CN116708576A - Service providing method, device, equipment and computer readable storage medium - Google Patents
Service providing method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN116708576A CN116708576A CN202310804962.1A CN202310804962A CN116708576A CN 116708576 A CN116708576 A CN 116708576A CN 202310804962 A CN202310804962 A CN 202310804962A CN 116708576 A CN116708576 A CN 116708576A
- Authority
- CN
- China
- Prior art keywords
- information security
- computing resource
- security service
- service
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000004044 response Effects 0.000 claims abstract description 8
- 238000004590 computer program Methods 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a service providing method, a device, equipment and a computer readable storage medium. The method is applied to a public key infrastructure system which is deployed on a public cloud. The method comprises the following steps: receiving an information security service request sent by a client; providing information security services for the client based on a first computing resource in response to the information security service request, the first computing resource being a configured computing resource in the public key infrastructure system; acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service; an information security service is provided for the client based on the first computing resource and the second computing resource. According to the service providing method provided by the embodiment of the application, the efficiency of providing information security service for the client can be improved, and the normal operation of the service is ensured.
Description
Technical Field
The present application relates to the field of vehicle technologies, and in particular, to a service providing method, apparatus, device, and computer readable storage medium.
Background
With The development of vehicle intellectualization, especially The expansion of a vehicle-mounted electronic control unit (Electronic Control Unit, ECU) and The continuous upgrading of networking, the demands of intelligent service scenes such as remote vehicle control, digital keys, video and audio, entertainment video, and Over-The-Air (FOTA) upgrading are higher and higher for vehicle safety. In this context, the public key infrastructure (Public Key Infrastructure, PKI) provides a reliable security for the implementation of these functions.
Currently, PKI systems are typically provided by specialized suppliers, employing conventional service architecture. That is, PKI systems are typically based on a host (or virtualized) deployment model.
However, as the traffic increases, there may be situations where the PKI system built by using the conventional service architecture cannot meet the increasing demand of the traffic, that is, the PKI system may have low efficiency of providing the information security service for the client or cannot provide the information security service for the client, thereby affecting the normal running of the traffic.
Disclosure of Invention
The embodiment of the application provides a service providing method, a device, equipment, a computer readable storage medium and a computer program product, which can improve the efficiency of providing information security service for a client and ensure the normal operation of a service.
In a first aspect, an embodiment of the present application provides a service providing method applied to a public key infrastructure system, where the public key infrastructure system is deployed on a public cloud, the method including:
receiving an information security service request sent by a client;
providing information security services for the client based on a first computing resource in response to the information security service request, the first computing resource being a configured computing resource in the public key infrastructure system;
acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service;
providing information security services for the client based on the first computing resource and the second computing resource.
In one possible implementation manner, in a case where the first computing resource does not meet a resource condition required by the information security service, before acquiring a second computing resource from the public cloud, the method further includes:
acquiring a first quantity of the information security service requests received within a first preset time period;
and under the condition that the first quantity is larger than a first preset threshold value, determining that the first computing resource does not meet the resource condition required by the information security service.
In one possible implementation, after the providing the information security service for the client based on the first computing resource and the second computing resource, the method further includes:
acquiring a second number of information security service requests received within a second preset time period;
deleting the second computing resource from the public key infrastructure system if the second number is less than a second preset threshold.
In one possible implementation manner, the providing, based on the first computing resource, an information security service for the client includes:
acquiring a client blacklist;
in the event that the client is determined not to be in the client blacklist, providing an information security service for the client based on the first computing resource.
In one possible implementation, after the providing the information security service for the client based on the first computing resource and the second computing resource, the method further includes:
acquiring a client white list under the condition that the first computing resource and the second computing resource do not meet the resource condition required by the information security service;
providing information security services for the client based on a first computing resource and the second computing resource, if the client is determined to be in the client whitelist.
In one possible implementation, the public key infrastructure system includes a micro service and a cloud native service, the information security service including a first information security service;
the providing information security services for the client based on the first computing resource includes:
and providing a first information security service for the client based on the computing resources corresponding to the micro service and the computing resources corresponding to the cloud native service.
In one possible implementation, the public key infrastructure system is communicatively connected to a private cloud, the information security service comprising a second information security service having a higher privacy than the first information security service;
the providing information security services for the client based on the first computing resource further includes:
and providing a second information security service for the client based on the computing resources in the private cloud.
In a second aspect, an embodiment of the present application provides a service providing apparatus applied to a public key infrastructure system deployed on a public cloud, the apparatus comprising:
the receiving module is used for receiving the information security service request sent by the client;
a first providing module, configured to provide an information security service for the client based on a first computing resource in response to the information security service request, where the first computing resource is a configured computing resource in the public key infrastructure system;
the first acquisition module is used for acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service;
and the second providing module is used for providing information security service for the client based on the first computing resource and the second computing resource.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method of any one of the possible implementation methods of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method according to any one of the possible implementation methods of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product, instructions in which, when executed by a processor of an electronic device, cause the electronic device to perform a method as in any of the possible implementation methods of the first aspect described above.
The service providing method, the device, the equipment, the computer readable storage medium and the computer program product in the embodiment of the application can save the time for obtaining the second computing resource relative to the manual configuration of the second computing resource by deploying the public key infrastructure system on the public cloud and directly obtaining the second computing resource from the public cloud under the condition that the configured first computing resource in the public key infrastructure system does not meet the resource condition required by the information security service. Therefore, the information security service is provided for the client based on the first computing resource and the second computing resource, so that the efficiency of providing the information security service for the client can be improved, and the normal operation of the service is ensured.
Drawings
In order to more clearly illustrate the technical solution of the embodiments of the present application, the drawings that are needed to be used in the embodiments of the present application will be briefly described, and it is possible for a person skilled in the art to obtain other drawings according to these drawings without inventive effort.
FIG. 1 is a schematic diagram of a public key infrastructure system according to an embodiment of the present application;
FIG. 2 is a flowchart of a service providing method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a service providing apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail below with reference to the accompanying drawings and the detailed embodiments. It should be understood that the particular embodiments described herein are meant to be illustrative of the application only and not limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the application by showing examples of the application.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
As described in the background section, in order to solve the problems of the prior art, embodiments of the present application provide a service providing method, apparatus, device, computer-readable storage medium, and computer program product.
A public key infrastructure system (PKI system) provided by an embodiment of the present application will be first described below.
As shown in fig. 1, the PKI system provided by the embodiment of the application is deployed on a public cloud. The PKI system may include, among other things, a car networking security trust center, micro services, and cloud native services. Micro services may include Sub CA (Sub certificate authority), RA (digital certificate registry, registration Authority), key services, signature verification and LDAP (lightweight directory access protocol ). Cloud native services may include distributed configuration centers (e.g., nano), databases (e.g., rediss, mysql), distributed messaging systems (e.g., kafka), open source message broker software (e.g., rabkitmq), and distributed application coordination services (e.g., zookeeper). That is, by disassembling the functions in the PKI system, the services with the same function are abstracted into a single service, and the services are provided to the outside in a unified manner, so that the micro-service architecture can be realized.
In addition, the PKI system may be communicatively coupled to a private cloud, which may include a ROOT CA (ROOT certificate authority), a signing service, and an encryptor. The encryption machine belongs to hardware, so that the encryption machine can be deployed in a private machine room. The ROOT CA and signature services belong to more privacy services and can also be deployed in private clouds. That is, hybrid cloud deployment can be achieved by splitting the micro-service architecture.
In addition, the public cloud may further include an entry (such as ingress), an application layer gateway and client blacklist, and a client whitelist.
Based on this, as one example, the portal of the public cloud may receive an information security service request of the client and send the information security service request to the internet of vehicles security trust center of the PKI system through the application gateway layer. After receiving the information security service request, the internet of vehicles security information center can determine whether the client corresponding to the information security service request is in a client white list, and if the client is in the client white list, the internet of vehicles security information center can provide the information security service corresponding to the information security service request for the client through the micro service. Specifically, the micro service can provide the information security service corresponding to the information security service request for the client together by calling the service in the private cloud and the service in the cloud native service.
It should be noted that, in the embodiment of the present application, the PKI system may be a containerized PKI system. That is, services in the PKI system (such as micro services and cloud native services) may be deployed in a container. Therefore, when the service access amount is too large, the system capacity expansion can be realized by newly creating a pod to register to the service center.
The service providing method provided by the embodiment of the application is described below.
Fig. 2 is a schematic flow chart of a service providing method according to an embodiment of the present application. As shown in fig. 2, the service providing method provided by the embodiment of the present application includes the following steps:
s210, receiving an information security service request sent by a client;
s220, providing information security service for the client based on a first computing resource in response to the information security service request, wherein the first computing resource is configured computing resource in the public key infrastructure system;
s230, acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service;
s240, providing information security services for the client based on the first computing resource and the second computing resource.
According to the service providing method provided by the embodiment of the application, the public key infrastructure system is deployed on the public cloud, and the second computing resource is directly acquired from the public cloud under the condition that the configured first computing resource in the public key infrastructure system does not meet the resource condition required by the information security service, so that the time for acquiring the second computing resource can be saved compared with the manual configuration of the second computing resource by a user. Therefore, the information security service is provided for the client based on the first computing resource and the second computing resource, so that the efficiency of providing the information security service for the client can be improved, and the normal operation of the service is ensured.
A specific implementation of each of the above steps is described below.
In some embodiments, the information security service request may request that the PKI system provide information security services for the client in S210. The PKI system may be a containerized PKI system. That is, services in a PKI system may be deployed in a container.
As an example, an internet of vehicles security trust center of a PKI system may receive an information security service request sent by a client through an ingress and application gateway layer of a public cloud.
In some embodiments, in S220, the first computing resource may comprise a computing resource already configured in the PKI system. Since the PKI system may include a micro-service and a cloud-native service, the first computing resources may include computing resources corresponding to the micro-service and computing resources corresponding to the cloud-native service that have been configured in the PKI system.
Based on this, the information security service may include a first information security service. The first information security service may be an information security service that can be provided for the client based on computing resources in the public cloud. Thus, in order to provide the first information security service for the client, in some embodiments, the step S220 may specifically include:
and providing a first information security service for the client based on the computing resources corresponding to the micro service and the computing resources corresponding to the cloud native service.
Here, the computing resources corresponding to the micro service may include computing resources corresponding to Sub CA, RA, key service, signature verification, and LDAP. The computing resources corresponding to the cloud native service may include computing resources corresponding to the nacos, redis, mysql, kafka, rabbitmq and zookeeper, etc. services.
In addition, since the PKI system may be communicatively connected with the private cloud, the first computing resource may also include a computing resource in the private cloud.
Based on this, the information security service may include a second information security service. The second information security service may be an information security service that is capable of being provided for the client based on computing resources in the private cloud. The privacy of the second information security service may be higher than the privacy of the first information security service. Thus, in order to provide the second information security service for the client, in some embodiments, the step S220 may specifically further include:
and providing a second information security service for the client based on the computing resources in the private cloud.
Here, the computing resources in the private cloud may include computing resources corresponding to the ROOT CA, the signature service, and the encryptor.
Based on this, as an example, the internet of vehicles security trust center may provide the information security service to the client through the invocation between the plurality of micro services in response to the information security service request after receiving the information security service request.
Based on this, in order to ensure the security of providing the information security service, in some embodiments, the S220 may specifically include:
acquiring a client blacklist;
in the event that the client is determined not to be in the client blacklist, an information security service is provided for the client based on the first computing resource.
Here, a plurality of clients may be included in the client blacklist. The PKI system may provide information security services for any client other than a plurality of clients in a client blacklist.
In this way, by providing the information security service for the client based on the first computing resource in the case where it is determined that the client is not in the client blacklist, security of the information security service can be ensured.
In some embodiments, in S230, the second computing resource may be a computing resource in a public cloud, but not in a PKI system. The second computing resource may include computing resources corresponding to Sub CA, RA, key service, signature verification, LDAP, nacos, redis, mysql, kafka, rabbitmq, zookeeper, etc. services. Because the PKI system may be a containerized PKI system, the obtaining of the second computing resource from the public cloud may specifically be creating a pod to register with the service center, thereby implementing system capacity expansion.
In addition, the PKI system may receive information security service requests sent by a plurality of clients within a preset duration. Because the first computing resource is limited, the resource condition that the first computing resource does not satisfy the information security service may be that the PKI system cannot provide the information security service for all or a portion of the clients that send the information security service request for the preset duration based on the first computing resource. That is, the resource condition required by the first computing resource to satisfy the information security service may be that the PKI system is capable of providing the information security service for all clients that send the information security service request for a preset duration based on the first computing resource.
Based on this, in order to accurately determine whether the first computing resource satisfies the resource condition required for the information security service, in some embodiments, before S230 above, it may further include:
acquiring a first quantity of information security service requests received within a first preset time period;
and if the first number is greater than a first preset threshold, determining that the first computing resource does not meet the resource condition required by the information security service.
Here, the first preset time period may be, for example, ten minutes, thirty minutes, one hour, or the like, and is not limited herein. The first preset threshold may be a preset number of PKI systems capable of providing information security services to the client based on the first computing resource.
Thus, if the first number is not greater than the first preset threshold, it may be determined that the first computing resource satisfies a resource condition required by the information security service. If the first number is greater than a first preset threshold, it may be determined that the first computing resource does not satisfy the resource condition required by the information security service.
In some embodiments, after the second computing resource is acquired, an information security service may be provided to the client based on the first computing resource and the second computing resource together in S240.
Based on this, to achieve dynamic adjustment of the computing resource and ensure the rationality of resource utilization, in some embodiments, after S240 above, the method may further include:
acquiring a second number of information security service requests received within a second preset time period;
and deleting the second computing resource from the public key infrastructure system if the second number is less than a second preset threshold.
Here, the first preset time period may be, for example, ten minutes, thirty minutes, one hour, or the like, and is not limited herein. The second preset time period and the first preset time period may be the same. The second preset threshold may be a number of information security services that the PKI system is capable of providing to the client based on the first computing resource. The second preset threshold may be equal to or smaller than the first preset threshold, which is not limited herein.
In this way, by deleting the second computing resource from the public key infrastructure system when the second number is less than the second preset threshold, dynamic adjustment of the computing resource can be achieved, and rationality of resource utilization is ensured.
Based on this, in order to guarantee the rationality of the resource utilization, in some embodiments, after S240 above, it may further include:
acquiring a client white list under the condition that the first computing resource and the second computing resource do not meet the resource conditions required by the information security service;
in the event that the client is determined to be in the client whitelist, an information security service is provided for the client based on the first computing resource and the second computing resource.
Here, a plurality of clients may be included in the client whitelist. The PKI system may provide information security services for a plurality of clients in a client whitelist.
As an example, if the third number of information security service requests received within the third preset duration is greater, and the first computing resource and the second computing resource do not meet the resource condition required by the information security service, the information security service may be provided only for the client in the client whitelist. The third preset duration and the second preset duration may be the same.
In this way, the rationality of resource utilization can be ensured.
In addition, in the case that the first computing resource and the second computing resource do not meet the resource condition required by the information security service, service fusing and service degradation can also be performed to ensure the security of the whole PKI system.
Based on the service providing method provided by the embodiment, correspondingly, the application further provides a specific implementation mode of the service providing device. Please refer to the following examples.
As shown in fig. 3, the service providing apparatus 300 provided in the embodiment of the present application includes the following modules:
a receiving module 310, configured to receive an information security service request sent by a client;
a first providing module 320, configured to provide an information security service to the client based on a first computing resource in response to the information security service request, the first computing resource being a configured computing resource in the public key infrastructure system;
a first obtaining module 330, configured to obtain a second computing resource from the public cloud when the first computing resource does not meet a resource condition required by the information security service;
the second providing module 340 is configured to provide an information security service for the client based on the first computing resource and the second computing resource.
The service providing apparatus 300 will be described in detail, specifically as follows:
in some of these embodiments, the service providing apparatus 300 may further include:
the second acquisition module is used for acquiring a first quantity of information security service requests received in a first preset duration before acquiring second computing resources from the public cloud;
and the determining module is used for determining that the first computing resource does not meet the resource condition required by the information security service under the condition that the first quantity is larger than a first preset threshold value.
In some of these embodiments, the service providing apparatus 300 may further include:
the third acquisition module is used for acquiring a second number of information security service requests received in a second preset duration after providing information security services for the client based on the first computing resources and the second computing resources;
and the deleting module is used for deleting the second computing resource from the public key infrastructure system under the condition that the second number is smaller than a second preset threshold value.
In some of these embodiments, the first providing module 320 may specifically include:
the first acquisition submodule is used for acquiring the client blacklist;
and the first providing sub-module is used for providing information security service for the client based on the first computing resource under the condition that the client is determined not to be in the client blacklist.
In some of these embodiments, the service providing apparatus 300 may further include:
a fourth obtaining module, configured to obtain a white list of the client when the first computing resource and the second computing resource do not meet a resource condition required by the information security service after providing the information security service for the client based on the first computing resource and the second computing resource;
and the third providing module is used for providing information security service for the client based on the first computing resource and the second computing resource under the condition that the client is determined to be in the client white list.
In some of these embodiments, the public key infrastructure system includes a micro service and a cloud native service, and the information security service includes a first information security service;
based on this, the first providing module 320 may specifically include:
the second providing sub-module is used for providing the first information security service for the client based on the computing resources corresponding to the micro-service and the computing resources corresponding to the cloud native service.
In some of these embodiments, the public key infrastructure system is communicatively coupled to a private cloud, the information security service comprising a second information security service having a higher privacy than the first information security service;
based on this, the first providing module 320 may specifically further include:
and the third providing sub-module is used for providing a second information security service for the client based on the computing resources in the private cloud.
The service providing device in the embodiment of the application can save the time for acquiring the second computing resource relative to the manual configuration of the second computing resource by deploying the public key infrastructure system on the public cloud and directly acquiring the second computing resource from the public cloud under the condition that the configured first computing resource in the public key infrastructure system does not meet the resource condition required by the information security service. Therefore, the information security service is provided for the client based on the first computing resource and the second computing resource, so that the efficiency of providing the information security service for the client can be improved, and the normal operation of the service is ensured.
Based on the service providing method provided by the embodiment, the embodiment of the application also provides a specific implementation mode of the electronic equipment. Fig. 4 shows a schematic diagram of an electronic device 400 according to an embodiment of the application.
The electronic device 400 may include a processor 410 and a memory 420 storing computer program instructions.
In particular, the processor 410 may include a Central Processing Unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured as one or more integrated circuits that implement embodiments of the present application.
Memory 420 may include mass storage for data or instructions. By way of example, and not limitation, memory 420 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, magnetic tape, or universal serial bus (Universal Serial Bus, USB) Drive, or a combination of two or more of the foregoing. Memory 420 may include removable or non-removable (or fixed) media, where appropriate. Memory 420 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 420 is a non-volatile solid state memory.
The memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory comprises one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors) it is operable to perform the operations described with reference to the method according to the first aspect of the application.
The processor 410 implements any of the service providing methods of the above embodiments by reading and executing computer program instructions stored in the memory 420.
In one example, electronic device 400 may also include communication interface 430 and bus 440. As shown in fig. 4, the processor 410, the memory 420, and the communication interface 430 are connected and communicate with each other through a bus 440.
The communication interface 430 is mainly used to implement communication between each module, device, unit and/or apparatus in the embodiment of the present application.
Bus 440 includes hardware, software, or both that couple components of the electronic device to one another. By way of example, and not limitation, the buses may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a HyperTransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a micro channel architecture (MCa) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus, or a combination of two or more of the above. Bus 440 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
By way of example, electronic device 400 may be a cell phone, tablet, notebook, palm, in-vehicle electronic device, ultra-mobile personal computer (UMPC), netbook, or personal digital assistant (personal digital assistant, PDA), or the like.
The electronic device may execute the service providing method in the embodiment of the present application, thereby implementing the service providing method and apparatus described in connection with fig. 2 to 3.
In addition, in connection with the service providing method in the above embodiments, the embodiments of the present application may be implemented by providing a computer-readable storage medium. The computer readable storage medium has stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any of the service providing methods of the above embodiments.
It should be understood that the application is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between steps, after appreciating the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented in hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave. A "machine-readable medium" may include any medium that can store or transfer information. Examples of machine-readable media include electronic circuitry, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to being, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware which performs the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the foregoing, only the specific embodiments of the present application are described, and it will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein. It should be understood that the scope of the present application is not limited thereto, and any equivalent modifications or substitutions can be easily made by those skilled in the art within the technical scope of the present application, and they should be included in the scope of the present application.
Claims (10)
1. A service providing method applied to a public key infrastructure system, the public key infrastructure system deployed on a public cloud, the method comprising:
receiving an information security service request sent by a client;
providing information security services for the client based on a first computing resource in response to the information security service request, the first computing resource being a configured computing resource in the public key infrastructure system;
acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service;
providing information security services for the client based on the first computing resource and the second computing resource.
2. The method of claim 1, wherein the method further comprises, prior to obtaining a second computing resource from the public cloud if the first computing resource does not meet a resource condition required by the information security service:
acquiring a first quantity of the information security service requests received within a first preset time period;
and under the condition that the first quantity is larger than a first preset threshold value, determining that the first computing resource does not meet the resource condition required by the information security service.
3. The method of claim 1, wherein after providing information security services to the client based on the first computing resource and the second computing resource, the method further comprises:
acquiring a second number of information security service requests received within a second preset time period;
deleting the second computing resource from the public key infrastructure system if the second number is less than a second preset threshold.
4. The method of claim 1, wherein providing information security services to the client based on the first computing resource comprises:
acquiring a client blacklist;
in the event that the client is determined not to be in the client blacklist, providing an information security service for the client based on the first computing resource.
5. The method of claim 1, wherein after providing information security services to the client based on the first computing resource and the second computing resource, the method further comprises:
acquiring a client white list under the condition that the first computing resource and the second computing resource do not meet the resource condition required by the information security service;
providing information security services for the client based on a first computing resource and the second computing resource, if the client is determined to be in the client whitelist.
6. The method of claim 1, wherein the public key infrastructure system comprises a micro service and a cloud native service, the information security service comprising a first information security service;
the providing information security services for the client based on the first computing resource includes:
and providing a first information security service for the client based on the computing resources corresponding to the micro service and the computing resources corresponding to the cloud native service.
7. The method of claim 6, wherein the public key infrastructure system is communicatively coupled to a private cloud, the information security service comprising a second information security service having a higher privacy than the first information security service;
the providing information security services for the client based on the first computing resource further includes:
and providing a second information security service for the client based on the computing resources in the private cloud.
8. A service providing apparatus for application to a public key infrastructure system, the public key infrastructure system deployed on a public cloud, the apparatus comprising:
the receiving module is used for receiving the information security service request sent by the client;
a first providing module, configured to provide an information security service for the client based on a first computing resource in response to the information security service request, where the first computing resource is a configured computing resource in the public key infrastructure system;
the first acquisition module is used for acquiring a second computing resource from the public cloud under the condition that the first computing resource does not meet the resource condition required by the information security service;
and the second providing module is used for providing information security service for the client based on the first computing resource and the second computing resource.
9. An electronic device, the electronic device comprising: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the service providing method of any of claims 1-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon computer program instructions, which when executed by a processor, implement the service providing method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310804962.1A CN116708576A (en) | 2023-06-30 | 2023-06-30 | Service providing method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310804962.1A CN116708576A (en) | 2023-06-30 | 2023-06-30 | Service providing method, device, equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116708576A true CN116708576A (en) | 2023-09-05 |
Family
ID=87829247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310804962.1A Pending CN116708576A (en) | 2023-06-30 | 2023-06-30 | Service providing method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116708576A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117061518A (en) * | 2023-10-11 | 2023-11-14 | 富钛字节车载软件(长春)有限公司 | Cloud native virtual CAN communication system and method |
-
2023
- 2023-06-30 CN CN202310804962.1A patent/CN116708576A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117061518A (en) * | 2023-10-11 | 2023-11-14 | 富钛字节车载软件(长春)有限公司 | Cloud native virtual CAN communication system and method |
| CN117061518B (en) * | 2023-10-11 | 2024-01-12 | 富钛字节车载软件(长春)有限公司 | Cloud native virtual CAN communication system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9231936B1 (en) | Control area network authentication | |
| CN105792201B (en) | Method and system for issuing CSR certificate for vehicle-to-outside communication | |
| US20170180330A1 (en) | Method and electronic device for vehicle remote control and a non-transitory computer readable storage medium | |
| CN109361718B (en) | Identity authentication method, apparatus and medium | |
| CN116708576A (en) | Service providing method, device, equipment and computer readable storage medium | |
| CN109379403B (en) | Control method and device of Internet of things equipment, server and terminal equipment | |
| CN112913190A (en) | Upgrading method and device based on over-the-air technology OTA | |
| CN114710524B (en) | Data interaction method, device and equipment of in-vehicle local area network and storage medium | |
| CA3028556A1 (en) | Method and system for securely provisioning a remote device | |
| CN114884912A (en) | Communication method, system, equipment and computer readable storage medium of SOA architecture | |
| WO2022206107A1 (en) | V2x signature verification method and apparatus, electronic device, and readable storage medium | |
| CN105015484A (en) | Remote-start control method and intelligent control unit of motor vehicle | |
| CN114945038A (en) | Communication method, system, equipment and readable storage medium based on SOA architecture | |
| CN112217634A (en) | Authentication method, equipment and system applied to intelligent vehicle | |
| CN115858320A (en) | Operation log recording method, apparatus, medium and product | |
| CN110881176B (en) | Method for improving utilization rate of vehicle-to-X communication device and vehicle-to-X communication device | |
| CN112929174B (en) | Certificate revocation list updating method and related equipment | |
| CN114265815A (en) | Traffic media data storage method, server, storage medium and system | |
| US20230401306A1 (en) | Electronic control unit adapted to intelligent transport system communications and corresponding method | |
| EP4362390A1 (en) | Method for maintaining a storage resource, apparatus, vehicle, computer program | |
| US20230403553A1 (en) | Method for managing intelligent transport system communications and corresponding electronic control unit | |
| CN114710450B (en) | Flow control method, device, equipment and computer storage medium | |
| CN111917734B (en) | Method and device for managing public key, electronic equipment and computer readable storage medium | |
| CN117874727A (en) | Request processing method, request processing device, electronic equipment and storage medium | |
| CN117812567A (en) | Communication connection method, apparatus, device, medium, and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |