CN105187449A - Interface calling method and device - Google Patents

Interface calling method and device Download PDF

Info

Publication number
CN105187449A
CN105187449A CN201510642977.8A CN201510642977A CN105187449A CN 105187449 A CN105187449 A CN 105187449A CN 201510642977 A CN201510642977 A CN 201510642977A CN 105187449 A CN105187449 A CN 105187449A
Authority
CN
China
Prior art keywords
value
request
key
interface interchange
comparison
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510642977.8A
Other languages
Chinese (zh)
Other versions
CN105187449B (en
Inventor
方文
罗新伟
胡宝良
江春华
陈显龙
孙敏杰
陈宝珍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Forever Technology Co Ltd
Original Assignee
Beijing Forever Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Forever Technology Co Ltd filed Critical Beijing Forever Technology Co Ltd
Priority to CN201510642977.8A priority Critical patent/CN105187449B/en
Publication of CN105187449A publication Critical patent/CN105187449A/en
Application granted granted Critical
Publication of CN105187449B publication Critical patent/CN105187449B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an embodiment of an interface calling method applied to a server. A first key value and a second key value are saved in a server. The method comprises the following steps that: a client sends an interface calling request to the server, wherein the interface calling request includes a first request value, a second request value and a first comparison value, and the first comparison value is generated by the client according to the first key value, the second key value and the second request value; the server generates a second comparison value according to the first key value, the second key value and the second request value in a way of generating the first comparison value after the interface calling request is received; if the second comparison value is the same as the first comparison value transmitted by the client, a response is made to the interface calling request; and otherwise, the interface calling request is rejected. Through adoption of the interface calling method, the validity of the client can be judged with the key values in order to ensure the security of interface calling. The invention also provides an interface calling method and device applied to the client, and an interface calling device applied to the server.

Description

A kind of interface interchange method and device
Technical field
The application relates to application safety technical field, more specifically, relates to a kind of interface interchange method and device.
Background technology
Server can provide interface, calls for the application in client.Application in client, by the interface of invoking server, realizes applying the function provided.Such as, client is provided with Alipay application (pays class application), the function that Alipay is applied to be provided is Modify password.Alipay server provides interface for changing passwords, and client, by calling the interface for changing passwords on Alipay server, realizes the amendment to password.
At present, the mode of interface interchange is, after server receives interface interchange request, directly respond this interface interchange request, realize the service that interface provides, the fail safe of this kind of interface interchange mode is lower.
Summary of the invention
In view of this, this application provides the interface interchange method being applied in server, in order to solve the lower technical problem of existing interface interchange mode fail safe.Accordingly, present invention also provides the interface interchange method being applied in client.In addition, present invention also provides the interface interchange device being applied in server and the interface interchange device being applied in client, in order to ensure said method application in practice and realization respectively.
Particularly, the technical scheme that provides of the application is as follows:
This application provides a kind of interface interchange method, be applied to server, described server is preserved at least one group of key-value pair, comprise the first key value and second key value corresponding with described first key value in described key-value pair, the method comprises:
In response to the interface interchange request that client sends, extract the first value request, the second value request and the first comparison value that comprise in described interface interchange request; Wherein, described client preserves one group of target key-value pair that described server sends, described first value request is the first key value of described target key assignments centering, described second value request is the numerical value that described client generates, and described first comparison value is that described client uses the first key value of described target key assignments centering, the second key value of described target key assignments centering and the second value request to generate;
In described at least one group of key-value pair, search target first key value identical with described first value request, and use the second key value and described second value request that described target first key value, described target first key value are corresponding, generate the second comparison value;
If described second comparison value is identical with described first comparison value, respond described interface interchange request;
If described second comparison value is different from described first comparison value, refuse described interface interchange request.
Present invention also provides a kind of interface interchange method, be applied to client, described client preserves one group of key-value pair, and comprise the first key value and the second key value corresponding to described first key value in described key-value pair, the method comprises:
In response to interface interchange instruction, obtain described first key value as the first value request, and generate the second value request;
Use described first value request, described second key value and described second value request, generate the first comparison value;
Described first value request, described second value request and described first comparison value are encapsulated in interface interchange request, and described interface interchange request is sent to server, the second comparison value is generated according to described interface interchange request to trigger described server, when described second comparison value is identical with described first comparison value, respond described interface interchange request, when described second comparison value is different from described first comparison value, refuse described interface interchange request.
Present invention also provides a kind of interface interchange device, be applied to server, described server is preserved at least one group of key-value pair, comprise the first key value and second key value corresponding with described first key value in described key-value pair, this device comprises:
Key value extraction module, for the interface interchange request sent in response to client, extracts the first value request, the second value request and the first comparison value that comprise in described interface interchange request; Wherein, described client preserves one group of target key-value pair that described server sends, described first value request is the first key value of described target key assignments centering, described second value request is the numerical value that described client generates, and described first comparison value is that described client uses the first key value of described target key assignments centering, the second key value of described target key assignments centering and the second value request to generate;
First key value searches module, in described at least one group of key-value pair, searches target first key value identical with described first value request,
Comparison value generation module, for using the second key value and described second value request that described target first key value, described target first key value are corresponding, generates the second comparison value;
Comparison value judge module, for judging that whether described second comparison value is identical with described first comparison value, if so, trigger request respond module, if not, trigger request refusal module;
Request respond module, for responding described interface interchange request;
Request refusal module, for refusing described interface interchange request.
Present invention also provides a kind of interface interchange device, be applied to client, described client preserves one group of key-value pair, and comprise the first key value and the second key value corresponding to described first key value in described key-value pair, this device comprises:
First value request acquisition module, in response to interface interchange instruction, obtains described first key value as the first value request;
Second value request generation module, for generating the second value request;
First comparison value generation module, for using described first value request, described second key value and described second value request, generates the first comparison value;
Interface interchange request sending module, for described first value request, described second value request and described first comparison value are encapsulated in interface interchange request, and described interface interchange request is sent to server, the second comparison value is generated according to described interface interchange request to trigger described server, when described second comparison value is identical with described first comparison value, respond described interface interchange request, when described second comparison value is different from described first comparison value, refuse described interface interchange request.
As known from the above, the application's tool has the following advantages:
This application provides a kind of interface interchange embodiment of the method, the present embodiment application on the server, server is preserved key-value pair, is comprised the first key value and the second key value in key-value pair.Client preserves this key-value pair equally, during the interface that client needs invoking server to provide, can to server transmission interface call request, the first value request, the second value request and the first comparison value is included in interface interchange request, wherein, the first value request is the first key value in key-value pair, the second value request be that client generates, the first comparison value is that client generates according to the first key value, the second key value and the second value request.Server is after receiving interface interchange request, search first key value identical with this first value request, and search the second corresponding key value, use the mode of above-mentioned generation first comparison value, the second value request according to the first key value found and the second key value and client transmission generates the second comparison value, if the second comparison value is identical with the first comparison value that client sends, represent that client is legal, just response interface call request, if different, represent that client is illegal, then refuse interface interchange request.Visible, the present embodiment, before response interface is called, can use the legitimacy of key value to client to judge, avoid the interface interchange that rogue program is implemented, thus improve the fail safe of interface interchange.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only the embodiment of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to the accompanying drawing provided.
The flow chart being applied in the interface interchange embodiment of the method 1 of server that Fig. 1 provides for the application;
The flow chart being applied in the interface interchange embodiment of the method 2 of server that Fig. 2 provides for the application;
The flow chart being applied in the interface interchange embodiment of the method for client that Fig. 3 provides for the application;
The structured flowchart being applied in the interface interchange device embodiment 1 of server that Fig. 4 provides for the application;
The structured flowchart being applied in the interface interchange device embodiment 2 of server that Fig. 5 provides for the application;
The structured flowchart being applied in the interface interchange device embodiment of client that Fig. 6 provides for the application.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
See Fig. 1, it illustrates the flow process of the interface interchange embodiment of the method 1 that the application provides.The present embodiment is applied in server side, server is preserved one or more groups key-value pair, wherein, two key values are comprised in key-value pair, two key values have corresponding relation, and can think that one of them key value is " key " in key-value pair, another key value is " value ".For convenience of description, the key value regarding " key " as can be called the first key value K1, the key value regarding " value " as be called the second key value K2.
Wherein, key-value pair can be the request stochastic generation of server according to client.Particularly, client before the interface of invoking server (as client run first time), can send secret generating request to server, server responds this secret generating request, stochastic generation two key values, form one group of key-value pair and preserve.It should be noted that, the mode that server generates key value can be not limited to random fashion, can be the method that in prior art, any one generates key value.
In addition, this group key-value pair is back to this client by server, preserves with trigger clients.After client gets one group of key-value pair, this group key-value pair can be used, to server transmission interface call request.As shown in Figure 1, the interface interchange embodiment of the method being applied in server side can specifically comprise step S101 ~ step S105.
Step S101: the interface interchange request sent in response to client, extracts the first value request, the second value request and the first comparison value that comprise in interface interchange request; Wherein, client preserves one group of target key-value pair that server sends, first value request is the first key value of target key assignments centering, second value request is the numerical value that client generates, and the first comparison value is that client uses the first key value of target key assignments centering, the second key value of target key assignments centering and the second value request to generate.
Wherein, if the interface that client wants invoking server to provide, then to server transmission interface call request.Such as, client is Alipay application (one pays class application), if user wants to revise payment cipher, then triggers Alipay application and sends payment cipher amendment request to Alipay server.
Before transmission interface call request, client generates the second value request K3.Wherein, the second value request can be the random number calling random function generation.Certainly, the second value request can use other modes to generate, concrete visible application provided below interface interchange embodiment of the method on the client.
After generation second value request, the first key value K1 that client can use server to return and the second key value K2, and this second value request K3, generate the first comparison value K4.
It should be noted that, in order to the first key value K1 of the first key value and server of distinguishing client, the first key value of client can be called the first value request K1 '.
First value request K1 ', the second value request K3 and the first comparison value K4 are encapsulated in interface interchange request by client, are sent to server.It should be noted that, client repeatedly can send different interface interchange requests, but it is identical for being encapsulated in the first interior value request, unlike the second value request and the first comparison value.
After server receives the interface interchange request of client transmission, extract the first value request, the second value request and the first comparison value wherein.
Step S102: at least one group of key-value pair, searches target first key value identical with the first value request, and uses the second key value and the second value request that target first key value, target first key value are corresponding, generates the second comparison value.
First, server, in key-value pair, is searched and whether be there is the first key value K1 (target first key value) identical with this first value request K1 ', if find, just finds the second corresponding key value K2 by this first key value K1.
And then server uses client to generate the method for the first comparison value, by the second value request K3 that the first key value K1, the second key value K2 and client send, generates the second comparison value K4 '.
Step S103: judge that whether the second comparison value is identical with the first comparison value; If so, perform step S104, if not, perform step S105.
Wherein, the first comparison value K4 that the second comparison value K4 ' of self being generated of server and client send compares.If both are identical, represent that client is legal, therefore docking port call request responds.If both are different, represent that the client of transmission interface call request is illegal rogue program, refuse this interface interchange request.
Step S104: response interface call request.
Wherein, the response action of server is corresponding with interface interchange request, and practical application scene is different, and concrete response action also can be different, and the application is also not specifically limited.Such as, interface interchange request is the request of amendment payment cipher, and corresponding response action can be the payment cipher be revised as by the payment cipher of preservation in user interface call request.
Step S105: refusal interface interchange request.
Wherein, the mode of server refusal can be ignore this interface interchange request, does not namely carry out response action.Or further, the client sending this interface interchange request can be kept in blacklist by server.
From above technical scheme, this application provides a kind of interface interchange embodiment of the method, the present embodiment application on the server, server is preserved key-value pair, is comprised the first key value and the second key value in key-value pair.Client preserves this key-value pair equally, during the interface that client needs invoking server to provide, can to server transmission interface call request, the first value request, the second value request and the first comparison value is included in interface interchange request, wherein, the first value request is the first key value in key-value pair, the second value request be that client generates, the first comparison value is that client generates according to the first key value, the second key value and the second value request.Server is after receiving interface interchange request, search first key value identical with this first value request, and search the second corresponding key value, use the mode of above-mentioned generation first comparison value, the second value request according to the first key value found and the second key value and client transmission generates the second comparison value, if the second comparison value is identical with the first comparison value that client sends, represent that client is legal, just response interface call request, if different, represent that client is illegal, then refuse interface interchange request.Visible, the present embodiment, before response interface is called, can use the legitimacy of key value to client to judge, avoid the interface interchange of illegitimate client, ensures the safety of interface interchange.
In actual applications, client by the Internet to server transmission interface call request.This process of transmitting, may need through multiple network equipment, as router, switch, gateway etc.Rogue program may monitor the interface interchange request that client sends in the network device, thus steals each key value, and uses the key value stolen to server transmission interface call request, to realize illegal objective.
Such as, rogue program obtains three key values wherein, and then forges another interface interchange request after monitoring interface interchange request that Alipay application sends, amendment payment cipher illegal objective.Three key values got and the payment cipher distorted is included in the interface interchange request of forging.The interface interchange request of forgery is sent to server by rogue program, and payment cipher is revised as the payment cipher distorted by trigger server.
It is appreciated that after rogue program monitors the interface interchange request of client, need to expend the regular hour, forge and transmission interface caller.Therefore, the interface interchange request that the interface interchange request that client sends can be forged than rogue program, earlier arrives server.
Therefore, in order to prevent illegally calling of rogue program, server can judge the interface interchange request received, to determine whether to receive this interface interchange request first.Particularly, see Fig. 2, it illustrates the flow process of the interface interchange embodiment of the method 2 that the application provides.As shown in Figure 2, this interface interchange embodiment of the method 2 can specifically comprise step S201 ~ step S207.
Step S201: the interface interchange request sent in response to client, extracts the first value request, the second value request and the first comparison value that comprise in interface interchange request; Wherein, client preserves one group of target key-value pair that server sends, first value request is the first key value of target key assignments centering, second value request is the numerical value that client generates, and the first comparison value is that client uses the first key value of target key assignments centering, the second key value of target key assignments centering and the second value request to generate.
Step S202: judge whether existence first value request, the second value request and the first comparison value.If not, perform step S203, if so, perform step S207.
Wherein, server, in interface interchange request, extracts the first value request, the second value request and the first comparison value.It can be used as a key data record, and judge whether to store this key data record.
Concrete judgment mode can be, first in each first value request stored, search and whether there is first value request identical with the first value request extracted, if exist, then judge that whether the second value request corresponding to the first value request found is identical with the second value request extracted, if identical, then judge that whether the first comparison value corresponding to the first value request found is identical with the first comparison value extracted.If identical, then perform step S207.If above-mentioned any one to search or the result of deterministic process is no, then perform step S203.
Certainly, above-mentionedly searching and the execution sequence of deterministic process is not limited thereto, can also be other execution sequences.Such as, after finding the first value request, first can judge that whether the first comparison value corresponding to the first value request found is identical with the first comparison value extracted, if identical, then judge that whether the second value request corresponding to the first value request found is identical with the second value request extracted.
It should be noted that, if the judged result of this step is no, represent that the interface interchange request that server receives is legal interface interchange request, then continue to perform step S203 and each step afterwards thereof.If the judged result of this step is yes, represent that server is before receiving this interface interchange request, once received identical interface interchange request, the interface interchange request that this receives may be that rogue program sends, therefore, perform step S207 and refuse interface interchange request.
Step S203: preserve the first value request, the second value request and the first comparison value.
Step S204: at least one group of key-value pair, searches target first key value identical with the first value request, and uses the second key value and the second value request that target first key value, target first key value are corresponding, generates the second comparison value.
Step S205: judge that whether the second comparison value is identical with the first comparison value, if identical, performs step S206, if different, performs step S207.
Step S206: response interface call request.
Step S207: refusal interface interchange request.
It should be noted that, the explanation of other steps in the present embodiment see above-described embodiment 1, can not repeat herein.In addition, the execution sequence of the step S203 in the present embodiment is not limited thereto, needs to perform step S204 and step afterwards thereof, as long as step S203 performs after step S202 after step S202.
From above technical scheme, when the present embodiment receives interface interchange request at every turn, extract the first value request, the second value request and the first comparison value wherein, and judge whether to store the first identical value request, the second value request and the first comparison value, if, then think that the interface interchange request that this receives is sent by rogue program, and then refuse this interface interchange request, the Replay Attack behavior utilizing the key value stolen to implement to prevent rogue program, ensures the safety of interface interchange further.
In above application scenarios, rogue program, after the network equipment monitors interface interchange request, can be forged interface interchange request, and be sent to server.Monitoring behavior in this kind of scene does not hinder the normal transmission of interface interchange request.But rogue program also may be tackled after monitoring interface interchange request, the interface interchange request that legitimate client is sent can not arrive server.For this situation, the safety protective effect of above interface interchange embodiment of the method 2 can lose efficacy.
Therefore, in order to prevent the generation of above-mentioned situation, improve further the fail safe of interface interchange, in interface interchange embodiment of the method 1 and embodiment 2, the second value request extracted can be generate based on the business datum in interface interchange request.
Specifically, the second value request is generated by client and is encapsulated in the interface interchange request of client transmission.As known from the above, client can be utilize random function, generates the second random value request.But client can also use business datum, generate the second value request.
Normally, user end to server transmission interface call request, be a certain service specifically of request, can carry and serve relevant parameter to this, parameter can think business datum.Such as, Alipay application sends password amendment request to Alipay service, then can carry amended password in the interface interchange request sent, amended password then thinks business datum.
Client can use key algorithm as MD5 algorithm, carries out computing to business datum, using the numerical value of generation as the second value request.Or, can also be the key value of random value and the business datum generation using random function to generate, generate the second value request.Such as, be added by random value with key value, generate the second value request, certainly, being added is only a kind of concrete operation example, can also be other modes.
Visible, the second value request of generation, carries the feature of business datum in legitimate client.This second value request is encapsulated in interface interchange request, and this interface interchange request also can have the feature of business datum.
Although rogue program can tackle this interface interchange request, and intercept and capture the first value request, the second value request and the first comparison value, but it can distort business datum wherein, and the business datum of distorting is encapsulated in the interface interchange request of camouflage, therefore, the business datum in the interface interchange request of forgery can change.
Server, after the interface interchange request receiving camouflage, can extract the business datum in interface interchange request, and based on the business datum extracted, generates target second value request.Wherein, server uses client to generate the method for the second value request, generates target second value request.After generation target second value request, re-use target second value request, target first key value and target second key value, generate the second comparison value.
Therefore, if business datum changes, target second value request then generated can change, thus the second comparison value generated also can change, cause the second comparison value also not identical with the first comparison value extracted from interface interchange request, thus server can refuse this interface interchange request.
Certainly, this target second value request and the second value request extracted from interface interchange request, after generation target second value request, can directly be compared by server, if different, then refuse interface interchange request, if identical, and response interface call request.
Corresponding with the above-mentioned interface interchange method being applied in server, this application provides the interface interchange method being applied in client.Below each embodiment of the interface interchange method being applied in client is introduced, it should be noted that, about the interface interchange embodiment of the method being applied in client see the interface interchange embodiment of the method being applied in server above, can not repeat.
See Fig. 3, it illustrates the interface interchange embodiment of the method 1 being applied in client.Client in the present embodiment stores one group of key-value pair, this key-value pair comprises the second key value of the first key value and correspondence.Particularly, client can be before interface interchange, and send key request to server, trigger server generates the first key value and the second key value, and store after being back to client.
As shown in Figure 3, the present embodiment can specifically comprise step S301 ~ step S303.
Step S301: in response to interface interchange instruction, obtains the first key value as the first value request, and generates the second value request.
Wherein, interface interchange instruction can be generated by the operational motion of client.Such as, user wants the payment cipher revising Alipay application, then input amended password and click password amendment icon, thus triggering the interface interchange instruction of generating cipher amendment.
Client end response, in this interface interchange instruction, obtains the first key value preserved in advance, using this first key value as the first value request.Further, client can generate the second value request.As implied above, the second request can be the random value using random function to generate.
Step S302: use the first value request, the second key value and the second value request, generate the first comparison value.
Step S303: the first value request, the second value request and the first comparison value are encapsulated in interface interchange request, and interface interchange request is sent to server, the second comparison value is generated according to interface interchange request with trigger server, when the second comparison value is identical with the first comparison value, response interface call request, when the second comparison value is different from the first comparison value, the request of refusal interface interchange.
It should be noted that, after the interface interchange request comprising the first value request, the second value request and the first comparison value is sent to server by client, trigger server is according to the interface interchange embodiment of the method 1 being applied in server above, this interface interchange request is verified, thus realizes the security invocation of interface.
More than be applied in the interface interchange embodiment of the method 1 of client, the specific implementation generating the second value request in step S301 can comprise: use the business datum in interface interchange instruction, generate the second value request.
Particularly, in the interface interchange instruction that client receives, business datum can be comprised.It should be noted that, in different application scenarioss, business datum is generally different, and the application does not limit it.Such as, in the interface interchange request of Modify password, can comprise amended password, amended password can think business datum.
In actual applications, key algorithm can be used as MD5 algorithm, computing is carried out to business datum, thus generate the second value request.Or, by the key value that random value and key algorithm generate, common generation the second value request.
Be introduced the interface interchange device that the application provides below, it should be noted that, hereafter the explanation of concerned interface calling device see the explanation of interface interchange method above, can not repeat below.
See Fig. 4, it illustrates the structure of the interface interchange device embodiment 1 that the application provides.The present embodiment is applied to server, server is preserved at least one group of key-value pair, comprises the first key value and second key value corresponding with the first key value in key-value pair.As shown in Figure 4, the present embodiment can specifically comprise: key value extraction module 401, first key value searches module 402, comparison value generation module 403, comparison value judge module 404, request respond module 405 and request refusal module 406; Wherein:
Key value extraction module 401, for the interface interchange request sent in response to client, extracts the first value request, the second value request and the first comparison value that comprise in interface interchange request; Wherein, client preserves one group of target key-value pair that server sends, first value request is the first key value of target key assignments centering, second value request is the numerical value that client generates, and the first comparison value is that client uses the first key value of target key assignments centering, the second key value of target key assignments centering and the second value request to generate;
First key value searches module 402, at least one group of key-value pair, searches target first key value identical with the first value request,
Comparison value generation module 403, for using the second key value and the second value request that target first key value, target first key value are corresponding, generates the second comparison value;
Comparison value judge module 404, for judging that whether the second comparison value is identical with the first comparison value, if so, trigger request respond module 405, if not, trigger request refusal module 406;
Request respond module 405, for response interface call request;
Request refusal module 406, for refusing interface interchange request.
From above technical scheme, this application provides a kind of interface interchange device embodiment, the present embodiment application on the server, server is preserved key-value pair, is comprised the first key value and the second key value in key-value pair.Client preserves this key-value pair equally, when the interface that client needs invoking server to provide, can to server transmission interface call request, the first value request, the second value request and the first comparison value is included in interface interchange request, wherein, the first value request is the first key value in key-value pair, the second value request is that client generates, the first comparison value generates according to the first key value, the second key value and the second value request.Server is after receiving interface interchange request, search first key value identical with this first value request, and search the second corresponding key value, use the mode of above-mentioned generation first comparison value, the second value request according to the first key value found and the second key value and client transmission generates the second comparison value, if the second comparison value generated is identical with the first comparison value that client sends, represent that client is legal, just this interface interchange request is responded, if different, represent that client is illegal, then refuse this interface interchange request.Visible, the present embodiment is before response interface is called, and the legitimacy of key value to client can be used to judge, avoid the interface interchange of illegitimate client, interface calling procedure is safer.
In order to avoid the playback behavior of rogue program, improve the fail safe of interface interchange further, this application provides interface interchange device embodiment 2.As shown in Figure 5, the present embodiment, on the basis of interface interchange request unit embodiment 1, can also comprise: key value judge module 407 and key value preserve module 408; Wherein:
Key value judge module 407, for judging whether existence first value request, the second value request and the first comparison value; If not, trigger key value preserves module 408, if so, trigger request refusal module 406;
Key value preserves module 408, for preserving the first value request, the second value request and the first comparison value, and triggers the first key value and searches module 402.
The explanation of other modules of the present embodiment see said apparatus embodiment 1, can not repeat herein.
Particularly, the second value request that key value extraction module 401 extracts is the business datum generation of client based on self; Correspondingly, comparison value generation module 403 can specifically comprise: target second value request generates submodule and comparison value generates submodule; Wherein:
Target second value request generates submodule, for extracting the business datum in interface interchange request, and based on the business datum extracted, generates target second value request;
Comparison value generates submodule, for using the second key value and target second value request that target first key value, target first key value are corresponding, generates the second comparison value.
After this implementation can tackle interface interchange request to rogue program, the interface interchange request of the forgery of transmission is verified, thus prevent rogue program illegally call behavior, ensure the fail safe of interface interchange further.
See Fig. 6, this application provides the structure of the interface interchange device embodiment 1 being applied in client.Client preserves one group of key-value pair, comprises the first key value and the second key value corresponding to the first key value in key-value pair.As shown in Figure 6, the present embodiment can specifically comprise: the first value request acquisition module 601, second value request generation module 602, first comparison value generation module 603 and interface interchange request sending module 604; Wherein:
First value request acquisition module 601, in response to interface interchange instruction, obtains the first key value as the first value request;
Second value request generation module 602, for generating the second value request;
First comparison value generation module 603, for using the first value request, the second key value and the second value request, generates the first comparison value;
Interface interchange request sending module 604, for the first value request, the second value request and the first comparison value are encapsulated in interface interchange request, and interface interchange request is sent to server, the second comparison value is generated according to interface interchange request with trigger server, when the second comparison value is identical with the first comparison value, response interface call request, when the second comparison value is different from the first comparison value, the request of refusal interface interchange.
Wherein, the second value request generation module 602 can specifically comprise: the second value request generates submodule; Wherein: the second value request generates submodule, for using the business datum in interface interchange instruction, generates the second value request.
It should be noted that, each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising above-mentioned key element and also there is other identical element.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the application.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein when not departing from the spirit or scope of the application, can realize in other embodiments.Therefore, the application can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.

Claims (10)

1. an interface interchange method, is characterized in that, is applied to server, described server is preserved at least one group of key-value pair, and comprise the first key value and second key value corresponding with described first key value in described key-value pair, the method comprises:
In response to the interface interchange request that client sends, extract the first value request, the second value request and the first comparison value that comprise in described interface interchange request; Wherein, described client preserves one group of target key-value pair that described server sends, described first value request is the first key value of described target key assignments centering, described second value request is the numerical value that described client generates, and described first comparison value is that described client uses the first key value of described target key assignments centering, the second key value of described target key assignments centering and the second value request to generate;
In described at least one group of key-value pair, search target first key value identical with described first value request, and use the second key value and described second value request that described target first key value, described target first key value are corresponding, generate the second comparison value;
If described second comparison value is identical with described first comparison value, respond described interface interchange request;
If described second comparison value is different from described first comparison value, refuse described interface interchange request.
2. a kind of interface interchange method according to claim 1, is characterized in that, after the first value request, the second value request and the first comparison value that comprise, also comprises in the described interface interchange request of described extraction:
Judge whether to there is described first value request, the second value request and the first comparison value;
If not, preserve the first value request, the second value request and the first comparison value, and perform in described at least one group of key-value pair, search target first key value identical with described first value request;
If so, described interface interchange request is refused.
3. a kind of interface interchange method according to claim 1 and 2, is characterized in that, to be described client generate based on self business datum described second value request extracted;
Correspondingly, the second key value that described use described target first key value, described target first key value are corresponding and described second value request, generate the second comparison value, comprising:
Extract the business datum in interface interchange request, and based on the business datum extracted, generate target second value request;
Use the second key value and described target second value request that described target first key value, described target first key value are corresponding, generate the second comparison value.
4. an interface interchange method, is characterized in that, is applied to client, and described client preserves one group of key-value pair, and comprise the first key value and the second key value corresponding to described first key value in described key-value pair, the method comprises:
In response to interface interchange instruction, obtain described first key value as the first value request, and generate the second value request;
Use described first value request, described second key value and described second value request, generate the first comparison value;
Described first value request, described second value request and described first comparison value are encapsulated in interface interchange request, and described interface interchange request is sent to server, the second comparison value is generated according to described interface interchange request to trigger described server, when described second comparison value is identical with described first comparison value, respond described interface interchange request, when described second comparison value is different from described first comparison value, refuse described interface interchange request.
5. a kind of interface interchange method according to claim 4, is characterized in that, described generation second value request, comprising:
Use the business datum in described interface interchange instruction, generate described second value request.
6. an interface interchange device, is characterized in that, is applied to server, described server is preserved at least one group of key-value pair, and comprise the first key value and second key value corresponding with described first key value in described key-value pair, this device comprises:
Key value extraction module, for the interface interchange request sent in response to client, extracts the first value request, the second value request and the first comparison value that comprise in described interface interchange request; Wherein, described client preserves one group of target key-value pair that described server sends, described first value request is the first key value of described target key assignments centering, described second value request is the numerical value that described client generates, and described first comparison value is that described client uses the first key value of described target key assignments centering, the second key value of described target key assignments centering and the second value request to generate;
First key value searches module, in described at least one group of key-value pair, searches target first key value identical with described first value request,
Comparison value generation module, for using the second key value and described second value request that described target first key value, described target first key value are corresponding, generates the second comparison value;
Comparison value judge module, for judging that whether described second comparison value is identical with described first comparison value, if so, trigger request respond module, if not, trigger request refusal module;
Request respond module, for responding described interface interchange request;
Request refusal module, for refusing described interface interchange request.
7. a kind of interface interchange device according to claim 6, is characterized in that, also comprise:
, there is described first value request, the second value request and the first comparison value for judging whether in key value judge module; If not, trigger key value preserves module, if so, trigger request refusal module;
Key value preserves module, for preserving the first value request, the second value request and the first comparison value, and triggers the first key value and searches module.
8. a kind of interface interchange device according to claim 6 or 7, is characterized in that, described second value request that key value extraction module extracts, what to be described client generated based on self business datum;
Correspondingly, described comparison value generation module comprises:
Target second value request generates submodule, for extracting the business datum in interface interchange request, and based on the business datum extracted, generates target second value request;
Comparison value generates submodule, for using the second key value and described target second value request that described target first key value, described target first key value are corresponding, generates the second comparison value.
9. an interface interchange device, is characterized in that, is applied to client, and described client preserves one group of key-value pair, and comprise the first key value and the second key value corresponding to described first key value in described key-value pair, this device comprises:
First value request acquisition module, in response to interface interchange instruction, obtains described first key value as the first value request;
Second value request generation module, for generating the second value request;
First comparison value generation module, for using described first value request, described second key value and described second value request, generates the first comparison value;
Interface interchange request sending module, for described first value request, described second value request and described first comparison value are encapsulated in interface interchange request, and described interface interchange request is sent to server, the second comparison value is generated according to described interface interchange request to trigger described server, when described second comparison value is identical with described first comparison value, respond described interface interchange request, when described second comparison value is different from described first comparison value, refuse described interface interchange request.
10. a kind of interface interchange device according to claim 9, is characterized in that, described second value request generation module comprises:
Second value request generates submodule, for using the business datum in described interface interchange instruction, generates described second value request.
CN201510642977.8A 2015-09-30 2015-09-30 A kind of interface call method and device Active CN105187449B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510642977.8A CN105187449B (en) 2015-09-30 2015-09-30 A kind of interface call method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510642977.8A CN105187449B (en) 2015-09-30 2015-09-30 A kind of interface call method and device

Publications (2)

Publication Number Publication Date
CN105187449A true CN105187449A (en) 2015-12-23
CN105187449B CN105187449B (en) 2018-10-02

Family

ID=54909293

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510642977.8A Active CN105187449B (en) 2015-09-30 2015-09-30 A kind of interface call method and device

Country Status (1)

Country Link
CN (1) CN105187449B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778250A (en) * 2016-12-16 2017-05-31 四川长虹电器股份有限公司 The method whether determining interface is illegally called
CN106850231A (en) * 2017-02-22 2017-06-13 济南浪潮高新科技投资发展有限公司 A kind of method of protection interface safety, service end and system, a kind of client
CN109284603A (en) * 2017-07-20 2019-01-29 腾讯科技(深圳)有限公司 A kind of configuration data processing method, device and storage medium
WO2019148717A1 (en) * 2018-02-05 2019-08-08 平安科技(深圳)有限公司 Device and method for verifying request validity, and computer readable storage medium

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020161903A1 (en) * 2001-04-30 2002-10-31 Besaw Lawrence M. System for secure access to information provided by a web application
US20030212890A1 (en) * 1995-07-31 2003-11-13 Dircks Charles E. Network provider loop security system and method
US20100287229A1 (en) * 2009-05-05 2010-11-11 Paul A. Lipari System and method for processing user interface events
CN102006306A (en) * 2010-12-08 2011-04-06 广东高新兴通信股份有限公司 Security authentication method for WEB service
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client
CN102868533A (en) * 2012-09-13 2013-01-09 中科华核电技术研究院有限公司 Method and system for verifying resource access authorization
CN102916965A (en) * 2012-10-29 2013-02-06 广州杰赛科技股份有限公司 Safety authentication mechanism and safety authentication system thereof for cloud service interfaces
CN103139163A (en) * 2011-11-29 2013-06-05 阿里巴巴集团控股有限公司 Data access method, server and terminal
CN103179176A (en) * 2011-12-26 2013-06-26 中国移动通信集团公司 Call method, device and system for web application in cloud/cluster environment
CN103179111A (en) * 2013-03-11 2013-06-26 无锡中科泛在信息技术研发中心有限公司 Method for preventing illegal calling of Web service
CN103685192A (en) * 2012-09-18 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for limiting calling launched by third-party application
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
US20140358780A1 (en) * 2013-06-04 2014-12-04 Robb Fujioka Access control systems
CN104199657A (en) * 2014-08-27 2014-12-10 百度在线网络技术(北京)有限公司 Call method and device for open platform
CN104426658A (en) * 2013-09-02 2015-03-18 中国移动通信集团公司 Method and device for performing identity authentication on application on mobile terminal
CN104463584A (en) * 2014-11-13 2015-03-25 广东优迈信息通信股份有限公司 Method for achieving mobile terminal App safety payment
CN104639650A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Fine granularity distributive interface access control method and device
CN104767766A (en) * 2015-05-08 2015-07-08 广州视源电子科技股份有限公司 Web Service interface verification method, Web Service server and client
CN104780176A (en) * 2015-04-28 2015-07-15 中国科学院微电子研究所 Method and system for securely calling representational state transfer application programming interface
CN104935568A (en) * 2015-04-20 2015-09-23 成都康赛信息技术有限公司 Interface authentication signature method facing cloud platform

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030212890A1 (en) * 1995-07-31 2003-11-13 Dircks Charles E. Network provider loop security system and method
US20020161903A1 (en) * 2001-04-30 2002-10-31 Besaw Lawrence M. System for secure access to information provided by a web application
US20100287229A1 (en) * 2009-05-05 2010-11-11 Paul A. Lipari System and method for processing user interface events
CN102006306A (en) * 2010-12-08 2011-04-06 广东高新兴通信股份有限公司 Security authentication method for WEB service
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client
CN103139163A (en) * 2011-11-29 2013-06-05 阿里巴巴集团控股有限公司 Data access method, server and terminal
CN103179176A (en) * 2011-12-26 2013-06-26 中国移动通信集团公司 Call method, device and system for web application in cloud/cluster environment
CN102868533A (en) * 2012-09-13 2013-01-09 中科华核电技术研究院有限公司 Method and system for verifying resource access authorization
CN103685192A (en) * 2012-09-18 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for limiting calling launched by third-party application
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN102916965A (en) * 2012-10-29 2013-02-06 广州杰赛科技股份有限公司 Safety authentication mechanism and safety authentication system thereof for cloud service interfaces
CN103179111A (en) * 2013-03-11 2013-06-26 无锡中科泛在信息技术研发中心有限公司 Method for preventing illegal calling of Web service
US20140358780A1 (en) * 2013-06-04 2014-12-04 Robb Fujioka Access control systems
CN104426658A (en) * 2013-09-02 2015-03-18 中国移动通信集团公司 Method and device for performing identity authentication on application on mobile terminal
CN104199657A (en) * 2014-08-27 2014-12-10 百度在线网络技术(北京)有限公司 Call method and device for open platform
CN104463584A (en) * 2014-11-13 2015-03-25 广东优迈信息通信股份有限公司 Method for achieving mobile terminal App safety payment
CN104639650A (en) * 2015-02-27 2015-05-20 杭州华三通信技术有限公司 Fine granularity distributive interface access control method and device
CN104935568A (en) * 2015-04-20 2015-09-23 成都康赛信息技术有限公司 Interface authentication signature method facing cloud platform
CN104780176A (en) * 2015-04-28 2015-07-15 中国科学院微电子研究所 Method and system for securely calling representational state transfer application programming interface
CN104767766A (en) * 2015-05-08 2015-07-08 广州视源电子科技股份有限公司 Web Service interface verification method, Web Service server and client

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106778250A (en) * 2016-12-16 2017-05-31 四川长虹电器股份有限公司 The method whether determining interface is illegally called
CN106850231A (en) * 2017-02-22 2017-06-13 济南浪潮高新科技投资发展有限公司 A kind of method of protection interface safety, service end and system, a kind of client
CN109284603A (en) * 2017-07-20 2019-01-29 腾讯科技(深圳)有限公司 A kind of configuration data processing method, device and storage medium
CN109284603B (en) * 2017-07-20 2022-07-01 腾讯科技(深圳)有限公司 Configuration data processing method and device and storage medium
WO2019148717A1 (en) * 2018-02-05 2019-08-08 平安科技(深圳)有限公司 Device and method for verifying request validity, and computer readable storage medium

Also Published As

Publication number Publication date
CN105187449B (en) 2018-10-02

Similar Documents

Publication Publication Date Title
CN110290148B (en) Defense method, device, server and storage medium for WEB firewall
CN107872467A (en) Honey jar active defense method and honey jar Active Defending System Against based on Serverless frameworks
Naved et al. Supervise the data security and performance in cloud using artificial intelligence
CN110166435B (en) Mimicry Web gateway system and method for dynamic scheduling by adopting load balancing
CN105991595A (en) Network security protection method and device
CN104281794A (en) Password storing and verifying method and password storing and verifying device
CN105429953B (en) A kind of methods, devices and systems for accessing website
CN105187449A (en) Interface calling method and device
CN102801717B (en) Login validation method and system
CN104735065A (en) Data processing method, electronic device and server
CN105357216A (en) Secure access method and system
CN103384240B (en) A kind of P2P active defense method and system
CN104333529A (en) Detection method and system of HTTP DOS (Denial of Service) attack under cloud computing environment
US20190190934A1 (en) Mitigating against malicious login attempts
CN101901232A (en) Method and device for processing webpage data
CN104768139A (en) Method and device for sending short messages
CN107770125A (en) A kind of network security emergency response method and emergency response platform
CN112434304A (en) Method, server and computer readable storage medium for defending network attack
CN105447385A (en) Multilayer detection based application type database honey pot realization system and method
CN113472789B (en) Attack detection method, attack detection system, storage medium and electronic device
CN108737390A (en) Protect the authentication method and system of user name privacy
CN107220545A (en) A kind of hardware encryption system, method and server
CN116155538A (en) Privacy protection method, device, electronic equipment and computer storage medium
CN106130968A (en) A kind of identity identifying method and system
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant