CN111934886A - RSA-based credit investigation report unified display method - Google Patents
RSA-based credit investigation report unified display method Download PDFInfo
- Publication number
- CN111934886A CN111934886A CN202010741691.6A CN202010741691A CN111934886A CN 111934886 A CN111934886 A CN 111934886A CN 202010741691 A CN202010741691 A CN 202010741691A CN 111934886 A CN111934886 A CN 111934886A
- Authority
- CN
- China
- Prior art keywords
- token
- report
- access
- platform
- rsa
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention particularly relates to a RSA-based credit investigation report unified display method. The RSA-based credit investigation report unified display method combines the authority comparison test and the service transmission participation, controls the currently acquired Token, only allows the parameter appointed when calling the request Token, and can not be modified; adopting a front-end and back-end separation technology server side to be responsible for butt joint with a third party, Token issuing, Token verification, report data acquisition and calling condition monitoring, and a display side acquiring report data through the Token; and when the server issues the Token and the verification Token, the server controls the report template which can be accessed by the current access party. The RSA-based credit investigation report unified display method solves the problems of high interface complexity and tedious application access work when two access reports or web access interfaces are used, meanwhile, an access party only needs to transmit corresponding service parameters into a report platform in the process of obtaining a Token, and the obtained Token only has the authority of calling the report corresponding to the parameters, so that the safety is greatly enhanced.
Description
Technical Field
The invention relates to the technical field of web, java and data storage, in particular to a RSA-based credit investigation report unified display method.
Background
With the development of internet technology, the business requirements are changing rapidly, and the product complexity is also rapidly promoted, so that development, test, operation and maintenance personnel need to spend a large amount of work to carry out the butt joint of the API interfaces, especially the complicated API interfaces, when the platforms are in butt joint. On the other hand, when the interface data item is modified, all accessed platforms need to be modified correspondingly.
The following problems are often encountered when two access reports or web access interfaces:
the first problem is that under the conditions of high interface complexity and multiple data items, the application end is required to access tedious work;
another problem is that once multiple platforms are accessed, the data items returned by the reporting interface can no longer be changed; if the access party is changed, all the access parties are required to be changed, otherwise, an error or an exception is reported;
there is also a problem that security is not secured.
Based on the problems, the invention provides a RSA-based credit investigation report unified display method.
Disclosure of Invention
In order to make up for the defects of the prior art, the invention provides a simple and efficient RSA-based credit investigation report unified display method.
The invention is realized by the following technical scheme:
a RSA-based credit investigation report unified display method is characterized in that: based on an RSA asymmetric encryption method, the method is used as a trust basis for communication between two access parties;
the authority comparison and the service transmission are combined, the currently acquired Token is controlled, only the parameter appointed when the request Token is called is allowed, and the parameter can not be modified;
adopting a front-end and back-end separation technology server side to be responsible for butt joint with a third party, Token issuing, Token verification, report data acquisition and calling condition monitoring, and a display side acquiring report data through the Token;
and when the server issues the Token and the verification Token, the server controls the report template which can be accessed by the current access party.
Before the communication access work starts, the platform side and the access side perform off-line butt joint work in the earlier stage, and the method comprises the following steps:
s1, both communication parties generate a public and private key pair, and store respective private keys to exchange public keys;
s2, providing an APPKey (API interface verification serial number) to an access party by a platform direction, wherein the APPKey is used as a unique access party identifier;
and S3, the platform provides necessary corresponding service parameter specifications to the access party so as to interface the service.
After the earlier stage offline butting work of the platform side and the access side is finished, the access side platform and the report platform carry out specific access work;
the report platform comprises a report platform service end and a report platform display end, wherein the report platform service end and the report platform display end are defined as a platform system of the own party, and the report access party is defined as a third-party application.
The access side platform operates according to the following steps, namely, the report service with higher complexity can be accessed in a page form and displayed, and the specific steps are as follows:
s1, an access party platform takes an appointed parameter as an access parameter, corresponding RSA encryption is carried out, and an interface provided by a report platform server is called to obtain a Token;
s2, splicing the Token into a URL (Uniform Resource Locator) with a fixed prefix, and displaying the Token in a self-defined mode in an iframe or embedded self-contained page.
In step S1, the Token validity period is 10min, and is destroyed after successfully accessing once.
The report platform server is responsible for access authority verification, access behavior recording and report data providing, and the specific implementation steps are as follows:
s1, providing an interface for acquiring a Token;
s2, caching a Token and a service parameter;
s3, verifying the validity of the Token and verifying the calling authority;
s4, comparing the legality of the parameters;
and S5, providing report detailed parameters.
The report platform display end is responsible for parameter transmission, corresponding page display and interface calling, and the specific implementation steps are as follows:
s1, calling a Token verification interface to verify the validity of the Token;
s2, redirecting to a corresponding page according to the check result;
s3, loading detailed report data;
and S4, service display.
In the step S1, if the Token fails to pass the validity verification or the detailed data loading failure is reported in the step S3, the Token is redirected to an abnormal page.
The invention has the beneficial effects that: the RSA-based credit investigation report unified display method solves the problems of high interface complexity and tedious application access work when two access reports or web access interfaces are used, meanwhile, an access party only needs to transmit corresponding service parameters into a report platform in the process of obtaining a Token, and the obtained Token only has the authority of calling the report corresponding to the parameters, so that the safety is greatly enhanced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a unified display method of a credit investigation report based on RSA according to the present invention.
Fig. 2 is a schematic view of a business process of a presentation end of a report platform according to the present invention.
Fig. 3 is a schematic diagram of a service flow of a report platform server according to the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the technical solution in the embodiment of the present invention will be clearly and completely described below with reference to the embodiment of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The RSA-based credit investigation report unified display method is based on an RSA asymmetric encryption method and used as a trust basis for communication between two access parties;
the authority comparison and the service transmission are combined, the currently acquired Token is controlled, only the parameter appointed when the request Token is called is allowed, and the parameter can not be modified;
adopting a front-end and back-end separation technology server side to be responsible for butt joint with a third party, Token issuing, Token verification, report data acquisition and calling condition monitoring, and a display side acquiring report data through the Token;
and when the server issues the Token and the verification Token, the server controls the report template which can be accessed by the current access party.
Before the communication access work starts, the platform side and the access side perform off-line butt joint work in the earlier stage, and the method comprises the following steps:
s1, both communication parties generate a public and private key pair, and store respective private keys to exchange public keys;
s2, providing an APPKey (API interface verification serial number) to an access party by a platform direction, wherein the APPKey is used as a unique access party identifier;
and S3, the platform provides necessary corresponding service parameter specifications to the access party so as to interface the service.
After the earlier stage offline butting work of the platform side and the access side is finished, the access side platform and the report platform carry out specific access work;
the report platform comprises a report platform service end and a report platform display end, wherein the report platform service end and the report platform display end are defined as a platform system of the own party, and the report access party is defined as a third-party application.
The access side platform operates according to the following steps, namely, the report service with higher complexity can be accessed in a page form and displayed, and the specific steps are as follows:
s1, an access party platform takes an appointed parameter as an access parameter, corresponding RSA encryption is carried out, and an interface provided by a report platform server is called to obtain a Token;
s2, splicing the Token into a URL (Uniform Resource Locator) with a fixed prefix, and displaying the Token in a self-defined mode in an iframe or embedded self-contained page.
In step S1, the Token validity period is 10min, and is destroyed after successfully accessing once.
The report platform server is responsible for access authority verification, access behavior recording and report data providing, and the specific implementation steps are as follows:
s1, providing an interface for acquiring a Token;
s2, caching a Token and a service parameter;
s3, verifying the validity of the Token and verifying the calling authority;
s4, comparing the legality of the parameters;
and S5, providing report detailed parameters.
The report platform display end is responsible for parameter transmission, corresponding page display and interface calling, and the specific implementation steps are as follows:
s1, calling a Token verification interface to verify the validity of the Token;
s2, redirecting to a corresponding page according to the check result;
s3, loading detailed report data;
and S4, service display.
In the step S1, if the Token fails to pass the validity verification or the detailed data loading failure is reported in the step S3, the Token is redirected to an abnormal page.
Compared with the prior art, the RSA-based credit investigation report unified display method has the following characteristics:
firstly, the problem that the access of an application terminal is complicated under the conditions of high interface complexity and multiple data items when two access reports or web access interfaces are solved;
secondly, once a plurality of platforms are accessed, the data items returned by the report interface can not be changed any more, if the data items are changed, all access parties are required to be changed, otherwise, errors or abnormity can be reported;
thirdly, the security is reinforced, the access party only needs to transmit the corresponding service parameters to the report platform in the process of acquiring the Token, and the acquired Token only has the authority of calling the report corresponding to the parameters;
and fourthly, all the calling records, the processes and the results of the access parties are monitored and controlled.
The above-described embodiment is only one specific embodiment of the present invention, and general changes and substitutions by those skilled in the art within the technical scope of the present invention are included in the protection scope of the present invention.
Claims (8)
1. A RSA-based credit investigation report unified display method is characterized in that: based on an RSA asymmetric encryption method, the method is used as a trust basis for communication between two access parties;
the authority comparison and the service transmission are combined, the currently acquired Token is controlled, only the parameter appointed when the request Token is called is allowed, and the parameter can not be modified;
adopting a front-end and back-end separation technology server side to be responsible for butt joint with a third party, Token issuing, Token verification, report data acquisition and calling condition monitoring, and a display side acquiring report data through the Token;
and when the server issues the Token and the verification Token, the server controls the report template which can be accessed by the current access party.
2. The RSA-based credit investigation report unified presentation method of claim 1, characterized in that: before the communication access work starts, the platform side and the access side perform off-line butt joint work in the earlier stage, and the method comprises the following steps:
s1, both communication parties generate a public and private key pair, and store respective private keys to exchange public keys;
s2, providing an APPKey as a unique access party identifier by the access party from the platform direction;
and S3, the platform provides necessary corresponding service parameter specifications to the access party so as to interface the service.
3. The RSA-based credit investigation report unified presentation method according to claim 1 or 2, characterized in that: after the earlier stage offline butting work of the platform side and the access side is finished, the access side platform and the report platform carry out specific access work;
the report platform comprises a report platform service end and a report platform display end, wherein the report platform service end and the report platform display end are defined as a platform system of the own party, and the report access party is defined as a third-party application.
4. The RSA-based credit investigation report unified presentation method of claim 3, characterized in that: the access side platform operates according to the following steps, namely, the report service with higher complexity can be accessed in a page form and displayed, and the specific steps are as follows:
s1, an access party platform takes an appointed parameter as an access parameter, corresponding RSA encryption is carried out, and an interface provided by a report platform server is called to obtain a Token;
s2, splicing the Token into the URL with the fixed prefix, and displaying the Token in a user-defined mode in an iframe or embedded self-owned page mode.
5. The RSA-based credit investigation report unified presentation method of claim 4, wherein: in step S1, the Token validity period is 10min, and is destroyed after successfully accessing once.
6. The RSA-based credit investigation report unified presentation method of claim 3, characterized in that: the report platform server is responsible for access authority verification, access behavior recording and report data providing, and the specific implementation steps are as follows:
s1, providing an interface for acquiring a Token;
s2, caching a Token and a service parameter;
s3, verifying the validity of the Token and verifying the calling authority;
s4, comparing the legality of the parameters;
and S5, providing report detailed parameters.
7. An RSA-based credit investigation report unified presentation method as claimed in claim 3 or 6, characterized in that: the report platform display end is responsible for parameter transmission, corresponding page display and interface calling, and the specific implementation steps are as follows:
s1, calling a Token verification interface to verify the validity of the Token;
s2, redirecting to a corresponding page according to the check result;
s3, loading detailed report data;
and S4, service display.
8. The RSA-based credit investigation report unified presentation method of claim 7, characterized in that: said step (c) is
In S1, if the Token fails to pass the validity verification or the detailed data loading failure is reported in step S3, the Token is redirected to an abnormal page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010741691.6A CN111934886A (en) | 2020-07-29 | 2020-07-29 | RSA-based credit investigation report unified display method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010741691.6A CN111934886A (en) | 2020-07-29 | 2020-07-29 | RSA-based credit investigation report unified display method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111934886A true CN111934886A (en) | 2020-11-13 |
Family
ID=73315561
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010741691.6A Pending CN111934886A (en) | 2020-07-29 | 2020-07-29 | RSA-based credit investigation report unified display method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111934886A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113420194A (en) * | 2021-05-07 | 2021-09-21 | 上海汇付数据服务有限公司 | Method and system for displaying data |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101452555A (en) * | 2008-12-31 | 2009-06-10 | 中国建设银行股份有限公司 | Method for enquiring personal credit information, system and personal credit enquiring system |
CN104094304A (en) * | 2012-12-03 | 2014-10-08 | 益百利信息解决方案公司 | Systems and methods for providing a customizable credit report |
CN104980983A (en) * | 2014-04-03 | 2015-10-14 | 联想(北京)有限公司 | Service switching method and device |
CN108737110A (en) * | 2018-05-23 | 2018-11-02 | 中汇会计师事务所(特殊普通合伙) | A kind of data encryption and transmission method and device for anti-replay-attack |
CN108881116A (en) * | 2017-05-11 | 2018-11-23 | 阿里巴巴集团控股有限公司 | Show the implementation method and device of sensitive information |
-
2020
- 2020-07-29 CN CN202010741691.6A patent/CN111934886A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101452555A (en) * | 2008-12-31 | 2009-06-10 | 中国建设银行股份有限公司 | Method for enquiring personal credit information, system and personal credit enquiring system |
CN104094304A (en) * | 2012-12-03 | 2014-10-08 | 益百利信息解决方案公司 | Systems and methods for providing a customizable credit report |
CN104980983A (en) * | 2014-04-03 | 2015-10-14 | 联想(北京)有限公司 | Service switching method and device |
CN108881116A (en) * | 2017-05-11 | 2018-11-23 | 阿里巴巴集团控股有限公司 | Show the implementation method and device of sensitive information |
CN108737110A (en) * | 2018-05-23 | 2018-11-02 | 中汇会计师事务所(特殊普通合伙) | A kind of data encryption and transmission method and device for anti-replay-attack |
Non-Patent Citations (1)
Title |
---|
武新华等, 中国铁道出版社 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113420194A (en) * | 2021-05-07 | 2021-09-21 | 上海汇付数据服务有限公司 | Method and system for displaying data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102201235B1 (en) | Service process system, service data processing method and device | |
CN103973781B (en) | A kind of screen monitor method and its system based on proxy server | |
US10379984B2 (en) | Compliance testing through sandbox environments | |
CN111460129B (en) | Method, device, electronic equipment and storage medium for generating identification | |
CN102201934A (en) | Patrolling method and system for centralized management distributed automatic testing | |
US7995485B1 (en) | Method and apparatus for providing automated diagnostics of networks | |
CN104346365A (en) | Device and method for determining specific service associated logs | |
CN110088744A (en) | A kind of database maintenance method and its system | |
CN110493239B (en) | Authentication method and device | |
CN110581824A (en) | Quick login management system based on multiple WeChat public numbers | |
WO2015047922A1 (en) | Automated risk tracking through compliance testing | |
CN113315828A (en) | Traffic recording method and device, traffic recording equipment and storage medium | |
CN106357430A (en) | Method and system for service state monitoring of cloud computing cluster | |
CN111934886A (en) | RSA-based credit investigation report unified display method | |
CN111556080A (en) | Network node monitoring method, device, medium and electronic equipment | |
CN112702198B (en) | Abnormal root cause positioning method and device, electronic equipment and storage medium | |
CN113806187A (en) | Intelligent one-stop operation and maintenance service method and platform | |
CN111445251A (en) | Method and system for processing important blank voucher and block chain platform | |
CN113810415B (en) | Method for host account operation and maintenance free through fort machine | |
CN113778709B (en) | Interface calling method, device, server and storage medium | |
CN109445993A (en) | A kind of detection method and relevant apparatus of file system health status | |
CN115190293A (en) | Dial testing method and device, electronic equipment and computer storage medium | |
CN108833105A (en) | Electric endorsement method and device | |
CN111245971B (en) | Method, system and storage medium for modifying network server BMC host name | |
CN113421052A (en) | Data sharing management method, system and computer readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |