CN108173824B - Data service platform and access method, device and storage medium thereof - Google Patents

Data service platform and access method, device and storage medium thereof Download PDF

Info

Publication number
CN108173824B
CN108173824B CN201711390014.9A CN201711390014A CN108173824B CN 108173824 B CN108173824 B CN 108173824B CN 201711390014 A CN201711390014 A CN 201711390014A CN 108173824 B CN108173824 B CN 108173824B
Authority
CN
China
Prior art keywords
data server
behavior data
user
behavior
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711390014.9A
Other languages
Chinese (zh)
Other versions
CN108173824A (en
Inventor
何祥根
文旷瑜
吴少波
苏福念
郑为光
郑海文
许振辉
陈瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gree Electric Appliances Inc of Zhuhai
Original Assignee
Gree Electric Appliances Inc of Zhuhai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gree Electric Appliances Inc of Zhuhai filed Critical Gree Electric Appliances Inc of Zhuhai
Priority to CN201711390014.9A priority Critical patent/CN108173824B/en
Publication of CN108173824A publication Critical patent/CN108173824A/en
Application granted granted Critical
Publication of CN108173824B publication Critical patent/CN108173824B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a data service platform and an access method, a device and a storage medium thereof, wherein the platform comprises: a behavior data server (20) and a basic data server (30); the behavior data server (20) is used for storing behavior data of users accessing basic data of the data service platform; the basic data server (30) is used for storing basic data of the data service platform. According to the scheme of the invention, the defects of easy simultaneous data leakage, poor safety, poor user experience and the like in the prior art can be overcome, and the beneficial effects of difficult simultaneous data leakage, good safety and good user experience are realized.

Description

Data service platform and access method, device and storage medium thereof
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a data service platform, an access method and an access device thereof, and a storage medium, in particular to a layout mode of a platform server, a method and a device of the data service platform with the layout mode, and a computer-readable storage medium.
Background
User behavior data and platform basic data generated by the existing data service platform are stored on the same server in a centralized mode. This way of storing user behavior data together with underlying business data has not been able to meet modern security requirements for server data. When a server is attacked or internal staff of a server enterprise is compromised, the mode can cause the danger that user behavior data and basic business data are simultaneously revealed.
In the prior art, the defects of easy simultaneous data leakage, poor safety, poor user experience and the like exist.
Disclosure of Invention
The invention aims to provide a data service platform, an access method and an access device thereof, and a storage medium thereof, aiming at overcoming the defects that data are easy to leak simultaneously in the prior art in a mode of storing user behavior data and basic service data together, and achieving the effect that the data are not easy to leak simultaneously.
The invention provides a data service platform, comprising: a behavior data server and a basic data server; the behavior data server is used for storing behavior data of a user accessing basic data of the data service platform; and the basic data server is used for storing basic data of the data service platform.
Optionally, the method further comprises: accessing a client; the access client is used as an entrance for the user to access the basic data server through the behavior data server, and/or as an exit for the basic data server to output the access result to the user through the behavior data server.
Optionally, the behavior data server is provided with a first security level; and/or the basic data server is provided with a second security level.
Optionally, wherein the first security level is the same as or different from the second security level; and/or, when the data service platform further comprises an access client, the access client comprises: at least one of a mobile phone APP, a PC access client and a platform client access page.
Matching with the data service platform, another aspect of the present invention provides a method for a data service platform, including: acquiring an access operation instruction of a user through the behavior data server, encrypting the access operation instruction once, and sending the encrypted access operation instruction to the basic data server; and receiving the once encrypted access operation instruction through the basic data server, retrieving in the basic database according to the once decrypted access operation instruction after once decryption, and feeding back an obtained retrieval result to the behavior data server.
Optionally, after the primary decryption is performed on the access operation instruction after the primary encryption by the basic data server, or before the obtained retrieval result is fed back to the behavior data server by the basic data server, the method further includes: caching the access operation instruction after the primary decryption through the basic data server; and/or after the obtained retrieval result is fed back to the behavior data server through the basic data server, the method further comprises the following steps: caching the retrieval result fed back by the basic data server through the behavior data server; and/or when the data service platform further comprises an access client, the retrieval result fed back by the basic data server is output to the access client through the behavior data server.
Optionally, before obtaining the access operation instruction of the user through the behavior data server, the method further includes: verifying, by the behavioral data server, identity information of a user accessing the behavioral data server; after the verification passes, generating a corresponding access operation instruction according to the behavior instruction of the user accessing the behavior data server through the behavior data server so as to obtain the access operation instruction of the user passing the verification; or, when the data service platform further comprises an access client, and when the data service platform further comprises the access client, the behavior data server outputs a verification result that the verification fails to pass to the access client when the verification fails.
Optionally, verifying identity information of a user accessing the behavior data server includes: determining whether the identity information of a user accessing the behavior data server is consistent with the pre-stored identity information in the behavior data server; if the identity information of the user accessing the behavior data server is consistent with the identity information of the user accessing the behavior data server, the identity information of the user accessing the behavior data server is verified; and if the identity information of the user accessing the behavior data server is inconsistent, determining that the identity information of the user accessing the behavior data server is not verified.
Optionally, before verifying, by the behavior data server, identity information of a user accessing the behavior data server, the method further includes: acquiring behavior data of a user accessing the behavior data server through the behavior data server, and extracting identity information and a behavior instruction in the behavior data after the first decryption; and/or before the corresponding access operation instruction is generated by the behavior data server according to the behavior instruction of the user accessing the behavior data server, which passes the verification, the method further comprises the following steps: caching the behavior data of the user passing the verification through the behavior data server; wherein the behavior data comprises: at least one of identity information, behavioral instructions.
Optionally, before obtaining, by the behavior data server, behavior data of a user accessing the behavior data server, the method further includes: when the data service platform further comprises an access client, receiving an access request of a user to the behavior data server through the access client, and encrypting for the first time; and then, the access request encrypted for the first time is used as behavior data of a user accessing the behavior data server and is sent to the behavior data server.
In a further aspect, the present invention provides an access device for a data service platform, including: the first communication unit is used for acquiring an access operation instruction of a user through the behavior data server, encrypting the access operation instruction once and then sending the access operation instruction to the basic data server; and the second communication unit is used for receiving the once encrypted access operation instruction through the basic data server, searching in the basic database according to the once decrypted access operation instruction after once decryption, and feeding back an obtained search result to the behavior data server.
Optionally, the method further comprises: after the basic data server decrypts the access operation instruction after the primary encryption, or before the basic data server feeds back the obtained retrieval result to the behavior data server, the method further includes: the second communication unit is further configured to cache the access operation instruction after the primary decryption through the basic data server; and/or after the obtained retrieval result is fed back to the behavior data server through the basic data server, the method further comprises the following steps: the first communication unit is further configured to cache, by the behavior data server, the retrieval result fed back by the basic data server; and/or the first communication unit is further configured to, when the data service platform further includes an access client, output the retrieval result fed back by the basic data server to the access client through the behavior data server.
Optionally, before obtaining the access operation instruction of the user through the behavior data server, the method further includes: the first communication unit is further configured to verify, by the behavior data server, identity information of a user who accesses the behavior data server; the first communication unit is further configured to generate, by the behavior data server, a corresponding access operation instruction according to the behavior instruction of the user who passes the verification and accesses the behavior data server after the user passes the verification, so as to obtain the access operation instruction of the user who passes the verification; or, the first communication unit is further configured to, when the data service platform further includes an access client, output, by the behavior data server, a verification result that the verification fails to pass to the access client when the verification fails.
Optionally, the verifying, by the first communication unit, identity information of a user accessing the behavior data server by the behavior data server includes: determining whether the identity information of a user accessing the behavior data server is consistent with the pre-stored identity information in the behavior data server; if the identity information of the user accessing the behavior data server is consistent with the identity information of the user accessing the behavior data server, the identity information of the user accessing the behavior data server is verified; and if the identity information of the user accessing the behavior data server is inconsistent, determining that the identity information of the user accessing the behavior data server is not verified.
Optionally, before verifying, by the behavior data server, identity information of a user accessing the behavior data server, the method further includes: the first communication unit is further configured to acquire, by the behavior data server, behavior data of a user accessing the behavior data server, perform first decryption, and extract identity information and a behavior instruction in the behavior data; and/or before the corresponding access operation instruction is generated by the behavior data server according to the behavior instruction of the user accessing the behavior data server, which passes the verification, the method further comprises the following steps: the first communication unit is further configured to cache, by the behavior data server, the behavior data of the user that passes the verification; wherein the behavior data comprises: at least one of identity information, behavioral instructions.
Optionally, before obtaining, by the behavior data server, behavior data of a user accessing the behavior data server, the method further includes: a third communication unit; the third communication unit is used for receiving an access request of a user to the behavior data server through the access client and encrypting the access request for the first time when the data service platform further comprises the access client; and then, the access request encrypted for the first time is used as behavior data of a user accessing the behavior data server and is sent to the behavior data server.
In accordance with the above method, a further aspect of the present invention provides a storage medium comprising: the storage medium has stored therein a plurality of instructions; the instructions are used for loading and executing the data service platform access method by the processor.
In accordance with the above method, a further aspect of the present invention provides a data platform, comprising: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; wherein the instructions are stored in the memory, and loaded and executed by the processor to perform the above-mentioned data service platform access method.
According to the scheme of the invention, the user behavior data and the platform basic data are respectively stored in different servers, so that the purpose that the user behavior data and the basic service data cannot be simultaneously leaked can be realized.
Furthermore, according to the scheme of the invention, different security levels are set for the user behavior data and the platform basic data, so that the data security can be further improved.
Furthermore, according to the scheme of the invention, different security levels are set for the user behavior data storage server for storing the user behavior data and the platform basic data storage server for storing the platform basic data, so that the security of the user behavior data storage server and the security of the platform basic data storage server can be improved, and the data security is further improved.
Furthermore, according to the scheme of the invention, the user behavior data and the platform basic data are respectively stored in different servers, and different security levels are set, so that the user behavior data and the basic service data cannot be simultaneously leaked when the servers are attacked or internal employees of a server enterprise are leaked, and the data security is improved.
Therefore, according to the scheme of the invention, the user behavior data and the platform basic data are respectively stored in different servers, so that the problem that the data are easy to leak simultaneously in the mode of storing the user behavior data and the basic service data together in the prior art is solved, the defects that the data are easy to leak simultaneously, the safety is poor and the user experience is poor in the prior art are overcome, and the beneficial effects that the data are difficult to leak simultaneously, the safety is good and the user experience is good are realized.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
FIG. 1 is a schematic structural diagram of a data service platform according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of another embodiment of a data service platform according to the present invention;
FIG. 3 is a flow chart illustrating an embodiment of a method of a data services platform of the present invention;
FIG. 4 is a schematic flow chart illustrating an embodiment of verifying identity information of a user accessing the behavior data server (20) in the method of the present invention;
fig. 5 is a flowchart illustrating an embodiment of determining whether the identity information of the user accessing the behavior data server is consistent with the pre-stored identity information in the behavior data server in the method of the present invention.
The reference numbers in the embodiments of the present invention are as follows, in combination with the accompanying drawings:
10-accessing a client; 20-a behavioral data server; 30-basic data server.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
According to an embodiment of the present invention, a data service platform is provided, as shown in fig. 1, which is a schematic structural diagram of an embodiment of the data service platform of the present invention. The data service platform may include: an activity data server 20 and an underlying data server 30.
In an alternative example, the behavior data server 20 may be configured to store behavior data of users accessing the basic data of the data service platform.
In an alternative example, the base data server 30 may be configured to store base data of the data service platform.
For example: the user behavior data and the platform basic data are respectively stored in different servers, so that the effect that the user behavior data and the basic service data cannot be simultaneously revealed when the servers are attacked or internal staff of a server enterprise are leaked is achieved.
Therefore, the user behavior data and the platform basic data are respectively stored in different servers, the problem that the data are simultaneously leaked due to the fact that the user behavior data and the platform basic data are simultaneously stored in the same server can be avoided, and the safety of data storage is improved.
Optionally, the behavior data server 20 is provided with a first security level; and/or the base data server 30 is provided with a second security level.
For example: and respectively storing the user behavior data and the platform basic data on different servers, and setting different security levels.
Therefore, the safety of the data in the corresponding server can be further improved by setting different safety levels for the servers storing different data.
Wherein the first security level is the same as or different from the second security level.
Therefore, the safety level is set according to the requirement, so that the safety level setting flexibility is good, and the reliability is high.
In an alternative embodiment, the method may further include: the client 10 is accessed.
In an alternative example, the access client 10 may be used as an entrance for a user to access the basic data server 30 through the behavior data server 20, and/or as an exit for the basic data server 30 to output the result of the access to the user through the behavior data server 20.
For example: the method can realize the processes of using data at the client, respectively storing the user data and the basic data, encrypting and identifying, encrypting and accessing. When accessing, after the user behavior server is verified, the user behavior server can access the basic data server, and the security of the basic data server is ensured.
Therefore, the client serves as a port for the user to access the basic data, so that the user access convenience is good, and the user experience is good.
Optionally, when the data service platform may further include an access client 10, the access client 10 may include: at least one of a mobile phone APP, a PC access client 10 and a platform client access page. For example: the user client can be a mobile phone APP, a PC client and a platform client access page.
Therefore, the flexibility and the convenience of the use of the user can be improved through the clients in various forms.
In an optional implementation manner, the technical problem that the user behavior data and the platform basic data are leaked in a centralized manner when a data security problem occurs due to the fact that the existing platform user behavior database and the existing platform basic database are stored on the same server in a centralized manner is solved. According to the scheme of the invention, the user behavior data and the platform basic data are respectively stored in different servers, and different security levels are set, so that the effect that the user behavior data and the basic service data cannot be simultaneously leaked when the servers are attacked or the internal staff of a server enterprise is leaked is realized.
In an alternative embodiment, the solution of the present invention provides a layout method of a platform server, as shown in fig. 1, an implementation process of the layout method of the platform server of the present invention may include the following steps:
step 1, a user client (e.g., access client 10) may be configured to: the user logs in the client, and sends out a request for accessing the user behavior database storage server at the client, encrypts the request information, and sends the encrypted information to the user behavior database storage server (for example, behavior data server 20).
For example: the user client can be arranged separately from the behavior data server and the basic data server, or can be arranged in a combined way.
The user client can be a mobile phone APP, a PC client and a platform client access page. For example: the user client can be APP software mainly applied to a mobile phone or software on a computer.
Optionally, the encryption of the request information in this section is automatically performed at the client, and the client encrypts the request information.
Alternatively, there are many ways to encrypt the request message at the client, and the codebook is usually compiled in a database, that is, by some method to encrypt the message, for example: the original information is 12, the encoding method is to perform formula conversion based on the existing 12, for example, the encrypted information is digitalized X-2, most of the prior art is performed according to the encoding-decoding method, and the information encryption method can be performed by the existing conventional technical means.
Optionally, in this section, the encrypted information is sent to the user behavior database storage server, and the client may send the encrypted information to the user behavior database.
And 2, when the user behavior database storage server receives the request of the user behavior, firstly decrypting the request information, and verifying the user information after decrypting, wherein if the user information stored in the user behavior database is consistent with the user request information, the verification can be passed.
Optionally, the process of decrypting the request information in this section may include: reverse decryption as in the above encryption scheme.
Optionally, the process of verifying the user information in this section may include: and comparing the user information stored in the user behavior database with the user information requesting access, wherein if the user information is consistent with the user information, the verification is successful, and if the user information is inconsistent with the user information, the verification is failed.
And 3, after the user operates at the client, the user behavior database server stores the behavior of the user, encrypts an operation instruction of the user and sends the encrypted instruction or request to the platform basic data server. The platform basic data server (for example, the basic data server 30) receives the encrypted user instruction, decrypts the user instruction, performs data retrieval in the server according to the decrypted user instruction, stores the user instruction data, and sends the retrieved data result to the user behavior data server.
Optionally, the operation instruction of the user in this part refers to a data access request generated when the user performs function use at the client. For example, when a user uses a certain function of the client, because the client itself does not store data, the data of the client is to be acquired from the platform basic data server, and therefore, at this time, an instruction needs to be sent from the client to the platform basic data server for calling, and the platform basic data server returns the data to the client after receiving the instruction.
Optionally, the process of encrypting and decrypting the operation instruction of the user in this part may include: the encryption method and the decryption method as described above.
Optionally, the encrypted command or request in this portion is different from a different perspective, which is a command that requires mutual information transmission.
Optionally, the platform infrastructure data server in this section receives the encrypted user instruction, which means that the user instruction passes after being verified by the platform infrastructure data server, and from the perspective of data interaction, the request information and the operation instruction are both instructions that require data interaction, but from the perspective of verification, there are instructions that can pass verification and instructions that cannot pass verification.
Optionally, the user instruction data in the part storing the user instruction data is a result of data retrieval performed in the server for the encrypted user instruction. For example: and according to the instruction information, performing data retrieval on the service.
And 4, caching after the user behavior data server receives the data sent by the platform server, and sending the retrieved data result to the user client.
By using the method, the user behavior database and the platform basic database can be stored in different servers, and the access instruction is transmitted by adopting an encryption-decryption mode, so that the safety of the whole data is improved.
Through a large number of tests, the technical scheme of the embodiment is adopted, and the user behavior data and the platform basic data are respectively stored in different servers, so that the purpose that the user behavior data and the basic service data cannot be simultaneously leaked can be achieved.
According to the embodiment of the invention, the access method of the data service platform corresponding to the data service platform is also provided. Referring to fig. 3, a flow chart of an embodiment of the access method of the data service platform of the present invention is shown. The access method of the data service platform can comprise the following steps:
in step S110, the access operation instruction of the user is obtained through the behavior data server 20, and is encrypted once and then sent to the basic data server 30.
For example: after the user operates at the client, the user behavior database server stores the behavior of the user, encrypts an operation instruction of the user, and sends the encrypted instruction or request to the platform basic data server.
In step S120, the primary encrypted access operation instruction is received through the basic data server 30, and after primary decryption, the primary encrypted access operation instruction is retrieved from the basic database according to the primary decrypted access operation instruction, and an obtained retrieval result is fed back to the behavior data server 20.
For example: and the platform basic data server receives the encrypted user instruction, decrypts the user instruction, performs data retrieval in the server according to the decrypted user instruction, stores the user instruction data, and sends a retrieved data result to the user behavior data server.
Therefore, the behavior data server receives the access operation instruction of the user, the basic data server processes the access operation instruction of the user, the user behavior database and the platform basic database can be stored in different servers, the access instruction is transmitted in an encryption-decryption mode, and the whole data security is improved.
In an optional embodiment, after the primary decryption is performed on the once-encrypted access operation instruction by the basic data server 30 in step S120, or before the feedback of the obtained retrieval result to the behavior data server 20 by the basic data server 30 in step S120, the method may further include: and caching the access operation instruction after the decryption through the basic data server 30.
For example: and the user behavior data server caches the data sent by the platform server after receiving the data, and sends the retrieved data result to the user client.
Therefore, the once decrypted access operation instruction is cached, so that the once decrypted access operation instruction can be stored on one hand, and the reliability of retrieval in the basic database according to the once decrypted access operation instruction can be improved on the other hand.
In an optional embodiment, after the step S120 of feeding back the obtained retrieval result to the behavior data server 20 through the basic data server 30, the method may further include: caching the retrieval result fed back by the basic data server 30 through the behavior data server 20; and/or, when the data service platform may further include an access client 10, outputting the retrieval result fed back by the basic data server 30 to the access client 10 through the behavior data server 20.
Therefore, by caching the retrieval result fed back by the basic data server, on one hand, the retrieval result fed back by the basic data server can be saved; on the other hand, the efficiency and reliability of feeding the retrieval result fed back by the basic data server back to the access client can be improved; and the retrieval result fed back by the basic data server is output to the access client, so that a user can conveniently check and obtain the retrieval result, and the use convenience is good.
In an optional embodiment, before the obtaining, by the behavior data server 20, the access operation instruction of the user in step S110, the method may further include: a process of verifying the identity information of the user who accesses the behavior data server 20.
The process of verifying the identity information of the user accessing the behavior data server 20 is further described with reference to a flowchart of an embodiment of verifying the identity information of the user accessing the behavior data server (20) in the method of the present invention shown in fig. 4.
Step S210, verifying, by the behavior data server 20, identity information of a user accessing the behavior data server 20.
Step S220, after the verification is passed, the behavior data server 20 generates a corresponding access operation instruction according to the behavior instruction of the user who passes the verification and accesses the behavior data server 20, so as to obtain the access operation instruction of the user who passes the verification. Or,
step S230, when the data service platform may further include an access client 10, and when the data service platform may further include the access client 10, outputting, by the behavior data server 20, a verification result that the verification fails to pass to the access client 10 when the verification fails.
For example: the user behavior database storage server verifies the user information, and if the user information stored in the user behavior database is consistent with the user request information, the user information can be verified.
Therefore, the safety of the user accessing the data service platform can be improved by verifying the user information.
In an alternative example, verifying identity information of a user accessing the behavior data server (20) may include: it is determined whether the identity information of the user accessing the behavior data server 20 is identical to the pre-stored identity information in the behavior data server 20.
With reference to fig. 5, a flowchart of an embodiment of determining whether the identity information of the user accessing the behavior data server 20 is consistent with the pre-stored identity information in the behavior data server 20 in the method of the present invention is further illustrated to further determine whether the identity information of the user accessing the behavior data server 20 is consistent with the pre-stored identity information in the behavior data server 20.
Step S310, determining whether the identity information of the user accessing the behavior data server 20 is consistent with the pre-stored identity information in the behavior data server 20.
In step S320, if the identity information of the user accessing the behavior data server 20 is consistent, it is determined that the authentication of the identity information of the user is passed.
In step S330, if the two are not consistent, it is determined that the authentication of the identity information of the user accessing the behavior data server 20 is not passed.
For example: the process of verifying the user information may include: and comparing the user information stored in the user behavior database with the user information requesting access, wherein if the user information is consistent with the user information, the verification is successful, and if the user information is inconsistent with the user information, the verification is failed.
Therefore, the identity information of the user is verified, on one hand, the verification mode is convenient, on the other hand, the verification reliability is high, and the safety protection performance of the data service platform can be further improved.
In an optional embodiment, before the identity information of the user accessing the behavior data server 20 is verified by the behavior data server 20, the method may further include: the behavior data of the user accessing the behavior data server 20 is obtained through the behavior data server 20, and after the first decryption, the identity information and the behavior instruction in the behavior data are extracted.
For example: when the user behavior database storage server receives a request of a user behavior, the request information is decrypted firstly, and after the decryption, the user information is verified.
Therefore, the identity information and the behavior instruction are extracted after the user behavior data are decrypted to be respectively used as the basis for verification and retrieval, and the reliability and the accuracy of verification and retrieval can be improved.
In an optional embodiment, before generating, by the behavior data server 20, a corresponding access operation instruction according to the behavior instruction of the verified user accessing the behavior data server 20, the method may further include: the behavior data of the authenticated user is cached by the behavior data server 20. The behavior data may include: at least one of identity information, behavioral instructions.
Therefore, the behavior data of the user is cached, the access behavior of the user can be recorded, and the access behavior can also be used as the authentication basis for the next access of the user, so that the access convenience and the access safety can be improved.
In an optional embodiment, before obtaining, by the behavior data server 20, behavior data of a user accessing the behavior data server 20, the method may further include: when the data service platform may further include an access client 10, an access request of a user to the behavior data server 20 is received through the access client 10, and is encrypted for the first time. Then, the access request encrypted for the first time is sent to the behavior data server 20 as the behavior data of the user accessing the behavior data server 20.
For example: a user client operable to: the user logs in the client, and sends out a request for accessing the user behavior database storage server at the client, encrypts the request information, and sends the encrypted information to the user behavior database storage server (for example, behavior data server 20).
Therefore, the access request is encrypted at the client and then sent to the behavior database storage server, and the safety of the user in accessing the basic data in the data service platform can be further improved.
Since the processing and functions implemented by the access method of this embodiment substantially correspond to the embodiments, principles, and examples of the data service platform shown in fig. 1 to fig. 2, details are not described in this embodiment, and reference may be made to relevant descriptions in the foregoing embodiments, which are not described herein again.
Through a large number of tests, the technical scheme of the invention can further improve the data security by setting different security levels for the user behavior data and the platform basic data.
According to the embodiment of the invention, the access device of the data service platform corresponding to the access method of the data service platform is also provided. The access means of the data service platform may comprise: a first communication unit and a first communication unit.
In an optional example, the first communication unit may be configured to obtain, through the behavior data server 20, an access operation instruction of a user, encrypt the access operation instruction once, and send the encrypted access operation instruction to the basic data server 30. The specific function and processing of the first communication unit are shown in step S110.
For example: after the user operates at the client, the user behavior database server stores the behavior of the user, encrypts an operation instruction of the user, and sends the encrypted instruction or request to the platform basic data server.
In an optional example, the second communication unit may be configured to receive, by the basic data server 30, the once encrypted access operation instruction, perform, after performing once decryption, a search in the basic database according to the once decrypted access operation instruction, and feed back an obtained search result to the behavior data server 20. The specific function and processing of the second communication unit are shown in step S120.
For example: and the platform basic data server receives the encrypted user instruction, decrypts the user instruction, performs data retrieval in the server according to the decrypted user instruction, stores the user instruction data, and sends a retrieved data result to the user behavior data server.
Therefore, the behavior data server receives the access operation instruction of the user, the basic data server processes the access operation instruction of the user, the user behavior database and the platform basic database can be stored in different servers, the access instruction is transmitted in an encryption-decryption mode, and the whole data security is improved.
In an optional example, after the primary encrypted access operation instruction is decrypted by the basic data server 30, or before the obtained retrieval result is fed back to the behavior data server 20 by the basic data server 30, the second communication unit may be further configured to cache the primary decrypted access operation instruction by the basic data server 30.
For example: and the user behavior data server caches the data sent by the platform server after receiving the data, and sends the retrieved data result to the user client.
Therefore, the once decrypted access operation instruction is cached, so that the once decrypted access operation instruction can be stored on one hand, and the reliability of retrieval in the basic database according to the once decrypted access operation instruction can be improved on the other hand.
In an optional example, after the obtained retrieval result is fed back to the behavior data server 20 by the basic data server 30, the first communication unit may be further configured to cache the retrieval result fed back by the basic data server 30 by the behavior data server 20; and/or, the first communication unit may be further configured to, when the data service platform may further include an access client 10, output, by the behavior data server 20, the retrieval result fed back by the basic data server 30 to the access client 10.
Therefore, by caching the retrieval result fed back by the basic data server, on one hand, the retrieval result fed back by the basic data server can be saved; on the other hand, the efficiency and reliability of feeding the retrieval result fed back by the basic data server back to the access client can be improved; and the retrieval result fed back by the basic data server is output to the access client, so that a user can conveniently check and obtain the retrieval result, and the use convenience is good.
In an optional example, before the access operation instruction of the user is obtained by the behavior data server 20, the first communication unit may be further configured to verify, by the behavior data server 20, identity information of the user accessing the behavior data server 20. The specific functions and processes of the first communication unit are also referred to in step S210.
Optionally, the first communication unit may be further configured to, after the verification passes, generate, by the behavior data server 20, a corresponding access operation instruction according to the behavior instruction that the user passing the verification accesses the behavior data server 20, so as to obtain the access operation instruction of the user passing the verification. Alternatively, the specific functions and processes of the first communication unit are also referred to in step S220.
Optionally, the first communication unit may be further configured to, when the data service platform may further include an access client 10, and when the data service platform may further include the access client 10, output, by the behavior data server 20, a verification result that the verification fails to pass to the access client 10 when the verification fails. The specific function and processing of the first communication unit are also referred to in step S230.
For example: the user behavior database storage server verifies the user information, and if the user information stored in the user behavior database is consistent with the user request information, the user information can be verified.
Therefore, the safety of the user accessing the data service platform can be improved by verifying the user information.
More optionally, the verifying, by the first communication unit, the identity information of the user accessing the behavior data server 20 through the behavior data server 20 may include: it is determined whether the identity information of the user accessing the behavior data server 20 is identical to the pre-stored identity information in the behavior data server 20.
In a more optional specific example, the first communication unit may be further configured to determine, by the behavior data server 20, whether the identity information of the user accessing the behavior data server 20 is consistent with the pre-stored identity information in the behavior data server 20. The specific functions and processes of the first communication unit are also referred to in step S310.
In a more optional specific example, the first communication unit may be further configured to determine, if the identity information of the user accessing the behavior data server 20 is consistent with the identity information of the user accessing the behavior data server 20, that the identity information is verified. The specific function and processing of the first communication unit are also referred to in step S320.
In a more optional specific example, the first communication unit may be further configured to determine, by the behavior data server 20, that the verification of the identity information of the user accessing the behavior data server 20 is not passed if the identity information is not consistent. The specific function and processing of the first communication unit are also referred to in step S330.
For example: the process of verifying the user information may include: and comparing the user information stored in the user behavior database with the user information requesting access, wherein if the user information is consistent with the user information, the verification is successful, and if the user information is inconsistent with the user information, the verification is failed.
Therefore, the identity information of the user is verified, on one hand, the verification mode is convenient, on the other hand, the verification reliability is high, and the safety protection performance of the data service platform can be further improved.
In an optional example, before the identity information of the user accessing the behavior data server 20 is verified by the behavior data server 20, the first communication unit may be further configured to obtain, by the behavior data server 20, the behavior data of the user accessing the behavior data server 20, perform first decryption, and extract the identity information and the behavior instruction in the behavior data.
For example: when the user behavior database storage server receives a request of a user behavior, the request information is decrypted firstly, and after the decryption, the user information is verified.
Therefore, the identity information and the behavior instruction are extracted after the user behavior data are decrypted to be respectively used as the basis for verification and retrieval, and the reliability and the accuracy of verification and retrieval can be improved.
In an optional example, before the corresponding access operation instruction is generated by the behavior data server 20 according to the behavior instruction of the verified user accessing the behavior data server 20, the first communication unit may be further configured to cache, by the behavior data server 20, the behavior data of the verified user. The behavior data may include: at least one of identity information, behavioral instructions.
Therefore, the behavior data of the user is cached, the access behavior of the user can be recorded, and the access behavior can also be used as the authentication basis for the next access of the user, so that the access convenience and the access safety can be improved.
In an optional embodiment, before obtaining, by the behavior data server 20, behavior data of a user accessing the behavior data server 20, the method may further include: and a third communication unit.
In an optional example, the third communication unit may be configured to receive, by the access client 10, an access request from a user to the behavior data server 20, and perform first encryption when the data service platform may further include the access client 10. Then, the access request encrypted for the first time is sent to the behavior data server 20 as the behavior data of the user accessing the behavior data server 20.
For example: a user client operable to: the user logs in the client, and sends out a request for accessing the user behavior database storage server at the client, encrypts the request information, and sends the encrypted information to the user behavior database storage server (for example, behavior data server 20).
Therefore, the access request is encrypted at the client and then sent to the behavior database storage server, and the safety of the user in accessing the basic data in the data service platform can be further improved.
Since the processing and functions implemented by the access device of the data service platform of this embodiment substantially correspond to the embodiments, principles, and examples of the access method of the data service platform shown in fig. 3 to fig. 5, no details are given in the description of this embodiment, and reference may be made to the related description in the foregoing embodiments, which are not repeated herein.
Through a large number of tests, the technical scheme of the invention is adopted, and different safety levels are set for the user behavior data storage server for storing the user behavior data and the platform basic data storage server for storing the platform basic data, so that the safety of the user behavior data storage server and the platform basic data storage server can be improved, and the data safety is further improved.
According to an embodiment of the present invention, there is also provided a storage medium corresponding to an access method of a data service platform. The storage medium may include: the storage medium has stored therein a plurality of instructions; the instructions are used for loading and executing the data service platform access method by the processor.
Since the processing and functions implemented by the storage medium of this embodiment substantially correspond to the embodiments, principles, and examples of the methods shown in fig. 3 to fig. 5, details are not described in the description of this embodiment, and reference may be made to the related descriptions in the foregoing embodiments, which are not described herein again.
Through a large number of tests, by adopting the technical scheme of the invention, the user behavior data and the platform basic data are respectively stored in different servers, and different security levels are set, so that the user behavior data and the basic service data cannot be simultaneously leaked when the servers are attacked or the internal staff of a server enterprise are leaked, and the data security is improved.
According to the embodiment of the invention, a data access platform corresponding to the access method of the data service platform is also provided. The data access platform can comprise: a processor for executing a plurality of instructions; a memory to store a plurality of instructions; wherein the instructions are stored in the memory, and loaded and executed by the processor to perform the above-mentioned data service platform access method.
Since the processes and functions implemented by the device of this embodiment substantially correspond to the embodiments, principles, and examples of the methods shown in fig. 3 to fig. 5, the description of this embodiment is not detailed, and reference may be made to the related descriptions in the foregoing embodiments, which are not described herein again.
Through a large number of tests, the technical scheme of the invention is adopted, and the user behavior data and the platform basic data are respectively stored in different servers, so that the problem that the data are easy to leak simultaneously in the mode of storing the user behavior data and the basic service data together in the prior art is solved, and the data security is improved.
In summary, it is readily understood by those skilled in the art that the advantageous modes described above can be freely combined and superimposed without conflict.
The above description is only an example of the present invention, and is not intended to limit the present invention, and it is obvious to those skilled in the art that various modifications and variations can be made in the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (16)

1. An access method for a data service platform, comprising:
the method comprises the steps that an access operation instruction of a user is obtained through a behavior data server (20), and is sent to a basic data server (30) after being encrypted for one time;
receiving the access operation instruction after the primary encryption through a basic data server (30), retrieving in a basic database according to the access operation instruction after the primary decryption, and feeding back an obtained retrieval result to a behavior data server (20);
before the access operation instruction of the user is obtained through the behavior data server (20), the method further comprises the following steps:
verifying, by the behavioural data server (20), identity information of a user accessing the behavioural data server (20); and the number of the first and second groups,
after the verification is passed, generating a corresponding access operation instruction according to the behavior instruction of the user accessing the behavior data server (20) passing the verification by the behavior data server (20) so as to obtain the access operation instruction of the user passing the verification; or,
when the data service platform further comprises an access client (10), when the data service platform further comprises the access client (10), the data service platform passes through the behavior data server (20), and when the verification fails, a verification result that the verification fails is output to the access client (10);
different security levels are set for a user behavior data storage server for storing user behavior data and a platform basic data storage server for storing platform basic data.
2. The method of claim 1, wherein,
after the basic data server (30) decrypts the access operation instruction after the encryption, or before the basic data server (30) feeds back the obtained retrieval result to the behavior data server (20), the method further comprises the following steps:
caching the access operation instruction after one decryption through a basic data server (30);
and/or the presence of a gas in the gas,
after the obtained retrieval result is fed back to the behavior data server (20) through the basic data server (30), the method further comprises the following steps:
caching the retrieval result fed back by the basic data server (30) through the behavior data server (20);
and/or the presence of a gas in the gas,
when the data service platform further comprises the access client (10), the retrieval result fed back by the basic data server (30) is output to the access client (10) through the behavior data server (20).
3. The method of claim 1, wherein verifying identity information of a user accessing the behavioural data server (20) comprises:
determining whether identity information of a user accessing the behavior data server (20) is consistent with pre-stored identity information in the behavior data server (20);
if the identity information of the user accessing the behavior data server (20) is consistent with the identity information of the user, determining that the identity information of the user accessing the behavior data server passes verification; if not, it is determined that the authentication of the identity information of the user accessing the behavior data server (20) is not passed.
4. The method according to claim 1 or 2, wherein,
before the identity information of the user accessing the behavior data server (20) is verified through the behavior data server (20), the method further comprises the following steps:
the behavior data of a user accessing the behavior data server (20) is obtained through the behavior data server (20), and after the first decryption is carried out, identity information and a behavior instruction in the behavior data are extracted;
and/or the presence of a gas in the gas,
before the corresponding access operation instruction is generated by the behavior data server (20) according to the behavior instruction of the verified user accessing the behavior data server (20), the method further comprises the following steps:
caching the behavior data of the user passing the verification through a behavior data server (20); wherein the behavior data comprises: at least one of identity information, behavioral instructions.
5. The method of claim 2, further comprising, prior to obtaining, by the behavioral data server (20), behavioral data for a user accessing the behavioral data server (20):
when the data service platform further comprises an access client (10), receiving an access request of a user to the behavior data server (20) through the access client (10) and carrying out primary encryption; then, the access request encrypted for the first time is transmitted to the behavior data server (20) as behavior data of a user accessing the behavior data server (20).
6. A method according to claim 1 or 2, characterized in that the data service platform comprises: a behavior data server (20) and a basic data server (30); wherein,
the behavior data server (20) is used for storing behavior data of users accessing basic data of the data service platform;
the basic data server (30) is used for storing basic data of the data service platform.
7. The method of claim 6, further comprising: accessing a client (10);
the access client (10) is used as an entrance for a user to access the basic data server (30) through the behavior data server (20), and/or as an exit for the basic data server (30) to output the access result to the user through the behavior data server (20).
8. The method according to claim 6, characterized in that said behavioural data server (20) is provided with a first security level; and/or the base data server (30) is provided with a second security level.
9. The method of claim 8, wherein,
the first security level is the same as or different from the second security level;
and/or the presence of a gas in the gas,
when the data service platform further comprises an access client (10), the access client (10) comprises: at least one of a mobile phone APP, a PC access client (10) and a platform client access page.
10. An access device for a data service platform, comprising:
the first communication unit is used for acquiring an access operation instruction of a user through the behavior data server (20), encrypting the access operation instruction once and then sending the encrypted access operation instruction to the basic data server (30);
the second communication unit is used for receiving the access operation instruction after the primary encryption through the basic data server (30), searching in a basic database according to the access operation instruction after the primary decryption, and feeding back an obtained searching result to the behavior data server (20);
before the access operation instruction of the user is obtained through the behavior data server (20), the method further comprises the following steps:
the first communication unit is further used for verifying the identity information of a user accessing the behavior data server (20) through the behavior data server (20); and the number of the first and second groups,
the first communication unit is further configured to generate, by the behavior data server (20), a corresponding access operation instruction according to the behavior instruction of the user who passes the verification to access the behavior data server (20) after the user passes the verification, so as to obtain the access operation instruction of the user who passes the verification; or,
the first communication unit is further used for outputting a verification result of the verification failure to the access client (10) through the behavior data server (20) when the data service platform further comprises the access client (10) and the verification fails;
different security levels are set for a user behavior data storage server for storing user behavior data and a platform basic data storage server for storing platform basic data.
11. The apparatus of claim 10, further comprising: wherein,
after the primary decryption of the primary encrypted access operation instruction is performed by the basic data server (30), or before the obtained retrieval result is fed back to the behavior data server (20) by the basic data server (30), the method further comprises the following steps:
the second communication unit is further configured to cache, by the basic data server (30), the access operation instruction after the one-time decryption;
and/or the presence of a gas in the gas,
after the obtained retrieval result is fed back to the behavior data server (20) through the basic data server (30), the method further comprises the following steps:
the first communication unit is further configured to cache, by the behavior data server (20), the retrieval result fed back by the basic data server (30);
and/or the presence of a gas in the gas,
the first communication unit is further configured to, when the data service platform further includes an access client (10), output, by the behavior data server (20), the retrieval result fed back by the basic data server (30) to the access client (10).
12. The apparatus according to claim 10, wherein the first communication unit verifies, by the behavior data server (20), identity information of a user accessing the behavior data server (20), including:
determining whether identity information of a user accessing the behavior data server (20) is consistent with pre-stored identity information in the behavior data server (20);
if the identity information of the user accessing the behavior data server (20) is consistent with the identity information of the user, determining that the identity information of the user accessing the behavior data server passes verification; if not, determining that the verification of the identity information of the user accessing the behavior data server (20) is not passed.
13. The apparatus of claim 10 or 12, wherein,
before the identity information of the user accessing the behavior data server (20) is verified through the behavior data server (20), the method further comprises the following steps:
the first communication unit is further configured to acquire, by the behavior data server (20), behavior data of a user accessing the behavior data server (20), perform first decryption, and extract identity information and a behavior instruction in the behavior data;
and/or the presence of a gas in the gas,
before generating, by the behavior data server (20), a corresponding access operation instruction according to the behavior instruction of the verified user accessing the behavior data server (20), the method further includes:
the first communication unit is further used for caching the behavior data of the authenticated user through the behavior data server (20); wherein the behavior data comprises: at least one of identity information, behavioral instructions.
14. The apparatus of claim 13, further comprising, prior to obtaining, by the behavioral data server (20), behavioral data for a user accessing the behavioral data server (20): a third communication unit;
the third communication unit is used for receiving an access request of a user to the behavior data server (20) through the access client (10) and carrying out primary encryption when the data service platform further comprises the access client (10); and then, sending the access request encrypted for the first time to the behavior data server (20) as the behavior data of the user accessing the behavior data server (20).
15. A storage medium having a plurality of instructions stored therein; the plurality of instructions for being loaded by a processor and for performing the method of accessing a data services platform according to any of claims 1 to 9.
16. A data services platform, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the instructions are for being stored by the memory and loaded and executed by the processor to perform the method of accessing a data services platform of any of claims 1 to 9.
CN201711390014.9A 2017-12-21 2017-12-21 Data service platform and access method, device and storage medium thereof Active CN108173824B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711390014.9A CN108173824B (en) 2017-12-21 2017-12-21 Data service platform and access method, device and storage medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711390014.9A CN108173824B (en) 2017-12-21 2017-12-21 Data service platform and access method, device and storage medium thereof

Publications (2)

Publication Number Publication Date
CN108173824A CN108173824A (en) 2018-06-15
CN108173824B true CN108173824B (en) 2020-05-05

Family

ID=62523240

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711390014.9A Active CN108173824B (en) 2017-12-21 2017-12-21 Data service platform and access method, device and storage medium thereof

Country Status (1)

Country Link
CN (1) CN108173824B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343272A (en) * 2021-06-30 2021-09-03 重庆富民银行股份有限公司 Automatic data extraction system and method applied to database

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546480B (en) * 2013-10-30 2017-02-15 宇龙计算机通信科技(深圳)有限公司 Protection method, terminal and system for privacy information
CN103559306B (en) * 2013-11-18 2016-06-22 电子科技大学 A kind of inquiry system by cloud platform to data center and method
US20150222701A1 (en) * 2014-01-31 2015-08-06 Vonage Network Llc Method and systems for syncing contacts on multiple devices
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization

Also Published As

Publication number Publication date
CN108173824A (en) 2018-06-15

Similar Documents

Publication Publication Date Title
US10623954B2 (en) AP connection method, terminal, and server
CN108123800B (en) Key management method, key management device, computer equipment and storage medium
CN114726643B (en) Data storage and access methods and devices on cloud platform
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN106657152B (en) Authentication method, server and access control device
CN107528865B (en) File downloading method and system
KR101371608B1 (en) Database Management System and Encrypting Method thereof
CN108347428B (en) Registration system, method and device of application program based on block chain
KR101729960B1 (en) Method and Apparatus for authenticating and managing an application using trusted platform module
CN103188221A (en) Application login method, application login device and mobile terminal
US9038159B2 (en) Authentication system
CN112702160A (en) Method, device and system for encrypted storage and sharing of cloud data
US20200195979A1 (en) Method and system for storing video, and method for accessing video
US10904243B2 (en) Authenticate a first device based on a push message to a second device
US20200319873A1 (en) Manifest Trialing Techniques
CN111639357B (en) Encryption network disk system and authentication method and device thereof
US9621349B2 (en) Apparatus, method and computer-readable medium for user authentication
CN114629713A (en) Identity verification method, device and system
CN108173824B (en) Data service platform and access method, device and storage medium thereof
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN111182010B (en) Local service providing method and device
CN106503529A (en) A kind of cloud storage system based on fingerprint
CN114584324B (en) Identity authorization method and system based on block chain
KR20130085537A (en) System and method for accessing to encoded files
US20140337638A1 (en) Systems and Methods for Secure Storage on a Mobile Device

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant