[go: up one dir, main page]

CN114157425B - Method and device for responding to service request - Google Patents

Method and device for responding to service request Download PDF

Info

Publication number
CN114157425B
CN114157425B CN202111481176.XA CN202111481176A CN114157425B CN 114157425 B CN114157425 B CN 114157425B CN 202111481176 A CN202111481176 A CN 202111481176A CN 114157425 B CN114157425 B CN 114157425B
Authority
CN
China
Prior art keywords
service
server
request
business
financial institution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111481176.XA
Other languages
Chinese (zh)
Other versions
CN114157425A (en
Inventor
吴与同
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202111481176.XA priority Critical patent/CN114157425B/en
Publication of CN114157425A publication Critical patent/CN114157425A/en
Application granted granted Critical
Publication of CN114157425B publication Critical patent/CN114157425B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application discloses a method and a device for responding to a service request, relates to the technical field of data processing, and aims to solve the problem that in the prior art, information security cannot be ensured in the process of providing service by combining a third party server with a financial institution. The method comprises the following steps: receiving a request from a user equipment; the request is used for indicating to provide business services; determining a service server for providing service, and acquiring a stored access address of the service server and a secret key agreed with the service server in advance; sending account information and a request of the user equipment encrypted by the key to a service server through an access address; receiving record information from a service server; the record information is generated by a business server in the process of providing business services; and storing the record information when receiving the indication information from the business server for indicating that the business service is completely provided.

Description

Method and device for responding to service request
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a method and an apparatus for responding to a service request.
Background
With the rapid development of various industries, some service providers provide more diversified services in addition to main services, so as to achieve the goal of attracting more users. For example, in the financial industry, various financial institutions may provide additional services, such as cell phone recharging, outside of the home. However, the financial institution cannot provide these additional services by itself due to the limitation of its own system function, and the corresponding services need to be provided by means of a third party provider. That is, the financial institution receives a request for providing a certain service sent by the user, and then forwards the request to a provider server that can provide the service, and the provider server provides the service for the user. It can be seen that, in order to ensure that the user is better served, how to combine the financial institution with the provider server, and how to ensure the information security during the interaction between the financial institution and the provider becomes particularly important.
Disclosure of Invention
The application provides a method and a device for responding to a service request, which are used for solving the problem that in the prior art, information security cannot be ensured in the process of providing service by combining a third party server with a financial institution.
In a first aspect, an embodiment of the present application provides a method for responding to a service request, including:
Receiving a request from a user equipment; the request is used for indicating to provide business services;
Determining a business server for providing the business service, and acquiring a stored access address of the business server and a secret key agreed with the business server in advance;
transmitting account information of the user equipment encrypted by the key and the request to the service server through the access address;
Receiving record information from the service server; the record information is generated by the business server in the process of providing the business service;
And storing the record information when receiving indication information from the business server, wherein the indication information is used for indicating that the business service is completely provided.
Based on the scheme, when the application server of the financial institution receives the request of the user equipment, the account information and the request of the user equipment encrypted by the key are sent to the service server according to the stored access address of the service server and the key agreed with the service server in advance, the service server responds to the request to provide service, and record information generated in the service providing process is sent to the application server of the financial institution for unified storage, so that the user or manager can conveniently check and manage. From the user's perspective, services may be obtained by simply logging into the financial institution's system, rather than logging into a different vendor's system to obtain different services. And when the application server of the financial institution forwards the request and sends the account information of the user equipment, the application server adopts a pre-agreed key to encrypt, so that the safety of data transmission is ensured.
In some embodiments, after receiving the request from the user equipment, the method further comprises:
generating a unique identifier; the unique identifier is used for identifying data generated in the process of providing the business service;
after acquiring the stored access address of the service server and the key agreed with the service server in advance, the method further comprises:
and sending the unique identifier to the service server through the access address.
In some embodiments, the unique identifier is included in the record information.
Based on the above scheme, the unique identifier is transmitted from the application server of the financial institution to the business server, and the business server can provide business services according to the unique identifier. If the service server is accessed through other channels without the unique identifier, the service server can not provide service, so that the information security in the service process of providing the service is ensured.
In some embodiments, before sending the account information of the user device encrypted with the key and the request to the service server via the access address, the method further comprises:
Sending an authorization request to the user equipment; the authorization request is used for requesting to send the account information to the service server;
And receiving approval authorization information from the user equipment and sending the account information to the service server.
In a second aspect, an embodiment of the present application provides another method for responding to a service request, including:
Receiving the encrypted request and account information from an application server of the financial institution; the request is used for indicating to provide business services;
obtaining a key pre-agreed with an application server of the financial institution, and decrypting the encrypted request and the account information by adopting the key;
providing business services according to the request and the account information, generating record information, and sending the record information to an application server of the financial institution;
after the provision of the business service is completed, indication information for indicating that the provision of the business service is completed is transmitted to an application server of the financial institution.
In some embodiments, the method further comprises:
receiving a unique identifier from an application server of a financial institution; the unique identifier is used for identifying data generated in the process of providing the business service;
The generating record information includes:
Record information including the unique identifier is generated.
In a third aspect, an embodiment of the present application provides an apparatus for responding to a service request, including:
a transceiver unit for receiving a request from a user equipment; the request is used for indicating to provide business services;
The processing unit is used for determining a business server for providing the business service and acquiring a stored access address of the business server and a secret key agreed with the business server in advance;
the receiving and transmitting unit is further configured to send account information of the user equipment encrypted by using the key and the request to the service server through the access address;
The receiving and transmitting unit is also used for receiving record information from the service server; the record information is generated by the business server in the process of providing the business service;
the processing unit is further configured to store the record information when the transceiver unit receives the indication information from the service server, where the indication information indicates that the service is provided.
In some embodiments, the processing unit is further configured to:
generating a unique identifier; the unique identifier is used for identifying data generated in the process of providing the business service;
the transceiver unit is further configured to:
and sending the unique identifier to the service server through the access address.
In some embodiments, the unique identifier is included in the record information.
In some embodiments, the transceiver unit is further configured to:
Sending an authorization request to the user equipment; the authorization request is used for requesting to send the account information to the service server;
And receiving approval authorization information from the user equipment and sending the account information to the service server.
In a fourth aspect, an embodiment of the present application provides another apparatus for responding to a service request, including:
A transceiving unit for receiving the encrypted request and account information from an application server of the financial institution; the request is used for indicating to provide business services;
The processing unit is used for acquiring a key agreed in advance with an application server of the financial institution, and decrypting the encrypted request and the account information by adopting the key; providing business services according to the request and the account information, generating record information, and sending the record information to an application server of the financial institution;
The receiving and transmitting unit is further configured to send, after the processing unit finishes providing the business service, indication information for indicating that the business service is provided to an application server of the financial institution.
In some embodiments, the transceiver unit is further configured to:
receiving a unique identifier from an application server of a financial institution; the unique identifier is used for identifying data generated in the process of providing the business service;
The processing unit is specifically configured to:
Record information including the unique identifier is generated.
In a fifth aspect, an embodiment of the present application provides an electronic device, including a controller and a memory. The memory is used for storing computer-executable instructions, and the controller executes the computer-executable instructions in the memory to perform the operational steps of the method as may be implemented in any one of the first to second aspects using hardware resources in the controller.
In a sixth aspect, the present application provides a computer readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the methods of the above aspects.
In a seventh aspect, embodiments of the present application provide a computer program product comprising computer program code which, when executed by a computer, causes the computer to perform the methods of the above aspects.
In addition, the advantages of the second aspect to the seventh aspect may be referred to as the advantages of the first aspect, and will not be described here.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for responding to a service request according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a display interface according to an embodiment of the present application;
FIG. 4 is a schematic diagram of another display interface according to an embodiment of the present application;
FIG. 5 is a flowchart of another method for responding to a service request according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of a device for responding to a service request according to an embodiment of the present application;
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical scheme of the application obtains, stores, uses, processes and the like the data, which all meet the relevant regulations of national laws and regulations.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the technical solutions of the present application, but not all embodiments. All other embodiments, based on the embodiments described in the present document, which can be obtained by a person skilled in the art without any creative effort, are within the scope of protection of the technical solutions of the present application.
The terms first and second in the description and claims of the application and in the above-mentioned figures are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the term "include" and any variations thereof is intended to cover non-exclusive protection. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The term "plurality" in the present application may mean at least two, for example, two, three or more, and embodiments of the present application are not limited.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. The character "/" herein generally indicates that the associated object is an "or" relationship unless otherwise specified.
In order to facilitate understanding of the solution proposed by the present application, a network architecture adopted by the embodiment of the present application is first briefly described. For example, referring to fig. 1, a schematic structural diagram of a network architecture according to an embodiment of the present application may be provided. The method specifically comprises the following steps: user equipment 110, application server 120 and business server 130 of the financial institution. It should be noted that fig. 1 is only an example, and the number of network devices, application servers and service servers of a financial institution in a network architecture is not specifically limited in the embodiment of the present application. For example, the network architecture of the present application may include a plurality of service servers, which may be accessed by an application server of a financial institution. Or multiple user devices may be included in the network architecture, and an application server of one financial institution may also serve the multiple user devices. Or the network architecture may include application servers of multiple financial institutions, i.e., one business server may also be accessed by application servers of multiple financial institutions. The present application is not particularly limited thereto.
The User Equipment 110 may also be referred to as a Terminal (UE), or a Terminal device, a Mobile Station (MS), a Mobile Terminal (MT), or the like, which is a device that provides voice and/or data connectivity to a User, for example, a handheld device, an in-vehicle device, or the like, which has a wireless connection function. Currently, some examples of user equipment are: a Mobile phone, a tablet, a notebook, a palm, a Mobile internet device (Mobile INTERNET DEVICE, MID), a wearable device, a Virtual Reality (VR) device, an augmented Reality (Augmented Reality, AR) device, a wireless terminal in industrial control (Industrial Control), a wireless terminal in unmanned (SELF DRIVING), a wireless terminal in teleoperation (remote medical surgery), a wireless terminal in smart grid (SMART GRID), a wireless terminal in transportation security (transportation safety), a wireless terminal in smart city (SMART CITY), a wireless terminal in smart home (smart home), and the like. In some embodiments, the user device according to the present application may include a display screen for displaying various display interfaces.
Alternatively, the functions of the application server 120 of the financial institution may be implemented by a server or a server cluster composed of a plurality of servers. The application server 120 of the financial institution may be understood as a background server of an application program of the financial institution, which may include a processor, a hard disk, a memory, a system bus, etc. for providing corresponding business services in response to a request from the user device 110. Similarly, the functions of the service server 130 may be implemented by one server or by a server cluster. In fig. 1, the functions of the service server 130 are implemented by one server as an example.
For convenience of description, the user device 110 will be abbreviated as user device, the application server 120 of the financial institution will be abbreviated as application server of the financial institution, and the service server 130 will be abbreviated as service server.
In the related art, some financial institutions, such as banks, provide diversified additional services in addition to the main industry to attract more users. For example, the application programs of all banks can provide services such as weather inquiry, mobile phone recharging or life payment. However, due to technical limitations, the financial institution itself cannot provide these additional services, and a third party provider (or may also be called a equity or a partner) needs to provide corresponding services, that is, a system of the financial institution needs to be connected to a system of the provider, so that a server of the financial institution can access a service server of the provider, thereby realizing provision of services capable of being diversified for a user. The current combination scheme of financial institutions and suppliers' systems mainly includes two kinds of systems: the first is to integrate the system of the financial institution into the system of the provider, for example, when the provider is a Union, the Union can provide services for a plurality of financial institutions, so that each financial institution needs to adjust its own system to adapt to the Union system, and thus the financial institution can be well deployed in the Union system. The second is that the vendor obtains the software development kit (Software Development Kit, SDK) of the financial institution application and then deploys the services of the corresponding financial institution in its own system. The first solution needs the financial institution to adjust its own various system functions, is less autonomous for the financial institution, and needs to log in to different provider systems when the user needs different services. The second method has high technical requirements for suppliers, and is not realized by small suppliers in general. And also requires the user to log in to different provider systems to obtain different services, the use experience is poor.
In view of this, the embodiments of the present application provide a method and apparatus for responding to a service request, where an access address of a service server of a provider and a key negotiated with the service server are stored in an application server of a financial institution. After receiving the request from the user device, the application server of the financial institution may directly transmit account information and the request of the user device encrypted with the pre-negotiated key to the service server according to the stored access address, and the service server provides the service in response to the request.
First, in order to facilitate understanding of the solution proposed by the present application, referring to fig. 2, a flowchart of a method for responding to a service request is provided in an embodiment of the present application. The method specifically comprises the following steps:
an application server of a financial institution receives a request from a user device 201.
Wherein the request is for indicating to provide a business service. Alternatively, the user device may send a request indicated by the user operation to an application server of the financial institution in response to a corresponding operation by the user in a display interface provided by an application program of the financial institution. As an example, it may also be expressed herein as the user device sending a request to a background server of a financial institution application. For ease of description, the application server of the financial institution will be described hereinafter.
202, An application server of the financial institution determines a service server providing a service, and obtains an access address of the service server and a key agreed with the service server in advance.
Alternatively, the application server of the financial institution may access a plurality of service servers, for example, access addresses of the plurality of service servers may be stored, and the plurality of service servers may implement different service functions. For example, an application server of a financial institution may access a service server for providing a recharging function of a cell phone, and may also access a service server for providing a weather forecast.
In a possible case, after receiving the request for instructing to provide the service, the application server of the financial institution may first determine that the service itself cannot provide the service, and then determine the service server that can provide the service according to the stored service functions of the respective service servers.
In another possible case, the request received by the application server of the financial institution may include an identifier or a name for indicating the service server providing the service, that is, the request includes the name or the identifier of the service server capable of providing the service. Upon receiving the request, the application server of the financial institution may determine the service server that is capable of responding to the request.
Optionally, the application server of the financial institution may also perform key negotiation with a plurality of service servers in advance, and store the negotiated key. As an example, the encryption mechanism between the application server and the service server of the financial institution may use a symmetric encryption manner, that is, the application server of the financial institution negotiates a key with the service server, the application server of the financial institution (or the service server) encrypts data using the key, and the service server (or the application server of the financial institution) decrypts the encrypted data using the key to obtain the data when receiving the encrypted data. As another example. An asymmetric encryption mechanism can be adopted between an application server of a financial institution and a service server, namely, the application server of the financial institution can negotiate a pair of public keys and private keys with the service server, the application server (or the service server) of the financial institution adopts the public keys to encrypt data, and the service server (or the application server of the financial institution) adopts the private keys to decrypt and acquire the data when receiving the encrypted data. The encryption mechanism adopted by the application server and the service server of the financial institution is not particularly limited, and for convenience of description, the application server and the service server of the financial institution are described by taking a symmetrical encryption mode as an example in the following description.
Specifically, after the application server of the financial institution receives the request, it determines a service server that can respond to the request to provide a service, it can acquire a pre-stored access address of the service server and a key pre-negotiated with the service server.
203, The application server of the financial institution sends the account information and the request of the user equipment encrypted by the key to the service server through the access address of the service server.
Alternatively, the application server of the financial institution may encrypt both the account information and the request of the user device, or may encrypt only the account information of the user device. As an example, the access address of the business server may be a uniform resource locator (Uniform Resource Locator, URL) of the business server, from which an application server, such as :"https://www.abc.cominf=usBFfkha78r3Gp9KW50RUiok4ZwdPX07KfNfIE-BRI4&sign=75ee8f7a239c5114ade247cf0d3d90bd&timestamp=20200617092453588". financial institution, may send encrypted account information and requests to the business server. The account information may be information indicating an identity of a user of the user device, for example, may be identity information such as a name, a phone, or an identification card number of the user. Or the account information can also comprise information such as an account number, a login password and the like of the application server of the financial institution, which are used by the user equipment, and the specific content included in the account information is not limited by the application.
The business server receives 204 the encrypted request and account information from the application server of the financial institution and decrypts the encrypted request and account information using the key.
Specifically, when the service server receives encrypted data from the application server of the financial institution, the service server may first acquire a key agreed in advance with the application server of the financial institution, and then decrypt the received data with the key to obtain the request and the account information.
The business server provides business services according to the request and the account information, generates record information, and sends the record information to an application server of the financial institution 205.
Alternatively, the business server may record details generated in the process of providing the business service to form the record information. For example, if the service server provides a transfer service, the amount of each transfer, the receiving side, the transmitting side, or the transfer time may be recorded. As an alternative, the service server may send the generated record information to the application server of the financial institution in real time. For example, the service provided by the service server is three transfer services, the service server may send the record information related to the first transfer to the application server of the financial institution after the first transfer is completed, send the record information related to the second transfer to the application server of the financial institution after the second transfer is completed, and so on, and send the record information related to one sub-task to the application server of the financial institution every time the sub-task is completed.
As another alternative, the business server may also transmit all record information generated in the course of providing the business service to the application server of the financial institution when the providing of the business service is completed. Continuing the above example, the service is a three transfer service, and the service server may send the record information generated during the three transfer to the application server of the financial institution after the three transfers are completed.
Optionally, the service server may also encrypt the record information using a key that was negotiated in advance with the application server of the financial institution before sending the record information.
206, After completing providing the business service, the business server sends indication information for indicating that the business service is completed to the application server of the financial institution.
207, The application server of the financial institution stores the record information after receiving the instruction information.
Alternatively, the application server of the financial institution may store the record information in association with account information of the user device.
Based on the scheme, when the application server of the financial institution receives the request of the user equipment, the account information and the request of the user equipment encrypted by the key are sent to the service server according to the stored access address of the service server and the key agreed with the service server in advance, the service server responds to the request to provide service, and record information generated in the service providing process is sent to the application server of the financial institution for unified storage, so that the user or manager can conveniently check and manage. From the user's perspective, services can be obtained by simply logging into the system of the financial institution's application server, rather than logging into a different vendor system to obtain a different service.
In some embodiments, the application server of the financial institution, upon receiving a request from the user device for indicating provision of the business service, may also generate a unique identifier for identifying data generated during provision of the business service. The application server of the financial institution may send the unique identifier to the service server to instruct the service server to generate record information including the unique identifier in providing the service. Based on this scheme, the unique identifier is transmitted by the application server of the financial institution to the business server, which can provide business services based on the unique identifier. If the service server is accessed through other channels without the unique identifier, the service server can not provide service, so that the information security in the service process of providing the service is ensured.
In one possible implementation, the application server of the financial institution may also send an authorization request to the user device before sending the encrypted request with the key and the account information of the user device to the service server, where the authorization request is used to request that the account information be sent to the service server. And the account information and the request encrypted by the key can be sent to the service server after the fact that the approval authorization information returned by the user equipment is received is determined. As an example, after sending an authorization request to the user device, the application server of the financial institution may display a display interface as described in fig. 3 in the display interface, and may send approval authorization information to the application server of the financial institution in response to a user operation (e.g., a selected operation such as touch or remote control) on control 301 in the display interface shown in fig. 3.
Further, after receiving the grant authorization information, the application server of the financial institution encrypts the account information and the request by using the grant key and sends the encrypted account information and the request to the service server. Optionally, the encrypted account information and the request sent by the application server of the financial institution may also carry a timestamp, where the time indicated by the timestamp is the time when the encrypted account information and the request are sent by the application server of the financial institution. After receiving the encrypted account information and the request, the service server can firstly judge whether the time is overtime according to the timestamp carried in the encrypted account information and the request, and if the time is overtime, the service server does not process the received data and does not decrypt the received data. As an example, a time threshold may be preconfigured in the service server, and when the encrypted account information and the request carrying the timestamp are received, it may be determined whether the absolute value of the difference between the timestamp and the current time is greater than the time threshold, and if so, it may be considered as timeout. For example, the preconfigured time threshold may be 5 seconds, then if the service server receives the encrypted account information and the request with the timestamp of time B at time a, the service server may determine whether the absolute value of the difference between time a and time B is less than 5 seconds, and if not, may not perform any processing (or may delete the received encrypted data); if so, the received encrypted account information and request may be decrypted.
In some embodiments, the service server may provide a service to the user device based on the requested content and account information after decryption is complete. Alternatively, the business server may perform the business service by providing a user interface. For example, an H5 page may be provided, and then the access address of the business server stored in the application server of the financial institution may also be the address of the H5 page. As an example, if the service requested by the user equipment is a mobile phone recharging service, the service server may provide a display interface as shown in fig. 4, and complete recharging in response to the user inputting the phone number and the recharging amount in the display interface as shown in fig. 4.
Alternatively, the service server may generate record information for recording data generated in the process of providing the service. For example, continuing with the above example, the service is a mobile phone recharging service, and the service server may use information such as the recharging amount, recharging time, and recharging mobile phone number as the record information. Alternatively, in the above embodiments, the application server of the financial institution has been described as generating the unique identifier after receiving the request, and transmitting the unique identifier to the service server. The service server may also use the unique identifier to identify the record information when generating the record information, i.e. generate the record information containing the unique identifier. Further, after the service server generates the record information containing the unique identifier, the record information containing the unique identifier may be encrypted by using a key negotiated with the application server of the financial institution in advance, and the encrypted record information may be sent to the service server, so as to further ensure the security in the data transmission process. Still further, the application server of the financial institution may store the received record information after receiving the instruction information for instructing completion of providing the service from the service server, for example, may store the record information in association with account information of the user device. Therefore, even for different service servers, the recorded information of the same client can be uniformly stored by the application server of the financial institution, so that the follow-up user or operation and maintenance personnel can conveniently check or manage the recorded information.
For further understanding of the solution proposed by the present application, the solution proposed by the present application for responding to service requests will be specifically described below in connection with each module in the application server of the financial institution.
As an example, the application server of the financial institution may include: the system comprises a security management and authentication module, a provider management module, a client identification module and a data storage module. It should be noted that, each module in the application server of the financial institution is only a functional division, and the number and naming of the modules included in the application server of the financial institution are not particularly limited in the present application. The following is a brief description of each module included in the application server of the financial institution provided in the embodiment of the present application:
and a security management and authentication module: may be used to negotiate keys with the respective service servers in advance, for example, if a symmetric encryption mechanism is employed, a unique key may be negotiated with the service server. If an asymmetric encryption mechanism is employed, a pair of public and private keys may be negotiated with the service server.
Vendor management module: can be used for storing the access address of each business server, business license, contact information and other basic information of the provider corresponding to each business server. And can also be used for storing the key preconfigured by the security management and authentication module. The provider management module may further acquire an access address and a provisioning key of a service server that can respond to the request after receiving the request from the user device, and then transmit the request encrypted with the key and account information of the user device to the service server through the access address.
Customer identification module: the method can be used for storing account information of each user equipment and storing record information generated when each service is provided for one user equipment and the account information of the user equipment in a correlated mode.
And a data storage module: the method can be used for storing all relevant information of any user equipment in the user equipment and storing information of different user equipment separately.
The following describes the solution of the present application in connection with the functional modules of the application server of the financial institution described above. Referring to fig. 5, a flowchart of a specific method for responding to a service request according to an embodiment of the present application specifically includes:
501, the user device sends a request to an application server of a financial institution.
The request is for indicating to provide a business service.
The application server of the financial institution obtains the access address and provisioning key of the business server providing the business service 502.
Alternatively, a vendor management module, which may be an application server of a financial institution, obtains an access address and an provisioning key of a business server providing a business service. Optionally, the vendor management module may also obtain account information of the user device from the customer identification module.
503, The application server of the financial institution sends an authorization request to the user device.
Alternatively, the security management and authentication module, which may also be an application server of the financial institution, sends an authorization request to the user device. Wherein the authorization request is used for requesting to send account information of the user equipment to the service server.
It should be noted that, in the embodiment of the present application, the sequence of steps 502 and 503 is not limited, and step 502 may be performed first, or step 503 may be performed first.
The application server of the financial institution sends 504 the account information and the request encrypted with the key to the service server after receiving the approval authority information from the user device.
Alternatively, the vendor management module, which may be an application server of the financial institution, sends the encrypted request and account information.
505, The business server provides business service according to the received encrypted account information and the request, and sends record information generated in the process of providing business service to the application server of the financial institution.
The specific process may be referred to the description in the above embodiment, and will not be described again.
At 506, the business server transmits indication information for indicating that the provision of the business service is completed to the application server of the financial institution when the provision of the business service is completed.
507, The application server of the financial institution stores the record information and the account information in association when receiving the instruction information.
Alternatively, the customer identification module, which may be an application server of the financial institution, stores the record information and the account information in association with a data storage module of the application server of the financial institution.
Based on the same concept as the above method, referring to fig. 6, an apparatus 600 for responding to a service request is provided in an embodiment of the present application. The apparatus 600 may perform the steps of the above method, and in order to avoid repetition, a detailed description is omitted here. The apparatus 600 includes: a transceiver unit 601 and a processing unit 602.
In one possible scenario:
A transceiver 601, configured to receive a request from a user equipment; the request is used for indicating to provide business services;
A processing unit 602, configured to determine a service server that provides the service, and acquire a stored access address of the service server and a key that is agreed with the service server in advance;
The transceiver 601 is further configured to send account information of the user equipment encrypted with the key and the request to the service server through the access address;
The transceiver 601 is further configured to receive record information from the service server; the record information is generated by the business server in the process of providing the business service;
the processing unit 602 is further configured to store the record information when the transceiver unit 601 receives indication information from the service server, where the indication information indicates that the service is provided.
In some embodiments, the processing unit 602 is further configured to:
generating a unique identifier; the unique identifier is used for identifying data generated in the process of providing the business service;
The transceiver unit 601 is further configured to:
and sending the unique identifier to the service server through the access address.
In some embodiments, the unique identifier is included in the record information.
In some embodiments, the transceiver unit 601 is further configured to:
Sending an authorization request to the user equipment; the authorization request is used for requesting to send the account information to the service server;
And receiving approval authorization information from the user equipment and sending the account information to the service server.
In another possible scenario:
a transceiver unit 601 for receiving the encrypted request and account information from an application server of a financial institution; the request is used for indicating to provide business services;
A processing unit 602, configured to obtain a key pre-agreed with an application server of the financial institution, and decrypt the encrypted request and the account information with the key; providing business services according to the request and the account information, generating record information, and sending the record information to an application server of the financial institution;
The transceiver unit 601 is further configured to send, after the processing unit 602 finishes providing the business service, indication information for indicating that the business service is completely provided to an application server of the financial institution.
In some embodiments, the transceiver unit 601 is further configured to:
receiving a unique identifier from an application server of a financial institution; the unique identifier is used for identifying data generated in the process of providing the business service;
the processing unit 602 is specifically configured to:
Record information including the unique identifier is generated.
Fig. 7 shows a schematic structural diagram of an electronic device 700 according to an embodiment of the present application. The electronic device 700 in the embodiment of the present application may further include a communication interface 703, where the communication interface 703 is, for example, a network port, and the electronic device may transmit data through the communication interface 703, for example, the communication interface 703 may implement the function of the transceiver unit 601 in fig. 6.
In an embodiment of the present application, the memory 702 stores instructions executable by the at least one controller 701, and the at least one controller 701 may be configured to perform steps of the method by executing the instructions stored in the memory 702, for example, the controller 701 may implement the functions of the processing unit 602 in fig. 6.
Wherein the controller 701 is a control center of the electronic device, various interfaces and lines may be utilized to connect various portions of the overall electronic device by running or executing instructions stored in the memory 702 and invoking data stored in the memory 702. Alternatively, the controller 701 may include one or more processing units, and the controller 701 may integrate an application controller and a modem controller, wherein the application controller primarily handles an operating system and application programs, etc., and the modem controller primarily handles wireless communications. It will be appreciated that the modem controller described above may not be integrated into the controller 701. In some embodiments, the controller 701 and the memory 702 may be implemented on the same chip, and in some embodiments, they may be implemented separately on separate chips.
The controller 701 may be a general purpose controller such as a Central Processing Unit (CPU), digital signal controller, application specific integrated circuit, field programmable gate array or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the application. The general purpose controller may be a microcontroller or any conventional controller or the like. The steps executed by the data statistics platform disclosed in connection with the embodiment of the application can be directly executed by a hardware controller or can be executed by a combination of hardware and software modules in the controller.
The memory 702 is a non-volatile computer-readable storage medium that can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 702 may include at least one type of storage medium, and may include, for example, flash Memory, hard disk, multimedia card, card Memory, random access Memory (Random Access Memory, RAM), static random access Memory (Static Random Access Memory, SRAM), programmable Read-Only Memory (Programmable Read Only Memory, PROM), read-Only Memory (ROM), charged erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), magnetic Memory, magnetic disk, optical disk, and the like. Memory 702 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 702 in embodiments of the present application may also be circuitry or any other device capable of performing storage functions for storing program instructions and/or data.
By programming the controller 701, for example, codes corresponding to the neural network model training method described in the foregoing embodiment may be cured into the chip, so that the chip can execute the steps of the neural network model training method when running, and how to program the controller 701 is a technology known to those skilled in the art will not be repeated here.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a controller of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the controller of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims (15)

1. A method of responding to a service request, comprising:
Receiving a request from a user equipment; the request is used for indicating to provide business services;
When the fact that the business service cannot be provided is determined, determining a business server for providing the business service according to the stored business functions of each business server, and acquiring a stored access address of the business server and a secret key agreed with the business server in advance;
transmitting account information of the user equipment encrypted by the key and the request to the service server through the access address;
Receiving record information from the service server; the record information is generated by the business server in the process of providing the business service;
And storing the record information when receiving indication information from the business server, wherein the indication information is used for indicating that the business service is completely provided.
2. The method of claim 1, wherein after receiving the request from the user device, the method further comprises:
generating a unique identifier; the unique identifier is used for identifying data generated in the process of providing the business service;
after acquiring the stored access address of the service server and the key agreed with the service server in advance, the method further comprises:
and sending the unique identifier to the service server through the access address.
3. The method of claim 2, wherein the unique identifier is included in the record information.
4. A method according to any of claims 1-3, characterized in that before sending the account information of the user device encrypted with the key and the request to the service server via the access address, the method further comprises:
Sending an authorization request to the user equipment; the authorization request is used for requesting to send the account information to the service server;
And receiving approval authorization information from the user equipment and sending the account information to the service server.
5. A method of responding to a service request, comprising:
Receiving the encrypted request and account information from an application server of the financial institution; the request is used for indicating to provide business services; the request is sent when the application server cannot provide the business service;
obtaining a key pre-agreed with an application server of the financial institution, and decrypting the encrypted request and the account information by adopting the key;
providing business services according to the request and the account information, generating record information, and sending the record information to an application server of the financial institution;
after the provision of the business service is completed, indication information for indicating that the provision of the business service is completed is transmitted to an application server of the financial institution.
6. The method of claim 5, wherein the method further comprises:
receiving a unique identifier from an application server of a financial institution; the unique identifier is used for identifying data generated in the process of providing the business service;
The generating record information includes:
Record information including the unique identifier is generated.
7. An apparatus for responding to a service request, comprising:
a transceiver unit for receiving a request from a user equipment; the request is used for indicating to provide business services;
The processing unit is used for determining a business server for providing the business service according to the stored business functions of each business server when the business service can not be provided, and acquiring the stored access address of the business server and a secret key agreed with the business server in advance;
the receiving and transmitting unit is further configured to send account information of the user equipment encrypted by using the key and the request to the service server through the access address;
The receiving and transmitting unit is also used for receiving record information from the service server; the record information is generated by the business server in the process of providing the business service;
the processing unit is further configured to store the record information when the transceiver unit receives the indication information from the service server, where the indication information indicates that the service is provided.
8. The apparatus of claim 7, wherein the processing unit is further to:
generating a unique identifier; the unique identifier is used for identifying data generated in the process of providing the business service;
the transceiver unit is further configured to:
and sending the unique identifier to the service server through the access address.
9. The apparatus of claim 8, wherein the unique identifier is included in the record information.
10. The apparatus of any of claims 7-9, wherein the transceiver unit is further configured to:
Sending an authorization request to the user equipment; the authorization request is used for requesting to send the account information to the service server;
And receiving approval authorization information from the user equipment and sending the account information to the service server.
11. An apparatus for responding to a service request, comprising:
A transceiving unit for receiving the encrypted request and account information from an application server of the financial institution; the request is used for indicating to provide business services; the request is sent when the application server cannot provide the business service;
The processing unit is used for acquiring a key agreed in advance with an application server of the financial institution, and decrypting the encrypted request and the account information by adopting the key; providing business services according to the request and the account information, generating record information, and sending the record information to an application server of the financial institution;
The receiving and transmitting unit is further configured to send, after the processing unit finishes providing the business service, indication information for indicating that the business service is provided to an application server of the financial institution.
12. The apparatus of claim 11, wherein the transceiver unit is further configured to:
receiving a unique identifier from an application server of a financial institution; the unique identifier is used for identifying data generated in the process of providing the business service;
The processing unit is specifically configured to:
Record information including the unique identifier is generated.
13. An electronic device, characterized in that the electronic device comprises a controller and a memory,
The memory is used for storing a computer program or instructions;
the controller for executing a computer program or instructions in a memory, such that the method of any of claims 1-6 is performed.
14. A computer readable storage medium storing computer executable instructions which, when invoked by a computer, cause the computer to perform the method of any one of claims 1-6.
15. A computer program product, characterized in that the computer program product comprises computer program code which, when run by a computer, causes the computer to perform the method according to any of claims 1-6.
CN202111481176.XA 2021-12-06 2021-12-06 Method and device for responding to service request Active CN114157425B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111481176.XA CN114157425B (en) 2021-12-06 2021-12-06 Method and device for responding to service request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111481176.XA CN114157425B (en) 2021-12-06 2021-12-06 Method and device for responding to service request

Publications (2)

Publication Number Publication Date
CN114157425A CN114157425A (en) 2022-03-08
CN114157425B true CN114157425B (en) 2024-08-09

Family

ID=80453239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111481176.XA Active CN114157425B (en) 2021-12-06 2021-12-06 Method and device for responding to service request

Country Status (1)

Country Link
CN (1) CN114157425B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115438324A (en) * 2022-09-20 2022-12-06 中国建设银行股份有限公司 Identity verification method, device and equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111429254A (en) * 2020-03-19 2020-07-17 腾讯科技(深圳)有限公司 Business data processing method and device and readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016088087A1 (en) * 2014-12-04 2016-06-09 Visa Cape Town (Pty) Ltd Third party access to a financial account
CN109982277B (en) * 2017-12-28 2021-04-13 中国移动通信集团北京有限公司 A service authorization method, device and readable medium
CN109327314B (en) * 2018-11-08 2021-07-13 创新先进技术有限公司 Service data access method, device, electronic equipment and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111429254A (en) * 2020-03-19 2020-07-17 腾讯科技(深圳)有限公司 Business data processing method and device and readable storage medium

Also Published As

Publication number Publication date
CN114157425A (en) 2022-03-08

Similar Documents

Publication Publication Date Title
KR102323382B1 (en) Facilitate transfer of funds between user accounts
EP3255832B1 (en) Dynamic encryption method, terminal and server
CN108551443A (en) A kind of application login method, device, terminal device and storage medium
CN110399717B (en) Key acquisition method and device, storage medium and electronic device
US20100191954A1 (en) Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message
CN110502887A (en) Electric paying method and device
CN110276000B (en) Method and device for acquiring media resources, storage medium and electronic device
CN103095457A (en) Login and verification method for application program
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN107196919B (en) Data matching method and device
CN108737080A (en) Storage method, device, system and the equipment of password
CN106161224B (en) Method for interchanging data, device and equipment
CN114157425B (en) Method and device for responding to service request
CN113434845B (en) Business handling method and device, electronic equipment and computer readable storage medium
CN111125734B (en) Data processing method and system
CN114357472B (en) Data tagging method, system, electronic device and readable storage medium
CN116095671A (en) Resource sharing method based on meta universe and related equipment thereof
CN105743859A (en) Method, device and system for authenticating light application
CN117997519A (en) Data processing method, apparatus, program product, computer device, and medium
CN115022012A (en) Data transmission method, device, system, equipment and storage medium
CN111212062B (en) Information completion method and device, storage medium and electronic equipment
CN111404901A (en) Information verification method and device
CN111131227A (en) A data processing method and device
CN113407969B (en) Secure data processing method, secure data processing device and electronic equipment
US11201856B2 (en) Message security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant