CN115001782A - Method, device and equipment for processing interface request parameters and storage medium - Google Patents

Method, device and equipment for processing interface request parameters and storage medium Download PDF

Info

Publication number
CN115001782A
CN115001782A CN202210585825.9A CN202210585825A CN115001782A CN 115001782 A CN115001782 A CN 115001782A CN 202210585825 A CN202210585825 A CN 202210585825A CN 115001782 A CN115001782 A CN 115001782A
Authority
CN
China
Prior art keywords
signature information
client
interface
local language
interface request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210585825.9A
Other languages
Chinese (zh)
Inventor
夏小军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aiways Automobile Co Ltd
Original Assignee
Aiways Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aiways Automobile Co Ltd filed Critical Aiways Automobile Co Ltd
Priority to CN202210585825.9A priority Critical patent/CN115001782A/en
Publication of CN115001782A publication Critical patent/CN115001782A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application provides a method, a device, equipment and a storage medium for processing interface request parameters, and relates to the technical field of network security. The method comprises the following steps: the client generates an interface request parameter of the application program, acquires signature information of the application program, and requests a local language layer to perform encryption signature processing through the interface request parameter and the signature information; the local language layer determines whether the signature information passes verification or not according to the signature information and default signature information; if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and the encryption result is returned to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to the server. The scheme can effectively solve the hidden trouble that the embezzler carries out illegal calling or interface attack on the interface of the server side, and ensures the safety of data transmission of the front-end interface and the rear-end interface.

Description

Method, device and equipment for processing interface request parameters and storage medium
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for processing an interface request parameter.
Background
As computer network technology develops and internet users continue to increase, interface invocation becomes an indispensable part as a service mode. Specifically, when a client wishes to call an interface of a server, a set of interface request parameters is sent to the server, and the server verifies the received interface request parameters to determine whether the client is qualified to call the interface and which interfaces the client desires to call, so as to provide corresponding interface services for the client. In order to avoid the situation that the interface request parameter is intercepted in the interface calling process, interface tagging processing needs to be performed on the interface request parameter sent by the client.
At present, under an android operating system, the interface signing method mainly adopted is as follows: firstly, taking a private character string appointed by a client and a server as a signed private key; when a client requests to call an Application Programming Interface (API), combining an Interface request parameter and a private key, encrypting a combined result, and transmitting the obtained encrypted result as a signature to a server; thirdly, after the server receives the request, a signature is obtained by adopting the same encryption algorithm, the signature obtained by the server is compared with the signature transmitted by the client, if the comparison result is consistent, the verification is passed, otherwise, the request is rejected.
However, in the existing interface calling process, once a private key agreed by the client and the server is revealed, on one hand, data security of the client is threatened, and on the other hand, a hidden danger that an embezzler makes an illegal call or an interface attack on the interface of the server is caused, so that the security of API interface data transmission between the client and the server is low.
Disclosure of Invention
An object of the present application is to provide a method, an apparatus, a device, and a storage medium for processing an interface request parameter, so as to solve the problem of low security of API interface data transmission between a client and a server.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a method for processing an interface request parameter, which is applied to an electronic device running a client of an application program, where an android operating system is deployed on the electronic device, the android operating system includes a virtual machine layer and a local language layer, and the client runs on the virtual machine layer; the method comprises the following steps:
the client generates an interface request parameter of the application program, acquires signature information of the application program, and requests the local language layer to carry out encryption signature processing through the interface request parameter and the signature information;
the local language layer determines whether the signature information passes verification according to the signature information and default signature information;
and if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to a server.
Optionally, the obtaining signature information of the application program includes:
and the client calls a parameter return function provided by the android operating system, and the parameter return function acquires the signature information of the application program from context environment parameters.
Optionally, the requesting, by the interface, the parameter and the signature information to request the local language layer to perform encryption and signature processing includes:
the client calls an encryption signature function of the local language layer by taking the interface request parameter and the signature information as parameters;
the local language layer determines whether the signature information passes verification according to the signature information and default signature information, and the method comprises the following steps:
the local language layer executes the encryption signature function to determine whether the signature information passes verification according to the signature information and default signature information;
the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, including:
and the local language layer executes the encryption signature function, encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client.
Optionally, the determining, by the local language layer, whether the signature information passes the verification according to the signature information and default signature information includes:
the local language layer determines whether the characters contained in the signature information are consistent with the characters contained in the default signature information;
if so, determining that the signature information of the application program passes verification.
Optionally, the encrypting the interface request parameter by the local language layer to obtain an encrypted encryption result includes:
and the local language layer encrypts the interface request parameters by adopting a preset encryption algorithm to obtain an encrypted encryption result.
Optionally, the adding, by the client, the encryption result to the request header of the interface request parameter includes:
adding, by the client, the encryption result to a request header of the interface request parameter using a preset field.
Optionally, before acquiring the signature information of the application program, the method further includes:
obtaining global parameters set by the client, wherein the global parameters include: context environment parameters, the default signature information.
In a second aspect, an embodiment of the present application further provides a device for processing an interface request parameter, which is applied to an electronic device running a client of an application program, where an android operating system is deployed on the electronic device, the android operating system includes a virtual machine layer and a local language layer, and the client runs on the virtual machine layer; the device comprises:
the processing module is used for the client to generate an interface request parameter of the application program, obtain signature information of the application program and request the local language layer to carry out encryption signature processing through the interface request parameter and the signature information;
the determining module is used for determining whether the signature information passes the verification or not according to the signature information and default signature information by the local language layer;
the return module is used for encrypting the interface request parameter by the local language layer if the interface request parameter is in the positive state, obtaining an encrypted encryption result and returning the encryption result to the client;
and the sending module is used for adding the encryption result into the request header of the interface request parameter by the client and sending the encryption result to the server.
Optionally, the processing module is further configured to:
and the client calls a parameter return function provided by the android operating system, and the parameter return function acquires the signature information of the application program from the context environment parameters.
Optionally, the processing module is further configured to:
the client calls an encryption signature function of the local language layer by taking the interface request parameter and the signature information as parameters;
the determining module is further configured to:
the local language layer executes the encryption signature function to determine whether the signature information passes verification according to the signature information and default signature information;
the return module is further configured to:
and the local language layer executes the encryption signature function, encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client.
Optionally, the determining module is further configured to:
the local language layer determines whether the characters contained in the signature information are consistent with the characters contained in the default signature information;
if so, determining that the signature information of the application program passes verification.
Optionally, the return module is further configured to:
and the local language layer encrypts the interface request parameters by adopting a preset encryption algorithm to obtain an encrypted encryption result.
Optionally, the sending module is further configured to:
adding, by the client, the encryption result to a request header of the interface request parameter using a preset field.
Optionally, the apparatus further comprises:
an obtaining module, configured to obtain a global parameter set by the client, where the global parameter includes: context environment parameters, the default signature information.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the processing unit device is running, the processor executing the machine-readable instructions to perform the steps of the method as provided by the first aspect.
In a fourth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the method as provided in the first aspect.
The beneficial effect of this application is:
the embodiment of the application provides a method, a device, equipment and a storage medium for processing interface request parameters, wherein the method comprises the following steps: the client generates an interface request parameter of the application program, acquires signature information of the application program, and requests a local language layer to perform encryption signature processing through the interface request parameter and the signature information; the local language layer determines whether the signature information passes verification or not according to the signature information and default signature information; if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to the server. In the scheme, a client requests a local language layer to carry out encryption signature processing through generated interface request parameters and acquired signature information of an application program, in the process of encryption signature, the local language layer judges whether the signature information of the application program is legal or not according to the signature information and default signature information, if so, the local language layer continues to encrypt the interface request parameters and returns an encrypted encryption result to the client, the client adds the encryption result to a request header of the interface request parameters and sends the request header to a server, so that an interface signature adding scheme under the guarantee of a set of multiple security verification mechanisms is realized, on one hand, when the interface signature is added at each time, the local language layer judges whether the signature information is legal or not, if so, the local language layer continues to refuse service, so as to guarantee that an interface calling party is the client, even if signature information (namely private key) agreed by the client and the server is leaked, the data security of the client cannot be threatened, the hidden danger that an embezzler carries out illegal calling or interface attack on the interface of the server is effectively solved, and the interface calling security is improved; on the other hand, compared with the virtual machine layer, the local language layer has higher cracking difficulty, so in the scheme, the local language layer is mainly used for encrypting the interface request parameters and returning the encrypted encryption result to the client, the client adds the encryption result to the request header of the interface request parameters and sends the encryption result to the server, namely the parameters sent to the server by the client in the interface calling process are the encryption result obtained after the interface request parameters are encrypted, the problem that the transmission safety of API interface data between the client and the server is low easily caused when the interface request parameters are directly sent to the server is effectively solved, the transmission safety of the front-end and back-end API interface data is ensured, and the effects of preventing falsification and denial are achieved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic diagram of an architecture of an android operating system deployed on an electronic device according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for processing interface request parameters according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another method for processing interface request parameters according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of another method for processing interface request parameters according to an embodiment of the present application;
fig. 5 is a schematic overall flowchart of a method for processing interface request parameters according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a device for processing an interface request parameter according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it should be understood that the drawings in the present application are for illustrative and descriptive purposes only and are not used to limit the scope of protection of the present application. Additionally, it should be understood that the schematic drawings are not necessarily drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of the present application. It should be understood that the operations of the flow diagrams may be performed out of order, and steps without logical context may be performed in reverse order or simultaneously. One skilled in the art, under the guidance of this application, may add one or more other operations to, or remove one or more operations from, the flowchart.
In addition, the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present application without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that in the embodiments of the present application, the term "comprising" is used to indicate the presence of the features stated hereinafter, but does not exclude the addition of further features.
First, before the technical solutions provided in the present application are explained in detail, the related background related to the present application will be briefly explained.
At present, under an android operating system, the interface signing method mainly adopted is as follows: firstly, taking a character string appointed by a client and a server as a private key for signing; when a client requests to call an Application Programming Interface (API), combining an Interface request parameter and a private key, encrypting a combined result, and transmitting the obtained encrypted result as a signature to a server; after receiving the request, the server calculates a signature by using the same encryption algorithm, compares the signature obtained by the server with the signature transmitted by the client, if the comparison result is consistent, the verification is passed, otherwise, the request is rejected.
However, in the existing interface calling process, once a private key agreed by the client and the server is revealed, on one hand, data security of the client is threatened, and on the other hand, a hidden danger that an embezzler makes an illegal call or an interface attack on the interface of the server is caused, so that the security of API interface data transmission between the client and the server is low.
In order to solve the technical problems in the prior art, the application provides a safe and reliable interface request parameter processing method, which mainly includes that an interface request parameter of an application program is generated through a client running in a virtual machine layer (Java layer), signature information of the application program is obtained, encryption signature processing is performed through the interface request parameter and a signature information request local language layer (Native layer), the local language layer judges whether the signature information of the application program is legal or not according to the signature information and default signature information, if yes, the local language layer continues to encrypt the interface request parameter to obtain an encrypted encryption result, and the encrypted encryption result is returned to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the encrypted encryption result to a server. On one hand, when the interface is signed, the local language layer judges whether the signature information of the application program is legal or not, if so, the local language layer continues to use the application program, otherwise, the application program refuses to serve, so that an interface calling party is ensured to be a client, even if the signature information (namely private key) agreed by the client and a server is leaked, the data safety of the client cannot be threatened, and the hidden danger that a pirate illegally calls or attacks the interface of the server is effectively solved; on the other hand, compared with the virtual machine layer, the local language layer has higher cracking difficulty, so in the scheme, the local language layer is mainly used for encrypting the interface request parameters and returning the encrypted encryption result to the client, the client adds the encryption result to the request header of the interface request parameters and sends the request header to the server, namely the parameters sent by the client to the server in the interface calling process are the encryption result after the interface request parameters are encrypted, the problem that the transmission safety of API interface data between the client and the server is low easily caused when the interface request parameters are directly sent to the server is effectively solved, the transmission safety of the front-end and back-end API interface data is ensured, and the effects of preventing tampering and repudiation are achieved.
The following briefly describes, through various embodiments, an architecture of an android operating system deployed on an electronic device provided in the present application.
Fig. 1 is a schematic structural diagram of an android operating system deployed on an electronic device according to an embodiment of the present application; as shown in fig. 1, the android operating system includes: the system comprises a virtual machine layer and a local language layer, wherein a client runs in the virtual machine layer.
The virtual machine layer is also called a Java layer, and the local language layer is also called a Native layer. For the distinction, an upper layer completed based on Java in an android operating system is called a Java layer, and a lower layer completed based on a C program is called a Native layer. The Java layer and the Native layer are developed based on different languages.
In the scheme, the local language layer is mainly used for carrying out validity check on the signature information of the application program, if the signature information is legal, the local language layer continues to carry out encryption processing on the interface request parameter, and an encrypted encryption result is returned to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to the server. Therefore, the safety of data transmission of the front-end API interface and the rear-end API interface is greatly guaranteed, and the effects of tamper resistance and repudiation resistance are achieved.
The following will explain the implementation principle of the steps of the method for processing the interface request parameter provided by the present application and the corresponding beneficial effects through a plurality of specific embodiments.
Fig. 2 is a schematic flowchart of a method for processing interface request parameters according to an embodiment of the present disclosure; optionally, an execution subject of the method is an electronic device running a client of an application program, an android operating system is deployed on the electronic device, the android operating system includes a virtual machine layer and a local language layer, and the client runs on the virtual machine layer.
It should be understood that in other embodiments, the order of some steps in the processing method of the interface request parameter may be interchanged according to actual needs, or some steps may be omitted or deleted. As shown in fig. 2, the method includes:
s201, the client generates an interface request parameter of the application program, obtains signature information of the application program, and requests a local language layer to perform encryption signature processing through the interface request parameter and the signature information.
Generally, the interface request parameter is used to indicate that a client running on the electronic device wishes to invoke a certain interface on the server. The interface request parameters include the address of the requested resource, the request type, the request parameters, and the like. In addition, in different cases, the interface request parameter may further include other information for the server to verify, for example: the user's rating, the timestamp of the invocation, other identity data of the user, etc.
The signature information of the application program is that a software developer writes specific mark information in a specific field of the application program, and the application program passes the uniqueness authentication. The method can accurately judge whether the application program is tampered or not according to the signature information of the application program, and can timely avoid the hidden danger that a tamperer makes illegal calling or interface attack on the interface of the server side because the application program is tampered.
In this embodiment, when a user needs to call an interface of a server, an interface request parameter of an application program may be generated by a client, and signature information of the application program is read from a signature information storage address of the application program, and then, the client requests a local language layer to perform encryption signature processing through the generated interface request parameter and the obtained signature information, so as to improve security and reliability of the client in the process of calling the interface of the server.
S202, the local language layer determines whether the signature information passes verification according to the signature information and default signature information.
The default signature information is original signature information of the application program, and the default signature information can be stored in a preset storage area of a terminal where an installation package of the application program is located, that is, the original signature information can be acquired from the preset storage area for verification.
In this embodiment, in order to determine whether the interface caller is a client and not a tamperer (or pirate). Therefore, the local language layer can check the legality of the signature information of the application program according to the acquired default signature information, and further can accurately judge whether the application program is tampered, and even if the signature information (namely, the private key) agreed by the client and the server is leaked, the data security of the client cannot be threatened, so that the safety and the reliability of calling the server interface by the client are improved, and the hidden danger that a pirate illegally calls or attacks the server interface is effectively solved.
And S203, if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to the server.
The request header of the interface request parameter may be in an http (or https) request header.
On the basis of the embodiment, if the signature information of the application program passes the validity check, the local language layer continues to encrypt the interface request parameter to obtain an encrypted encryption result, the encrypted encryption result is returned to the client, the client adds the encryption result to the request header of the interface request parameter and sends the request header to the server for checking, and if the check is passed, the client returns the interface call result. Therefore, the problem that the safety of API interface data transmission between the client and the server is low easily caused when the interface request parameters are directly sent to the server is effectively solved, the safety of the API interface data transmission of the front end and the back end is ensured, and the effects of tampering prevention and repudiation prevention are achieved.
To sum up, an embodiment of the present application provides a method for processing an interface request parameter, where the method includes: the client generates an interface request parameter of the application program, acquires signature information of the application program, and requests a local language layer to perform encryption signature processing through the interface request parameter and the signature information; the local language layer determines whether the signature information passes verification or not according to the signature information and default signature information; if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to the server. In the scheme, a client requests a local language layer to perform encryption signature processing through generated interface request parameters and acquired signature information of an application program, firstly, the local language layer judges whether the signature information of the application program is legal or not according to the signature information and default signature information, if so, the local language layer continues to perform encryption processing on the interface request parameters, and returns an encrypted encryption result to the client, the client adds the encryption result to a request header of the interface request parameters and sends the request header to a server, so that an interface signature adding scheme under the guarantee of a multiple security check mechanism is realized, on one hand, the local language layer judges whether the signature information is legal or not when the interface signature is added every time, if so, the local language layer continues to refuse service to ensure that an interface calling party is the client, even if the signature information (namely private key) agreed by the client and the server is leaked, the data security of the client cannot be threatened, the hidden danger that an embezzler carries out illegal calling or interface attack on the interface of the server is effectively solved, and the safety of interface calling is improved; on the other hand, compared with the virtual machine layer, the local language layer has higher cracking difficulty, so in the scheme, the local language layer is mainly used for encrypting the interface request parameters and returning the encrypted encryption result to the client, the client adds the encryption result to the request header of the interface request parameters and sends the encryption result to the server, namely the parameters sent to the server by the client in the interface calling process are the encryption result obtained after the interface request parameters are encrypted, the problem that the transmission safety of API interface data between the client and the server is low easily caused when the interface request parameters are directly sent to the server is effectively solved, the transmission safety of the front-end and back-end API interface data is ensured, and the effects of preventing falsification and denial are achieved.
How to acquire signature information of an application in the above step S201 will be specifically explained by the following embodiments.
Optionally, the client calls a parameter return function provided by the android operating system, and the parameter return function acquires signature information of the application program from the context environment parameter.
Wherein, the parameter return function may be a PackageManager # getPackageInfo method.
In this embodiment, while generating an interface request parameter of an application, a client calls a PackageManager # getfaceinfo method provided by an android operating system to read signature information of the application from a context environment parameter, and returns the acquired signature information of the application to the client.
How the client requests the local language layer to perform the encryption signing process through the interface request parameter and the signing information in step S201 will be specifically explained through the following embodiments.
Alternatively, referring to fig. 3, the step S201 includes:
s301, the client calls the encryption signature function of the local language layer by taking the interface request parameter and the signature information as parameters.
The Encryption signature function may be a self-defined Encryption Algorithm, or may be an existing Encryption Algorithm, for example, the Encryption signature function is a Message Digest Algorithm 5(Message-Digest Algorithm 5, abbreviated as MD5), Advanced Encryption Standard (Advanced Encryption Standard, abbreviated as AES), or the like.
In this embodiment, the client calls an encryption signature function provided by the local language layer with the generated interface request parameter and the acquired signature information as parameters, and then transmits the interface request parameter and the signature information as parameters to the encryption signature function, so as to encrypt the transmitted parameters by using the encryption signature function.
The local language layer determines whether the signature information passes the verification according to the signature information and the default signature information, and the method comprises the following steps:
s302, the local language layer executes the encryption signature function to determine whether the signature information passes the verification according to the signature information and default signature information.
In this embodiment, in order to determine whether the interface caller is the client, an encrypted signature function is executed through a local language layer, and whether the signature information of the application passes verification is determined according to the signature information of the application and default signature information, and if the application passes validity verification, it can be determined that the interface caller is the client and not a tamperer (or a pirate); if the application program does not pass the validity check, the interface calling party can be determined to be a falsifier (or embezzler), and the interface calling service is refused to be provided for the falsifier (or embezzler).
The local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, including:
s303, the local language layer executes the encryption signature function, encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client.
On the basis of the above embodiment, if the application passes the validity check, the encryption signature function is continuously executed through the local language layer to encrypt the interface request parameter, so as to obtain an encrypted encryption result, and the local language layer returns the encryption result to the client. Therefore, in the process of calling the server interface by the client, the client can send the encrypted result of the interface request parameter to the server, and then the server checks the received encrypted result, so that the problem that the security of API interface data transmission between the client and the server is low easily caused when the interface request parameter is directly sent to the server is effectively solved, the security of front-end and back-end API interface data transmission is ensured, and the effects of tampering prevention and repudiation prevention are achieved.
How the local language layer determines whether the signature information passes the verification according to the signature information and the default signature information in step S202 will be specifically explained through the following embodiments.
Alternatively, referring to fig. 4, the step S202 includes:
s401, the local language layer determines whether the characters contained in the signature information are consistent with the characters contained in the default signature information.
S402, if yes, the signature information of the application program is confirmed to pass verification.
It should be understood that the signature information typically includes a plurality of characters, and the default signature information also includes a plurality of characters.
In this embodiment, in order to improve the accuracy of verifying the signature information of the application program, the occurrence of a misjudgment situation is avoided. Therefore, the characters contained in the signature information can be compared with the characters contained in the default signature information to judge the validity of the application program, and if the characters contained in the signature information are completely consistent with the characters contained in the default signature information, the signature information of the application program can be confirmed to pass the verification, namely the application program passes the validity verification; if the signature information of the application program is not verified, namely the interface calling party is a falsifier (or a pirate), and the interface calling service is refused to be provided for the falsifier (or the pirate).
The following embodiment specifically explains how the local language layer encrypts the interface request parameter to obtain an encrypted encryption result.
Optionally, the encrypting the interface request parameter by the local language layer to obtain an encrypted encryption result includes:
and the local language layer encrypts the interface request parameters by adopting a preset encryption algorithm to obtain an encrypted encryption result.
In this embodiment, for example, the preset encryption algorithm is an MD5 encryption algorithm, and the local language layer invokes an MD5 encryption algorithm to encrypt the interface request parameter, so as to obtain an encrypted encryption result. Therefore, the safety and reliability of the interface request parameters in the transmission process can be improved.
How the encryption result is added to the request header of the interface request parameter by the client in the above step S203 will be specifically explained by the following embodiments.
Optionally, the adding, by the client, the encryption result to the request header of the interface request parameter in step S203 includes:
and adding the encryption result to a request header of the interface request parameter by the client by using a preset field.
In this embodiment, for example, the preset field may be a relevant field of an authentication (auth) message. After receiving the encryption result returned by the local language layer, the client adds the encryption result to an http (or https) request header of the interface request parameter by using an auth field, transmits the http (or https) request header to the server, and hands the http (or https) request header to the server for verification. Thus, the reliability of API interface data transmission between the client and the server is ensured.
Optionally, before obtaining the signature information of the application program, the method further includes:
obtaining global parameters set by a client, wherein the global parameters comprise: context environment parameters, default signature information.
In this embodiment, when a user calls an interface of a server, initialization needs to be performed first, and global parameters set by an initialization interface provided by a client are obtained, where the global parameters include: context environment parameters, default signature information. Therefore, the application program can call various components provided by the android operating system under a normal running environment, and the client can efficiently and normally call the interface of the server.
The overall procedure of the processing of the interface request parameter provided in the present application will be specifically explained by the following embodiments.
Fig. 5 is a schematic overall flowchart of a method for processing interface request parameters according to an embodiment of the present application; as shown in fig. 5, optionally, the method comprises:
s501, the client generates an interface request parameter of the application program, obtains signature information of the application program, and requests a local language layer to perform encryption signature processing through the interface request parameter and the signature information.
S502, the local language layer determines whether the signature information passes verification according to the signature information and default signature information; if yes, jumping to step S503; if not, go to step S505.
S503, the local language layer encrypts the interface request parameters to obtain an encrypted encryption result, and returns the encryption result to the client.
S504, the client adds the encryption result to a request header of the interface request parameter, sends the encryption result to the server and sends the encryption result to the server for verification.
And S505, the local language layer rejects the encrypted signature request of the client and returns an exception to the client.
Optionally, the overall implementation steps and the generated beneficial effects of the method for processing the interface request parameters provided in the embodiment of the present application have been described in detail in the foregoing specific embodiments, and are not described in detail here.
Based on the same application concept, a device for processing interface request parameters corresponding to the method for processing interface request parameters is also provided in the embodiments of the present application, and because the principle of solving the problems of the device in the embodiments of the present application is similar to the method for processing interface request parameters described above in the embodiments of the present application, the implementation of the device may refer to the implementation of the method, and repeated parts are not described again.
Optionally, referring to fig. 6, an embodiment of the present application further provides a processing apparatus for an interface request parameter, where the processing apparatus is applied to an electronic device running a client of an application program, an android operating system is deployed on the electronic device, the android operating system includes a virtual machine layer and a local language layer, and the client runs in the virtual machine layer; the device includes:
the processing module 601 is configured to generate an interface request parameter of an application program by a client, acquire signature information of the application program, and request a local language layer to perform encryption signature processing through the interface request parameter and the signature information;
a determining module 602, configured to determine, by the local language layer, whether the signature information passes verification according to the signature information and default signature information;
a returning module 603, configured to encrypt the interface request parameter by the local language layer if the interface request parameter is true, obtain an encrypted encryption result, and return the encryption result to the client;
and a sending module 604, configured to add the encryption result to the request header of the interface request parameter by the client, and send the request header to the server.
Optionally, the processing module 601 is further configured to:
and calling a parameter return function provided by the android operating system by the client, and acquiring the signature information of the application program from the context environment parameter by the parameter return function.
Optionally, the processing module 601 is further configured to:
the client takes the interface request parameter and the signature information as parameters and calls an encryption signature function of a local language layer;
a determining module 602, further configured to:
the local language layer executes an encryption signature function to determine whether the signature information passes verification according to the signature information and default signature information;
a returning module 603, further configured to:
and the local language layer executes the encryption signature function, encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client.
Optionally, the determining module 602 is further configured to:
the local language layer determines whether the characters contained in the signature information are consistent with the characters contained in the default signature information;
and if so, determining that the signature information of the application program passes the verification.
Optionally, the returning module 603 is further configured to:
and the local language layer encrypts the interface request parameters by adopting a preset encryption algorithm to obtain an encrypted encryption result.
Optionally, the sending module 604 is further configured to:
and adding the encryption result to a request header of the interface request parameter by the client by using a preset field.
Optionally, the apparatus further comprises:
an obtaining module, configured to obtain a global parameter set by a client, where the global parameter includes: context environment parameters, default signature information.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
The above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device may be a device with a processing function, such as a mobile phone and a computer, for implementing the method for processing the interface request parameter provided in the present disclosure.
As shown in fig. 7, the processing unit device includes a memory 701 and a processor 702. Wherein the memory 701 and the processor 702 are electrically connected to each other directly or indirectly to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
The memory 701 stores software functional modules stored in the memory 701 in the form of software or firmware (firmware), and the processor 702 executes various functional applications and data processing by running the software programs and modules stored in the memory 701, that is, implements the processing method of the interface request parameters in the embodiment of the present application. The specific implementation and technical effects are similar, and are not described herein again.
The Memory 701 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), and the like. The memory 701 is used for storing programs, and the processor 702 executes the programs after receiving execution instructions.
The processor 702 may be an integrated circuit chip having signal processing capabilities. The Processor 702 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like.
Optionally, the present application also provides a program product, such as a computer readable storage medium, comprising a program which, when being executed by a processor, is adapted to carry out the above-mentioned method embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to perform some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Claims (10)

1. The method for processing the interface request parameters is applied to electronic equipment of a client running an application program, wherein an android operating system is deployed on the electronic equipment, the android operating system comprises a virtual machine layer and a local language layer, and the client runs on the virtual machine layer; the method comprises the following steps:
the client generates an interface request parameter of the application program, acquires signature information of the application program, and requests the local language layer to carry out encryption signature processing through the interface request parameter and the signature information;
the local language layer determines whether the signature information passes verification according to the signature information and default signature information;
and if so, the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, so that the client adds the encryption result to a request header of the interface request parameter and sends the request header to a server.
2. The method according to claim 1, wherein the obtaining signature information of the application program comprises:
and the client calls a parameter return function provided by the android operating system, and the parameter return function acquires the signature information of the application program from the context environment parameters.
3. The method of claim 1, wherein requesting parameters and signature information via the interface to request the local language layer for cryptographic signature processing comprises:
the client calls an encryption signature function of the local language layer by taking the interface request parameter and the signature information as parameters;
the local language layer determines whether the signature information passes verification according to the signature information and default signature information, and the method comprises the following steps:
the local language layer executes the encryption signature function to determine whether the signature information passes verification according to the signature information and default signature information;
the local language layer encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client, including:
and the local language layer executes the encryption signature function, encrypts the interface request parameter to obtain an encrypted encryption result, and returns the encryption result to the client.
4. The method of claim 1, wherein the local language layer determining whether the signature information is verified based on the signature information and default signature information comprises:
the local language layer determines whether the characters contained in the signature information are consistent with the characters contained in the default signature information;
if yes, the signature information of the application program is confirmed to pass verification.
5. The method according to claim 1, wherein the encrypting the interface request parameter by the local language layer to obtain an encrypted encryption result comprises:
and the local language layer encrypts the interface request parameters by adopting a preset encryption algorithm to obtain an encrypted encryption result.
6. The method of claim 1, wherein adding, by the client, the encrypted result to a request header of the interface request parameter comprises:
adding, by the client, the encryption result to a request header of the interface request parameter using a preset field.
7. The method according to any one of claims 1-5, wherein before obtaining the signature information of the application program, the method further comprises:
obtaining global parameters set by the client, wherein the global parameters include: context environment parameters, the default signature information.
8. The device for processing the interface request parameters is applied to electronic equipment of a client running an application program, wherein an android operating system is deployed on the electronic equipment, the android operating system comprises a virtual machine layer and a local language layer, and the client runs on the virtual machine layer; the device comprises:
the processing module is used for the client to generate an interface request parameter of the application program, obtain signature information of the application program and request the local language layer to perform encryption signature processing through the interface request parameter and the signature information;
the determining module is used for determining whether the signature information passes the verification or not according to the signature information and default signature information by the local language layer;
a return module, configured to, if yes, encrypt the interface request parameter by the local language layer to obtain an encrypted encryption result, and return the encryption result to the client;
and the sending module is used for adding the encryption result into the request header of the interface request parameter by the client and sending the encryption result to the server.
9. An electronic device, comprising: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the electronic device is operating, the processor executing the machine-readable instructions to perform the steps of the method as provided in any one of claims 1-7.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, performs the steps of the method as set forth in any one of claims 1 to 7.
CN202210585825.9A 2022-05-26 2022-05-26 Method, device and equipment for processing interface request parameters and storage medium Pending CN115001782A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210585825.9A CN115001782A (en) 2022-05-26 2022-05-26 Method, device and equipment for processing interface request parameters and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210585825.9A CN115001782A (en) 2022-05-26 2022-05-26 Method, device and equipment for processing interface request parameters and storage medium

Publications (1)

Publication Number Publication Date
CN115001782A true CN115001782A (en) 2022-09-02

Family

ID=83029581

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210585825.9A Pending CN115001782A (en) 2022-05-26 2022-05-26 Method, device and equipment for processing interface request parameters and storage medium

Country Status (1)

Country Link
CN (1) CN115001782A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640109A (en) * 2024-01-26 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 API (application program interface) secure access method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844150A (en) * 2016-03-23 2016-08-10 青岛海信传媒网络技术有限公司 Application program data protection method and device
CN106022098A (en) * 2016-05-10 2016-10-12 青岛海信传媒网络技术有限公司 Signature verification method and device for application
WO2018127081A1 (en) * 2017-01-04 2018-07-12 天地融科技股份有限公司 Method and system for obtaining encryption key
CN108683502A (en) * 2018-03-30 2018-10-19 上海连尚网络科技有限公司 A kind of digital signature authentication method, medium and equipment
CN110611670A (en) * 2019-09-12 2019-12-24 贵阳叁玖互联网医疗有限公司 API request encryption method and device
CN112153015A (en) * 2020-09-09 2020-12-29 杭州安恒信息技术股份有限公司 Multi-encryption interface authentication method, device, equipment and readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844150A (en) * 2016-03-23 2016-08-10 青岛海信传媒网络技术有限公司 Application program data protection method and device
CN106022098A (en) * 2016-05-10 2016-10-12 青岛海信传媒网络技术有限公司 Signature verification method and device for application
WO2018127081A1 (en) * 2017-01-04 2018-07-12 天地融科技股份有限公司 Method and system for obtaining encryption key
CN108683502A (en) * 2018-03-30 2018-10-19 上海连尚网络科技有限公司 A kind of digital signature authentication method, medium and equipment
CN110611670A (en) * 2019-09-12 2019-12-24 贵阳叁玖互联网医疗有限公司 API request encryption method and device
CN112153015A (en) * 2020-09-09 2020-12-29 杭州安恒信息技术股份有限公司 Multi-encryption interface authentication method, device, equipment and readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张晓明: ""基于uni-app和Android的学生手机管控系统的设计与实现"", 《中国优秀硕士学位论文全文数据库(信息科技I辑)》, 15 April 2021 (2021-04-15) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640109A (en) * 2024-01-26 2024-03-01 远江盛邦(北京)网络安全科技股份有限公司 API (application program interface) secure access method and device, electronic equipment and storage medium
CN117640109B (en) * 2024-01-26 2024-04-26 远江盛邦(北京)网络安全科技股份有限公司 API (application program interface) secure access method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
EP3382933B1 (en) Using a trusted execution environment as a trusted third party providing privacy for attestation
US9838205B2 (en) Network authentication method for secure electronic transactions
Dietz et al. Quire: Lightweight provenance for smart phone operating systems
JP5981610B2 (en) Network authentication method for electronic transactions
US9998438B2 (en) Verifying the security of a remote server
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
CN107979467B (en) Verification method and device
CN109995776B (en) Internet data verification method and system
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
CN106897631B (en) Data processing method, device and system
US11424915B2 (en) Terminal registration system and terminal registration method with reduced number of communication operations
US20180130056A1 (en) Method and system for transaction security
CN114244522B (en) Information protection method, device, electronic equipment and computer readable storage medium
US10291614B2 (en) Method, device, and system for identity authentication
CN113572743A (en) Data encryption and decryption method and device, computer equipment and storage medium
CN112448930A (en) Account registration method, device, server and computer readable storage medium
CN114257382A (en) Method, device and system for key management and service processing
CN110069241B (en) Pseudo-random number acquisition method and device, client device and server
CN115001782A (en) Method, device and equipment for processing interface request parameters and storage medium
CN108322886B (en) Authentication method and device for terminal positioning data
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN116956298A (en) Application running environment detection method and device
CN114172923A (en) Data transmission method, communication system and communication device
KR20180129302A (en) Method for executing of security keyboard, apparatus and system for executing the method
CN113723961A (en) Mobile payment method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination