[go: up one dir, main page]

CN107026826B - Data processing method and device, server and cloud management system - Google Patents

Data processing method and device, server and cloud management system Download PDF

Info

Publication number
CN107026826B
CN107026826B CN201610073139.8A CN201610073139A CN107026826B CN 107026826 B CN107026826 B CN 107026826B CN 201610073139 A CN201610073139 A CN 201610073139A CN 107026826 B CN107026826 B CN 107026826B
Authority
CN
China
Prior art keywords
user
request message
server
authentication information
user authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610073139.8A
Other languages
Chinese (zh)
Other versions
CN107026826A (en
Inventor
杨博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610073139.8A priority Critical patent/CN107026826B/en
Publication of CN107026826A publication Critical patent/CN107026826A/en
Application granted granted Critical
Publication of CN107026826B publication Critical patent/CN107026826B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a data processing method, a data processing device, a server and a cloud management system. The method comprises the following steps: the cloud platform server receives a request message sent by a user; the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message; the user server receives the request message and acquires user authentication information corresponding to the information content of the request message from the stored user authentication information; and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message. According to the data processing method, the data processing device, the server and the cloud management system, the user authentication information hosted in the cloud platform server is converted into the user authentication information stored by the user server, and therefore the safety of data processing can be improved.

Description

Data processing method and device, server and cloud management system
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data processing method, an apparatus, a server, and a cloud management system.
Background
For some large corporate enterprises or multinational companies, there may be tens or even hundreds of sub-companies located thereunder. The total inventory capital for each subsidiary can be as high as billions or even billions. For these large-scale enterprises, if the stocked funds cannot be managed in a professional and centralized manner, a series of problems such as fund dispersion, idleness, low utilization rate, credit financing, unconcentration and non-uniformity of fund planning and control may easily occur. Therefore, enterprises currently manage their funds centrally in two ways.
The first mode is as follows: it takes millions to purchase a specialized set of funds management platforms.
The second mode is as follows: in a leased manner, a specialized funds management platform deployed on a cloud computing platform is used.
For the first mode, the purchase cost in the early stage is high, the manpower and material resources invested in the subsequent maintenance and management are also high, and the cost is high as a whole, so that the general enterprises adopt the first mode less. For the second mode, because the required rental cost is low, and subsequent enterprises do not need to invest maintenance and management cost, many enterprises choose the second mode to realize fund centralized management at low cost.
When the enterprise selects the second renting mode, some related information related to fund security needs to be delivered to the fund management platform for hosting, so that the platform can directly read the stored related information of the enterprise in the platform and perform corresponding operation by using the information. However, the related information stored on the platform by the enterprise risks being leaked out by the platform during the hosting process. If the facilitator of the funds management platform uses the above information to conduct illegal transactions, it will cause an unreasonable loss for the enterprise.
In summary, when an enterprise uses a professional fund management platform deployed on a cloud computing platform in a renting manner, related information related to enterprise fund security has potential safety hazards which are revealed by the fund management platform.
Disclosure of Invention
The embodiment of the application aims to provide a data processing method, a data processing device, a server and a cloud management system, which can improve the security of data processing.
The application provides a data processing method, which comprises the following steps: the cloud platform server receives a request message sent by a user; the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message; the user server receives the request message and acquires user authentication information corresponding to the information content of the request message from the stored user authentication information; and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
The present application also provides a data processing method, which includes: a user server receives a request message sent by a cloud platform server; the user server acquires user authentication information corresponding to the information content of the request message from the stored user authentication information; and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
The present application also provides a data processing apparatus, comprising: the storage module is used for storing user authentication information; the receiving module is used for receiving a request message sent by the cloud platform server; the information acquisition module is used for acquiring user authentication information corresponding to the request message; and the sending module is used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
The present application further provides a server, comprising: the device comprises a memory and a processor, wherein the memory stores user authentication information; the processor receives a request message sent by a cloud platform server; and acquiring user authentication information corresponding to the request message, and sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
The present application further provides a data processing method, including: a user server receives a request message sent by a cloud platform server; the user server acquires user authentication information corresponding to the information content of the request message from the stored user authentication information; the user server encrypts the request message by using the user authentication information; and the user server sends the encrypted request message to a processing server corresponding to the information content of the request message.
The present application also provides a data processing apparatus, comprising: the storage module is used for storing user authentication information; the receiving module is used for receiving a request message sent by the cloud platform server; the information acquisition module is used for acquiring user authentication information corresponding to the request message; the encryption module is used for encrypting the request message by utilizing the user authentication information; and the sending module is used for sending the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message.
The present application further provides a server, comprising: the device comprises a memory and a processor, wherein the memory stores user authentication information; the processor is used for receiving a request message sent by the cloud platform server; acquiring user authentication information corresponding to the request message; encrypting the request message by using the user authentication information; and sending the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message.
The present application also provides a data processing method, which includes: the cloud platform server receives a request message sent by a user; and the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message.
The present application also provides a data processing apparatus, comprising: the receiving module is used for receiving a request message sent by a user; and the sending module is used for sending the request message to a user server corresponding to the user based on the user identity in the request message.
The present application further provides a server, comprising: the processor is used for receiving a request message sent by a user; and sending the request message to a user server corresponding to the user based on the user identity in the request message.
The application also provides a cloud management system, including: the cloud platform server is used for receiving a request message sent by a user and sending the request message to a user server corresponding to the user based on a user identity in the request message; the user server is used for receiving the request message and acquiring user authentication information corresponding to the information content of the request message from the stored user authentication information; and the processing server is also used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
According to the technical scheme provided by the embodiment, the user authentication information is stored in the user server at the user side, when a user logs in the cloud platform server to initiate a request message, the cloud platform server forwards the request message to the user server, and the user server determines the corresponding user authentication information according to the information content of the specific request message.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 2 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a server provided in one embodiment of the present application;
FIG. 5 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 6 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a data processing method according to an embodiment of the present application;
FIG. 8 is a flow chart of a data processing apparatus provided in one embodiment of the present application;
FIG. 9 is a schematic diagram of a server provided in one embodiment of the present application;
fig. 10 is a distribution diagram of a cloud management system according to an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art without any inventive work based on the embodiments in the present application shall fall within the scope of protection of the present application.
The following describes a data processing method, an apparatus, a server, and a system according to the present application in detail with reference to the accompanying drawings. Fig. 1 is a flowchart of a data processing method according to an embodiment of the present application. Although the present application provides method operational steps or apparatus configurations as illustrated in the following detailed description or figures, more or fewer operational steps or module configurations may be included in the method or apparatus based on conventional or non-inventive efforts. In the case of steps or structures where there is no logically necessary cause-and-effect relationship, the execution order of the steps or the block structure of the apparatus is not limited to the execution order or the block structure provided in the embodiments of the present application. When the method or the module structure is executed in an actual device or an end product, the method or the module structure shown in the embodiment or the figure can be executed in sequence or executed in parallel (for example, in the environment of a parallel processor or a multi-thread processing).
Referring to fig. 1, a data processing method according to an embodiment of the present disclosure may include the following steps.
Step S10: the cloud platform server receives a request message sent by a user.
In this embodiment, the cloud platform server may specifically be a server in the cloud platform for implementing a predetermined management function. The predetermined management function includes: a money management function, a utility management function, a personnel management function, etc., and the present application is not particularly limited thereto. The cloud platform server may assign a unique user identity to each user. When the user sends a request message to the cloud platform, the user identity can be carried so that the cloud platform server can accurately identify the identity of the user. The specific form of the user id may be a character, a barcode, a two-dimensional code, and the like, and the application is not limited specifically herein. For example, when the user ID is in the form of a character, the corresponding IDs may be ID001, ID002, and the like for different users.
In this embodiment, the user may be an individual having a unique user identity on the cloud platform. The user itself may be an enterprise, an individual, or the like, and the present application is not limited thereto. When a user has specific service operation requirements, the user can log in the cloud platform server through the networked client and initiate a specific request message to the cloud platform server. The client may be a communication device with a network communication function, such as a desktop computer, a notebook computer, a tablet computer, a smart phone, a smart wearable device, and the like. Of course, the client may also be software running in the communication device described above. The business operation requirements may include, for example: inquiry, transfer, remittance, loan, etc. Of course, the service operation requirement may be changed according to different specific scenarios, and the application is not specifically limited herein.
The specific information content of the request packet may also change correspondingly with different specific scenes, and the application is not limited in this respect. In general, it may include: the type of service operation, the specific content of the operation, the identity information of the party to be processed, the time information of the transmission, etc. The following description will take the remittance operation of the user as an example. The information content of the request message includes the service operation type: remittance; the specific content of the operation is as follows: amount, account of sender, etc.; identity information of the to-be-processed party: a specific bank account; and a specific time of transmission, etc.
Step S12: and the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message.
In this embodiment, the cloud platform server may store address information of the user. The address information is used for determining the address of the user server, so that the cloud platform server can accurately send a request message to the user server according to the address information. Specifically, the address information may be routing information of the user server, such as a routing url (uniform resource locator), a port, and the like, which is not specifically limited herein.
In this embodiment, the address information corresponding to the user identification in the request message may be determined based on the user identification. In particular, for a cloud platform server, the number of users rented thereon may be huge. For this reason, the cloud platform server may store the user identification information and the address information in a memory of the cloud platform server in a corresponding storage manner. When the cloud platform server receives a request message containing a user identity, corresponding address information can be determined through modes of mapping, inquiring and the like according to the user identity. Of course, the manner of determining the corresponding address information according to the user identity may also be other alternative manners, and the application is not limited in this respect.
In addition, the user identity in the request message may carry address information of the user server, so that the cloud platform server may determine the address information of the user server according to the user identity in the request message, so as to accurately send a message request to the user server.
Step S14: and the user server receives the request message and acquires user authentication information corresponding to the information content of the request message from the stored user authentication information.
In this embodiment, the user server may store user authentication information. The user authentication information may include authentication information acquired by at least one of: receiving authentication information generated by the processing server; and the user server locally collects the acquired authentication information.
The authentication information stored in the user server may include authentication information provided by a service party that processes the request message, such as an ukey (usb key) authorized by a bank, and in other embodiments, the authentication information may also include authentication information locally collected and stored by the user server, and specifically, the user authentication information may be: one or more combinations of an authorization certificate, a user biometric characteristic, a login name and a password, or other feasible alternatives or combinations thereof, and the application is not particularly limited herein. Wherein the user biometric information may include: one or more of face, fingerprint, palm print, voice print and handwriting.
In this embodiment, the stored user authentication information may be at least one. The stored user authentication information may determine the user authentication information corresponding to the request message according to one or more of information content of the request message, such as a service operation type, specific content of operation, and identity information of the party to be processed.
In one specific example, typically, the user A needs to delegate the bank to handle a specific money transfer operation by making an agreement with a bank B1. After the user a signs an agreement with the bank B1, the bank issues a storage device, such as a usb disk storing a Ukey certificate, to the user a, where the storage device stores user authentication information. When the user A needs to send money to the object C, the user A connects the storage device with the user server of the user A and sends a corresponding request message to the cloud platform server. Specifically, the information content included in the request message msg1_ sent by the system may include that the service operation type is "remittance", the information of the to-be-processed party is a specific "bank B1", and the like. At this time, the user server may determine that the user authentication information corresponding to the remittance information is the Ukey certificate authorized by the bank through the remittance information and the specific bank B1 information.
Step S16: and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
In this embodiment, according to the information content of the request message, the corresponding processing server that is the object to which the user authentication information and the request message need to be transmitted can be determined. The processing server may be a server of the service processing party. Specifically, it may be a bank server, a designated third-party processing server, or a cloud platform server, etc., which is specifically defined herein.
In this embodiment, the corresponding processing server may be determined according to information content of the request packet, such as one or more of a service operation type, specific content of operation, and identity information of the to-be-processed party. For example, when the identity of the to-be-processed party is a certain "public fund management center", the "public fund management center" information may determine that the corresponding processing server is the processing server corresponding to the "public fund management center".
According to the data processing method provided by the embodiment of the application, the user authentication information is stored in the user server at the user side, when a user logs in the cloud platform server to initiate a request message, the cloud platform server forwards the request message to the user server, the user server determines the corresponding user authentication information according to the information content of the specific request message, and sends the user authentication information and the request message to the processing server corresponding to the information content of the request message, and in the whole data interaction process, the cloud platform server does not contact with the user authentication information, so that the user authentication information can be effectively prevented from being leaked from the cloud platform server, and the data processing safety is improved.
The following describes an embodiment of a data processing method mainly based on a user server.
Referring to fig. 2, a data processing method according to an embodiment of the present disclosure may include the following steps.
Step S101: and the user server receives a request message sent by the cloud platform server.
In this embodiment, the cloud platform server may specifically be a server in the cloud platform for implementing a predetermined management function. The predetermined management function includes: a money management function, a utility management function, a personnel management function, etc., and the present application is not particularly limited thereto. The cloud platform server may assign a unique user identity to each user. When the user sends a request message to the cloud platform, the user identity can be carried so that the cloud platform server can accurately identify the identity of the user. Specifically, when a user has a service operation requirement, the user can log in the cloud platform server through a networked client and initiate a specific request message to the cloud platform server. The business operation requirements may include, for example: inquiry, transfer, remittance, loan, etc. Of course, the service operation requirement may be changed according to different specific scenarios, and the application is not specifically limited herein. And after receiving the request message, the cloud platform server sends the request message to a user server corresponding to the user according to the identity in the request message.
The specific information content of the message request sent by the cloud platform server and received by the user server may also correspondingly change with different specific scenes, and the application is not specifically limited herein. In general, it may include: the type of service operation, the specific content of the operation, the identity information of the party to be processed, the time information of the transmission, etc. The following description will take the remittance operation of the user as an example. The information content of the request message includes the service operation type: such as "remittance"; the specific content of the operation is as follows: such as "specific amount", "account of remitter", etc.; identity information of the to-be-processed party: such as "a specific bank account".
Step S103: and the user server acquires the user authentication information corresponding to the information content of the request message from the stored user authentication information.
In this embodiment, the user server may store user authentication information. Specifically, the user authentication information may be: one or more combinations of an authorization certificate, a user biometric characteristic, a login name and a password, or other feasible alternatives or combinations thereof, and the application is not particularly limited herein. Wherein the user biometric information may include: one or more of face, fingerprint, palm print, voice print and handwriting.
In this embodiment, the user authentication information may be at least one. The user authentication information may determine the user authentication information corresponding to the request message according to one or more of information content of the request message, such as a service operation type, specific content of operation, and identity information of the party to be processed.
In one specific example, typically, the user A needs to delegate the bank to handle a specific money transfer operation by making an agreement with a bank B1. After the user a signs an agreement with the bank B1, the bank issues a storage device, such as a usb disk storing a Ukey certificate, to the user a, where the storage device stores user authentication information. When the user A needs to send money to the object C, the user A connects the storage device with the user server of the user A and sends a corresponding request message to the cloud platform server. Specifically, the information content included in the request message msg1_ sent by the system may include that the service operation type is "remittance", the information of the to-be-processed party is a specific "bank B1", and the like. At this time, the user server may determine that the user authentication information corresponding to the remittance information is the Ukey certificate authorized by the bank through the remittance information and the specific bank B1 information.
Step S105: and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
In this embodiment, according to the information content of the request message, the corresponding processing server that is the object to which the user authentication information and the request message need to be transmitted can be determined. The processing server may be a server of the service processing party. Specifically, it may be a bank server, a designated third-party processing server, or a cloud platform server, etc., which is specifically defined herein.
In this embodiment, the corresponding processing server may be determined according to information content of the request packet, such as one or more of a service operation type, specific content of operation, and identity information of the to-be-processed party. For example, when the identity of the to-be-processed party is a certain "public fund management center", the "public fund management center" information may determine that the corresponding processing server is the processing server corresponding to the "public fund management center".
According to the data processing method provided by the embodiment of the application, the user authentication information is stored in the user server at the user side, when a user logs in the cloud platform server to initiate a request message, the cloud platform server forwards the request message to the user server, the user server determines the corresponding user authentication information according to the information content of the specific request message, and sends the user authentication information and the request message to the processing server corresponding to the information content of the request message, in the whole data processing process, the cloud platform server does not contact the user authentication information, so that the user authentication information can be effectively prevented from being leaked from the cloud platform server, and the safety of data processing is improved.
In one embodiment, the user authentication information may include authentication information acquired by at least one of:
receiving authentication information generated by the processing server;
and the user server locally collects the acquired authentication information.
As for the authentication information of the user generated by the processing server through reception, generally, the user has an agreement with the corresponding service processing party in advance. After signing an agreement, the processing server of the service processing party produces the authentication information of the user and can send the authentication information to the user server. When the user server receives the authentication information and sends a request message to the processing server, the authentication information can be attached so that the processing server can accurately identify the real identity corresponding to the user server. In a specific embodiment, the user authentication information may be an authorization certificate. The authorization certificate can be a Ukey certificate which is sent to the user by the bank when the bank signs an agreement with the user. The Ukey certificate may include sensitive information such as a specific signature algorithm, a key pair, a login name, an account and the like. When the user needs to perform specific business operations such as remittance through a bank, the user can send the login name and the account in the message request and the user authentication information to a processing server corresponding to the bank, and the processing server can accurately identify the real identity of the user server according to the user authentication information.
For the authentication information acquired by locally acquiring the user authentication information by the user server, generally, the user server is provided with an information acquisition module. The information acquisition module may specifically be a device for acquiring the biometric characteristic of the user. The user biometric may specifically include: one or more combinations of human face, fingerprint, palm print, voice print, handwriting, or other feasible alternatives or combinations thereof, and the application is not limited in detail herein. When the service processing party signs an agreement with the user, security authentication information can be set as user authentication information. The processing server may store the user authentication information. For example, the user authentication information may be biometric information of the user, such as a fingerprint or the like. When the user initiates a specific business operation, the biological characteristics of the user can be acquired through an information acquisition module, and the biological characteristic information and the request message are sent to a corresponding processing server. After the processing server receives the request message and the biological characteristic information, the received biological characteristic information is compared with the stored biological characteristic information, and the identity information of the user can be determined.
Of course, the manner of acquiring the user authentication information is not limited to the above description. Other modifications are possible in light of the above teachings, but are intended to be included within the scope of the present disclosure as long as the functions and effects achieved by the present disclosure are the same or similar to those achieved by the present disclosure.
Based on the data processing method described in the above embodiment, the present application also provides a data processing apparatus.
Referring to fig. 3, the data processing apparatus may include:
a storage module 101, configured to store user authentication information;
the receiving module 103 is configured to receive a request message sent by a cloud platform server;
an information obtaining module 105, configured to obtain user authentication information corresponding to the request packet;
a sending module 107, configured to send the user authentication information and the request packet to a processing server corresponding to the information content of the request packet.
In another embodiment of the data processing apparatus, the user authentication information may include authentication information acquired by at least one of:
receiving authentication information generated by the processing server;
and the user server locally collects the acquired authentication information.
The user authentication information may include at least one of: an authorization credential, a user biometric, a login name, and a password.
The data processing apparatus disclosed in the above embodiments corresponds to the data processing method embodiments of the present application, and can achieve the data processing method embodiments of the present application and achieve the technical effects of the method embodiments.
A user server according to the present application is described below.
Referring to fig. 4, the present application further provides a server, which may include: a memory 201, a processor 203,
the memory 201 stores user authentication information;
the processor 203 receives a request message sent by a cloud platform server; and acquiring user authentication information corresponding to the request message, and sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
The server disclosed in the above embodiments corresponds to the embodiments of the data processing method of the present application, and can achieve the embodiments of the data processing method of the present application and achieve the technical effects of the embodiments of the method.
The following describes another embodiment of a data processing method based on a user server.
Referring to fig. 5, a data processing method according to an embodiment of the present application may include the following steps.
Step 301: and the user server receives a request message sent by the cloud platform server.
In this embodiment, the cloud platform server may specifically be a server in the cloud platform for implementing a predetermined management function. The predetermined management function includes: a money management function, a utility management function, a personnel management function, etc., and the present application is not particularly limited thereto. The cloud platform server may assign a unique user identity to each user. When the user sends a request message to the cloud platform, the user identity can be carried so that the cloud platform server can accurately identify the identity of the user. Specifically, when a user has a service operation requirement, the user can log in the cloud platform server through a networked client and initiate a specific request message to the cloud platform server. The business operation requirements may include, for example: inquiry, transfer, remittance, loan, etc. Of course, the service operation requirement may be changed according to different specific scenarios, and the application is not specifically limited herein. And after receiving the request message, the cloud platform server sends the request message to a user server corresponding to the user according to the identity in the request message.
The specific information content of the message request sent by the cloud platform server and received by the user server may also correspondingly change with different specific scenes, and the application is not specifically limited herein. In general, it may include: the type of service operation, the specific content of the operation, the identity information of the party to be processed, the time information of the transmission, etc. The following description will take the remittance operation of the user as an example. The information content of the request message includes the service operation type: such as "remittance"; the specific content of the operation is as follows: such as "specific amount", "account of remitter", etc.; identity information of the to-be-processed party: such as "a specific bank account".
Step 303: and the user server acquires the user authentication information corresponding to the information content of the request message from the stored user authentication information.
In this embodiment, the user server may store user authentication information. Specifically, the user authentication information may include: one or more combinations of an authorization certificate, a user biometric characteristic, a login name and a password, or other feasible alternatives or combinations thereof, and the application is not particularly limited herein. Wherein the user biometric information may include: one or more of face, fingerprint, palm print, voice print and handwriting.
In this embodiment, the user authentication information may be at least one. The user authentication information may determine the user authentication information corresponding to the request message according to one or more of information content of the request message, such as a service operation type, specific content of operation, and identity information of the party to be processed.
In a specific example, when the service operation type in the request message is "remittance" and the information of the party to be processed is a specific "bank", the user authentication information corresponding to the information of the "remittance" and the "bank" can be determined as the Ukey certificate authorized by the bank.
Step 305: and the user server encrypts the request message by using the user authentication information.
In this embodiment, the user authentication information may be information that can encrypt the request packet. The user authentication information may include one or more combinations of an authorization credential, a user biometric, a login name and a password, or other viable alternatives or combinations thereof. Specifically, the request packet may be encrypted by using the user authentication information or a part of the user authentication information. For example, a Ukey certificate issued by a bank included in the user authentication information will be described as an example. The Ukey certificate may include a specific signature algorithm. The signature algorithm may be an asymmetric algorithm, such as RSA/DSA, etc. And in the communication process of the user server and the processing server of the bank, the request message can be encrypted by using the asymmetric algorithm. The encrypted request message can be read only by the bank processing server with the corresponding decryption mode, so that the security of the request message in the communication process can be enhanced after the request message is encrypted.
Besides, the user authentication information may include other user authentication information, such as a user biometric, a login name, a password, and the like, in addition to a signature algorithm capable of encrypting the message request. The other user authentication information may be added to the request message as part of the request message. When the encryption is performed using an encryption algorithm, the other user authentication information may be encrypted together.
Step 307: and the user server sends the encrypted request message to a processing server corresponding to the information content of the request message.
In this embodiment, according to the information content of the request message, the corresponding processing server that is the object to which the user authentication information and the request message need to be transmitted can be determined. Specifically, the processing server may be a server of the service processing party. Specifically, the corresponding processing server may be determined according to information content of the request packet, such as one or more of a service operation type, specific content of operation, and identity information of the party to be processed.
In a specific example, when the identity of the to-be-processed party is a certain "public accumulation fund management center", it may be determined that the processing server corresponding to the to-be-processed party is the processing server corresponding to the "public accumulation fund management center" through the "public accumulation fund management center" information.
According to the data processing method provided by the embodiment of the application, the user authentication information is stored in the user server at the user side, when a user logs in the cloud platform server to initiate a request message, the cloud platform server forwards the request message to the user server, the user server determines the corresponding user authentication information according to the information content of the specific request message, encrypts the request message by using the user authentication information, and then sends the encrypted request message to the processing server corresponding to the information content of the request message, in the whole data processing process, the cloud platform server does not contact the user authentication information, so that the user authentication information can be effectively prevented from being leaked from the cloud platform server, and the safety of data processing is improved.
Based on the data processing method described in the above embodiment, the present application also provides a data processing apparatus.
Referring to fig. 6, a data processing apparatus according to an embodiment of the present application may include:
a storage module 301, configured to store user authentication information;
a receiving module 303, configured to receive a request message sent by a cloud platform server;
an information obtaining module 305, configured to obtain user authentication information corresponding to the request packet;
an encryption module 307, configured to encrypt the request packet by using the user authentication information;
the sending module 309 sends the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message.
The data processing apparatus disclosed in the above embodiments corresponds to the data processing method embodiments of the present application, and can achieve the data processing method embodiments of the present application and achieve the technical effects of the method embodiments.
Based on the data processing method and device in the above embodiments, the application further provides a user server.
Referring to fig. 9, a server according to an embodiment of the present application may include: a memory 601, a processor 603,
the memory 601 stores user authentication information;
the processor 603 is configured to receive a request packet sent by a cloud platform server; acquiring user authentication information corresponding to the request message; encrypting the request message by using the user authentication information; and sending the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message.
The server disclosed in the above embodiments corresponds to the embodiments of the data processing method of the present application, and can achieve the embodiments of the data processing method of the present application and achieve the technical effects of the embodiments of the method.
The following describes an embodiment of a data processing method mainly based on a cloud platform server according to the present application.
Referring to fig. 7, a data processing method according to an embodiment of the present application may include the following steps.
Step 501: the cloud platform server receives a request message sent by a user.
In this embodiment, the cloud platform server may specifically be a server in the cloud platform for implementing a predetermined management function. The predetermined management function includes: a money management function, a utility management function, a personnel management function, etc., and the present application is not particularly limited thereto. The cloud platform server may assign a unique user identity to each user. When the user sends a request message to the cloud platform, the user identity can be carried so that the cloud platform server can accurately identify the identity of the user. The specific form of the user id may be a character, a barcode, a two-dimensional code, and the like, and the application is not limited specifically herein. For example, when the user ID is in the form of a character, the corresponding IDs may be ID001, ID002, and the like for different users.
In this embodiment, the user may be an individual having a unique user identity on the cloud platform. The user itself may be an enterprise, an individual, or the like, and the present application is not limited thereto. When a user has specific service operation requirements, the user can log in the cloud platform server through the networked client and initiate a specific request message to the cloud platform server. The client may be a communication device with a network communication function, such as a desktop computer, a notebook computer, a tablet computer, a smart phone, a smart wearable device, and the like. Of course, the client may also be software running in the communication device described above. The business operation requirements may include, for example: inquiry, transfer, remittance, loan, etc. Of course, the service operation requirement may be changed according to different specific scenarios, and the application is not specifically limited herein.
The specific information content of the request packet may also change correspondingly with different specific scenes, and the application is not limited in this respect. In general, it may include: the type of service operation, the specific content of the operation, the identity information of the party to be processed, the time information of the transmission, etc. The following description will take the remittance operation of the user as an example. The information content of the request message includes the service operation type: remittance; the specific content of the operation is as follows: amount, account of sender, etc.; identity information of the to-be-processed party: a specific bank account; and a specific time of transmission, etc.
Step 503: and the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message.
In this embodiment, the cloud platform server may store address information of the user. The address information is used for determining the address of the user server, so that the cloud platform server can accurately send a request message to the user server according to the address information. Specifically, the address information may be routing information of the user server, such as a routing url (uniform resource locator), a port, and the like, which is not specifically limited herein.
In this embodiment, the address information corresponding to the user identification in the request message may be determined based on the user identification. In particular, for a cloud platform server, the number of users rented thereon may be huge. For this reason, the cloud platform server may store the user identification information and the address information in a memory of the cloud platform server in a corresponding storage manner. When the cloud platform server receives a request message containing a user identity, corresponding address information can be determined through modes of mapping, inquiring and the like according to the user identity. Of course, the manner of determining the corresponding address information according to the user identity may also be other alternative manners, and the application is not limited in this respect.
In addition, the user identity in the request message may carry address information of the user server, so that the cloud platform server may determine the address information of the user server according to the user identity in the request message, so as to accurately send a message request to the user server.
Based on the data processing method described in the above embodiment, the present application also provides a data processing apparatus.
Referring to fig. 8, a data processing apparatus according to an embodiment of the present application may include:
a receiving module 501, configured to receive a request message sent by a user;
a sending module 503, configured to send the request packet to a user server corresponding to the user based on the user identity in the request packet.
The data processing apparatus disclosed in the above embodiments corresponds to the data processing method embodiments of the present application, and can achieve the data processing method embodiments of the present application and achieve the technical effects of the method embodiments.
Based on the data processing method and device, the application further provides a cloud platform server.
The server provided in one embodiment of the present application may include: a processor for processing the received data, wherein the processor is used for processing the received data,
the processor is used for receiving a request message sent by a user; and sending the request message to a user server corresponding to the user based on the user identity in the request message.
The server disclosed in the above embodiments corresponds to the embodiments of the data processing method of the present application, and can achieve the embodiments of the data processing method of the present application and achieve the technical effects of the embodiments of the method.
Referring to fig. 10, the present application further provides a cloud management system, which may include: cloud platform server 1 and user server 2.
The cloud platform server 1 is used for receiving a request message sent by a user and sending the request message to a user server 2 corresponding to the user based on a user identity in the request message;
the user server 2 is configured to receive the request message, and acquire user authentication information corresponding to information content of the request message from stored user authentication information; and is further configured to send the user authentication information and the request message to the processing server 3 corresponding to the information content of the request message.
The cloud management system disclosed by the embodiment corresponds to the data processing method embodiment, so that the data processing method embodiment can be realized and the technical effect of the method embodiment can be achieved.
Although the present application provides method steps as described in the embodiments or flowcharts, more or fewer steps may be included based on routine or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The apparatus or module described in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. The functionality of the modules may be implemented in the same one or more software and/or hardware implementations of the present application. Of course, a module that implements a certain function may be implemented by a plurality of sub-modules or sub-units in combination.
The methods, apparatus or modules described herein may be implemented in computer readable program code to a controller implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, Application Specific Integrated Circuits (ASICs), programmable logic controllers and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, MicrochipPIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
Some of the modules in the apparatus described herein may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary hardware. Based on such understanding, the technical solutions of the present application may be embodied in the form of software products or in the implementation process of data migration, which essentially or partially contributes to the prior art. The computer software product may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to perform the methods described in the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. All or portions of the present application are operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, mobile communication terminals, multiprocessor systems, microprocessor-based systems, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The above embodiments in the present specification are all described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment is described with emphasis on being different from other embodiments. Especially for the server implementation, since the operation executed by the processor is basically similar to the method implementation, the description is simple, and the relevant points can be referred to the description of the method implementation.
In the present application, a plurality of embodiments of the present application are described, and those skilled in the art will understand that the embodiments of the present application can be combined with each other. Further, those skilled in the art will recognize that there are numerous variations and modifications of the present application without departing from the spirit of the application, and it is intended that the appended claims encompass such variations and modifications without departing from the spirit of the application.

Claims (14)

1. A method of data processing, comprising:
the cloud platform server receives a request message sent by a user;
the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message;
the user server receives the request message and acquires user authentication information corresponding to the information content of the request message from the stored user authentication information;
and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
2. A data processing method is applied to a user server and comprises the following steps:
the user server receives a request message sent by a cloud platform server; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message;
the user server acquires user authentication information corresponding to the information content of the request message from the stored user authentication information;
and the user server sends the user authentication information and the request message to a processing server corresponding to the information content of the request message.
3. The data processing method of claim 2, wherein the user authentication information includes authentication information acquired by at least one of:
receiving authentication information generated by the processing server;
and the user server locally collects the acquired authentication information.
4. The data processing method of claim 2, wherein the user authentication information comprises at least one of:
an authorization credential, a user biometric, a login name, and a password.
5. A data processing device, applied to a user server, includes:
the storage module is used for storing user authentication information;
the receiving module is used for receiving a request message sent by the cloud platform server; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message;
the information acquisition module is used for acquiring user authentication information corresponding to the request message;
and the sending module is used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
6. The data processing apparatus of claim 5, wherein the user authentication information includes authentication information acquired by at least one of:
receiving authentication information generated by the processing server;
and the user server locally collects the acquired authentication information.
7. The data processing apparatus of claim 5, wherein the user authentication information comprises at least one of: an authorization credential, a user biometric, a login name, and a password.
8. A user server, comprising: a memory, a processor and a control unit,
the memory stores user authentication information;
the processor receives a request message sent by a cloud platform server; acquiring user authentication information corresponding to the request message, and sending the user authentication information and the request message to a processing server corresponding to the information content of the request message; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message.
9. A data processing method is applied to a user server and comprises the following steps:
the user server receives a request message sent by a cloud platform server; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message;
the user server acquires user authentication information corresponding to the information content of the request message from the stored user authentication information;
the user server encrypts the request message by using the user authentication information;
and the user server sends the encrypted request message to a processing server corresponding to the information content of the request message.
10. A data processing device, applied to a user server, includes:
the storage module is used for storing user authentication information;
the receiving module is used for receiving a request message sent by the cloud platform server; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message;
the information acquisition module is used for acquiring user authentication information corresponding to the request message;
the encryption module is used for encrypting the request message by utilizing the user authentication information;
and the sending module is used for sending the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message.
11. A user server, comprising: a memory, a processor and a control unit,
the memory stores user authentication information;
the processor is used for receiving a request message sent by the cloud platform server; acquiring user authentication information corresponding to the request message; encrypting the request message by using the user authentication information; sending the user authentication information and the encrypted request message to a processing server corresponding to the information content of the request message; the cloud platform server is used for receiving the request message sent by the user and sending the request message to the user server corresponding to the user based on the user identity in the request message.
12. A data processing method is applied to a cloud platform server and comprises the following steps:
the cloud platform server receives a request message sent by a user;
the cloud platform server sends the request message to a user server corresponding to the user based on the user identity in the request message, wherein the user server is used for receiving the request message and acquiring user authentication information corresponding to the information content of the request message from stored user authentication information; and the processing server is also used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
13. A data processing apparatus, characterized in that it comprises:
the receiving module is used for receiving a request message sent by a user;
a sending module, configured to send the request message to a user server corresponding to the user based on a user identity in the request message, where the user server is configured to receive the request message and obtain, from stored user authentication information, user authentication information corresponding to information content of the request message; and the processing server is also used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
14. A cloud management system, comprising:
the cloud platform server is used for receiving a request message sent by a user and sending the request message to a user server corresponding to the user based on a user identity in the request message;
the user server is used for receiving the request message and acquiring user authentication information corresponding to the information content of the request message from the stored user authentication information; and the processing server is also used for sending the user authentication information and the request message to a processing server corresponding to the information content of the request message.
CN201610073139.8A 2016-02-02 2016-02-02 Data processing method and device, server and cloud management system Active CN107026826B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610073139.8A CN107026826B (en) 2016-02-02 2016-02-02 Data processing method and device, server and cloud management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610073139.8A CN107026826B (en) 2016-02-02 2016-02-02 Data processing method and device, server and cloud management system

Publications (2)

Publication Number Publication Date
CN107026826A CN107026826A (en) 2017-08-08
CN107026826B true CN107026826B (en) 2020-08-14

Family

ID=59525025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610073139.8A Active CN107026826B (en) 2016-02-02 2016-02-02 Data processing method and device, server and cloud management system

Country Status (1)

Country Link
CN (1) CN107026826B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213392B (en) * 2018-04-03 2021-12-14 腾讯科技(深圳)有限公司 Data distribution method and device, computer equipment and storage medium
CN110099060A (en) * 2019-05-07 2019-08-06 瑞森网安(福建)信息科技有限公司 A kind of network information security guard method and system
CN113592436B (en) * 2021-07-09 2024-02-06 上海云轴信息科技有限公司 Cloud service management method and equipment based on government cloud platform

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836812A (en) * 2015-05-26 2015-08-12 杭州华三通信技术有限公司 Portal authentication method, device and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101527909A (en) * 2009-04-08 2009-09-09 中兴通讯股份有限公司 Method for realizing access authentication, device thereof and mobile terminal
JP4937302B2 (en) * 2009-07-10 2012-05-23 日本電信電話株式会社 Authentication device, authentication method, authentication program, and authentication system
CN102710419B (en) * 2011-12-21 2015-02-18 大唐软件技术股份有限公司 User authentication method and device
CN104065623B (en) * 2013-03-21 2018-01-23 华为终端(东莞)有限公司 Information processing method, trust server and Cloud Server
CN104901925A (en) * 2014-03-05 2015-09-09 中国移动通信集团北京有限公司 End-user identity authentication method, device and system and terminal device
CN104320389B (en) * 2014-10-11 2018-04-27 南京邮电大学 A kind of fusion identity protection system and method based on cloud computing
CN104468518B (en) * 2014-11-10 2016-04-20 腾讯科技(深圳)有限公司 Business management method, device and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836812A (en) * 2015-05-26 2015-08-12 杭州华三通信技术有限公司 Portal authentication method, device and system

Also Published As

Publication number Publication date
CN107026826A (en) 2017-08-08

Similar Documents

Publication Publication Date Title
AU2021203598B2 (en) Systems and mechanism to control the lifetime of an access token dynamically based on access token use
KR102041911B1 (en) Method for data split and distributed storage using blockchain
CN111033502B (en) Authentication using biometric data and irreversible functions via blockchain
JP4971572B2 (en) Facilitating transactions in electronic commerce
CN110458559B (en) Transaction data processing method, device, server and storage medium
EP3036643B1 (en) Method and system for distributing secrets
CN111917773A (en) Service data processing method and device and server
CN113271207A (en) Escrow key using method and system based on mobile electronic signature, computer equipment and storage medium
CN112115205A (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
Patil et al. Data security over cloud
CN110335040A (en) Resource transfers method, apparatus, electronic equipment and storage medium
US20240250820A1 (en) Sharing and requesting private data using cryptography
CN114625756A (en) Data query method and device and server
CN114219480A (en) Multi-channel fee-control quick payment method and system
CN107026826B (en) Data processing method and device, server and cloud management system
CN110417557B (en) Intelligent terminal peripheral data security control method and device
CN106991332A (en) The method and device that a kind of mass data is stored safely
CN115730349A (en) Data encryption method based on different service scenes, computer equipment and computer readable storage medium
US8910260B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN114861153A (en) Service processing method and device for intelligent counter
Kashukeev et al. Data security model in cloud computing
CN115482132A (en) Data processing method, device and server of blockchain-based electronic contract
CN115051801B (en) Access permission status determination system, method, electronic device, and storage medium
CN114648334B (en) Data processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: Greater Cayman, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.

TR01 Transfer of patent right