CN114826612A - Data interaction method, device, equipment and storage medium - Google Patents

Data interaction method, device, equipment and storage medium Download PDF

Info

Publication number
CN114826612A
CN114826612A CN202210419298.4A CN202210419298A CN114826612A CN 114826612 A CN114826612 A CN 114826612A CN 202210419298 A CN202210419298 A CN 202210419298A CN 114826612 A CN114826612 A CN 114826612A
Authority
CN
China
Prior art keywords
request
data
interaction
permission
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210419298.4A
Other languages
Chinese (zh)
Other versions
CN114826612B (en
Inventor
张伟春
邱振涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weway Shenzhen Network Technology Co ltd
Original Assignee
Weway Shenzhen Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weway Shenzhen Network Technology Co ltd filed Critical Weway Shenzhen Network Technology Co ltd
Priority to CN202210419298.4A priority Critical patent/CN114826612B/en
Publication of CN114826612A publication Critical patent/CN114826612A/en
Application granted granted Critical
Publication of CN114826612B publication Critical patent/CN114826612B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of security, and discloses a data interaction method, which comprises the following steps: the method comprises the steps of carrying out signature encryption on a data interaction request to obtain an encrypted interaction request, balancing the load of the encrypted interaction request to a preset gateway system, matching an application program white list in the gateway system according to the encrypted interaction request, if the matching is successful, identifying the request permission of the encrypted interaction request, calling permission data corresponding to the permission according to the request permission of the encrypted interaction request, if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interaction request to obtain a decrypted interaction request, identifying the request permission of the decrypted interaction request, calling permission data corresponding to the permission according to the request permission of the decrypted interaction request, and carrying out sensitive data encryption processing on the permission data to obtain encrypted interaction data. The invention also provides a data interaction device, electronic equipment and a computer readable storage medium. The invention can solve the problem of low data interaction safety.

Description

Data interaction method, device, equipment and storage medium
Technical Field
The present invention relates to the field of security technologies, and in particular, to a data interaction method and apparatus, an electronic device, and a computer-readable storage medium.
Background
With the development of internet technology, the internet brings the current society into the big data era, and data interaction among big data, such as data integration, data analysis, data mining and the like, can bring immeasurable value to a plurality of enterprise platforms, and the value of the data is gradually reflected. The data interaction of the internet service platform has low interaction efficiency, meanwhile, the data interaction has risk of data leakage (data tampering or other malicious attack means), once the data is leaked, not only the personal and property of the user are threatened, but also the security of the country and the company is threatened, and the idea of the user is easily wrapped. As such, higher security requirements are placed on data interaction between the current services.
Disclosure of Invention
The invention provides a data interaction method, a data interaction device, data interaction equipment and a storage medium, and mainly aims to solve the problem of low data interaction security.
In order to achieve the above object, the present invention provides a data interaction method, which includes:
when a data interaction request is received, signing and encrypting the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system;
matching an application program white list in the gateway system according to the encrypted interaction request;
if the matching is successful, the request permission of the encrypted interaction request is identified, and permission data of the corresponding permission is called according to the request permission of the encrypted interaction request;
if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interactive request to obtain a decrypted interactive request, identifying the request permission of the decrypted interactive request, and calling permission data of corresponding permission according to the request permission of the decrypted interactive request;
and carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
Optionally, the performing signature encryption on the data interaction request to obtain an encrypted interaction request includes:
performing hash processing on a request message in the data interaction request by using a preset hash algorithm to obtain a hash signature;
carrying out signature processing on the hash signature and the data interaction request by using a preset first private key to obtain a signature processing request;
and encrypting the signing request by using a preset second public key to obtain the encrypted interaction request.
Optionally, the load balancing the encrypted interaction request to a preset gateway system includes:
and carrying out load balancing on the encryption interaction request by utilizing an asynchronous non-blocking event processing mechanism of Nginx, and distributing the encryption interaction request after load balancing to the gateway system.
Optionally, the matching an application white list in the gateway system according to the encrypted interaction request includes:
extracting a request IP in the encrypted interaction request;
searching an application IP corresponding to the application program in the application program white list by using the request IP;
when the application IP corresponding to the request IP is found, the encryption interaction request is successfully matched with the application programs in the application program white list, and the found application program corresponding to the application IP is determined to be the application program successfully matched with the encryption interaction request;
and when the application IP corresponding to the request IP is not found, determining that the encryption interaction request is unsuccessfully matched with the application program in the application program white list.
Optionally, the authenticating the request permission of the encrypted interaction request and invoking permission data of a corresponding permission according to the request permission of the encrypted interaction request includes:
and extracting the authentication identification of the encryption interaction request, matching the request permission corresponding to the authentication identification from a preset permission identification library, and calling permission data corresponding to the request permission from an application program corresponding to the application IP matched with the request IP.
Optionally, the decrypting and signature verifying processing on the encrypted interaction request to obtain a decrypted interaction request includes:
decrypting the encrypted interaction request by using a second private key corresponding to the second public key to obtain an original decryption request;
decrypting the original decryption request by using a first public key corresponding to the first private key to obtain a decrypted hash signature and a decrypted request;
performing hash processing on the request message in the decryption request by using the hash algorithm to obtain a comparison hash signature;
comparing whether the decrypted hash signature and the compared hash signature are consistent;
if the decrypted hash signature is inconsistent with the compared hash signature, determining that the decryption and signature verification are failed, and giving an alarm;
and if the decrypted hash signature is consistent with the compared hash signature, determining that the decryption and signature verification are successful, and taking the decryption request as a decryption interaction request.
Optionally, the encrypting the sensitive data to the authority data to obtain encrypted interactive data includes:
judging whether the data text in the authority data has continuous preset numbers of numbers and preset characters;
if the data text has no continuous preset number of digits and preset characters, directly feeding the called authority data back to the sending end of the data interaction request;
if the data text has continuous preset numbers of digits, a preset encryption machine is used for encrypting the continuous preset numbers of digits and judging whether the text has preset characters or not, if the text does not have the preset characters, the text is not processed, if the text has the preset characters, the encryption machine is used for encrypting the characters, and encrypted interactive data are fed back to a sending end of the data interaction request.
In order to solve the above problem, the present invention further provides a data interaction apparatus, including:
the load balancing module is used for carrying out signing encryption on the data interaction request when the data interaction request is received to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system;
the interactive request matching module is used for matching an application program white list in the gateway system according to the encrypted interactive request;
the data calling module is used for identifying the request permission of the encrypted interaction request if the matching is successful, calling permission data of corresponding permission according to the request permission of the encrypted interaction request, carrying out decryption and signature verification processing on the encrypted interaction request if the matching is unsuccessful, obtaining a decrypted interaction request, identifying the request permission of the decrypted interaction request, and calling the permission data of corresponding permission according to the request permission of the decrypted interaction request;
and the sensitive data encryption module is used for carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the data interaction method.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, which stores at least one instruction, and the at least one instruction is executed by a processor in an electronic device to implement the data interaction method described above.
According to the invention, the data interaction request is signed and encrypted to obtain the encrypted interaction request, and the encrypted interaction request is subjected to load balancing, so that the encrypted interaction request can be distributed stably, and the data interaction efficiency is improved. And the data interaction request successfully matched in the application program white list is directly authenticated, and the data interaction request unsuccessfully matched in the application program white list is decrypted, checked and signed and then authenticated, so that the data interaction rate is improved, and the safety of the data interaction request is also ensured. Meanwhile, sensitive data encryption is carried out on data called by the data interaction request, and the data security is further improved. Therefore, the data interaction method, the data interaction device, the electronic equipment and the computer readable storage medium provided by the invention can solve the problem of low data interaction security.
Drawings
Fig. 1 is a schematic flowchart of a data interaction method according to an embodiment of the present invention;
FIG. 2 is a functional block diagram of a data interaction device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electronic device of a data interaction method according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The embodiment of the application provides a data interaction method. The execution subject of the data interaction method includes, but is not limited to, at least one of electronic devices that can be configured to execute the method provided by the embodiments of the present application, such as a server, a terminal, and the like. In other words, the data interaction method may be performed by software or hardware installed in the terminal device or the server device, and the software may be a block chain platform. The server includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
Fig. 1 is a schematic flow chart of a data interaction method according to an embodiment of the present invention.
In this embodiment, the data interaction method includes:
and S1, when a data interaction request is received, performing signature encryption on the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system.
In the embodiment of the invention, the data interaction is data calling, storage, transmission and the like among services in the Internet platform. The data interaction request comprises data requesting interaction, authentication identification, a request message and the like, wherein the request message comprises a request IP, a destination port, a source address, a source port, data length, a used protocol, encryption and the like. The preset Gateway system may be an API Gateway (Gateway) system, which is a unified entry for centrally processing all data interaction requests, and the API Gateway has a primary function of being responsible for uniformly accessing each data interaction request, then converting a protocol requested by each service party into an internal interface protocol, and associating the internal interface protocol with a corresponding application program or service through the interface protocol, and the API Gateway includes functions of unified access, protocol adaptation, traffic management, fault tolerance, security protection, and the like.
In this embodiment, the data interaction request is sent by a data request end, for example, the data interaction request is sent by a client end and received by a server end.
Specifically, the signing and encrypting the data interaction request to obtain an encrypted interaction request includes:
performing hash processing on a request message in the data interaction request by using a preset hash algorithm to obtain a hash signature;
carrying out signature processing on the hash signature and the data interaction request by using a preset first private key to obtain a signature request;
and encrypting the signing request by using a preset second public key to obtain the encrypted interaction request.
In the embodiment of the invention, the preset hash algorithm can be a hash algorithm such as MD5, and the efficiency of data signature verification can be improved by utilizing the irreversibility of the hash algorithm and the characteristic that the same content can generate the hash value with the same fixed length.
In an optional embodiment of the present invention, the first private key and the second public key may be generated by an SM2 (asymmetric encryption) encryption machine.
In detail, the load balancing the encrypted interaction request to a preset gateway system includes:
and carrying out load balancing on the encryption interaction request by utilizing an asynchronous non-blocking event processing mechanism of Nginx, and distributing the encryption interaction request after load balancing to the gateway system.
In the embodiment of the present invention, the Nginx includes a master process (main process) and a plurality of worker processes (work processes), wherein the master process is mainly used for managing the worker processes, and includes: receiving a request from the outside; sending a request to each worker process; monitoring the running state of the worker process; and when the worker process is quitted (under an abnormal condition), a new worker process can be automatically restarted, and the like. The worker process is used for processing basic network events (namely data interaction requests), a plurality of worker processes are peer-to-peer, the worker processes compete for requests from a client equally, the processes are independent of each other, one request can be processed in one worker process, and the requests of other processes cannot be processed simultaneously by one worker process.
In an optional embodiment of the present invention, the asynchronous non-blocking event processing mechanism includes a select/poll/epoll/kqueue mechanism, and may monitor multiple data interaction requests simultaneously, and concurrently process a large number of data interaction requests, taking epoll as an example: when the event corresponding to the data interaction request is not ready, the event is placed in an epoll (queue), if the event is ready, the worker process is utilized to process, and the event is waiting in the epoll only when all the events are not ready. Because each worker process is a single thread, compared with multi-thread processing, redundant threads do not need to be created, and therefore a large amount of lightweight high-concurrency requests can be processed through an asynchronous non-blocking event processing mechanism.
S2, matching the application program white list in the gateway system according to the encrypted interaction request.
In the embodiment of the present invention, the application white list includes all application programs with service invocation permission, which are maintained in advance.
Specifically, the matching an application white list in the gateway system according to the encrypted interaction request includes:
extracting a request IP in the encrypted interaction request;
searching an application IP corresponding to the application program in the application program white list by using the request IP;
when the application IP corresponding to the request IP is found, the encryption interaction request is successfully matched with the application programs in the application program white list, and the found application program corresponding to the application IP is determined to be the application program successfully matched with the encryption interaction request;
and when the application IP corresponding to the request IP is not found, determining that the encryption interaction request is unsuccessfully matched with the application program in the application program white list.
And S3, if the matching is successful, identifying the request permission of the encrypted interaction request, and calling permission data of corresponding permission according to the request permission of the encrypted interaction request.
Specifically, if the matching is successful, the request permission of the encrypted interaction request is authenticated, and permission data of a corresponding permission is called according to the request permission of the encrypted interaction request, including:
and extracting the authentication identification of the encryption interaction request, matching the request permission corresponding to the authentication identification from a preset permission identification library, and calling permission data corresponding to the request permission from an application program corresponding to the application IP matched with the request IP.
In an optional embodiment of the present invention, the authentication identifier may be an Authorization field of a header of an HTTP request, a Token identifier sent by the encryption interaction request sending end, or the like. The preset authority identification base stores authentication identifications and request authorities corresponding to the authentication identifications, wherein the authentication identifications correspond to the request authorities one to one.
In the embodiment of the invention, by maintaining the application program white list, for the application program which is requested to hit, only the authority corresponding to the request needs to be identified, and the user-defined part (such as decryption and signature verification of a data message) is allowed to be skipped, so that the data interaction rate is improved.
S4, if the matching is unsuccessful, the encrypted interactive request is decrypted and checked to obtain a decrypted interactive request, the request permission of the decrypted interactive request is identified, and permission data corresponding to the permission is called according to the request permission of the decrypted interactive request.
Specifically, the decrypting and signature verifying processing on the encrypted interaction request to obtain a decrypted interaction request includes:
decrypting the encrypted interaction request by using a second private key corresponding to the second public key to obtain an original decryption request;
decrypting the original decryption request by using a first public key corresponding to the first private key to obtain a decrypted hash signature and a decrypted request;
performing hash processing on the request message in the decryption request by using the hash algorithm to obtain a comparison hash signature;
comparing whether the decrypted hash signature and the compared hash signature are consistent;
if the decrypted hash signature is inconsistent with the compared hash signature, determining that the decryption and signature verification are failed, and giving an alarm;
and if the decrypted hash signature is consistent with the compared hash signature, determining that the decryption and signature verification are successful, and taking the decryption request as a decryption interaction request.
In the embodiment of the invention, for the encryption interaction request which is not hit in the application program white list, the request needs to be decrypted and checked, and then authentication processing is carried out, so that illegal requests can be intercepted, and the safety during data interaction is improved.
Optionally, the step of invoking the corresponding right according to the request right of the decryption interaction request is similar to that in S3, and is not described herein again.
And S5, carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
In the embodiment of the present invention, the encrypting the sensitive data of the authority data to obtain encrypted interactive data includes:
judging whether the data text in the authority data has continuous preset numbers of numbers and preset characters;
if the data text has no continuous preset number of digits and preset characters, directly feeding the called authority data back to the sending end of the data interaction request;
if the data text has continuous preset numbers of digits, a preset encryption machine is used for encrypting the continuous preset numbers of digits and judging whether the text has preset characters or not, if the text does not have the preset characters, the text is not processed, if the text has the preset characters, the encryption machine is used for encrypting the characters, and encrypted interactive data are fed back to a sending end of the data interaction request.
In an optional embodiment of the present invention, the preset encryption device may be a packet data algorithm encryption device of the SM4 wireless lan standard.
In the embodiment of the invention, the calling of sensitive data needs to be encrypted, and simultaneously, because the data volume is too much, the numbers are preferentially encrypted, and then characters are encrypted, for example, whether the data characters have more than 6 continuous digits is judged, if yes, the data is judged to possibly have identification cards, mobile phone numbers and the like, and all continuous numbers are directly encrypted; then judging whether the data characters have the characters of "@ XX.com", if so, defaulting the first 5 characters of "@ XX.com" before @ and carrying out encryption processing; if the characters have 'company' and 'limited', the character is considered to contain the company name, and the front 10 character heads are encrypted; if "city", "district", "county", "street", "fidget", "alley", "road", etc. appear in the data text, the entire text is encrypted.
According to the invention, the data interaction request is signed and encrypted to obtain the encrypted interaction request, and the encrypted interaction request is subjected to load balancing, so that the encrypted interaction request can be distributed stably, and the data interaction efficiency is improved. And the data interaction request successfully matched in the application program white list is directly authenticated, and the data interaction request unsuccessfully matched in the application program white list is decrypted, checked and signed and then authenticated, so that the data interaction rate is improved, and the safety of the data interaction request is also ensured. Meanwhile, sensitive data encryption is carried out on the data called by the data interaction request, and the data security is further improved. Therefore, the data interaction method provided by the invention can solve the problem of low data interaction safety.
Fig. 2 is a functional block diagram of a data interaction apparatus according to an embodiment of the present invention.
The data interaction device 100 of the present invention can be installed in an electronic device. According to the implemented functions, the data interaction device 100 may include a load balancing module 101, an interaction request matching module 102, a data calling module 103, and a sensitive data encryption module 104. The module of the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
the load balancing module 101 is configured to, when a data interaction request is received, perform signing encryption on the data interaction request to obtain an encrypted interaction request, and balance the load of the encrypted interaction request to a preset gateway system;
the interaction request matching module 102 is configured to match an application white list in the gateway system according to the encrypted interaction request;
the data calling module 103 is configured to, if matching is successful, identify a request permission of the encrypted interaction request, call permission data of a corresponding permission according to the request permission of the encrypted interaction request, and if matching is unsuccessful, perform decryption and signature verification processing on the encrypted interaction request to obtain a decrypted interaction request, identify a request permission of the decrypted interaction request, and call permission data of a corresponding permission according to the request permission of the decrypted interaction request;
the sensitive data encryption module 104 is configured to perform sensitive data encryption processing on the permission data to obtain encrypted interactive data.
In detail, the specific implementation of each module of the data interaction device 100 is as follows:
step one, when a data interaction request is received, signing and encrypting the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system.
In the embodiment of the invention, the data interaction is data calling, storage, transmission and the like among services in the Internet platform. The data interaction request comprises data requesting interaction, authentication identification, a request message and the like, wherein the request message comprises a request IP, a destination port, a source address, a source port, data length, a used protocol, encryption and the like. The preset Gateway system may be an API Gateway (Gateway) system, which is a unified entry for centrally processing all data interaction requests, and the API Gateway has a primary function of being responsible for uniformly accessing each data interaction request, then converting a protocol requested by each service party into an internal interface protocol, and associating the internal interface protocol with a corresponding application program or service through the interface protocol, and the API Gateway includes functions of unified access, protocol adaptation, traffic management, fault tolerance, security protection, and the like.
In this embodiment, the data interaction request is sent by a data request end, for example, the data interaction request is sent by a client end and received by a server end.
Specifically, the signing and encrypting the data interaction request to obtain an encrypted interaction request includes:
performing hash processing on a request message in the data interaction request by using a preset hash algorithm to obtain a hash signature;
carrying out signature processing on the hash signature and the data interaction request by using a preset first private key to obtain a signature processing request;
and encrypting the signing request by using a preset second public key to obtain the encrypted interaction request.
In the embodiment of the invention, the preset hash algorithm can be a hash algorithm such as MD5, and the efficiency of data signature verification can be improved by utilizing the irreversibility of the hash algorithm and the characteristic that the same content can generate the hash value with the same fixed length.
In an optional embodiment of the present invention, the first private key and the second public key may be generated by an SM2 (asymmetric encryption) encryption machine.
In detail, the load balancing the encrypted interaction request to a preset gateway system includes:
and carrying out load balancing on the encryption interaction request by utilizing an asynchronous non-blocking event processing mechanism of Nginx, and distributing the encryption interaction request after load balancing to the gateway system.
In the embodiment of the present invention, the Nginx includes a master process (main process) and a plurality of worker processes (work processes), wherein the master process is mainly used for managing the worker processes, and includes: receiving a request from the outside; sending a request to each worker process; monitoring the running state of the worker process; and when the worker process is quitted (under an abnormal condition), a new worker process can be automatically restarted, and the like. The worker process is used for processing basic network events (namely data interaction requests), a plurality of worker processes are peer-to-peer, the worker processes compete for requests from a client equally, the processes are independent of each other, one request can be processed in one worker process, and the requests of other processes cannot be processed simultaneously by one worker process.
In an optional embodiment of the present invention, the asynchronous non-blocking event processing mechanism includes a select/poll/epoll/kqueue mechanism, which can monitor multiple data interaction requests simultaneously, and concurrently process a large number of data interaction requests, taking epoll as an example: when the event corresponding to the data interaction request is not ready, the event is placed in an epoll (queue), if the event is ready, the worker process is utilized to process, and the event is waiting in the epoll only when all the events are not ready. Because each worker process is a single thread, compared with multi-thread processing, redundant threads do not need to be created, and therefore a large amount of lightweight high-concurrency requests can be processed through an asynchronous non-blocking event processing mechanism.
And step two, matching an application program white list in the gateway system according to the encryption interaction request.
In the embodiment of the present invention, the application white list includes all application programs with service invocation permission, which are maintained in advance.
Specifically, the matching an application white list in the gateway system according to the encrypted interaction request includes:
extracting a request IP in the encrypted interaction request;
searching an application IP corresponding to the application program in the application program white list by using the request IP;
when the application IP corresponding to the request IP is found, the encryption interaction request is successfully matched with the application programs in the application program white list, and the found application program corresponding to the application IP is determined to be the application program successfully matched with the encryption interaction request;
and when the application IP corresponding to the request IP is not found, determining that the encryption interaction request is unsuccessfully matched with the application program in the application program white list.
And step three, if the matching is successful, identifying the request permission of the encrypted interaction request, and calling permission data of corresponding permission according to the request permission of the encrypted interaction request.
Specifically, if the matching is successful, the request permission of the encrypted interaction request is authenticated, and permission data of a corresponding permission is called according to the request permission of the encrypted interaction request, including:
and extracting the authentication identification of the encryption interaction request, matching the request permission corresponding to the authentication identification from a preset permission identification library, and calling permission data corresponding to the request permission from an application program corresponding to the application IP matched with the request IP.
In an optional embodiment of the present invention, the authentication identifier may be an Authorization field of a header of an HTTP request, a Token identifier sent by the encryption interaction request sending end, or the like. The preset authority identification base stores authentication identifications and request authorities corresponding to the authentication identifications, wherein the authentication identifications correspond to the request authorities one to one.
In the embodiment of the invention, by maintaining the application program white list, for the application program which is requested to hit, only the authority corresponding to the request needs to be identified, and the user-defined part (such as decryption and signature verification of a data message) is allowed to be skipped, so that the data interaction rate is improved.
And if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interaction request to obtain a decryption interaction request, identifying the request permission of the decryption interaction request, and calling permission data of corresponding permission according to the request permission of the decryption interaction request.
Specifically, the decrypting and signature verifying processing on the encrypted interaction request to obtain a decrypted interaction request includes:
decrypting the encrypted interaction request by using a second private key corresponding to the second public key to obtain an original decryption request;
decrypting the original decryption request by using a first public key corresponding to the first private key to obtain a decrypted hash signature and a decrypted request;
performing hash processing on the request message in the decryption request by using the hash algorithm to obtain a comparison hash signature;
comparing whether the decrypted hash signature and the compared hash signature are consistent;
if the decrypted hash signature is inconsistent with the compared hash signature, determining that the decryption and signature verification are failed, and giving an alarm;
and if the decrypted hash signature is consistent with the compared hash signature, determining that the decryption and signature verification are successful, and taking the decryption request as a decryption interaction request.
In the embodiment of the invention, for the encryption interaction request which is not hit in the application program white list, the request needs to be decrypted and checked, and then authentication processing is carried out, so that illegal requests can be intercepted, and the safety during data interaction is improved.
Optionally, the step of invoking the data of the corresponding right according to the request right of the decryption interaction request is similar to the step of invoking the right in step three, and is not described herein again.
And fifthly, carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
In the embodiment of the present invention, the encrypting the sensitive data of the authority data to obtain encrypted interactive data includes:
judging whether the data text in the authority data has continuous preset numbers of numbers and preset characters;
if the data text has no continuous preset number of digits and preset characters, directly feeding the called authority data back to the sending end of the data interaction request;
if the data text has continuous preset numbers of digits, a preset encryption machine is used for encrypting the continuous preset numbers of digits and judging whether the text has preset characters or not, if the text does not have the preset characters, the text is not processed, if the text has the preset characters, the encryption machine is used for encrypting the characters, and encrypted interactive data are fed back to a sending end of the data interaction request.
In an optional embodiment of the present invention, the preset encryption device may be a packet data algorithm encryption device of the SM4 wireless lan standard.
In the embodiment of the invention, the calling of sensitive data needs to be encrypted, and simultaneously, because the data volume is too much, the numbers are preferentially encrypted, and then characters are encrypted, for example, whether the data characters have more than 6 continuous digits is judged, if yes, the data is judged to possibly have identification cards, mobile phone numbers and the like, and all continuous numbers are directly encrypted; then judging whether the data characters have the characters of "@ XX.com", if so, defaulting the first 5 characters of "@ XX.com" before @ and carrying out encryption processing; if the characters have 'company' and 'limited', the character is considered to contain the company name, and the front 10 character heads are encrypted; if "city", "district", "county", "street", "fidget", "alley", "road", etc. appear in the data text, the entire text is encrypted.
According to the invention, the data interaction request is signed and encrypted to obtain the encrypted interaction request, and the encrypted interaction request is subjected to load balancing, so that the encrypted interaction request can be distributed stably, and the data interaction efficiency is improved. And the data interaction request successfully matched in the application program white list is directly authenticated, and the data interaction request unsuccessfully matched in the application program white list is decrypted, checked and signed and then authenticated, so that the data interaction rate is improved, and the safety of the data interaction request is also ensured. Meanwhile, sensitive data encryption is carried out on the data called by the data interaction request, and the data security is further improved. Therefore, the data interaction device provided by the invention can solve the problem of low data interaction safety.
Fig. 3 is a schematic structural diagram of an electronic device implementing a data interaction method according to an embodiment of the present invention.
The electronic device may comprise a processor 10, a memory 11, a communication interface 12 and a bus 13, and may further comprise a computer program, such as a data interaction program, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device, for example a removable hard disk of the electronic device. The memory 11 may also be an external storage device of the electronic device in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device. The memory 11 may be used not only to store application software installed in the electronic device and various types of data, such as codes of a data exchange program, but also to temporarily store data that has been output or will be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device by running or executing programs or modules (e.g., data interaction programs, etc.) stored in the memory 11 and calling data stored in the memory 11.
The communication interface 12 is used for communication between the electronic device and other devices, and includes a network interface and a user interface. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which are typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
The bus 13 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus 13 may be divided into an address bus, a data bus, a control bus, etc. The bus 13 is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 3 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 3 does not constitute a limitation of the electronic device, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management and the like are realized through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used to establish a communication connection between the electronic device and other electronic devices.
Optionally, the electronic device may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable, among other things, for displaying information processed in the electronic device and for displaying a visualized user interface.
It is to be understood that the embodiments described are illustrative only and are not to be construed as limiting the scope of the claims.
The data interaction program stored in the memory 11 of the electronic device is a combination of instructions, which when executed in the processor 10, can realize:
when a data interaction request is received, signing and encrypting the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system;
matching an application program white list in the gateway system according to the encrypted interaction request;
if the matching is successful, the request permission of the encrypted interaction request is identified, and permission data of the corresponding permission is called according to the request permission of the encrypted interaction request;
if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interactive request to obtain a decrypted interactive request, identifying the request permission of the decrypted interactive request, and calling permission data of corresponding permission according to the request permission of the decrypted interactive request;
and carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
Specifically, the specific implementation method of the processor 10 for the instruction may refer to the description of the relevant steps in the embodiment corresponding to fig. 1, which is not described herein again.
Further, the electronic device integrated module/unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. The computer readable storage medium may be volatile or non-volatile. For example, the computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
The present invention also provides a computer-readable storage medium, storing a computer program which, when executed by a processor of an electronic device, may implement:
when a data interaction request is received, signing and encrypting the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system;
matching an application program white list in the gateway system according to the encrypted interaction request;
if the matching is successful, the request permission of the encrypted interaction request is identified, and permission data of the corresponding permission is called according to the request permission of the encrypted interaction request;
if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interactive request to obtain a decrypted interactive request, identifying the request permission of the decrypted interactive request, and calling permission data of corresponding permission according to the request permission of the decrypted interactive request;
and carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A method of data interaction, the method comprising:
when a data interaction request is received, signing and encrypting the data interaction request to obtain an encrypted interaction request, and balancing the load of the encrypted interaction request to a preset gateway system;
matching an application program white list in the gateway system according to the encrypted interaction request;
if the matching is successful, the request permission of the encrypted interaction request is identified, and permission data of the corresponding permission is called according to the request permission of the encrypted interaction request;
if the matching is unsuccessful, carrying out decryption and signature verification processing on the encrypted interactive request to obtain a decrypted interactive request, identifying the request permission of the decrypted interactive request, and calling permission data of corresponding permission according to the request permission of the decrypted interactive request;
and carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
2. The data interaction method of claim 1, wherein the signing and encrypting the data interaction request to obtain an encrypted interaction request comprises:
performing hash processing on a request message in the data interaction request by using a preset hash algorithm to obtain a hash signature;
carrying out signature processing on the hash signature and the data interaction request by using a preset first private key to obtain a signature processing request;
and encrypting the signing request by using a preset second public key to obtain the encrypted interaction request.
3. The data interaction method of claim 2, wherein the load balancing the encrypted interaction requests to a predetermined gateway system comprises:
and carrying out load balancing on the encryption interaction request by utilizing an asynchronous non-blocking event processing mechanism of Nginx, and distributing the encryption interaction request after load balancing to the gateway system.
4. The data interaction method of claim 2, wherein said matching an application whitelist in the gateway system based on the encrypted interaction request comprises:
extracting a request IP in the encrypted interaction request;
searching an application IP corresponding to the application program in the application program white list by using the request IP;
when the application IP corresponding to the request IP is found, the encryption interaction request is successfully matched with the application programs in the application program white list, and the found application program corresponding to the application IP is determined to be the application program successfully matched with the encryption interaction request;
and when the application IP corresponding to the request IP is not found, determining that the encryption interaction request is unsuccessfully matched with the application program in the application program white list.
5. The data interaction method of claim 4, wherein the authenticating the request permission of the encrypted interaction request and invoking permission data of a corresponding permission according to the request permission of the encrypted interaction request comprises:
and extracting the authentication identification of the encryption interaction request, matching the request permission corresponding to the authentication identification from a preset permission identification library, and calling permission data corresponding to the request permission from an application program corresponding to the application IP matched with the request IP.
6. The data interaction method of claim 4, wherein the decrypting and verifying the encrypted interaction request to obtain a decrypted interaction request comprises:
decrypting the encrypted interaction request by using a second private key corresponding to the second public key to obtain an original decryption request;
decrypting the original decryption request by using a first public key corresponding to the first private key to obtain a decrypted hash signature and a decrypted request;
performing hash processing on the request message in the decryption request by using the hash algorithm to obtain a comparison hash signature;
comparing whether the decrypted hash signature and the compared hash signature are consistent;
if the decrypted hash signature is inconsistent with the compared hash signature, determining that the decryption and signature verification are failed, and giving an alarm;
and if the decrypted hash signature is consistent with the compared hash signature, determining that the decryption and signature verification are successful, and taking the decryption request as a decryption interaction request.
7. The data interaction method of claim 1, wherein the performing sensitive data encryption processing on the authority data to obtain encrypted interaction data comprises:
judging whether the data text in the authority data has continuous preset numbers of numbers and preset characters;
if the data text has no continuous preset number of digits and preset characters, directly feeding the called authority data back to the sending end of the data interaction request;
if the data text has continuous preset numbers of digits, a preset encryption machine is used for encrypting the continuous preset numbers of digits and judging whether the text has preset characters or not, if the text does not have the preset characters, the text is not processed, if the text has the preset characters, the encryption machine is used for encrypting the characters, and encrypted interactive data are fed back to a sending end of the data interaction request.
8. A data interaction apparatus, the apparatus comprising:
the load balancing module is used for signing and encrypting the data interaction request to obtain an encrypted interaction request when the data interaction request is received, and balancing the load of the encrypted interaction request to a preset gateway system;
the interactive request matching module is used for matching an application program white list in the gateway system according to the encrypted interactive request;
the data calling module is used for identifying the request permission of the encrypted interaction request if the matching is successful, calling permission data of corresponding permission according to the request permission of the encrypted interaction request, carrying out decryption and signature verification processing on the encrypted interaction request if the matching is unsuccessful, obtaining a decrypted interaction request, identifying the request permission of the decrypted interaction request, and calling the permission data of corresponding permission according to the request permission of the decrypted interaction request;
and the sensitive data encryption module is used for carrying out sensitive data encryption processing on the authority data to obtain encrypted interactive data.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data interaction method of any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the data interaction method according to any one of claims 1 to 7.
CN202210419298.4A 2022-04-20 2022-04-20 Data interaction method, device, equipment and storage medium Active CN114826612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210419298.4A CN114826612B (en) 2022-04-20 2022-04-20 Data interaction method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210419298.4A CN114826612B (en) 2022-04-20 2022-04-20 Data interaction method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114826612A true CN114826612A (en) 2022-07-29
CN114826612B CN114826612B (en) 2024-01-30

Family

ID=82505813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210419298.4A Active CN114826612B (en) 2022-04-20 2022-04-20 Data interaction method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114826612B (en)

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
US20120110345A1 (en) * 2010-11-01 2012-05-03 Research In Motion Limited Method and system for securing data of a mobile communications device
CN108234653A (en) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 A kind of method and device of processing business request
CN109309666A (en) * 2018-08-22 2019-02-05 中国平安财产保险股份有限公司 Interface security control method and terminal device in a kind of network security
CN109492421A (en) * 2017-09-11 2019-03-19 厦门雅迅网络股份有限公司 Data processing method, electronic equipment and the storage medium of security middleware based on android system
CN110113394A (en) * 2019-04-19 2019-08-09 浙江数链科技有限公司 API Calls method and apparatus
CN111178884A (en) * 2019-12-16 2020-05-19 平安壹钱包电子商务有限公司 Information processing method, device, equipment and readable storage medium
CN111639325A (en) * 2020-05-28 2020-09-08 中国建设银行股份有限公司 Merchant authentication method, device, equipment and storage medium based on open platform
US20200295922A1 (en) * 2019-03-14 2020-09-17 International Business Machines Corporation Detection and protection of data in api calls
CN111741016A (en) * 2020-07-23 2020-10-02 南京梦饷网络科技有限公司 Method, computing device, and computer storage medium for managing application interfaces
CN112351015A (en) * 2020-10-28 2021-02-09 广州助蜂网络科技有限公司 Gateway control method based on API
CN112367321A (en) * 2020-11-10 2021-02-12 苏州万店掌网络科技有限公司 Method for quickly constructing service call and middle station API gateway
CN113055380A (en) * 2021-03-11 2021-06-29 平安银行股份有限公司 Message processing method and device, electronic equipment and medium
CN113179243A (en) * 2021-03-10 2021-07-27 中国人民财产保险股份有限公司 Authentication method, device, equipment and storage medium for interface calling
CN113225351A (en) * 2021-05-28 2021-08-06 中国建设银行股份有限公司 Request processing method and device, storage medium and electronic equipment
CN113849847A (en) * 2021-12-01 2021-12-28 北京欧应信息技术有限公司 Method, apparatus and medium for encrypting and decrypting sensitive data
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111378A (en) * 2009-12-25 2011-06-29 上海格尔软件股份有限公司 Signature verification system
US20120110345A1 (en) * 2010-11-01 2012-05-03 Research In Motion Limited Method and system for securing data of a mobile communications device
CN109492421A (en) * 2017-09-11 2019-03-19 厦门雅迅网络股份有限公司 Data processing method, electronic equipment and the storage medium of security middleware based on android system
CN108234653A (en) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 A kind of method and device of processing business request
CN109309666A (en) * 2018-08-22 2019-02-05 中国平安财产保险股份有限公司 Interface security control method and terminal device in a kind of network security
US20200295922A1 (en) * 2019-03-14 2020-09-17 International Business Machines Corporation Detection and protection of data in api calls
CN110113394A (en) * 2019-04-19 2019-08-09 浙江数链科技有限公司 API Calls method and apparatus
CN111178884A (en) * 2019-12-16 2020-05-19 平安壹钱包电子商务有限公司 Information processing method, device, equipment and readable storage medium
CN111639325A (en) * 2020-05-28 2020-09-08 中国建设银行股份有限公司 Merchant authentication method, device, equipment and storage medium based on open platform
CN111741016A (en) * 2020-07-23 2020-10-02 南京梦饷网络科技有限公司 Method, computing device, and computer storage medium for managing application interfaces
CN112351015A (en) * 2020-10-28 2021-02-09 广州助蜂网络科技有限公司 Gateway control method based on API
CN112367321A (en) * 2020-11-10 2021-02-12 苏州万店掌网络科技有限公司 Method for quickly constructing service call and middle station API gateway
CN113179243A (en) * 2021-03-10 2021-07-27 中国人民财产保险股份有限公司 Authentication method, device, equipment and storage medium for interface calling
CN113055380A (en) * 2021-03-11 2021-06-29 平安银行股份有限公司 Message processing method and device, electronic equipment and medium
CN113225351A (en) * 2021-05-28 2021-08-06 中国建设银行股份有限公司 Request processing method and device, storage medium and electronic equipment
CN114124441A (en) * 2021-09-29 2022-03-01 上海欧冶金融信息服务股份有限公司 JWT (just-before-wt) -based client authentication method and system
CN113849847A (en) * 2021-12-01 2021-12-28 北京欧应信息技术有限公司 Method, apparatus and medium for encrypting and decrypting sensitive data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈文艺;张霏;龙艳;: "基于Socket.IO的物联网网关实时双向通信***", 西安邮电大学学报, no. 06 *

Also Published As

Publication number Publication date
CN114826612B (en) 2024-01-30

Similar Documents

Publication Publication Date Title
US7249258B2 (en) Method and system for assuring an original
CN113055380B (en) Message processing method and device, electronic equipment and medium
CN112948851A (en) User authentication method, device, server and storage medium
CN114268508A (en) Internet of things equipment secure access method, device, equipment and medium
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN114726630B (en) License-based information security authorization method and device, electronic equipment and medium
CN114827161B (en) Service call request sending method and device, electronic equipment and readable storage medium
CN114760114A (en) Identity authentication method, device, equipment and medium
CN114827354A (en) Identity authentication information display method and device, electronic equipment and readable storage medium
CN114553532A (en) Data secure transmission method and device, electronic equipment and storage medium
CN113221154A (en) Service password obtaining method and device, electronic equipment and storage medium
CN111934882B (en) Identity authentication method and device based on block chain, electronic equipment and storage medium
CN110890979B (en) Automatic deployment method, device, equipment and medium for fort machine
CN114697132B (en) Method, device, equipment and storage medium for intercepting repeated access request attack
CN114826725B (en) Data interaction method, device, equipment and storage medium
CN114826612B (en) Data interaction method, device, equipment and storage medium
CN114095220A (en) Telephone communication verification method, device, equipment and storage medium
CN112988888B (en) Key management method, device, electronic equipment and storage medium
CN114125158A (en) Anti-harassment method, device, equipment and storage medium based on trusted telephone
CN112487400A (en) Single sign-on method and device based on multiple pages, electronic equipment and storage medium
CN112132588A (en) Data processing method and device based on block chain, routing equipment and storage medium
CN115086432B (en) Gateway supervision-based data processing method, device, equipment and storage medium
CN115941352B (en) Information security interaction method and device based on big data, electronic equipment and storage medium
CN112650994B (en) Screen watermark generation method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant