CN117714148A - Financial data access platform, method, equipment and storage medium - Google Patents
Financial data access platform, method, equipment and storage medium Download PDFInfo
- Publication number
- CN117714148A CN117714148A CN202311719638.6A CN202311719638A CN117714148A CN 117714148 A CN117714148 A CN 117714148A CN 202311719638 A CN202311719638 A CN 202311719638A CN 117714148 A CN117714148 A CN 117714148A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- data access
- encrypted
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000004044 response Effects 0.000 claims abstract description 55
- 238000012795 verification Methods 0.000 claims abstract description 39
- 238000012797 qualification Methods 0.000 claims abstract description 24
- 238000004590 computer program Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 210000001503 joint Anatomy 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000000344 soap Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a financial data access platform, a method, equipment and a storage medium, which relate to the technical field of computers and comprise the following steps: the access information receiving module is used for acquiring an encrypted data access request sent by a financial data access party to target access data; the message decryption module is used for performing access qualification verification on the encrypted data access request, and decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed so as to obtain a decrypted message; and the data response module is used for analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and transmitting the encrypted response data to the financial data access party. In this way, the security of data access is ensured by establishing a unified financial data access platform.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a financial data access platform, a financial data access method, a financial data access device, and a financial data access storage medium.
Background
The financial company is used as a non-banking financial institution to provide financial enterprise channels for enterprises in the group and provide payment services such as external payment, proxy payment, autonomous payment and the like, and the financial company flows and receipt inquiry service. The financial company service object comes from different vendor funding systems of multiple enterprise companies. The direct connection of the old system and the business system coupling of the business bureau do not belong to independent systems, only a single protocol is supported, the authority and the data security control of an interface layer cannot be realized, the physical isolation from a fund system is avoided, and a certain security risk exists. Therefore, how to improve the security of financial data access is needed to be solved.
Disclosure of Invention
In view of the above, the present invention aims to provide a financial data access platform, a financial data access method, a financial data access device, and a financial data access storage medium, which can provide standard access services such as unified protocol, unified message interaction, secure encryption, interface authentication, multi-version interface upgrade, and the like. The specific scheme is as follows:
in a first aspect, the present application discloses a financial data access platform comprising:
the access information receiving module is used for acquiring an encrypted data access request sent by a financial data access party to target access data;
the message decryption module is used for performing access qualification verification on the encrypted data access request, and decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed so as to obtain a decrypted message;
and the data response module is used for analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then transmitting the encrypted response data to the financial data access party.
Optionally, the preset encryption algorithm is an AES encryption algorithm.
Optionally, the message decryption module includes:
a list verification unit, configured to obtain a pre-stored data access white list, and perform access verification on the encrypted data access request based on the data access white list and a request number of the encrypted data access request;
and the signature verification unit is used for verifying the MD5 signature in the encrypted data access request after passing the access verification.
Optionally, the platform further comprises:
and the identification information sending module is used for generating a unique identification code and a data secret key of the financial data access party and sending the unique identification code and the data secret key to the financial data access party.
Optionally, the message decryption module includes:
and the resource authority verification unit is used for verifying the unique identity identification code in the encrypted data access request so as to determine whether the financial data access party has the interface resource access qualification corresponding to the target access data.
Optionally, the platform further comprises:
and the log recording module is used for monitoring the financial data access process and recording the financial data access process into a preset log.
Optionally, the platform further comprises:
the request time judging module is used for acquiring the data sending time in the encrypted data access request and judging whether the time difference between the data sending time and the request acquisition time for acquiring the encrypted data access request is larger than a preset time threshold value or not;
and the access interception module is used for intercepting the encrypted data access request and stopping data response when the time difference is larger than the preset time threshold.
In a second aspect, the present application discloses a financial data access method, including:
acquiring an encrypted data access request sent by a financial data access party to target access data;
performing access qualification verification on the encrypted data access request, and after the access qualification verification is passed, decrypting an encrypted data request message in the encrypted data access request by using a preset data secret key to obtain a decrypted message;
analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then sending the encrypted response data to the financial data access party.
In a third aspect, the present application discloses an electronic device comprising:
a memory for storing a computer program;
and a processor for executing the computer program to implement the aforementioned financial data access method.
In a fourth aspect, the present application discloses a computer readable storage medium storing a computer program which, when executed by a processor, implements the aforementioned financial data access method.
In this application, the access information receiving module is configured to obtain an encrypted data access request sent by the financial data access party to the target access data; the message decryption module is used for performing access qualification verification on the encrypted data access request, and decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed so as to obtain a decrypted message; and the data response module is used for analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then transmitting the encrypted response data to the financial data access party. The unified platform based on the interface service is used as a medium to control the third party channel and provide the standard access service such as unified protocol, unified message interaction, security encryption, interface authentication, multi-version interface upgrading and the like. Therefore, a set of unified interface platform is independently constructed, is isolated from a service system from a deployment framework, supports the butt joint of a plurality of third-party channels, unifies the control of an outlet and an inlet, and realizes standard unification, data security and management independence.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a financial data access apparatus disclosed in the present application;
FIG. 2 is a flow chart of a method for accessing financial data disclosed in the present application;
FIG. 3 is a flowchart of a specific financial data access method disclosed herein;
fig. 4 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Financial company service objects come from different vendor funding systems of multiple enterprise companies and require a unified platform based on interface services as a medium. Therefore, the application specifically introduces a financial data access platform, which can unify the control of an outlet and an inlet and realize standard unification, data security and management independence.
Referring to fig. 1, an embodiment of the present application discloses a financial data access platform, including:
the access information receiving module 11 is configured to obtain an encrypted data access request sent by the financial data access party for the target access data.
In this embodiment, the platform further includes: and the identification information sending module is used for generating a unique identification code and a data secret key of the financial data access party and sending the unique identification code and the data secret key to the financial data access party. I.e. to distribute unique identification and data secret keys to third party channels. Wherein the third party channel is the financial data access party. In this application, the preset encryption algorithm used is the AES encryption algorithm (Advanced Encryption Standard, i.e., symmetric encryption algorithm). Before the financial data access, the interface access resource and the request mode can be configured, the interface version number is controlled, and the access party can upgrade the interfaces of different versions by modifying the interface version number under the condition of not changing the interface address and the request message. In order to prevent access information from being tampered, a request message in the encrypted data access request uses an MD5 signature-verification (MD 5 information digest algorithm). That is, during the financial data access, the third party system firstly assembles the data message, then encrypts the data message by AES, then encodes the encrypted value BASE64 into Content node data, assembles the unified message, and performs MD5 signature on the unified message. And then calling a corresponding interface to send an encrypted data access request sent aiming at the target access data to the financial data access platform.
The message decryption module 12 is configured to perform access qualification verification on the encrypted data access request, and decrypt an encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed, so as to obtain a decrypted message.
In this embodiment, in order to ensure payment security, for all submitted payment requests of the financial enterprise channel, the identity identification, interface authentication, data verification and request uniqueness of each channel are confirmed to be accessed. The message decryption module 12 includes: a list verification unit, configured to obtain a pre-stored data access white list, and perform access verification on the encrypted data access request based on the data access white list and a request number of the encrypted data access request; and the signature verification unit is used for verifying the MD5 signature in the encrypted data access request after passing the access verification. That is, after receiving the encrypted data access request, the financial data access platform first obtains a pre-stored data access white list, and then verifies the encrypted data request by using the data access white list and a request serial number of the encrypted data request.
After passing the verification, in this embodiment, the message decryption module 12 includes: and the resource authority verification unit is used for verifying the unique identity identification code in the encrypted data access request so as to determine whether the financial data access party has the interface resource access qualification corresponding to the target access data. I.e. checking the client id and the interface resource to determine whether the call qualification of the resource right corresponding to the target access data is owned.
The data response module 13 is configured to parse the decrypted message to determine a response message containing the target access data, encrypt the response message with the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then send the encrypted response data to the financial data access party.
In this embodiment, after the verification is passed, the decrypted message may be parsed, and if the key decryption is consistent, a response message including the target access data may be determined by the parsed message. If the decryption fails, the data is inconsistent, and the access to the data cannot be completed. After the response message is determined, encrypting the response message by using the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then sending the encrypted response data to the financial data access party to complete the whole data access process.
In addition, in this embodiment, the platform further includes: and the log recording module is used for monitoring the financial data access process and recording the financial data access process into a preset log. Namely, the data access process is recorded, so that the subsequent data access process recorded in the preset log is queried for backtracking.
In addition, in this embodiment, the platform further includes: the request time judging module is used for acquiring the data sending time in the encrypted data access request and judging whether the time difference between the data sending time and the request acquisition time for acquiring the encrypted data access request is larger than a preset time threshold value or not; and the access interception module is used for intercepting the encrypted data access request and stopping data response when the time difference is larger than the preset time threshold. Namely, the time flow point of the whole data access is monitored, the time interval between the request sending time and the request arrival time is set to be lower than 2 minutes for verification control, after 2 minutes are sung in the time interval, the encrypted data access request is intercepted, and the data response is stopped, so that the interception tampering risk can be reduced.
It can be seen that, in this embodiment, the access information receiving module is configured to obtain an encrypted data access request sent by the financial data access party to the target access data; the message decryption module is used for performing access qualification verification on the encrypted data access request, and decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed so as to obtain a decrypted message; and the data response module is used for analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then transmitting the encrypted response data to the financial data access party. The unified platform based on the interface service is used as a medium to control the third party channel and provide the standard access service such as unified protocol, unified message interaction, security encryption, interface authentication, multi-version interface upgrading and the like. The application supports two data interaction formats XML and JSON simultaneously, and supports http and soap protocols simultaneously. Therefore, a set of unified interface platform is independently constructed, is isolated from a service system from a deployment framework, supports the butt joint of a plurality of third-party channels, unifies the control of an outlet and an inlet, and realizes standard unification, data security and management independence.
Referring to fig. 2, an embodiment of the present application discloses a financial data access method, including:
step S11: and acquiring an encrypted data access request sent by the financial data access party to the target access data.
Step S12: and carrying out access qualification verification on the encrypted data access request, and after the access qualification verification is passed, decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key to obtain a decrypted message.
Step S13: analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then sending the encrypted response data to the financial data access party.
In this embodiment, as shown in fig. 3, an encrypted data access request sent by a financial data access party for target access data is obtained; performing access qualification verification on the encrypted data access request, and after the access qualification verification is passed, decrypting an encrypted data request message in the encrypted data access request by using a preset data secret key to obtain a decrypted message; analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then sending the encrypted response data to the financial data access party. The unified platform based on the interface service is used as a medium to control the third party channel and provide the standard access service such as unified protocol, unified message interaction, security encryption, interface authentication, multi-version interface upgrading and the like. Therefore, a set of unified interface platform is independently constructed, is isolated from a service system from a deployment framework, supports the butt joint of a plurality of third-party channels, unifies the control of an outlet and an inlet, and realizes standard unification, data security and management independence.
Further, the embodiment of the present application further discloses an electronic device, and fig. 4 is a block diagram of an electronic device 20 according to an exemplary embodiment, where the content of the figure is not to be considered as any limitation on the scope of use of the present application.
Fig. 4 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present application. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is configured to store a computer program that is loaded and executed by the processor 21 to implement the relevant steps of the financial data access method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and computer programs 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the financial data access method performed by the electronic device 20 disclosed in any of the previous embodiments.
Further, the application also discloses a computer readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the previously disclosed financial data access method. For specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and no further description is given here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing has outlined the detailed description of the preferred embodiment of the present application, and the detailed description of the principles and embodiments of the present application has been provided herein by way of example only to facilitate the understanding of the method and core concepts of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.
Claims (10)
1. A financial data access platform, comprising:
the access information receiving module is used for acquiring an encrypted data access request sent by a financial data access party to target access data;
the message decryption module is used for performing access qualification verification on the encrypted data access request, and decrypting the encrypted data request message in the encrypted data access request by using a preset data secret key after the access qualification verification is passed so as to obtain a decrypted message;
and the data response module is used for analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then transmitting the encrypted response data to the financial data access party.
2. The financial data access platform of claim 1, wherein the predetermined encryption algorithm is an AES encryption algorithm.
3. The financial data access platform of claim 1, wherein the message decryption module comprises:
a list verification unit, configured to obtain a pre-stored data access white list, and perform access verification on the encrypted data access request based on the data access white list and a request number of the encrypted data access request;
and the signature verification unit is used for verifying the MD5 signature in the encrypted data access request after passing the access verification.
4. The financial data access platform of claim 1, further comprising:
and the identification information sending module is used for generating a unique identification code and a data secret key of the financial data access party and sending the unique identification code and the data secret key to the financial data access party.
5. The financial data access platform of claim 4, wherein the message decryption module comprises:
and the resource authority verification unit is used for verifying the unique identity identification code in the encrypted data access request so as to determine whether the financial data access party has the interface resource access qualification corresponding to the target access data.
6. The financial data access platform of claim 1, further comprising:
and the log recording module is used for monitoring the financial data access process and recording the financial data access process into a preset log.
7. The financial data access platform of any one of claims 1 to 6, further comprising:
the request time judging module is used for acquiring the data sending time in the encrypted data access request and judging whether the time difference between the data sending time and the request acquisition time for acquiring the encrypted data access request is larger than a preset time threshold value or not;
and the access interception module is used for intercepting the encrypted data access request and stopping data response when the time difference is larger than the preset time threshold.
8. A method of accessing financial data, comprising:
acquiring an encrypted data access request sent by a financial data access party to target access data;
performing access qualification verification on the encrypted data access request, and after the access qualification verification is passed, decrypting an encrypted data request message in the encrypted data access request by using a preset data secret key to obtain a decrypted message;
analyzing the decrypted message to determine a response message containing the target access data, encrypting the response message by utilizing the preset data secret key and a preset encryption algorithm to obtain encrypted response data, and then sending the encrypted response data to the financial data access party.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the financial data access method of claim 8.
10. A computer readable storage medium storing a computer program which when executed by a processor implements the financial data access method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311719638.6A CN117714148A (en) | 2023-12-14 | 2023-12-14 | Financial data access platform, method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311719638.6A CN117714148A (en) | 2023-12-14 | 2023-12-14 | Financial data access platform, method, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117714148A true CN117714148A (en) | 2024-03-15 |
Family
ID=90143787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311719638.6A Pending CN117714148A (en) | 2023-12-14 | 2023-12-14 | Financial data access platform, method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117714148A (en) |
-
2023
- 2023-12-14 CN CN202311719638.6A patent/CN117714148A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3688930B1 (en) | System and method for issuing verifiable claims | |
| WO2019179534A2 (en) | System and method for creating decentralized identifiers | |
| WO2019179535A2 (en) | System and method for verifying verifiable claims | |
| US8412927B2 (en) | Profile framework for token processing system | |
| US8295492B2 (en) | Automated key management system | |
| CN110535648B (en) | Electronic certificate generation and verification and key control method, device, system and medium | |
| US7752463B2 (en) | Automatically filling a drive table | |
| US9621524B2 (en) | Cloud-based key management | |
| US9716692B2 (en) | Technology-agnostic application for high confidence exchange of data between an enterprise and third parties | |
| CN112653556B (en) | TOKEN-based micro-service security authentication method, device and storage medium | |
| JP2006174466A (en) | Believably trustworthy enforcement of privacy enhancing technologies in data processing | |
| CN108289074B (en) | User account login method and device | |
| CN112202713A (en) | User data security protection method under Kubernetes environment | |
| US20220231848A1 (en) | Automatic key exchange | |
| US10484507B2 (en) | System for holistic data transmission throughout an enterprise | |
| WO2022252356A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| CN117714148A (en) | Financial data access platform, method, equipment and storage medium | |
| CN114861144A (en) | Data authority processing method based on block chain | |
| WO2013152383A1 (en) | System and method for facilitating secure communication of data over a communications network | |
| CN114584381A (en) | Security authentication method and device based on gateway, electronic equipment and storage medium | |
| CN111404901A (en) | Information verification method and device | |
| Calles et al. | Protecting Sensitive Data | |
| EP3793131A1 (en) | Communication program, communication method, and communication apparatus | |
| US20230102111A1 (en) | Securing customer sensitive information on private cloud platforms | |
| US20240048380A1 (en) | Cryptography-as-a-Service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |