CN110505205A - Cloud platform encryption and decryption services cut-in method and access system - Google Patents

Cloud platform encryption and decryption services cut-in method and access system Download PDF

Info

Publication number
CN110505205A
CN110505205A CN201910650539.4A CN201910650539A CN110505205A CN 110505205 A CN110505205 A CN 110505205A CN 201910650539 A CN201910650539 A CN 201910650539A CN 110505205 A CN110505205 A CN 110505205A
Authority
CN
China
Prior art keywords
encryption
decryption
channel
gateway
customer end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910650539.4A
Other languages
Chinese (zh)
Other versions
CN110505205B (en
Inventor
程立刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaxin Yongdao (beijing) Technology Co Ltd
Original Assignee
Huaxin Yongdao (beijing) Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaxin Yongdao (beijing) Technology Co Ltd filed Critical Huaxin Yongdao (beijing) Technology Co Ltd
Priority to CN201910650539.4A priority Critical patent/CN110505205B/en
Publication of CN110505205A publication Critical patent/CN110505205A/en
Application granted granted Critical
Publication of CN110505205B publication Critical patent/CN110505205B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention discloses a kind of cloud platform encryption and decryption service cut-in method and access system, and method includes: the service access application that channel customer end sends certain a kind of business of a certain channel to gateway;Gateway confirmation channel customer end whether sends secret authentication key and whether secret authentication key is correct, gateway provides encryption and decryption service for such business of the correct channel of secret authentication key, corresponding encryption and decryption is returned for channel customer end and services calculated result, and gateway is such service generation Services Code and signature authentication corresponding with the Services Code at secret authentication key mistake or the channel customer end without safety certification secret key;Qualification information needed for such business to channel customer end authenticates;After qualification information is by certification, gateway is to such traffic assignments of channel secret authentication key corresponding with Services Code and encryption and decryption service plan.The present invention saves a large amount of exploitation and implementation cost in the realization of whole cloud platform, outreach system and settlement system.

Description

Cloud platform encryption and decryption services cut-in method and access system
Technical field
The present invention relates to technical field of data security, specifically, being related to a kind of cloud platform encryption and decryption service cut-in method And access system.
Background technique
Financial system needs to be operation flow by security component and different outer to the very high requirement of data safety Channel, the whole offer safety certification of preposition service, data message signature, rights management, fault-tolerant processing, resources control and data are provided The data safeties guarantee such as backup and recovery.Wherein safety certification and data signature are mainly to provide suitable for different business scene Enciphering and deciphering algorithm.Basic ideas are to provide encryption and decryption functions in a manner of servicing, by its software implementation, virtualization, distribution and Serviceization is conducive in platform and operation flow efficiently, flexibly realize.Database Systems are using the storage encryption of data item grade, i.e., The different field of different records, sensitive record is aided with verification measure all using different key encryptions to guarantee in database The confidentiality and integrality of database data storage, prevent unauthorized access and the modification of data.
Including that multiclass is multinomial in financial platform is related to the data of safety certification, data encryption storage, transmission and data signature Encryption and decryption functions effectively support the development of every business, improve fund and data safety, business handling efficiency and service comprehensively Quality, basic, of overall importance, crew's property effect are increasingly enhanced.The important leverage that information security is deeply promoted as informationization, It is closely related with the secure access of accumulation fund system, there is important meaning to service inquiry, business handling, capital settlement and management work Justice has significant impact to platform safety, faces that the situation is tense.
However, currently, every business in financial platform is to be respectively arranged with encryption and decryption program, in the every business of calling When, the encryption and decryption program of each business is called respectively, this causes client code to adapt to the interface of each business, increases client Hold the complexity of code.Also increased in the realization of whole financial platform, outreach system and settlement system a large amount of exploitation and Implementation cost.
Summary of the invention
In order to solve the above problem, the present invention provides a kind of cloud platform encryption and decryption service cut-in method, comprising the following steps:
Step S1, channel customer end send the service access application of certain a kind of business of a certain channel to gateway;
Whether just whether step S2, gateway confirmation channel customer end send secret authentication key and secret authentication key Really, gateway provides encryption and decryption service for certain described a kind of business of the correct channel of secret authentication key, returns for channel customer end It returns corresponding encryption and decryption and services calculated result,
Also, gateway be secret authentication key mistake or without safety certification secret key channel customer end it is described a certain Class service generation Services Code and signature authentication corresponding with the Services Code;
Step S3 authenticates qualification information needed for certain a kind of business described in channel customer end;
Step S4, after qualification information is by certification, gateway is to certain a kind of traffic assignments and Services Code pair described in channel The secret authentication key and encryption and decryption service plan answered.
Preferably, it in step S2, provides plus solves using the JAR packet corresponding with encryption and decryption service plan of encapsulation in a gateway Close service, channel customer end call built-in api interface to complete corresponding encryption and decryption service by the JAR packet that gateway provides.
Preferably, channel customer end passes through SSL secure network access gateway.
Preferably, further include step S5, also generate audit log and exception record.
Preferably, secret authentication key regularly updates, and when updating secret authentication key, is calculated using one-way hash function The hashed value of current safety authentication key, and using hashed value as new secret authentication key.
Preferably, according to load-balancing algorithm that the distribution of computation tasks of encryption and decryption service is single to each calculating in step S2 Member.
Preferably, the load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, and static state is negative Carrying equalization algorithm includes: polling method, weighted polling method, priority method;
Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response tachometric method, observation, anticipation method, dynamic wheel Inquiry method.
Preferably, the algorithm that the rule encrypt, decrypted uses includes at least MD5, RSA, DES, AES, Base64.
Preferably, the gateway first verifies channel visitor when channel customer end sends service access application to gateway Title, physical address, network type, the IP address at family end.
The present invention also provides a kind of cloud platform encryption and decryption service access systems, comprising:
Safety certification secret key authentication module, for receive and verify a certain channel that channel customer end is sent to gateway certain The service of a kind of business accesses application;
Encryption and decryption services computing module, for providing encryption and decryption service, returns to corresponding encryption and decryption clothes for channel customer end Business calculated result;
Services Code generation module, for judging secret authentication key mistake in safety certification secret key authentication module or not having In the case where having safety certification secret key, Services Code and signature authentication information corresponding with Services Code are generated;
Qualification approval module, for being authenticated to qualification information needed for certain a kind of business described in channel customer end;
Encryption and decryption service plan distribution module is used for after qualification information is by certification, to certain a kind of industry described in channel Business distribution secret authentication key and encryption and decryption service plan, and the secret authentication key, encryption and decryption service plan and service are compiled Code is corresponding.
Cloud platform encryption and decryption service cut-in method of the invention and access system, client only need same gateway interaction, and The specific subitem service of the multiclass of dispersion need not be called, client code is simplified, in whole cloud platform, outreach system and clearing system A large amount of exploitation and implementation cost are saved in the realization of system.Solve cloud platform data encryption, transmission and service logic exploitation Coupled problem, simplify the exploitation of the cryptographic services and signature authentication in financial settlement, payment transaction and safety certification process Amount reduces financial system safety certification, the development cost of Data Encryption Transmission and service logic, and data is uniformly processed by gateway Safety, improves the safety and stability of business.
Detailed description of the invention
By the way that embodiment is described in conjunction with following accompanying drawings, features described above of the invention and technological merit will become More understands and be readily appreciated that.
Fig. 1 is the flow diagram for indicating the cloud platform encryption and decryption service cut-in method of the embodiment of the present invention;
Fig. 2 is the module structure drafting for indicating the cloud platform encryption and decryption service access system of the embodiment of the present invention.
Specific embodiment
Cloud platform encryption and decryption of the present invention service cut-in method and access system described below with reference to the accompanying drawings Embodiment.Those skilled in the art will recognize, without departing from the spirit and scope of the present invention, can be with Described embodiment is modified with a variety of different modes or combinations thereof.Therefore, attached drawing and description are inherently said Bright property, it is not intended to limit the scope of the claims.In addition, in the present specification, attached drawing is drawn not in scale, and And identical appended drawing reference indicates identical part.
Cloud platform encryption and decryption services cut-in method, comprising the following steps:
Step S1, by SSL, (Secure Socket Layer provides safety and data integrity for network communication at channel customer end A kind of security protocol) secure network sent to gateway a certain channel certain a kind of business service access application, specifically, channel Client sends the service access application of certain a kind of business of a certain channel by held secret authentication key to gateway.Its In, for example, channel includes having channel, external networking government affairs mechanism channel, internet finance by oneself to access channel in financial field, Wherein, own channel includes management department's sales counter, acts on behalf site, loan center, phone, short message, wechat, mobile APP, self-service end End, website and these channels of online business hall.Outside networking government affairs mechanism channel include guarantee agency, business bank, live build portion, Capital construction commission is lived, through letter office, quality supervision, industry and commerce, social security, civil administration, planning, territory, public security, these channels of government affairs office by the People's Bank.
Each channel has different types of business.Such as bank, include at least inquiry class, loan application class, Settle accounts the types of business such as class.Different business of the various businesses being unfolded between each channel as channel.
Channel customer end can be the client of certain a kind of business of each channel.Client can include but is not limited to hand Machine, personal digital assistant (Personal Digital Assistant, PDA), radio hand-held equipment, tablet computer (Tablet Computer), PC (Personal Computer, PC) etc..Channel customer end can be one only for a kind of business Platform computer is also possible to a computer for multi-traffic.
Wherein, channel customer end, can also either carry out relevant operation by channel customer end by channel management person To be that channel customer end directly carries out relevant operation according to the program of setting.
Step S2, gateway receive after channel customer terminates service request, and whether verify its secret authentication key correct, If correct, encryption and decryption service is provided, gateway is channel to provide encryption and decryption service by such business of the channel of certification Client returns to corresponding encryption and decryption and services calculated result.For example, channel customer end input be the information such as Bank Account Number, then plus Decryption service will return to channel customer end by the bank account information of encryption, and channel customer end recycles the silver by encryption Row account information executes specific business.
If it is determined that secret authentication key mistake or there is no safety certification secret key, that is to say, that in a gateway to such industry Business is currently without the corresponding encryption and decryption scheme of distribution.Services Code is then generated by gateway and signature authentication information, the signature are recognized Card is exactly to sign by certain crypto-operation generation series of sign and code composition electronic cipher, writes signature to substitute Or seal.Services Code has no particular/special requirement, can be the combination of number, character or number and character, as long as can distinguish Come.Wherein, every a kind of business of corresponding each channel has a Services Code, and label corresponding with the Services Code Name certification.Gateway corresponds to the channel customer end and generates the corresponding Services Code of such business and signature authentication.For example, channel customer A kind of business at end is loan application, for example (corresponding loan application can be mounted in the loan on computer at channel customer end Money approval system) on input user information, the information such as Real Name, ID card No., Bank Account Number, the amount of the loan of submission, If not encrypting these information directly and submitting to loan approval system, it is likely to result in information leakage.So these information Encrypted result is all obtained by Encryption Algorithm by gateway, i.e., is encrypted as not directly understanding by the clear data directly understood Ciphertext data, are just sent to loan approval system, and approval system of providing a loan using safety certification secret key come the data to encryption It is decrypted, obtains the relevant information of loan application people input, approval system of then providing a loan executes relevant review operation again.Its In, the private data being related in loan approval process can be by gateway come encryption and decryption processing.
Step S3, after generating Services Code and signature authentication information, further to needed for such business of channel customer end Qualification information authenticated, the data information can be the data for representing the strength of enterprise, such as bank, can be with It is annual return, achievement increasing degree, receives number of deposits, total value etc. of offering loans.Required data information type can root According to needing to set in a gateway.The different business of corresponding different channel, the data information for needing to authenticate can be different.
Step S4, after qualification information is by certification, gateway, which is allocated safety to such service access service of channel, to be recognized Card key and encryption and decryption service plan, the encryption and decryption service plan can have different security levels, and security level is higher, Safety is better.The secret authentication key and encryption and decryption service plan are corresponding with Services Code, that is to say, that according to different Type of service distributes encryption and decryption service plan.For example, the inquiry class of banking channels distributes a kind of encryption and decryption scheme, banking channels Loan class distributes a kind of encryption and decryption scheme.And encryption and decryption service is converted into the service that channel customer end is able to use.Specifically, Required encryption and decryption service routine is encapsulated in a gateway, and encryption and decryption service routine can be using JAVA language, corresponding each to add Service plan is decrypted, provides encryption and decryption service using JAR packet.The JAR packet that channel customer end is provided by gateway calls built-in Corresponding encryption and decryption service can be completed in API (application programming interface) interface.In addition, the inhomogeneity business of different channels can To be to use identical encryption and decryption scheme, that is, call the same JAR packet.
Step S4 is that channel customer end is assigned with encryption and decryption service plan and safety certification secret key by step S1 to S3, Channel customer end can by SSL secure network access gateway, after through safety certification key confirmation and data information certification, The encryption and decryption service that is arranged in gateway can be used, complete safety certification, data encryption storage, transmission and data signature etc. with The related link of encryption and decryption.
It further, further include step S5, also generation audit log and exception record are in case carry out channel analysis, service is adjusted Dosage inquiry and performance, accident analysis.
In one alternate embodiment, secret authentication key regularly updates, and is after generating secret authentication key, by certain Period (such as every day) changes key.In more new key, the hashed value of current key is calculated using one-way hash function, and This hashed value is used as new key.It briefly, is exactly to use the hashed value of current key as next key.
In one alternate embodiment, in step S2, specific calculating is realized according to load-balancing algorithm and is assigned to conjunction Suitable computing unit.Specifically, gateway includes multiple computing units for encryption and decryption, is measured using load-balancing algorithm The calculation amount distributed on each computing unit.Each computing unit can be is deployed in more virtual servers or privately owned cloud service respectively On device.The load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, static load balancing algorithm It include: polling method, weighted polling method, priority method.Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response speed Degree method, observation prejudge method, dynamic polling method.
In one alternate embodiment, the algorithm that the rule encrypt, decrypted uses includes at least MD5 (Message Digest 5 5th edition), RSA (rivest, shamir, adelman), DES (data encryption standards, be it is a kind of using key encrypt block algorithm), AES (Advanced Encryption Standard), Base64 (a method of binary data is indicated based on 64 printable characters).
In one alternate embodiment, the gateway channel customer end to gateway send service access application when, First verify the validity at channel customer end.Specifically, with first verifying the title at channel customer end, physical address, network type, IP Location after being verified, could permit channel customer end to gateway and send service access application, prevent the client of not associated rights Arbitrarily initiate service access application in end.
In one alternate embodiment, gateway regularly update enciphering and deciphering algorithm type and corresponding enciphering and deciphering algorithm, Safeguard secret authentication key, computing unit quantity and the log services of channel access.
The present invention also provides a kind of cloud platform encryption and decryption service access system 10, cloud platform encryption and decryption service access systems 10 It is encapsulated in gateway.As shown in fig.2, being the module composition schematic diagram of cloud platform encryption and decryption service access system 10 of the present invention. Cloud platform encryption and decryption service access system 10 includes the safety certification secret key authentication module 101 being encapsulated in gateway, encryption and decryption clothes Business computing module 102, Services Code generation module 103, qualification approval module 104, encryption and decryption service plan distribution module 105.
Wherein, safety certification secret key authentication module 101 is sent out by SSL secure network to gateway for receiving channel customer end The service of a kind of business of certain of a certain channel sent accesses application, wherein for example, in financial field, channel include own channel, Outside networking government affairs mechanism channel, internet finance access channel, wherein own channel include management department's sales counter, act on behalf site, Loan center, phone, short message, wechat, mobile APP, self-aided terminal, website and these channels of online business hall.Outside networking political affairs Business mechanism channel include guarantee agency, business bank, live build portion, the People's Bank, live capital construction commission, through letter office, quality supervision, industry and commerce, social security, Civil administration, planning, territory, public security, these channels of government affairs office.
Each channel has different types of business.Such as bank, include at least inquiry class, loan application class, Settle accounts the types of business such as class.Different business of the various businesses being unfolded between each channel as channel.
Channel customer end can be the client of certain a kind of business of each channel.Client can include but is not limited to hand Machine, personal digital assistant (Personal Digital Assistant, PDA), radio hand-held equipment, tablet computer (Tablet Computer), PC (Personal Computer, PC) etc..Channel customer end can be one only for a kind of business Platform computer is also possible to a computer for multi-traffic.
Wherein, channel customer end, can also either carry out relevant operation by channel customer end by channel management person To be that channel customer end directly carries out relevant operation according to the program of setting.
Safety certification secret key authentication module 101 receives after channel customer terminates service request, verifies its safety certification Whether key is correct, and the verifying of safety certification secret key is correct, then sends a signal to encryption and decryption service computing module 102.
Encryption and decryption service computing module 102 returns to corresponding encryption and decryption for providing encryption and decryption service, for channel customer end Service calculated result.For example, the input of channel customer end is the information such as Bank Account Number, then encryption and decryption service will pass through the silver of encryption Row account information returns to channel customer end, and channel customer end recycles the bank account information by encryption to execute specific industry Business.
If safety certification secret key authentication module 101 judges secret authentication key mistake or does not have safety certification secret key, That is in a gateway to such business currently without the corresponding encryption and decryption scheme of distribution.Then by Services Code generation module 103 generate Services Code and signature authentication information.Services Code has no particular/special requirement, can be number, character or number and word The combination of symbol, as long as can distinguish.Wherein, every a kind of business of corresponding each channel has a Services Code, With signature authentication corresponding with the Services Code.Gateway corresponds to the channel customer end and generates the corresponding Services Code of such business And signature authentication.For example, a kind of business at channel customer end is loan application, such as in channel customer end (corresponding loan application The loan approval system that can be mounted on computer) on input user information, the Real Name of submission, ID card No., The information such as Bank Account Number, the amount of the loan are submitted to loan approval system if directly do not encrypted these information, may be made At information leakage.So these information, which all pass through gateway, obtains encrypted result, i.e., the plaintext that will directly understand by Encryption Algorithm Data encryption is the ciphertext data not directly understood, is just sent to loan approval system, and approval system of providing a loan utilizes peace It is complete to authenticate secret key the data of encryption to be decrypted, the relevant information of loan application people input is obtained, then loan examination & approval system System executes relevant review operation again.Wherein, the private data being related in loan approval process can pass through gateway Carry out encryption and decryption processing.
Qualification approval module 104 is for further recognizing qualification information needed for such business of channel customer end Card, the data information can be the data for representing the strength of enterprise, such as bank, can be annual return, achievement increases Long amplitude receives number of deposits, total value etc. of offering loans.Required data information type can according to need to be set in a gateway It is fixed.The different business of corresponding different channel, the data information for needing to authenticate can be different.
Encryption and decryption service plan distribution module 105 is used for after qualification information is by certification, is connect to such business of channel Enter service and be allocated secret authentication key and encryption and decryption service plan, the encryption and decryption service plan can have different peaces Full rank, security level is higher, and safety is better.The secret authentication key and encryption and decryption service plan and Services Code pair It answers, that is to say, that distribute encryption and decryption service plan according to different types of service.For example, the inquiry class of banking channels distributes one kind Encryption and decryption scheme, the loan class of banking channels distribute a kind of encryption and decryption scheme.And encryption and decryption service is converted into channel customer end The service being able to use.Specifically, required encryption and decryption service routine is encapsulated in a gateway, and encryption and decryption service routine, which can be, to be adopted With JAVA language, corresponding each encryption and decryption service plan provides encryption and decryption service using JAR packet.Channel customer end passes through gateway The JAR packet of offer calls built-in api interface that corresponding encryption and decryption service can be completed.In addition, the inhomogeneity industry of different channels Business can be using identical encryption and decryption scheme, that is, call the same JAR packet.
The above description is only a preferred embodiment of the present invention, is not intended to restrict the invention, for those skilled in the art For member, the invention may be variously modified and varied.All within the spirits and principles of the present invention, it is made it is any modification, Equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (10)

1. a kind of cloud platform encryption and decryption services cut-in method, which comprises the following steps:
Step S1, channel customer end send the service access application of certain a kind of business of a certain channel to gateway;
Step S2, gateway confirmation channel customer end whether sends secret authentication key and whether secret authentication key is correct, net It closes and provides encryption and decryption service for certain described a kind of business of the correct channel of secret authentication key, return and correspond to for channel customer end Encryption and decryption service calculated result,
Also, gateway is certain described a kind of industry of secret authentication key mistake or the channel customer end without safety certification secret key Business generates Services Code and signature authentication corresponding with the Services Code;
Step S3 authenticates qualification information needed for certain a kind of business described in channel customer end;
Step S4, after qualification information is by certification, gateway is corresponding with Services Code to certain a kind of traffic assignments described in channel Secret authentication key and encryption and decryption service plan.
2. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
In step S2, encryption and decryption service, channel are provided using the JAR packet corresponding with encryption and decryption service plan of encapsulation in a gateway Client calls built-in api interface to complete corresponding encryption and decryption service by the JAR packet that gateway provides.
3. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Channel customer end passes through SSL secure network access gateway.
4. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Further include step S5, also generates audit log and exception record.
5. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Secret authentication key regularly updates, and when updating secret authentication key, calculates current safety using one-way hash function and recognizes The hashed value of key is demonstrate,proved, and using hashed value as new secret authentication key.
6. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
In step S2, according to load-balancing algorithm by the distribution of computation tasks of encryption and decryption service to each computing unit.
7. cloud platform encryption and decryption according to claim 6 services cut-in method, which is characterized in that
The load-balancing algorithm includes static load balancing algorithm and Dynamic Load-balancing Algorithm, static load balancing algorithm packet It includes: polling method, weighted polling method, priority method;
Dynamic Load-balancing Algorithm includes: minimum connection number method, fastest response tachometric method, observation, anticipation method, dynamic polling Method.
8. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
Encryption, the algorithm that the rule of decryption uses include at least MD5, RSA, DES, AES, Base64.
9. cloud platform encryption and decryption according to claim 1 services cut-in method, which is characterized in that
The gateway channel customer end to gateway send service access application when, first verify channel customer end title, Physical address, network type, IP address.
10. a kind of cloud platform encryption and decryption service access system characterized by comprising
Safety certification secret key authentication module, for receiving and verifying certain one kind for a certain channel that channel customer end is sent to gateway The service of business accesses application;
Encryption and decryption services computing module, for providing encryption and decryption service, returns to corresponding encryption and decryption service meter for channel customer end Calculate result;
Services Code generation module, for judging secret authentication key mistake in safety certification secret key authentication module or not pacifying In the case where full certification secret key, Services Code and signature authentication information corresponding with Services Code are generated;
Qualification approval module, for being authenticated to qualification information needed for certain a kind of business described in channel customer end;
Encryption and decryption service plan distribution module, for dividing certain a kind of business described in channel after qualification information is by certification With secret authentication key and encryption and decryption service plan, and the secret authentication key, encryption and decryption service plan and Services Code pair It answers.
CN201910650539.4A 2019-07-18 2019-07-18 Cloud platform encryption and decryption service access method and access system Active CN110505205B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910650539.4A CN110505205B (en) 2019-07-18 2019-07-18 Cloud platform encryption and decryption service access method and access system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910650539.4A CN110505205B (en) 2019-07-18 2019-07-18 Cloud platform encryption and decryption service access method and access system

Publications (2)

Publication Number Publication Date
CN110505205A true CN110505205A (en) 2019-11-26
CN110505205B CN110505205B (en) 2021-04-23

Family

ID=68586067

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910650539.4A Active CN110505205B (en) 2019-07-18 2019-07-18 Cloud platform encryption and decryption service access method and access system

Country Status (1)

Country Link
CN (1) CN110505205B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806725A (en) * 2021-11-17 2021-12-17 北京翰凌科技有限公司 Financial business data cloud interaction method

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1734484A (en) * 2004-08-12 2006-02-15 华为技术有限公司 Network bank system and method by means of e-mail to pay
US20070143623A1 (en) * 2000-02-15 2007-06-21 Silverbrook Research Pty Ltd Method of validating consumable authentication chip
CN101848090A (en) * 2010-05-11 2010-09-29 武汉珞珈新世纪信息有限公司 Authentication device and system and method using same for on-line identity authentication and transaction
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN103546284A (en) * 2012-07-10 2014-01-29 北京虎符科技有限公司 Hufu token authentication system
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN106921678A (en) * 2017-04-27 2017-07-04 中国舰船研究设计中心 A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery
CN107403077A (en) * 2016-05-20 2017-11-28 中文在线数字出版集团股份有限公司 A kind of strong copyrighted product management system for adapting to right and splitting and combining

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143623A1 (en) * 2000-02-15 2007-06-21 Silverbrook Research Pty Ltd Method of validating consumable authentication chip
CN1734484A (en) * 2004-08-12 2006-02-15 华为技术有限公司 Network bank system and method by means of e-mail to pay
CN101848090A (en) * 2010-05-11 2010-09-29 武汉珞珈新世纪信息有限公司 Authentication device and system and method using same for on-line identity authentication and transaction
CN103546284A (en) * 2012-07-10 2014-01-29 北京虎符科技有限公司 Hufu token authentication system
CN102916968A (en) * 2012-10-29 2013-02-06 北京天诚盛业科技有限公司 Identity authentication method, identity authentication server and identity authentication device
CN105323062A (en) * 2014-06-03 2016-02-10 北京收付宝科技有限公司 Mobile terminal digital certificate electronic signature method
CN107403077A (en) * 2016-05-20 2017-11-28 中文在线数字出版集团股份有限公司 A kind of strong copyrighted product management system for adapting to right and splitting and combining
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN106921678A (en) * 2017-04-27 2017-07-04 中国舰船研究设计中心 A kind of unified safety authentication platform of the carrier-borne information system of integrated isomery

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806725A (en) * 2021-11-17 2021-12-17 北京翰凌科技有限公司 Financial business data cloud interaction method
CN113806725B (en) * 2021-11-17 2022-02-25 北京翰凌科技有限公司 Financial business data cloud interaction method

Also Published As

Publication number Publication date
CN110505205B (en) 2021-04-23

Similar Documents

Publication Publication Date Title
CN110692214B (en) Method and system for ownership verification using blockchain
AU2017240682B2 (en) Systems and methods for providing data privacy in a private distributed ledger
US9756023B2 (en) Token-based secure data management
US11521276B2 (en) Decentralized computing with auditability and taxability
US9406186B2 (en) System and method for providing limited access to data
Industry Data security standard
CN112287379B (en) Service data using method, device, equipment, storage medium and program product
CN105978855B (en) Personal information safety protection system and method under a kind of system of real name
US20230298012A1 (en) Systems and methods for substitute low-value tokens in secure network transactions
US11233772B1 (en) Methods and systems for secure cross-platform token exchange
KR20170140215A (en) Methods and systems for transaction security
CN110471908A (en) A kind of joint modeling method and device
CN112308236A (en) Method, device, electronic equipment and storage medium for processing user request
KR102211033B1 (en) Agency service system for accredited certification procedures
CN115409511B (en) Personal information protection system based on block chain
Sung et al. Mobile Payment Based on Transaction Certificate Using Cloud Self‐Proxy Server
CN110505205A (en) Cloud platform encryption and decryption services cut-in method and access system
CN201327659Y (en) Credible card reading device
KR102199486B1 (en) Authorized authentication agency for content providers
Awwad et al. Development of a Secure Model for Mobile Government Applications in Jordan
Nosrati et al. A review of mobile banking security
CN113344551A (en) Multi-head credit granting method, device, equipment and medium based on zero-knowledge proof technology
CN112929177A (en) Block chain anonymous user auditing method and system applied to block chain server
Dass et al. Security framework for addressing the issues of trust on mobile financial services
CN112257084A (en) Personal information storage and monitoring method, system and storage medium based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant