CN116015898A - Information processing method, device, equipment, storage medium and product - Google Patents

Information processing method, device, equipment, storage medium and product Download PDF

Info

Publication number
CN116015898A
CN116015898A CN202211697435.7A CN202211697435A CN116015898A CN 116015898 A CN116015898 A CN 116015898A CN 202211697435 A CN202211697435 A CN 202211697435A CN 116015898 A CN116015898 A CN 116015898A
Authority
CN
China
Prior art keywords
service information
signature
client
security center
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211697435.7A
Other languages
Chinese (zh)
Inventor
韩西奇
张强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202211697435.7A priority Critical patent/CN116015898A/en
Publication of CN116015898A publication Critical patent/CN116015898A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application provides an information processing method, an information processing device, information processing equipment, a storage medium and an information processing product, which belong to the technical field of access control, wherein the information processing method comprises the following steps: receiving service information and a first signature sent by a publisher client, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance; invoking a security center to check the first signature according to the service information; if the verification is passed, calling a security center to encrypt the service information to obtain encrypted service information; receiving an information acquisition request sent by a subscriber client, and determining encrypted service information subscribed by the subscriber client; and sending the encrypted service information subscribed by the subscriber client to the subscriber client, and calling the security center by the subscriber client to decrypt the subscribed encrypted service information to obtain the subscribed service information. According to the method, signature verification, encryption and decryption are carried out by calling the security center, and message middleware processing is not needed, so that the security of data can be effectively improved.

Description

Information processing method, device, equipment, storage medium and product
Technical Field
The present disclosure relates to the field of access control technologies, and in particular, to an information processing method, apparatus, device, storage medium, and product.
Background
Kafka is an open source stream processing platform developed by the Apache software foundation, written by Scala and Java. Kafka is an open source distributed event stream platform that is used by companies for high performance data pipelines, stream analysis, data integration, and relational task applications. Kafka is essentially an efficient, high-throughput, distributed publish-subscribe message queuing system.
The security mechanism of Kafka comprises three parts of encryption, authorization and authentication, wherein encryption means that data or information needs to be encrypted by SSL or TLS in the transmission process, so that the availability, the integrity and the confidentiality of the data/information are ensured.
However, as an open source message queue middleware Kafka, a provided security mechanism is widely known, if a security hole appears, the security mechanism is easy to attack, and the configured key information is on a local machine, if a hacker obtains the access authority of a machine room, the data of the user certificate obtained Kafka can be easily obtained.
Disclosure of Invention
The application provides an information processing method, an information processing device, information processing equipment, a storage medium and an information processing product, which are used for solving the problem that data leakage exists due to low security of an existing message middleware.
In a first aspect, the present application provides an information processing method, including:
receiving service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance;
invoking the security center to check the first signature according to the service information;
if the first signature verification is confirmed to pass, the security center is called to encrypt the service information, and encrypted service information is obtained;
receiving an information acquisition request sent by a subscriber client, and determining encrypted service information subscribed by the subscriber client;
and sending the encrypted service information subscribed by the subscriber client to the subscriber client so that the subscriber client can call the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information.
In a second aspect, the present application provides an information processing apparatus including:
the receiving and transmitting unit is used for receiving service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance;
The processing unit is used for calling the security center to check the first signature according to the service information;
the processing unit is further used for calling the security center to encrypt the service information if the first signature verification is confirmed to pass, so as to obtain encrypted service information;
the receiving and transmitting unit is also used for receiving an information acquisition request sent by the subscriber client;
the processing unit is also used for determining encrypted service information subscribed by the subscriber client;
the receiving and transmitting unit is further configured to send encrypted service information subscribed by the subscriber client to the subscriber client, so that the subscriber client invokes the security center to decrypt the subscribed encrypted service information, and obtain subscribed service information.
In a third aspect, the present application provides an electronic device, comprising: a processor, a memory, and a transceiver;
a processor, memory, and transceiver circuitry interconnect;
the memory stores computer-executable instructions;
a transceiver for transceiving data;
the processor executes computer-executable instructions stored in the memory to cause the processor to perform the method as described in the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions for performing the method according to the first aspect when executed by a processor.
In a fifth aspect, the invention provides a computer program product comprising a computer program which, when executed by a processor, implements the method of the first aspect.
The information processing method, the information processing device, the information processing equipment, the storage medium and the information processing product are used for receiving service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance; invoking the security center to check the first signature according to the service information; if the first signature verification is confirmed to pass, the security center is called to encrypt the service information, and encrypted service information is obtained; receiving an information acquisition request sent by a subscriber client, and determining encrypted service information subscribed by the subscriber client; the encrypted service information subscribed by the subscriber client is sent to the subscriber client, so that the subscriber client calls the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information, and the security center is called to perform signature verification, encryption and decryption, so that message middleware is not required to perform signature verification, encryption and decryption locally, the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram of a network architecture of an information processing method provided in the present application;
FIG. 2 is a schematic flow chart of an information processing method provided in the present application;
FIG. 3 is a schematic flow chart of another information processing method provided in the present application;
FIG. 4 is a schematic flow chart of another information processing method provided in the present application;
FIG. 5 is a schematic diagram of an information processing apparatus according to the present application;
FIG. 6 is a first block diagram of an electronic device for implementing the information processing method of the embodiments of the present application;
fig. 7 is a second block diagram of an electronic device for implementing the information processing method of the embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
In the technical scheme of the application, the related information such as financial data or user data is collected, stored, used, processed, transmitted, provided, disclosed and the like, which accords with the regulations of related laws and regulations and does not violate the popular regulations of the public order.
For a clear understanding of the technical solutions of the present application, the prior art solutions will be described in detail first.
The security mechanism of Kafka comprises three parts of encryption, authorization and authentication, wherein encryption means that data or information needs to be encrypted by SSL or TLS in the transmission process, so that the availability, the integrity and the confidentiality of the data/information are ensured. The authentication refers to that in the whole data interaction process, the identity of a publisher, a consumer, a server or other tools is required to be verified at any time, and the using method mostly depends on public and private keys and certificates; authorization is the assignment of rights to a user, typically relying on the completion of authentication, which typically occurs together.
However, as an open source message queue middleware Kafka, a provided security mechanism is widely known, if a security hole appears, the security mechanism is easy to attack, and the configured key information is on a local machine, if a hacker obtains the access authority of a machine room, the data of the user certificate obtained Kafka can be easily obtained.
Therefore, aiming at the problem that the data leakage exists based on the low security of the message middleware in the prior art, the inventor finds out in the study, sets a security center, carries out signature verification, encryption and decryption processing by the security center, receives service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client in advance from the security center, calls the security center to carry out signature verification on the first signature according to the service information, calls the security center to carry out encryption processing on the service information if the first signature is confirmed to pass verification, obtains encrypted service information, receives an information acquisition request sent by a subscriber client, determines the encrypted service information of the subscriber client, sends the encrypted service information to the subscriber client, and calls the security center to carry out decryption processing on the subscribed encrypted service information to obtain the subscribed service information. The security center is called to carry out signature verification, encryption and decryption, and message middleware is not required to carry out signature verification, encryption and decryption locally, so that the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
The inventor proposes the technical solution of the embodiments of the present application based on the inventive findings described above. The following describes a network architecture and an application scenario of the information processing method provided in the embodiments of the present application.
As shown in fig. 1, the network architecture corresponding to the information processing method provided in the embodiment of the present application includes: a publisher client 1, a Kafka server 2, a server 3 corresponding to a security center and a subscriber client 4. The Kafka server 2 receives service information and a first signature corresponding to the service information sent by the publisher client 1, wherein the first signature is a signature which is obtained by the publisher client 1 from a server 3 corresponding to a security center in advance; invoking a server 3 corresponding to the security center to check the first signature according to the service information; if the first signature verification is confirmed to pass, the Kafka server 2 calls a server 3 corresponding to the security center to encrypt the service information, and encrypted service information is obtained; the Kafka server 2 receives an information acquisition request sent by the subscriber client 4 and determines encrypted service information subscribed by the subscriber client 4; the encrypted service information subscribed by the subscriber client 4 is sent to the subscriber client 4, so that the subscriber client 4 calls the server 3 corresponding to the security center to decrypt the subscribed encrypted service information, and the subscribed service information is obtained. The security center is called to carry out signature verification, encryption and decryption, and message middleware is not required to carry out signature verification, encryption and decryption locally, so that the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 2 is a schematic flow chart of an information processing method provided in the present application, where the method is applied to an electronic device. Wherein the electronic device may be a digital computer representing various forms. Such as cellular telephones, smart phones, laptops, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. As shown in fig. 2, the method includes:
step 201, receiving service information sent by a publisher client and a first signature corresponding to the service information, where the first signature is a signature obtained by the publisher client from a security center in advance.
In this embodiment, the electronic device may be a Kafka server, which is described by taking a Kafka server as an example, where the Kafka server is connected to a security center and a publisher client, respectively, where the publisher client is connected to the security center. The method comprises the steps that a Kafka server receives service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance, specifically, the publisher client sends the service information and a security node identifier to the security center, and each of the publisher client, the Kafka server and a subscriber client has a unique identifier. The security center performs signing processing according to the service information of the publisher client and the security node identifier to obtain a first signature, and the first signature is fed back to the publisher client. The service information may be prompt information of balance of the bank card, or other customer information, maintenance information, etc.
Step 202, invoking a security center to check the first signature according to the service information.
In this embodiment, the Kafka server invokes the security center to perform signature verification according to the first signature corresponding to the service information, where the purpose of signature verification is mainly to verify whether the service information is tampered with in the transmission process, and invokes the security center to perform signature verification on the first signature to determine whether the first signature passes verification.
And 203, if the first signature verification is determined to pass, calling a security center to encrypt the service information, and obtaining encrypted service information.
In this embodiment, if it is determined that the first signature passes the verification, it is indicated that the service information is not tampered, and in order to further prevent the service information from leaking, the security center is invoked to encrypt the service information, obtain encrypted service information, and locally store the encrypted service information.
Step 204, receiving an information acquisition request sent by the subscriber client, and determining encrypted service information subscribed by the subscriber client.
In this embodiment, the Kafka server is also connected to a subscriber client, which in turn is connected to a security center. The method comprises the steps of receiving an information acquisition request sent by a subscriber client, and determining encrypted service information subscribed by the subscriber client.
Step 205, the encrypted service information subscribed by the subscriber client is sent to the subscriber client, so that the subscriber client invokes the security center to decrypt the subscribed encrypted service information, and obtain the subscribed service information.
In this embodiment, after determining encrypted service information subscribed by the subscriber client, the subscriber client sends the encrypted service information subscribed by the subscriber client to the subscriber client, and the subscriber client invokes the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information, specifically, the subscriber client sends the encrypted service information to the security center, and the security center decrypts the encrypted service information to obtain the service information, and feeds back the service information to the subscriber client.
According to the method, the device and the system, service information sent by a publisher client and a first signature corresponding to the service information are received, the first signature is a signature which is obtained in advance by the publisher client from a security center, the security center is called to check the first signature according to the service information, if the first signature is confirmed to pass verification, the security center is called to encrypt the service information to obtain encrypted service information, an information obtaining request sent by a subscriber client is received, the encrypted service information of the subscriber client is confirmed, the encrypted service information is sent to the subscriber client, and the subscriber client calls the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information. The security center is called to carry out signature verification, encryption and decryption, and message middleware is not required to carry out signature verification, encryption and decryption locally, so that the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
Fig. 3 is a flow chart of another information processing method provided in the present application, where the method is applied to an electronic device, as shown in fig. 3, and the method includes:
in step 301a, a connection request sent by a publisher client or subscriber client is received, the connection request being triggered based on a local server address.
In this embodiment, the publisher client acquires the Kafka server address from the service configuration center, connects to the Kafka server based on the server address, and receives a connection request sent by the publisher client or subscriber client.
Step 301b, creating a connection with a publisher client or subscriber client based on the connection request.
In this embodiment, the Kafka server creates a connection with a publisher client or subscriber client according to the connection request, and the publisher sends service information to the subscriber through the Kafka message middleware.
Step 301, receiving service information sent by a publisher client and a first signature corresponding to the service information, where the first signature is a signature obtained by the publisher client from a security center in advance.
In this embodiment, the step 301 and the step 201 have the same technical features, and the detailed description will refer to the step 201, and will not be repeated here.
Step 302, invoking a security center to check the first signature according to the service information.
In one possible implementation, invoking the security center to verify the first signature according to the service information includes:
step 3021, obtaining a security node identifier corresponding to the publisher client.
In this embodiment, a security node identifier corresponding to a publisher client is obtained, where the security node identifier is a unique identifier, and if each publisher client has a corresponding security node number, the security node identifier is a unique identifier.
And 3022, invoking the security center to check the first signature according to the security node identification and the service information.
In this embodiment, the first signature is generated in advance by the server corresponding to the security according to the security node identifier and the service information obtained by the publisher client and sent to the publisher client, specifically, when the publisher client has a service message to be sent to the subscriber client, the publisher client sends the security node identifier and the service information to the server corresponding to the security center, the server corresponding to the security center performs signing processing according to the service information and the security node identifier of the publisher client, so as to obtain the first signature, and the server corresponding to the security center feeds back the first signature to the publisher client. And the publisher client sends the first signature and the service information fed back by the server corresponding to the security center to the Kafka server. The Kafka server calls a security center to check the first signature according to the security node identification and the service information corresponding to the publisher client.
Optionally, invoking the security center to check the first signature according to the security node identifier and the service information includes:
and sending the security node identifier, the service information and the first signature to a server corresponding to the security center, so that the server corresponding to the security center can sign the security node identifier and the service information to obtain a second signature, the security center compares the second signature with the first signature, and if the first signature is consistent with the second signature, the security center feeds back prompt information passing verification.
In this embodiment, the Kafka server sends the security node identifier, the service information and the first signature corresponding to the publisher client to the server corresponding to the security center, specifically, invokes an api interface of the security center to send, the server corresponding to the security center performs signing processing on the security node identifier and the service information corresponding to the publisher client to obtain a second signature, and the server corresponding to the security center compares the second signature with the first signature, if the second signature is consistent with the first signature, it is stated that the service information is not tampered in the transmission process, and further feeds back prompt information passing verification. The Kafka server receives prompt information of verification passing, determines that the first signature passes verification, and further encrypts service information.
Step 303, if the first signature verification is determined to pass, the security center is invoked to encrypt the service information, and the encrypted service information is obtained.
In one possible implementation manner, invoking the security center to encrypt the service information to obtain encrypted service information includes:
step 3031, the local security node identifier and the service information are sent to a server corresponding to the security center, so that the server corresponding to the security center adopts the local security node identifier to encrypt the service information, and feeds back the encrypted service information.
In this embodiment, the Kafka server sends the local security node identifier and the service information to a server corresponding to the security center, and the server corresponding to the security center encrypts the service information by using the local security node identifier and feeds back the encrypted service information to the Kafka server.
Step 3032, the encrypted service information sent by the server corresponding to the security center is received and stored locally.
In this embodiment, the Kafka server receives the encrypted service information sent by the server corresponding to the security center and stores the encrypted service information in the local area, so that the subscriber client can obtain the relevant service information.
Step 304, an information acquisition request sent by the subscriber client is received, and encrypted service information subscribed by the subscriber client is determined.
In one possible implementation, determining encrypted service information subscribed to by a subscriber client includes:
step 3041, obtaining subscriber identification corresponding to the publishers according to message headers corresponding to the publishers, wherein the message headers are obtained by analyzing service information.
In this embodiment, the service information is composed of a message header and a message body, the received service information is parsed to obtain the message header and the message body, the message header is set by the publisher client, and the message header is set based on routing information, message type information, message identification information, message source information and the like. And acquiring a subscriber identifier corresponding to each publisher according to the message header corresponding to each publisher, wherein the subscriber refers to a user subscribed to the service information.
Step 3042, matching the identifier of the subscriber client with the identifier of the subscriber corresponding to the publisher, and determining the encrypted service information subscribed by the subscriber client according to the identifier matching result.
In this embodiment, the identifier of the subscriber client is matched with the identifier of the subscriber corresponding to the publisher, and the encrypted service information subscribed by the subscriber client is further determined according to the identifier matching result.
Optionally, determining the encrypted service information corresponding to the subscriber client according to the identifier matching result includes:
if the identification of the subscriber client is matched with the identification of the subscriber corresponding to the publisher, the encrypted service information of the publisher corresponding to the matched identification of the subscriber is determined to be the encrypted service information subscribed by the subscriber client.
In this embodiment, if the identifier of the subscriber client matches with the identifier of the subscriber corresponding to the publisher, it is stated that the subscriber client subscribes to the service information of the publisher, the encrypted service information of the publisher corresponding to the matched subscriber identifier is determined to be the encrypted service information subscribed by the subscriber client, the encrypted service information is further sent to the subscriber client, the subscriber client invokes the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information, specifically, the subscriber client sends the encrypted service information to the server corresponding to the security center, the server corresponding to the security center decrypts the encrypted service information to obtain the service information, and the server corresponding to the security center feeds the service information back to the subscriber client.
Step 305, the encrypted service information subscribed by the subscriber client is sent to the subscriber client, so that the subscriber client invokes the security center to decrypt the subscribed encrypted service information, and obtain the subscribed service information.
In this embodiment, after determining encrypted service information subscribed by the subscriber client, the subscriber client sends the encrypted service information subscribed by the subscriber client to the subscriber client, and the subscriber client invokes the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information, specifically, the subscriber client sends the encrypted service information to the security center, and the security center decrypts the encrypted service information to obtain the service information, and feeds back the service information to the subscriber client. The security center is called to carry out signature verification, encryption and decryption, and message middleware is not required to carry out signature verification, encryption and decryption locally, so that the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
FIG. 4 is a flow chart of another information processing method provided in the present application, the method is applied to an information processing system, as shown in FIG. 4, and the method includes:
Step 401, service information sent by a client and a first signature corresponding to the service information are sent to a Kafka server.
In this embodiment, service information sent by a client and a first signature corresponding to the service information are sent to a Kafka server, where the first signature is a signature obtained by a publisher client from a security center in advance, specifically, when the publisher client has a service message to be sent to a subscriber client, the publisher client sends a security node identifier and the service information to a server corresponding to the security center, the server corresponding to the security center performs a signing process according to the service information and the security node identifier of the publisher client, so as to obtain the first signature, and the server corresponding to the security center feeds back the first signature to the publisher client. And the publisher client sends the first signature and the service information fed back by the server corresponding to the security center to the Kafka server.
Step 402, the kafka server receives the service information and the first signature corresponding to the service information sent by the publisher client, and sends the security node identifier, the service information and the first signature corresponding to the publisher client to the server corresponding to the security center.
In this embodiment, the Kafka server receives the service information and the first signature corresponding to the service information sent by the publisher client, the Kafka server obtains the security node identifier corresponding to the publisher client, and sends the security node identifier corresponding to the publisher client, the service information and the first signature corresponding to the service information to the server corresponding to the security center, so that the server corresponding to the security center performs signature verification.
And step 403, the server corresponding to the security center performs signing processing on the security node identifier and the service information to obtain a second signature, the security center compares the second signature with the first signature, and if the first signature is consistent with the second signature, the security center feeds back prompt information passing verification.
In this embodiment, the server corresponding to the security center performs signing processing on the security node identifier corresponding to the publisher client and the service information to obtain a second signature, and if the second signature is consistent with the first signature, it is indicated that the service information is not tampered in the transmission process, and prompt information passing verification is further fed back. The Kafka server receives prompt information of verification passing, determines that the first signature passes verification, and further encrypts service information.
If it is determined that the first signature passes the verification, the Kafka server sends the local security node identifier and the service information to a server corresponding to the security center.
In this embodiment, if it is determined that the first signature verification is passed, the Kafka server sends the local security node identifier and the service information to a server corresponding to the security center, and the server corresponding to the security center encrypts the service information by using the local security node identifier and feeds back the encrypted service information to the Kafka server.
And 405, the server corresponding to the security center encrypts the service information by adopting the local security node identifier and feeds back the encrypted service information.
In this embodiment, the server corresponding to the security center receives the local security node identifier of the Kafka server and the service information, and the server corresponding to the security center encrypts the service information by using the local security node identifier and feeds back the encrypted service information.
In step 406, the kafka server receives the encrypted service information sent by the server corresponding to the security center and stores the encrypted service information in the local area.
In this embodiment, the Kafka server receives the encrypted service information sent by the server corresponding to the security center and stores the encrypted service information in the local area, so that the subscriber client can obtain the relevant service information.
In step 407, the subscriber client sends an information acquisition request to the Kafka server.
In this embodiment, the information acquisition request sent by the subscriber client is sent to the Kafka server, and the subscribed relevant service information is acquired from the Kafka server.
In step 408, the kafka server receives the information acquisition request sent by the subscriber client, determines encrypted service information subscribed by the subscriber client, and sends the encrypted service information subscribed by the subscriber client to the subscriber client.
In this embodiment, the service information is composed of a message header and a message body, the received service information is parsed to obtain the message header and the message body, the message header is set by the publisher client, and the message header is set based on routing information, message type information, message identification information, message source information and the like. And acquiring a subscriber identifier corresponding to each publisher according to the message header corresponding to each publisher, wherein the subscriber refers to a user subscribed to the service information. And matching the identification of the subscriber client with the identification of the subscriber corresponding to the publisher, and further determining the encrypted service information subscribed by the subscriber client according to the identification matching result. Specifically, if the identity of the subscriber client matches with the subscriber identity corresponding to the publisher, the subscriber client is specified to subscribe
Reading the service information of the publisher, determining the encrypted service 5 information of the publisher corresponding to the matched subscriber identification as the encrypted service information subscribed by the subscriber client, and further determining the encrypted service information
The message is sent to the subscriber client.
In step 409, the subscriber client sends the encrypted service information to the server corresponding to the security center.
In this embodiment, the subscriber client invokes the security center to decrypt the subscribed encrypted service information by 0, and specifically, the subscriber client sends the encrypted service information to the server corresponding to the security center.
In step 4010, the service corresponding to the security center decrypts the subscribed encrypted service information, and feeds back the service information to the subscriber client.
In this embodiment, the service corresponding to the security center decrypts 5 the subscribed encrypted service information to obtain service information, and sends the service information to the subscriber client.
According to the method and the device, signature verification, encryption and decryption are carried out by calling the security center, the message middleware is not required to carry out the signature verification, encryption and decryption locally, the security of data can be effectively improved, and meanwhile, the security of message transmission is ensured.
Fig. 5 is a schematic structural diagram of an information processing apparatus provided in the present application, and as shown in fig. 5, an information processing apparatus 500 provided in this embodiment 0 includes a transceiver unit 501 and a processing unit 502.
The transceiver 501 is configured to receive service information sent by a publisher client and a first signature corresponding to the service information, where the first signature is a signature obtained by the publisher client from a security center in advance. And the processing unit 502 is used for calling the security center to check the first signature according to the service information. Treatment of
And the unit 502 is further configured to invoke the security center to encrypt the service information 5 if the first signature verification is determined to pass, so as to obtain encrypted service information. A transceiver unit 501 for receiving subscriber clients
And the information acquisition request is sent by the terminal. The processing unit 502 is further configured to determine encrypted service information subscribed to by the subscriber client. The transceiver 501 is further configured to send encrypted service information subscribed by the subscriber client to the subscriber client, so that the subscriber client invokes the security center to decrypt the subscribed encrypted service information, and obtain the subscribed service information.
0, optionally, the processing unit is further configured to obtain a security node identifier corresponding to the publisher client; and calling the security center to check the first signature according to the security node identification and the service information.
Optionally, the processing unit is further configured to send the security node identifier, the service information and the first signature to a server corresponding to the security center, so that the server corresponding to the security center performs signing processing on the security node identifier and the service information to obtain a second signature, the security center compares the second signature with the first signature, and if the first signature is consistent with the second signature, a prompt message passing verification is fed back.
Optionally, the processing unit is further configured to send the local security node identifier and the service information to a server corresponding to the security center, so that the server corresponding to the security center encrypts the service information by using the local security node identifier, and feeds back the encrypted service information; and receiving the encrypted service information sent by the corresponding server of the security center and storing the encrypted service information to the local.
Optionally, the processing unit is further configured to obtain a subscriber identifier corresponding to each publisher according to a message header corresponding to each publisher, where the message header is obtained by analyzing service information; and matching the identification of the subscriber client with the identification of the subscriber corresponding to the publisher, and determining the encrypted service information subscribed by the subscriber client according to the identification matching result.
Optionally, the processing unit is further configured to determine, if the identifier of the subscriber client matches the subscriber identifier corresponding to the publisher, encrypted service information of the publisher corresponding to the matched subscriber identifier as encrypted service information subscribed by the subscriber client.
Optionally, the transceiver unit is further configured to receive a connection request sent by the publisher client or the subscriber client, where the connection request is triggered based on the local server address. And the processing unit is also used for creating connection with the publisher client or the subscriber client according to the connection request.
Fig. 6 is a first block diagram of an electronic device for implementing an information processing method according to an embodiment of the present application, and as shown in fig. 6, the electronic device 600 includes: a memory 601, a processor 602, and a transceiver 603.
A processor 602, memory 601 and transceiver 603 circuitry;
A transceiver 603 for transceiving data;
memory 601 stores computer-executable instructions;
processor 602 executes computer-executable instructions stored in memory 601, causing processor 602 to perform the methods provided by any of the embodiments described above.
Fig. 7 is a second block diagram of an electronic device, which may be a computer, a digital broadcast terminal, a messaging device, a tablet device, a personal digital assistant, a server cluster, etc., as shown in fig. 7, for implementing the information processing method according to the embodiment of the present application.
Electronic device 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.
The processing component 802 generally controls overall operation of the electronic device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operations at the electronic device 800. Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply component 806 provides power to the various components of the electronic device 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the electronic device 800.
The multimedia component 808 includes a screen between the electronic device 800 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or sliding action, but also the duration and pressure associated with the touch or sliding operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. When the electronic device 800 is in an operational mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 further includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.
The sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of the electronic device 800. For example, the sensor assembly 814 may detect an on/off state of the electronic device 800, a relative positioning of the components, such as a display and keypad of the electronic device 800, the sensor assembly 814 may also detect a change in position of the electronic device 800 or a component of the electronic device 800, the presence or absence of a user's contact with the electronic device 800, an orientation or acceleration/deceleration of the electronic device 800, and a change in temperature of the electronic device 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communication between the electronic device 800 and other devices, either wired or wireless. The electronic device 800 may access a wireless network based on a communication standard, such as WiFi,2G, or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the electronic device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 804 including instructions executable by processor 820 of electronic device 800 to perform the above-described method. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
In an exemplary embodiment, there is also provided a computer-readable storage medium having stored therein computer-executable instructions for performing the method of any one of the above embodiments by a processor.
In an exemplary embodiment, a computer program product is also provided, comprising a computer program for executing the method of any of the above embodiments by a processor.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (11)

1. An information processing method, characterized in that the method comprises:
receiving service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance;
invoking the security center to check the first signature according to the service information;
if the first signature verification is confirmed to pass, the security center is called to encrypt the service information, and encrypted service information is obtained;
receiving an information acquisition request sent by a subscriber client, and determining encrypted service information subscribed by the subscriber client;
and sending the encrypted service information subscribed by the subscriber client to the subscriber client so that the subscriber client can call the security center to decrypt the subscribed encrypted service information to obtain the subscribed service information.
2. The method of claim 1, wherein the first signature is a signature that a server corresponding to a security center generates in advance and transmits to the publisher client according to a security node identification and service information acquired from the publisher client; the calling the security center to check the first signature according to the service information comprises the following steps:
Acquiring a security node identifier corresponding to the publisher client;
and calling the security center to check the first signature according to the security node identification and the service information.
3. The method of claim 2, wherein said invoking the security center to verify the first signature based on the security node identification, the traffic information, comprises:
and sending the security node identifier, the service information and the first signature to a server corresponding to the security center, so that the server corresponding to the security center can sign the security node identifier and the service information to obtain a second signature, and the security center can compare the second signature with the first signature, and if the first signature is consistent with the second signature, the security center can feed back prompt information passing verification.
4. The method of claim 1, wherein said invoking said security center to encrypt said service information to obtain encrypted service information comprises:
the local security node identification and the service information are sent to a server corresponding to the security center, so that the server corresponding to the security center can encrypt the service information by adopting the local security node identification, and the encrypted service information is fed back;
And receiving the encrypted service information sent by the server corresponding to the security center and storing the encrypted service information to the local.
5. The method of claim 1, wherein the determining the encrypted service information subscribed to by the subscriber client comprises:
obtaining subscriber identifiers corresponding to publishers according to message headers corresponding to the publishers, wherein the message headers are obtained by analyzing the service information;
and matching the identification of the subscriber client with the subscriber identification corresponding to the publisher, and determining the encrypted service information subscribed by the subscriber client according to the identification matching result.
6. The method according to claim 5, wherein the determining the encrypted service information corresponding to the subscriber client according to the identifier matching result includes:
and if the identification of the subscriber client is matched with the subscriber identification corresponding to the publisher, determining the encrypted service information of the publisher corresponding to the matched subscriber identification as the encrypted service information subscribed by the subscriber client.
7. The method according to claim 1, wherein the method further comprises:
receiving a connection request sent by the publisher client or the subscriber client, wherein the connection request is triggered based on a local server address;
And establishing connection with the publisher client or the subscriber client according to the connection request.
8. An information processing apparatus, characterized in that the apparatus comprises:
the receiving and transmitting unit is used for receiving service information sent by a publisher client and a first signature corresponding to the service information, wherein the first signature is a signature which is obtained by the publisher client from a security center in advance;
the processing unit is used for calling the security center to check the first signature according to the service information;
the processing unit is further used for calling the security center to encrypt the service information if the first signature verification is confirmed to pass, so as to obtain encrypted service information;
the receiving and transmitting unit is also used for receiving an information acquisition request sent by the subscriber client;
the processing unit is also used for determining encrypted service information subscribed by the subscriber client;
the receiving and transmitting unit is further configured to send encrypted service information subscribed by the subscriber client to the subscriber client, so that the subscriber client invokes the security center to decrypt the subscribed encrypted service information, and obtain subscribed service information.
9. An electronic device, comprising: a processor, a memory, and a transceiver;
a processor, memory, and transceiver circuitry interconnect;
a transceiver for transceiving data;
the memory stores computer-executable instructions;
the processor executing computer-executable instructions stored in the memory, causing the processor to perform the method of any one of claims 1 to 7.
10. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method of any of claims 1 to 7.
CN202211697435.7A 2022-12-28 2022-12-28 Information processing method, device, equipment, storage medium and product Pending CN116015898A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211697435.7A CN116015898A (en) 2022-12-28 2022-12-28 Information processing method, device, equipment, storage medium and product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211697435.7A CN116015898A (en) 2022-12-28 2022-12-28 Information processing method, device, equipment, storage medium and product

Publications (1)

Publication Number Publication Date
CN116015898A true CN116015898A (en) 2023-04-25

Family

ID=86026220

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211697435.7A Pending CN116015898A (en) 2022-12-28 2022-12-28 Information processing method, device, equipment, storage medium and product

Country Status (1)

Country Link
CN (1) CN116015898A (en)

Similar Documents

Publication Publication Date Title
CN109146470B (en) Method and device for generating payment code
KR101639147B1 (en) Method, device, program and storage medium for sending information in voice service
CN111431724B (en) Data transmission method and device and electronic equipment
CN113343212A (en) Device registration method and apparatus, electronic device, and storage medium
CN109246110B (en) Data sharing method and device and computer readable storage medium
CN111368232A (en) Password sharing reflux method and device, electronic equipment and storage medium
CN113055169B (en) Data encryption method and device, electronic equipment and storage medium
CN114666048A (en) Data processing method and device, electronic equipment and storage medium
CN114218510A (en) Service page display method, device and equipment
CN114221764A (en) Public key updating method, device and equipment based on block chain
CN116579890A (en) Online signing system based on block chain
CN107302519B (en) Identity authentication method and device for terminal equipment, terminal equipment and server
CN113868505A (en) Data processing method and device, electronic equipment, server and storage medium
CN112671530B (en) Data processing method and device and data processing device
CN116015898A (en) Information processing method, device, equipment, storage medium and product
CN108924136B (en) Authorization authentication method, device and storage medium
CN108712384B (en) Terminal authentication method and device, terminal and server
CN111371563A (en) Password verification method and device, electronic equipment and storage medium
CN114221788B (en) Login method, login device, electronic equipment and storage medium
CN113206832B (en) Data processing method and device and data processing device
CN116668201B (en) System for allocating production resources, transmission method and equipment for production resources
CN114221921B (en) Instant messaging method, device, equipment and storage medium for mobile bank
CN116708044B (en) Application management system, application management method, server, terminal and medium
CN111241522B (en) Firmware signature method and device and storage medium
CN107318148B (en) Wireless local area network access information storage method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination