CN111191203A - Identity verification method and device - Google Patents

Identity verification method and device Download PDF

Info

Publication number
CN111191203A
CN111191203A CN202010000315.1A CN202010000315A CN111191203A CN 111191203 A CN111191203 A CN 111191203A CN 202010000315 A CN202010000315 A CN 202010000315A CN 111191203 A CN111191203 A CN 111191203A
Authority
CN
China
Prior art keywords
calling
function
identity authentication
caller
path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010000315.1A
Other languages
Chinese (zh)
Inventor
程振宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ByteDance Network Technology Co Ltd
Original Assignee
Beijing ByteDance Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ByteDance Network Technology Co Ltd filed Critical Beijing ByteDance Network Technology Co Ltd
Priority to CN202010000315.1A priority Critical patent/CN111191203A/en
Publication of CN111191203A publication Critical patent/CN111191203A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4488Object-oriented
    • G06F9/449Object-oriented method invocation or resolution

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The disclosure discloses an identity authentication method, an identity authentication device, an electronic device and a computer-readable storage medium. The method comprises the following steps: receiving a calling request of a calling party to a target function; acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path; and when the caller passes the identity authentication, allowing the caller to call the target function. The calling request of the calling party to the target function is received, the identity authentication is carried out on the calling party according to the calling information of the calling party, and when the calling party passes the identity authentication, the calling party is allowed to call the target function, so that the calling safety of the target function can be ensured.

Description

Identity verification method and device
Technical Field
The present disclosure relates to the field of program technologies, and in particular, to an identity authentication method, an identity authentication device, and a computer-readable storage medium.
Background
Core function functions exist in the development of projects (e.g., application programs APP), and in order to prevent technical leakage, the functions need to be protected.
In the prior art, function call authority is usually determined by means of an access control authority key word, for example, in a function edited in java language, if a key word public is used, it indicates that member functions of the class are open to all users, and all users can directly make calls. If the key protected is used, the member function of the class is indicated to be freely usable for the descendant class without any limitation, and is not usable for other external classes. If the key private is used, it indicates that the member function of the class is private, i.e., cannot be used directly by anyone other than itself, and so on.
However, the above method has a high requirement on the organization and management of the code structure, and on the one hand, the code structure is also easily implemented by the developer through other means, such as a reflection mechanism in java, and the function call cannot be really secured.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
The technical problem solved by the present disclosure is to provide an identity authentication method to at least partially solve the technical problem in the prior art that function call is not secure. In addition, an authentication device, an authentication hardware device, a computer readable storage medium and an authentication terminal are also provided.
In order to achieve the above object, according to one aspect of the present disclosure, the following technical solutions are provided:
an identity verification method comprising:
receiving a calling request of a calling party to a target function;
acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and when the caller passes the identity authentication, allowing the caller to call the target function.
In order to achieve the above object, according to one aspect of the present disclosure, the following technical solutions are provided:
an authentication apparatus comprising:
the request receiving module is used for receiving a calling request of a calling party to a target function; the calling request comprises signature information of the calling party;
the identity authentication module is used for acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and the function calling module is used for allowing the caller to call the target function when the caller passes the identity authentication.
In order to achieve the above object, according to one aspect of the present disclosure, the following technical solutions are provided:
an electronic device, comprising:
a memory for storing non-transitory computer readable instructions; and
a processor for executing the computer readable instructions, such that the processor when executing implements any of the above function calling methods.
In order to achieve the above object, according to one aspect of the present disclosure, the following technical solutions are provided:
a computer readable storage medium storing non-transitory computer readable instructions which, when executed by a computer, cause the computer to perform any of the function call methods described above.
In order to achieve the above object, according to still another aspect of the present disclosure, the following technical solutions are also provided:
an identity authentication terminal comprises any one of the identity authentication devices.
The calling request of the calling party to the target function is received, the identity authentication is carried out on the calling party according to the calling information of the calling party, and when the calling party passes the identity authentication, the calling party is allowed to call the target function, so that the calling safety of the target function can be ensured.
The foregoing is a summary of the present disclosure, and for the purposes of promoting a clear understanding of the technical means of the present disclosure, the present disclosure may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and features are not necessarily drawn to scale.
Fig. 1 is a schematic flow chart of an authentication method according to an embodiment of the present disclosure;
FIG. 2 is a schematic structural diagram of an authentication device according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but rather are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "include" and variations thereof as used herein are open-ended, i.e., "including but not limited to". The term "based on" is "based, at least in part, on". The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments". Relevant definitions for other terms will be given in the following description.
Example one
In order to solve the technical problem that function calling in the prior art is unsafe, the embodiment of the present disclosure provides an identity authentication method. As shown in fig. 1, the function calling method mainly includes the following steps S11 to S13.
Step S11: and receiving a calling request of a calling party to the target function.
The applicable scenario of this embodiment may be a call between functions in the same item (e.g., the same APP), that is, a call between a main function and a sub-function, where the caller is the main call function and the target function is the called sub-function. The objective function may be a core function code set, that is, a set including a plurality of sub-functions.
The applicable scenario of this embodiment may also be a call between different items (e.g., different APPs), that is, an authorized call between different APPs, where at this time, the calling party is a main call APP, and the target function is a called APP. For example, when the mobile phone panning and the third party payment platform are called, when the mobile phone panning purchases an item for payment, the third party payment platform needs to be called for payment, at this time, the mobile phone panning is a calling party, the third party payment platform is a called target function, and the third party payment platform may be a payment instrument, a WeChat or a Unionpay.
Step S12: acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path.
The embodiment adds the authentication of the calling party between the calling party and the target function, and realizes the discovery of illegal user calling under a normal path. In order to increase the security of function calling, obtaining the calling information of the calling party to the target function; and performing identity authentication on the calling party according to the calling information. The calling information comprises information such as a function calling path and the like.
Step S13: and when the caller passes the identity authentication, allowing the caller to call the target function.
In this embodiment, a call request of a caller to a target function is received, identity authentication is performed on the caller according to call information of the caller, and when the caller passes the identity authentication, the caller is allowed to call the target function, so that security of calling the target function can be ensured.
In an optional embodiment, the method further comprises:
and when the caller does not pass the identity authentication, prohibiting the caller from calling the target function.
When the caller does not pass the identity authentication, the caller is an illegal caller, namely, the caller who does not pass the authorization, and the caller limits the calling behavior of the caller to the target function so as to ensure the safety of the target function.
In an optional embodiment, the call information further includes: signature information, and accordingly, step S12 specifically includes:
step S121: and calling an identity authentication method function according to the signature information.
The identity authentication method function corresponds to a method function for generating signature information. For example, if the method function used to generate the signature information is an encryption algorithm, the identity authentication method function in this step is a decryption algorithm corresponding to the encryption algorithm.
Specifically, an authorized caller may be signed using an existing signature method (e.g., RSAwithMD5), and the caller must send signature information before calling the target function, which is obtained from the call request by including the signature information in the call request in this step. The signature information may be a series of encrypted ciphertexts, and the certification can be completed by decrypting the ciphertexts. The signature information can also be a digital signature, namely a set of digital strings which cannot be counterfeited by others, so that the safety of the information can be ensured. And the set of signature information comprises two complementary operations, one is used for signature and using a secret key when signing, and the other is used for verification and using a public key when verifying the signature.
In an optional embodiment, the performing identity authentication on the caller according to the call information specifically includes the following steps:
step S14: and before the target function is executed, carrying out function call path detection.
Step S15: and when the function calling path accords with a preset calling path, the caller passes identity authentication.
The preset calling path is a preset function calling sequence, and the caller is determined to pass the identity authentication only when the preset calling sequence is met.
In an optional embodiment, the method further comprises:
and when the function calling path does not conform to the preset calling path, the calling sequence is wrong, and the caller does not pass the identity authentication, namely, the target function is forbidden to be called.
In an optional embodiment, step S15 specifically includes:
step S151: and when the target function consists of a plurality of sub-functions which are executed in sequence, determining the function call path according to the execution sequence of each sub-function.
For example, if the objective function is funA, which is a set of n subfunctions { funA1, funA2 … funAn }, and the execution order of the n subfunctions is funA- > funA1- > funA2- > … - > funAn, it can be determined that the function call path is funA- > funA1- > funA2- > … - > funAn.
Step S152: and when the function calling path accords with a preset calling path, the caller passes identity authentication.
In an optional embodiment, the method further comprises:
and when the function calling path does not conform to the preset calling path and the caller does not pass identity authentication, performing logic interception when each sub-function is called.
In an optional embodiment, step S151 specifically includes:
step S1511: and calling the sub-functions one by one according to the execution sequence of the sub-functions.
Step S1512: and before the finally called sub-function is executed, obtaining the whole function calling path in a backtracking mode.
The following illustrates the implementation process of the whole invention, and firstly, the identity authentication method function is adopted to perform identity authentication on the caller, where the identity authentication method function can be defined as funV, and only the caller who passes through the identity authentication method function can call the target function funA. Wherein, funA is a set of n subfunctions { funA1, funA2 … funAn }, and the execution order of the n subfunctions is funA- > funA1- > funA2- > … - > funAn. Then, call path detection was added to funA and { funA1, funA2 … funAn }. For example, before the execution of funA, whether an upper calling party is funV or not is detected, and if yes, the execution is performed normally; further, for example, funAn traces back the entire call path, and normally executes only when the entire call path matches funV- > funA- > funA1- > funA2- > … - > funAn. After the path detection is added, even if a calling party directly calls any sub-function of the funA or { funA1, funA2 … funAn } in some way, the sub-function can be intercepted by the path detection logic inside the function, and the safety of function calling is further ensured.
It will be appreciated by those skilled in the art that obvious modifications (e.g., combinations of the enumerated modes) or equivalents may be made to the above-described embodiments.
In the above, although the steps in the embodiment of the function call method are described in the above sequence, it should be clear to those skilled in the art that the steps in the embodiment of the present disclosure are not necessarily performed in the above sequence, and may also be performed in other sequences such as reverse, parallel, and cross, and further, on the basis of the above steps, those skilled in the art may also add other steps, and these obvious modifications or equivalents should also be included in the protection scope of the present disclosure, and are not described herein again.
For convenience of description, only the relevant parts of the embodiments of the present disclosure are shown, and details of the specific techniques are not disclosed, please refer to the embodiments of the method of the present disclosure.
Example two
In order to solve the technical problem that function calling in the prior art is unsafe, the embodiment of the present disclosure provides an identity verification apparatus. The apparatus may perform the steps in the embodiment of the identity verification method described in the first embodiment. As shown in fig. 2, the apparatus mainly includes: a request receiving module 21, an identity authentication module 22 and a function calling module 23; wherein the content of the first and second substances,
the request receiving module 21 is configured to receive a call request of a caller for a target function;
the identity authentication module 22 is configured to obtain calling information of the caller on the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
the function calling module 23 is configured to allow the caller to call the target function when the caller passes the identity authentication.
Further, the calling information further includes: and (4) signature information.
Further, the function calling module 23 is further configured to: and when the caller does not pass the identity authentication, prohibiting the caller from calling the target function.
Further, the identity authentication module 22 is specifically configured to: calling an identity authentication method function according to the signature information; and performing identity authentication on the calling party by adopting the identity authentication method function.
Further, the identity authentication module 22 is specifically configured to: before the target function is executed, function call path detection is carried out; and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the identity authentication module 22 is specifically configured to: and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication and the caller passes the identity authentication.
Further, the identity authentication module 22 is specifically configured to: when the target function consists of a plurality of sub-functions which are executed in sequence, determining the function call path according to the execution sequence of each sub-function; and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the identity authentication module 22 is specifically configured to: and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication.
Further, the identity authentication module 22 is specifically configured to: calling each sub-function one by one according to the execution sequence of each sub-function; and before the finally called sub-function is executed, obtaining the whole function calling path in a backtracking mode.
For detailed descriptions of the working principle, the technical effect of implementation, and the like of the embodiment of the function calling device, reference may be made to the description of the embodiment of the function calling method, which is not described herein again.
EXAMPLE III
Referring now to FIG. 3, a block diagram of an electronic device 300 suitable for use in implementing embodiments of the present disclosure is shown. The terminal device in the embodiments of the present disclosure may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a vehicle terminal (e.g., a car navigation terminal), and the like, and a stationary terminal such as a digital TV, a desktop computer, and the like. The electronic device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 3, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)302 or a program loaded from a storage means 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM 302, and the RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
Generally, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 308 including, for example, magnetic tape, hard disk, etc.; and a communication device 309. The communication means 309 may allow the electronic device 300 to communicate wirelessly or by wire with other devices to exchange data. While fig. 3 illustrates an electronic device 300 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program carried on a non-transitory computer readable medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication means 309, or installed from the storage means 308, or installed from the ROM 302. The computer program, when executed by the processing device 301, performs the above-described functions defined in the methods of the embodiments of the present disclosure.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText transfer protocol), and may be interconnected with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: receiving a calling request of a calling party to a target function; acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path; and when the caller passes the identity authentication, allowing the caller to call the target function.
Computer program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including but not limited to an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of a unit does not in some cases constitute a limitation of the unit itself, for example, the first retrieving unit may also be described as a "unit for retrieving at least two internet protocol addresses".
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
According to one or more embodiments of the present disclosure, there is provided an identity verification method including:
receiving a calling request of a calling party to a target function;
acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and when the caller passes the identity authentication, allowing the caller to call the target function.
Further, the calling information further includes: and (4) signature information.
Further, the method further comprises:
and when the caller does not pass the identity authentication, prohibiting the caller from calling the target function.
Further, the performing identity authentication on the caller according to the call information includes:
calling an identity authentication method function according to the signature information;
and performing identity authentication on the calling party by adopting the identity authentication method function.
Further, the performing identity authentication on the caller according to the call information includes:
before the target function is executed, function call path detection is carried out;
and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the method further comprises:
and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication and the caller passes the identity authentication.
Further, when the function call path conforms to a preset call path, the caller passes identity authentication, including:
when the target function consists of a plurality of sub-functions which are executed in sequence, determining the function call path according to the execution sequence of each sub-function;
and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the method further comprises:
and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication.
Further, the determining the function call path according to the execution sequence of each sub-function includes:
calling each sub-function one by one according to the execution sequence of each sub-function;
and before the finally called sub-function is executed, obtaining the whole function calling path in a backtracking mode.
According to one or more embodiments of the present disclosure, there is provided an authentication apparatus including:
the request receiving module is used for receiving a calling request of a calling party to a target function;
the identity authentication module is used for acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and the function calling module is used for allowing the caller to call the target function when the caller passes the identity authentication.
Further, the calling information further includes: and (4) signature information.
Further, the function call module is further configured to: and when the caller does not pass the identity authentication, prohibiting the caller from calling the target function.
Further, the identity authentication module is specifically configured to: calling an identity authentication method function according to the signature information; and performing identity authentication on the calling party by adopting the identity authentication method function.
Further, the identity authentication module 22 is specifically configured to: before the target function is executed, function call path detection is carried out; and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the identity authentication module 22 is specifically configured to: and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication and the caller passes the identity authentication.
Further, the identity authentication module 22 is specifically configured to: when the target function consists of a plurality of sub-functions which are executed in sequence, determining the function call path according to the execution sequence of each sub-function; and when the function calling path accords with a preset calling path, the caller passes identity authentication.
Further, the identity authentication module 22 is specifically configured to: and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication.
Further, the identity authentication module 22 is specifically configured to: calling each sub-function one by one according to the execution sequence of each sub-function; and before the finally called sub-function is executed, obtaining the whole function calling path in a backtracking mode.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents does not depart from the spirit of the disclosure. For example, the above features and (but not limited to) the features disclosed in this disclosure having similar functions are replaced with each other to form the technical solution.
Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (12)

1. An identity verification method, comprising:
receiving a calling request of a calling party to a target function;
acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and when the caller passes the identity authentication, allowing the caller to call the target function.
2. The method of claim 1, wherein the invocation information further includes: and (4) signature information.
3. The method of claim 1, further comprising:
and when the caller does not pass the identity authentication, prohibiting the caller from calling the target function.
4. The method of claim 2, wherein the authenticating the caller according to the call information comprises:
calling an identity authentication method function according to the signature information;
and performing identity authentication on the calling party by adopting the identity authentication method function.
5. The method of claim 1, wherein the authenticating the caller according to the call information comprises:
before the target function is executed, function call path detection is carried out;
and when the function calling path accords with a preset calling path, the caller passes identity authentication.
6. The method of claim 5, further comprising:
and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication.
7. The method according to claim 5, wherein when the function call path conforms to a preset call path, the caller passes identity authentication, comprising:
when the target function consists of a plurality of sub-functions which are executed in sequence, determining the function call path according to the execution sequence of each sub-function;
and when the function calling path accords with a preset calling path, the caller passes identity authentication.
8. The method of claim 7, further comprising:
and when the function calling path does not conform to the preset calling path, the caller does not pass the identity authentication.
9. The method of claim 7, wherein determining the function call path according to the execution order of the sub-functions comprises:
calling each sub-function one by one according to the execution sequence of each sub-function;
and before the finally called sub-function is executed, obtaining the whole function calling path in a backtracking mode.
10. An authentication apparatus, comprising:
the request receiving module is used for receiving a calling request of a calling party to a target function;
the identity authentication module is used for acquiring the calling information of the calling party to the target function; performing identity authentication on the calling party according to the calling information; wherein the calling information comprises a function calling path;
and the function calling module is used for allowing the caller to call the target function when the caller passes the identity authentication.
11. An electronic device, comprising:
a memory for storing non-transitory computer readable instructions; and
a processor for executing the computer readable instructions such that the processor when executing implements the function call method of any of claims 1-9.
12. A computer-readable storage medium storing non-transitory computer-readable instructions that, when executed by a computer, cause the computer to perform the function call method of any of claims 1-9.
CN202010000315.1A 2020-01-02 2020-01-02 Identity verification method and device Pending CN111191203A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010000315.1A CN111191203A (en) 2020-01-02 2020-01-02 Identity verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010000315.1A CN111191203A (en) 2020-01-02 2020-01-02 Identity verification method and device

Publications (1)

Publication Number Publication Date
CN111191203A true CN111191203A (en) 2020-05-22

Family

ID=70708141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010000315.1A Pending CN111191203A (en) 2020-01-02 2020-01-02 Identity verification method and device

Country Status (1)

Country Link
CN (1) CN111191203A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1975678A (en) * 2005-11-30 2007-06-06 富士施乐株式会社 Computer readable medium, information processing apparatus that executes program, and program control method for executing program
CN103248610A (en) * 2012-02-06 2013-08-14 阿里巴巴集团控股有限公司 Method and system for providing network service
WO2019053396A1 (en) * 2017-09-15 2019-03-21 Arm Limited Call path dependent authentication
CN109688158A (en) * 2019-01-23 2019-04-26 平安科技(深圳)有限公司 Finance executes chain authentication method, electronic device and storage medium
CN110096881A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Malice calls means of defence, device, equipment and computer-readable medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1975678A (en) * 2005-11-30 2007-06-06 富士施乐株式会社 Computer readable medium, information processing apparatus that executes program, and program control method for executing program
CN103248610A (en) * 2012-02-06 2013-08-14 阿里巴巴集团控股有限公司 Method and system for providing network service
WO2019053396A1 (en) * 2017-09-15 2019-03-21 Arm Limited Call path dependent authentication
CN109688158A (en) * 2019-01-23 2019-04-26 平安科技(深圳)有限公司 Finance executes chain authentication method, electronic device and storage medium
CN110096881A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Malice calls means of defence, device, equipment and computer-readable medium

Similar Documents

Publication Publication Date Title
CN111639319B (en) User resource authorization method, device and computer readable storage medium
US10171438B2 (en) Generating a password
CN110636043A (en) File authorization access method, device and system based on block chain
CN111199037B (en) Login method, system and device
CN111245811A (en) Information encryption method and device and electronic equipment
CN113422679B (en) Key generation method, device and system, encryption method, electronic device and computer readable storage medium
CN107920060B (en) Data access method and device based on account
CN113282951B (en) Application program security verification method, device and equipment
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
WO2023185514A1 (en) Message transmission methods and apparatuses, storage medium and electronic device
CN110602700B (en) Seed key processing method and device and electronic equipment
CN116502189A (en) Software authorization method, system, device and storage medium
CN112767142B (en) Processing method, device, computing equipment and medium for transaction file
CN111935138B (en) Protection method and device for secure login and electronic equipment
CN111191203A (en) Identity verification method and device
CN114780124A (en) Differential upgrading method, device, medium and electronic equipment
CN113961931A (en) Adb tool using method and device and electronic equipment
CN115879135B (en) Bid data processing method, device, equipment and storage medium
CN113660100B (en) Method, system and electronic equipment for generating soft token seed
CN115952518B (en) Data request method, device, electronic equipment and storage medium
CN116471327B (en) Cloud resource processing method, device, equipment and storage medium
CN111314320B (en) Communication method, terminal, server and system based on HTTP
CN112261659B (en) Control method and device for terminal and server, terminal and storage medium
CN111241522B (en) Firmware signature method and device and storage medium
CN117422423A (en) Loan information processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200522