneficial to improving multi-terminal use experience of a client, a development terminal, a third party service terminal and the like.
In a first aspect, an embodiment of the present application provides a data processing method, where the method is applied to a service platform including a routing module and a data management module, and a service module, where the service module includes a third party service, and the method includes:
the routing module acquires first request data for a target service;
the routing module sends first request data to the data management and control module, wherein the first request data at least comprises identification information of a target service module and target data acquisition parameters for target service;
the data management and control module judges whether the first request data meets a first condition or not, wherein the first condition is used for checking the effectiveness and the safety of the first request data processed by the request target service module;
confirming that the first request data meets a first condition, and sending the first request data to a target service module by a data management and control module;
and the data management and control module modifies the first request data to obtain second request data meeting the first condition, and sends the second request data to the target service module.
The data management and control module with the data management and control function is used for screening the service request related data accessed by the service platform, for example, the method comprises the steps of checking the validity and the safety of the first request data based on the preset first condition. And finally, sending the request data (namely the first request data) meeting some inspection requirements related to the target service module. The target service module includes a third party service, which may be, for example, a visualization service (kimana) as exemplified in the following specific embodiment 2, and the first request data may be, for example, a visualization service request data requiring kimana processing.
In a possible implementation of the first aspect, the first condition is dynamically determined based on at least one of a normative requirement of an API entry parameter of the target service module, and a service data security requirement of the target service module.
For example, the first condition preset by the visualization service (Kibana) may be determined based on requirements such as various API entry parameter thresholds of the Kibana, and requirements of the Kibana on data content sources to be visualized and security of the data content. In other embodiments, the first condition may also include, for example, a limitation in a data table format corresponding to the data content to be visually displayed, which is not limited herein.
In one possible implementation of the first aspect, the first condition includes a parameter threshold judgment condition preset for at least one API entry parameter of the target service module, and the data management module judges whether the first request data meets the first condition, including: the data management and control module judges whether the value of a first parameter in the first request data is within a preset first parameter threshold range; if the value of the first parameter is within the first parameter threshold range, the data management and control module confirms that the first request data meets a first condition; if the value of the first parameter is not within the first parameter threshold range, the data management and control module confirms that the first request data does not meet the first condition.
In a possible implementation manner of the first aspect, the determining that the first request data does not meet the first condition, the modifying, by the data management module, the first request data to obtain second request data that meets the first condition includes: and adjusting the value of the first parameter which is not in the first parameter threshold range to be in the first parameter threshold range.
That is, for the service request data (i.e., the first request data) that does not meet the API entry parameter threshold requirement of the target service module, the corresponding API entry parameter in the request data may be adjusted to be within the threshold requirement range, so that the service request data is smoothly accessed to the target service module for processing in the subsequent process.
In a possible implementation manner of the first aspect, the target service module is configured to process request data sent by the data management module, where the request data includes first request data and second request data, and the method includes:
the target service module processes the received request data to obtain first processed data;
the target service module returns first processing data to the data management and control module;
the data management and control module judges whether the first processing data meets a second condition, wherein the second condition is used for carrying out security check on the first processing data to be returned to the service request terminal, and the service request terminal is a client terminal initiating a target service;
Confirming that the first processing data meets the second condition, and sending the first processing data to the routing module by the data management and control module;
and the data management and control module modifies the first processing data to obtain second processing data meeting the second condition, and sends the second processing data to the routing module.
The target service module processes the service processing data (namely the first request data) obtained by the corresponding service request data, namely the first processing data, and can also perform some security checks through the data management and control module so as to improve the security of the corresponding service and the processing data provided by the target service module, and further the service request end receiving the service processing data can also obtain higher security guarantee.
In a possible implementation of the first aspect, the second condition is dynamically determined based on at least one of a security check parameter, a rights check parameter, and a data protection check parameter of the service request end.
In a possible implementation of the first aspect, the second condition includes a sensitive data identification parameter as a security check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
The data management and control module judges whether the first processing data contains sensitive data or not based on the sensitive data identification parameters;
if the first processing data does not contain sensitive data, confirming that the first processing data meets a second condition;
if the first processing data includes sensitive data, it is determined that the first processing data does not satisfy the second condition.
In a possible implementation manner of the first aspect, the determining that the first processing data does not meet the second condition, the modifying, by the data management module, the first processing data to obtain second processing data that meets the second condition includes: deleting sensitive data in the first processed data; or, the sensitive data in the first processed data is encrypted.
In a possible implementation of the first aspect, the second condition includes an authorization information verification parameter as the rights verification parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module verifies parameters based on the authorization information to confirm whether a terminal receiver of the first processing data has the acquisition authority of all data contents of the first processing data;
if the terminal receiver of the first processing data has the acquisition authority of the whole data content of the first processing data, confirming that the first processing data meets a second condition;
And if the terminal receiver of the first processing data does not have the acquisition authority for the whole data content of the first processing data, confirming that the first processing data does not meet the second condition.
In a possible implementation manner of the first aspect, the determining that the first processing data does not meet the second condition, the modifying, by the data management module, the first processing data to obtain second processing data that meets the second condition includes:
and if the terminal receiver of the first processing data does not have the acquisition authority for the whole data content of the first processing data, deleting the first processing data.
In a possible implementation of the first aspect, the second condition includes a preset time threshold for protecting service platform data as a data protection check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module judges whether the first processing data comprise data with acquisition time earlier than a preset time threshold value;
if the first processing data does not comprise the data with the acquisition time earlier than the preset time threshold value, confirming that the first processing data meets the second condition;
and if the first processing data comprises data with acquisition time earlier than a preset time threshold value, confirming that the first processing data does not meet the second condition.
In a possible implementation manner of the first aspect, the determining that the first processing data does not meet the second condition, the modifying, by the data management module, the first processing data to obtain second processing data that meets the second condition includes: and deleting the data with the acquisition time earlier than a preset time threshold value in the first processing data.
In a possible implementation of the first aspect, the routing module is any one of Nginx, traefik, envoy, kong.
It will be appreciated that in other embodiments, the routing module may be other service modules with routing functions and capable of accessing service data, which is not limited herein.
In a second aspect, embodiments of the present application provide a data processing system, including:
the routing module is used for acquiring first request data for the target service and sending the first request data to the data management and control module, wherein the first request data at least comprises identification information of the target service module and target data acquisition parameters for the target service;
the data management and control module is used for judging whether the first request data meets a first condition or not, wherein the first condition is used for checking the effectiveness and the safety of the first request data processed by the request target service module; and when the first request data is confirmed to meet the first condition, the first request data is used for sending the first request data to the target service module; and when the first request data is confirmed not to meet the first condition, modifying the first request data to obtain second request data meeting the first condition, and sending the second request data to the target service module;
The target service module is used for processing the received first request data or the second request data to obtain first processing data and returning the first processing data to the data management and control module.
It will be appreciated that the target service module may be a local service module developed in the service platform described in the following embodiment, or may be a third party service module integrated or accessed by the service platform, for example, a link query service as illustrated in the following embodiment 1 and a visualization service (Kibana) as illustrated in the embodiment 2, which are not limited herein.
In one possible implementation of the second aspect, the data management and control module is further configured to determine whether the first processing data meets a second condition, where the second condition is used to perform security check on the first processing data to be returned to the service request end, where the service request end is a client end initiating the target service; and when the first processing data meets the second condition, the first processing data is used for sending the first processing data to the routing module;
and when the first processing data does not meet the second condition, modifying the first processing data to obtain second processing data meeting the second condition, and sending the second processing data to the routing module.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; one or more memories; the one or more memories store one or more programs that, when executed by the one or more processors, cause the electronic device to perform the data processing method provided in the first aspect described above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium including a computer program/instruction which, when executed by a processor, implements the data processing method provided in the first aspect.
Drawings
Fig. 1 is a schematic diagram of an interaction scenario between a client and a service platform according to an embodiment of the present application.
Fig. 2a is a schematic diagram illustrating a processing procedure of service interaction data between a client and a service platform according to an embodiment of the present application.
Fig. 2b is a schematic diagram illustrating a processing procedure of service interaction data between a client and a service platform according to another embodiment of the present application.
Fig. 3 is a schematic flow chart of an implementation of a data processing method according to an embodiment of the present application.
Fig. 4 is a schematic flow chart of an implementation of a data processing method corresponding to the link query service according to embodiment 1 of the present application.
Fig. 5 is a schematic flow chart of an implementation of the data processing method corresponding to Kibana in embodiment 2 of the present application.
Fig. 6 is a schematic structural diagram of an electronic device 600 for running a service platform or a client according to an embodiment of the present application.
Detailed Description
Fig. 1 shows a schematic diagram of an interaction scenario between a client and a service platform according to an embodiment of the present application.
As shown in fig. 1, the scenario includes a client program (abbreviated as client 100 a) running on a device 100a, a development end program (abbreviated as development end 100 b) running on a device 100b, a third party service provider (abbreviated as third party service end 100 b) running on a device 100c, and a service platform (abbreviated as service platform 200) running on a device 200.
Wherein the client 100a may be a program product developed by a merchant such as an insurance company and directed to a terminal consumer group for providing insurance related business services or other non-insurance related business services, etc. to the terminal consumer group (i.e., user).
The development terminal 100b is configured to provide a development platform for a developer, and the developer can develop, through the development terminal 100b, a service module that provides various services in the service platform 200, including a technical service that provides functions such as analysis or visual display, and a service that provides functions such as service processing. In addition, the service module includes both a local service developed for the service platform 200 and a third party service integrated into the service platform 200 or accessing the service platform 200 through a corresponding developed program interface to provide corresponding service contents, which is not limited herein.
The third party service end 100c may, for example, provide some open-source accessible third party services to the corresponding service requests transferred in the service platform 200, or some third party services provided by the third party service end 100c may be integrated into the service platform 200 to correspondingly process the corresponding service requests. The third party service accessed or integrated into the service platform 200 may be, for example, a mail service, a payment service or a link inquiry service, a visualization service, etc., which is not limited herein.
The service platform 200 is configured to access a service request initiated by the client 100a, and arrange a corresponding service module to process the service request. It will be appreciated that the service platform 200 may be communicatively coupled to the client 100a, the development 100b, and the third party server 100c, respectively, to form a service system or data processing system.
It is understood that the device 100a running the client program or the device 100b running the originating program may be, for example, an electronic device such as a mobile phone, a notebook computer, a tablet computer, or the like, or running a third party service. The device 200 running the service platform may be, for example, a server, desktop computer, laptop computer, handheld computer, netbook, or other electronic device embedded in or coupled with one or more processors or capable of accessing a network, etc., without limitation.
With continued reference to FIG. 1, a user may initiate a service request via client 100a, for example, the user may fill an insurance order via client 100a of an insurance service, or initiate a service request to query for an insurance service order, or the like. Accordingly, service platform 200 may implement routing functionality to access service requests from clients 100 b. If the service module required by the service request is a local service module of the service platform 200 or a third party service integrated into the service platform 200, the service platform 200 may call a corresponding service module to process the service request; if the service module required for the service request is a third party service running on the device 100c, the service platform 200 may forward the accessed service request to the corresponding third party service. In this manner, the service platform 200 accesses the service request of the client 100a and the process of sending to the corresponding service module for processing.
The routing function implemented by the service platform 200 may be implemented by open source software having an edge router (edge router) function, such as Nginx, traefik, envoy, kong, which is not limited herein. In the embodiment of the present application, the service module with the routing function implemented based on the above open source software in the service platform 200 is referred to as a routing module. That is, the routing module may forward the corresponding service request to the corresponding service module in the service platform 200 according to the obtained target service identification information of each service request.
With continued reference to fig. 1, after a service module provided on the service platform 200 responds to a service request sent by a client to perform corresponding service processing, service processing data may be returned to the corresponding client through a routing module.
As described above, the third party services integrated or accessed on the service platform 200 have been modified as necessary during integration or development of the program interface according to the actual requirements of the service platform. However, in the process of processing the client service request by using the service including the third party, if the service platform 200 is to meet the requirement of service processing security or to adapt the third party program to different service scenarios, the service module needs to be modified by corresponding function enhancement codes, including code modification in aspects of security performance enhancement, scene adaptation performance enhancement, and the like. In this case, the third party service integrated by the service platform 200 needs to be modified secondarily with a relatively large development cost, and the third party service accessed by the service platform 200 cannot realize the modification of the function enhancement property. For example, a developer of the business platform 200 may not know existing code of the third party service, and thus it takes time and effort to understand the integrated third party service existing code; for another example, some third party services may use a different technical stack than the technical stack used for developing the service platform 200, so that a developer of the service platform 200 needs to spend time and effort to learn a technical stack corresponding to some third party services, and the function enhancement modification of the third party services is possible. That is, these greatly increase the cost of functionally enhancing the third party services.
In order to solve the technical problems, the application provides a data processing method, which is used for realizing data inspection and management of request data sent to a service module and service processing data returned by the service module by adding a data management and control module in a service platform. The added data management and control module can perform data inspection and management and control on the unified routing module of the service platform access request data and the service processing data transmitted between the service module and the unified routing module, wherein the data inspection and management and control comprises the steps of identifying whether a request party of the request data has access rights, whether parameters such as API (application program interface) entry parameters of the request data meet legal requirements, whether the service processing data returned by the service module in response to the service request meet security requirements, whether data filtering is needed and the like. It will be appreciated that the service module includes both local services developed for the service platform, and third party services integrated onto the service platform, and third party services accessed by the service platform through a program interface, and so on. Therefore, the data processing method provided by the embodiment of the application can effectively enhance the safety performance and scene adaptation performance of each service module, so that higher-cost function enhancement and transformation of the third-party service are not needed, and the service development cost is saved.
It can be appreciated that the above data management and control module may set some data management and control functions in a customized manner according to the service module requirement provided by the service platform 200 to the client, for example, a data processing function supported by multiple tenants may be further added, so that the third party service is adapted to a multi-tenant scenario, etc. There is no limitation in this regard.
For example, after the service platform performs a necessary small amount of modification on the third party service when integrating the third party service, based on the data processing method provided by the embodiment of the application, the request data which does not originally meet the service request form or content requirement processed by the third party service can be processed by the data management and control platform and then is accessed into the corresponding third party service, so that the service platform can smoothly dock the service requests initiated by all clients by using the third party service. In addition, in the data processing method provided by the embodiment of the application, the data management and control module can also perform security screening on service processing data returned by the service module, for example, delete some sensitive data, filter historical data before a preset time length and the like, so that the security of providing the corresponding service module by the service platform can be effectively improved.
By way of example, fig. 2a shows a schematic diagram of a process of processing business interaction data between a client and a business platform.
As shown in fig. 2a, the service platform 200 receives a service request from, for example, the client 100a through a unified routing module 201a, and after the routing module 201a identifies a target service of the corresponding service request, the service request is forwarded to the corresponding service module 202a for processing, i.e. a "data entry" process shown in fig. 2 a. After the service module 202a processes the corresponding service request, the corresponding service processing data is returned to the routing module 201a, and forwarded to the client 100a by the routing module 201a, i.e. the "data return" process shown in fig. 2 a.
Fig. 2b is a schematic diagram illustrating another process of processing service interaction data between a client and a service platform according to an embodiment of the present application.
As shown in fig. 2b, after the service platform 200 receives a service request, for example, from the client 100a, through the unified routing module 201b, the routing module 201b first sends request data of the service request to the data management module 202b, and the data management module 202b performs data inspection on the request data, for example, identifies whether a requester of the request data has access rights, whether parameters such as an API entry parameter of the request data meet legal requirements, and so on. The data management and control module 202b may also perform modification processing on the request data that does not meet the data inspection requirement, for example, adaptively modify the request data parameters that do not meet the validity requirement, etc. The data management and control module 202b then sends the request data that is qualified in the data inspection or modified to the corresponding service module 202b in the service platform 200 for processing. I.e. the "data entry" procedure shown in fig. 2 b.
With continued reference to fig. 2b, after the service module 202b processes the corresponding service request, the corresponding service processing data is first sent to the data management and control module 202b, and the data management and control module 202b screens the returned service processing data based on preset return conditions, for example, whether the returned service processing data meets the security requirement, including whether it is necessary to filter out the historical data that easily causes the security problem, whether it relates to the sensitive fields, and so on. For the service processing data that does not meet the preset return condition, the data management module 202b may perform some adaptive modification, for example, deleting the history data before the preset time period for the returned service processing data, or performing desensitization processing on the returned service processing data, and so on. Then, the data management and control module 202b sends the service processing data meeting the preset return condition or meeting the return condition after modification to the routing module 201b, and the service processing data is forwarded to the client 100a by the routing module 201b, namely, the "data return" process shown in fig. 2 b.
It can be seen that, in the business interaction data processing process shown in fig. 2b, the security of the "entering" or "returning" data is higher, and the security and scene adaptability of the service module provided by the business platform 200 for processing various business data are also stronger, compared with the business interaction data processing process shown in fig. 2 a. And in the process of delivering the service data to the corresponding third party service, if the safety function of the third party service or the function enhancement in the aspect of scene adaptation performance and the like are required to be realized, the data management and control module of the service platform 200 is only required to be subjected to corresponding parameter adjustment or some adaptive code transformation, and the third party service is not required to be transformed. Thus, the development amount of some function enhancement modifications can be greatly reduced. In addition, the service platform 200 can access the third party service more flexibly based on the data management and control module, when accessing the third party service, the data management and control module only needs to be adjusted to process the accessed service request into request data meeting the requirements of the third party service such as the entrance parameters, and the like, and the request data can be sent to the third party service for processing, and some useless data returned by the third party service or data threatening the security can be filtered through the data management and control module, so that the security of the process of accessing the third party service can be ensured.
Fig. 3 is a schematic flow chart of an implementation of a data processing method according to an embodiment of the present application. The flow shown in fig. 3 illustrates interactions among the unified routing module 201, the data management module 202, and the service modules 203, where the service modules 203 include third party services integrated or accessed by the service platform 200, as described above.
Specifically, as shown in fig. 3, the process includes the steps of:
301: the routing module 201 obtains service request data (as first request data) for the target service.
Illustratively, taking the routing module 201 as one of the reverse proxy tools, for example, the Traefik software has functions of HTTP reverse proxy and balancing load, and may intercept HTTP request data, i.e. service request data, sent by the client to the service module 203.
The foregoing "capturing" may be understood as acquiring, referring to the scenario shown in fig. 1, that is, the routing module 201 may acquire service request data sent by the client 100a or 100b to the service platform 200. The service request data may include, for example, requester identification information, service module identification information, and specific requested service content, etc., where the specific requested service content may be defined, for example, by a target data acquisition parameter, without limitation. The requester identification information, the service module identification information, and the like may be transmitted in the form of a domain name, a path, or the like, for example, without limitation.
302: the routing module 201 forwards the service request data to the data management module 202.
Illustratively, the routing module 201 may send the service request data to the data management module 202 preset in the service platform 200 for processing before sending the service request data to the corresponding service module 203. It may be appreciated that, the service request data to be forwarded to the data management and control module 202 may be preconfigured with service module related information corresponding to the corresponding service request in the routing module 201, so that when the routing module 201 receives the corresponding service request data, the routing module can send the received service request data to the data management and control module for processing based on the configuration.
It will be appreciated that, after the routing module 201 (for example, traefik) intercepts the service request data, the service request data may be forwarded to the corresponding service module 203 based on a domain name or a path in the request data, and the like, based on a corresponding preset forwarding rule. For example, routing module 201 forwards business requests prefixed by/web 1 to service module 203-1, business requests prefixed by/web 2 to service module 203-2, and so on. For another example, the routing module 201 may also confirm the target service that receives the request data according to the API path of the request data, that is, the routing module 201 may forward the service request data to the corresponding service module according to the API path matching the corresponding forwarding rule. There is no limitation in this regard. In this embodiment, when forwarding the service request data, the routing module 201 may first forward the request data that is originally sent to the corresponding target service module 203 to the data management and control module 202. It can be understood that, when the routing module 201 forwards the service request data to the corresponding data management and control module 202, the identified identification information corresponding to the identified target service module 203 may also be forwarded to the data management and control module 202, so that the data management and control module 202 sends the service request data to the target service module 203 after performing corresponding management and control processes such as data inspection and modification.
303: the data management and control module 202 confirms the access rights of the requesting party according to the received request data.
Illustratively, the data management module 202 performs analysis processing on the received service request diverted from the routing module 201. For example, the data management module 202 may first confirm whether the requester has access rights according to the requester identification information in the request data. That is, the data management and control module 202 may first authenticate the requestor that originated the service request data, for example, check whether the requestor user has authority authentication, whether there is access authority to the requested service content, and so on. The authority authentication refers to whether the user of the requesting party completes legal identity authentication in a corresponding service system, and the user who completes legal identity authentication can verify the legal identity information of the user by providing a user name and a password. If the user name and the password are consistent, the user authentication is considered to pass, the authority authentication is provided, and the corresponding service content is provided with the access authority.
Referring to the scenario shown in fig. 1, as an example, if the user a queries the historical policy data of the user B from the operation of the client 100a, after the routing module 201 forwards the service request data initiated by the client 100a to the data management and control module 202, the data management and control module 202 may identify whether the user a has the access right to the historical policy data of the user B according to the identification information of the requester in the request data. If user a is an administrator of the insurance service platform, for example, has the authority to query the history policy data of user B for the last week, it may be confirmed that the account of user a to which client 100a is logged has access authority, i.e., that client 100a belongs to an authorized requestor.
If the user a is other insurance user and is not an administrator, the data management and control module 202 may confirm that the client 100a used by the user a is a service request initiator, and has no access right, i.e. the client 100a belongs to a non-authority requester.
It will be appreciated that in other embodiments, the user a may have a limit authority, for example, the authority of the user a may limit that the user a can only query the policy service data of the last week, in which case, the data management module 202 may apply the limit query condition to the corresponding service request data, and then continue to perform the following steps 305 to 308, and after completing the data inspection, send the service request data to the corresponding service module 203 for processing, which is not described herein.
304: for unauthorized requesters, the data management module 202 returns a message to the routing module 201 denying access.
Illustratively, the data management module 202 may return a message to the requester that denies access to the requester by the routing module 201 if it determines that the requester of the received service request data does not have the corresponding access rights, i.e., if it is confirmed that the requester is an unauthorized requester. In other embodiments, the data management module 202 may also feed back error prompt information to the requester through the routing module 201, which is not limited herein. It will be appreciated that the routing module 201 may forward the received access denied message returned by the data management module 202 to the requestor that originated the responsive service request data.
305: for a qualified requestor, the data management module 202 checks whether the received request data meets the data check requirement (as a first condition).
Illustratively, the data management module 202 may further perform a data check on the received service request data if it determines that the requesting party of the received service request data is a authorized requesting party. The data check includes, for example, checking whether the relevant parameters in the service request data meet the legal requirements, or whether compliance, etc. If the request data meets the data inspection requirement, for example, each parameter is compliant and legal, the following step 306 may be continuously executed, and the request data is sent to the corresponding service module for processing; if the requested data does not meet the data inspection requirements, e.g., some parameters are not legal or not compliant, then the modification of the relevant parameters is required in step 307, described below.
As an example, the data management module 202 may check whether an API entry parameter in the request data meets a validity requirement, for example, if a reasonable age range of a participant is between 0 and 65, if a corresponding API entry parameter in the received request data has a value of 70, the received request data may be considered as invalid. And if the value of the corresponding API entry parameter in the received request data is 55, the received request data API entry parameter may be considered legal.
In other embodiments, in addition to checking whether the API entry parameter in the request data meets the validity requirement, the content of the data check may be other, for example, checking whether the option parameter about the insurance risk in the request data is valid, etc., and the first condition according to which the data check is performed by the specific data management and control 202 may be customized, preset, or adjusted according to the service scenario requirement, which is not limited herein.
306: the data management module 202 sends request data satisfying the data inspection requirements to the service module 203.
For example, after the data inspection is completed, the data management module 202 may send the inspected service request data, i.e. request data meeting the data inspection requirement, for example, request data with related parameters meeting the validity requirement, to the corresponding service module 203 for performing corresponding service processing.
307: the data management module 202 modifies the requested data that does not meet the data inspection requirements.
For example, the data management module 202 may modify the relevant parameters for request data that does not meet the data inspection requirements, such as request data for which the API entry parameter does not meet the legitimacy requirement. For example, for the foregoing example, if the value of the corresponding API entry parameter in the received request data is 70, which does not meet the validity requirement, the data management module 202 may modify the parameter value according to the preset reasonable age range, for example, modify "70" to "65". There is no limitation in this regard.
For another example, if the requested data has no age parameter, and the API entry parameter of the target service module needs to match the age parameter, the data management module 202 may complement the age parameter in the requested data, for example, use a preset wild card value, for example, 50, as the complement value of the age parameter in the requested data.
For another example, the received request data includes an age parameter, but the API entry parameter needs to be matched with the birth year parameter, and the data management module 202 may update the corresponding birth year parameter obtained by converting the age parameter in the request data into the request data.
In other embodiments, the content of the data inspection may be other, for example, the option parameter about insurance risk in the inspection request data, the risk option parameter mixed with enterprise group risk in the personal insurance risk option parameter, and the like, which also needs to be modified, and the invention is not limited herein.
308: the data management module 202 sends the modified request data (as second request data) to the service module 203.
For example, for the request data that does not meet the data checking requirement, the data management module 202 may modify the checked data such as the illegal parameters, so that the request data meets the data checking requirement corresponding to the corresponding service module, for example, the relevant parameters are modified to be within the legal range in the request data that makes the parameters illegal.
309: the service module 203 performs corresponding service processing in response to the received request data.
Illustratively, after receiving the service request data sent by the data management and control module 202, the service module 203 may respond to the service content corresponding to the request by the request data to perform corresponding service processing.
In this embodiment, the service module 203 may serve a third party. Because the data management module 202 has already processed the request data, the acquired request data already meets the API interface parameter requirements of the service module 203. That is, regardless of whether the request data sent by the client meets the requirements of the service module 203 for the API interface parameters, the service module 203 can respond to the request sent by the client without modifying the service module 203. In other embodiments, the service module 203 may also be a service module (not a third party service) provided by the platform itself.
In addition, it can be understood that, because of the data processing function of the data management and control module 202, when the service platform 200 integrates a new third party service or develops a new program interface to access the new third party service, the service platform 200 does not need to modify the program code or related entry parameters of the third party service, or the program code or related entry parameters of the interface to access the third party service, or the program code or related parameters of the routing module, so that the development amount can be reduced.
It may be understood that the service request data received by the service module 203 may be the request data sent by the data management and control module 202 in the above step 306 and meet the data inspection requirement, or may be the modified request data sent by the data management and control module 202 in the above step 308, which is not limited herein.
310: the service module 203 returns the business process data (as first process data) to the data management module 202.
Illustratively, after the service module 203 completes the corresponding service processing, the processed service processing data may be returned to the data management module 202. That is, the service module 203 may further process the service processing data returned by responding to the corresponding service request through the data management and control module 202, and then return the service processing data to the requester through the routing module 201. Specific reference is made to the following detailed description, and details are not described here.
311: the data management and control module 202 checks whether the returned service processing data satisfies a preset return condition (as a second condition). If the checked result is yes, it indicates that the service processing data can be returned, that is, the following step 312 can be executed; if the result of the determination after the inspection is no, it indicates that the service processing data needs to be further inspected and then returned, and the following step 313 can be executed.
Illustratively, after the data management and control module 202 receives the service processing data returned by the service module 203, the service processing data may be checked according to a preset return condition. The preset return condition can be set according to specific service contents and service scenes. For example, in the embodiment of the present application, the preset return condition may include checking whether the returned service processing data meets the corresponding service security requirement, for example, checking whether some of the service processing data needs to be filtered to obtain historical data that may cause security problems, whether a sensitive field exists in the service processing data, and so on.
312: the data management and control module 202 returns the service processing data satisfying the preset return condition to the routing module 201.
For example, for the service processing data satisfying the preset return condition, the data management module 202 may directly send to the routing module 201, and the routing module 201 forwards the service processing data to the corresponding client, i.e. the service requester.
313: the data management and control module 202 modifies the service processing data that does not meet the preset return condition.
For example, for the service processing data that does not satisfy the preset return condition, further check processing is required for the service processing data. As an example, for the foregoing example, if there is history data that needs to be filtered and may cause a security problem in the service processing data, the data management module 202 may perform filtering processing on the portion of the history data, for example, may delete a portion of the policy data with a validity period less than 3 months in the returned policy data, and complete data filtering. For another example, if there is a sensitive field in the service processing data, the data management module 202 may perform encryption processing or desensitization processing on the returned service processing data, for example, replace a necessary sensitive field with encrypted data, or delete an unnecessary sensitive field to desensitize, etc., which is not limited herein.
As an example, for the foregoing example, the returned service processing data is a processing result corresponding to the history policy data of the user a querying the user B, where the authority of the user a can only query the policy service data of the user B for nearly one week, and when the corresponding service module 203 returns the service processing data to the data management and control module 202 after querying the result, the data management and control module 202 may perform filtering and desensitizing processing on the returned service processing data according to the authority of the user a at this time. For example, the policy service data before a week and the sensitive information such as the bank account of the user B in the returned service processing data are deleted, and then the processed service processing data are sent to the client through the routing module 201.
314: the data management module 202 returns the modified traffic handling data (as second handling data) to the routing module 201.
Illustratively, after the data management and control module 202 completes the modification of the service processing data that does not meet the data inspection requirement, the modified service processing data may be sent to the routing module 201, and the routing module 201 returns the modified service processing data to the service requester.
315: the routing module 201 returns the received service processing data to the service requester.
Illustratively, the routing module 201 may return, to a requester that initiates a service request, for example, the client 100a or 100b shown in fig. 1, service processing data that satisfies the preset return condition after being checked by the data management module 202, or service processing data after being modified and processed by the data management module 202, or the like, which is not limited herein.
It can be understood that, based on the data processing method implemented by the flow shown in fig. 3, a certain degree of data management and control can be implemented, including security management and control, management and control on legal compliance of data related parameters, and the like, and the data management and control module 202 implementing this data management and control function can also preset (or customize) adaptive data management and control policies according to different service modules, including a data inspection policy for service request data, a data inspection policy for service processing data returned by the service modules, and the like. In this way, if the third party service integrated or accessed by the service platform 200 needs to be modified in terms of security performance, scene adaptation performance, and the like, the function enhancement can be implemented by adjusting the corresponding data management and control conditions in the data management and control module 202, and further based on the transit transition processing of the data management and control module 202. Based on the scheme, upgrading and reconstruction of code execution logic of the third party service is not needed, and the cost of manpower and resources spent in the aspect of function upgrading of the third party service, some local services of the service platform 200 and other service modules is reduced.
In order to more clearly understand the technical solution of the present application, based on the interaction flow shown in fig. 3 and the structure of the data management module 202 shown in fig. 4, the following describes specific implementation processes of the data processing method provided in the embodiments of the present application in other service scenarios in combination with specific service scenarios.
Example 1
In the embodiment of the present application, the specific implementation process of the data processing method provided in the embodiment of the present application is described by taking the service module 203 as the link query service (jaeger-query) 203-1 as an example, so as to achieve the purpose of enhancing the function of the link query service 203-1. The link query service 203-1 mainly provides query capability for calling link information to an application.
It can be appreciated that in the scenario of distributed micro services, a service request initiated by a user through a client may be subjected to response processing by multiple service modules after accessing a service platform. If the user wants to query the link (i.e. which service module) of the service request has higher time consumption, the user can query through the link query service 203-1, and the service platform can analyze whether each service module has abnormal operation according to the time consumption condition of the service request queried by the link query service 203-1 in the processing link of each service module. It can be appreciated that the link query service 203-1 is mainly used for providing query capability of calling link information for an application, and the service can implement analysis of application performance (or called service performance), and analysis of rationalization degree of calling links, etc.
Fig. 4 is a flow chart illustrating an implementation of a data processing method corresponding to the link query service 203-1 according to an embodiment of the present application. It will be appreciated that the flow shown in fig. 4 involves interactions between the routing module 201, the data management module 202, and the link query service 203-1.
Specifically, as shown in fig. 4, the method specifically includes the following steps:
401: the routing module 201 obtains link analysis request data.
Illustratively, the requestor that initiates the link analysis request to request the link query service 203-1 to provide the corresponding link information query service may be, for example, an administrator account corresponding to a developing merchant corresponding to a client program, where the administrator account may log into the client 100a to initiate the link analysis request to the service platform 200 when it is required to detect whether the service modules of the service platform 200 that invoke the service request are operating normally. In other embodiments, some clients may initiate the link analysis request to service platform 200 based on other aspects of service requirements, which is not limited herein.
It may be appreciated that, in the data for requesting link analysis by the link query service, some query parameter options for determining query conditions are generally included, and the parameter types corresponding to these options may include, for example, a tracell (for marking a monitored object), an interface name of a service call, an application name of a client, an IP of a client (i.e., an IP of a service call initiator), a service name of a queried call, a time consumption threshold (for example, a time consumption of the call is greater than a specified millisecond), a call type, whether an abnormal call, a service primary key (i.e., a field based on which a corresponding service event is searched), a response code, and so on, which are not described herein.
The process of acquiring the request data may refer to step 301, and will not be described herein.
402: the routing module 201 forwards the link analysis request data to the data management module 202.
The specific process of forwarding the request data may refer to step 302, which is not described herein.
403: the data management and control module 202 confirms the access rights of the requesting party according to the received link analysis request data.
For example, the data management and control module 202 may determine, according to the received link analysis request data, whether an account logged in by the client that initiates the link analysis request is a management account authorized by the service platform 200, and if so, may determine that the requestor is an authorized requestor; if not, the requester can be confirmed as a non-authority requester.
The process of specifically confirming the access rights of the requesting party may refer to step 303, which is not described herein.
404: for unauthorized requesters, the data management module 202 returns a message to the routing module 201 denying access.
Illustratively, the data management module 202 may reject the link analysis request of the requestor if it determines that the requestor initiating the link analysis request is not an administrative account authorized by the service platform 200, and may determine that the requestor is an unauthorized requestor.
The specific access rejection process may refer to step 304, which is not described herein.
405: for a qualified requestor, the data management module 202 performs a data check on the received link analysis request data.
Illustratively, if the data management module 202 confirms that the requestor initiating the link analysis request is a management account authorized by the service platform 200, and can confirm that the requestor is a authorized requestor, the data management module 202 can further receive the link analysis request data to perform a corresponding data check. For example, the data management module 202 may perform data inspection through a preset Cookie and the content of the link analysis request, and if the link analysis request data meets the data inspection requirement, the following step 406 may be further performed, and the link analysis request data is sent to the link query service 203-1 for processing.
If the link analysis request data does not meet the data inspection requirement, for example, the link analysis request data lacks an interface name of a service call serving as a query parameter, or the interface name is inaccurate, the link query service 203-1 needs to query corresponding service data based on the interface name, and also cannot support fuzzy search of the query parameter, i.e. related parameters lacking necessary information. At this time, the following step 407 needs to be executed to modify the portion of the request data that does not meet the inspection requirement, for example, match the interface name of the corresponding service based on other related parameters in the link analysis request data, or perform fuzzy search on the fuzzy interface name to obtain an accurate interface name, replace the original interface name in the request data, and so on.
After performing step 407 described below, step 408 described below is performed to send a link analysis request to the link inquiry service 203-1. The specific data checking process may refer to step 305, which is not described herein.
406: the data management and control module 202 sends link analysis request data satisfying the data inspection requirements to the link inquiry service 203-1.
407: the data management and control module 202 modifies the link analysis request data that does not meet the data inspection requirements.
Illustratively, the modification of the link analysis request data that does not meet the data inspection requirements includes information replenishment of parameters lacking necessary information in the request data, and the like. Reference may be made to step 307, which is not described herein.
408: the data management module 202 sends the modified link analysis request data to the link query service 203-1.
409: the link inquiry service 203-1 inquires time-consuming data of each link service module in the service link in response to the received link analysis request data. Illustratively, the time-consuming data includes, but is not limited to, a time period for each service module to receive a corresponding service request to perform a corresponding service process, a time period consumed by each service module in performing a service process, and the like.
410: the link query service 203-1 returns the queried time consuming data to the data management module 202.
411: the data management module 202 checks whether the returned time-consuming data satisfies a preset return condition.
Illustratively, the data management and control module 202 receives the original data (i.e., time-consuming data) returned by the link inquiry service 203-1, checks whether a preset return condition is satisfied, for example, checks whether there is sensitive data, and if so, needs to perform a desensitization process, for example, delete sensitive data that need not be returned, and so on. For another example, the data management module 202 may further check whether the returned time-consuming data has the relevant authorization information of the requester, for example, based on the client IP preset in the link analysis request data, to confirm whether the time-consuming data returned by the link analysis service 203-1 has the corresponding client authorization information corresponding to the client IP information. If there is no authorization information, it indicates that the client IP is temporarily not authorized by the corresponding client, i.e., the requester is not authorized, and then the time-consuming data returned by the link query service 203-1 is deleted.
The specific checking and judging process can refer to step 311, which is not described herein.
412: the data management and control module 202 returns time-consuming data satisfying a preset return condition to the routing module 201.
The time-consuming data meeting the preset return condition after being checked can be returned to the client of the requesting party, and displayed on the corresponding link analysis page. The preset return conditions may include not only the conditions of no sensitive data, authorization information of the requester, and the like, which are exemplified in the above step 411, but also other preset return conditions. There is no limitation in this regard.
For example, the relevant parameters of the link analysis request data responded by the link query service 203-1 may further include, for example, a time consumption threshold, a service name of the queried call, etc., and then the corresponding call time consumption should be greater than a specified number of milliseconds in the time consumption data returned by the link query service 203-1 in response to the link analysis request, and the time consumption data should correspond to the service name of the queried call, etc. However, the time consuming data acquired by the link query service 203-1 may include time consuming data for invoking the service in the last year, which may be, for example, time consuming data for invoking the policy data management service. Whereas the service platform 200, for example, provides corresponding services for insurance services, may only allow the last 3 months of service invocation time-consuming data to be invoked based on security considerations. In this case, the preset return condition set in the data management and control module 202 may include a time filtering condition, that is, the data management and control module 202 may control to filter the time-consuming data 3 months ago, and only return the time-consuming data 3 months recently to the routing module.
413: the data management module 202 modifies the time-consuming data that does not satisfy the preset return condition.
For example, if the data management module 202 checks that there is sensitive data in the time-consuming data returned by the link query service 203-1, a desensitization process needs to be performed, for example, deleting the corresponding sensitive data, or performing an encryption process on the corresponding sensitive data, which is the modification process described above. For another example, referring to the example shown in the above step 412, if the preset return condition set in the data management module 202 includes the "last 3 months" time filtering condition, the time consuming data before 3 months belongs to the time consuming data that does not satisfy the preset return condition, and the data management module 202 may delete the time consuming data from the time consuming data to be returned.
The specific modification process may refer to the description of step 313, and is not described herein.
414: the data management module 202 returns the modified time-consuming data to the routing module 201.
415: the routing module 201 returns the received time-consuming data to the requestor.
It can be understood that, based on the data processing method implemented by the flow shown in fig. 4 and corresponding to the link query service 203-1, the authentication management and control can be performed on the link analysis request for requesting the link query service 203-1, and the sensitive data inspection and desensitization processing can also be performed on the time-consuming data returned by the link query service 203-1, or whether the security requirements of some service module related data are met or not can be inspected, so that the security of providing the link query analysis service by the link query service 203-1 is improved. Moreover, the enhancement of the security performance can be realized without upgrading and modifying the link inquiry service 203-1.
Example 2
In the embodiment of the present application, taking the service module 203 as a visualization service, i.e. Kibana 203-2 as an example, how to implement the process of enhancing the function of the data visualization service by implementing the data processing method provided in the embodiment of the present application is described. The Kibana 203-2 is a visualization platform, and through Kibana searching, checking and interacting with data stored in a search (elastic search) index, data analysis and visualization can be realized, for example, the searched data is displayed in a chart form.
It will be appreciated that in some distributed business system operation maintenance management scenarios, some users of the distributed business system may wish to present some business statistics in the form of charts or the like on the interface of the client to facilitate analysis management. At this time, the user may initiate a visual service request for the kimana 203-2 to the service platform 200 through the corresponding client, so as to request the target data for visual display and the page of visual display data by searching for the kimana 203-2.
FIG. 5 shows a flow diagram of an implementation of a data processing method corresponding to Kibana 203-2 according to an embodiment of the present application. It will be appreciated that the flow shown in FIG. 5 involves interactions between the routing module 201, the data management module 202, and Kibana 203-2.
Specifically, as shown in fig. 5, the method specifically includes the following steps:
501: the routing module 201 obtains the visualization service request data.
For example, the requestor that initiates a visual service request to request the kimana 203-2 to provide the corresponding data search and the visual service may be, for example, an administrator account of a developer corresponding to a client program, and when analysis on user related service data served by the client program is required, may initiate a visual service request to the kimana 203-2 to the service platform 200 through an operation and maintenance client of the service system, to request an operation log or related link information of a service module that provides the corresponding service to the client program to process the corresponding service request through the kimana 203-2 search, so as to obtain the corresponding service data, and provide a visual display page for the searched corresponding service data.
In other embodiments, some clients may initiate the above-mentioned visual service request to the service platform 200 based on other aspects of service requirements, which is not limited herein.
The process of acquiring the request data may refer to step 301, and will not be described herein.
502: the routing module 201 sends the visualization service request data to the data management module 202.
The specific process of forwarding the request data may refer to step 302, which is not described herein.
503: the data management and control module 202 confirms the access rights of the requesting party according to the received visual service request data.
The data management module 202 may, for example, confirm whether the client that initiates the visual service request has the right to acquire the data such as the corresponding service module running log, according to the received visual service request data. For example, the visual service request is a service request for visually displaying the number of newly-increased insurance applicant, the number of intention applicant, the number of maintained insurance applicant and the like on the insurance service platform, and a client initiating the service request or an account (i.e. a requester) logged on the client should have management authority for viewing and acquiring the relevant data of the insurance applicant on the insurance service platform. If the requester has the authority to acquire the relevant data of the applicant to be visualized and the like, the requester can be confirmed to be an authority requester; if the right is not acquired, the requester can be confirmed to be a right-free requester.
The process of specifically confirming the access rights of the requesting party may also refer to step 303, which is not described herein.
504: for unauthorized requesters, the data management module 202 returns a message to the routing module 201 denying access.
Illustratively, if the data management module 202 determines that the requestor that initiated the visual service request does not have permission to obtain data such as the corresponding service module log, the data management module may determine that the requestor is a non-permission requestor, and may reject the visual service request of the requestor.
The specific access rejection process may also refer to step 304, which is not described herein.
505: for a rights requester, the data management module 202 performs a data check on the received visual service request data.
Illustratively, if the data management and control module 202 confirms that the requestor that initiates the visual service request has the authority to obtain the data such as the running log of the corresponding service module, and can confirm that the requestor is a authority requestor, the data management and control module 202 can further receive the visual service request data to perform corresponding data inspection. For example, the data management module 202 may perform data inspection through a preset Cookie and contents of the visual service request, for example, check whether related request parameters lack necessary information, etc. If the visual service request data meets the data inspection requirement, for example, the corresponding set descriptive parameters of the related data requested in the visual service request data are complete and accurate, and no necessary information is needed. The following step 506 may continue to be performed to send the visualization service request data to Kibana 203-2 for processing.
If the visual service request data does not meet the data inspection requirement, for example, various descriptive parameters corresponding to the relevant data requested in the visual service request data are missing or inaccurate, for example, there is a lack of time sequence parameters of the policy data to be acquired, that is, the start time and the end time of the acquisition time of the policy data need to be correspondingly set are missing or set as errors, where the setting error may be, for example, that the start time or the end time is set as a future time, and thus the necessary information is absent. The following step 507 is required to be performed to modify the portion of the request data that does not meet the inspection requirements. For example, the data management module 202 may set the start time of the deletion to a date before 6 months according to the 6 month time span normally set by the kimana 203-2 to provide the visualization service, and set the end time to a date corresponding to the start time span of 6 months, that is, set to obtain policy data of about 6 months to extract the number of applicant for the visualization presentation, so as to complete the completion of the missing information.
Thereafter, the data management module 202 may proceed to step 508 described below to send a visualization service request to Kibana 203-2. For the specific data checking process, reference may also be made to step 305, which is not described herein.
506: the data management and control module 202 sends visualization service request data meeting the data inspection requirements to the Kibana 203-2.
507: the data management and control module 202 modifies the visual service request data that does not meet the data inspection requirements.
Illustratively, modifications to the visual service request data that do not meet the data inspection requirements include information supplements to parameters in the request data that lack the necessary information, and the like.
For the foregoing example, for example, the data management module 202 may supplement the visualization service request data requesting presentation of the applicant number analysis results according to the 6 month time span typically set by Kibana 203-2 to provide the visualization service. For example, the data management and control module 202 sets the start time of the missing to a date before 6 months, and sets the end time to a date corresponding to the start time span of 6 months, that is, sets the policy data acquired for about 6 months to extract the number of the applicant for visual display, so as to complete the completion of the missing information.
In particular, the process of modifying the visual service request data that does not meet the data inspection requirement may also refer to the above step 307, which is not described herein.
508: the data management and control module 202 sends the modified visualization service request data to the Kibana 203-2.
509: kibana203-2 searches the operation log or link information of the corresponding service module in response to the received visual service request data, so as to process and obtain the visual data of the corresponding service system.
For example, the service data corresponding to the visual service request data may be policy data, and the kimana 203-2 may obtain, from the security service platform, a running log of a corresponding policy data management service and/or call link information of the policy data management service, and further obtain, based on the relevant information of the applicant extracted from the running log or the call link information, the visual data for forming the visual page. The visualized data includes corresponding service data obtained based on the running log of the corresponding service module, and visualized page related parameters obtained by processing the corresponding service data through the data visualization processing capability provided by the Kibana203-2, for example, chart path parameters such as a adopted histogram, a pie chart and the like, which are not limited herein.
510: kibana203-2 returns the processed visualization data to the data management module 202.
511: the data management and control module 202 checks whether the returned visual data satisfies a preset return condition.
Illustratively, the data management and control module 202 checks the original data (i.e., visual data) returned by the Kibana 203-2 for whether a preset return condition is satisfied, for example, whether there is data of a guarantee amount or sensitive data such as an identity card number of the applicant in the visual data corresponding to the analysis result of the number of the applicant. If there is sensitive data, a desensitization process is required, such as deleting sensitive data that need not be returned, etc. For another example, the data management module 202 may also check whether the returned visual data has relevant authorization information of the requester, such as unauthorized information, e.g., the requester is not authorized, and delete the visual data returned by Kibana 203-2.
For specific checking and judging process, reference may also be made to the above step 311, which is not described herein.
512: the data management and control module 202 returns the visualized data satisfying the preset return condition to the routing module 201.
The visual data meeting the preset return condition after the checking can be returned to the client of the requesting party, and visual display is performed on the corresponding client service interface.
513: the data management and control module 202 modifies the visual data that does not satisfy the preset return condition.
Illustratively, the data management and control module 202 checks that the visualization data returned by Kibana 203-2 has sensitive data, for example, there is some insurance data of the insurance applicant or information such as the identification card number of some insurance applicant in the visualization data corresponding to the analysis result of the number of the insurance applicant. Then a desensitization process, such as deleting the amount-guaranteeing data in the visualized data corresponding to the analysis result of the number of the applicant and the sensitive data such as the identification card number of the applicant, or performing an encryption process on the corresponding sensitive data, is required, i.e., the above-mentioned modification process.
The specific modification process may also refer to the related description in step 313, which is not described herein.
514: the data management module 202 returns the modified visualization data to the routing module 201.
515: the routing module 201 returns the received visualization data to the requestor.
It can be understood that, based on the data processing method corresponding to the Kibana 203-2 implemented by the flow shown in FIG. 5, the authentication management and control can be performed on the visual service request data requesting the Kibana 203-2, and the sensitive data inspection, the desensitization processing and the like can be performed on the visual data returned by the Kibana 203-2, so that the security of the data search and the visual service provided by the Kibana 203-2 is improved. Moreover, the enhancement of the safety performance can be realized without upgrading and modifying Kibana 203-2.
Fig. 6 shows a schematic structural diagram of an electronic device 600 according to an embodiment of the present application. In the embodiment of the present application, the electronic device 600 may operate the service platform 200 described above. In other embodiments, the electronic device 600 may also operate clients of some business systems, such as insurance business clients, etc., without limitation.
As shown in FIG. 6, in some embodiments, server 200 may include one or more processors 604, system control logic 608 coupled to at least one of processors 604, system memory 612 coupled to system control logic 608, non-volatile memory (NVM) 616 coupled to system control logic 608, and a network interface 620 coupled to system control logic 608.
In some embodiments, processor 604 may comprise one or more single-core or multi-core processors. In some embodiments, processor 604 may include any combination of general-purpose and special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In embodiments where the server 200 employs an eNB (enhanced Node B) or RAN (Radio Access Network ) controller, the processor 604 may be configured to perform various conforming embodiments, such as one or more of the plurality of embodiments shown in fig. 2-5.
In some embodiments, system control logic 608 may include any suitable interface controller to provide any suitable interface to at least one of processors 604 and/or any suitable device or component in communication with system control logic 608.
In some embodiments, system control logic 608 may include one or more memory controllers to provide an interface to system memory 612. The system memory 612 may be used for loading and storing data and/or instructions. The memory 612 of the server 200 may include any suitable volatile memory in some embodiments, such as suitable Dynamic Random Access Memory (DRAM).
NVM/memory 616 may include one or more tangible, non-transitory computer-readable media for storing data and/or instructions. In some embodiments, NVM/memory 616 may include any suitable nonvolatile memory, such as flash memory, and/or any suitable nonvolatile storage device, such as at least one of a HDD (Hard Disk Drive), a CD (Compact Disc) Drive, a DVD (Digital Versatile Disc ) Drive.
NVM/memory 616 may include a portion of a storage resource on the device on which server 200 is installed, or it may be accessed by, but not necessarily part of, the device. For example, NVM/storage 616 may be accessed over a network via network interface 620.
In particular, system memory 612 and NVM/storage 616 may each include: a temporary copy and a permanent copy of instructions 624. Instructions 624 may include: instructions that when executed by at least one of the processors 604 cause the server 200 to implement the methods shown in fig. 3-4. In some embodiments, instructions 624, hardware, firmware, and/or software components thereof may additionally/alternatively be disposed in system control logic 608, network interface 620, and/or processor 604.
Network interface 620 may include a transceiver to provide a radio interface for server 200 to communicate with any other suitable device (e.g., front end module, antenna, etc.) over one or more networks. In some embodiments, network interface 620 may be integrated with other components of server 200. For example, the network interface 620 may be integrated with at least one of the processor 604, the system memory 612, the nvm/storage 616, and a firmware device (not shown) having instructions that, when executed by at least one of the processor 604, the server 200 implements the methods described above with respect to fig. 2-5.
The network interface 620 may further include any suitable hardware and/or firmware to provide a multiple-input multiple-output radio interface. For example, network interface 620 may be a network adapter, a wireless network adapter, a telephone modem, and/or a wireless modem.
In one embodiment, at least one of the processors 604 may be packaged together with logic for one or more controllers of the system control logic 608 to form a System In Package (SiP). In one embodiment, at least one of the processors 604 may be integrated on the same die with logic for one or more controllers of the system control logic 608 to form a system on a chip (SoC).
The server 200 may further include: input/output (I/O) device 632.I/O device 632 may include a user interface to enable a user to interact with server 200; the design of the peripheral component interface enables the peripheral components to also interact with the server 200. In some embodiments, server 200 further includes a sensor for determining at least one of environmental conditions and location information associated with server 200.
In some embodiments, the user interface may include, but is not limited to, a display (e.g., a liquid crystal display, a touch screen display, etc.), a speaker, a microphone, one or more cameras (e.g., still image cameras and/or video cameras), a flashlight (e.g., light emitting diode flash), and a keyboard.
In some embodiments, the peripheral component interface may include, but is not limited to, a non-volatile memory port, an audio jack, and a power interface.
In some embodiments, the sensors may include, but are not limited to, gyroscopic sensors, accelerometers, proximity sensors, ambient light sensors, and positioning units. The positioning unit may also be part of the network interface 620 or interact with the network interface 620 to communicate with components of a positioning network, such as Global Positioning System (GPS) satellites.
Reference in the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one example implementation or technique disclosed in accordance with embodiments of the present application. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment.
The disclosure of the embodiments of the present application also relates to an operating device for executing the text. The apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, magnetic-optical disks, read-only memories (ROMs), random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, application Specific Integrated Circuits (ASICs), or any type of media suitable for storing electronic instructions, and each may be coupled to a computer system bus. Furthermore, the computers referred to in the specification may include a single processor or may be architectures employing multiple processors for increased computing power.
Additionally, the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the disclosed subject matter. Accordingly, the present application example disclosure is intended to be illustrative, but not limiting, of the scope of the concepts discussed herein.
Claims (16)
1. A data processing method, wherein the method is applied to a service platform including a routing module, a data management and control module, and a target service module, wherein the target service module is a third party service, the method comprising:
the routing module acquires first request data for a target service;
the routing module sends the first request data to the data management and control module, wherein the first request data at least comprises identification information of the target service module and target data acquisition parameters for the target service;
the data management and control module judges whether the first request data meets a first condition, wherein the first condition is used for checking the validity and the safety of the first request data processed by a request target service module, the first condition is determined based on the normative requirement of an API (application program interface) entry parameter of the target service module and the safety requirement of service data of the target service module, the normative requirement comprises a parameter threshold judgment condition preset for at least one API entry parameter of the target service module, and the safety requirement comprises an identification condition for judging whether a requester of the first request data has access rights;
Confirming that the first request data meets the first condition, and sending the first request data to the target service module by the data management and control module;
and the data management and control module modifies the first request data to obtain second request data meeting the first condition, and sends the second request data to the target service module.
2. The method of claim 1, wherein the data management module determining whether the first request data satisfies a first condition comprises:
the data management and control module judges whether the value of a first parameter in the first request data is within a preset first parameter threshold range;
if the value of the first parameter is within the first parameter threshold range, the data management and control module confirms that the first request data meets the first condition;
and if the value of the first parameter is not in the first parameter threshold range, the data management and control module confirms that the first request data does not meet the first condition.
3. The method of claim 2, wherein the data management module modifying the first request data to obtain second request data satisfying the first condition, comprises:
And adjusting the value of the first parameter which is not in the first parameter threshold range to be in the first parameter threshold range.
4. The method of claim 1, wherein the target service module is configured to process request data from the data management module, the request data including the first request data and the second request data, and wherein the method comprises:
the target service module processes the received request data to obtain first processed data;
the target service module returns the first processing data to the data management and control module;
the data management and control module judges whether the first processing data meets a second condition or not, wherein the second condition is used for carrying out security check on the first processing data to be returned to a service request end, and the service request end is a client end initiating the target service;
confirming that the first processing data meets the second condition, and sending the first processing data to the routing module by the data management and control module;
and the data management and control module modifies the first processing data to obtain second processing data meeting the second condition, and sends the second processing data to the routing module.
5. The method of claim 4, wherein the second condition is dynamically determined based on at least one of a security check parameter, a rights check parameter, and a data protection check parameter of the service requester.
6. The method of claim 5, wherein the second condition includes a sensitive data identification parameter as the security check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module judges whether the first processing data contains sensitive data or not based on the sensitive data identification parameters;
if the first processing data does not contain sensitive data, confirming that the first processing data meets the second condition;
and if the first processing data comprises sensitive data, confirming that the first processing data does not meet the second condition.
7. The method of claim 6, wherein the confirming that the first process data does not satisfy the second condition, the data management module modifying the first process data to obtain second process data satisfying the second condition, comprises:
Deleting sensitive data in the first processed data; or,
encrypting the sensitive data in the first processed data.
8. The method according to claim 5, wherein the second condition includes an authorization information verification parameter as the rights verification parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module confirms whether a terminal receiver of the first processing data has the acquisition authority of all data contents of the first processing data or not based on the authorization information verification parameter;
if the terminal receiver of the first processing data has the acquisition authority of all data contents of the first processing data, confirming that the first processing data meets the second condition;
and if the terminal receiver of the first processing data does not have the acquisition authority for the whole data content of the first processing data, confirming that the first processing data does not meet the second condition.
9. The method of claim 8, wherein the confirming that the first process data does not satisfy the second condition, the data management module modifying the first process data to obtain second process data satisfying the second condition, comprises:
And deleting the first processing data if the terminal receiver of the first processing data does not have the acquisition authority for the whole data content of the first processing data.
10. The method according to claim 5, wherein the second condition includes a preset time threshold for protecting service platform data as the data protection check parameter; and, the data management and control module judges whether the first processing data meets a second condition, including:
the data management and control module judges whether the first processing data comprise data with acquisition time earlier than the preset time threshold value;
if the first processing data does not comprise the data with the acquisition time earlier than the preset time threshold value, confirming that the first processing data meets the second condition;
and if the first processing data comprises data with acquisition time earlier than the preset time threshold, confirming that the first processing data does not meet the second condition.
11. The method of claim 10, wherein the confirming that the first process data does not satisfy the second condition, the data management module modifying the first process data to obtain second process data satisfying the second condition, comprises:
And deleting the data with the acquisition time earlier than the preset time threshold value in the first processing data.
12. The method of any one of claims 1 to 11, wherein the routing module is any one of Nginx, traefik, envoy, kong.
13. A data processing system, comprising:
the routing module is used for acquiring first request data for the target service and sending the first request data to the data management and control module, wherein the first request data at least comprises identification information of the target service module and target data acquisition parameters for the target service;
the data management and control module is used for judging whether the first request data meets a first condition, wherein the first condition is used for checking the validity and the safety of the first request data processed by a request target service module, the first condition is determined based on the normative requirement of an API (application program interface) entry parameter of the target service module and the safety requirement of service data of the target service module, the normative requirement comprises a parameter threshold judgment condition preset for at least one API entry parameter of the target service module, and the safety requirement comprises a parameter threshold judgment condition used for identifying whether a requester of the first request data has access rights; and when the first request data is confirmed to meet the first condition, the first request data is sent to a target service module; and when the first request data is confirmed not to meet the first condition, modifying the first request data to obtain second request data meeting the first condition, and sending the second request data to a target service module;
And the target service module is used for processing the received first request data or the second request data to obtain first processing data and returning the first processing data to the data management and control module.
14. The data processing system of claim 13, wherein the data management module is further configured to determine whether the first processed data meets a second condition, where the second condition is used to perform security check on the first processed data to be returned to a service request end, where the service request end is a client that initiates the target service; and, in addition, the processing unit,
when the first processing data meets the second condition, the first processing data is used for sending the first processing data to the routing module;
and when the first processing data does not meet the second condition, modifying the first processing data to obtain second processing data meeting the second condition, and sending the second processing data to the routing module.
15. An electronic device, comprising: one or more processors; one or more memories; the one or more memories store one or more programs that, when executed by the one or more processors, cause the electronic device to perform the data processing method of any of claims 1-12.
16. A computer-readable storage medium, comprising computer programs/instructions which, when executed by a processor, implement the data processing method of any of claims 1 to 12.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210660992.5A CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
| PCT/CN2023/097671 WO2023241366A1 (en) | 2022-06-13 | 2023-06-01 | Data processing method and system, and electronic device and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210660992.5A CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242433A CN115242433A (en) | 2022-10-25 |
| CN115242433B true CN115242433B (en) | 2024-02-09 |
Family
ID=83669605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210660992.5A Active CN115242433B (en) | 2022-06-13 | 2022-06-13 | Data processing method, system, electronic device and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115242433B (en) |
| WO (1) | WO2023241366A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242433B (en) * | 2022-06-13 | 2024-02-09 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
| CN110225039A (en) * | 2019-06-14 | 2019-09-10 | 无锡华云数据技术服务有限公司 | Authority models acquisition, method for authenticating, gateway, server and storage medium |
| CN112270011A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Method, device and system for protecting service and data security of existing application system |
| CN112702336A (en) * | 2020-12-22 | 2021-04-23 | 数字广东网络建设有限公司 | Security control method and device for government affair service, security gateway and storage medium |
| CN113268420A (en) * | 2021-05-21 | 2021-08-17 | 北京大米科技有限公司 | Development method, device and system of data interface and computer storage medium |
| CN113704744A (en) * | 2021-07-21 | 2021-11-26 | 阿里巴巴(中国)有限公司 | Data processing method and device |
| CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9729506B2 (en) * | 2014-08-22 | 2017-08-08 | Shape Security, Inc. | Application programming interface wall |
| US11381564B2 (en) * | 2020-10-09 | 2022-07-05 | Sap Se | Resource security integration platform |
| CN115242433B (en) * | 2022-06-13 | 2024-02-09 | 易保网络技术(上海)有限公司 | Data processing method, system, electronic device and computer readable storage medium |
-
2022
- 2022-06-13 CN CN202210660992.5A patent/CN115242433B/en active Active
-
2023
- 2023-06-01 WO PCT/CN2023/097671 patent/WO2023241366A1/en unknown
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109522726A (en) * | 2018-10-16 | 2019-03-26 | 平安万家医疗投资管理有限责任公司 | Method for authenticating, server and the computer readable storage medium of small routine |
| CN110225039A (en) * | 2019-06-14 | 2019-09-10 | 无锡华云数据技术服务有限公司 | Authority models acquisition, method for authenticating, gateway, server and storage medium |
| CN112270011A (en) * | 2020-11-19 | 2021-01-26 | 北京炼石网络技术有限公司 | Method, device and system for protecting service and data security of existing application system |
| CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
| CN112702336A (en) * | 2020-12-22 | 2021-04-23 | 数字广东网络建设有限公司 | Security control method and device for government affair service, security gateway and storage medium |
| CN113268420A (en) * | 2021-05-21 | 2021-08-17 | 北京大米科技有限公司 | Development method, device and system of data interface and computer storage medium |
| CN113704744A (en) * | 2021-07-21 | 2021-11-26 | 阿里巴巴(中国)有限公司 | Data processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242433A (en) | 2022-10-25 |
| WO2023241366A1 (en) | 2023-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200304485A1 (en) | Controlling Access to Resources on a Network | |
| US10541806B2 (en) | Authorizing account access via blinded identifiers | |
| US9730044B2 (en) | Telecommunications data usage management | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| US9585016B2 (en) | Data communications management | |
| US20160034834A1 (en) | Capturing evolution of a resource memorandum according to resource requests | |
| CN110839087A (en) | Interface calling method and device, electronic equipment and computer readable storage medium | |
| US20190019154A1 (en) | Intelligent, context-based delivery of sensitive email content to mobile devices | |
| CN112947945B (en) | Multi-type application release method and device, computer equipment and storage medium | |
| US20200233699A1 (en) | Platform-based change management | |
| CN111177741A (en) | Pre-authorization data access method and device based on enterprise browser | |
| CN111083093B (en) | Method and device for calling terminal capability, electronic equipment and storage medium | |
| CN115242433B (en) | Data processing method, system, electronic device and computer readable storage medium | |
| EP3407241B1 (en) | User authentication and authorization system for a mobile application | |
| CN116032510A (en) | Data security protection system | |
| CN116055556A (en) | Method, system, device and equipment for data exchange | |
| CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
| CN111355800A (en) | Service processing method, device, equipment and storage medium | |
| US9652608B2 (en) | System and method for securing inter-component communications in an operating system | |
| CN111737725B (en) | User marking method, device, server and storage medium | |
| CN106534047A (en) | Information transmitting method and apparatus based on Trust application | |
| CN107517177B (en) | Interface authorization method and device | |
| CN111800382B (en) | Cooperative system docking method, apparatus, system and computer readable storage medium | |
| CN116186678A (en) | Verification method and device for object sharing request, electronic equipment and storage medium | |
| CN113946295A (en) | Authority control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |