CN115622772A

CN115622772A - Financial data transmission method and application gateway for financial business service

Info

Publication number: CN115622772A
Application number: CN202211233598.XA
Authority: CN
Inventors: 孙渊
Original assignee: Bank of China Ltd
Current assignee: Bank of China Ltd
Priority date: 2022-10-10
Filing date: 2022-10-10
Publication date: 2023-01-17

Abstract

The text is applied to the technical field of mobile interconnection, and provides a financial data transmission method and an application gateway of financial business services, wherein the method comprises the following steps: receiving a service request of an encrypted client forwarded by a client system through an SSL accelerator; decrypting the encrypted service request to obtain first plaintext data; analyzing the first plaintext data according to a privatization protocol to obtain binary data and a serialization method; converting binary data into character objects according to a serialization method; dropping the character object on a disk of the character object according to the mmap function; directly copying the character object into a network card of the character object by a disk by using zero copy and direct storage access; sending the character object to a service application system through a network card; receiving a service response fed back by the service application system according to the character object; and the service response is encrypted and forwarded to the client system through the SSL accelerator, so that the data copy times in the application gateway are reduced, the system performance of the application gateway is improved, and the method is suitable for financial services.

Description

Financial data transmission method and application gateway for financial business service

Technical Field

The invention relates to the technical field of mobile interconnection, in particular to a financial data transmission method and an application gateway of financial business services.

Background

For a service application system providing services to the outside through a network, an application gateway is a centrally controlled flow gateway. Before a service request initiated by a customer through various channels (such as a mobile phone, a PC, a tablet computer, an IOT device and the like) enters a service application system, preprocessing such as auditing, logging, flow control, authentication, signature verification, routing and the like is performed through an application gateway, and the preprocessed user request is forwarded to a matched service application system by a routing rule of the application gateway to perform real service processing.

In this process, the user request is replicated to and fro four times in the kernel space and the user space in the gateway, for example, one user request is 1000M data, since the application gateway needs to replicate four times of user requests, the data traffic actually generated by the user request is 4000M, excessive data copying will certainly consume CPU resources, and the system performance of the application gateway is greatly reduced.

In the file transmission mode in the prior art, redundant switching and data copying exist, and the system performance of an application gateway is influenced, so that the file transmission mode cannot be applied to financial data transmission of high-concurrency financial business services.

Disclosure of Invention

The present disclosure is directed to a financial data transmission method for financial services and an application gateway, so as to solve the problem that system performance of the application gateway is affected by redundant above switching and data copying in the prior art.

In order to solve the technical problems, the specific technical scheme is as follows:

on one hand, the financial data transmission method of the financial service is provided, which is applied to an application gateway in a financial system, the financial system further comprises an SSL accelerator and a business application system, the application gateway is respectively connected with the SSL accelerator and the business application system, and the application gateway is connected with a client system through the SSL accelerator; the method comprises the following steps:

receiving a service request of the encrypted client forwarded by the client system through the SSL accelerator;

decrypting the encrypted service request to obtain first plaintext data;

analyzing the first plaintext data according to the privatization protocol to obtain binary data and a serialization method;

converting the binary data into character objects according to the serialization method;

dropping the character object on a disk of the character object according to the mmap function;

directly copying the character object to a network card of the character object by using zero copy and direct storage access through the disk;

sending the character object to the service application system through the network card;

receiving a service response fed back by the service application system according to the character object;

the traffic response is encrypted and forwarded to the client system through the SSL accelerator.

As an embodiment herein, the method for encrypting the service request of the client by the client system includes:

the client system receives a service request of a client added with an SSL protocol, and generates the first plaintext data through a privatization protocol, wherein the privatization protocol is determined according to a TCP (transmission control protocol);

the client system signs the first plaintext data by using a first encryption algorithm to obtain a first digital signature;

the client system generates a first random number, and encrypts the first plaintext data and the first digital signature by using the first random number through a second encryption algorithm to obtain a first ciphertext;

the client system encrypts the first random number by using the third encryption algorithm to obtain a first temporary secret key;

and combining the first ciphertext and the first temporary secret key to serve as the encrypted service request of the client.

As an embodiment herein, the receiving the encrypted service request of the client forwarded by the client system through the SSL accelerator further includes:

the SSL accelerator receives the service request of the encrypted client;

and the SSL accelerator unloads the SSL protocol in the encrypted service request of the client according to the SSL protocol and forwards the SSL protocol to the application gateway.

As an embodiment herein, the decrypting the encrypted service request to obtain first plaintext data further includes:

decrypting the first temporary secret key in the encrypted service request of the client by using the third encryption algorithm to obtain the first random number;

decrypting the first ciphertext by using the second encryption algorithm and the first random number to obtain the first plaintext data and the first digital signature;

and the application gateway decrypts the digital signature by using the first encryption algorithm, and if the decryption is passed, the first plaintext data is obtained.

As an embodiment herein, the method of encrypting the service response includes:

formatting the service response through the privatization protocol to obtain second plaintext data;

signing the second plaintext data by using the first encryption algorithm to obtain a second digital signature;

generating a second random number, and encrypting the second plaintext data and the second digital signature by using the second random number through the second encryption algorithm to obtain a second ciphertext;

encrypting the second random number by using the third encryption algorithm to obtain a second temporary secret key;

combining a second cipher text with the second temporary key as the encrypted transaction response.

As one embodiment herein, the encrypting the traffic response and forwarding to the client system through the SSL accelerator further comprises:

the SSL accelerator receives the encrypted business response;

and the SSL accelerator adds an SSL protocol to the encrypted service response according to the SSL protocol and forwards the encrypted service response to the client system.

As one embodiment herein, after said encrypting said traffic response and forwarding to said client system through said SSL accelerator, comprises:

the client system decrypts the second temporary secret key in the encrypted service response by using the third encryption algorithm to obtain the second random number;

the client system decrypts the second ciphertext by using the second encryption algorithm and the second random number to obtain second plaintext data and the second digital signature;

the client system decrypts the digital signature by using the first encryption algorithm, and if the digital signature is decrypted successfully, the second plaintext data is obtained;

and the client system uses the privatization protocol to carry out formatting processing on the second plaintext data to obtain the service response.

On the other hand, the application gateway for financial data transmission of financial business services is further provided, the application gateway is respectively connected with the SSL accelerator and the business application system, and the application gateway is connected with a client system through the SSL accelerator; the application gateway comprises:

the first receiving unit is used for receiving the encrypted service request of the client, which is forwarded by the client system through the SSL accelerator;

the decryption unit is used for decrypting the encrypted service request to obtain first plaintext data;

the analysis unit is used for analyzing the first plaintext data according to the privatization protocol to obtain binary data and a serialization method;

the deserializing unit is used for converting the binary data into character objects according to the serialization mode;

the disk dropping unit is used for dropping the character object on a disk of the character object according to the mmap function;

the copying unit is used for directly copying the character object to a network card of the copying unit through the disk by using zero copy and direct storage access;

the sending unit is used for sending the character object to the business application system through the network card;

the second receiving unit is used for receiving the service response fed back by the service application system according to the character object;

and the forwarding unit is used for encrypting the service response and forwarding the service response to the client system through the SSL accelerator.

In another aspect, a computer device is also provided herein, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program to implement the financial data transmission method of the financial transaction service.

In another aspect, a computer-readable storage medium is provided, which stores a computer program that, when executed by a processor, implements the financial data transmission method of a financial transaction service.

In another aspect, a computer program product is also provided herein, which includes a computer program that, when executed by a processor, implements the financial data transmission method of a financial transaction service.

By adopting the technical scheme, the encrypted service request of the client system can be obtained by receiving the encrypted service request of the client forwarded by the client system through the SSL accelerator, and the service request carries the SSL, so that the safety of the service request is enhanced; the encrypted service request is decrypted to obtain first plaintext data, so that the service request can be decrypted by an agreed method to obtain a section of serialized plaintext data; a serialization method for plaintext data can be obtained by analyzing the first plaintext data according to the privatization protocol to obtain binary data and a serialization method; by converting the binary data into the character object according to the serialization method, the first plaintext data can be deserialized to obtain the specific character object corresponding to the client request; the character objects are landed on the disk of the character objects according to the mmap function, so that the character objects can be directly landed in the kernel space of the application network card; the character object is directly copied to the network card of the character object through the disk by using zero copy and direct storage access, so that the process of four times of copying in the prior art can be reduced to two times of copying, and the response speed of the application gateway corresponding to high-concurrency financial services is improved; by sending the character object to the business application system through the network card, the fact that the substance content of the user business request is sent to the business application system in the financial system can be realized, and the business application system is mainly used for responding and processing the business request; by receiving the service response fed back by the service application system according to the character object, the service response of the service application system to the service request is encrypted and fed back to the service system; by encrypting the service response and forwarding the service response to the client system through the SSL accelerator, the safety of the service response can be improved, and the important information in the financial system is prevented from being leaked due to malicious attack.

In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.

Drawings

In order to more clearly illustrate the embodiments or technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

FIG. 1 illustrates an overall system diagram of a financial data transmission method of a financial transaction service according to an embodiment of the disclosure;

FIG. 2 is a schematic diagram of an application gateway according to an embodiment of the present disclosure;

FIG. 3 is a schematic diagram illustrating steps of a method for transmitting financial data of a financial services service according to an embodiment of the present disclosure;

FIG. 4 illustrates a privatization protocol diagram according to embodiments herein;

FIG. 5 is a schematic diagram illustrating an application gateway for financial data transport of a financial services service according to an embodiment of the disclosure;

fig. 6 shows a schematic diagram of a computer device according to embodiments herein.

Description of the symbols of the drawings:

101. a client system;

102. an SSL accelerator;

103. an application gateway;

104. a business application system;

501. a first receiving unit;

502. a decryption unit;

503. an analysis unit;

504. an deserialization unit;

505. a tray falling unit;

506. a copying unit;

507. a transmitting unit;

508. a second receiving unit;

509. a forwarding unit;

602. a computer device;

604. a processor;

606. a memory;

608. a drive mechanism;

610. an input/output module;

612. an input device;

614. an output device;

616. a presentation device;

618. a graphical user interface;

620. a network interface;

622. a communication link;

624. a communication bus.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below clearly and completely with reference to the drawings in the embodiments of the present invention, and it is obvious that the embodiments described are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection.

It should be noted that the terms "first," "second," and the like in the description and claims herein and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments herein described are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or device.

It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.

Fig. 1 is a system diagram of a financial data transmission method for a financial service, including: the system comprises a client system 101 and a financial system, wherein the financial system comprises an application gateway 103, an SSL accelerator 102 and a business application system 104, the application gateway 103 is respectively connected with the SSL accelerator 102 and the business application system 104, and the application gateway 103 is connected with the client system 101 through the SSL accelerator 102.

The client system 101 receives a service request of a client, encrypts the service request by an encryption method and an SSL protocol, and sends the encrypted service request to the SSL accelerator 102. And is further configured to receive a service response fed back by the application gateway 103, and decrypt the service response.

The SSL accelerator 102 is configured to accept the client system 101 and the financial system, decrypt a service request sent from the client system 101 to the financial system, and send the decrypted service request to the financial system, or encrypt a service response sent from the financial system to the client system 101, and send the encrypted service response to the client system 101. The SSL accelerator 102 uses the encryption method and the decryption method defined by the SSL protocol.

The application gateway 103 is configured to decrypt the encrypted service request sent by the client system 101, and send the decrypted service request to the service application system 104 through its own network card. And is further configured to encrypt the service response fed back by the service application system 104 and send the encrypted service response to the client system 101 through the SSL accelerator 102.

And the service application system 104 is configured to receive the service request decrypted by the application gateway 103, perform corresponding operation according to the service request, obtain a service response, and send the service response to the application gateway 103.

As shown in the schematic diagram of the application gateway shown in fig. 2, the application gateway includes a kernel space and a user space, the kernel space includes a disk, a buffer, a socket buffer and a network card, and the user space is provided with the user buffer.

The data reading process of the current application gateway is disk → buffer → user buffer → socket buffer → network card, wherein the disk → buffer is copied by DMA, the socket buffer → network card is copied by DMA, the buffer → user buffer is copied by CPU, the user buffer → socket buffer is copied by CPU, so it is obvious that in order to import the data of the application gateway into the network card, four times of copying and two times of space switching are needed, the data in the disk is required to be imported into the user space through the kernel space every time of calling, and then the kernel space is imported through the user space.

In order to solve the above problems, embodiments herein provide a financial data transmission method for a financial transaction service, which can be applied to the financial data transmission of a highly concurrent financial transaction service, fig. 3 is a schematic step diagram of a financial data transmission method for a financial transaction service provided by embodiments herein, and the method operation steps described in the embodiments or the flowchart are provided in this specification, but more or less operation steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In the actual implementation of the system or the device product, the method according to the embodiments or shown in the drawings can be executed in sequence or in parallel. Specifically, as shown in fig. 3, the method may include:

step 301, receiving the encrypted service request of the client forwarded by the client system through the SSL accelerator.

Step 302, decrypting the encrypted service request to obtain first plaintext data.

Step 303, parsing the first plaintext data according to the privatization protocol to obtain binary data and a serialization method.

And 304, converting the binary data into character objects according to the serialization method.

And 305, dropping the character object on a disk of the character object according to the mmap function.

And step 306, directly copying the character object to the network card of the character object by using zero copy and direct storage access.

And 307, sending the character object to the service application system through the network card.

And 308, receiving a service response fed back by the service application system according to the character object.

Step 309, encrypt the traffic response and forward to the client system through the SSL accelerator.

By adopting the technical scheme, the encrypted service request of the client system can be obtained by receiving the encrypted service request of the client forwarded by the client system through the SSL accelerator, and the service request carries the SSL, so that the safety of the service request is enhanced; the encrypted service request is decrypted to obtain first plaintext data, so that the service request can be decrypted by an agreed method to obtain a section of serialized plaintext data; a serialization method for plaintext data can be obtained by analyzing the first plaintext data according to the privatization protocol to obtain binary data and a serialization method; by converting the binary data into the character objects according to the serialization method, the deserialization of the first plaintext data can be realized, and the specific character objects corresponding to the client requests are obtained; the character object is landed on a disk of the character object according to the mmap function, so that the character object can be directly landed in a kernel space of the application network card; the character object is directly copied to the network card of the character object through the disk by using zero copy and direct storage access, so that the process of four times of copying in the prior art can be reduced to two times of copying, and the response speed of the application gateway corresponding to high-concurrency financial service is improved; by sending the character object to the service application system through the network card, the fact that the substance content of the user service request is sent to the service application system in a financial system can be achieved, and the service application system is mainly used for responding and processing the service request; by receiving the service response fed back by the service application system according to the character object, the service response of the service application system to the service request is encrypted and fed back to the service system; by encrypting the service response and forwarding the service response to the client system through the SSL accelerator, the safety of the service response can be improved, and the important information in the financial system is prevented from being leaked due to malicious attack.

As an embodiment of the present disclosure, the present disclosure is applied to the linux2.4 version and above, in step 306, a sendfile () function is called, the first two parameters of the function are file descriptors of a destination (network card) and a source (disk), respectively, the last two parameters are offset of the source and length of copied data, and the return value is length of actually copied data. The function is of the form:

#include<sys/socket.h>

ssize_t sendfile(int out_fd,int in_fd,off_t*offset,size_t count)；

step 306 specifically includes: copying data on a disk into a cache region through DMA;

and then, the descriptor of the buffer area and the data length are transmitted to a socket buffer area, so that the SG-DMA controller of the network card can directly copy the data in the buffer area into the buffer area of the network card, and the process does not need to copy the data from the kernel buffer area of the operating system into the socket buffer area, thereby reducing one-time data copying. The specific data transmission process is disk → buffer → network card, therefore, only two data copies are needed in this document, and the copies are completed in the kernel area. The response speed of the application gateway can be greatly improved through the step 306, and the method can be applied to high-concurrency financial services.

As one embodiment herein, a mmap function is a memory mapped storage technique that can copy data to memory (disk).

In this step, the first encryption algorithm may be RSA2048, SM2, and the like, the second encryption algorithm may be AES, SM4, and the like, and the third encryption algorithm may be RSA2048, SM2, AES, SM4, and the like, which is not limited herein, all the encryption algorithms herein are symmetric encryption algorithms, that is, a private key is generated when the encryption end uses the symmetric encryption algorithm for encryption, and the decryption end realizes that the specific type of the encryption algorithm is agreed with the encryption end, and both sides store public keys, so that the decryption end can directly use the public key for decryption when decrypting.

The specific encryption and decryption processes of the first encryption algorithm, the second decryption algorithm and the third decryption algorithm are consistent in this document, and since the symmetric encryption algorithm is easy to be implemented by those skilled in the art, the specific encryption and decryption processes of the first encryption algorithm, the second decryption algorithm and the third decryption algorithm are not described herein.

the SSL accelerator receives the service request of the encrypted client;

In this step, the financial system includes an internal system and an isolation system, the internal system includes an application gateway and a business application system, and the isolation system (DMZ) includes an SSL accelerator, which is a buffer between a non-security system and a security system, and is set up to solve the problem that an access user of an external network (client system) cannot access the business application system after the internal system installs a firewall.

The SSL accelerator is provided with an SSL protocol, and SSL (Secure Socket Layer) is a network security protocol. It is a safety protocol implemented on transmission communication protocol (TCP/IP), and adopts public key technique. SSL widely supports various types of networks while providing three basic security services, all using public key technology.

Before the customer's access to financial services begins, a connection is established between the customer's system and the financial system, and the first step in establishing the connection is to confirm the identities of both parties, SSL being used to confirm the identities. The financial system has SSL certificate of financial system issued to customer system to prove that it is financial system, and the customer system also has SSL certificate of customer system issued to financial institution to prove that it is customer system.

This step occurs in the application gateway, which is opposite to the encryption process of the service request by the client system, and in the client system, the client system encrypts the service request according to the sequence of the first encryption algorithm, the second encryption algorithm, and the third encryption algorithm, so the application gateway of this step decrypts the service request according to the third encryption algorithm, the second encryption algorithm, and the first encryption algorithm, and detailed description is omitted here.

The service request can be ensured to run safely in the whole link of the financial service by the client system decrypting the service request and the application gateway decrypting the service request, and due to the high safety requirement of the financial service, the service request is encrypted by adopting three different encryption algorithms, so that the safety of the service request is further improved.

As shown in the schematic diagram of the privatization protocol shown in fig. 4, after the application gateway decrypts the encrypted service request, the application gateway parses the first plaintext data according to the privatization protocol to obtain binary data and a serialization method; converting the binary data into character objects according to the serialization method; as shown in fig. 4, bit Offset represents the number of bits in the service request, 0-15 are magic bits of the service request, 16-47 are the overall length of the service request, 48-63 are the header length of the service request, 64-71 are the protocol version of the service request, 72-79 are the message type of the service request, 80-87 are the serialization mode of the service request, and 88-103 are the protocol body (Payload).

After the application gateway analyzes the protocol body in a serialization way, the protocol body can be converted into a real service request of a client according to the serialization way. When the application gateway does not perform protocol conversion, the service application system cannot correctly know the real intention of the client.

After the protocol body is transmitted to the service application system through the application gateway, the service application system processes according to the content of the protocol body, for example, if the protocol body is used for acquiring data, the service application system returns the data to the client system as a service response.

Of course, in order to meet the high security requirement of the financial service, the business response returned by the business application system also needs to be encrypted. The specific process is handled by the application gateway.

As an embodiment herein, a method of encrypting the service response includes:

As an embodiment herein, for convenience of description, an encryption method of the application gateway for the service response may be consistent with an encryption method of the client system for the service request, and is not described herein again.

When the service gateway encrypts the service response, the service response is sent to the SSL accelerator, and the SSL accelerator can endow the encrypted service response with an SSL protocol, so that the security of the service gateway is further improved.

the SSL accelerator receives the encrypted service response;

As one embodiment herein, after encrypting the traffic response and forwarding to the client system through the SSL accelerator, the method further comprises:

the client system decrypts the second ciphertext by using the second encryption algorithm and the second random number to obtain the second plaintext data and the second digital signature;

When the client system receives the encrypted service response sent by the SSL, the SSL protocol is unloaded firstly, and then the service response is decrypted according to a preset decryption method. The specific decryption method is consistent with the decryption method of the gateway for the encrypted service request, and is not described herein again.

Fig. 5 is a schematic diagram of an application gateway for financial data transmission of a financial service, where the application gateway is connected to the SSL accelerator and the business application system, respectively, and the application gateway is connected to a client system through the SSL accelerator; the application gateway comprises:

a first receiving unit 501, configured to receive a service request of an encrypted client forwarded by the client system through the SSL accelerator;

a decryption unit 502, configured to decrypt the encrypted service request to obtain first plaintext data;

an analyzing unit 503, configured to analyze the first plaintext data according to the privatization protocol to obtain binary data and a serialization method;

the deserializing unit 504 is configured to convert the binary data into a character object according to the serialization manner;

a disk dropping unit 505, configured to drop the character object on its own disk according to the mmap function;

a copying unit 506, configured to copy the character object directly to its own network card via the disk using zero copy and direct storage access;

a sending unit 507, configured to send the character object to the service application system via the network card;

a second receiving unit 508, configured to receive a service response fed back by the service application system according to the character object;

a forwarding unit 509, configured to encrypt the service response and forward the service response to the client system through the SSL accelerator.

By adopting the technical scheme, the first receiving unit can acquire the encrypted service request of the client system, and the service request carries the SSL, so that the safety of the service request is enhanced; the service request can be decrypted by an agreed method through a decryption unit to obtain a section of serialized plaintext data; through the analysis unit, a serialization method of plaintext data can be obtained; through the deserializing unit, deserializing of the first plaintext data can be realized to obtain a specific character object corresponding to a client request; through the tray falling unit, the character objects can be directly subjected to tray falling in the kernel space of the application network card; through the copying unit, the process of four times of copying in the prior art can be reduced to two times of copying, and the response speed of the application gateway corresponding to high-concurrency financial services is improved; the method can realize the transmission of the essential content of the user service request to a service application system in the financial system through a transmitting unit, wherein the service application system is mainly used for responding and processing the service request; the second receiving unit encrypts and feeds back the service response of the service application system to the service request to the service system; through the forwarding unit, the safety of service response can be improved, malicious attacks can be avoided, and important information in a financial system can be prevented from being leaked.

As shown in fig. 6, for a computer device provided for embodiments herein, the computer device 602 may include one or more processors 604, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The computer device 602 may also include any memory 606 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, memory 606 may include any one or combination of the following: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 602. In one case, when the processor 604 executes the associated instructions, which are stored in any memory or combination of memories, the computer device 602 may perform any of the operations of the associated instructions. The computer device 602 also includes one or more drive mechanisms 608, such as a hard disk drive mechanism, an optical disk drive mechanism, or the like, for interacting with any of the memories.

Computer device 602 may also include an input/output module 610 (I/O) for receiving various inputs (via input device 612) and for providing various outputs (via output device 614). One particular output mechanism may include a presentation device 616 and an associated Graphical User Interface (GUI) 618. In other embodiments, input/output module 610 (I/O), input device 612, and output device 614 may also be excluded, as just one computer device in a network. Computer device 602 may also include one or more network interfaces 620 for exchanging data with other devices via one or more communication links 622. One or more communication buses 624 couple the above-described components together.

Communication link 622 may be implemented in any manner, such as through a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communication link 622 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.

Corresponding to the method in fig. 3, the embodiments herein also provide a computer-readable storage medium having stored thereon a computer program, which, when executed by a processor, performs the steps of the above-described method.

Embodiments herein also provide computer readable instructions, wherein the program therein causes a processor to perform the method as shown in fig. 3 when the instructions are executed by the processor.

It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.

It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, and means that there may be three kinds of relations. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.

Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electrical, mechanical or other form of connection.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.

In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions in the present invention substantially or partially contribute to the prior art, or all or part of the technical solutions may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments herein. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The principles and embodiments of this document are explained herein using specific examples, which are presented only to aid in understanding the methods and their core concepts; meanwhile, for a person skilled in the art, according to the idea of the present disclosure, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present disclosure should not be construed as a limitation to the present disclosure.

Claims

1. The financial data transmission method of a financial transaction service, characterized by, apply to the application gateway in the financial system, the said financial system also includes SSL accelerator and business application system, the said application gateway couples to said SSL accelerator and said business application system separately, the said application gateway couples to customer's system through the said SSL accelerator; the method comprises the following steps:

receiving the encrypted service request of the client forwarded by the client system through the SSL accelerator;

decrypting the encrypted service request to obtain first plaintext data;

the character object is landed on a disk of the character object according to the mmap function;

copying the character object directly to a network card of the character object by using zero copy and direct storage access through the disk;

2. The method for transmitting financial data of financial transaction service as claimed in claim 1, wherein the encryption method of the transaction request of the customer by the customer system comprises:

3. The method for transmitting financial data of financial transaction service according to claim 1, wherein said receiving the encrypted customer's transaction request forwarded by said customer system through said SSL accelerator, further comprises:

the SSL accelerator receives the service request of the encrypted client;

4. The method for transmitting financial data of financial transaction service according to claim 2, wherein said decrypting the encrypted transaction request to obtain the first plaintext data further comprises:

5. The financial data transmission method of financial transaction service as claimed in claim 2, wherein the method of encrypting the transaction response comprises:

6. The method for financial data transmission of financial transaction service as claimed in claim 5, wherein said encrypting said transaction response and forwarding it to said client system through said SSL accelerator further comprises:

the SSL accelerator receives the encrypted service response;

7. The method for transmitting financial data of financial transaction service according to claim 5, wherein after said encrypting the transaction response and forwarding it to the client system through the SSL accelerator, comprises:

8. An application gateway for financial data transmission of financial business services is characterized in that the application gateway is respectively connected with an SSL accelerator and a business application system, and the application gateway is connected with a client system through the SSL accelerator; the application gateway comprises:

the falling unit is used for falling the character object on a magnetic disc of the character object according to the mmap function;

9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the financial data transmission method of a financial transaction service according to any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the financial data transmission method of a financial transaction service according to any one of claims 1 to 7.

11. A computer program product, characterized in that it comprises a computer program which, when executed by a processor, implements a financial data transmission method of a financial transaction service according to any one of claims 1 to 7.