CN115859261A - Password cloud service method, platform, equipment and storage medium - Google Patents
Password cloud service method, platform, equipment and storage medium Download PDFInfo
- Publication number
- CN115859261A CN115859261A CN202310001264.8A CN202310001264A CN115859261A CN 115859261 A CN115859261 A CN 115859261A CN 202310001264 A CN202310001264 A CN 202310001264A CN 115859261 A CN115859261 A CN 115859261A
- Authority
- CN
- China
- Prior art keywords
- password
- service
- resource
- module
- cryptographic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a password cloud service method, a password cloud service platform, password cloud service equipment and a storage medium. The method comprises the following steps: a unified API module receives a password service request sent by any business system and determines a corresponding target password service; the unified API module sends a service request of the target password service to the virtual software password module; the virtual software password module sends a distribution request of the target password service to the password service resource module according to the service request of the target password service; and the password service resource module calls corresponding password service resources according to the allocation request of the target password service to complete password operation, obtain an operation result and return the result to the service system. The method realizes that the upper layer provides uniform password service for the service system through the uniform API interface module, and the lower layer is matched with different password service resources, thereby realizing the unification and sharing of the password service and facilitating the unified interface, centralized maintenance and management of the password service.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a password cloud service method, a password cloud service platform, a password cloud service device, and a storage medium.
Background
The high-speed development of cloud computing promotes the development of emerging technologies such as big data and the Internet of things. Cloud computing is characterized by ultra-large scale, virtualization, on-demand service distribution, high reliability, dynamic scalability, wide network access, and energy conservation, which also promotes the cloud of various business systems. With the increase of security awareness of people, more and more business systems use cryptographic services.
In the prior art, traditional password services are centralized deployment, such as a password machine service, a signature service, an electronic signature service, and the like, and these services have no unified standard, and the compatibility and interface layer difference of products of various manufacturers are large.
The inventor finds that the traditional password service cannot be unified and shared, and is inconvenient for interface unification and centralized maintenance and management.
Disclosure of Invention
The application provides a password cloud service method, a password cloud service platform, password cloud service equipment and a storage medium, which are used for solving the problems that the traditional password service in the prior art cannot be unified and shared, interfaces are inconvenient to unify, and centralized maintenance and management are inconvenient.
In a first aspect, the present application provides a password cloud service method, which is applied to a password cloud service platform, where the password cloud service platform includes a unified API interface module, a virtual software password module, and a password service resource module;
the method comprises the following steps:
the uniform API module receives a password service request sent by any business system, wherein the password service request comprises a tenant identification and an application system identification of the business system;
the unified API module acquires mapping relations between the application systems and the password services, which are pre-configured by the tenant for the tenant, through the tenant identification; inquiring the mapping relation according to the application system identification, and determining a corresponding target password service;
the uniform API interface module sends a service request of the target password service to the virtual software password module;
the virtual software password module sends a distribution request of the target password service to the password service resource module according to the service request of the target password service;
the password service resource module calls corresponding password service resources according to the allocation request of the target password service to complete password operation and obtain an operation result;
and the password service resource module returns the operation result to the service system sequentially through the virtual software password module and the uniform API interface module.
In one possible design, the cryptographic service resource module invokes a corresponding cryptographic service resource according to the allocation request of the target cryptographic service to complete a cryptographic operation, so as to obtain an operation result, including: the password service resource module determines the type of the password service resource applicable to the target password service according to the allocation request of the target password service; if the type of the password service resource applicable to the target password service is the software password resource, the password service resource module makes a request for the software password resource according to the service request of the target password service so as to call the software password resource to complete password operation and obtain an operation result; if the type of the password service resource applicable to the target password service is the hardware password resource, the password service resource module makes a request to the hardware password resource according to the service request of the target password service so as to call the hardware password resource to complete password operation and obtain an operation result.
In a possible design, if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, the cryptographic service resource module makes a request to the software cryptographic resource according to a service request of the target cryptographic service to call the software cryptographic resource to complete a cryptographic operation, so as to obtain an operation result, including: if the type of the password service resource suitable for the target password service is the software password resource, the password service resource module downloads a Docker mirror image of the software password resource from a software password service mirror image warehouse to a specified virtual machine or physical machine cluster; the password service resource module provides a request to the virtual machine or the physical machine cluster according to the service request of the target password service, so that the virtual machine or the physical machine cluster starts the Docker mirror image to complete password operation, and an operation result is obtained.
In one possible design, the password cloud service platform further includes a password cloud service system; before the unified API interface module receives a password service request sent by a service system, the method further includes: the password cloud service system generates password service configuration information by configuring the mapping relation between each application system and the password service according to different application systems created by tenants, and sends the password service configuration information to the unified API module; and the unified API module stores the configuration information of the password service, wherein the configuration information of the password service comprises the mapping relation between each application system and the password service.
In a possible design, before the unified API interface module receives a cryptographic service request sent by a business system, the unified API interface module further includes: and the password cloud service system uploads the Docker mirror image file of the software password resource to the software password service mirror image warehouse.
In a second aspect, the present application provides a password cloud service platform, including: the system comprises a unified API (application program interface) module, a virtual software password module and a password service resource module;
the unified API module is used for receiving a password service request sent by any business system, wherein the password service request comprises a tenant identifier and an application system identifier of the business system;
the unified API module is also used for acquiring the mapping relation between each application system and each password service, which is pre-configured by the tenant for the tenant used by the tenant identification, through the tenant identification; inquiring the mapping relation according to the application system identification, and determining a corresponding target password service;
the unified API module is also used for sending a service request of the target password service to the virtual software password module;
the virtual software password module is used for sending a distribution request of the target password service to the password service resource module according to the service request of the target password service;
the password service resource module is used for calling corresponding password service resources according to the allocation request of the target password service so as to complete password operation and obtain an operation result;
and the password service resource module is also used for returning the operation result to the service system sequentially through the virtual software password module and the uniform API interface module.
In one possible design, the cryptographic service resource module is specifically configured to determine, according to the allocation request of the target cryptographic service, a type of cryptographic service resource applicable to the target cryptographic service; if the type of the password service resource applicable to the target password service is the software password resource, the password service resource module makes a request for the software password resource according to the service request of the target password service so as to call the software password resource to complete password operation and obtain an operation result; if the type of the password service resource applicable to the target password service is the hardware password resource, the password service resource module makes a request to the hardware password resource according to the service request of the target password service so as to call the hardware password resource to complete password operation and obtain an operation result.
In one possible design, the cryptographic service resource module is specifically configured to, if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, download a Docker image of the software cryptographic resource from a software cryptographic service image warehouse to a specified virtual machine or physical machine cluster; the password service resource module provides a request to the virtual machine or the physical machine cluster according to the service request of the target password service, so that the virtual machine or the physical machine cluster starts the Docker mirror image to complete password operation, and an operation result is obtained.
In a third aspect, the present application provides a password cloud service device, including: a memory and a processor;
the memory stores computer-executable instructions; the processor executes computer-executable instructions stored by the memory such that the processor performs the cryptographic cloud service method as in any one of the possible designs of the first aspect and the first aspect.
In a fourth aspect, the present application provides a readable storage medium, in which a computer program/instruction is stored, and the computer program/instruction is used for implementing the cryptographic cloud service method according to the first aspect and any one of the possible designs of the first aspect when executed by a processor.
According to the password cloud service method, the platform, the equipment and the storage medium, the unified API interface module is used for receiving the password service request sent by the business system and determining the corresponding target password service, the service request of the target password service is sent to the virtual software password module, the virtual software password module makes a request to the password service resource module according to the target password service so as to call the password service resource module to complete password operation, an operation result is obtained, the operation result is finally returned to the business system, the unified API interface module is used for realizing that the upper layer provides the unified password service for the business system of a tenant, the lower layer is matched with different password service resources, the unification and sharing of the password service are realized, and the unified interface, the centralized maintenance and the management of the password service in the password service process are facilitated.
Drawings
In order to more clearly illustrate the technical solutions in the present application or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of a password cloud service method according to an embodiment of the present application;
fig. 2 is a first flowchart of a password cloud service method according to an embodiment of the present application;
fig. 3 is a second flowchart of a password cloud service method according to an embodiment of the present application;
fig. 4 is a first schematic diagram illustrating a correspondence relationship between a key in the VHSM and a key in the HSM in the key management system of the VHSM according to an embodiment of the present application;
fig. 5 is a schematic diagram illustrating a correspondence relationship between a key in the VHSM and a key in the HSM in the key management system of the VHSM according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating that a password service resource module in a password cloud service platform downloads a Docker image according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a password cloud service platform according to an embodiment of the present application;
fig. 8 is a schematic hardware structure diagram of a password cloud service device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely with reference to the accompanying drawings in the present application, and it is obvious that the described embodiments are some, but not all embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The high-speed development of cloud computing promotes the development of emerging technologies such as big data and the Internet of things. Cloud computing is characterized by ultra-large scale, virtualization, on-demand service distribution, high reliability, dynamic scalability, wide network access, and energy conservation, which also promotes the cloud of various business systems. With the increase of security awareness of people, more and more business systems use cryptographic services. In the prior art, the traditional password service is centralized deployment, and services such as a password machine service, a signature service, an electronic signature service and the like have no unified standard, and the compatibility and interface layer difference of products of various manufacturers are large. The inventor finds that the prior art has at least the following technical problems: the traditional password service is in centralized deployment and cannot meet the requirements of on-demand distribution and dynamic expansion of services on the cloud. And the password service does not have a standard on business at present, different businesses are connected with different password products and different types of interfaces, so that the password service cannot be unified and shared, and the interfaces are inconvenient to be unified and centralized for maintenance and management. Therefore, the traditional password service cannot provide uniform password service, and the lower layer cannot be adapted to different password products.
In order to solve the problems, the application provides a password cloud service method, a unified API (application program interface) module is used for receiving a password service request sent by a business system and determining a corresponding target password service, the service request of the target password service is sent to a virtual software password module, the virtual software password module sends a request to a password service resource module according to the target password service so as to call the password service resource module to complete password operation, an operation result is obtained, and finally the operation result is returned to the business system.
The technical solution of the present application will be described in detail below with specific examples. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 1 is a schematic view of an application scenario of a password cloud service method provided in an embodiment of the present application. As shown in fig. 1, a business system sends a password service request to a unified API interface module in a password cloud service platform, after determining a target password service, the unified API interface module sends the service request of the target password service to a virtual software password module in the password cloud service platform, and the virtual software password module makes a request to a password service resource module in the password cloud service platform according to the service request of the target password service, so as to call a software password resource or a hardware password resource in the password service resource module to complete a password operation.
Fig. 2 is a first flowchart of a password cloud service method according to an embodiment of the present application. The execution subject of this embodiment is the password cloud service platform in the embodiment shown in fig. 1, where the password cloud service platform includes a unified API interface module, a virtual software password module, and a password service resource module, and the method of this embodiment may include the following steps:
s201, the password cloud service system generates password service configuration information by configuring mapping relations between application systems and password services according to different application systems created by tenants, and sends the password service configuration information to a unified API (application programming interface) module; the unified API module stores password service configuration information, wherein the password service configuration information comprises mapping relations between the application systems and the password services.
In this embodiment, the application system may include various types, such as a tax website system, an OA system, and a BS system. The password cloud service system comprises a password cloud management module and a password cloud tenant module. The password cloud management module comprises password situation, password service management, order management, password machine management, password resource management, tenant management, audit and statistic functions. The cryptographic posture reveals the health status and concurrency of current cryptographic services. The password service management binds the password service with the specific password resource by configuring the password service name. The order management is used for managing orders of password service requests submitted by managers and business systems of tenants, and the orders can be rejected and the like. The cipher machine management is to manage the server cipher machine and the cloud server cipher machine which are in use, and the key information of the server cipher machine and the cloud server cipher machine is configured through the function. The method comprises the following steps of password resource management, namely, for hardware password resources, configuration information of the hardware password resources such as a signature server, an electronic signature and a timestamp can be configured, and configuration of multiple manufacturers is supported; and password resource management, namely uploading the docker image file of the software password resource to a software password service image warehouse for the software password resource. Tenant management may add and state change to tenants. The audit can audit the operation of the password cloud service platform by an administrator of the platform. The statistic function is used for counting the use condition of the password service based on three dimensions of tenants, password resources and time.
The password cloud tenant module comprises password situations, password service application, password service management, service authorization and auditing functions. The password situation shows the health state and concurrency condition of the current tenant's password service. The password service application provides a password service request function for the tenant. The cryptographic service management provides the tenant with the applied cryptographic service management functions, including state management and authorization of the cryptographic service to be assigned to a particular application system. And audit management provides an audit function of the operation of the tenant on the password cloud service platform.
S202, the password cloud service system uploads the Docker image file of the software password resource to a software password service image warehouse.
In this embodiment, the Docker is an open-source application container engine, and supports compiling software into an image, and then configuring various software in the image. The Docker mirror image is a well-packaged software mirror image, and the password cloud service system uploads a well-packaged Docker mirror image file of software password resources to a software password service mirror image warehouse to be downloaded and used.
S203, the unified API module receives a password service request sent by any business system, wherein the password service request comprises a tenant identification and an application system identification of the business system.
In this embodiment, the service system belongs to a tenant, and one tenant may have a plurality of service systems, and the service system is used to send a cryptographic service request of the tenant. The tenant identification in the password service request can be used for identifying the mapping relation between the application system and the password service, which are pre-configured by the tenant, and the application system identification can be used for inquiring the mapping relation between the application system and the password service, which are pre-configured by the tenant.
S204, the unified API module acquires mapping relations between the application systems and the password services, which are pre-configured by the tenant for the used tenant, through the tenant identification; and inquiring the mapping relation according to the application system identifier to determine the corresponding target password service.
In this embodiment, it is known from step S203 that the tenant identity in the password service request may be used to identify a mapping relationship between an application system and a password service that is preconfigured by the tenant, and the application system identity may be used to query the mapping relationship between the application system and the password service that is preconfigured by the tenant, which is not described herein again. And determining a target password service corresponding to the password service request sent by the business system of the tenant at this time from the mapping relation between the application system and the password service pre-configured by the tenant.
S205, the unified API module sends a service request of the target password service to the virtual software password module.
In this embodiment, the service request of the target password service includes the type of the password service resource applicable to the password service request sent by the service system of the tenant this time, for example, whether the password service request sent by the service system of the tenant this time is applicable to a software password resource or a hardware password resource.
S206, the virtual software password module sends a distribution request of the target password service to the password service resource module according to the service request of the target password service.
In this embodiment, the virtual software cryptographic module makes a request to the cryptographic service resource according to a service request of the target cryptographic service, so as to call the cryptographic service resource to complete cryptographic operation. Wherein the types of cryptographic service resources include: software cryptographic resources and hardware cryptographic resources.
Specifically, the unified API interface module finds whether the cryptographic service resource used by the cryptographic service request is a software cryptographic resource or a hardware cryptographic resource through the interface service and the service request of the cryptographic service request, and then requests the specific software cryptographic resource or hardware cryptographic resource to provide the cryptographic service facility.
S207, the password service resource module calls corresponding password service resources according to the allocation request of the target password service to complete password operation, and an operation result is obtained.
In this embodiment, the cryptographic service resource module finds whether the cryptographic service resource used by the cryptographic service request is a software cryptographic resource or a hardware cryptographic resource through the service request of the cryptographic service request, and then requests the specific software cryptographic resource or hardware cryptographic resource to provide a cryptographic service facility.
And S208, the password service resource module returns the operation result to the service system through the virtual software password module and the uniform API interface module in sequence.
In this embodiment, after completing cryptographic operation, the cryptographic service resource module sends the operation result to the virtual software cryptographic module, the virtual software cryptographic module receives the operation result and sends the operation result to the unified API interface module, and the unified API interface module receives the operation result and sends the operation result to the service system of the tenant.
In summary, according to the password cloud service method provided by the application, the unified API interface module receives a password service request sent by a business system and determines a corresponding target password service, the service request of the target password service is sent to the virtual software password module, the virtual software password module makes a request to the password service resource module according to the target password service to call the password service resource module to complete password operation, an operation result is obtained, and finally the operation result is returned to the business system.
Fig. 3 is a second flowchart of a password cloud service method according to an embodiment of the present application. On the basis of the embodiment in fig. 2, this embodiment describes in detail the step of the cryptographic service resource module in step S207 calling the corresponding cryptographic service resource according to the allocation request of the target cryptographic service to complete the cryptographic operation and obtain the operation result. As shown in fig. 3, with the password cloud service platform as an execution subject, the method of this embodiment may include the following steps:
s301, the password service resource module determines the type of the password service resource suitable for the target password service according to the allocation request of the target password service.
In this embodiment, it is known from step S201 that the request for cryptographic service includes the tenant identity and the application system identity of the business system. The password service resource module determines the type of the password service resource suitable for the target password service through the tenant identification and the application system identification in the password service request. In the present application, the types of cryptographic service resources to which the target cryptographic service is applicable include both software cryptographic resources and hardware cryptographic resources.
S302, if the type of the password service resource suitable for the target password service is the software password resource, the password service resource module makes a request for the software password resource according to the service request of the target password service so as to call the software password resource to complete password operation and obtain an operation result.
In this embodiment, if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, the cryptographic service resource module downloads a Docker image of the software cryptographic resource from a software cryptographic service image warehouse to a specified virtual machine or physical machine cluster.
The password service resource module provides a request to the virtual machine or the physical machine cluster according to a service request of the target password service, so that the virtual machine or the physical machine cluster starts a Docker mirror image to complete password operation, and an operation result is obtained.
Specifically, the software cryptographic resource is a Virtual cryptographic machine (VHSM), virtual Hardware Security Module. The password cloud service platform further comprises a VHSM module, the VHSM module abstracts password resources in the server password machine and the cloud server password machine, the password resources in the server password machine and the cloud server password machine are divided into a plurality of VHSMs, and each VHSM is a tenant who provides a password service request.
The key management system of VHSM is as follows:
fig. 4 is a first schematic diagram illustrating a correspondence relationship between a key in the VHSM and a key in the HSM in the key management system of the VHSM according to an embodiment of the present application. The default VHSM has 10 keys, the numbers representing the key numbers. The correspondence between the keys in the VHSM and the keys in the physical cryptographic module (HSM) is shown in fig. 4, that is, although the key numbers in the VHSM are all 1-10, the key numbers in the HSM corresponding to the key numbers in the HSM may be different. For example, key numbers of VHSM1 are 1-10, and key numbers of its actual corresponding HSM1 are 1-10; the key numbers of VHSM2 are 1-10 and their actual corresponding key numbers of HSM2 are 11-20. Fig. 5 is a schematic diagram of a correspondence relationship between a key in the VHSM and a key in the HSM in the key management system of the VHSM according to an embodiment of the present application. For the case that one VHSM associates multiple HSMs, the key numbers in the VHSM may correspond to different HSM key numbers, as shown in fig. 5, where 1-10 key numbers in the VHSM correspond to 1-10 key numbers of HSM1, and 11 in the VHSM corresponds to key number 1 in HSM 2.
Fig. 6 is a schematic diagram of downloading a Docker image by a password service resource module in a password cloud service platform according to an embodiment of the present application. Specifically, the process that the cryptographic service resource module downloads the Docker image of the software cryptographic resource from the software cryptographic service image warehouse to the designated virtual machine or physical machine cluster is shown in fig. 6, the cryptographic service resource module issues an instruction to the virtual machine or physical machine cluster, the virtual machine or physical machine cluster requests the Docker image from the software cryptographic service image warehouse according to the instruction, the software cryptographic service image warehouse returns the Docker image to the designated virtual machine or physical machine cluster, the virtual machine or physical machine cluster starts the Docker image according to the instruction, and the Docker image can be maintained.
S303, if the type of the password service resource suitable for the target password service is the hardware password resource, the virtual software password module makes a request according to the service request hardware password resource of the target password service so as to call the hardware password resource to complete the password operation and obtain an operation result.
Specifically, the hardware password resource includes: signature servers, timestamps, electronic signatures, and the like. And the hardware password resources are divided into: the hardware sharing cryptographic resources and the hardware exclusive cryptographic resources.
In summary, according to the password cloud service method provided by the application, the password service resource suitable for the target password service is determined to be a software password resource or a hardware password resource, so that a more accurate password service is provided for the password service request provided by the business system of the tenant. And when the type of the applicable cipher service resource is a software cipher resource, the entity cipher machine is shielded for the tenant through the design of the key management system of the VHSM, the use efficiency of the cipher machine is improved, and when the tenant has the requirement on capacity expansion of the cipher machine, the residual keys of the entity cipher machine can be dynamically distributed into the VHSM in an increasing mode, so that the effect of dynamic distribution is achieved.
Fig. 7 is a schematic structural diagram of a password cloud service platform provided in an embodiment of the present application, and as shown in fig. 7, the password cloud service platform of the present embodiment is configured to implement an operation corresponding to the password cloud service platform in any one of the method embodiments, where the password cloud service platform of the present embodiment includes: a unified API interface module 701, a virtual software cryptographic module 702, and a cryptographic service resource module 703.
The unified API interface module 701 is configured to receive a password service request sent by a service system.
The unified API interface module 701 is further configured to obtain, through the tenant identifier, a mapping relationship between the application system preconfigured by the tenant and the password service; and inquiring the mapping relation according to the application system identifier to determine the corresponding target password service.
The unified API interface module 701 is further configured to send a service request of the target cryptographic service to the virtual software cryptographic module.
The virtual software cryptographic module 702 is configured to make a request to the cryptographic service resource module according to a service request of the target cryptographic service, so as to call the cryptographic service resource module to complete cryptographic operation, thereby obtaining an operation result.
And the password service resource module 703 is configured to return the operation result to the service system sequentially through the virtual software password module and the unified API interface module.
In one possible implementation, the unified API interface module 701 is further configured to determine, through a service request of the cryptographic service request, a type of cryptographic service resource applicable to the target cryptographic service; the virtual software cryptographic module 702 is further configured to make a request to an applicable cryptographic service resource according to a service request of the target cryptographic service, so as to call the applicable cryptographic service resource to complete cryptographic operation, and obtain an operation result; wherein the types of cryptographic service resources include: software cryptographic resources and hardware cryptographic resources.
In one possible implementation, the virtual software cryptographic module 702 is further configured to, if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, download the Docker image of the software cryptographic resource from the software cryptographic service image repository to a specified virtual machine or physical machine cluster. The virtual software cryptographic module 702 makes a request to the software cryptographic resource according to the service request of the target cryptographic service, and starts the Docker mirror image to complete cryptographic operation, so as to obtain an operation result.
In a possible implementation manner, the virtual software cryptographic module 702 is further configured to, if the type of the cryptographic service resource applicable to the target cryptographic service is a hardware cryptographic resource, make a request according to the service request hardware cryptographic resource of the target cryptographic service, so as to call the hardware cryptographic resource to complete cryptographic operation, and obtain an operation result.
In a possible implementation manner, the password cloud service platform further includes a password cloud service system 704, configured to generate password service configuration information by configuring a mapping relationship between each application system and a password service according to different application systems created by tenants, and send the password service configuration information to the unified API interface module; the unified API module 701 is configured to store password service configuration information, where the password service configuration information includes mapping relationships between each application system and a password service.
In a possible implementation manner, the password cloud service system 704 is further configured to upload a Docker image file of the software password resource to the software password service image repository by the password cloud service system.
The password cloud service platform provided in the embodiment of the present application may execute the above method embodiment, and for specific implementation principles and technical effects, reference may be made to the above method embodiment, which is not described herein again.
Fig. 8 is a schematic hardware structure diagram of a password cloud service device according to an embodiment of the present application. As shown in fig. 8, the password cloud service device is configured to implement the operation corresponding to the password cloud service device in any of the above method embodiments, and the password cloud service device of this embodiment may include: a memory 802 and a processor 801.
The memory 802 stores computer-executable instructions. The Memory 802 may include a Random Access Memory (RAM), a Non-Volatile Memory (NVM), at least one disk Memory, a usb disk, a removable hard disk, a read-only Memory, a magnetic disk or an optical disk.
The processor 801 executes the computer-executable instructions stored by the memory 802, causing the processor 801 to perform the cryptographic cloud service method in the above-described embodiments. Reference may be made in particular to the description relating to the method embodiments described above. The Processor 801 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.
Alternatively, the memory 802 may be separate or integrated with the processor 801.
When the memory 802 is a separate device from the processor 801, the cryptographic cloud service apparatus may also include a bus 803. The bus 803 is used to connect the memory 802 and the processor 801. The bus 803 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.
The password cloud service device provided by this embodiment may be used to execute the above password cloud service method, and its implementation manner and technical effect are similar, which are not described herein again.
The present application also provides a computer readable storage medium, in which a computer program/instructions are stored, which when executed by a processor are used for implementing the methods provided by the various embodiments described above.
The computer-readable storage medium may be a computer storage medium or a communication medium. Communication media includes any medium that facilitates transfer of a computer program from one place to another. Computer storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, a computer readable storage medium is coupled to the processor such that the processor can read information from, and write information to, the computer readable storage medium. Of course, the computer readable storage medium may also be integral to the processor. The processor and the computer-readable storage medium may reside in an Application Specific Integrated Circuit (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the computer-readable storage medium may also reside as discrete components in a communication device.
In particular, the computer-readable storage medium may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random-Access Memory (SRAM), electrically-Erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The present application also provides a computer program product comprising a computer program/instructions stored in a computer readable storage medium. The computer program/instructions may be read by at least one processor of the device from a computer-readable storage medium, and execution of the computer program/instructions by the at least one processor causes the device to perform the methods provided by the various embodiments described above.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of modules is merely a division of logical functions, and an actual implementation may have another division, for example, a plurality of modules may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
Wherein the modules may be physically separated, e.g. mounted at different locations of one device, or mounted on different devices, or distributed over multiple network elements, or distributed over multiple processors. The modules may also be integrated, for example, in the same device, or in a set of codes. The respective modules may exist in the form of hardware, or may also exist in the form of software, or may also be implemented in the form of software plus hardware. The method and the device can select part or all of the modules according to actual needs to achieve the purpose of the scheme of the embodiment.
When the respective modules are implemented as integrated modules in the form of software functional modules, they may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor to execute some steps of the methods according to the embodiments of the present application.
It should be understood that, although the respective steps in the flowcharts in the above-described embodiments are sequentially shown as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least some of the steps in the figures may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, in different orders, and may be performed alternately or at least partially with respect to other steps or sub-steps of other steps.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same. Although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: it is also possible to modify the solutions described in the previous embodiments or to substitute some or all of the technical features. And the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.
Claims (10)
1. The password cloud service method is characterized by being applied to a password cloud service platform, wherein the password cloud service platform comprises a uniform API interface module, a virtual software password module and a password service resource module;
the method comprises the following steps:
the uniform API module receives a password service request sent by any business system, wherein the password service request comprises a tenant identification and an application system identification of the business system;
the unified API module acquires mapping relations between the application systems and the password services, which are pre-configured by the tenant for the tenant, through the tenant identification; inquiring the mapping relation according to the application system identification, and determining a corresponding target password service;
the uniform API interface module sends a service request of the target password service to the virtual software password module;
the virtual software password module sends a distribution request of the target password service to the password service resource module according to the service request of the target password service;
the password service resource module calls corresponding password service resources according to the allocation request of the target password service to complete password operation and obtain an operation result;
and the password service resource module returns the operation result to the service system sequentially through the virtual software password module and the uniform API interface module.
2. The method of claim 1, wherein the cryptographic service resource module invokes a corresponding cryptographic service resource according to the allocation request of the target cryptographic service to complete a cryptographic operation, and obtain an operation result, comprising:
the password service resource module determines the type of the password service resource applicable to the target password service according to the allocation request of the target password service;
if the type of the password service resource applicable to the target password service is the software password resource, the password service resource module makes a request for the software password resource according to the service request of the target password service so as to call the software password resource to complete password operation and obtain an operation result;
if the type of the password service resource applicable to the target password service is the hardware password resource, the password service resource module makes a request to the hardware password resource according to the service request of the target password service so as to call the hardware password resource to complete password operation and obtain an operation result.
3. The method according to claim 2, wherein if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, the cryptographic service resource module makes a request to the software cryptographic resource according to a service request of the target cryptographic service to call the software cryptographic resource to complete a cryptographic operation, so as to obtain an operation result, including:
if the type of the password service resource suitable for the target password service is the software password resource, the password service resource module downloads a Docker mirror image of the software password resource from a software password service mirror image warehouse to a specified virtual machine or physical machine cluster;
the password service resource module provides a request to the virtual machine or the physical machine cluster according to the service request of the target password service, so that the virtual machine or the physical machine cluster starts the Docker mirror image to complete password operation, and an operation result is obtained.
4. The method of any one of claims 1-3, wherein the cryptographic cloud service platform further comprises a cryptographic cloud service system;
before the unified API interface module receives a password service request sent by a service system, the method further includes:
the password cloud service system generates password service configuration information by configuring the mapping relation between each application system and the password service according to different application systems created by tenants, and sends the password service configuration information to the unified API module;
and the unified API module stores the configuration information of the password service, wherein the configuration information of the password service comprises the mapping relation between each application system and the password service.
5. The method of claim 4, wherein before the unified API module receives the cryptographic service request from the business system, the method further comprises:
and the password cloud service system uploads the Docker mirror image file of the software password resource to the software password service mirror image warehouse.
6. A password cloud service platform, comprising: the unified API module, the virtual software password module and the password service resource module;
the unified API module is used for receiving a password service request sent by any business system, wherein the password service request comprises a tenant identifier and an application system identifier of the business system;
the unified API module is also used for acquiring the mapping relation between each application system and each password service, which is pre-configured by the tenant for the tenant used by the tenant identification, through the tenant identification; inquiring the mapping relation according to the application system identification, and determining a corresponding target password service;
the unified API module is also used for sending a service request of the target password service to the virtual software password module;
the virtual software password module is used for sending a distribution request of the target password service to the password service resource module according to the service request of the target password service;
the password service resource module is used for calling corresponding password service resources according to the allocation request of the target password service so as to complete password operation and obtain an operation result;
and the password service resource module is also used for returning the operation result to the service system sequentially through the virtual software password module and the uniform API interface module.
7. The platform of claim 6, wherein the cryptographic service resource module is specifically configured to determine a type of cryptographic service resource applicable to the target cryptographic service according to the allocation request of the target cryptographic service;
if the type of the password service resource applicable to the target password service is the software password resource, the password service resource module makes a request for the software password resource according to the service request of the target password service so as to call the software password resource to complete password operation and obtain an operation result;
if the type of the password service resource applicable to the target password service is the hardware password resource, the password service resource module makes a request to the hardware password resource according to the service request of the target password service so as to call the hardware password resource to complete password operation and obtain an operation result.
8. The platform of claim 6, wherein the cryptographic service resource module is specifically configured to, if the type of the cryptographic service resource applicable to the target cryptographic service is a software cryptographic resource, download a Docker image of the software cryptographic resource from a software cryptographic service image repository to a specified virtual machine or physical machine cluster;
the password service resource module provides a request to the virtual machine or the physical machine cluster according to the service request of the target password service, so that the virtual machine or the physical machine cluster starts the Docker mirror image to complete password operation, and an operation result is obtained.
9. A password cloud service device, comprising: a memory and a processor;
the memory stores computer-executable instructions; the processor executing the memory-stored computer-executable instructions cause the processor to perform the cryptographic cloud service method of any of claims 1 to 5.
10. A computer-readable storage medium, having stored therein a computer program/instruction, which when executed by a processor, is configured to implement the password cloud service method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310001264.8A CN115859261A (en) | 2023-01-03 | 2023-01-03 | Password cloud service method, platform, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310001264.8A CN115859261A (en) | 2023-01-03 | 2023-01-03 | Password cloud service method, platform, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115859261A true CN115859261A (en) | 2023-03-28 |
Family
ID=85656708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310001264.8A Pending CN115859261A (en) | 2023-01-03 | 2023-01-03 | Password cloud service method, platform, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115859261A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116389194A (en) * | 2023-06-06 | 2023-07-04 | 天津市天河计算机技术有限公司 | VPN service generation method, system, equipment and medium based on cloud computing platform |
| CN117527220A (en) * | 2023-11-20 | 2024-02-06 | 江苏新质信息科技有限公司 | Cloud password service method and system |
-
2023
- 2023-01-03 CN CN202310001264.8A patent/CN115859261A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116389194A (en) * | 2023-06-06 | 2023-07-04 | 天津市天河计算机技术有限公司 | VPN service generation method, system, equipment and medium based on cloud computing platform |
| CN116389194B (en) * | 2023-06-06 | 2023-08-11 | 天津市天河计算机技术有限公司 | VPN service generation method, system, equipment and medium based on cloud computing platform |
| CN117527220A (en) * | 2023-11-20 | 2024-02-06 | 江苏新质信息科技有限公司 | Cloud password service method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108737325B (en) | Multi-tenant data isolation method, device and system | |
| US11657164B2 (en) | Decentralized policy publish and query system for multi-cloud computing environment | |
| US20200184108A1 (en) | Container update system | |
| CN111091429A (en) | Electronic bill identification distribution method and device and electronic bill generation system | |
| CN111294379B (en) | Block chain network service platform, authority hosting method thereof and storage medium | |
| US11520737B2 (en) | Blockchain-as-a-service integrated hybrid object storage system in multi-cloud computing environment | |
| US8660996B2 (en) | Monitoring files in cloud-based networks | |
| CN115859261A (en) | Password cloud service method, platform, equipment and storage medium | |
| CN110266872B (en) | Address book data management and control method and device, cloud address book system, computer equipment and computer readable storage medium | |
| CN109639643B (en) | Block chain-based client manager information sharing method, electronic device and readable storage medium | |
| CN111694638A (en) | Rule package loading method, rule package executing method and terminal equipment | |
| US20220078010A1 (en) | Decentralized asset identifiers for cross-blockchain networks | |
| CN111885184A (en) | Method and device for processing hot spot access keywords in high concurrency scene | |
| CN113220432A (en) | Multi-cloud interconnection method, device, equipment, storage medium and product | |
| US8990398B1 (en) | Systems and methods for processing requests for network resources | |
| CN115129423A (en) | Resource management method, device, equipment and storage medium | |
| US11637737B2 (en) | Network data management framework | |
| US11563559B2 (en) | Parallel processing of blockchain procedures | |
| US20220103694A1 (en) | Telecommunication mediation using blockchain based microservices | |
| CN109614242B (en) | Computing capacity sharing method, device, equipment and medium | |
| CN114070847A (en) | Current limiting method, device, equipment and storage medium of server | |
| CN114885024B (en) | Routing method, device, equipment and medium of application instance | |
| US11595471B1 (en) | Method and system for electing a master in a cloud based distributed system using a serverless framework | |
| CN114745397B (en) | Online storage method and system based on private cloud | |
| CN116151631A (en) | Service decision processing system, service decision processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |