CN116319993A - Security business service request access system, method, device and equipment - Google Patents

Security business service request access system, method, device and equipment Download PDF

Info

Publication number
CN116319993A
CN116319993A CN202211103474.XA CN202211103474A CN116319993A CN 116319993 A CN116319993 A CN 116319993A CN 202211103474 A CN202211103474 A CN 202211103474A CN 116319993 A CN116319993 A CN 116319993A
Authority
CN
China
Prior art keywords
service
business
service request
channel
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211103474.XA
Other languages
Chinese (zh)
Inventor
张强
卢杰
杨冬毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Securities Co Ltd
Original Assignee
China Securities Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Securities Co Ltd filed Critical China Securities Co Ltd
Priority to CN202211103474.XA priority Critical patent/CN116319993A/en
Publication of CN116319993A publication Critical patent/CN116319993A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention provides a security business service request access system, a security business service request access method, a security business service request access device and security business service request access equipment, which relate to the technical field of computer networks and comprise the following steps: an access server, an online server and a back-end service server; the access server receives a securities service request sent by a user through a target service channel; if the securities business service request is a valid request, forwarding the securities business service request to an online server; the protocol parameters include: identification of a target service type and a target business channel; the online server receives a securities business service request forwarded by the access server; if the authentication is passed, determining a business processing flow based on the target service type; indicating the back-end service server to respond to the securities service request; the back-end service server feeds back a response result to the online server; the online server feeds back a response result to the user through the target business channel based on the identification of the target business channel. The system can improve the convenience of service.

Description

Security business service request access system, method, device and equipment
Technical Field
The present invention relates to the field of computer networks, and in particular, to a security service request access system, method, apparatus and device.
Background
The number of clients and the service scale on line of the security service platform are rapidly increased, and more users use different service channels to request security service from the security service platform on their own electronic devices.
Disclosure of Invention
The embodiment of the invention aims to provide a security business service request access system, a security business service request access method, a security business service request access device and security business service request access equipment, so that convenience in providing services for a security platform is improved. The specific technical scheme is as follows:
the embodiment of the invention provides a security business service request access system, which comprises the following components: an access server, an online server and a back-end service server; wherein,,
the access server is used for receiving a securities service request sent by a user through a target service channel; detecting whether the securities business service request is an effective request according to protocol parameters carried by the securities business service request, and if the securities business service request is the effective request, forwarding the securities business service request to an online server; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
The online server is used for receiving the securities business service request forwarded by the access server; authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the security business service request based on the target service type; indicating the back-end business server to respond to the securities business service request based on the business processing flow;
the back-end service server is used for responding to the security service request based on the service processing flow to obtain a response result and feeding back the response result to the online server;
the online server is further configured to receive the response result fed back by the back-end service; and feeding back the response result to the user through the target business channel based on the identification of the target business channel.
The embodiment of the invention also provides a security business service request access method, which comprises the following steps:
receiving a securities business service request sent by a user through a target business channel;
detecting whether the securities business service request is a valid request according to protocol parameters carried by the securities business service request; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
If the securities business service request is a valid request, authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the securities business service request based on the target service type;
responding to the securities business service request based on the business processing flow to obtain a response result;
and feeding back the response result to the user through the target business channel based on the identification of the target business channel.
The embodiment of the invention also provides a security business service request access device, which comprises:
the service request receiving module is used for receiving a securities service request sent by a user through a target service channel;
the effective request detection module is used for detecting whether the securities business service request is an effective request according to the protocol parameters carried by the securities business service request; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
the processing flow determining module is used for authenticating the target business channel based on the protocol parameter if the securities business service request is an effective request, and determining a business processing flow for responding to the securities business service request based on the target service type if the authentication is passed;
The response result obtaining module is used for responding to the securities business service request based on the business processing flow to obtain a response result;
and the response result feedback module is used for feeding back the response result to the user through the target business channel based on the identification of the target business channel.
The embodiment of the invention also provides electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface, and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the steps of the security business service request access method when executing the program stored in the memory.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the steps of the security business service request access method when being executed by a processor.
The embodiment of the invention also provides a computer program product containing instructions, which when run on a computer, cause the computer to execute the steps of the security business service request access method.
The embodiment of the invention has the beneficial effects that:
in the scheme provided by the embodiment of the invention, the security service request is determined to be an effective request through the protocol parameters and is processed to provide service, so that the security service request which is actually processed by the access server has the protocol parameters, namely, the service processing flow can be determined according to the target service type in the protocol parameters and the response result of the back-end service server is obtained, thus unifying the processing modes of the security service request, forming unified access specifications, enabling different service channels to send the security service request according to the protocol specifications formed by the protocol parameters to realize access, avoiding setting the processing modes of the security service request for each channel, and improving the service providing convenience of the security platform.
Of course, it is not necessary for any one product or method of practicing the invention to achieve all of the advantages set forth above at the same time.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the invention, and other embodiments may be obtained according to these drawings to those skilled in the art.
Fig. 1 is a schematic structural diagram of a first security business service request access system according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a second security business service request access system according to an embodiment of the present invention.
Fig. 3 is a flow chart of a first security business service request access method according to an embodiment of the present invention.
Fig. 4 is a flow chart of a second security business service request access method according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a security business service request access device according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, those of ordinary skill in the art will be able to devise all other embodiments that are obtained based on this application and are within the scope of the present invention.
In order to improve the convenience of providing services to each service channel, the embodiments of the present invention provide a security service request access system, a method, an apparatus, a device, and a storage medium, which are described below.
In one embodiment of the present invention, referring to fig. 1, there is provided a schematic structural diagram of a first security business service request access system, including: an access server 101, an online server 102, and a back-end service server 103; wherein,,
an access server 101 for receiving a security service request sent by a user through a target service channel; detecting whether the securities business service request is an effective request according to protocol parameters carried by the securities business service request, and if the securities business service request is the effective request, forwarding the securities business service request to an online server; wherein, the protocol parameters include: the security business service requests the identification of the target service type and the target business channel of the requested service;
an online server 102, configured to receive the securities service request forwarded by the access server 101; authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the security business service request based on the target service type; instruct the back-end service server 103 to respond to the securities service request based on the service processing flow;
the back-end service server 103 is configured to respond to the securities service request based on the service processing flow, obtain a response result, and feed back the response result to the online server 102;
The online server 102 is further configured to receive a response result fed back by the back-end service; based on the identification of the target business channel, a response result is fed back to the user through the target business channel.
The stock service request is a request for providing stock service.
The protocol parameters are parameters specified by a preset access protocol; the specific protocol parameters are described in detail in the following examples.
If the protocol parameters carried by the security service request meet the standards set by the access protocol, such as the standards of the number of parameters set by the access protocol, the standards of the numerical type of the parameters, and the like, the security service request can be determined to be a valid request.
The service requested by the security business service request is a target service, and the service type of the target service is a target service type. The target service type can be an overhead account type, a right opening type and the like.
The business channel corresponds to an application for which the security business service requests access to the system for connection. For example, a user connects with the system through the internet securities platform a and the internet securities platform B to obtain services, and obtains services through the internet securities platform a and the internet securities platform B to obtain services, which are two kinds of business channels.
The target business channel is a business channel which sends a securities business service request to realize business.
The identification of the traffic channel is used to uniquely represent the traffic channel. Accordingly, the target traffic channel uniquely represents the target traffic channel. The identifier of the service channel may be used to mark the security service request transmitted for any service channel, and each service processing procedure performed during the process of accessing the security service request access system and obtaining the requested service, that is, the trace recorded in the security service request access system, is also referred to as trace information. According to the business processing flow corresponding to each business channel recorded by the identification of the business channel, the traceability of business channel business can be realized.
Specifically, the identification of the service channel may include channel representation information and device representation information.
The channel representation information is used to uniquely represent the traffic channels, and for example, the channel representation information may be a number, a channel code, or the like preset for each traffic channel. Since different users can use services provided by the same service channel on different devices, for example, two users log in the internet securities platform a on their respective mobile phones and use online payment services, in this case, the channel representation information is consistent, but the target service channels used by the two users are independent, so the service channel identifier also needs to include the device representation information, and specifically may be address attribute information owned by the devices, such as an IP (Internet Protocol ) address, a domain name, and the like.
In addition, the identification of the service channel may also include account information of the user, such as a name of the user, a mobile phone number of the user, and the like.
The manner in which the presence server 102 authenticates is described below.
In one embodiment of the invention, the service authority of the target service channel can be determined according to the identification of the target service channel;
and if the target service type is shown in the service authority range, determining a service processing flow corresponding to the target service type.
In this embodiment, the service rights owned by each service channel may be preset, and under the owned service rights, the service channel may request the security service request access system to provide a part of the service for implementing the service.
Specifically, for any target service channel, the service authority may be set as follows:
acquiring service demand information;
and determining the service authority of the target service channel indicated by the identification of the target service channel according to the service demand information and the compliance rule.
Wherein, the information describing the business requirements of the target business channel is business requirement information. The business requirements may be specified by the application to which the target business channel corresponds; compliance rules may be determined based on business rules or legal rules associated with the requested business represented by the business need information; according to the service demand information, the service realizing the target service channel can be determined, and whether the determined service is in the service range allowed to be implemented by the contract rule is judged, so that the authority of the service in the service range can be used as the service authority of the target service.
From the above, the business requirement information and the compliance rule are considered when the business authority is determined, so that the business process processing is performed according to the compliance rule specification while the business requirement of the security business service request is met, the target business channel is prevented from contacting the business information beyond the business authority, and the management of the business channel access is optimized.
In this case, if any service channel has a preset correspondence with the service authority, the target service channel can be determined according to the identifier of the target service channel, and the service authority corresponding to the target service channel can be obtained from the determined target service channel. Therefore, whether the business processing flow is transacted or not can be determined according to the business authorities of the target business channels, the authentication process is realized, the security business service requests of all the target business channels are ensured not to trigger services beyond the business authorities, the target business channels are ensured not to acquire service data beyond the authorities, and the security of the security business service request access system is ensured.
In addition, the correspondence between the target service type and the business process flow may be determined in advance. For example, the target service type is a permission opening service, and the business processing flow includes: client data auditing, admission checking, identity recognition, risk notification, relevant file signing, corresponding authority opening and the like. In this case, the business process flow corresponding to the target service type may be determined according to the correspondence. Furthermore, in addition to the target service type and the identification of the target traffic channel, the access protocol may also specify that the securities traffic service request carries other parameters, see the following embodiments, which are not described in detail herein.
From the above, the business process flow can be broken down into a specific series of execution steps. For each execution step, the online server 102 may instruct the back-end service server 103 to perform corresponding service data processing according to the execution mode indicated by the received request by sending a request to the back-end service server 103, and feed back the processing result as a response result to the online server 102, thereby implementing response to the security service request based on the service processing flow.
In one embodiment of the present invention, the request sent by the online server 102 to the back-end service server 103 may carry the identifier of the target service channel, and the back-end returned response result also carries the received identifier of the target service channel, so that the online server 102 may determine, through the identifier, the target service channel that needs to be returned by the processing result of the service flow returned by the back-end service server 103.
The online server 102 may record each step executed by the service processing flow, and use the identifier of the target service channel requesting the service processing flow as a part of the record, in this case, after obtaining the response result with the target service identifier, determine, from the record, the executed flow and the next flow of the target service channel corresponding to the service processing flow according to the target service identifier, so as to implement service processing.
In the scheme provided by the embodiment of the invention, the security service request is determined to be an effective request through the protocol parameters and is processed to provide service, so that the security service request which is actually processed by the access server has the protocol parameters, namely, the service processing flow can be determined according to the target service type in the protocol parameters and the response result of the back-end service server is obtained, thus unifying the processing modes of the security service request, forming unified access specifications, enabling different service channels to send the security service request according to the protocol specifications formed by the protocol parameters to realize access, avoiding setting the processing modes of the security service request for each channel, and improving the service providing convenience of the security platform.
In addition, under the condition, if a new business channel needs to be accessed to the security business service request access system provided by the embodiment of the invention, the channel can also send the security business service request according to the protocol parameters, so that each newly added business channel is avoided, the access mode is customized for the newly added business channel, and the business expansion is facilitated. Under the condition that the securities business service requests are set according to the protocol parameters, the differentiation of each business channel does not influence the business processing flow of the securities business service request access system, so that the problems of nonstandard handling access flow and complex development and maintenance caused by the differentiation of external business channels can be solved, business channel access standards are standardized, business channel access management is optimized, business channel service capacity is enhanced, and the quick access of business channel parties can be realized by setting the protocol parameters under the conditions of multiple access business channels, wide business range, multiple service types and changeable business rules.
The following describes the other parameters carried by the above access protocol specification.
In one embodiment of the present invention, the protocol parameters further include: a channel code; the securities business service request is a request after being packaged according to a packaging mode corresponding to the channel code;
before the access server 101 forwards the securities business service request to the online server 102, it further comprises:
the access server 101 decapsulates the received securities service request according to the decapsulation mode corresponding to the channel code, and obtains the request information of the securities service request.
The channel code is identification information of the channel, and may be a preset ID (Identity document, identity code) or the like.
In one embodiment of the present invention, each service channel may be preset with a corresponding encapsulation and decapsulation method, so that the security service request access system may determine the target service channel according to the channel code, thereby directly determining the decapsulation method to implement decapsulation of the security service request, and obtain the request information of the security service request. Therefore, the security business service request access system can determine the decapsulation method and realize the decapsulation only by using the channel codes, less information is needed, and the security business service request is more convenient to process.
In one embodiment of the present invention, the protocol parameters further include: a communication key; the securities business service request is: a request encrypted based on the communication key;
in this case, the procedure of the access server 101 forwarding the securities business service request to the online server 102 is implemented as follows:
the access server 101 decrypts the security service request based on the decryption key corresponding to the communication key, and forwards the decrypted security service request to the online server 102.
The security service request access system can generate an encryption key and a corresponding decryption key for communication in advance for each service channel to which access is applied, distribute the generated encryption key to the service channel as a communication key, and reserve the decryption key. Accordingly, the access server 101 may decrypt with the decryption key corresponding to the communication key to obtain the decrypted plaintext securities service request, and forward the plaintext securities service request to the online server 102.
In the case where the access protocol specification protocol parameter includes a communication key, the access server 101 may confirm whether or not the received request is a valid request based on the communication key. For example, if a clear security service request is received when the protocol parameter includes a communication key, it may be directly confirmed that the security service request does not conform to the access protocol specification and is not a valid request; in addition, if a plaintext securities service request is received and the decryption key corresponding to the communication key can not decrypt the plaintext information to obtain plaintext information, the securities service request is confirmed not to be an effective request; if a clear securities service request is received and the decryption key corresponding to the communication key can decrypt the request to obtain the plaintext information, the securities service request is confirmed to be a valid request.
In the above embodiments, the communication key may be an asymmetric key or a symmetric key.
In view of the above, when the access protocol specifies that the protocol parameters include the communication key, each service channel needs to encrypt the security service request when requesting the service of the security service request access system, so that the security of the request information in the transmission process of the security service request is ensured.
In one embodiment of the present invention, the online server 102 is further configured to obtain response process information generated in the process of responding to the security service request by the backend service server 103 based on the service processing flow, and generate service response trace information corresponding to the target service channel based on the response process information.
The response procedure information may include recording information of each specific service executed, and specifically, attribute information executed by the service may be recorded, including execution time, service data calculated at the time of execution, and the like. In this way, the target business channel responded by the response process information can be marked by adopting the protocol parameters such as the channel code, the private key, the identification of the target business channel and the like, so that the information signature is realized, the business response trace information is generated, and the traceability of business flow processing is realized. In this case, the online server 102 may feed back the corresponding result obtained by the backend service server 103 to the specified target service channels according to the protocol parameters in the service response trace information.
From the above, the service response trace information records the response process, and the generated service response trace information corresponds to the target service channel, that is, the traceability of the service flow processed by each service channel is realized.
The following describes how each business channel generates a security business service request conforming to a preset access protocol.
In one embodiment of the present invention, all the agreement parameters included in the agreement may be distributed to each business channel, including the above-mentioned channel code, the communication key, the target service type, and the target business channel identifier, where the distribution mode may be that after a third party using the business channel applies according to a business contract, the security business service requests the manager of the access system to distribute the information under line.
Correspondingly, the manager uses a preset control interface to register the configuration of the distributed channel code, the communication key and the mark information, so that the security service access system can confirm that the protocol parameters in the registered configuration are matched with the protocol parameters in the security service request after receiving the security service request, and confirm that the service is provided through the service channel corresponding to the received security service request. Thus, through the control interface, for each business channel, corresponding service can be provided according to the security business service request, and the configured unified access and the visualized unified management of all the business channels are realized; the configuration type access is realized through the control interface, the visualization capability is improved, the operation and maintenance difficulty is simplified, and the channel cooperation experience and the system construction specification are improved.
The manager can register the business channel connection address and port on the control interface to inform each business channel to send securities business service requests according to the registered business channel connection address and port.
After registering the configured protocol parameters, the security business service request access system can realize real-time authority control based on the protocol parameters through cache refreshing.
The system configuration will be described by means of a schematic diagram of the security service request access system shown in fig. 2.
As shown in fig. 2, the third party service channels are service channels requesting service, including channel a, channel B, … … channel N; the access module SDK (Software Development Kit ) is used for configuring security business service requests for each third party channel. After each business channel installs the SDK by itself, a setting mode for setting the security business service request according to the protocol parameters is obtained, and the security business service request conforming to the preset access protocol is set based on the obtained setting mode. The channel management system can be used for managing the installation and upgrading of the SDK of the new version of each business channel, for example, comparing the pre-recorded latest version number with the version number of the SDK of each business channel in the third party channel, prompting upgrading and the like for the business channels with different version numbers.
The access server can be used for judging whether the securities business service request is an effective request or not, if so, the securities business service request is forwarded to the online server through the service distribution module for business handling, and when forwarding, the flow used for forwarding the request is limited by using a preset flow monitoring strategy through flow monitoring, so that the online business handling system is prevented from receiving excessive requests and being paralyzed. The traffic monitoring policy may be: and adjusting the sending time interval of the security business service request based on the speed of forwarding the outgoing data and the incoming data generated by the security business service request and the total flow. The channel management system can send the agreement parameters of the business channels registered in advance to the access server, so that the access server can judge whether the target business channel of the request service is the registered business channel according to the received agreement parameters of the security business service request, and if so, the business channel is forwarded.
The channel management system may also be used for authentication, for example, to store the service rights of each channel in advance, provide it to an online server, etc.
In the online server, the data encryption/decryption module is used for decrypting the certificate service request by using a decryption key corresponding to the communication key to obtain plaintext information; the mark information control module is used for recording the mark of the target business channel; the business process processing module is used for determining a business process corresponding to the target service type; the identity authentication module is used for authenticating the target service channel. The general service handling module is used for providing service steps required to be executed when the service is processed, and the provided service steps are different for different target service types, and the composed service processing flows are also different.
In the back-end business server, the account system, the transaction system and the asset system store different actual business data, and can respond to different securities business service requests to complete different business functions and obtain corresponding results. That is, the back-end service only performs service processing in the system provided by the embodiment of the invention, and does not need to process the security service request, thereby realizing complete decoupling of channel access and service processing and solving the problem of repeated adaptation and reconstruction of the current multi-channel access.
In addition, the channel management system can also be used for providing the control interface in the previous embodiment for the administrator to perform operations such as port registration.
The overall flow of the ticket business service request access is described below with reference to fig. 3.
In one embodiment of the present invention, referring to fig. 3, a flow chart of a first security business service request access method is provided, the method comprising the following steps S301-S306.
Step S301: and registering and configuring the business channel.
In this step, the protocol parameters to be distributed to each service channel may be configured in the security service request access system. Specifically, a manager registers a channel connection address and a port by using a control interface of a channel management system, and configures a channel code, a communication key and an identification of a target business channel; after the configuration is completed, the manager distributes the channel code, the communication secret key and the identification of the target business channel, and provides the SDK matched with the protocol parameters for the business channel, and the SDK can generate a securities business service request based on the protocol parameters.
The manager can issue the conditional access channels online, i.e. explain the available service channels accessing the security service request access system online, i.e. the service channels allocated with the agreement parameters and the SDK.
Step S302: and controlling the authority of the business channel.
The authority controlled in the step is as follows: and determining the service authority of the service channel according to the service demand information and the compliance rule.
On the basis of channel registration configuration, service scenes, integration protocols and related interfaces can be defined according to channel related service demand information and schemes. The service scene is a scene of service flow processing, the integrated protocol is a protocol corresponding to a compliance rule, and the interface is an application program interface of a back-end service server specifically called when the service flow is processed.
The above configuration may be visually configured in a manner similar to a control interface. According to the configuration, the service authority of the service channel can be determined. According to the configuration, the corresponding service authority can be set, the control of the whole service flow is realized, and the linkage with the back-end service server is realized.
Step S303: security business service requests access and communication encryption.
Each business channel can send a securities business service request to apply for accessing the securities business service request access system. The communication key in the protocol parameter may be used to encrypt the request information of the securities service request.
The access server receives the transmitted securities service request, determines that the effective request is received according to the configured protocol parameter information, and realizes forwarding and flow control to the online server so as to realize securities service request access.
Step S304: and (5) authentication and communication decryption of the service channel.
After receiving the securities business service request forwarded by the access server, the online server decrypts the request information of the securities business service request by adopting a decryption key corresponding to the communication key, and obtains the decrypted plaintext request information. Thus, according to the plain text protocol parameters in the securities business service request and the requested target service type, whether the business channel is a registered business channel can be verified, if so, the corresponding business processing flow is matched to link the back-end business server to realize business handling. In addition, if the request information of the security service request also includes login information of the user, such as account name, password, etc., the security service request access system may also determine whether the user requesting the service is authorized according to the pre-registered user information, so as to implement login verification.
Step S305: and (5) processing the business flow of channel matching.
The business process processing mode is as follows: the online server determines a business processing flow for responding to the security business service request based on the target service type, and instructs the back-end business server to respond to the security business service request based on the business processing flow; the back-end service server responds to the securities service request to obtain and feed back a response result.
Meanwhile, the online server can record response process information in the service processing flow to obtain service response mark information containing the identification of the target service channel, so that the final result of service processing can be determined according to the service response mark information and fed back to the target service channel of the user.
Step S306: and feeding back service results.
And the on-line server feeds back the processing result generated by the service processing flow completed by the back-end service server to the third-party channel through the encapsulation encryption of the corresponding target service channel, so as to complete the service request closed loop.
Corresponding to the security business service request access system, the embodiment of the invention also provides a security business service request access method.
The method can be implemented by one device or a plurality of devices.
The steps of the method described below may be performed by respective modules of software implementing the security service request access method, for example, steps S401 to S402 are performed by an access module having a security service request access function, steps S403 to S405 are performed by a service processing module executing a service processing flow, and so on.
In the case where the method is implemented by a plurality of devices, each module of software for implementing the security service request access method may be respectively disposed in any one of the devices, which is not limited by the embodiment of the present invention.
In one embodiment of the present invention, referring to fig. 4, a flow chart of a second security business service request access method is provided, the method comprising the following steps S401-S405.
Step S401: and receiving a securities service request sent by the user through the target service channel.
Step S402: and detecting whether the security business service request is a valid request according to the protocol parameters carried by the security business service request.
Wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel.
Step S403: and if the securities business service request is a valid request, authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the securities business service request based on the target service type.
Step S404: and responding to the securities business service request based on the business processing flow to obtain a response result.
Step S405: and feeding back the response result to the user through the target business channel based on the identification of the target business channel.
In the scheme provided by the embodiment of the invention, the security service request is determined to be an effective request through the protocol parameters and is processed to provide service, so that the security service request which is actually processed by the access server has the protocol parameters, namely, the service processing flow can be determined according to the target service type in the protocol parameters and the response result of the back-end service server is obtained, thus unifying the processing modes of the security service request, forming unified access specifications, enabling different service channels to send the security service request according to the protocol specifications formed by the protocol parameters to realize access, avoiding setting the processing modes of the security service request for each channel, and improving the service providing convenience of the security platform.
In one embodiment of the present invention, step S403 determines, based on the target service type, a business process flow for responding to the security business service request, including:
Determining the service authority of the target service channel according to the identification of the target service channel;
and if the target service type is shown in the service authority range, determining a service processing flow corresponding to the target service type.
Therefore, whether the business processing flow is transacted or not can be determined according to the business authorities of the target business channels, the authentication process is realized, the security business service requests of all the target business channels are ensured not to trigger services beyond the business authorities, the target business channels are ensured not to acquire service data beyond the authorities, and the security of the security business service request access system is ensured.
In one embodiment of the present invention, step S405 determines, according to the identifier of the target service channel, a service right of the target service channel, including:
acquiring service demand information;
and determining the service authority of the target service channel indicated by the identification of the target service channel according to the service demand information and the compliance rule.
From the above, the business requirement information and the compliance rule are considered when the business authority is determined, so that the business process processing is performed according to the compliance rule specification while the business requirement of the security business service request is met, the target business channel is prevented from contacting the business information beyond the business authority, and the management of the business channel access is optimized.
In one embodiment of the present invention, the protocol parameters further include: a channel code; the securities business service request is a request after being packaged according to a packaging mode corresponding to the channel code;
the method further comprises the steps of:
and decapsulating the received securities business service request according to a decapsulation mode corresponding to the channel code to obtain the request information of the securities business service request.
Therefore, the security business service request access system can determine the decapsulation method and realize the decapsulation only by using the channel codes, less information is needed, and the security business service request is more convenient to process.
In one embodiment of the present invention, the protocol parameters further include: a communication key; the securities business service request is: performing an encrypted request based on the communication key;
the method further comprises the steps of:
and decrypting the securities business service request based on the decryption key corresponding to the communication key to obtain the decrypted securities business service request.
In view of the above, when the access protocol specifies that the protocol parameters include the communication key, each service channel needs to encrypt the security service request when requesting the service of the security service request access system, so that the security of the request information in the transmission process of the security service request is ensured.
In one embodiment of the invention, the method further comprises: and generating service response mark information corresponding to the target service channel based on response process information generated in the response process of the business processing flow to the securities business service request.
From the above, the service response trace information records the response process, and the generated service response trace information corresponds to the target service channel, that is, the traceability of the service flow processed by each service channel is realized.
Corresponding to the embodiment of the method, the embodiment of the invention also provides a security business service request access device.
In one embodiment of the present invention, referring to fig. 5, there is provided a schematic structural diagram of a security business service request access apparatus, the apparatus including:
a service request receiving module 501, configured to receive a security service request sent by a user through a target service channel;
an effective request detection module 502, configured to detect, according to a protocol parameter carried by the security service request, whether the security service request is an effective request; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
A process flow determining module 503, configured to authenticate the target service channel based on the protocol parameter if the security service request is a valid request, and determine a service process flow for responding to the security service request based on the target service type if the authentication is passed;
a response result obtaining module 504, configured to respond to the securities business service request based on the business processing flow, and obtain a response result;
and the response result feedback module 505 is configured to feed back the response result to the user through the target service channel based on the identifier of the target service channel.
In the scheme provided by the embodiment of the invention, the security service request is determined to be an effective request through the protocol parameters and is processed to provide service, so that the security service request which is actually processed by the access server has the protocol parameters, namely, the service processing flow can be determined according to the target service type in the protocol parameters and the response result of the back-end service server is obtained, thus unifying the processing modes of the security service request, forming unified access specifications, enabling different service channels to send the security service request according to the protocol specifications formed by the protocol parameters to realize access, avoiding setting the processing modes of the security service request for each channel, and improving the service providing convenience of the security platform.
In one embodiment of the present invention, the process flow determining module 503 is specifically configured to authenticate the target service channel based on the protocol parameter if the security service request is a valid request, and determine the service authority of the target service channel according to the identifier of the target service channel if the authentication is passed; and if the target service type is shown in the service authority range, determining a service processing flow corresponding to the target service type.
Therefore, whether the business processing flow is transacted or not can be determined according to the business authorities of the target business channels, the authentication process is realized, the security business service requests of all the target business channels are ensured not to trigger services beyond the business authorities, the target business channels are ensured not to acquire service data beyond the authorities, and the security of the security business service request access system is ensured.
In one embodiment of the present invention, the processing flow determining module 503 is specifically configured to authenticate the target service channel based on the protocol parameter if the security service request is an effective request, and obtain service requirement information if the authentication is passed; determining the service authority of the target service channel indicated by the identification of the target service channel according to the service demand information and the compliance rule; and if the target service type is shown in the service authority range, determining a service processing flow corresponding to the target service type.
From the above, the business requirement information and the compliance rule are considered when the business authority is determined, so that the business process processing is performed according to the compliance rule specification while the business requirement of the security business service request is met, the target business channel is prevented from contacting the business information beyond the business authority, and the management of the business channel access is optimized.
In one embodiment of the present invention, the protocol parameters further include: a channel code; the securities business service request is a request after being packaged according to a packaging mode corresponding to the channel code;
the apparatus further comprises:
and the unpacking module unpacks the received securities business service request according to a unpacking mode corresponding to the channel code to obtain the request information of the securities business service request.
Therefore, the security business service request access system can determine the decapsulation method and realize the decapsulation only by using the channel codes, less information is needed, and the security business service request is more convenient to process.
In one embodiment of the present invention, the protocol parameters further include: a communication key; the securities business service request is: performing an encrypted request based on the communication key;
The apparatus further comprises:
and the decryption module decrypts the securities business service request based on the decryption key corresponding to the communication key to obtain a decrypted securities business service request.
In view of the above, when the access protocol specifies that the protocol parameters include the communication key, each service channel needs to encrypt the security service request when requesting the service of the security service request access system, so that the security of the request information in the transmission process of the security service request is ensured.
In one embodiment of the invention, the apparatus further comprises:
and the mark information generation module is used for generating service response mark information corresponding to the target service channel based on the response process information generated in the process of responding the security service request by the service processing flow and the response process information.
From the above, the service response trace information records the response process, and the generated service response trace information corresponds to the target service channel, that is, the traceability of the service flow processed by each service channel is realized.
The embodiment of the invention also provides an electronic device, as shown in fig. 6, which comprises a processor 601, a communication interface 602, a memory 603 and a communication bus 604, wherein the processor 601, the communication interface 602 and the memory 603 complete communication with each other through the communication bus 604,
A memory 603 for storing a computer program;
the processor 601 is configured to implement any of the security service request access method steps in the foregoing embodiments when executing the program stored in the memory 603.
The communication bus mentioned above for the electronic devices may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, there is also provided a computer readable storage medium having stored therein a computer program which when executed by a processor implements the steps of any of the above-described security business service request access methods.
In yet another embodiment of the present invention, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform the security business service request access method of any of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for method, apparatus, device, and storage medium embodiments, the description is relatively simple as it is substantially similar to the system embodiments, with reference to the description of method embodiments in part.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A security service request access system, the system comprising: an access server, an online server and a back-end service server; wherein,,
the access server is used for receiving a securities service request sent by a user through a target service channel; detecting whether the securities business service request is an effective request according to protocol parameters carried by the securities business service request, and if the securities business service request is the effective request, forwarding the securities business service request to an online server; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
the online server is used for receiving the securities business service request forwarded by the access server; authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the security business service request based on the target service type; indicating the back-end business server to respond to the securities business service request based on the business processing flow;
The back-end service server is used for responding to the security service request based on the service processing flow to obtain a response result and feeding back the response result to the online server;
the online server is further configured to receive the response result fed back by the back-end service; and feeding back the response result to the user through the target business channel based on the identification of the target business channel.
2. The system of claim 1, wherein the online server determining a business process flow for responding to the securities business service request based on the target service type comprises:
determining the service authority of the target service channel according to the identification of the target service channel;
and if the target service type is shown in the service authority range, determining a service processing flow corresponding to the target service type.
3. The system of claim 2, wherein the online server determining the service rights of the target service channel based on the identification of the target service channel comprises:
acquiring service demand information;
and determining the service authority of the target service channel indicated by the identification of the target service channel according to the service demand information and the compliance rule.
4. The system of claim 1, wherein the protocol parameters further comprise: a channel code; the securities business service request is a request after being packaged according to a packaging mode corresponding to the channel code;
before the access server forwards the securities business service request to an online server, the method further comprises:
and the access server unpacks the received securities business service request according to a unpacking mode corresponding to the channel code to obtain the request information of the securities business service request.
5. The system of claim 1, wherein the protocol parameters further comprise: a communication key; the securities business service request is: performing an encrypted request based on the communication key;
the access server forwarding the securities business service request to an online server, comprising:
and the access server decrypts the securities business service request based on a decryption key corresponding to the communication key, and forwards the decrypted securities business service request to an online server.
6. The system of any one of claims 1-5, wherein,
the online server is further configured to obtain response process information generated in the process that the back-end service server responds to the security service request based on the service processing flow, and generate service response mark information corresponding to the target service channel based on the response process information.
7. A security service request access method, the method comprising:
receiving a securities business service request sent by a user through a target business channel;
detecting whether the securities business service request is a valid request according to protocol parameters carried by the securities business service request; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
if the securities business service request is a valid request, authenticating the target business channel based on the protocol parameter, and if the authentication is passed, determining a business processing flow for responding to the securities business service request based on the target service type;
responding to the securities business service request based on the business processing flow to obtain a response result;
and feeding back the response result to the user through the target business channel based on the identification of the target business channel.
8. A security service request access apparatus, the apparatus comprising:
the service request receiving module is used for receiving a securities service request sent by a user through a target service channel;
The effective request detection module is used for detecting whether the securities business service request is an effective request according to the protocol parameters carried by the securities business service request; wherein the protocol parameters include: the securities business service requests the target service type of the requested service and the identification of the target business channel;
the processing flow determining module is used for authenticating the target business channel based on the protocol parameter if the securities business service request is an effective request, and determining a business processing flow for responding to the securities business service request based on the target service type if the authentication is passed;
the response result obtaining module is used for responding to the securities business service request based on the business processing flow to obtain a response result;
and the response result feedback module is used for feeding back the response result to the user through the target business channel based on the identification of the target business channel.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
A memory for storing a computer program;
a processor for implementing the method steps of claim 7 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored therein a computer program which, when executed by a processor, implements the method steps of claim 7.
CN202211103474.XA 2022-09-09 2022-09-09 Security business service request access system, method, device and equipment Pending CN116319993A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211103474.XA CN116319993A (en) 2022-09-09 2022-09-09 Security business service request access system, method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211103474.XA CN116319993A (en) 2022-09-09 2022-09-09 Security business service request access system, method, device and equipment

Publications (1)

Publication Number Publication Date
CN116319993A true CN116319993A (en) 2023-06-23

Family

ID=86780253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211103474.XA Pending CN116319993A (en) 2022-09-09 2022-09-09 Security business service request access system, method, device and equipment

Country Status (1)

Country Link
CN (1) CN116319993A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955698A (en) * 2023-12-28 2024-04-30 中信建投证券股份有限公司 Swagger-based call request authentication method and swagger-based call request authentication device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955698A (en) * 2023-12-28 2024-04-30 中信建投证券股份有限公司 Swagger-based call request authentication method and swagger-based call request authentication device

Similar Documents

Publication Publication Date Title
KR102596411B1 (en) System and method for recording device lifecycle transactions as version blocks in a blockchain network using transaction connector and broker services
US9935954B2 (en) System and method for securing machine-to-machine communications
US20190140844A1 (en) Identity-linked authentication through a user certificate system
US8788811B2 (en) Server-side key generation for non-token clients
JP5860815B2 (en) System and method for enforcing computer policy
US9137017B2 (en) Key recovery mechanism
EP2954448B1 (en) Provisioning sensitive data into third party network-enabled devices
JP2021505097A (en) Device identification systems and methods for enrollment and registration of connected endpoint devices, as well as blockchain services
EP2560341A2 (en) Authentication and binding of multiple devices
US20200320178A1 (en) Digital rights management authorization token pairing
US9160723B2 (en) Framework for provisioning devices with externally acquired component-based identity data
WO2022141574A1 (en) Key provisioning method and related products
US11526596B2 (en) Remote processing of credential requests
CN111510288B (en) Key management method, electronic device and storage medium
CN113872940B (en) Access control method, device and equipment based on NC-Link
KR101839048B1 (en) End-to-End Security Platform of Internet of Things
CN111092878B (en) Method, device and equipment for testing hijacking of man-in-the-middle and readable storage medium
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
CN116319993A (en) Security business service request access system, method, device and equipment
WO2021170049A1 (en) Method and apparatus for recording access behavior
CN107888615B (en) Safety authentication method for node registration
CN113259436B (en) Network request processing method and device
US11528132B2 (en) Transmission of secure information in a content distribution network
KR20140004703A (en) Controlled security domains
KR101893758B1 (en) System and method for monitoring leakage of internal information through analyzing encrypted traffic

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination