CN117938514A - Token processing method, device, server, storage medium and program product - Google Patents

Token processing method, device, server, storage medium and program product Download PDF

Info

Publication number
CN117938514A
CN117938514A CN202410113459.6A CN202410113459A CN117938514A CN 117938514 A CN117938514 A CN 117938514A CN 202410113459 A CN202410113459 A CN 202410113459A CN 117938514 A CN117938514 A CN 117938514A
Authority
CN
China
Prior art keywords
token
authenticated
tokens
database
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410113459.6A
Other languages
Chinese (zh)
Inventor
陈中渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202410113459.6A priority Critical patent/CN117938514A/en
Publication of CN117938514A publication Critical patent/CN117938514A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application relates to a token processing method, a token processing device, computer equipment, a storage medium and a program product, and relates to the technical field of computers. The method comprises the following steps: acquiring an identification of a token to be authenticated carried in an access request sent by a client; under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode; and processing the token to be authenticated according to the expiration time of the token to be authenticated. By adopting the method, the occupied resources in the token management process can be reduced.

Description

Token processing method, device, server, storage medium and program product
Technical Field
The present application relates to the field of computer technology, and in particular, to a token processing method, apparatus, server, storage medium, and program product.
Background
In general, the server may authenticate the client according to the token carried in the client access request, and if the token expires, determine that the token expires, and return a message of token expiration to the client. As the frequency and number of client accesses increases, and as time passes, the number of stale tokens stored in the server increases, taking up a significant amount of the server's storage space. Therefore, cleaning up the invalidation token stored in the server is required.
In the conventional art, a timer is created while a token is created, and the token is deleted when the expiration time of the token arrives.
However, the conventional technology has a problem that excessive resources are occupied in the token management process.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a token processing method, apparatus, server, storage medium, and program product that can reduce resources occupied in a token management process.
In a first aspect, the present application provides a token processing method. The method comprises the following steps:
acquiring an identification of a token to be authenticated carried in an access request sent by a client;
Under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
And processing the token to be authenticated according to the expiration time of the token to be authenticated.
In one embodiment, the processing the token to be authenticated according to the expiration time of the token to be authenticated includes:
Obtaining a comparison result of the failure time and the current time;
And processing the token to be authenticated according to the comparison result.
In one embodiment, the processing the token to be authenticated according to the comparison result includes:
If the expiration time is earlier than the current time, deleting the token to be authenticated from the database;
and if the failure time is later than or equal to the current time, responding to the access request.
In one embodiment, the method further comprises:
transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in a preset database; the indication information is used for representing that the token to be authenticated fails.
In one embodiment, the method further comprises:
performing a delete operation, the delete operation comprising: randomly extracting a preset number of tokens to be checked from the database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation duration and the token duty ratio of deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database;
repeatedly executing the deleting operation until a preset iteration condition is reached under the condition that the operation duration is smaller than or equal to a preset duration threshold and the token duty ratio is larger than a preset duty ratio threshold; the iteration condition includes that the operation time length of deleting the invalid token is greater than the time length threshold value, or the token duty ratio is smaller than or equal to the duty ratio threshold value.
In one embodiment, the method further comprises:
And determining the number of randomly extracted tokens to be checked according to at least one of the number of all the tokens in the database, the performance parameters of the server and the average failure time of the tokens.
In a second aspect, the application further provides a token processing device. The device comprises:
the acquisition module is used for acquiring the identification of the token to be authenticated carried in the access request sent by the client;
The first determining module is used for determining the expiration time of the token to be authenticated from a preset database under the condition that the token corresponding to the identification of the token to be authenticated exists in the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
and the first processing module is used for processing the token to be authenticated according to the expiration time of the token to be authenticated.
In a third aspect, the present application also provides a server. The server comprises a memory storing a computer program and a processor implementing the steps of the method of the first aspect described above when the processor executes the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of the first aspect described above.
In a fifth aspect, the present application also provides a computer program product. The computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of the first aspect described above.
According to the token processing method, the device, the server, the storage medium and the program product, by acquiring the identification of the token to be authenticated carried in the access request sent by the client, under the condition that the token corresponding to the identification of the token to be authenticated exists in the preset database, the expiration time of the token to be authenticated can be determined from the database, and as the token in the database is obtained after deleting the expiration token in the database in a random sampling mode, the token in the database can be ensured to be dynamically changed and limited in number, so that the calculated amount of the expiration time of the token to be authenticated can be saved, the efficiency of determining the expiration time of the token to be authenticated is improved, the token to be authenticated is further processed according to the expiration time of the token to be authenticated, and resources occupied in the process of processing the token to be authenticated can be saved; in addition, the tokens included in the database are obtained after the invalid tokens in the database are deleted in a random sampling mode, and the tokens in the database are subjected to sampling inspection in a random sampling mode, so that the invalid tokens are deleted in time while the calculated amount is reduced, and the storage resources and the calculation resources of the server are saved.
Drawings
FIG. 1 is a diagram of an application environment for a token processing method in one embodiment;
FIG. 2 is a flow diagram of a method of token processing in one embodiment;
FIG. 3 is a flow chart of a method of token processing in another embodiment;
FIG. 4 is a flow chart of a method of token processing in another embodiment;
FIG. 5 is a flow chart of a method of token processing in another embodiment;
FIG. 6 is a block diagram of a token processing apparatus in one embodiment;
Fig. 7 is a block diagram of a token processing apparatus according to another embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
It should be noted that the token processing method, apparatus, server, storage medium and program product of the present application may be applied to the field of computer technology, and may also be applied to other technical fields besides the field of computer technology, and the application fields of the token processing method, apparatus, server, storage medium and program product are not limited by the present application.
The token processing method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Fig. 1 provides a server, and an internal structure diagram thereof may be as shown in fig. 1. The server includes a processor, a memory, an Input/Output interface (I/O) and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the server includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the server is used to store token data. The input/output interface of the server is used for exchanging information between the processor and the external device. The communication interface of the server is used for communicating with an external terminal through network connection. The computer program is executed by a processor to implement a token processing method.
It will be appreciated by those skilled in the art that the architecture shown in fig. 1 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements may be implemented, as a particular computer device may include more or less components than those shown, or may be combined with some components, or may have a different arrangement of components.
In one embodiment, as shown in fig. 2, a token processing method is provided, and the method is applied to the server in fig. 1 for illustration, and includes the following steps:
s201, obtaining an identification of a token to be authenticated carried in an access request sent by a client.
It will be appreciated that when a connection is established between the server and the client, the server generates a token for authenticating the client and stores the token in the server. When the server receives the access request sent by the client, the server can carry out identity authentication on the client according to the token carried in the access request, and respond to the request of the client according to the access request under the condition that the identity authentication is passed. In this embodiment, the token carried in the client access request is a token to be authenticated, and the number or name of the token to be authenticated may be used as the identifier of the token to be authenticated.
In this embodiment, the server may analyze the access request sent by the client and obtain the number or the name of the token to be authenticated carried in the access request from the analysis result, so as to obtain the identifier of the token to be authenticated according to the number or the name of the token to be authenticated.
S202, under the condition that a token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting the invalid tokens in the database in a random sampling mode.
It should be noted that, in order to ensure the security of the server to the client authentication process, each token generated by the server corresponds to a valid lifetime, and when the valid lifetime of the token expires, the token is a failure token, and the server needs to regenerate a new token for the client. As the number of clients increases, the number of tokens stored in the server increases, and in order to avoid that the tokens occupy excessive storage resources in the server, invalid tokens in the server may be cleaned. The preset database is a storage space in the server for storing tokens corresponding to the clients, and comprises the tokens and the corresponding relations between the tokens and the identifiers of the tokens.
As an alternative embodiment, to integrate storage resources and computing resources in the server, all tokens in the database may be randomly sampled and stale tokens among the randomly sampled tokens may be deleted.
In this embodiment, whether a token corresponding to the identifier of the token to be authenticated exists in the database may be determined according to the identifier of the token to be authenticated, so that, in the case that a token corresponding to the identifier of the token to be authenticated exists in the database, whether the usage time of the token to be authenticated reaches the expiration time is determined according to whether the valid lifetime of the token expires. Optionally, in this embodiment, whether the identifier of the token to be authenticated exists in the database may be queried by using a query statement, and if the identifier of the token to be authenticated is queried, it may be determined that the token corresponding to the identifier of the token to be authenticated exists in the database; or the identification of the token to be authenticated can be compared with the identifications of the tokens in the database, and if the comparison result represents that the identifications of the tokens in the database are the same as the identifications of the token to be authenticated, the token corresponding to the identifications of the token to be authenticated in the database can be determined.
S203, processing the token to be authenticated according to the expiration time of the token to be authenticated.
The expiration time of the token to be authenticated refers to the expiration time of the effective service life of the token to be authenticated, and if the expiration time of the token to be authenticated reaches the expiration time, the token to be authenticated is the expiration token. It will be appreciated that in order to avoid that the invalidation token occupies storage resources in the server, if the token in the database is an invalidation token, the invalidation token may be deleted from the database in time.
Alternatively, in this embodiment, when the valid lifetime of the token to be authenticated reaches the time of expiration, the token corresponding to the token to be authenticated may be deleted from the database by executing a delete statement; or the corresponding token of the token to be authenticated in the database can be reserved when the effective service life of the token to be authenticated does not reach the expiration time.
According to the token processing method, the identification of the token to be authenticated carried in the access request sent by the client is obtained, and under the condition that the token corresponding to the identification of the token to be authenticated exists in the preset database, the expiration time of the token to be authenticated can be determined from the database, and as the token in the database is obtained after deleting the expiration token in the database in a random sampling mode, the dynamic change and the limited number of the token in the database can be ensured, so that the calculation amount of determining the expiration time of the token to be authenticated from the database can be saved, the efficiency of determining the expiration time of the token to be authenticated is improved, the token to be authenticated is processed according to the expiration time of the token to be authenticated, and resources occupied in the process of processing the token to be authenticated can be saved; in addition, the tokens included in the database are obtained after the invalid tokens in the database are deleted in a random sampling mode, and the tokens in the database are subjected to sampling inspection in a random sampling mode, so that the invalid tokens are deleted in time while the calculated amount is reduced, and the storage resources and the calculation resources of the server are saved.
In the scenario of processing the token to be authenticated according to the expiration time of the token to be authenticated, the comparison result of the expiration time and the current time may be used to process the token to be authenticated. In one embodiment, as shown in fig. 3, S203 above includes:
S301, obtaining a comparison result of the failure time and the current time.
The magnitude of the failure time can be divided into years, months, days, hours, minutes and seconds. In this embodiment, the failure time may be compared with the current time according to different magnitudes of time, so as to obtain a comparison result of the failure time and the current time. Optionally, the comparison may be sequentially performed according to a sequence from large to small in time order, for example, if the years in the time are different, the comparison result of the failure time and the current time can be quickly obtained according to the years, if the years in the time are the same, the months in the time are compared, and so on, so that the efficiency of obtaining the comparison result of the failure time and the current time can be further improved.
Illustratively, if the expiration time of the token to be authenticated is 2024, 1, 23, 14:00, current time is 2024, 1 month, 23 days 16:00, under the condition that the failure time is the same as the year, month and day in the current time, comparing the failure time with the time, minute and second in the current time, so as to obtain a comparison result; if the failure time of the token to be authenticated is 2024, 2, 23 and 14:00, current time is 2024, 1 month, 23 days 14:00, the expiration time and the month in the current time can be compared under the condition that the expiration time is determined to be the same as the year in the current time, so that a comparison result is obtained.
S302, processing the token to be authenticated according to the comparison result.
The processing the token to be authenticated may include deleting a token corresponding to the token to be authenticated from the database, or reserving a token corresponding to the token to be authenticated in the database.
Optionally, in this embodiment, if the comparison result indicates that the token to be authenticated is a failure token, the token corresponding to the token to be authenticated may be deleted from the database, and a message of failure of the token may be returned to the client corresponding to the token to be authenticated; if the comparison result indicates that the token to be authenticated is a valid token, reserving the token corresponding to the token to be authenticated, and responding to the access request of the client.
In this embodiment, the comparison result of the failure time and the current time is obtained, so that the token to be authenticated can be processed according to the comparison result, and the process of obtaining the comparison result of the failure time and the current time is relatively simple, so that the processing of the token to be authenticated can be rapidly determined, and the occupation of server resources can be saved.
The specific process of processing the token to be authenticated according to the comparison result is described in detail below. In one embodiment, as shown in fig. 4, S302 includes:
S401, deleting the token to be authenticated from the database if the expiration time is earlier than the current time.
It can be appreciated that if the expiration time is earlier than the current time, it indicates that the valid lifetime of the token to be authenticated has expired, i.e., the token to be authenticated is an expiration token. In this embodiment, in the case where the expiration time of the token to be authenticated is earlier than the current time, the token to be authenticated may be deleted from the database by executing a delete statement.
And S402, if the failure time is later than or equal to the current time, responding to the access request.
It can be appreciated that if the expiration time is later than or equal to the current time, it is indicated that the valid lifetime of the token to be authenticated has not expired, i.e. the token to be authenticated is a valid token. In this embodiment or in the case where the expiration time of the token to be authenticated is later than or equal to the current time, the access request sent by the client may be responded, and data may be returned to the client according to the access request.
In this embodiment, the token to be authenticated can be deleted from the database when the expiration time is earlier than or equal to the current time, and the access request can be responded when the expiration time is later than or equal to the current time, so that the token to be authenticated can be deleted in time when the token to be authenticated is the expiration token, and the problem that the expiration token occupies storage resources in the server when the expiration token is stored for a long time is avoided.
In the case that the token corresponding to the identification of the token to be authenticated exists in the database, and the token corresponding to the identification of the token to be authenticated does not exist in the database, the specific process of processing the token to be authenticated is described in detail below in the case that the token corresponding to the identification of the token to be authenticated does not exist in the database. In one embodiment, the method comprises: transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in the preset database; the indication information is used for representing that the token to be authenticated fails.
It should be noted that, if the token to be authenticated is a failure token, the server cannot respond to the access request sent by the client, so that, in the case that the token to be authenticated is determined to be the failure token, the server may return a message that the token to be authenticated fails to the client to instruct the client to reestablish connection with the server.
In this embodiment, whether the identifier of the token to be authenticated exists in the database may be queried by using the query statement, and under the condition that the identifier of the token to be authenticated is not queried, it is determined that the token corresponding to the identifier of the token to be authenticated does not exist in the database, so that information that the token to be authenticated fails is sent to the client corresponding to the identifier of the token to be authenticated.
In this embodiment, under the condition that it is determined that a token corresponding to the identifier of the token to be authenticated does not exist in the preset database, failure indication information for representing the token to be authenticated can be sent to the client, so that the problem that the client carries the failed token to be authenticated and repeatedly sends an access request to the server to occupy server resources is avoided.
The specific process of deleting the failed token in the database by random sampling is described in detail below. In one embodiment, as shown in fig. 5, the method further includes:
s501, a deleting operation is executed, wherein the deleting operation comprises the following steps: randomly extracting a preset number of tokens to be checked from a database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation time length and the token duty ratio for deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database.
The random sampling mode refers to sampling tokens in a database, wherein when the tokens in the database are sampled, the preset number of the tokens are randomly extracted from the database without considering factors such as the types and the effective service lives of the tokens, and each extracted token is determined to be a token to be checked, so that whether the token to be checked has an invalid token or not is determined, and the invalid token is deleted. In this embodiment, the number of randomly extracted tokens during each execution of the deletion operation may be determined according to the number of all tokens in the database.
It should be noted that, in order to avoid too long operation duration of each execution of the deletion operation, which causes too much occupation of computing resources of the server, the operation duration of each deletion of the failure token may be counted, and the operation market may be controlled; meanwhile, the frequency of executing the deleting operation can be controlled by counting the ratio of the number of the invalid tokens to the number of all tokens in the database.
In this embodiment, the number of tokens to be randomly extracted each time may be determined according to the number of all the tokens in the database, the number of tokens to be checked is extracted from the database, the failure time of each token to be checked is compared with the current time, if the comparison result indicates that the token to be checked is a failure token, the failure token is deleted from the database, then the operation duration of deleting the failure token is counted, and the ratio of the number of the failure tokens to the number of all the tokens in the database is calculated, and the ratio is used as the token duty ratio corresponding to the deletion operation.
S502, repeating deleting operation until a preset iteration condition is reached under the condition that the operation duration is smaller than or equal to a preset duration threshold and the token duty ratio is larger than a preset duty ratio threshold; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
The operation duration refers to time spent for executing the deletion operation each time, the duration threshold refers to the longest time of the operation duration, and the operation duration for executing the deletion operation each time can be controlled according to the duration threshold. The duty threshold refers to the maximum value of all data in the database of the failed tokens among the tokens to be checked, and for example, the duty threshold may be set to 1/4, and the operation frequency of performing the deletion operation may be controlled according to the duty threshold.
In this embodiment, a comparison result between an operation duration and a preset duration threshold may be determined by a difference method or a ratio method, in the case that the operation duration is smaller than the preset duration threshold, the comparison result between the token duty ratio and the duty ratio threshold is further determined, in the case that the token duty ratio is greater than the duty ratio threshold, the deleting operation is repeated, a preset number of new tokens to be checked are randomly extracted from the remaining tokens in the database again, the expiration time of each new token to be checked is compared with the current time, if the comparison result indicates that the new token to be checked is a new expiration token, the new expiration token is deleted from the database, then the new operation duration for deleting the expiration token is counted, and the new token duty ratio is calculated, and in the case that the new operation duration is smaller than the preset duration threshold and the new token duty ratio is greater than the preset duty ratio threshold, the deleting operation is repeatedly performed again until the new operation duration is greater than the duration threshold or the new token duty ratio is smaller than or equal to the duty ratio threshold, and the deleting operation is ended.
As an alternative embodiment, the deletion operation may be re-performed after waiting for a preset period of time after ending the deletion operation.
In this embodiment, by adopting a random sampling manner, a preset number of tokens to be checked can be randomly extracted from a database, then the invalid tokens in the tokens to be checked are deleted, and the operation duration of deleting the invalid tokens and the token duty ratio of the number of the invalid tokens to the number of all the tokens in the database are counted, so that when the operation duration is smaller than a preset duration threshold and the token duty ratio is greater than the preset duty ratio threshold, the deleting operation can be repeatedly executed until the preset operation duration of deleting the invalid tokens is greater than the duration threshold or the token duty ratio is smaller than or equal to the duty ratio threshold, and in the above-mentioned mode of deleting the invalid tokens in the database by adopting the random sampling manner, because the operation duration is controlled according to the duration threshold and the frequency of executing the deleting operation is controlled according to the token duty ratio, the problem that the deleting operation occupies computational resources according to the invalidation time of the tokens for a long time can be avoided while the storage resources are saved in time when the invalid tokens in the database are deleted, and resources occupied in the token management process can be reduced.
In the above-described process of performing the deletion operation, a predetermined number of tokens to be inspected need to be randomly extracted from the database, and a detailed description will be given below of a specific process of determining the predetermined number of tokens to be inspected. In one embodiment, the method further comprises: and determining the number of randomly extracted tokens to be checked according to at least one of the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
Wherein, the number of all tokens in the database is dynamically changed, and when the deleting operation is executed each time, the number of randomly extracted tokens to be checked can be redetermined according to the number of all tokens in the database; the performance of the server can comprise the query speed, the deletion speed, the cache size and the like of the database, and the number of randomly extracted tokens to be checked can be determined according to the performance of the server; the average time to failure of a token refers to the average of the time to failure of the tokens stored in the database.
In this embodiment, the number of randomly extracted tokens to be checked may be determined according to at least one parameter of the number of all tokens in the database, the performance parameter of the server, and the average failure time of the tokens. Alternatively, the number of randomly extracted tokens to be checked may be determined solely according to the number of all tokens in the database, or the performance parameters of the server, or the average failure time of the tokens, or the number of randomly extracted tokens to be checked may be determined according to the number of all tokens in the database and the performance parameters of the server, or the number of randomly extracted tokens to be checked may be determined according to the number of all tokens in the database and the average failure time of the tokens, or the number of randomly extracted tokens to be checked may be determined according to the performance parameters of the server and the average failure time of the tokens; or the number of randomly extracted tokens to be checked can be determined simultaneously according to the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
For example, if the number of randomly extracted tokens to be inspected is determined according to the number of all tokens in the database alone, if the number of all tokens in the database is greater than or equal to a preset threshold, more tokens to be inspected can be randomly extracted, and if the number of all tokens in the database is less than the preset threshold, fewer tokens to be inspected can be randomly extracted; or if the number of the randomly extracted tokens to be checked is determined according to the performance parameters of the server alone, for example, if the query speed is greater than or equal to a preset threshold, more tokens to be checked can be randomly extracted, and if the query speed is less than or equal to the preset threshold, fewer tokens to be checked can be randomly extracted, or alternatively.
In this embodiment, the number of randomly extracted tokens to be checked is determined according to at least one parameter of the number of all tokens in the database, the performance parameter of the server and the average failure time of the tokens, so that the problem that the failure tokens cannot be deleted in time due to too few randomly extracted tokens to be checked, and the problem that storage resources are wasted can be avoided, and the problem that the time length of deletion operation is too long due to too many randomly extracted tokens to be checked occupies the computing resources can be avoided, so that the computing resources and the storage resources in the token management process can be balanced.
For the convenience of understanding of those skilled in the art, the following describes in detail the token processing method provided in the present application, and the method may include:
S1, obtaining an identification of a token to be authenticated carried in an access request sent by a client.
S2, under the condition that the fact that a token corresponding to the identification of the token to be authenticated exists in a preset database is determined, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting the invalid tokens in the database in a random sampling mode.
S3, obtaining a comparison result of the failure time of the token to be authenticated and the current time.
And S4, if the failure time is earlier than the current time, deleting the token to be authenticated from the database.
And S5, if the failure time is later than or equal to the current time, responding to the access request.
S6, sending indication information to the client under the condition that the fact that the token corresponding to the identification of the token to be authenticated does not exist in the preset database is determined; the indication information is used for representing that the token to be authenticated fails.
S7, determining the number of randomly extracted tokens to be checked according to at least one of the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
S8, randomly extracting a preset number of tokens to be checked from the database by adopting a random sampling mode.
S9, deleting the invalid token in the tokens to be checked.
S10, counting operation time for deleting the invalid token and token duty ratio; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database.
S11, under the condition that the operation duration is smaller than or equal to a preset duration threshold value and the token duty ratio is larger than a preset duty ratio threshold value, repeatedly executing the random sampling mode, randomly extracting a preset number of tokens to be checked from a database, deleting failure tokens in the tokens to be checked, and counting the operation duration and the operation of the token duty ratio of deleting the failure tokens until a preset iteration condition is reached; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
It should be noted that, for the description in the above S1-S11, reference may be made to the description related to the above embodiment, and the effects thereof are similar, which is not repeated here.
It should be understood that, although the steps in the flowcharts related to the above embodiments are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiment of the application also provides a token processing device for realizing the token processing method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in one or more token processing device embodiments provided below may refer to the limitation of the token processing method hereinabove, and will not be repeated here.
In one embodiment, as shown in fig. 6, there is provided a token processing apparatus including: an acquisition module 11, a first determination module 12 and a first processing module 13, wherein:
The obtaining module 11 is configured to obtain an identifier of a token to be authenticated carried in an access request sent by the client.
The first determining module 12 is configured to determine, when it is determined that a token corresponding to an identifier of a token to be authenticated exists in a preset database, a failure time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting the invalid tokens in the database in a random sampling mode.
The first processing module 13 is configured to process the token to be authenticated according to the expiration time of the token to be authenticated.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, as shown in fig. 7, the first processing module 13 includes: an acquisition unit 131 and a processing unit 132, wherein:
An obtaining unit 131, configured to obtain a comparison result of the failure time and the current time.
And the processing unit 132 is used for processing the token to be authenticated according to the comparison result.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, please continue to refer to fig. 7, the processing unit 132 is specifically configured to: if the expiration time is earlier than the current time, deleting the token to be authenticated from the database to respond to the access request; and if the failure time is later than or equal to the current time, responding to the access request.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, referring to fig. 7, the apparatus further includes: a transmission module 14, wherein:
a sending module 14, configured to send indication information to the client if it is determined that a token corresponding to the identifier of the token to be authenticated does not exist in the preset database; the indication information is used for representing that the token to be authenticated fails.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, referring to fig. 7, the apparatus further includes: a second processing module 15 and a third processing module 16, wherein:
The second processing module 15 is configured to perform a deletion operation, where the deletion operation includes: randomly extracting a preset number of tokens to be checked from a database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation time length and the token duty ratio for deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database.
A third processing module 16, configured to, in a case where the operation duration is less than or equal to a preset duration threshold and the token duty cycle is greater than a preset duty cycle threshold, repeatedly perform the deletion operation until a preset iteration condition is reached; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
In one embodiment, referring to fig. 7, the apparatus further includes: a second determination module 17, wherein:
A second determining module 17, configured to determine the number of randomly extracted tokens to be checked according to at least one parameter of the number of all tokens in the database, the performance parameter of the server, and the average failure time of the tokens.
The token processing apparatus provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.
The various modules in the token processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or independent of a processor in a server, or may be stored in software in a memory in the server, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a server is provided that includes a memory and a processor, the memory having a computer program stored therein, the processor when executing the computer program performing the steps of:
acquiring an identification of a token to be authenticated carried in an access request sent by a client;
Under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
and processing the token to be authenticated according to the expiration time of the token to be authenticated.
In one embodiment, the processor when executing the computer program further performs the steps of:
Obtaining a comparison result of the failure time and the current time;
and processing the token to be authenticated according to the comparison result.
In one embodiment, the processor when executing the computer program further performs the steps of:
if the expiration time is earlier than the current time, deleting the token to be authenticated from the database to respond to the access request;
and if the failure time is later than or equal to the current time, responding to the access request.
In one embodiment, the processor when executing the computer program further performs the steps of:
Transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in the preset database; the indication information is used for representing that the token to be authenticated fails.
In one embodiment, the processor when executing the computer program further performs the steps of:
and executing a deleting operation, wherein the deleting operation comprises the following steps: randomly extracting a preset number of tokens to be checked from a database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation time length and the token duty ratio for deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database;
under the condition that the operation duration is smaller than or equal to a preset duration threshold value and the token duty ratio is larger than a preset duty ratio threshold value, repeating the deleting operation until a preset iteration condition is reached; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
In one embodiment, the processor when executing the computer program further performs the steps of:
And determining the number of randomly extracted tokens to be checked according to at least one of the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring an identification of a token to be authenticated carried in an access request sent by a client;
Under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
and processing the token to be authenticated according to the expiration time of the token to be authenticated.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Obtaining a comparison result of the failure time and the current time;
and processing the token to be authenticated according to the comparison result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
if the expiration time is earlier than the current time, deleting the token to be authenticated from the database to respond to the access request;
and if the failure time is later than or equal to the current time, responding to the access request.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in the preset database; the indication information is used for representing that the token to be authenticated fails.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and executing a deleting operation, wherein the deleting operation comprises the following steps: randomly extracting a preset number of tokens to be checked from a database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation time length and the token duty ratio for deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database;
under the condition that the operation duration is smaller than or equal to a preset duration threshold value and the token duty ratio is larger than a preset duty ratio threshold value, repeating the deleting operation until a preset iteration condition is reached; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
In one embodiment, the computer program when executed by the processor further performs the steps of:
And determining the number of randomly extracted tokens to be checked according to at least one of the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
acquiring an identification of a token to be authenticated carried in an access request sent by a client;
Under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
and processing the token to be authenticated according to the expiration time of the token to be authenticated.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Obtaining a comparison result of the failure time and the current time;
and processing the token to be authenticated according to the comparison result.
In one embodiment, the computer program when executed by the processor further performs the steps of:
if the expiration time is earlier than the current time, deleting the token to be authenticated from the database to respond to the access request;
and if the failure time is later than or equal to the current time, responding to the access request.
In one embodiment, the computer program when executed by the processor further performs the steps of:
Transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in the preset database; the indication information is used for representing that the token to be authenticated fails.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and executing a deleting operation, wherein the deleting operation comprises the following steps: randomly extracting a preset number of tokens to be checked from a database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation time length and the token duty ratio for deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database;
under the condition that the operation duration is smaller than or equal to a preset duration threshold value and the token duty ratio is larger than a preset duty ratio threshold value, repeating the deleting operation until a preset iteration condition is reached; the iteration condition includes the operational time period for deleting a failed token being greater than a time period threshold, or the token duty cycle being less than or equal to a duty cycle threshold.
In one embodiment, the computer program when executed by the processor further performs the steps of:
And determining the number of randomly extracted tokens to be checked according to at least one of the number of all tokens in the database, the performance parameters of the server and the average failure time of the tokens.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (10)

1. A method of token processing, the method comprising:
acquiring an identification of a token to be authenticated carried in an access request sent by a client;
Under the condition that the token corresponding to the identification of the token to be authenticated exists in a preset database, determining the expiration time of the token to be authenticated from the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
And processing the token to be authenticated according to the expiration time of the token to be authenticated.
2. The method of claim 1, wherein the processing the token to be authenticated according to the expiration time of the token to be authenticated comprises:
Obtaining a comparison result of the failure time and the current time;
And processing the token to be authenticated according to the comparison result.
3. The method according to claim 2, wherein the processing the token to be authenticated according to the comparison result comprises:
If the expiration time is earlier than the current time, deleting the token to be authenticated from the database;
and if the failure time is later than or equal to the current time, responding to the access request.
4. A method according to any one of claims 1-3, wherein the method further comprises:
transmitting indication information to the client under the condition that the token corresponding to the identification of the token to be authenticated does not exist in a preset database; the indication information is used for representing that the token to be authenticated fails.
5. The method according to claim 1, wherein the method further comprises:
performing a delete operation, the delete operation comprising: randomly extracting a preset number of tokens to be checked from the database by adopting a random sampling mode, deleting invalid tokens in the tokens to be checked, and counting the operation duration and the token duty ratio of deleting the invalid tokens; the token duty cycle is the ratio of the number of failed tokens to the number of all tokens in the database;
repeatedly executing the deleting operation until a preset iteration condition is reached under the condition that the operation duration is smaller than or equal to a preset duration threshold and the token duty ratio is larger than a preset duty ratio threshold; the iteration condition includes that the operation time length of deleting the invalid token is greater than the time length threshold value, or the token duty ratio is smaller than or equal to the duty ratio threshold value.
6. The method of claim 5, wherein the method further comprises:
And determining the number of randomly extracted tokens to be checked according to at least one of the number of all the tokens in the database, the performance parameters of the server and the average failure time of the tokens.
7. A token processing apparatus, the apparatus comprising:
the acquisition module is used for acquiring the identification of the token to be authenticated carried in the access request sent by the client;
The first determining module is used for determining the expiration time of the token to be authenticated from a preset database under the condition that the token corresponding to the identification of the token to be authenticated exists in the database; the tokens included in the database are obtained by deleting invalid tokens in the database in a random sampling mode;
and the first processing module is used for processing the token to be authenticated according to the expiration time of the token to be authenticated.
8. A server comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 6 when the computer program is executed.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.
CN202410113459.6A 2024-01-26 2024-01-26 Token processing method, device, server, storage medium and program product Pending CN117938514A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410113459.6A CN117938514A (en) 2024-01-26 2024-01-26 Token processing method, device, server, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410113459.6A CN117938514A (en) 2024-01-26 2024-01-26 Token processing method, device, server, storage medium and program product

Publications (1)

Publication Number Publication Date
CN117938514A true CN117938514A (en) 2024-04-26

Family

ID=90757279

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410113459.6A Pending CN117938514A (en) 2024-01-26 2024-01-26 Token processing method, device, server, storage medium and program product

Country Status (1)

Country Link
CN (1) CN117938514A (en)

Similar Documents

Publication Publication Date Title
US20170031959A1 (en) Scheduling database compaction in ip drives
CN114564446B (en) File storage method, device, system and storage medium
CN113672624A (en) Data processing method, system and storage medium
CN111125002B (en) Data backup archiving method and system based on distributed storage
CN113342500B (en) Task execution method, device, equipment and storage medium
CN112527479A (en) Task execution method and device, computer equipment and storage medium
CN114513498B (en) File transmission verification method, device, computer equipment and storage medium
CN117938514A (en) Token processing method, device, server, storage medium and program product
CN114205424B (en) Bill file decompression method, device, computer equipment and storage medium
CN111522873B (en) Block generation method, device, computer equipment and storage medium
CN111191082B (en) Data management method, device, computer equipment and storage medium
CN111506557A (en) UTXO library establishing method, UTXO library establishing device, computer equipment and storage medium
CN115221125A (en) File processing method and device, electronic equipment and readable storage medium
WO2019153493A1 (en) H5 page-based social media map generation method, electronic device, and storage medium
WO2019205382A1 (en) Electronic device, credit investigation data acquisition method, and storage medium
CN114666401B (en) Device information processing method, device, computer device and storage medium
CN116932779B (en) Knowledge graph data processing method and device
CN117194350B (en) Document storage method and system in engineering construction stage of data center
CN115081233B (en) Flow simulation method and electronic equipment
CN112115020B (en) Database connection pool abnormity monitoring method and device and computer equipment
CN112015758B (en) Product code-fetching method, device, computer equipment and storage medium
CN114003576B (en) Method and device for calculating file traversal progress, computer equipment and storage medium
CN117149826A (en) Method, device, computer equipment and storage medium for storing service call log
CN117194729A (en) Power data storage method, apparatus, device, storage medium, and program product
CN114461659A (en) Searching and killing method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination