Configuration file distribution methods, apparatus, computer equipment, readable storage media, and program products
By centrally managing and encrypting connector identities, the security issues caused by the scattered storage of connector configuration files are resolved, thereby improving the security of financial business data transmission.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA CONSTRUCTION BANK
- Filing Date
- 2024-08-08
- Publication Date
- 2026-07-10
AI Technical Summary
The dispersed storage of connector configuration files between financial institutions and external stakeholders poses a risk of arbitrary modification, leading to reduced security.
By centrally managing connector configuration files, using encryption mechanisms to verify connector identities, identifying and distributing target configuration files, the risk of unauthorized tampering is reduced.
This improves the security of configuration file distribution, reduces the risk of arbitrary tampering due to distributed storage, and ensures the security of financial business data transmission.
Smart Images

Figure CN119051916B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network security technology, and in particular to a configuration file distribution method, apparatus, computer device, computer-readable storage medium, and computer program product. Background Technology
[0002] With the development of internet technology, financial institutions are now collaborating with various external stakeholders to provide tailored financial services based on their specific characteristics. These stakeholders refer to external platforms and similar entities. When financial institutions interact with these stakeholders to conduct financial transactions, it is crucial to ensure the secure transmission of all files throughout the entire process. This security is essential for guaranteeing the overall security of financial transactions between the financial institution and the stakeholders, including the security of configuration files used to establish connections between the financial institution and each stakeholder.
[0003] Currently, financial institutions and scenario providers need to connect through corresponding connectors. The activation of these connectors requires specific configuration files. Currently, the configuration files for each connector are scattered across the scenario provider's local server, posing a risk of arbitrary modification and reducing security.
[0004] Therefore, the current method of processing configuration files has the drawback of low security. Summary of the Invention
[0005] Therefore, it is necessary to provide a configuration file distribution method, apparatus, computer device, computer-readable storage medium, and computer program product to address the aforementioned technical problems.
[0006] Firstly, this application provides a configuration file distribution method, applied to a configuration center located in a first network, the method comprising:
[0007] Obtain a first encrypted configuration file request sent by a connector in the second network; the configuration file request is generated by the connector based on a connector identifier; the connector identifier is obtained based on the connector's account information;
[0008] The connector identifier is obtained based on the configuration file request that has been encrypted in the first way;
[0009] The identity information corresponding to the connector is determined based on the connector identifier;
[0010] The target configuration file corresponding to the identity information is obtained from multiple configuration files stored in the first network, and the target configuration file is sent to the connector after being encrypted in the second way.
[0011] In one embodiment, prior to obtaining the first encrypted configuration file request sent by the connector in the second network, the method further includes:
[0012] Obtain the login request sent by the connector, which is encrypted in a third way; the login request includes the account information of the connector;
[0013] The account information is obtained based on the login request encrypted in the third way; the account corresponding to the connector is logged in based on the account information; and a connector identifier corresponding to the connector is generated.
[0014] Send the connector identifier to the connector.
[0015] In one embodiment, before obtaining the third encrypted login request sent by the connector, the method further includes:
[0016] The connector is provided with certificate information; the certificate information is used by the connector to encrypt the account information of the connector, and a third encrypted login request is obtained based on the encrypted account information.
[0017] In one embodiment, obtaining the connector identifier based on the first encrypted configuration file request includes:
[0018] Decrypt the configuration file request that has been encrypted in the first step to obtain the configuration file name message corresponding to the connector;
[0019] The connector identifier is determined based on the configuration file name message.
[0020] In one embodiment, the method further includes:
[0021] Obtain the identity information corresponding to each connector, and obtain the configuration file corresponding to each connector;
[0022] Each of the aforementioned identity information and each of the aforementioned configuration files are associated and stored in the first network to obtain a configuration file information library containing each of the aforementioned configuration files; the configuration file information library is used to obtain the target configuration file.
[0023] Secondly, this application provides a configuration file distribution method applied to a connector in a second network, the method comprising:
[0024] Obtain the connector identifier corresponding to the connector; the connector identifier is obtained based on the account information of the connector;
[0025] A first encrypted configuration file request is generated based on the connector identifier;
[0026] The configuration file request, which is encrypted in the first way, is sent to the configuration center in the first network. The configuration center is used to obtain the connector identifier based on the configuration file request, determine the identity information corresponding to the connector based on the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network.
[0027] Receive the target configuration file, which is second-encrypted, sent by the configuration center;
[0028] The connector is configured according to the second encrypted target configuration file; the configured connector is used to handle financial transactions between the target platform and the financial institution to which the configuration center belongs.
[0029] In one embodiment, before generating the first encrypted configuration file request based on the connector identifier, the method further includes:
[0030] Obtain the certificate information provided by the configuration center and the account information of the connector;
[0031] The account information is encrypted based on the certificate information, and a login request encrypted by a third party is obtained based on the encrypted account information;
[0032] The login request, encrypted in a third way, is sent to the configuration center; the configuration center is used to obtain the account information based on the login request, log in to the account of the connector based on the account information, and generate a connector identifier corresponding to the connector and send it to the connector.
[0033] In one embodiment, generating the first encrypted configuration file request based on the connector identifier includes:
[0034] Generate the corresponding configuration file name message based on the connector identifier;
[0035] Based on the configuration file name message, an initial configuration file request is generated;
[0036] The initial configuration file request is encrypted to obtain the configuration file request after the first encryption.
[0037] Thirdly, this application provides a configuration file distribution device applied to a configuration center in a first network, the device comprising:
[0038] The first acquisition module is used to acquire a configuration file request sent by a connector in the second network, which is encrypted in the first way; the configuration file request is generated by the connector based on a connector identifier; the connector identifier is obtained based on the connector's account information;
[0039] The first determining module is used to obtain the connector identifier based on the configuration file request that has been first encrypted;
[0040] The second determining module is used to determine the identity information corresponding to the connector based on the connector identifier;
[0041] The distribution module is used to obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network, and send the target configuration file to the connector after second encryption.
[0042] In one embodiment, the apparatus further includes: an identifier generation module, configured to:
[0043] Obtain the login request sent by the connector, which is encrypted in a third way; the login request includes the account information of the connector;
[0044] The account information is obtained based on the login request encrypted in the third way; the account corresponding to the connector is logged in based on the account information; and a connector identifier corresponding to the connector is generated.
[0045] Send the connector identifier to the connector.
[0046] In one embodiment, the apparatus further includes: a certificate sending module, configured to:
[0047] The connector is provided with certificate information; the certificate information is used by the connector to encrypt the account information of the connector, and a third encrypted login request is obtained based on the encrypted account information.
[0048] In one embodiment, the first determining module is specifically used for:
[0049] Decrypt the configuration file request that has been encrypted in the first step to obtain the configuration file name message corresponding to the connector;
[0050] The connector identifier is determined based on the configuration file name message.
[0051] In one embodiment, the apparatus further includes: a construction module for:
[0052] Obtain the identity information corresponding to each connector, and obtain the configuration file corresponding to each connector;
[0053] Each of the aforementioned identity information and each of the aforementioned configuration files are associated and stored in the first network to obtain a configuration file information library containing each of the aforementioned configuration files; the configuration file information library is used to obtain the target configuration file.
[0054] Fourthly, this application provides a configuration file distribution device for use in a connector in a second network, the device comprising:
[0055] The second acquisition module is used to acquire the connector identifier corresponding to the connector; the connector identifier is obtained based on the account information of the connector;
[0056] A generation module is used to generate a first encrypted configuration file request based on the connector identifier;
[0057] A sending module is used to send the first encrypted configuration file request to a configuration center in a first network; the configuration center is used to obtain the connector identifier according to the first encrypted configuration file request, determine the identity information corresponding to the connector according to the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network.
[0058] A receiving module is used to receive the target configuration file, which is second-encrypted, sent by the configuration center;
[0059] A configuration module is used to configure the connector according to the second encrypted target configuration file; the configured connector is used to process financial business of the target platform and the financial institution to which the configuration center belongs.
[0060] In one embodiment, the device further includes: a login module, used for:
[0061] Obtain the certificate information provided by the configuration center and the account information of the connector;
[0062] The account information is encrypted based on the certificate information, and a login request encrypted by a third party is obtained based on the encrypted account information;
[0063] The login request, encrypted in a third way, is sent to the configuration center; the configuration center is used to obtain the account information based on the login request, log in to the account of the connector based on the account information, and generate a connector identifier corresponding to the connector and send it to the connector.
[0064] In one embodiment, the generation module is specifically used for:
[0065] Generate the corresponding configuration file name message based on the connector identifier;
[0066] Based on the configuration file name message, an initial configuration file request is generated;
[0067] The initial configuration file request is encrypted to obtain the configuration file request after the first encryption.
[0068] Fifthly, this application provides a computer device including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the method described above.
[0069] Sixthly, this application provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the above-described method.
[0070] In a seventh aspect, this application provides a computer program product, including a computer program that, when executed by a processor, implements the steps of the above-described method.
[0071] The aforementioned configuration file distribution method, apparatus, computer equipment, computer-readable storage medium, and computer program product generate encrypted configuration file requests based on connector identifiers through connectors in the second network. The configuration center determines the connector identifier based on the configuration file request, thereby determining the connector's identity information. It then retrieves the target configuration file corresponding to the identity information from multiple configuration files stored in the first network where the configuration center is located, and sends it to the connector. The connector configures itself based on the target configuration file to handle financial transactions between the financial institution and platform to which the configuration center belongs. Compared to traditional data transmission over the public network, this solution, through a configuration center in the first network, centrally manages the configuration files of connectors corresponding to various platforms. By authenticating connectors requesting configuration files, it determines whether to distribute the corresponding configuration file, reducing the risk of arbitrary tampering due to dispersed storage of configuration files and improving the security of configuration file distribution. Attached Figure Description
[0072] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0073] Figure 1 This is an application environment diagram of the configuration file distribution method in one embodiment;
[0074] Figure 2 This is a flowchart illustrating a configuration file distribution method in one embodiment;
[0075] Figure 3 This is a flowchart illustrating the configuration file distribution method in another embodiment;
[0076] Figure 4This is a schematic diagram of the configuration file distribution processing framework in one embodiment;
[0077] Figure 5 This is a structural block diagram of a configuration file distribution device in one embodiment;
[0078] Figure 6 This is a structural block diagram of the configuration file distribution device in another embodiment;
[0079] Figure 7 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation
[0080] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application. It should be noted that existing industry solutions such as software, components, and models may be mentioned in the embodiments of this application. These should be considered exemplary and are intended only to illustrate the feasibility of implementing the technical solutions of this application, but do not imply that the applicant has already used or necessarily used such solutions.
[0081] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of related data must comply with relevant regulations. The acquisition, storage, use and processing of data in the technical solution of this application all comply with the relevant provisions of national laws and regulations.
[0082] The configuration file distribution method provided in this application embodiment can be applied to, for example, Figure 1The application environment is illustrated. Connectors communicate with the configuration center via a network. A configuration file repository stores data that the configuration center needs to process, such as configuration files. This repository can be integrated onto a server, or it can be located on a cloud or other network server. There can be multiple connectors, each corresponding to a platform. The financial institution to which the configuration center belongs can interact with the corresponding platform for financial business data processing through the connectors. Connector configuration depends on the configuration files provided by the configuration center. Connectors in the second network can send configuration file requests to the configuration center in the first network. After determining the connector's identity based on the configuration file request, the configuration center returns the corresponding configuration file, allowing the connector to configure itself based on the received configuration file. Data transmission between the connectors and the configuration center can be encrypted. Both the connectors and the configuration center can be independent physical servers, server clusters or distributed systems composed of multiple physical servers, or cloud servers providing cloud computing services.
[0083] In one exemplary embodiment, such as Figure 2 As shown, a configuration file distribution method is provided, which is applied to... Figure 1 Taking the configuration center as an example, the explanation includes the following steps S202 to S208. Wherein:
[0084] Step S202: Obtain the first encrypted configuration file request sent by the connector in the second network; the configuration file request is generated by the connector based on the connector identifier; the connector identifier is obtained based on the connector's account information.
[0085] The configuration center can be a device used by a financial institution for managing configuration files. These configuration files can be startup dependency configuration files for the connector; that is, the connector needs to be configured using its corresponding configuration file when it needs to start. The connector is a monolithic application that adapts to and standardizes the API (Application Programming Interface) interfaces of scenario providers, third-party services, and funding providers. Scenario providers and third-party services can be the various platforms corresponding to the connector, and funding providers can be financial institutions. In other words, the connector establishes a data interaction link between the financial institution and various external platforms.
[0086] The configuration center can be located in a first network, and the connectors can be located in a second network. The first network can be an internal trusted network, such as the network within a financial institution. The second network can be an external untrusted network, such as the public network where the respective scenario parties of each connector reside. When a scenario party needs to use the connector to interact with a financial institution for business data, it must first start the connector using the startup dependency configuration file. When the connector needs to use the corresponding configuration file, it can obtain the connector identifier based on the account information of the connected machine, generate a configuration file request based on the connector identifier, and perform a first encryption on the configuration file request. The aforementioned account information can be the account information corresponding to the connector, specifically information representing the identity information of the scenario party corresponding to the connector; the aforementioned connector identifier can be a unique identifier for the connector, and this connector identifier can be related to the connector's login status in the configuration center. For example, if the connector is logged in in the configuration center, the connector identifier is valid; otherwise, the connector identifier is invalid. If the connector identifier is invalid, the configuration center may not process the configuration file request corresponding to that connector unless it logs in again.
[0087] The aforementioned configuration file request can be a request to the configuration center for the configuration file corresponding to the connector. After the connector generates the configuration file request, it can send the first encrypted configuration file request to the configuration center through the second network. The configuration center in the first network can obtain the first encrypted configuration file request sent by the connector in the second network, and based on the encrypted configuration file request, perform corresponding identity recognition and request processing on the connector to determine whether to send the corresponding configuration file to the connector.
[0088] Step S204: Obtain the connector identifier based on the first encrypted configuration file request.
[0089] The configuration file request received by the configuration center can be a first-encrypted request. Specifically, the first encryption can be based on RSA (an asymmetric encryption algorithm). The configuration center can decrypt the configuration file request based on the first-encrypted request to obtain the connector identifier within the request. The connector can then use its corresponding connector identifier to assemble the configuration file request. Therefore, after receiving the first-encrypted configuration file request, the configuration center can use a corresponding algorithm to decrypt the request and obtain the connector identifier.
[0090] Step S206: Determine the identity information corresponding to the connector based on the connector identifier.
[0091] The connector identifier mentioned above can be a unique identifier for the connector. The configuration center, as a system for uniformly managing all configurations of the microservice module where the connector resides, can store the identity information corresponding to each connector identifier. This identity information represents the identity information of the scenario party corresponding to the connector. Different identity information corresponds to different configuration files. The configuration center can pre-obtain the identity information corresponding to each connector and associate the identity information with the corresponding configuration file, for example, by storing it in a configuration file information repository within the configuration center. Therefore, after obtaining the connector identifier from the configuration file request, the configuration center can retrieve the corresponding identity information of the connector from the configuration file information repository based on the connector identifier.
[0092] Step S208: Obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network, and send the target configuration file to the connector after second encryption.
[0093] The configuration center in the first network can store multiple configuration files in a configuration file database, each corresponding one-to-one with a connector. After determining the connector's identity information, the configuration center can retrieve the target configuration file corresponding to that identity information from the stored configuration files. That is, the target configuration file can be the configuration file corresponding to the connector. The configuration center can then send the target configuration file, after a second encryption, to the connector in the second network. This allows the connector to receive the second encrypted target configuration file, decrypt it, and then use the target configuration file to perform the corresponding startup configuration. After the connector configuration is complete, business information exchange can be achieved between the scenario party corresponding to the connector and the financial institution corresponding to the configuration center.
[0094] The second encryption mentioned above can be performed using the first private key of the configuration center. This first private key can be pre-stored in the configuration center, and the connector can decrypt it using the corresponding first public key after receiving the target configuration request. The configuration file mentioned above can be a file that independently manages parameters and variables that need to be changed during system development, separated from the code and existing as an independent configuration file. This allows static system artifacts or deliverables to better adapt to the actual physical operating environment. The configuration center can include a configuration file information repository to store the identity information and corresponding configuration files of each connector.
[0095] In one embodiment, the method further includes: obtaining each identity information corresponding to each connector, obtaining each configuration file corresponding to each connector; associating each identity information with each configuration file and storing them in a first network to obtain a configuration file information library containing each configuration file; the configuration file information library is used to obtain the target configuration file.
[0096] In this embodiment, the configuration center can pre-obtain the identity information corresponding to each connector connected to the configuration center, such as the identity information of the scenario platform corresponding to each connector. Furthermore, the configuration center can also obtain the configuration files corresponding to each connector. Each configuration file can be one-to-one with a connector, and each configuration file can be used to configure the corresponding connector.
[0097] After obtaining the configuration files corresponding to each connector, the configuration center can associate the identity information with each configuration file. For example, for each connector, the configuration center associates the connector's identity information with its corresponding configuration file, forming an association between identity information and configuration files. After associating the identity information and configuration files, the configuration center can store them in its configuration file information repository. The configuration center can then associate and store the configuration files and identity information of each connector, thereby obtaining a configuration file information repository containing all the configuration files. Therefore, the configuration center can use this configuration file information repository to obtain the target configuration file corresponding to each connector.
[0098] For example, the configuration center can determine the identity information of the connector based on the connector identifier. Then, the configuration center can use this identity information to query multiple configuration files and identity information data in the configuration file information database. The configuration center can then retrieve the identity information matching the connector's identity information from the database and use the configuration file corresponding to this matching identity information as the target configuration file. The configuration center can then perform a second encryption on the retrieved target configuration file and send the second-encrypted target configuration file to the connector. Upon receiving the target configuration file, the connector can decrypt the second-encrypted target configuration file using the decryption algorithm and configure the connector based on the decrypted target configuration file. After configuration, the connector can be used to handle financial transactions between the target platform of the scenario provider and the financial institution to which the configuration center belongs.
[0099] For example, when a target platform needs to interact with a financial institution for business data, it can send the business data to the financial institution through a connector. The financial institution receives the business data sent by the corresponding connector, processes the business data based on the strategy of the target platform corresponding to the connector, and returns the processing result to the corresponding target platform through the aforementioned connector.
[0100] In the aforementioned configuration file distribution method, a connector in the second network generates an encrypted configuration file request based on its connector identifier. The configuration center determines the connector identifier based on the configuration file request, thereby determining the connector's identity information. It then retrieves the target configuration file corresponding to the identity information from multiple configuration files stored in the first network where the configuration center is located, and sends it to the connector. The connector configures itself based on the target configuration file to handle financial transactions between the financial institution and the platform to which the configuration center belongs. Compared to traditional data transmission over the public network, this solution, through a configuration center in the first network, centrally manages the configuration files of connectors corresponding to various platforms. By authenticating the connector requesting the configuration file, it determines whether to distribute the corresponding configuration file, reducing the risk of arbitrary tampering due to the dispersed storage of configuration files and improving the security of configuration file distribution.
[0101] In one embodiment, before obtaining the first encrypted configuration file request sent by the connector in the second network, the method further includes: obtaining a third encrypted login request sent by the connector; the login request includes the connector's account information; obtaining the account information based on the third encrypted login request, logging into the account corresponding to the connector based on the account information, and generating a connector identifier corresponding to the connector; and sending the connector identifier to the connector.
[0102] In this embodiment, the connector can pre-login to the configuration center to obtain the connector identifier based on the logged-in account information. For example, the connector can generate a login request based on its own account information. Specifically, the connector can use a third encryption method to generate a third-encrypted login request using the aforementioned account information and send this third-encrypted login request to the configuration center in the first network. After receiving the third-encrypted login request, the configuration center can obtain the account corresponding to the connector based on the login request. For example, the configuration center can decrypt the third-encrypted login request to obtain a decrypted login request. Based on the decrypted login request, the configuration center can obtain the account information, which may include a username and password. The configuration center can then log in to the account corresponding to the connector based on this account information. After the connector account is logged in to the configuration center, the configuration center can determine that the connector is in a valid state and generate the connector identifier corresponding to the connector. The third encryption can be the connector encrypting the login request using its own second private key. This second private key can be pre-stored in the connector. After receiving the third-encrypted login request, the configuration center can decrypt it using the second public key corresponding to the second private key.
[0103] After obtaining the connector identifier, the configuration center can send the obtained connector identifier to the connector that sent the login request. The connector, upon receiving the connector identifier, can then assemble and construct the configuration file request.
[0104] Specifically, the connector can perform third-party encryption on its account information, such as username and password, to form a login request. This third-party encrypted login request is then sent to the configuration center via the internet using either HTTP (Hypertext Transfer Protocol) or HTTPS (Hypertext Transfer Protocol Secure). The configuration center can then log in to the corresponding account of the connector based on the account information in the login request and obtain the corresponding connector identifier. This connector identifier can be a string generated by the configuration center and can serve as a token for the connector to make requests. The configuration center can then send this connector identifier to the corresponding connector. Once the connector receives the identifier, it only needs to include this identifier when requesting data from the configuration center while its account is logged in; it does not need to include the username and password again.
[0105] In this embodiment, the configuration center can log in based on the account information sent by the connector, and generate a corresponding connector identifier for the connector based on the account logged in by the connector. Thus, the configuration center can use the connector identifier to interact with the logged-in connector for file data, thereby improving the security of connector configuration file distribution.
[0106] In one embodiment, before obtaining the third encrypted login request sent by the connector, the method further includes: providing certificate information to the connector; the certificate information is used by the connector to encrypt the connector's account information, and obtaining the third encrypted login request based on the encrypted account information.
[0107] In this embodiment, the configuration center can provide corresponding certificate information to the connector, allowing the connector to generate a login request using the certificate information. For example, the configuration center can provide certificate information to the connector in advance, enabling the connector to encrypt its account information using the certificate information provided by the configuration center, and then obtain a third-encrypted login request based on the encrypted account information. The aforementioned certificate information can be a digital certificate corresponding to the configuration center.
[0108] In this embodiment, the configuration center can send certificate information to the connector, enabling the connector to generate encrypted login requests based on the certificate information. The configuration center can then use the encrypted login requests to issue corresponding connector identifiers to the connectors. This allows the configuration center and the connectors to distribute configuration files based on the connector identifiers, thereby improving the security of configuration file distribution.
[0109] In one embodiment, obtaining the connector identifier based on the first encrypted configuration file request includes: decrypting the first encrypted configuration file request to obtain the configuration file name message corresponding to the connector; and determining the connector identifier based on the configuration file name message.
[0110] In this embodiment, the connector can perform a first encryption on the configuration file request, thereby allowing the configuration center to obtain the first-encrypted configuration file request. To determine whether a configuration file needs to be sent to the connector, the configuration center can decrypt the first-encrypted configuration file request to obtain the configuration file name message corresponding to the connector. The configuration center can then determine the connector identifier based on the configuration file name message. Specifically, the connector can generate the configuration file name message based on the connector identifier using the first encryption; that is, the configuration file name message may include the name of the requested configuration file and the connector identifier, allowing the configuration center to obtain the connector identifier from the decrypted configuration file name message.
[0111] Specifically, the first encryption can be the RSA asymmetric encryption algorithm. After the connector obtains the connector identifier issued by the configuration center, it can assemble the configuration file name message that depends on the startup based on the connector identifier, and encrypt the configuration file name message through the RSA asymmetric encryption algorithm to form a configuration file request with the first encryption, and transmit it to the configuration center. The configuration center can then decrypt the encrypted configuration file request and obtain the connector identifier from the decrypted configuration file name message.
[0112] In this embodiment, the configuration center can decrypt the configuration file request to obtain the configuration file name message, and determine the connector identifier of the connector based on the configuration file name message. Then, the configuration file can be transmitted based on the connector identifier, which improves the security of configuration file distribution.
[0113] In one exemplary embodiment, such as Figure 3 As shown, a configuration file distribution method is provided, which is applied to... Figure 1 Taking the connector in the example, the explanation includes the following steps S302 to S310. Wherein:
[0114] Step S302: Obtain the connector identifier corresponding to the connector; the connector identifier is obtained based on the connector's account information.
[0115] The connector identifier can be a feature used to identify the connector. A connector can obtain its identifier based on its account information. For example, a connector sends a third-party encrypted login request generated from its account information to the configuration center. The configuration center then logs into the connector's corresponding account based on the account information in the login request and issues the corresponding connector identifier to the connector.
[0116] The configuration center can be a device used by a financial institution for managing configuration files. These configuration files can be startup dependency configuration files for the connector; that is, the connector needs to be configured using its corresponding configuration file when it needs to start. The connector is a monolithic application that adapts to and standardizes the API interfaces of scenario providers, third-party services, and funding providers. Scenario providers and third-party services can be the various platforms corresponding to the connector, and funding providers can be financial institutions. In other words, the connector establishes a data interaction link between the financial institution and various external platforms.
[0117] The configuration center can be located in a first network, and the connectors can be located in a second network. The first network can be an internal trusted network, such as the network within a financial institution. The second network can be an external untrusted network, such as the public network where the respective scenario parties of each connector reside. When a scenario party needs to use the connector to interact with a financial institution for business data, it must first start the connector using the startup dependency configuration file. The account information can be the account information corresponding to the connector, specifically information representing the identity information of the scenario party corresponding to the connector; the connector identifier can be a unique identifier for the connector, and this connector identifier can be related to the connector's login status in the configuration center. For example, if the connector is logged in in the configuration center, the connector identifier is valid; otherwise, the connector identifier is invalid. If the connector identifier is invalid, the configuration center may not process the configuration file request corresponding to that connector unless it logs in again.
[0118] Step S304: Generate a first encrypted configuration file request based on the connector identifier.
[0119] The aforementioned configuration file request may be a request to the configuration center for the configuration file corresponding to the connector. The connector may assemble a configuration file name message for startup dependencies based on the connector identifier, and then obtain the aforementioned first encrypted configuration file request by performing a first encryption on the configuration file name message.
[0120] Step S306: The first encrypted configuration file request is sent to the configuration center in the first network; the configuration center is used to obtain the connector identifier based on the first encrypted configuration file request, determine the identity information corresponding to the connector based on the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network.
[0121] After generating a configuration file request, the connector can send a first encrypted configuration file request to the configuration center through the second network. The configuration center in the first network can obtain the first encrypted configuration file request sent by the connector in the second network, and based on the encrypted configuration file request, perform corresponding identity recognition and request processing on the connector to decide whether to send the corresponding configuration file to the connector.
[0122] The configuration center in the first network can store multiple configuration files. If the configuration center requests a connector identifier based on the configuration file and determines the connector's identity information based on the connector identifier, it can retrieve the target configuration file corresponding to the identity information from the multiple configuration files stored in the first network, for example, from a configuration file database. Thus, the configuration center can use the target configuration file to distribute and transmit data to the corresponding connector. The configuration center in the first network can store multiple configuration files through a configuration file database, where each configuration file can correspond one-to-one with each connector. After determining the connector's identity information, the configuration center can retrieve the target configuration file corresponding to the identity information from the stored multiple configuration files. That is, the target configuration file can be the configuration file corresponding to the connector.
[0123] Step S308: Receive the target configuration file that has been encrypted in the second way from the configuration center.
[0124] The configuration center can send the target configuration file, after a second encryption, to the connector located in the second network. This allows the connector to receive the second encrypted target configuration file, decrypt it, and then configure the connector accordingly.
[0125] Step S310: Configure the connector according to the second encrypted target configuration file; the configured connector is used to handle financial business of the target platform and the financial institution to which the configuration center belongs.
[0126] Upon receiving the target configuration file, the connector can configure itself using the second encrypted target configuration file. The connector can also decrypt the target configuration file and configure itself based on the decrypted file. For example, it can initiate the connector configuration. After configuration, business information exchange can be achieved between the scenario party corresponding to the connector and the financial institution corresponding to the configuration center.
[0127] For example, there can be a corresponding relationship between the connector and the target platform. When the target platform needs to interact with the financial institution for business data, it can send the business data to the financial institution through the connector. When the financial institution receives the business data sent by the corresponding connector, it can process the business data based on the strategy of the target platform corresponding to the connector, and return the processing result to the corresponding target platform through the connector.
[0128] In the aforementioned configuration file distribution method, a connector in the second network generates an encrypted configuration file request based on its connector identifier. The configuration center determines the connector identifier based on the configuration file request, thereby determining the connector's identity information. It then retrieves the target configuration file corresponding to the identity information from multiple configuration files stored in the first network where the configuration center is located and sends it to the connector. The connector configures itself based on the target configuration file to handle financial transactions between the financial institution and the platform to which the configuration center belongs. Compared to traditional data transmission over the public network, this solution uses a configuration center in the first network to uniformly manage the configuration files of connectors corresponding to various platforms. By authenticating connectors requesting configuration files, it determines whether to distribute the corresponding configuration file, reducing the risk of arbitrary tampering due to the dispersed storage of configuration files. This allows connectors to configure themselves based on the distributed configuration files, enabling the processing of financial transactions between the platform and financial institutions, and improving the security of configuration file distribution.
[0129] In one embodiment, before generating the first encrypted configuration file request based on the connector identifier, the method further includes: obtaining certificate information provided by the configuration center and obtaining the connector's account information; encrypting the account information based on the certificate information and obtaining a third encrypted login request based on the encrypted account information; sending the third encrypted login request to the configuration center; the configuration center is used to obtain the account information based on the third encrypted login request, log in to the connector's account based on the account information, and generate a connector identifier corresponding to the connector before sending it to the connector.
[0130] In this embodiment, the connector can pre-login to the configuration center to obtain the connector identifier based on the logged-in account information. For example, the configuration center can issue corresponding certificate information to the connector, and the connector can generate a login request by encrypting the certificate information based on its own account information. Specifically, the connector can use a third encryption method to generate a third-encrypted login request using the account information and send the third-encrypted login request to the configuration center in the first network. After receiving the third-encrypted login request, the configuration center can decrypt it to obtain a decrypted login request. Based on the decrypted login request, the configuration center obtains the account information, which may include a username and password. The configuration center can then log in to the connector's corresponding account based on this account information. After the connector account is logged in to the configuration center, the configuration center can determine that the connector is in a valid state and generate the connector identifier corresponding to the connector.
[0131] After obtaining the connector identifier, the configuration center can send the obtained connector identifier to the connector that sent the login request. The connector, upon receiving the connector identifier, can then assemble and construct the configuration file request.
[0132] The connector identifier mentioned above can be a string generated by the configuration center, which can be used as a token for connectors to make requests. The configuration center can send the connector identifier to the corresponding connector. After receiving the connector identifier, the connector only needs to send this connector identifier to the configuration center to request data while the connector's account login status is valid, without needing to send the account and password information again.
[0133] In this embodiment, the connector can log in to the configuration center using account information, and obtain the corresponding connector identifier based on the account logged in by the connector. Thus, the connector that has logged in can interact with the configuration center to exchange file data, which improves the security of connector configuration file distribution.
[0134] In one embodiment, generating a first encrypted configuration file request based on a connector identifier includes: generating a corresponding configuration file name message based on the connector identifier; generating an initial configuration file request based on the configuration file name message; and encrypting the initial configuration file request to obtain the first encrypted configuration file request.
[0135] In this embodiment, the connector can perform a first encryption on the configuration file request, thereby allowing the configuration center to obtain the first encrypted configuration file request. The connector has a corresponding connector identifier, and can generate a corresponding configuration file name message based on the connector identifier. The configuration file name message can include the name of the configuration file and the connector identifier. The connector can generate an initial configuration file request based on the configuration file name message, i.e., an unencrypted configuration file request. The connector can then encrypt this initial configuration file request to obtain the first encrypted configuration file request.
[0136] Specifically, the first encryption can be the RSA asymmetric encryption algorithm. After the connector obtains the connector identifier issued by the configuration center, it can assemble the configuration file name message that depends on the startup based on the connector identifier, and encrypt the configuration file name message through the RSA asymmetric encryption algorithm to form a configuration file request with the first encryption, and transmit it to the configuration center. The configuration center can then decrypt the encrypted configuration file request and obtain the connector identifier from the decrypted configuration file name message.
[0137] In this embodiment, the connector can generate a configuration file request based on the first encryption and send it to the configuration center. The configuration center can decrypt the configuration file request to obtain the configuration file name message and determine the connector identifier based on the configuration file name message. Then, the configuration file can be transmitted based on the connector identifier, which improves the security of configuration file distribution.
[0138] In one exemplary embodiment, such as Figure 4 As shown, Figure 4 This is a schematic diagram of the configuration file distribution process in one embodiment. In this embodiment, the configuration center can have multiple modules, including but not limited to a gateway, a user module, a configuration reading module, a security module, and a configuration file information repository. Each connector of each platform in the second network can connect to the configuration center in the first network through the gateway. The user module can be used to determine identity information based on the connector identifier. The configuration reading module can be used to read the corresponding configuration file from the configuration file information repository. The security module can be used for key management. Key management refers to the process of recording and distributing the public keys of the initiating and receiving ends. The initiating end can be a client that needs to upload files, such as the target platform mentioned above, and the receiving end can be a server that needs to receive files, such as the configuration center mentioned above.
[0139] Connectors can use the certificate information provided by the configuration center to encrypt their account information, form a login request, and send the encrypted login request to the configuration center via HTTP or HTTPS. After logging into the connector's account using the login request, the configuration center can issue a connector identifier to the corresponding connector.
[0140] After obtaining the connector identifier, the connector can assemble a startup dependency configuration file name message based on the connector identifier, encrypt the message using the RSA asymmetric encryption algorithm, and obtain an encrypted configuration file request. This encrypted configuration file request is then sent to the configuration center. Upon receiving the configuration file request, the configuration center can decrypt it to obtain the corresponding connector identifier. Based on the connector identifier, it can retrieve the corresponding identity information. The configuration center can then use this identity information to find the corresponding target configuration file in the configuration file database and send the target configuration file to the corresponding connector via the internet. The connector can then perform startup configuration based on the target configuration file.
[0141] Through the above embodiments, the configuration files of connectors corresponding to each platform are uniformly managed by the configuration center located in the first network. By authenticating the connectors that request configuration files, it is determined whether to distribute the corresponding configuration files, thereby enabling the connectors to configure based on the distributed configuration files, realizing the processing of financial business between the platform and financial institutions, and improving the security of configuration file distribution.
[0142] It should be understood that although the steps in the flowcharts of the above embodiments are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the above embodiments may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.
[0143] Based on the same inventive concept, this application also provides a configuration file distribution apparatus for implementing the configuration file distribution method described above. The solution provided by this apparatus is similar to the implementation described in the above method; therefore, the specific limitations in one or more configuration file distribution apparatus embodiments provided below can be found in the limitations of the configuration file distribution method described above, and will not be repeated here.
[0144] In one exemplary embodiment, such as Figure 5 As shown, a configuration file distribution device is provided, including: a first acquisition module 500, a first determination module 502, a second determination module 504, and a distribution module 506, wherein:
[0145] The first acquisition module 500 is used to acquire a first encrypted configuration file request sent by a connector in the second network; the configuration file request is generated by the connector based on the connector identifier; the connector identifier is obtained based on the connector's account information.
[0146] The first determining module 502 is used to obtain the connector identifier based on a first encrypted configuration file request.
[0147] The second determining module 504 is used to determine the identity information corresponding to the connector based on the connector identifier.
[0148] The distribution module 506 is used to obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network, and send the target configuration file to the connector after second encryption.
[0149] In an exemplary embodiment, the apparatus further includes an identifier generation module, configured to: obtain a third encrypted login request sent by the connector; the login request includes the connector's account information; obtain the account information based on the third encrypted login request, log in to the account corresponding to the connector based on the account information, and generate a connector identifier corresponding to the connector; and send the connector identifier to the connector.
[0150] In one exemplary embodiment, the apparatus further includes a certificate sending module, configured to: provide certificate information to the connector; the certificate information is used by the connector to encrypt the connector's account information, and to obtain a third encrypted login request based on the encrypted account information.
[0151] In an exemplary embodiment, the first determining module is specifically configured to: decrypt the first encrypted configuration file request to obtain the configuration file name message corresponding to the connector; and determine the connector identifier based on the configuration file name message.
[0152] In an exemplary embodiment, the apparatus further includes: a construction module, configured to: obtain each identity information corresponding to each connector, obtain each configuration file corresponding to each connector; associate and store each identity information with each configuration file in a first network to obtain a configuration file information library containing each configuration file; the configuration file information library is used to obtain a target configuration file.
[0153] In one exemplary embodiment, such as Figure 6 As shown, a configuration file distribution device is provided, including: a second acquisition module 600, a generation module 602, a sending module 604, a receiving module 606, and a configuration module 608, wherein:
[0154] The second acquisition module 600 is used to acquire the connector identifier corresponding to the connector; the connector identifier is obtained based on the connector's account information.
[0155] The generation module 602 is used to generate a first encrypted configuration file request based on the connector identifier.
[0156] The sending module 604 is used to send the first encrypted configuration file request to the configuration center in the first network; the configuration center is used to obtain the connector identifier according to the first encrypted configuration file request, determine the identity information corresponding to the connector according to the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network.
[0157] The receiving module 606 is used to receive the target configuration file that has been encrypted in the second way and sent by the configuration center.
[0158] Configuration module 608 is used to configure the connector according to the second encrypted target configuration file; the configured connector is used to handle financial business of the target platform and the financial institution to which the configuration center belongs.
[0159] In an exemplary embodiment, the device further includes: a login module, configured to: obtain certificate information provided by a configuration center and obtain account information of the connector; encrypt the account information according to the certificate information and obtain a third-encrypted login request according to the encrypted account information; send the third-encrypted login request to the configuration center; the configuration center is configured to obtain the account information according to the third-encrypted login request, log in to the connector's account according to the account information, and generate a connector identifier corresponding to the connector and send it to the connector.
[0160] In an exemplary embodiment, the generation module is specifically configured to: generate a corresponding configuration file name message based on the connector identifier; generate an initial configuration file request based on the configuration file name message; and encrypt the initial configuration file request to obtain a first encrypted configuration file request.
[0161] Each module in the aforementioned configuration file distribution device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the memory of a computer device as software, so that the processor can invoke and execute the operations corresponding to each module.
[0162] In one exemplary embodiment, a computer device is provided, which can be a configuration center or a connector, and its internal structure diagram can be as follows. Figure 7 As shown, this computer device includes a processor, memory, input / output interfaces (I / O), and a communication interface. The processor, memory, and I / O interfaces are connected via a system bus, and the communication interface is also connected to the system bus via the I / O interfaces. The processor provides computational and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system, computer programs, and a database. The internal memory provides the environment for the operating system and computer programs stored in the non-volatile storage media. The database stores configuration file data. The I / O interfaces are used for exchanging information between the processor and external devices. The communication interface is used for communicating with external terminals via a network connection. When executed by the processor, the computer program implements a configuration file distribution method.
[0163] Those skilled in the art will understand that Figure 7The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0164] In one exemplary embodiment, a computer device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the configuration file distribution method described above.
[0165] In one embodiment, a computer-readable storage medium is provided on which a computer program is stored, which, when executed by a processor, implements the above-described configuration file distribution method.
[0166] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the configuration file distribution method described above.
[0167] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.
[0168] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.
[0169] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.
[0170] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.
Claims
1. A configuration file distribution method, characterized in that, Applied to a configuration center in a first network, the method includes: The system obtains a configuration file request, encrypted in the first way, sent by a connector in the second network. The connector is a monolithic application that adapts and standardizes the application programming interfaces (APIs) of scenario providers, third-party services, and funding providers, used to establish data interaction links between financial institutions and various external platforms. The connector corresponds to the scenario provider and the third-party service. The scenario provider and the third-party service represent the respective platforms corresponding to the connector, and the funding provider service represents the financial institution. The first network represents an internal trusted network, and the second network represents an external untrusted network. The configuration file request is generated by the connector based on a connector identifier, which is obtained based on the connector's account information. The connector identifier is obtained based on the configuration file request that has been encrypted in the first way; The identity information corresponding to the connector is determined based on the connector identifier; The target configuration file corresponding to the identity information is obtained from multiple configuration files stored in the first network, and the target configuration file is sent to the connector after being encrypted in the second way; the configuration file is the startup dependency configuration file corresponding to the connector. Before obtaining the first encrypted configuration file request sent by the connector in the second network, the method further includes: providing certificate information to the connector; the certificate information is used by the connector to encrypt the account information of the connector, and obtain a third encrypted login request based on the encrypted account information; obtaining the third encrypted login request sent by the connector; the login request includes the account information of the connector; obtaining the account information based on the third encrypted login request, logging into the account corresponding to the connector based on the account information, and generating a connector identifier corresponding to the connector; sending the connector identifier to the connector; the connector identifier is a string generated by the configuration center, and the connector identifier represents the token for the connector to make requests; the connector identifier is used by the connector to request data from the configuration center based on the connector identifier during the valid login state of the connector's account.
2. The method according to claim 1, characterized in that, The step of obtaining the connector identifier according to the configuration file request encrypted in the first way includes: Decrypt the configuration file request that has been encrypted in the first step to obtain the configuration file name message corresponding to the connector; The connector identifier is determined based on the configuration file name message.
3. The method according to any one of claims 1 to 2, characterized in that, The method further includes: Obtain the identity information corresponding to each connector, and obtain the configuration file corresponding to each connector; Each of the aforementioned identity information and each of the aforementioned configuration files are associated and stored in the first network to obtain a configuration file information library containing each of the aforementioned configuration files; the configuration file information library is used to obtain the target configuration file.
4. A configuration file distribution method, characterized in that, The method, applied to a connector in a second network, includes: Obtain the connector identifier corresponding to the connector; the connector identifier is obtained based on the account information of the connector; the connector is a monolithic application that adapts and standardizes the application programming interfaces of scenario providers, third-party services and funding providers, and is used to connect the data interaction links between financial institutions and various external platforms; A first encrypted configuration file request is generated based on the connector identifier; The configuration file request, encrypted in the first way, is sent to the configuration center in the first network; the connector corresponds to the scenario party and the third-party service; the scenario party and the third-party service represent the various platforms corresponding to the connector, and the funding party service represents a financial institution; the first network represents an internal trusted network, and the second network represents an external untrusted network; the configuration center is used to obtain the connector identifier based on the configuration file request encrypted in the first way, determine the identity information corresponding to the connector based on the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network; the configuration file is the startup dependency configuration file corresponding to the connector; Receive the target configuration file, which is second-encrypted, sent by the configuration center; The connector is configured according to the second encrypted target configuration file; the configured connector is used to process financial transactions between the target platform and the financial institution to which the configuration center belongs. Before generating the first encrypted configuration file request based on the connector identifier, the method further includes: obtaining certificate information provided by the configuration center and obtaining the connector's account information; encrypting the account information based on the certificate information and obtaining a third encrypted login request based on the encrypted account information; sending the third encrypted login request to the configuration center; the configuration center is used to obtain the account information based on the third encrypted login request, log in to the connector's account based on the account information, and generate a connector identifier corresponding to the connector and send it to the connector; the connector identifier is a string generated by the configuration center, and the connector identifier represents the token for the connector to make requests; the connector identifier is used by the connector to request data from the configuration center based on the connector identifier during the valid login state of the connector's account.
5. The method according to claim 4, characterized in that, The step of generating a first encrypted configuration file request based on the connector identifier includes: Generate the corresponding configuration file name message based on the connector identifier; Based on the configuration file name message, an initial configuration file request is generated; The initial configuration file request is encrypted to obtain the configuration file request after the first encryption.
6. A configuration file distribution device, characterized in that, The device, applied to a configuration center in a first network, includes: The first acquisition module is used to acquire a configuration file request sent by a connector in the second network, which is encrypted in the first way. The connector is a monolithic application that adapts and standardizes the application programming interfaces (APIs) of the scenario provider, third-party services, and funding providers, and is used to establish data interaction links between financial institutions and various external platforms. The connector corresponds to the scenario provider and the third-party services. The scenario provider and the third-party services represent the various platforms corresponding to the connector, and the funding provider service represents the financial institution. The first network represents an internal trusted network, and the second network represents an external untrusted network. The configuration file request is generated by the connector based on the connector identifier. The connector identifier is obtained based on the connector's account information. The first determining module is used to obtain the connector identifier based on the configuration file request that has been first encrypted; The second determining module is used to determine the identity information corresponding to the connector based on the connector identifier; The distribution module is used to obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network, and send the target configuration file to the connector after second encryption; the configuration file is the startup dependency configuration file corresponding to the connector. It also includes: a certificate sending module, used to provide certificate information to the connector; the certificate information is used by the connector to encrypt the account information of the connector, and to obtain a third-encrypted login request based on the encrypted account information; it also includes an identifier generation module, used to obtain the third-encrypted login request sent by the connector; the login request includes the account information of the connector; the account information is obtained based on the third-encrypted login request, the connector logs into the account corresponding to the connector based on the account information, and a connector identifier corresponding to the connector is generated; the connector identifier is sent to the connector; the connector identifier is a string generated by the configuration center, and the connector identifier represents the token for the connector to make requests; the connector identifier is used by the connector to request data from the configuration center based on the connector identifier during the valid login state of the connector's account.
7. The apparatus according to claim 6, characterized in that, The first determining module is specifically used for: Decrypt the configuration file request that has been encrypted in the first step to obtain the configuration file name message corresponding to the connector; The connector identifier is determined based on the configuration file name message.
8. The apparatus according to any one of claims 6 to 7, characterized in that, The device further includes: a construction module, used for: Obtain the identity information corresponding to each connector, and obtain the configuration file corresponding to each connector; Each of the aforementioned identity information and each of the aforementioned configuration files are associated and stored in the first network to obtain a configuration file information library containing each of the aforementioned configuration files; the configuration file information library is used to obtain the target configuration file.
9. A configuration file distribution device, characterized in that, For use with a connector in a second network, the device includes: The second acquisition module is used to acquire the connector identifier corresponding to the connector; the connector identifier is obtained based on the account information of the connector; the connector is a monolithic application that adapts and standardizes the application programming interfaces of scenario providers, third-party services and funding providers, and is used to connect the data interaction links between financial institutions and various external platforms. A generation module is used to generate a first encrypted configuration file request based on the connector identifier; A sending module is used to send the first encrypted configuration file request to a configuration center located in a first network; the connector corresponds to the scenario party and the third-party service; the scenario party and the third-party service represent the various platforms corresponding to the connector, and the funding party service represents a financial institution; the first network represents an internal trusted network, and the second network represents an external untrusted network; the configuration center is used to obtain the connector identifier according to the first encrypted configuration file request, determine the identity information corresponding to the connector according to the connector identifier, and obtain the target configuration file corresponding to the identity information from multiple configuration files stored in the first network; the configuration file is the startup dependency configuration file corresponding to the connector; A receiving module is used to receive the target configuration file, which is second-encrypted, sent by the configuration center; A configuration module is used to configure the connector according to the second encrypted target configuration file; the configured connector is used to handle financial business between the target platform and the financial institution to which the configuration center belongs; It also includes a login module, used to: obtain certificate information provided by the configuration center, obtain account information of the connector; encrypt the account information according to the certificate information, obtain a third-encrypted login request according to the encrypted account information; send the third-encrypted login request to the configuration center; the configuration center is used to obtain the account information according to the third-encrypted login request, log in to the connector's account according to the account information, and generate a connector identifier corresponding to the connector and send it to the connector; the connector identifier is a string generated by the configuration center, and the connector identifier represents the token for the connector to make requests; the connector identifier is used by the connector to request data from the configuration center based on the connector identifier during the valid login status of the connector's account.
10. The apparatus according to claim 9, characterized in that, The generation module is specifically used for: Generate the corresponding configuration file name message based on the connector identifier; Based on the configuration file name message, an initial configuration file request is generated; The initial configuration file request is encrypted to obtain the configuration file request after the first encryption.
11. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 5.
12. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.
13. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.