CN117201624A - Security atomic capability processing method, device, equipment and storage medium - Google Patents

Security atomic capability processing method, device, equipment and storage medium Download PDF

Info

Publication number
CN117201624A
CN117201624A CN202210618372.5A CN202210618372A CN117201624A CN 117201624 A CN117201624 A CN 117201624A CN 202210618372 A CN202210618372 A CN 202210618372A CN 117201624 A CN117201624 A CN 117201624A
Authority
CN
China
Prior art keywords
capability
request information
capability request
message protocol
atomic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210618372.5A
Other languages
Chinese (zh)
Inventor
李长连
刘果
杨丽丽
蔺旋
戚大强
张彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
China Information Technology Designing and Consulting Institute Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
China Information Technology Designing and Consulting Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd, China Information Technology Designing and Consulting Institute Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202210618372.5A priority Critical patent/CN117201624A/en
Publication of CN117201624A publication Critical patent/CN117201624A/en
Pending legal-status Critical Current

Links

Abstract

The application provides a method, a device, equipment and a storage medium for processing security atomic capacity, which relate to the field of communication and are used for improving the efficiency of security atomic capacity adaptation, wherein the method comprises the following steps: receiving first capability request information sent by a client, wherein the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client; converting the first capability request message into second capability request information; analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers; converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol which is a message protocol supported by a target capability providing server; and transmitting third capability request information to the target capability providing server.

Description

Security atomic capability processing method, device, equipment and storage medium
Technical Field
The present application relates to the field of communications, and in particular, to a method, an apparatus, a device, and a storage medium for processing secure atomic capability.
Background
Dynamic integration of security atomic capabilities (some type of complete security capability, such as host vulnerability scanning, website hanging horse monitoring, etc.) refers to a configuration scheme that integrates different manufacturers and different types of security capabilities.
At present, the dynamic integration of the security atomic capacity is to manually adapt the security atomic capacity based on the integration capacity of research and development personnel, and as the object properties among the security atomic capacities of different factories are different, the research and development personnel are required to understand the differences among the factories and then manually write codes to perform data conversion, so that the security atomic capacity adaptation period is overlong, and the development period is long, the test cost is high and other problems are caused. How to improve the efficiency of secure atomic capacity adaptation is a problem to be solved.
Disclosure of Invention
The application provides a method, a device, equipment and a storage medium for processing secure atomic capacity, which are used for improving the efficiency of secure atomic capacity adaptation.
In order to achieve the above purpose, the present application adopts the following technical scheme.
In a first aspect, a method for processing secure atomic capabilities is provided, where the method is applied to a capability management server, and the method includes: receiving first capability request information sent by a client, wherein the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client; converting the first capability request message into second capability request information, wherein the second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by a capability management server; analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers; converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol which is a message protocol supported by a target capability providing server; and transmitting third capability request information to the target capability providing server.
The technical scheme provided by the application has at least the following beneficial effects: according to the method for processing the secure atomic capacity, after the capability management server receives the first capability request information sent by the client, the first capability request information is converted into the second message protocol from the first message protocol to obtain the second capability request information, and the second message protocol is the message protocol supported by the capability management server, so that the capability management server can analyze the second message protocol to acquire the target secure atomic capacity required by the client, and further the target capability providing server capable of providing the target secure atomic capacity can be rapidly and accurately determined from a plurality of capability providing servers according to the target secure atomic capacity. And further converting the second capability request information from the second message protocol to a third message protocol which can be identified by the target capability providing server, obtaining third capability request information, and further sending the third capability request information to the target capability providing server. Because the protocol of the third capability request information is the third message protocol which can be identified by the target capability providing server, the target capability providing server can quickly analyze the third capability request information after receiving the third capability request information, thereby providing corresponding target security atomic capability.
Therefore, through setting the capacity management server to realize the protocol conversion of the information between the client and the capacity providing server, the capacity management server can quickly identify the safety atomic capacity requested by the client, and then quickly select the capacity providing server capable of providing the corresponding safety atomic capacity, and further request the corresponding capacity providing server to provide the corresponding safety atomic capacity, so that the code-free adaptation of the safety atomic capacity is realized, the research personnel is not required to write codes manually to perform data conversion to realize the adaptation of the safety atomic capacity, the efficiency of the safety atomic capacity adaptation is improved, the development period is shortened, and the test cost is reduced.
In a possible implementation manner, after sending the third capability request information to the target capability providing server, the method further includes: receiving a first capability request result sent by a target capability providing server, wherein the first capability request result adopts a third message protocol; converting the first capability request result into a second capability request result, wherein the second capability request result is a first message protocol; and sending a second capability request result to the client.
In one possible implementation, converting the first capability request result to a second capability request result includes: converting the first capability request result into a third capability request result and storing the third capability request result, wherein the third capability request result is a second message protocol; the third capability request result is converted into a second capability request result.
In one possible implementation, converting the first capability request message into the second capability request message includes processing the first capability request message to obtain the second capability request message, where the processing includes one or more of: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
In a possible implementation manner, the method further includes: receiving capability configuration information of a user, wherein the capability configuration information comprises a name of a first secure atomic capability provided by a first capability providing server, an address of an application programming interface (application programming interface, API) of the first secure atomic capability, an encryption mode of the first secure atomic capability and a preset mapping relation, the preset mapping relation comprises a mapping relation between a field of the first secure atomic capability and a field of a platform secure atomic capability, and the platform secure atomic capability is the secure atomic capability provided by a capability management server; storage capability configuration information.
In a possible implementation manner, the method further includes: receiving a capability offline request of a user, wherein the capability offline request comprises an identifier of a capability to be offline; and carrying out offline processing on the offline capability according to the identification of the offline capability.
In a second aspect, there is provided a processing apparatus comprising: the communication unit is used for receiving first capability request information sent by the client, wherein the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client; a processing unit for: converting the first capability request message into second capability request information, wherein the second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by a capability management server; analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers; converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol which is a message protocol supported by a target capability providing server; and the communication unit is also used for sending the third capability request information to the target capability providing server.
In a possible implementation manner, the communication unit is further configured to receive a first capability request result sent by the target capability providing server, where the first capability request result uses a third message protocol; the processing unit is further used for converting the first capability request result into a second capability request result, and the second capability request result is a first message protocol; and the communication unit is also used for sending a second capability request result to the client.
In a possible implementation manner, the processing unit is specifically configured to: converting the first capability request result into a third capability request result and storing the third capability request result, wherein the third capability request result is a second message protocol; the third capability request result is converted into a second capability request result.
In a possible implementation manner, the processing unit is specifically configured to process the first capability request information to obtain second capability request information, where the processing includes one or more of the following: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
In a possible implementation manner, the communication unit is further configured to receive capability configuration information of a user, where the capability configuration information includes a name of a first secure atomic capability provided by the first capability providing server, an address of an application programming interface of the first secure atomic capability, an encryption manner of the first secure atomic capability, and a preset mapping relationship, and the preset mapping relationship includes a mapping relationship between a field of the first secure atomic capability and a field of a platform secure atomic capability, where the platform secure atomic capability is the secure atomic capability provided by the capability management server; and the processing unit is also used for storing the capacity configuration information.
In a possible implementation manner, the communication unit is further configured to receive a capability offline request of a user, where the capability offline request includes an identifier of a capability to be offline; and the processing unit is also used for carrying out offline processing on the offline capability according to the identification of the offline capability.
In a third aspect, a network device is provided, comprising: a processor and a memory; the memory stores instructions executable by the processor; the processor is configured to, when executing the instructions, cause the network device to implement the method as provided in the first aspect described above.
In a fourth aspect, there is provided a computer readable storage medium storing computer instructions that, when run on a computer, cause the computer to perform the method provided by the first aspect.
In a fifth aspect, there is provided a computer program product comprising computer instructions which, when run on a computer, cause the computer to perform the method of the first aspect.
Technical effects caused by any possible implementation manners of the second aspect to the fifth aspect may be related to technical effects caused by corresponding implementation manners of the first aspect, which are not described herein.
Drawings
The accompanying drawings are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate and do not limit the application.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a method for processing secure atomic capacity according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another method for secure atomic capability processing according to an embodiment of the present application;
FIG. 4 is a flowchart illustrating another method for secure atomic capability processing according to an embodiment of the present application;
FIG. 5 is a flowchart illustrating another method for secure atomic capability processing according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a unified UI according to an embodiment of the application;
FIG. 7 is a flowchart illustrating another method for secure atomic capability processing according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a processing apparatus according to an embodiment of the present application;
fig. 9 is a schematic hardware structure of a network device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In the embodiments of the present application, in order to facilitate the clear description of the technical solutions of the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. The technical features described in the first and second descriptions are not sequential or in order of magnitude.
In embodiments of the application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion that may be readily understood.
In the description of the present application, unless otherwise indicated, "/" means that the objects associated in tandem are in a "or" relationship, e.g., A/B may represent A or B; the "and/or" in the present application is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. Also, in the description of the present application, unless otherwise indicated, "a plurality" means two or more than two. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
In the embodiment of the present application, at least one may also be described as one or more, and a plurality may be two, three, four or more, and the present application is not limited thereto.
At present, in the adaptation process of the security atomic capacity, the development period is long, the testing cost is high, the modification flexibility of the security atomic capacity is relatively poor, the security atomic capacity is required to be manually recompiled and packed, the security atomic capacity is integrated in a code form, the dynamic realization and loading are not supported, and the integration period of the security atomic capacity is relatively long.
Based on the above, the embodiment of the application provides a method for processing secure atomic capacity, by configuring a capacity management server to realize the protocol conversion of a message between a client and a capacity providing server, the capacity management server can quickly determine the target secure atomic capacity applied by the client, further determine a target capacity providing server capable of providing the target secure atomic capacity, and further send the capacity request information under the message protocol which can be identified by the target capacity providing server to the target capacity providing server, so that the target capacity providing server can automatically determine the target secure atomic capacity requested by the client, and the research and development personnel of the target capacity providing server do not need to manually adapt in a code form, thereby quickly providing the corresponding target secure atomic capacity for the client. Therefore, the quick adaptation of the safety atomic capacity is realized, the manual adaptation of research personnel in a code form is not needed, the efficiency of the safety atomic capacity adaptation is improved, the integration efficiency of the safety atomic capacity can be improved, and the development period and the test cost can be reduced.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application. As shown in fig. 1, the communication system 1 includes a client 10, a capability management server 20, and a plurality of capability providing servers (a capability providing server 301, a capability providing server 302, and a capability providing server 303 shown in fig. 1).
In some embodiments, the client 10 may be a stand-alone physical device, such as an electronic device with computing processing capabilities, e.g., a computer or server. The server may be a single server, or may be a server cluster formed by a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. Optionally, the server may also be implemented on a cloud platform, for example, the cloud platform may include a private cloud, public cloud, hybrid cloud, community cloud (community cloud), distributed cloud, inter-cloud, multi-cloud (multi-cloud), or any combination thereof, which is not limited by the embodiments of the present application.
In some embodiments, the client 10 may connect with the capacity management server 20 in a wireless or wired manner, and the client 10 may establish a communication connection with the capacity management server 20 through a hypertext transfer protocol (hyperText transfer protocol, HTTP), may establish a communication connection with the capacity management server 20 through a socket, and may also establish a communication connection with the capacity management server 20 through a Web service. The client 10 may be understood as a requester of a secure atomic capability, and the client 10 may send capability request information to the capability management server 20 when the client 10 needs a certain secure atomic capability.
In some embodiments, the capability management server 20 may be an electronic device having a processing function, such as a computer or a server, where the server may be a single server, or may be a server cluster formed by a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. Optionally, the server may also be implemented on a cloud platform, for example, the cloud platform may include a private cloud, public cloud, hybrid cloud, community cloud (community cloud), distributed cloud, inter-cloud, multi-cloud (multi-cloud), or any combination thereof, which is not limited by the embodiments of the present application.
In some embodiments, the capability management server 20 may be connected to a plurality of capability providing servers in a wireless or wired manner. Illustratively, the capability management server 20 may establish a communication connection with the capability providing server through HTTP, may establish a communication connection with the capability providing server through socket, and may also establish a communication connection with the capability providing server through Web service. The capability management server 20 may be understood as a transfer platform of secure atomic capability, after the capability management server 20 receives the capability request information sent by the client 10, the capability management server 20 may parse the capability request information to determine the target secure atomic capability requested by the client 10, and further determine, from a plurality of capability providing servers, a target capability providing server capable of providing the target secure atomic capability, and further send the capability request information to the target capability providing server to request the target capability providing server to provide the corresponding target secure atomic capability.
In some embodiments, the capability providing server (e.g., capability providing server 301) may be an electronic device with processing functions, such as a computer or a server, where the server may be a single server, or may be a server cluster formed by a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. Optionally, the server may also be implemented on a cloud platform, for example, the cloud platform may include a private cloud, public cloud, hybrid cloud, community cloud (community cloud), distributed cloud, inter-cloud, multi-cloud (multi-cloud), or any combination thereof, which is not limited by the embodiments of the present application.
In some embodiments, the capability providing server may be understood as a provider of secure atomic capabilities. The capability providing server, after receiving the capability request information sent by the capability management server 20, may parse the capability request information to determine the requested target security atomic capability, and then return the capability request result to the capability management server 20.
In some embodiments, the capability management server 20 may also act as a provider of secure atomic capabilities. After the capability providing server develops the security atomic capability, the capability providing server may upload the developed security atomic capability to the capability management server 20, and in the process of uploading the security atomic capability, set a mapping relationship between a field of the security atomic capability of the capability providing server and a field of the security atomic capability (may also be referred to as a platform atomic capability) of the capability management server 20, so that the capability management server 20 may convert the security atomic capability uploaded by the capability providing server into the platform atomic capability of itself and store the platform atomic capability, so that the capability management server 20 searches for the security atomic capability stored by itself after receiving the capability request information sent by the client and analyzing the capability request information to determine the requested target security atomic capability, and after determining that the corresponding target security atomic capability is stored by itself, provides the corresponding target security atomic capability to the client 10.
It should be appreciated that fig. 1 is an exemplary architecture diagram, and that the communication system shown in fig. 1 includes no limitation on the number of devices (e.g., the number of clients, the number of capability management servers, and the number of capability providing servers). In addition, the communication system shown in fig. 1 may include other devices in addition to the devices shown in fig. 1, and is not limited thereto.
Next, as shown in fig. 2, an embodiment of the present application provides a method for processing secure atomic capabilities, which can be applied to the capability management server 20 shown in fig. 1, and includes the following steps:
s101, receiving first capability request information sent by a client.
In some embodiments, in a case where a user of the client needs to use a certain secure atomic capability, the user may send first capability request information to the capability management server through the client to request the capability management server to provide the corresponding secure atomic capability. Further, the capability management server receives the first capability request information sent by the client. The first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client.
It will be appreciated that the message protocols supported by the different devices may be different, that the client supports a first message protocol, that the representative client may identify messages based on the first message protocol, and that the client may communicate using the first message protocol. The protocol of the first capability request information sent by the client also employs the first message protocol in case the client supports the first message protocol.
S102, converting the first capability request information into second capability request information.
The second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by the capability management server.
In some embodiments, if the message protocol supported by the capability management server is the second message protocol, the capability management server cannot identify the first capability request information based on the first message protocol because the first capability request information adopts the first message protocol. In order to be able to identify the first capability request information sent by the client, the capability management server needs to convert the first capability information based on the first message protocol into the second capability request information based on the second message protocol after receiving the first capability request information.
Optionally, the capability management server may convert the first capability request information into the second capability request information, which may be specifically implemented as: and processing the first capability request information to obtain second capability request information. Wherein processing the first capability request information may include one or more of: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process. Therefore, through the processing, the capability management server can automatically identify the capability request information sent by the client, data conversion by a code manner is not needed by research personnel, and the efficiency of the security atomic capability adaptation is improved.
In some embodiments, if the first capability request information sent by the client side adopts encryption processing, the capability management server may decrypt the first capability request information according to a preset decryption manner after receiving the first capability request information. The preset decryption mode can be preset by a user to which the client belongs and a user to which the capacity management server belongs, and the preset decryption mode is stored in a database of the capacity management server, so that after the capacity management server receives encryption request information sent by a certain client, the encryption request information can be decrypted according to the preset decryption mode preset by the client, the information security is ensured, and meanwhile, the efficiency of security atomic capacity adaptation is improved.
S103, analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers.
Because the second capability request information adopts the second message protocol, the capability management server can effectively analyze the second capability request information, and further can analyze the target security atomic capability requested by the second capability request information, namely the target security atomic capability requested by the client.
After determining the target secure atomic capability requested by the second capability request information, a target capability providing server responsible for providing the target secure atomic capability may be determined from the plurality of capability providing servers according to an attribute of the target secure atomic capability, for example, a type of the target secure atomic capability. Illustratively, assume that the capability providing server 301 in fig. 1 described above is a target capability providing server.
In some embodiments, when the capability management server establishes a communication connection with each capability providing server, after determining the secure atomic capability that each capability providing server is responsible for providing, a correspondence relationship between each capability providing server and the secure atomic capability that the capability providing server is responsible for providing is established, so after determining the target secure atomic capability, the target capability providing server that is responsible for providing the target secure atomic capability may be determined from the plurality of capability providing servers according to the target secure atomic capability and the pre-established correspondence relationship.
It can be understood that the security atomic capabilities that different capability providing servers are responsible for providing may be different, and the target capability providing server that can provide the target security atomic capability is quickly determined according to the type of the target security atomic capability, so that the efficiency of security atomic capability adaptation is improved.
S104, converting the second capability request information into third capability request information.
The third capability request information adopts a third message protocol, and the third message protocol is a message protocol supported by the target capability providing server.
In some embodiments, the database of the capability management server has pre-stored therein the message protocols supported by each capability providing server connected thereto. After the target capacity providing server is determined, a message protocol supported by the target capacity providing server can be further determined, so that the target capacity providing server can automatically identify the third capacity request information after receiving the third capacity request information, a developer to which the target capacity providing server belongs is not required to convert the third capacity request information in a code manner, and the efficiency of security atomic capacity adaptation is improved.
S105, sending third capability request information to the target capability providing server.
In some embodiments, the database of the capacity management server stores in advance an encryption scheme to be adopted when the capacity providing server and the capacity management server perform data transmission, wherein the security requirement is required for the data transmission. If the target capacity providing server is a capacity providing server with requirements on the safety of data transmission, the capacity management server encrypts the third capacity request information according to an encryption mode of the pre-stored target capacity providing server, and then sends the encrypted third capacity request information to the target capacity providing server. Illustratively, the encryption mode is AES-256.
Based on the embodiment shown in fig. 2, at least the following advantages are brought about: according to the method for processing the secure atomic capacity, after the capability management server receives the first capability request information sent by the client, the first capability request information is converted into the second message protocol from the first message protocol to obtain the second capability request information, and the second message protocol is the message protocol supported by the capability management server, so that the capability management server can analyze the second message protocol to acquire the target secure atomic capacity required by the client, and further the target capability providing server capable of providing the target secure atomic capacity can be rapidly and accurately determined from a plurality of capability providing servers according to the target secure atomic capacity. And further converting the second capability request information from the second message protocol to a third message protocol which can be identified by the target capability providing server, obtaining third capability request information, and further sending the third capability request information to the target capability providing server. Because the protocol of the third capability request information is the third message protocol which can be identified by the target capability providing server, the target capability providing server can quickly analyze the third capability request information after receiving the third capability request information, thereby providing corresponding target security atomic capability.
Therefore, through setting the capacity management server to realize the protocol conversion of the information between the client and the capacity providing server, the capacity management server can quickly identify the safety atomic capacity requested by the client, and then quickly select the capacity providing server capable of providing the corresponding safety atomic capacity, and further request the corresponding capacity providing server to provide the corresponding safety atomic capacity, so that the code-free adaptation of the safety atomic capacity is realized, the research personnel is not required to write codes manually to perform data conversion to realize the adaptation of the safety atomic capacity, the efficiency of the safety atomic capacity adaptation is improved, the development period is shortened, and the test cost is reduced.
In some embodiments, after the capability management server sends the third capability request information to the target capability providing server, that is, after step S105, as shown in fig. 3, the method for processing secure atomic capability according to the embodiment of the present application further includes the following steps:
s201, receiving a first capability request result generated by a target capability providing server.
The first capability request result adopts a third message protocol, and the first capability request result comprises the target security atomic capability.
It will be appreciated that since the message protocol supported by the target capability providing server is the third message protocol, the first capability request result employs the third message protocol.
S202, converting the first capability request result into a second capability request result.
In some embodiments, if the first capability request result sent by the target capability providing server adopts an encryption manner, after receiving the first capability request result, the capability management server needs to decrypt the first capability request result according to a preset decryption manner, so as to obtain a decrypted first capability request result. And further processing the decrypted first capability request result to obtain a second capability request result. The second capability request result is a first message protocol, that is, the message protocol of the first capability request result is converted from a third message protocol which may not be recognized by the client to the first message protocol which may be recognized by the client.
Wherein the processing of the first capability request result may include one or more of: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
Alternatively, as shown in fig. 4, the conversion of the first capability request result into the second capability request result may be specifically implemented as the following steps:
S2021, converting the first capability request result into a third capability request result and storing the third capability request result.
Wherein the third capability request result is a second message protocol.
In some embodiments, after the capability management server receives the first capability request result, a message protocol of the first capability request result may be converted from a third message to a second message protocol, so as to obtain a third capability request result. As can be seen from the above, the second message protocol is a message protocol supported by the capability management server, after the first capability request result is converted into the third capability request result, the capability management server can effectively analyze the third capability request result because the third capability request result adopts the second protocol, so as to obtain the target security atomic capability provided by the target capability providing server.
In some embodiments, after the capability management server converts the first capability request result into a third capability request result, the third capability request result may be stored in its own secure atomic capability database.
In some embodiments, the database of the capability management server has stored therein a plurality of different types of secure atomic capabilities. It can be understood that the third capability request result includes the target secure atomic capability, so that the capability management server expands its secure atomic capability database, so that when other clients subsequently request the related secure atomic capability again, the capability management server can directly provide the requested secure atomic capability to other clients according to its secure atomic capability database, thereby improving the efficiency of secure atomic capability adaptation.
S2022, converting the third capability request result into a second capability request result.
Optionally, the third capability request result may be processed to obtain the second capability request result. Wherein the processing of the third capability request result may include one or more of: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
S203, sending a second capability request result to the client.
Optionally, if the client has a requirement on security of data transmission, the capability management server may encrypt the second capability request result according to an encryption manner pre-agreed with the client, and further send the encrypted second capability request result to the client in a communication manner adopted when the client sends the first capability request information.
Optionally, if the client does not preset an encryption manner when the client and the capacity management server subscribe to data transmission, the capacity management server may encrypt the second capacity request result with a certain feature of the capacity management server as an encryption manner, and send a prompt message to the client while sending the encrypted second capacity request result to the client, where the prompt message is used to indicate a decryption manner of the second capacity request result.
The embodiment shown on the basis of fig. 3 brings at least the following advantages: the capability management server converts the third message protocol which can not be identified by the client into the first message protocol which can be identified by the client through the message protocol of the capability request result sent by the target capability providing server, so that the probability that the capability request result is analyzed in a code manner by a developer to which the client belongs when the client can not identify the third message protocol is reduced, the client can quickly identify the capability request result, the target request capability included in the capability request result is further identified, the developer to which the client belongs is not required to analyze the capability request result in a code manner, and the efficiency of security atomic capability adaptation is improved.
The embodiment describes a secure atomic capability processing method provided by the embodiment of the application in terms of a capability management server as a intermediate platform of secure atomic capability. In some embodiments, the capability management server may also be used as a provider of secure atomic capability, as shown in fig. 5, and the method for processing secure atomic capability provided in the embodiment of the present application may further include the following steps:
S301, receiving capability configuration information of a user.
In some embodiments, the capability management server provides a unified User Interface (UI). After a certain capability providing server develops a new secure atomic capability or updates a previous secure atomic capability, a user (i.e., a developer) to which the capability providing server belongs can perform configuration management on the secure atomic capability through a unified UI provided by a capability management server.
Further, the capability management server receives capability configuration information of the user. The capability configuration information comprises a name of the first security atomic capability provided by the first capability providing server, an address of an API (application program interface) of the first security atomic capability, an encryption mode of the first security atomic capability and a preset mapping relation. The preset mapping relation comprises a mapping relation between a field of the first secure atomic capability and a field of the platform secure atomic capability, namely the secure atomic capability provided by the capability management server.
It can be understood that after the mapping relationship between the field of the first security atomic capability and the field of the platform security atomic capability is set by the user, after the first capability providing server uploads the first security atomic capability to the capability management server, the capability management server can convert the first security atomic capability into the security atomic capability applicable in the capability management server according to the preset corresponding relationship, so that a developer to whom the capability management server belongs is not required to research the first security atomic capability, and then convert the first security atomic capability into the platform security atomic capability in the form of codes, thereby reducing the workload of the developer.
Meanwhile, the conversion of the first capability request result into the third capability request result in step S2021 described above is also facilitated.
In some embodiments, after the capability management server receives the security atomic capability of the same type as the first security atomic capability uploaded by the other capability providing server, the plurality of security atomic capabilities uploaded by the other capability providing server may be uniformly converted into security atomic capabilities applicable inside the capability management server according to a preset mapping relationship configured by a user to which the other capability providing server belongs, and in the conversion process, one or more of field name conversion processing, field value conversion processing, field deletion processing, field completion processing, and the like are performed on the plurality of security atomic capabilities.
It will be appreciated that different capability providing servers may be different for the presentation of the same data. Illustratively, assuming there is data N, the capability providing server 1 represents N by X, the capability providing server 2 represents N by Y, and the capability providing server 3 represents N by Z. In the case where the secure atomic capabilities requested by the client require integration of the secure atomic capabilities provided by the capability providing server 1, the capability providing server 2, and the capability providing server 3, since the expression forms of the capability providing server 1, the capability providing server 2, and the capability providing server 3 with respect to the data N are different, the secure atomic capabilities provided by the three capability providing servers are not compatible, and in the case where the developers to which the capability management server belongs study the expression form of each capability providing server with respect to one data, integration of a plurality of secure atomic capabilities of the same type is implemented in the form of codes. Thus, the development period is long and the test cost is high.
And through configuring a unified UI interface to receive the preset mapping relation uploaded by the users to which each capability providing server belongs, the security atomic capability uploaded by each capability providing server can be converted into the platform security atomic capability applicable to the inside of the capability management server, so that the code-free integration of the security atomic capability of the same type is realized, and the workload of research personnel is reduced.
S302, storing capability configuration information.
It can be understood that the capability management server expands the types and the ranges of the security atomic capabilities provided by the capability management server by storing the capability configuration information uploaded by the user to which each capability providing server belongs through the UI interface, so that after the capability request information sent by the client is received, if the capability management server stores the security atomic capabilities requested by the capability request information, a capability request result can be directly returned to the client, the capability request information does not need to be sent again to the capability providing server, and the efficiency of security atomic capability adaptation is improved.
By way of example, a unified UI interface provided by the capability management server may be as shown in fig. 6 below. As shown in fig. 6, the user may output a capability name, an interface address, an encryption method, an authentication key, an authentication password, and the like on the UI interface, and may perform mapping configuration, that is, a mapping relationship between a field for setting the secure atomic capability of the capability providing server and a field for setting the secure atomic capability of the capability management server, may include setting of a platform protocol type and a self protocol type, and setting of a platform message field, a self message field, and value-specific conversion.
In some embodiments, the user may also set whether the secure atomic capability is online or offline, etc. through the unified UI interface.
In some embodiments, the capability management server periodically obtains capability configuration information of the user through the unified UI interface, so that the user can timely obtain the capability configuration information when updating a certain security atomic capability. And when the capacity management server knows that a certain security atomic capacity needs to be online, the capacity management server can configure the security atomic capacity into the memory so as to improve the access speed.
The embodiment shown in fig. 5 describes a configuration procedure with respect to secure atomic capabilities. In some embodiments, as shown in fig. 7, the method for processing secure atomic capability provided in the embodiment of the present application further includes the following steps:
s401, receiving a capability offline request of a user.
In some embodiments, when a user to which a certain capability providing server belongs needs to drop a certain security atomic capability, a capability drop request may be issued to the capability management server through the unified UI interface. Wherein the capability offline request includes an identification of the capability to be offline. The identifier of the capability to be offline is used for uniquely indicating a secure atomic capability to be offline, and may be a name of the secure atomic capability to be offline, etc.
S402, carrying out offline processing on the offline capability according to the identification of the offline capability.
For example, the identifier of the capability to be offline may be used as an index to traverse a database of the capability management server, and after the capability to be offline corresponding to the identifier of the capability to be offline and the related configuration information are found, the capability to be offline is processed.
Optionally, the offline processing of the offline capability may be specifically implemented to delete the offline capability and related configuration information, so as to complete the offline processing of the offline capability.
The scheme provided by the application is mainly introduced from the interaction point of each node. It will be appreciated that each node, e.g. the management device, in order to implement the above-described functions, comprises corresponding hardware structures and/or software modules for performing each function. Those of skill in the art will readily appreciate that the various illustrative algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The present application may divide the function modules of the management apparatus according to the above-described method example, for example, each function module may be divided corresponding to each function, or two or more functions may be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, the division of the modules in the present application is illustrative, and is merely a logic function division, and other division manners may be implemented in practice.
As shown in fig. 8, an embodiment of the present application provides a processing apparatus for performing the secure atomic capability processing method shown in any one of fig. 2, 3, 4, 5, and 7. The processing apparatus 2000 includes: a communication unit 2001 and a processing unit 2002. In some embodiments, the processing device 2000 may also include a storage unit 2003.
The communication unit 2001 is configured to receive first capability request information sent by the client, where the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client.
A processing unit 2002 for: converting the first capability request message into second capability request information, wherein the second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by a capability management server; analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers; and converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol, and the third message protocol is a message protocol supported by a target capability providing server.
The communication unit 2001 is further configured to send third capability request information to the target capability providing server.
In some embodiments, the communication unit 2001 is further configured to receive a first capability request result sent by the target capability providing server, where the first capability request result uses a third message protocol.
The processing unit 2002 is further configured to convert the first capability request result into a second capability request result, where the second capability request result is the first message protocol.
The communication unit 2001 is further configured to send the second capability request result to the client.
In some embodiments, the processing unit 2002 is specifically configured to: converting the first capability request result into a third capability request result and storing the third capability request result, wherein the third capability request result is a second message protocol; the third capability request result is converted into a second capability request result.
In some embodiments, the processing unit 2002 is specifically configured to process the first capability request information to obtain the second capability request information, where the processing includes one or more of the following: a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
In some embodiments, the communication unit 2001 is further configured to receive capability configuration information of a user, where the capability configuration information includes a name of a first secure atomic capability provided by the first capability providing server, an address of an application programming interface of the first secure atomic capability, an encryption manner of the first secure atomic capability, and a preset mapping relationship, and the preset mapping relationship includes a mapping relationship between a field of the first secure atomic capability and a field of a platform secure atomic capability, and the platform secure atomic capability is the secure atomic capability provided by the capability management server.
The processing unit 2002 is further configured to store the capability configuration information.
In some embodiments, the communication unit 2001 is further configured to receive a capability offline request of the user, where the capability offline request includes an identification of a capability to be offline.
The processing unit 2002 is further configured to perform offline processing on the offline capability according to the identifier of the offline capability.
In some embodiments, the storage unit 2003 is used to store the second capability request information.
In some embodiments, the storage unit 2003 is used to store the third capability request result.
In some embodiments, storage unit 2003 is used for storage capability configuration information.
The units in fig. 8 may also be referred to as modules, e.g., the processing units may be referred to as processing modules.
The individual units in fig. 8 may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform all or part of the steps of the method described in the embodiments of the present application. The storage medium storing the computer software product includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiment of the present application further provides a hardware structure schematic of a network device, as shown in fig. 9, where the network device 3000 includes a processor 3001, and optionally, a memory 3002 and a communication interface 3003 connected to the processor 3001. The processor 3001, the memory 3002, and the communication interface 3003 are connected by a bus 3004.
The processor 3001 may be a central processing unit (central processing unit, CPU), a general purpose processor network processor (network processor, NP), a digital signal processor (digital signal processing, DSP), a microprocessor, a microcontroller, a programmable logic device (programmable logic device, PLD), or any combination thereof. The processor 3001 may also be any other apparatus having processing functionality, such as a circuit, a device, or a software module. The processor 3001 may also include a plurality of CPUs, and the processor 3001 may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, or processing cores for processing data (e.g., computer program instructions).
The memory 3002 may be a read-only memory (ROM) or other type of static storage device, a random access memory (random access memory, RAM) or other type of dynamic storage device that may store static information and instructions, or an electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact discs, laser discs, optical discs, digital versatile discs, blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, as embodiments of the application are not limited in this respect. The memory 3002 may be separate or integrated with the processor 3001. Wherein the memory 3002 may contain computer program code. The processor 3001 is configured to execute computer program code stored in the memory 3002 to implement the methods provided by the embodiments of the present application.
The communication interface 3003 may be used to communicate with other devices or communication networks (e.g., ethernet, radio access network (radio access network, RAN), wireless local area network (wireless local area networks, WLAN), etc.). The communication interface 3003 may be a module, a circuit, a transceiver, or any device capable of enabling communications.
Bus 3004 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus 3004 may be classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 9, but not only one bus or one type of bus.
The embodiments of the present application also provide a computer-readable storage medium comprising computer-executable instructions that, when run on a computer, cause the computer to perform any of the methods provided by the above embodiments.
Embodiments of the present application also provide a computer program product comprising computer-executable instructions which, when run on a computer, cause the computer to perform any of the methods provided by the above embodiments.
The embodiment of the application also provides a chip, which comprises: a processor and an interface through which the processor is coupled to the memory, which when executed by the processor executes a computer program or computer-executable instructions in the memory, cause any of the methods provided by the embodiments described above to be performed.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer-executable instructions. When the computer-executable instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer-executable instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, from one website, computer, server, or data center by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). Computer readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc. that can be integrated with the media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Although the application is described herein in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a study of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Although the application has been described in connection with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the specification and drawings are merely exemplary illustrations of the present application as defined in the appended claims and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
The foregoing is merely illustrative of specific embodiments of the present application, and the scope of the present application is not limited thereto, but any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (10)

1. A method of secure atomic capability processing, the method being applied to a capability management server, the method comprising:
receiving first capability request information sent by a client, wherein the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client;
converting the first capability request message into second capability request information, wherein the second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by the capability management server;
analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers;
Converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol, and the third message protocol is a message protocol supported by the target capability providing server;
and sending the third capability request information to the target capability providing server.
2. The method of claim 1, wherein after the sending the third capability request information to the target capability providing server, the method further comprises:
receiving a first capability request result sent by the target capability providing server, wherein the first capability request result adopts the third message protocol;
converting the first capability request result into a second capability request result, wherein the second capability request result is the first message protocol;
and sending the second capability request result to the client.
3. The method of claim 2, wherein the converting the first capability request result to a second capability request result comprises:
converting the first capability request result into a third capability request result and storing the third capability request result, wherein the third capability request result is the second message protocol;
And converting the third capability request result into the second capability request result.
4. The method of claim 1, wherein said converting said first capability request message into second capability request information comprises:
processing the first capability request information to obtain the second capability request information, wherein the processing comprises one or more of the following steps:
a field name conversion process, a field value conversion process, a field deletion process, and a field completion process.
5. The method according to claim 2, wherein the method further comprises:
receiving capability configuration information of a user, wherein the capability configuration information comprises a name of a first secure atomic capability provided by a first capability providing server, an address of an application programming interface of the first secure atomic capability, an encryption mode of the first secure atomic capability and a preset mapping relation, the preset mapping relation comprises a mapping relation between a field of the first secure atomic capability and a field of a platform secure atomic capability, and the platform secure atomic capability is the secure atomic capability provided by a capability management server;
And storing the capability configuration information.
6. The method according to any one of claims 1 to 5, further comprising:
receiving a capability offline request of a user, wherein the capability offline request comprises an identifier of a capability to be offline;
and carrying out offline processing on the offline capability according to the identifier of the offline capability.
7. A processing apparatus, comprising:
the communication unit is used for receiving first capability request information sent by a client, wherein the first capability request information adopts a first message protocol, and the first message protocol is a message protocol supported by the client;
a processing unit for: converting the first capability request message into second capability request information, wherein the second capability request information adopts a second message protocol, and the second message protocol is a message protocol supported by the capability management server;
analyzing the second capability request information, determining the target security atomic capability requested by the second capability request information, and determining a target capability providing server responsible for providing the target security atomic capability from a plurality of capability providing servers;
Converting the second capability request information into third capability request information, wherein the third capability request information adopts a third message protocol, and the third message protocol is a message protocol supported by the target capability providing server;
and the communication unit is further used for sending the third capability request information to the target capability providing server.
8. The processing apparatus according to claim 7, wherein,
the communication unit is further configured to receive a first capability request result sent by the target capability providing server, where the first capability request result adopts the third message protocol;
the processing unit is further configured to convert the first capability request result into a second capability request result, where the second capability request result is the first message protocol;
the communication unit is further configured to send the second capability request result to the client.
9. A network device, comprising: a processor and a memory;
the memory stores instructions executable by the processor;
the processor is configured to, when executing the instructions, cause the network device to implement the method of any one of claims 1-6.
10. A computer readable storage medium comprising computer instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-6.
CN202210618372.5A 2022-06-01 2022-06-01 Security atomic capability processing method, device, equipment and storage medium Pending CN117201624A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210618372.5A CN117201624A (en) 2022-06-01 2022-06-01 Security atomic capability processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210618372.5A CN117201624A (en) 2022-06-01 2022-06-01 Security atomic capability processing method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117201624A true CN117201624A (en) 2023-12-08

Family

ID=88983855

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210618372.5A Pending CN117201624A (en) 2022-06-01 2022-06-01 Security atomic capability processing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117201624A (en)

Similar Documents

Publication Publication Date Title
US10496987B2 (en) Containerization of network services
CN112491972A (en) Resource obtaining, distributing and downloading method, device, equipment and storage medium
US9117191B2 (en) Automatic device inventory management for different types of devices
CN110059055B (en) File storage and reading method and device based on distributed private cloud
US10417064B2 (en) Method of randomly distributing data in distributed multi-core processor systems
CN111274268B (en) Internet of things data transmission method and device, medium and electronic equipment
CN105052076B (en) Network element management system and network element management method based on cloud computing
US20170279720A1 (en) Real-Time Logs
WO2022246997A1 (en) Service processing method and apparatus, server, and storage medium
US20230267326A1 (en) Machine Learning Model Management Method and Apparatus, and System
CN111865897A (en) Cloud service management method and device
CN112181599B (en) Model training method, device and storage medium
CN115883310A (en) Service deployment method, service deployment system, electronic device, and storage medium
CN111885057B (en) Message middleware access method, device, equipment and storage medium
CN111988262B (en) Authentication method, authentication device, server and storage medium
CN117201624A (en) Security atomic capability processing method, device, equipment and storage medium
US9928370B2 (en) Communication device, communication method, computer program product, and communication system
CN112019358A (en) Network configuration method, device, equipment and system
CN115291973A (en) Method and device for connecting database by application on cloud, electronic equipment and storage medium
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment
CN108805741B (en) Fusion method, device and system of power quality data
CN111917763A (en) Method, device and system for generating control scheme of Internet of things equipment
US11281690B1 (en) Dynamic identification and retrieval of connection strings
CN115883200B (en) Log security management method, device, platform and medium
US10769586B2 (en) Implementation of rolling key to identify systems inventories

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination