CN105306534A - Information verification method based on open platform and open platform - Google Patents
Information verification method based on open platform and open platform Download PDFInfo
- Publication number
- CN105306534A CN105306534A CN201510603494.7A CN201510603494A CN105306534A CN 105306534 A CN105306534 A CN 105306534A CN 201510603494 A CN201510603494 A CN 201510603494A CN 105306534 A CN105306534 A CN 105306534A
- Authority
- CN
- China
- Prior art keywords
- call request
- party
- open platform
- signature
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/53—Network services using third party service providers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
The embodiment of the invention relates to the technical field of communications, in particular to an information verification method based on an open platform and the open platform, and aims to enhance the security in calling of the open platform by a third party. In the embodiment of the invention, the method comprises the following steps that: the open platform receives a calling request sent by the third party; when the calling request is determined to include a system parameter, an application parameter and a signature, the open platform generates a signature according to a preset rule based on the system parameter and the application system included in the calling request; and if the signature generated by the open platform is consistent with the signature included in the calling request, the signature included in the calling request is verified successfully. Each calling request uniquely corresponds to one set of system parameter and application parameter, so that each calling request uniquely corresponds to one signature. Thus, even if other people intercept the signature in the calling request, the signature in the calling request cannot be applied to other calling requests, thereby preventing other people from counterfeiting signatures, and enhancing the security in calling of the open platform by the third party.
Description
Technical field
The embodiment of the present invention relates to the communications field, particularly relates to a kind of information calibration method based on open platform and open platform.
Background technology
Internet era, the application programming interface (ApplicationProgrammingInterface that the service encapsulates of website becomes series of computation machine easy to identify, be called for short API) open away, for third party, this behavior is called opening API (OpenAPI), provides the platform of opening API to be inherently called as open platform.
Third party visits open platform by calling opening API, to use the resource of open platform, increase the function of open platform or realize the function of this third-party application.Third party, as an independently content supplier, by its product is published to open platform, thus obtains certain brand or fund income.Along with the great development of whole the Internet opening API, a large amount of third-party application is swarmed appearance, and therefore, improving third party, to call the problem of the fail safe of open platform extremely urgent.
Summary of the invention
The embodiment of the present invention provides a kind of information calibration method based on open platform and open platform, calls the fail safe of open platform in order to improve third party.
The embodiment of the present invention provides a kind of information calibration method based on open platform, comprises the following steps:
Open platform receives the call request that third party sends;
Open platform is when determining that call request comprises system parameters, application parameter and signature, and by preset rules, the system parameters comprised based on call request and application parameter generate signature;
If the signature that open platform generates is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.
Alternatively, by preset rules, the system parameters comprised based on call request and application parameter generate signature, comprising:
System parameters and application parameter are sorted, obtains First ray; Wherein, system parameters comprises third party's PKI and timestamp; Application parameter and call request are relations one to one;
By adding the uniform resource locator URL network address of the API mark correspondence that call request comprises before First ray, third party's private key will be added after First ray, obtaining the second sequence;
Second sequence is encoded, obtains the 3rd sequence;
Hash is carried out to the 3rd sequence, is signed.
Alternatively, the second sequence is encoded, obtains the 3rd sequence, specifically comprise:
First second sequence is carried out to 8 variable length character coding UTF-8 codings of Unicode, the second sequence after encoding is used hexadecimal HEX coding, obtains the 3rd sequence.
Alternatively, also comprise:
When the signature that open platform generates is consistent with the signature that call request comprises, call request is verified;
If call request meets the second verification condition, then to call request verification succeeds;
Wherein, the second verification condition comprises any one in following content or appoints several:
Open platform determines to the number of times verification succeeds of the call request that third party sends, open platform the timestamp verification succeeds that API corresponding to API mark that third party comprises call request has access rights, open platform to comprise call request.
Alternatively, call request comprises third party's mark;
The number of times verification succeeds of open platform to the call request that third party sends is determined in the following manner:
Open platform identifies according to third party, determines the number of times of the call request that third party sends in current period;
If the number of times of the call request that the third party that open platform is determined sends in current period is less than frequency threshold value, then open platform determines the number of times verification succeeds to the call request that third party sends.
Alternatively, call request comprises third party's mark and application programming interface API mark;
The API of third party to the API mark correspondence that call request comprises has access rights to determine in the following manner:
The corresponding relation that open platform has the API of access rights to identify according to the third party's mark preset and third party, determines that third party identifies all API marks that corresponding third party has access rights;
Have the API of access rights to identify if the API mark that open platform determination call request comprises belongs to the third party determined, then open platform determines that the API of third party to the API mark correspondence that call request comprises has access rights.
Alternatively, call request comprises timestamp;
Open platform is determined in the following manner to the timestamp verification succeeds that call request comprises:
Open platform obtains the timestamp that call request comprises;
If the duration of open platform determination timestamp distance current time is less than duration threshold value, then open platform timestamp verification succeeds that call request is comprised.
Alternatively, call request is that Hyper text transfer security protocol HTTPS asks, and call request use safety socket layer SSL is encrypted; System parameters in call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) HTTPGET.
The embodiment of the present invention provides a kind of open platform, comprising:
Receiving element, for receiving the call request that third party sends;
Processing unit, for when determining that call request comprises system parameters, application parameter and signature, by preset rules, the system parameters comprised based on call request and application parameter generate signature; If the signature generated is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.
Alternatively, processing unit, specifically for:
System parameters and application parameter are sorted, obtains First ray; Wherein, system parameters comprises third party's PKI and timestamp; Application parameter and call request are relations one to one;
By adding the uniform resource locator URL network address of the API mark correspondence that call request comprises before First ray, third party's private key will be added after First ray, obtaining the second sequence;
Second sequence is encoded, obtains the 3rd sequence;
Hash is carried out to the 3rd sequence, is signed.
Alternatively, the second sequence is encoded, obtains the 3rd sequence, specifically comprise:
First second sequence is carried out to 16 variable length character coding UTF-16 codings of Unicode, the second sequence after encoding is used hexadecimal HEX coding, obtains the 3rd sequence.
Alternatively, processing unit, also for:
When the signature generated is consistent with the signature that call request comprises, call request is verified;
If call request meets the second verification condition, then to call request verification succeeds;
Wherein, the second verification condition comprises any one in following content or appoints several:
To the number of times verification succeeds of the call request that third party sends, determine the timestamp verification succeeds that API corresponding to API mark that third party comprises call request has access rights, comprises call request.
Alternatively, call request comprises third party's mark;
The number of times verification succeeds of the call request that third party sends is determined in the following manner:
Processing unit, for according to third party's mark, determines the number of times of the call request that third party sends in current period; If the number of times of the call request that the third party determined sends in current period is less than frequency threshold value, then determine the number of times verification succeeds to the call request that third party sends.
Alternatively, call request comprises third party's mark and application programming interface API mark;
The API of third party to the API mark correspondence that call request comprises has access rights to determine in the following manner:
Processing unit, for the corresponding relation having the API of access rights to identify according to the third party's mark preset and third party, determines that third party identifies all API marks that corresponding third party has access rights; The API mark that call request comprises if determine belongs to the third party determined has the API of access rights to identify, then determine that the API of third party to the API mark correspondence that call request comprises has access rights.
Alternatively, call request comprises timestamp;
The timestamp verification succeeds that call request comprises is determined in the following manner:
Processing unit, for obtaining the timestamp that call request comprises; If determine, the duration of timestamp distance current time is less than duration threshold value, then to the timestamp verification succeeds that call request comprises.
Alternatively, call request is that Hyper text transfer security protocol HTTPS asks, and call request use safety socket layer SSL is encrypted; System parameters in call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) HTTPGET.
In the embodiment of the present invention, open platform receives the call request that third party sends, open platform is when determining that call request comprises system parameters, application parameter and signature, by preset rules, the system parameters comprised based on call request and application parameter generate signature, if the signature that open platform generates is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.In the embodiment of the present invention, after the information of carrying in call request meets the requirement of open platform, also need to verify the signature in call request, and system parameters and application parameter generate by preset rules by signature, as long as therefore there is with open platform the third party arranged and could meet and verify requirement, the content of agreement comprises the information that call request is carried and the preset rules generating signature; Further due to the unique corresponding set of system parameter of each call request and application parameter, therefore the unique corresponding signature of each call request, so, even if there are other people to intercept and capture signature in this call request, also the signature in this call request can not be used in other call request, thus the situation preventing other people to forge a signature occurs.Signature in call request can be verified in the embodiment of the present invention, and signature generates according to system parameters and application parameter, improve the fail safe that third party calls open platform.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly introduced, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the system architecture schematic diagram that the embodiment of the present invention is suitable for;
A kind of information calibration method schematic flow sheet based on open platform that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of open platform that Fig. 3 provides for the embodiment of the present invention.
Embodiment
In order to make object of the present invention, technical scheme and beneficial effect clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
As shown in Figure 1, the system architecture schematic diagram that the embodiment of the present invention is applicable.This system architecture comprises open platform 100, multiple third parties that open platform 100 is connected by network, such as third party 101 and third party 102.Multiple terminal, such as terminal 103, terminal 104, terminal 105, terminal 106 and terminal 107, multiple terminal connects third party by network, and terminal can be mobile phone terminal, PC terminal, tablet terminal etc.
Terminal can send service request to third party, after third party receives this service request, analyzes this service request, and determines one or several opening API needing the open platform called for this service request.Third direction open platform sends call request, the API that request call open platform is open, open platform verifies call request, after verification is qualified, open platform returns to third party and calls response, to tell that third party allows third-partyly this time to call.Or when verifying unsuccessfully, open platform returns failure response to third party, to tell third party this time malloc failure malloc.Open platform 100 provides multiple opening API, calls for third party.
Based on the system architecture shown in Fig. 1, Fig. 2 shows a kind of information calibration method based on open platform and device that the embodiment of the present invention provides, and comprises the following steps:
Step 201, open platform receives the call request that third party sends;
Step 202, open platform is when determining that call request comprises system parameters, application parameter and signature, and by preset rules, the system parameters comprised based on call request and application parameter generate signature;
Step 203, if the signature that open platform generates is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.
Specifically, the signature that the call request that third party sends comprises is that system parameters and application parameter generate by preset rules by third party.After open platform receives call request, the signature that the signature generate open platform and call request comprise is compared, and when signing consistent, confirms the signature check success that call request comprises.If other people has intercepted and captured the signature in certain call request, and be carried on forging a signature in illegal call request, and when sending to open platform, due to all unique corresponding set of system parameter of each call request and application parameter, therefore all unique corresponding signature of each call request, open platform receives this illegal call request, certain different from the signature of this forgery with the signature that application parameter and preset rules generate according to the system parameters of carrying in the call request that this is illegal, thus achieve the object that open platform verifies call request according to the signature that call request comprises, and then improve the fail safe that third party calls open platform.
Application parameter in the embodiment of the present invention in call request refers to the parameter of the application level that this this call request sent of third party is corresponding, order number, Order Date, the order amount of money etc. in the service application such as this time corresponding to call request.Under system parameters in call request refers to default situations, third party must to open platform provide parameter, such as, timestamp (timestamp) and third party's PKI (consumer_key).
One is preferred embodiment, and call request is that Hyper text transfer security protocol HTTPS asks, and call request use safety socket layer (SecureSocketsLayer is called for short SSL) is encrypted.System parameters in call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) (HyperTextTransferProtocol is called for short HTTP) GET.So, then compare traditional mode system parameters by HTTPHeader, method is simpler.
By preset rules, the system parameters comprised based on call request and application parameter generate signature, comprising:
System parameters and application parameter are sorted, obtains First ray; Wherein, system parameters comprises third party's PKI and timestamp; Application parameter and call request are relations one to one; By adding the uniform resource locator URL network address of the API mark correspondence that call request comprises before First ray, third party's private key will be added after First ray, obtaining the second sequence; Second sequence is encoded, obtains the 3rd sequence; Hash is carried out to the 3rd sequence, is signed.
Third party's private key, as the parameter of in system parameters, sends to open platform by third party.Alternatively, the third party's PKI in the embodiment of the present invention can be third-party account information, and third party's private key can be encrypted message corresponding to third-party account information.Third-party PKI and third-party private key all have third party to send to open platform.
Alternatively, sequence is carried out to system parameters and application parameter and obtains First ray, system parameters and application parameter can be sorted successively according to the order of the initial of parameter name, between parameters, use connector " & " to connect.
Alternatively, the second sequence is encoded, obtains the 3rd sequence, specifically comprise:
First second sequence is carried out to 8 variable length character coding (8-bitUnicodeTransformationFormat of Unicode, be called for short UTF-8) coding, the second sequence after encoding is used hexadecimal (HEX) coding, obtains the 3rd sequence.Specifically, obtain the 3rd sequence after using HEX coding and all there is uniqueness under any programming language environment.The correctness of the 3rd sequence under any programming language environment is ensure that by twice coding.
Call request comprises the API of the open platform that this call request this time need be called, and call request comprises the mark of the API that this call request need be called.
Give an example, First ray is:
consumer_key=7284397484&restaurant_id=123×tamp=1374908054
In the embodiment of the present invention, system parameters and application parameter are sorted, obtains First ray.Wherein, " consumer_key=7284397484 " and " timestamp=1374908054 " is system parameters, and " restaurant_id=123 " is application parameter corresponding to this call request.
Afterwards, by adding the URL network address of the API mark correspondence that call request comprises before First ray, third party's private key will be added after First ray.Alternatively, add between the URL network address and First ray of the second sequence question mark "? ", obtaining the second sequence is:
http://example.net/restaurants/?consumer_key=7284397484&restaurant_id=123×tamp=13749080544d31ba58fd73c71db697ab5e4946d52d
Carry out UTF-8 coding and HEX coding successively to the second sequence, obtaining the 3rd sequence is:
687474703a2f2f6578616d706c652e6e65742f72657374617572616e74732f3f636f6e73756d65725f6b65793d373238343339373438342672657374617572616e745f69643d3132332674696d657374616d703d313337343930383035343464333162613538666437336337316462363937616235653439343664353264
Carry out Hash to the 3rd sequence, obtaining signature is:
45f933de65a6e14ee142fababd223d006fa13eb0
In above-mentioned flow process, after obtaining signature, the signature obtained is carried in call request, sends to open platform, to make open platform, the 3rd signature that call request comprises is verified.
Alternatively, when the signature that open platform generates is consistent with the signature that call request comprises, call request is verified; If call request meets the second verification condition, then to call request verification succeeds;
Wherein, the second verification condition comprises any one in following content or appoints several:
Open platform determines to the number of times verification succeeds of the call request that third party sends, open platform the timestamp verification succeeds that API corresponding to API mark that third party comprises call request has access rights, open platform to comprise call request.
Specifically, call request comprises timestamp;
Open platform is determined in the following manner to the timestamp verification succeeds that call request comprises:
Open platform obtains the timestamp that call request comprises; If the duration of open platform determination timestamp distance current time is less than duration threshold value, then open platform timestamp verification succeeds that call request is comprised.
If the duration of open platform determination timestamp distance current time is not less than duration threshold value, then the timestamp that call request comprises is verified unsuccessfully.Alternatively, timestamp verifies and unsuccessfully can return miscue to third party.
So, then after preventing other non-this call request of third-party server intercepts, this call request imitated, the opening API of polyphony open platform of laying equal stress on.Duration threshold value is an empirical value, such as can be five minutes.
Specifically, call request comprises third party's mark; The number of times verification succeeds of open platform to the call request that third party sends is determined in the following manner:
Open platform identifies according to third party, determines the number of times of the call request that third party sends in current period; If the number of times of the call request that the third party that open platform is determined sends in current period is less than frequency threshold value, then open platform determines the number of times verification succeeds to the call request that third party sends.
If the number of times of the call request that the third party that open platform is determined sends in current period is not less than frequency threshold value, then determine that number of times third party being identified to corresponding call request verifies unsuccessfully.Alternatively, the number of times identifying corresponding call request to third party can return miscue to third party when verifying unsuccessfully.
Preferably, after this third party's call request verification succeeds of confirmation, the number of times of call request third-party in current period is added 1, preferably, counter can be used to count for the number of times of the call request in third-party each cycle.
So, open platform can based on the parameter such as third-party cooperation, technical merit, do a classification to different third parties, the frequency threshold value of the call request that the third party of different brackets is corresponding is different.Alternatively, for each third party, open platform in caching server for each third party's correspondence provides a counter, counter cycle automatic clear, third party often sends out a call request within each cycle, and counter corresponding to this third party all correspondence can add 1.Frequency threshold value is a conventional value, such as can be 5 times.
Give an example, counter was every 1 minute automatic clear, frequency threshold value is 5, if then the call request transmission times of this third party in current period is more than 5 times, then refuse third party's other call request in current period, and return miscue to third party, or report to the police to system manager's delivery email, facilitate system manager to check third party.So, efficiently solve third party in case of a failure, send the problem of a large amount of call request to open platform, protect when large call request amount, the safety and stability of the underlying services system of open platform.
Alternatively, call request comprises third party's mark and application programming interface API mark; The API of third party to the API mark correspondence that call request comprises has access rights to determine in the following manner:
The corresponding relation that open platform has the API of access rights to identify according to the third party's mark preset and third party, determines that third party identifies all API marks that corresponding third party has access rights;
Have the API of access rights to identify if the API mark that open platform determination call request comprises belongs to the third party determined, then open platform determines that the API of third party to the API mark correspondence that call request comprises has access rights.
Alternatively, have the API of access rights to identify if the API mark that open platform determination call request comprises does not belong to the third party determined, then open platform determines that the API of third party to the API mark correspondence that call request comprises does not have access rights.Alternatively, when open platform determines that API corresponding to API mark that third party comprises call request does not have access rights, miscue can be returned to third party.
Specifically, authority corresponding to each opening API may be different, and a same third party, only may allow this third party's access portion API, can be each third party in the embodiment of the present invention, configure the API that this third party has access rights.
Preferably, call request is that Hyper text transfer security protocol HTTPS asks, and call request use safety socket layer SSL is encrypted.So, ensure that call request is in transmitting procedure, can not be stolen by others, further ensure the fail safe of call request transmission.
It can be seen from the above: in the embodiment of the present invention, open platform receives the call request that third party sends, open platform is when determining that call request comprises system parameters, application parameter and signature, by preset rules, the system parameters comprised based on call request and application parameter generate signature, if the signature that open platform generates is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.In the embodiment of the present invention, after the information of carrying in call request meets the requirement of open platform, also need to verify the signature in call request, and system parameters and application parameter generate by preset rules by signature, as long as therefore there is with open platform the third party arranged and could meet and verify requirement, the content of agreement comprises the information that call request is carried and the preset rules generating signature; Further due to the unique corresponding set of system parameter of each call request and application parameter, therefore the unique corresponding signature of each call request, so, even if there are other people to intercept and capture signature in this call request, also the signature in this call request can not be used in other call request, thus the situation preventing other people to forge a signature occurs.Signature in call request can be verified in the embodiment of the present invention, and signature generates according to system parameters and application parameter, improve the fail safe that third party calls open platform.
Fig. 3 illustrates the structural representation of a kind of open platform that the embodiment of the present invention provides.
Based on same idea, the embodiment of the present invention provides a kind of structural representation of open platform, as shown in Figure 3, comprises receiving element 301 and processing unit 302:
Receiving element, for receiving the call request that third party sends;
Processing unit, for when determining that call request comprises system parameters, application parameter and signature, by preset rules, the system parameters comprised based on call request and application parameter generate signature; If the signature generated is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.
Alternatively, processing unit, specifically for:
System parameters and application parameter are sorted, obtains First ray; Wherein, system parameters comprises third party's PKI and timestamp; Application parameter and call request are relations one to one;
By adding the uniform resource locator URL network address of the API mark correspondence that call request comprises before First ray, third party's private key will be added after First ray, obtaining the second sequence; Second sequence is encoded, obtains the 3rd sequence; Hash is carried out to the 3rd sequence, is signed.
Alternatively, the second sequence is encoded, obtains the 3rd sequence, specifically comprise:
First second sequence is carried out to 16 variable length character coding UTF-16 codings of Unicode, the second sequence after encoding is used hexadecimal HEX coding, obtains the 3rd sequence.
Alternatively, processing unit, also for: generate signature consistent with the signature that call request comprises time, call request is verified;
If call request meets the second verification condition, then to call request verification succeeds;
Wherein, the second verification condition comprises any one in following content or appoints several:
To the number of times verification succeeds of the call request that third party sends, determine the timestamp verification succeeds that API corresponding to API mark that third party comprises call request has access rights, comprises call request.
Alternatively, call request comprises third party's mark;
The number of times verification succeeds of the call request that third party sends is determined in the following manner:
Processing unit, for according to third party's mark, determines the number of times of the call request that third party sends in current period; If the number of times of the call request that the third party determined sends in current period is less than frequency threshold value, then determine the number of times verification succeeds to the call request that third party sends.
Alternatively, call request comprises third party's mark and application programming interface API mark;
The API of third party to the API mark correspondence that call request comprises has access rights to determine in the following manner:
Processing unit, for the corresponding relation having the API of access rights to identify according to the third party's mark preset and third party, determines that third party identifies all API marks that corresponding third party has access rights; The API mark that call request comprises if determine belongs to the third party determined has the API of access rights to identify, then open platform determines that the API of third party to the API mark correspondence that call request comprises has access rights.
Alternatively, call request comprises timestamp; The timestamp verification succeeds that call request comprises is determined in the following manner:
Processing unit, for obtaining the timestamp that call request comprises; If determine, the duration of timestamp distance current time is less than duration threshold value, then to the timestamp verification succeeds that call request comprises.
Alternatively, call request is that Hyper text transfer security protocol HTTPS asks, and call request use safety socket layer SSL is encrypted; System parameters in call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) HTTPGET.
It can be seen from the above: in the embodiment of the present invention, open platform receives the call request that third party sends, open platform is when determining that call request comprises system parameters, application parameter and signature, by preset rules, the system parameters comprised based on call request and application parameter generate signature, if the signature that open platform generates is consistent with the signature that call request comprises, then the signature check that comprises of call request successfully.In the embodiment of the present invention, after the information of carrying in call request meets the requirement of open platform, also need to verify the signature in call request, and system parameters and application parameter generate by preset rules by signature, as long as therefore there is with open platform the third party arranged and could meet and verify requirement, the content of agreement comprises the information that call request is carried and the preset rules generating signature; Further due to the unique corresponding set of system parameter of each call request and application parameter, therefore the unique corresponding signature of each call request, so, even if there are other people to intercept and capture signature in this call request, also the signature in this call request can not be used in other call request, thus the situation preventing other people to forge a signature occurs.Signature in call request can be verified in the embodiment of the present invention, and signature generates according to system parameters and application parameter, improve the fail safe that third party calls open platform.
Those skilled in the art should understand, embodiments of the invention can be provided as method or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (16)
1. based on an information calibration method for open platform, it is characterized in that, comprise the following steps:
Open platform receives the call request that third party sends;
Described open platform is when determining that described call request comprises system parameters, application parameter and signature, and by preset rules, the described system parameters comprised based on described call request and described application parameter generate signature;
If the signature that described open platform generates is consistent with the signature that described call request comprises, then the signature check that comprises of described call request successfully.
2. the method for claim 1, is characterized in that, described by preset rules, and the described system parameters comprised based on described call request and described application parameter generate signature, comprising:
Described system parameters and described application parameter are sorted, obtains First ray; Wherein, described system parameters comprises described third party's PKI and timestamp; Described application parameter and described call request are relations one to one;
By adding the uniform resource locator URL network address of the API mark correspondence that described call request comprises before described First ray, adding third party's private key by after described First ray, obtaining the second sequence;
Described second sequence is encoded, obtains the 3rd sequence;
Hash is carried out to described 3rd sequence, obtains described signature.
3. method as claimed in claim 2, is characterized in that, describedly described second sequence is encoded, and obtains the 3rd sequence, specifically comprises:
First described second sequence is carried out to 8 variable length character coding UTF-8 codings of Unicode, described second sequence after encoding is used hexadecimal HEX coding, obtains described 3rd sequence.
4. the method as described in claim as arbitrary in claims 1 to 3, is characterized in that, also comprise:
When the signature that described open platform generates is consistent with the signature that described call request comprises, described call request is verified;
If described call request meets the second verification condition, then to described call request verification succeeds;
Wherein, described second verification condition comprises any one in following content or appoints several:
Described open platform determines to the number of times verification succeeds of the call request that described third party sends, described open platform the described timestamp verification succeeds that the API of described third party to the API mark correspondence that described call request comprises has access rights, described open platform to comprise described call request.
5. method as claimed in claim 4, is characterized in that, described call request comprises third party's mark;
The number of times verification succeeds of described open platform to the call request that described third party sends is determined in the following manner:
Described open platform identifies according to described third party, determines the number of times of the call request that described third party sends in current period;
If the number of times of the call request that the described third party that described open platform is determined sends in current period is less than frequency threshold value, then described open platform determines the number of times verification succeeds to the call request that described third party sends.
6. method as claimed in claim 4, is characterized in that, described call request comprises described third party mark and application programming interface API mark;
The API of described third party to the API mark correspondence that described call request comprises has access rights to determine in the following manner:
The corresponding relation that described open platform has the API of access rights to identify according to the third party's mark preset and third party, determines that described third party identifies all API marks that corresponding described third party has access rights;
If described open platform determines that described API mark that described call request comprises belongs to the described third party determined and has the API of access rights identify, then described open platform determines that the API of described third party to the API mark correspondence that described call request comprises has access rights.
7. method as claimed in claim 4, it is characterized in that, described call request comprises timestamp;
Described open platform is determined in the following manner to the described timestamp verification succeeds that described call request comprises:
Described open platform obtains the described timestamp that described call request comprises;
If described open platform determines that the duration of described timestamp distance current time is less than duration threshold value, then described open platform described timestamp verification succeeds that described call request is comprised.
8. method as claimed in claim 4, it is characterized in that, described call request is that Hyper text transfer security protocol HTTPS asks, and described call request use safety socket layer SSL is encrypted; System parameters in described call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) HTTPGET.
9. an open platform, is characterized in that, comprising:
Receiving element, for receiving the call request that third party sends;
Processing unit, for when determining that described call request comprises system parameters, application parameter and signature, by preset rules, the described system parameters comprised based on described call request and described application parameter generate signature; If the signature generated is consistent with the signature that described call request comprises, then the signature check that comprises of described call request successfully.
10. open platform as claimed in claim 9, is characterized in that, described processing unit, specifically for:
Described system parameters and described application parameter are sorted, obtains First ray; Wherein, described system parameters comprises described third party's PKI and timestamp; Described application parameter and described call request are relations one to one;
By adding the uniform resource locator URL network address of the API mark correspondence that described call request comprises before described First ray, by adding described third party's private key after described First ray, obtain the second sequence;
Described second sequence is encoded, obtains the 3rd sequence;
Hash is carried out to described 3rd sequence, obtains described signature.
11. open platforms as claimed in claim 10, is characterized in that, describedly described second sequence are encoded, and obtain the 3rd sequence, specifically comprise:
First described second sequence is carried out to 16 variable length character coding UTF-16 codings of Unicode, described second sequence after encoding is used hexadecimal HEX coding, obtains described 3rd sequence.
Open platform as described in 12. claims as arbitrary in claim 9 to 11, is characterized in that, described processing unit, also for:
When the signature generated is consistent with the signature that described call request comprises, described call request is verified;
If described call request meets the second verification condition, then to described call request verification succeeds;
Wherein, described second verification condition comprises any one in following content or appoints several:
To the number of times verification succeeds of the call request that described third party sends, determine the described timestamp verification succeeds that API corresponding to API mark that described third party comprises described call request has access rights, comprises described call request.
13. open platforms as claimed in claim 12, is characterized in that, described call request comprises third party's mark;
The described number of times verification succeeds to the call request that described third party sends is determined in the following manner:
Described processing unit, for identifying according to described third party, determines the number of times of the call request that described third party sends in current period; If the number of times of the call request that the described third party determined sends in current period is less than frequency threshold value, then determine the number of times verification succeeds to the call request that described third party sends.
14. open platforms as claimed in claim 12, is characterized in that, described call request comprises described third party mark and application programming interface API mark;
The API of described third party to the API mark correspondence that described call request comprises has access rights to determine in the following manner:
Described processing unit, for the corresponding relation having the API of access rights to identify according to the third party's mark preset and third party, determines that described third party identifies all API marks that corresponding described third party has access rights; The described API mark that described call request comprises if determine belongs to the described third party determined has the API of access rights to identify, then determine that the API of described third party to the API mark correspondence that described call request comprises has access rights.
15. open platforms as claimed in claim 12, it is characterized in that, described call request comprises timestamp;
Described the described timestamp verification succeeds that described call request comprises to be determined in the following manner:
Described processing unit, for obtaining the described timestamp that described call request comprises; If determine, the duration of described timestamp distance current time is less than duration threshold value, then to the described timestamp verification succeeds that described call request comprises.
16. open platforms as claimed in claim 12, is characterized in that, described call request is that Hyper text transfer security protocol HTTPS asks, and described call request use safety socket layer SSL is encrypted; System parameters in described call request and application parameter are transmitted by the QueryString mode of HTML (Hypertext Markup Language) HTTPGET.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510603494.7A CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510603494.7A CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105306534A true CN105306534A (en) | 2016-02-03 |
| CN105306534B CN105306534B (en) | 2019-05-14 |
Family
ID=55203277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510603494.7A Active CN105306534B (en) | 2015-09-21 | 2015-09-21 | A kind of information calibration method and open platform based on open platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105306534B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105704154A (en) * | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
| CN107135073A (en) * | 2016-02-26 | 2017-09-05 | 北京京东尚科信息技术有限公司 | Interface interchange method and apparatus |
| CN107315948A (en) * | 2016-04-26 | 2017-11-03 | 阿里巴巴集团控股有限公司 | Data calling method and device |
| WO2018006872A1 (en) * | 2016-07-08 | 2018-01-11 | 腾讯科技(深圳)有限公司 | Method and device for scheduling interface of hybrid cloud |
| CN107704765A (en) * | 2017-08-28 | 2018-02-16 | 深圳市诚壹科技有限公司 | A kind of interface access method, server and computer-readable recording medium |
| CN107733842A (en) * | 2016-11-08 | 2018-02-23 | 北京奥斯达兴业科技有限公司 | Method for authenticating and device based on cloud platform |
| CN107918731A (en) * | 2016-10-11 | 2018-04-17 | 百度在线网络技术(北京)有限公司 | Method and apparatus for controlling the authority to access to open interface |
| CN108156122A (en) * | 2016-12-06 | 2018-06-12 | 中移(杭州)信息技术有限公司 | Ability introducing method, system and the equipment of ability open platform |
| CN109120631A (en) * | 2018-09-04 | 2019-01-01 | 苏州科达科技股份有限公司 | Funcall system, method, apparatus and storage medium |
| CN110049041A (en) * | 2019-04-17 | 2019-07-23 | 北京网聘咨询有限公司 | The interface call method and interface calling system of recruitment website open platform |
| CN110175466A (en) * | 2019-04-16 | 2019-08-27 | 平安科技(深圳)有限公司 | Method for managing security, device, computer equipment and the storage medium of open platform |
| CN110636041A (en) * | 2019-08-09 | 2019-12-31 | 西藏宁算科技集团有限公司 | Cloud authentication scheme implementation method and system based on OpenResty |
| CN111177660A (en) * | 2018-11-09 | 2020-05-19 | 千寻位置网络有限公司 | Permission verification method for open platform script code |
| CN111949335A (en) * | 2019-05-15 | 2020-11-17 | 上海浦东发展银行股份有限公司 | Method and apparatus for sharing financial data |
| CN112416624A (en) * | 2020-11-28 | 2021-02-26 | 郑州信大捷安信息技术股份有限公司 | Application data interaction method and system based on open platform |
| CN112839006A (en) * | 2019-11-22 | 2021-05-25 | Oppo广东移动通信有限公司 | Open platform interface calling method and related product |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| US20140281487A1 (en) * | 2013-03-15 | 2014-09-18 | Mastercard International Incorporated | Systems and methods for cryptographic security as a service |
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
-
2015
- 2015-09-21 CN CN201510603494.7A patent/CN105306534B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103795692A (en) * | 2012-10-31 | 2014-05-14 | 中国电信股份有限公司 | Open authorization method, open authorization system and authentication and authorization server |
| US20140281487A1 (en) * | 2013-03-15 | 2014-09-18 | Mastercard International Incorporated | Systems and methods for cryptographic security as a service |
| CN104780176A (en) * | 2015-04-28 | 2015-07-15 | 中国科学院微电子研究所 | Method and system for safely calling representational state transition application programming interface |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107135073B (en) * | 2016-02-26 | 2021-05-25 | 北京京东尚科信息技术有限公司 | Interface calling method and device |
| CN107135073A (en) * | 2016-02-26 | 2017-09-05 | 北京京东尚科信息技术有限公司 | Interface interchange method and apparatus |
| CN105704154B (en) * | 2016-04-01 | 2019-11-05 | 金蝶软件(中国)有限公司 | A kind of service processing method based on RESTful, apparatus and system |
| CN105704154A (en) * | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN107315948A (en) * | 2016-04-26 | 2017-11-03 | 阿里巴巴集团控股有限公司 | Data calling method and device |
| CN107315948B (en) * | 2016-04-26 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Data calling method and device |
| WO2018006872A1 (en) * | 2016-07-08 | 2018-01-11 | 腾讯科技(深圳)有限公司 | Method and device for scheduling interface of hybrid cloud |
| US10965772B2 (en) | 2016-07-08 | 2021-03-30 | Tencent Technology (Shenzhen) Company Limited | Interface invocation method and apparatus for hybrid cloud |
| CN107918731A (en) * | 2016-10-11 | 2018-04-17 | 百度在线网络技术(北京)有限公司 | Method and apparatus for controlling the authority to access to open interface |
| CN107733842A (en) * | 2016-11-08 | 2018-02-23 | 北京奥斯达兴业科技有限公司 | Method for authenticating and device based on cloud platform |
| CN108156122A (en) * | 2016-12-06 | 2018-06-12 | 中移(杭州)信息技术有限公司 | Ability introducing method, system and the equipment of ability open platform |
| CN106911684B (en) * | 2017-02-17 | 2020-06-16 | 武汉斗鱼网络科技有限公司 | Authentication method and system |
| CN106911684A (en) * | 2017-02-17 | 2017-06-30 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and system |
| CN107704765A (en) * | 2017-08-28 | 2018-02-16 | 深圳市诚壹科技有限公司 | A kind of interface access method, server and computer-readable recording medium |
| CN109120631A (en) * | 2018-09-04 | 2019-01-01 | 苏州科达科技股份有限公司 | Funcall system, method, apparatus and storage medium |
| CN109120631B (en) * | 2018-09-04 | 2021-05-14 | 苏州科达科技股份有限公司 | Function calling system, method, device and storage medium |
| CN111177660A (en) * | 2018-11-09 | 2020-05-19 | 千寻位置网络有限公司 | Permission verification method for open platform script code |
| CN111177660B (en) * | 2018-11-09 | 2024-01-05 | 千寻位置网络有限公司 | Permission verification method for open platform script code |
| CN110175466A (en) * | 2019-04-16 | 2019-08-27 | 平安科技(深圳)有限公司 | Method for managing security, device, computer equipment and the storage medium of open platform |
| CN110175466B (en) * | 2019-04-16 | 2024-03-08 | 平安科技(深圳)有限公司 | Security management method and device for open platform, computer equipment and storage medium |
| CN110049041A (en) * | 2019-04-17 | 2019-07-23 | 北京网聘咨询有限公司 | The interface call method and interface calling system of recruitment website open platform |
| CN111949335A (en) * | 2019-05-15 | 2020-11-17 | 上海浦东发展银行股份有限公司 | Method and apparatus for sharing financial data |
| CN110636041A (en) * | 2019-08-09 | 2019-12-31 | 西藏宁算科技集团有限公司 | Cloud authentication scheme implementation method and system based on OpenResty |
| CN112839006A (en) * | 2019-11-22 | 2021-05-25 | Oppo广东移动通信有限公司 | Open platform interface calling method and related product |
| CN112416624A (en) * | 2020-11-28 | 2021-02-26 | 郑州信大捷安信息技术股份有限公司 | Application data interaction method and system based on open platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105306534B (en) | 2019-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105306534A (en) | Information verification method based on open platform and open platform | |
| CN107135073B (en) | Interface calling method and device | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| CN106101258B (en) | Interface calling method, device and system of hybrid cloud | |
| JP6355742B2 (en) | Signature verification method, apparatus, and system | |
| CN111355726B (en) | Identity authorization login method and device, electronic equipment and storage medium | |
| CN107911222B (en) | Digital signature generating method, digital signature verifying method, digital signature generating apparatus, digital signature verifying apparatus, and storage medium storing digital signature verifying program | |
| CN106341429A (en) | Authentication method capable of protecting safety of server data | |
| CN104901970A (en) | Two dimension code registration method, server and system | |
| CN112199412B (en) | Payment bill processing method based on block chain and block chain bill processing system | |
| CN110311880A (en) | Method for uploading, the apparatus and system of file | |
| CN102404345A (en) | Distributed attack prevention method and device | |
| CN110602098B (en) | Identity authentication method, device, equipment and storage medium | |
| CN103647652A (en) | Method, device and server for achieving data transmission | |
| CN106713242B (en) | Data request processing method and processing device | |
| CN103957189A (en) | Application program interaction method and device | |
| CN108390878B (en) | Method and device for verifying network request security | |
| CN105812380A (en) | Verification method and device | |
| CN102510386A (en) | Distributed attack prevention method and device | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN111193691B (en) | Authorization method, system and related equipment | |
| CN110890979A (en) | Automatic deploying method, device, equipment and medium for fortress machine | |
| US10938802B2 (en) | Platform and method of certification of an electronic notice for electronic identification and trust services (EIDAS) | |
| CN109818915B (en) | Information processing method and device, server and readable storage medium | |
| CN109117647B (en) | Authority control management method and management system of mobile application SDK |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |