CN107066874B

CN107066874B - Method and device for interactively verifying information between container systems

Info

Publication number: CN107066874B
Application number: CN201710251438.0A
Authority: CN
Inventors: 李京
Original assignee: Yuanxin Technology
Current assignee: Yuanxin Information Technology Group Co ltd
Priority date: 2017-04-18
Filing date: 2017-04-18
Publication date: 2020-08-14
Anticipated expiration: 2037-04-18
Also published as: CN107066874A

Abstract

The invention provides a method and a device for interactively verifying information between container systems. The method comprises the following steps: the first container system sends a request for obtaining the verification information to a sender; the second container system receives a short message which is returned by the sender in response to the request and carries verification information, and analyzes the short message to obtain the verification information; the second container system sends the verification information to the first container system. In the invention, the first container system and the second container system are communicated with each other, the second container system receives a short message which is sent by a sender and carries verification information, and the verification information in the short message is extracted, and the verification information is finally sent to the first container system, namely, the second container system automatically sends the verification information to the first container system after obtaining the verification information, the verification information can be obtained without frequently switching between the first container system and the second container system, and the efficiency of the first container system for obtaining the verification information is improved.

Description

Method and device for interactively verifying information between container systems

Technical Field

The invention relates to the technical field of computers, in particular to a method and a device for interactively verifying information between container systems.

Background

At present, the simultaneous operation of multiple operating systems can be realized by adopting a container technology, and the container technology can isolate the multiple operating systems, so that when a certain system is attacked by an illegal program (such as a hacker), other systems cannot be influenced, and the safety and the integrity of a single system are ensured.

When multiple systems are operated simultaneously, each system usually assumes the role of its own function, for example, in a practical application, a scenario where two systems are operated simultaneously: one of the systems serves as a non-security system in which arbitrary operations can be performed, and the other system serves as a security system in which some sensitive operations of the user are restricted (for example, illegal acquisition of private information of the user); if a user uses a payment function in a non-security system (e.g., an application to which authentication information is to be input), the user is allowed to input corresponding authentication information before payment, and in order to secure the authentication information, a service provider providing the payment function transmits the authentication information to a security system (e.g., a short message), and first, the user needs to switch from the non-security system to the security system, then, the user needs to remember the authentication information in the security system, and finally, the security system switches to the non-complete system and inputs the authentication information.

The method for acquiring the verification information by the container system is known as follows: the step of obtaining the verification information by switching the two systems is complicated, and particularly, under the condition that the verification code is complicated, if the user does not clearly remember the verification code in the security system, the user needs to frequently switch between the security system and the non-security system to complete the operation of inputting the verification information in the non-security system, which brings inconvenience to the user.

Disclosure of Invention

The invention provides a method and a device for interacting verification information between container systems aiming at the defects of the method for acquiring the verification information by the container systems, which are used for solving the problem that the verification information can be acquired only by switching two container systems in the method for acquiring the verification information by the container systems.

The embodiment of the invention provides a method for interactive verification information among container systems, which comprises the following steps:

the first container system sends a request for obtaining the verification information to a sender;

the second container system receives a short message which is returned by the sender in response to the request and carries verification information, and analyzes the short message to obtain the verification information;

the second container system sends the verification information to the first container system.

Preferably, before the step of the first container system sending a request to the originator for obtaining the verification information, the method further comprises:

the verification information receiving service of the first container system registers the verification information receiving service into the short message monitoring service of the second container system;

when the second container system receives a short message carrying verification information returned by a sender in response to a request, the method comprises the following steps:

monitoring that the second container system receives a short message which is returned by a sender in response to the request and carries verification information through a short message monitoring service of the second container system;

wherein the second container system sends the verification information to the first container system, comprising:

and according to the registration information, the second container system sends the verification information to the corresponding first container system.

Preferably, before the step of the second container system sending the verification information to the first container system, the method further comprises:

the first container system sends a channel creating request message for a message transmission channel between the first container system and the second container system to the master control system;

the master control system creates two socket file descriptors aiming at the first container system and the second container system according to the channel creation request message;

and the first container system and the second container system acquire corresponding socket file descriptors and transmit messages according to the corresponding socket file descriptors.

establishing a bridge node in a master control system, and establishing corresponding virtual network ports for a first container system and a second container system, wherein one end of each virtual network port is arranged in the corresponding container system, and the other end of each virtual network port is connected with the bridge node;

the second container system establishes a data path with the virtual network port corresponding to the first container system through the corresponding virtual network port and the network bridge node;

the second container system performs data transmission with the mobile network of the first container system based on the data path.

Preferably, the second container system sends the verification information to the first container system, including:

the second container system encrypts the verification information to generate encrypted verification information, and sends the encrypted verification information to the first container system.

The embodiment of the invention also provides a device for interacting verification information among container systems, which comprises:

first sending unit, analysis unit and second sending unit, wherein:

the first sending unit is positioned in the first container system and used for sending a request for acquiring the verification information to a sender;

the analysis unit is positioned in the second container system and used for receiving the short message which is returned by the sender in response to the request and carries the verification information and analyzing the short message to obtain the verification information;

and the second sending unit is positioned in the second container system and used for sending the verification information to the first container system.

Preferably, the apparatus further comprises a registration unit, the registration unit being located in the first container system and specifically configured to:

before a first sending unit sends a request for acquiring verification information to a sender, registering the verification information receiving service of a first container system into a short message monitoring service of a second container system;

the analysis unit receives a short message which is returned by a sender in response to the request and carries verification information, and the analysis unit comprises:

wherein the second sending unit sends the verification information to the first container system, including:

and according to the registration information, the second sending unit sends the verification information to the corresponding first container system.

Preferably, the apparatus further comprises:

a third sending unit, a first creating unit, a first acquiring unit, a second acquiring unit and a first transmitting unit, wherein:

a third sending unit, located in the first container system, for sending a channel creation request message for a message transmission channel between the first container system and the second container system to the master control system before the second sending unit sends the verification information to the first container system;

the first creating unit is positioned in the master control system and used for creating two socket file descriptors aiming at the first container system and the second container system according to the channel creating request message;

the first acquisition unit is positioned in the first container system and used for acquiring the corresponding socket file descriptor;

the second acquisition unit is positioned in the second container system and used for acquiring the corresponding socket file descriptor;

and the first transmission unit is used for transmitting the message according to the corresponding socket file descriptor.

Preferably, the apparatus further comprises:

a second creating unit, a building unit and a second transmitting unit, wherein:

the creating unit is positioned in the master control system and used for creating a bridge node before the second sending unit sends the verification information to the first container system and creating corresponding virtual network ports for the first container system and the second container system, wherein one end of each virtual network port is arranged in the corresponding container system, and the other end of each virtual network port is connected with the bridge node;

the establishing unit is positioned in the second container system and used for establishing a data path with the virtual network port corresponding to the first container system through the corresponding virtual network port and the network bridge node;

and the second transmission unit is positioned in the second container system and used for carrying out data transmission with the mobile network of the first container system based on the data path.

Preferably, the second transmission unit transmits the verification information to the first container system, including:

the authentication information is encrypted to generate encrypted authentication information, and the encrypted authentication information is sent to the first container system.

The embodiment of the invention provides a method for interactive verification information among container systems, which specifically comprises the following steps: firstly, a first container system sends a request for acquiring a verification code to a sender, then a second container system receives a short message which is returned by the sender in response to the request and carries verification information, and finally the second container system sends the verification information to the first container system. The beneficial effects obtained by applying the invention are as follows: the first container system and the second container system are communicated with each other, the second container system receives a short message which is sent by a sender and carries verification information, the verification information in the short message is extracted, and the verification information is finally sent to the first container system.

Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.

Drawings

The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

fig. 1 is a schematic flowchart of a method for exchanging authentication information between container systems according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of a security verification interface according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating an embodiment of mutual authentication information between container systems according to an embodiment of the present invention;

fig. 4 is a schematic diagram illustrating that verification information is obtained on a short message interface according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of automatically inputting authentication information on a security authentication interface according to an embodiment of the present invention;

fig. 6 is a schematic frame diagram of an internal structure of a terminal device according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of an apparatus for exchanging authentication information between container systems according to an embodiment of the present invention.

Detailed Description

Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

The technical solution of the embodiments of the present invention is specifically described below with reference to the accompanying drawings.

The embodiment of the invention provides a method for interactive verification information between container systems, wherein the flow schematic diagram of the method is shown in fig. 1, and the method specifically comprises the following steps:

s101: the first container system sends a request for obtaining the verification information to a sender;

s102: the second container system receives a short message which is returned by the sender in response to the request and carries verification information, and analyzes the short message to obtain the verification information;

s103: the second container system sends the verification information to the first container system.

The following further explains the specific implementation of the above steps:

s101: the first container system sends a request to the originator for verification information.

In this step, the first container system sends a request for obtaining the verification information to the sender, and the specific sending method may be: first, an application located in a first container system sends a request for obtaining authentication information to a corresponding authentication information receiving service, and then the authentication information receiving service sends a request for obtaining an authentication code to a server (i.e., an originator) corresponding to the application. The verification information may be a verification code, such as a number, letter, or a combination of the two, a text message, and so on.

As shown in fig. 2, if a user logs in a certain shopping application in the first container system to pay, in order to ensure the payment security of the user, before the payment, a mobile phone verification code needs to be input on a "security verification interface", and a specific method for inputting the verification code includes: the user clicks a button of clicking to acquire the verification code on a security verification interface to trigger the application to send a request for acquiring verification information to a corresponding verification information receiving service, after receiving the request, the verification information receiving service sends the request for acquiring the mobile phone verification code to a server (namely a sender) corresponding to the application, and after receiving the request, the server sends a short message carrying the verification code to a mobile phone with the mobile phone number of 136, 1234 in a short message form.

The application scenario provided in fig. 2 is only an exemplary illustration, and in practical applications, the application scenario requiring the use of the "verification code" may be a login scenario, in addition to a payment scenario. Further, the operation of acquiring the verification code by the user is not limited to "clicking to acquire the verification code" described above, and the specific operation mode may be determined by the actual application scenario by sliding a corresponding button or interface.

The method for interactively verifying information among container systems provided by the invention also comprises the following steps: before the step of the first container system sending a request for obtaining the verification information to the sender, the verification information receiving service in the first container system registers the verification information receiving service in the short message monitoring service of the second container system, wherein the purpose of registering the verification information receiving service in the short message monitoring service of the second container system is as follows: after the short message monitoring service of the second container system monitors that the second container system receives the short message carrying the verification information, the second container system sends the verification information to the corresponding first container system according to the registration information, wherein the short message is sent to the second container system by a sender in response to receiving a request for acquiring the verification information sent by the first container system. The specific process will be described in detail in S102 to S103 below.

It should be noted that: the terms "first" and "second" in the present invention are used for distinguishing the different container systems from each other, and are not ordinal words.

S102: and the second container system receives the short message which is returned by the sender in response to the request and carries the verification information, and analyzes the short message to obtain the verification information.

When the first container system sends a request for acquiring the verification information to the sender, the sender can send a short message carrying the verification information to the second container system, and at the moment, a short message module in the second container system receives the short message, and meanwhile, a short message monitoring service in the second container system analyzes the short message after monitoring that the short message module receives the short message, so that the verification information in the short message is acquired.

The method for monitoring the short message received by the second container system by the short message monitoring service in the second container system has various methods, for example, the short message detection service can monitor the received short message every moment, and for example, in order to relieve the task load of the short message detection service, the received short message can be monitored at a set period, for example, the received short message is monitored every 1 s.

In practical application, the functional module in the second container system may include many other functional modules besides the short message module and the short message monitoring service, and in order to ensure the safety of the verification information, the monitoring authority may be set, that is, only the short message monitoring service may monitor the short message received by the short message module.

In addition, in practical applications, there may be many applications located in the first container system, and there are many applications that need to obtain the verification information from the second container system, so in order to make the two container system work effectively, it is necessary to manage these many applications that need to obtain the verification information from the second container system, and the present invention provides a preferable management method, which specifically includes:

firstly, a list is established in an authentication information receiving service in S101, and is used for managing the applications of which the authentication information is to be acquired; there are many ways to build the list, for example, the list can be built by: before S101, the authentication information reception service records all the information of the applications for which the authentication information is to be acquired in a list.

The list is represented in many forms, and the following list is exemplified as a simple list, and as shown in table 1, the "information of the application for which the verification information is to be acquired" recorded in the list specifically includes: the name of each application of the authentication information to be acquired, the identifier of each application of the authentication information to be acquired, and the identifier of the originator bound to each application of the authentication information to be acquired, where the identifier of the originator may specifically be a network address, such as a URL, of a server corresponding to each application of the authentication information to be acquired, or other means for identifying the server, as long as the server can be uniquely identified.

For example, the contents of the first row in Table 1 indicate that: the identifier corresponding to the application 1 to obtain the authentication information is "adcd", and the sender identifier bound to the application is "B8 y83ue9duwy 8".

TABLE 1

For another example, the method for establishing the list may further be: each time the user triggers an application located in the first container system to send a request for obtaining the verification information to the originator, the verification information receiving service records information corresponding to the application in a list.

In order to facilitate the management of the list on the application of the authentication information to be acquired, the list may be set to have "timeliness", and the specific setting method is as follows: and setting a preset time period, and deleting the information of the application from the list when the current time exceeds the preset time period from the time when the information of the application is recorded is monitored. Assuming that the time from triggering the first container system to send the request for acquiring the verification information to the sender to the second container system returning the verification information is usually 5 minutes, the preset time period may be set to 10 minutes, and when it is detected that 10 minutes have elapsed since the information of the application was recorded to the current time, the information of the application may be deleted from the list, so that not only the storage space of the list may be reduced, but also the efficiency of table lookup may be improved (the beneficial effect of this part will be described in detail in S103).

When the short message monitoring service in the second container system monitors the short message received by the second container system, firstly, whether the short message is sent by a target sender is checked, and secondly, whether the specific content of the short message is about 'verification information' is checked.

For example, assuming that a short message received by the second container system is "Uub 2+ Bxdeih82q73e + the verification code of your transaction is 397875", first, the identifier of the application and the identifier of the originator corresponding to the application are extracted, the identifier of the extracted application is "Uub 2" and the identifier of the originator corresponding to the application is "Bxdeih 82q73 e", and then, it is determined whether the identifier is the identifier of the target originator, specifically, by determining whether the identifier of the application and the identifier of the corresponding originator match, and determining whether the application is in a state in which the verification code is to be acquired, if not, it is determined that the originator is not the target originator, and then the short message may be discarded, or the short message is regarded as "spam"; if yes, the sender is indicated to be the target sender, and whether the specific content of the short message is about the 'verification information' is continuously checked, wherein the specific verification method can be character matching, namely: matching each character in the short message with a preset character message, for example, if the preset character message is 'your transaction verification code is', matching each character in the received short message with the preset character message, and if the matching is successful, determining that the short message is the short message which is sent by a target sender and carries the verification code.

Following the above example, assuming that a short message received by the second container system is "Uub 2+ Bxdeih82q73e + congratulating your happy holiday", first, by extracting the identifier applied in the short message and the identifier of the sender corresponding to the application, it is determined that the sender is the target sender, and then, by matching each text in the short message with the preset file information, that is: matching the 'happy holiday' congratulatory message with 'the verification code of your transaction' to find that the matching fails, and showing that the short message is irrelevant to the 'verification message', wherein the short message can be discarded.

The above-mentioned preferred way of managing each application to be authenticated, the identifier of each application, the identifier of the sender bound to each application, and the representation form of the short message in table 1 are only exemplary illustrations, and do not limit the present invention.

When the short message is determined to be the short message which is sent by the target sender and carries the verification code, the short message is analyzed, and therefore verification information is obtained. For example, following the above example, if the preset text message is "your transaction verification code is", the message after the preset text message is extracted may be the verification message, and if the specific content of the short message is "your transaction verification code is 397875", the extracted verification message is "397875".

After obtaining the verification information, the second container system needs to send the verification information to the first container system, but before sending, a message transmission channel needs to be established between the first container system and the second container system, so that the second container system sends the verification information to the first container system through the message transmission channel.

Two methods for establishing the inter-container system message transmission channel are described in detail below, but are only exemplary and not limiting to the present invention.

The first method for establishing the message transmission channel between the two container systems comprises the following steps:

firstly, a first container system sends a channel creating request message for a message transmission channel between the first container system and a second container system to a master control system;

secondly, the master control system creates two socket file descriptors aiming at the first container system and the second container system according to the channel creation request message;

and finally, the first container system and the second container system acquire corresponding socket file descriptors and transmit messages according to the corresponding socket file descriptors.

For example, in the terminal device a, when a process in a first container system needs to communicate with a process in a second container system, the process in the first container system sends a create channel request message to a communication channel service process in the first container system, and then the communication channel service process in the first container system receives the create channel request message and sends the request message to a communication channel service process of the main control system, where the create channel request message carries identification information of the first container system and identification information of the second container system, and the communication channel service process of the main control system creates two socket file descriptors for the first container system and the second container system according to the identification information of the first container system and the second container system.

The communication channel service process of the main control system sends a registration request message to a virtual domain name NSS device in the main control system, and after the registration is successful, the communication channel service process of the main control system sends names of socket file descriptors corresponding to the communication channel service process to a container system sending the request, such as a first container system, and a container system needing communication service, such as a second container system, respectively, for example, the communication channel service process of the main control system sends the socket file descriptor named as "first container system-channel 1" to the first container system, and sends the socket file descriptor named as "second container system-channel 1" to the second container system.

Subsequently, the first container system and the second container system obtain the corresponding socket file descriptors according to the names of the received socket file descriptors, and then the first container system and the second container system can perform message transmission according to the socket file descriptors corresponding to the first container system and the second container system.

The second method for establishing a message transmission channel between two container systems comprises the following steps:

firstly, establishing a bridge node in a master control system, and establishing corresponding virtual network ports for a first container system and a second container system, wherein one end of each virtual network port is arranged in the corresponding container system, and the other end of each virtual network port is connected with the bridge node;

secondly, the second container system establishes a data path with the virtual network port corresponding to the first container system through the corresponding virtual network port and the network bridge node;

finally, the second container system performs data transmission with the mobile network of the first container system based on the data path.

For example, the multi-system mobile terminal includes a first container system and a second container system, where the bridge node created by the main control system is br0, the virtual gateway created by the main control system for the first container system is veth-pair1, the virtual gateway created by the second container system is veth-pair2, the virtual gateway veth-pair1 in the first container system is connected to br0 in the main control system, and the veth-pair2 in the second container system is connected to br0 in the main control system, so that data pass (i.e., message transmission channel) is established through the connection between the bridge node in the main control system and the virtual gateway in each container system.

It should be noted that: creating a bridge node in the master control system, creating corresponding virtual network ports for each container system, and then: the main control system configures the IP addresses in the network addresses respectively corresponding to each virtual network port and each network bridge node into the same local area network segment.

For example, the IP address corresponding to the virtual portal of the first container system in the mobile terminal a is configured to be 172.29.52.60/24, the IP address corresponding to the bridge node in the master control system is configured to be 172.29.52.50/24, and the IP address corresponding to the virtual portal of the second container system is configured to be 172.29.52.70/24 by the master control system, so that the IP address corresponding to the virtual portal of the first container system, the IP address corresponding to the bridge node, and the network address corresponding to the virtual portal of the second container system are all located in the same virtual network segment 172.29.52.0/24.

For the embodiment of the invention, the main control system configures the network addresses respectively corresponding to the virtual network ports and the network bridge nodes into the same local area network segment, so that the virtual network ports and the network bridge nodes can be directly addressed with each other, the network addresses corresponding to the next-hop virtual network ports or the network bridge nodes are determined, and data transmission is performed, thereby reducing the addressing complexity and further improving the feasibility of multi-system network connection.

After a message transmission channel is established between the first container system and the second container system, the second container system sends the verification information to the first container system. One preferred way to send the verification code is to: and the second container system encrypts the verification information to generate encrypted verification information, sends the encrypted verification information to the first container system, and decrypts the verification information after the first container system receives the encrypted verification information to obtain original verification information.

The second container system has the beneficial effects of encrypting the verification information: the method and the device prevent the authentication information from being subjected to illegal hijacking in the process of transmitting the authentication information between the second container system and the first container system. Specifically, since the authentication information is subjected to encryption processing, even if the authentication information is hijacked by an illegal program, the original authentication information cannot be obtained, and the security of the authentication information is improved.

There are many ways for the second container system to encrypt the verification information, and the common methods are: the second container system encrypts the verification information by adopting a public key to obtain encrypted verification information, and then the first container system decrypts the encrypted verification information by adopting a private key to obtain original verification information. The encryption method provided herein is only an exemplary illustration, and in practical applications, a more complicated encryption and decryption method may be adopted, so as to increase the difficulty of the illegal program in breaking the encrypted authentication information, thereby improving the security of the authentication information.

After the first container system acquires the verification information, the verification information may be automatically input to a security verification interface corresponding to the application that needs to acquire the verification information, specifically, as shown in fig. 4, the first container system automatically inputs the acquired verification code (verification information) into a space of "enter verification code" on the security verification interface, and finally, the user sends an instruction to verify the verification information to the application by clicking a "ok" button, or the user sends an instruction to cancel verification of the verification information to the application by clicking a "cancel" button.

The foregoing has mentioned: in practical applications, there may be many applications located in the first container system, and there are also many applications that need to obtain the verification information from the second container system, so that, after the first container system receives the verification information, the verification information needs to be allocated to the corresponding application, and at this time, a list established by the verification information receiving service in the first container system needs to be used. This is why setting the list to have "timeliness" as described above can improve the table lookup efficiency, namely: the information of the applications which are 'expired' in the list is deleted regularly, so that the applications corresponding to the verification information can be quickly found from the list after the first container system receives the verification information, and the table lookup efficiency is improved.

For a better understanding of the invention, the entire solution is described below by way of a complete example, but is also only exemplary. A specific workflow of this example is shown in fig. 5, and specifically includes the following steps:

s501: after a user triggers a request for acquiring verification information from an originator in an application of a verification code to be acquired, registering the request into a verification code receiving service by the application of the verification code to be acquired;

s502: the identifying code receiving service adds the information of the application of the identifying code to be acquired into a list;

s503: the short message monitoring service in the second container system monitors the short message received by the short message module;

s504: the sender sends the short message carrying the verification information to the short message module;

s505: the short message module sends the short message to a short message monitoring service;

s506: the short message monitoring service analyzes the short message and extracts verification information in the short message, namely: a verification code;

s507: the short message monitoring service sends the verification information to a verification code receiving service in the first container system;

s508: the verification code receiving service distributes verification information to the application of the verification code to be acquired;

s509: and the application to acquire the verification code automatically inputs the received verification information into a safety verification interface.

Although the above-described method embodiment identifies the steps in the form of step numbers (S501 to S509), this does not represent that the actual execution order between the steps is fully expanded according to the step numbers. For example, S504 may occur just after S501, or concurrently with S502, or after S502. Therefore, in the process of implementing the mutual authentication information between container systems by the present invention, the execution sequence among the steps depends on the actual occurrence sequence.

The following describes in detail the beneficial effects obtained by the present invention compared to the method for obtaining the verification information by the container system in the foregoing background art with reference to fig. 2, fig. 3 and fig. 4, specifically as follows:

in the method for acquiring verification information by a container system in the background art, before a user logs in an application in a first container system to pay, the first container system is switched to a second container system, for example, the "security verification interface" in fig. 2 is switched to the "short message interface" in fig. 3, and verification information is acquired on the "short message interface", at this time, the user needs to remember the verification information and then switch to the "security verification interface" in fig. 2, and manually input the verification information memorized by the user. By applying the method provided by the invention, as long as a user triggers a request for acquiring the verification code on the security verification interface in fig. 2, the second container information directly sends the verification information to the first container system through interaction between the first container system and the second container system, and the first container system automatically inputs the acquired verification information into the security verification interface (as shown in fig. 4), so that the problem that the verification information can be acquired only by switching the two container systems is solved.

In the embodiment of the present invention, the first container system and the second container system are located in the same terminal device, and a frame schematic diagram of an internal structure of the terminal device is shown in fig. 6, where the frame schematic diagram includes: the system comprises a system kernel, a master control system, a first container system and a second container system, wherein the systems share the same system kernel.

The system kernel is a Linux kernel, and is responsible for directly communicating with network hardware in the terminal equipment.

The main control system is a safe, controllable and configurable system started by a kernel, and is responsible for managing the first container system and the second container system, and meanwhile, the first container system and the second container system are communicated with the system kernel through the main control system.

The first container system and the second container system are all Android systems running in the multi-system terminal equipment, each system comprises a Framework (system Framework layer), and the Framework layers are communicated with the main control system through the Framework layers.

In this embodiment, the first container system and the second container system may be operating systems provided in containers created by the linux virtualization technology. The operating system may be a Linux operating system or a Unix operating system in the conventional sense, an Android system, an Ubuntu system or a FireFox system derived from the Linux operating system, or a Windows system based on a Windows platform. In fact, the subsystem in the present invention is not limited to the aforementioned exemplary operating system, and may cover all operating systems capable of running in a container.

Preferably, the master control system may be the above conventional operating system, and may also be an operating system obtained by modifying the conventional kernel and/or adding functional modules outside the kernel (for example, a framework layer and an application layer).

The main control system is mainly used for performing foreground and background management on each container system, performing interaction with each container system and the like, wherein the main control system can be communicated with each container system through a predefined channel.

The invention also provides a device for interacting the verification information between the container systems, which is also used for solving the problem that the verification information can be acquired only by switching the two container systems. The device comprises the following units:

a first sending unit 701, an analyzing unit 702, and a second sending unit 703, wherein:

a first sending unit 701, located in the first container system, configured to send a request for obtaining the verification information to the sender;

the analysis unit 702 is located in the second container system, and is configured to receive a short message carrying verification information and returned by the sender in response to the request, and analyze the short message to obtain the verification information;

a second sending unit 703, located in the second container system, is used to send the verification information to the first container system.

The specific working process of the embodiment of the device is as follows: firstly, a first sending unit 701 located in a first container system sends a request for acquiring verification information to a sender, secondly, an analysis unit 702 located in a second container system receives a short message which is returned by the sender in response to the request and carries the verification information, analyzes the short message to acquire the verification information, and finally, a second sending unit 703 located in the second container system sends the verification information to the first container system.

For example, in an implementation, the embodiment of the apparatus further includes a registration unit, where the registration unit is located in the first container system and specifically configured to:

before the first sending unit 701 sends a request for acquiring verification information to a sender, registering the verification information receiving service of the first container system into a short message monitoring service of the second container system;

the parsing unit 702 receives the short message carrying the verification information returned by the sender in response to the request, and includes:

the second sending unit 703 sends the verification information to the first container system, including:

In another embodiment, the apparatus further comprises:

a third sending unit, located in the first container system, configured to send a channel creation request message for a message transmission channel between the first container system and the second container system to the master control system before the second sending unit 703 sends the verification information to the first container system;

In yet another embodiment, the apparatus further comprises:

a creating unit, located in the master control system, configured to create a bridge node before the second sending unit 703 sends the verification information to the first container system, and create corresponding virtual network ports for the first container system and the second container system, where one end of each virtual network port is disposed in the corresponding container system, and the other end of each virtual network port is connected to the bridge node;

In another embodiment, the second sending unit 703 sends the verification information to the first container system, including:

The beneficial effect that this device embodiment of application obtained is: the first container system and the second container system are communicated with each other, the second container system receives a short message which is sent by a sender and carries verification information, the verification information in the short message is extracted, and the verification information is finally sent to the first container system.

Those skilled in the art will appreciate that the present invention includes apparatus directed to performing one or more of the operations described in the present application. These devices may be specially designed and manufactured for the required purposes, or they may comprise known devices in general-purpose computers. These devices have stored therein computer programs that are selectively activated or reconfigured. Such a computer program may be stored in a device (e.g., computer) readable medium, including, but not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magnetic-optical disks, ROMs (Read-Only memories), RAMs (Random Access memories), EPROMs (Erasable programmable Read-Only memories), EEPROMs (Electrically Erasable programmable Read-Only memories), flash memories, magnetic cards, or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a bus. That is, a readable medium includes any medium that stores or transmits information in a form readable by a device (e.g., a computer).

It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the features specified in the block or blocks of the block diagrams and/or flowchart illustrations of the present disclosure.

Those of skill in the art will appreciate that various operations, methods, steps in the processes, acts, or solutions discussed in the present application may be alternated, modified, combined, or deleted. Further, various operations, methods, steps in the flows, which have been discussed in the present application, may be interchanged, modified, rearranged, decomposed, combined, or eliminated. Further, steps, measures, schemes in the various operations, methods, procedures disclosed in the prior art and the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.

The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims

1. A method for interactive authentication of information between container systems, comprising:

the second container system receives a short message which is returned by the sender in response to the request and carries the verification information, and analyzes the short message to obtain the verification information;

the second container system sending the verification information to the first container system;

wherein, prior to the step of the first container system sending a request to a sender for obtaining verification information, the method further comprises:

the second container system receives a short message carrying the verification information returned by the sender in response to the request, and the short message comprises:

monitoring that the second container system receives a short message which is returned by the sender in response to the request and carries the verification information through a short message monitoring service of the second container system;

wherein the second container system sending the verification information to the first container system comprises:

2. The method of claim 1, wherein prior to the step of the second container system sending the verification information to the first container system, the method further comprises:

the first container system sends a channel creation request message for a message transmission channel between the first container system and a second container system to a master control system;

3. The method of claim 1, wherein prior to the step of the second container system sending the verification information to the first container system, the method further comprises:

the second container system establishes a data path with the virtual network port corresponding to the first container system through the corresponding virtual network port and the bridge node;

and the second container system performs data transmission with the mobile network of the first container system based on the data path.

4. The method of claim 1, wherein the second container system sending the verification information to the first container system comprises:

and the second container system encrypts the verification information to generate encrypted verification information and sends the encrypted verification information to the first container system.

5. An apparatus for interactive authentication of information between container systems, comprising:

first sending unit, analysis unit and second sending unit, wherein:

the analysis unit is positioned in the second container system and used for receiving a short message which is returned by the sender in response to the request and carries the verification information, and analyzing the short message to obtain the verification information;

the second sending unit is positioned in a second container system and used for sending the verification information to the first container system;

the device further comprises a registration unit, which is located in the first container system and is specifically configured to:

before the first sending unit sends a request for acquiring verification information to a sender, registering the verification information receiving service of the first container system into a short message monitoring service of the second container system;

wherein, the receiving, by the parsing unit, the short message carrying the verification information returned by the sender in response to the request includes:

6. The apparatus of claim 5, further comprising:

the third sending unit, located in the first container system, is configured to send a channel creation request message for a message transmission channel between the first container system and the second container system to the master control system before the second sending unit sends the verification information to the first container system;

the first creating unit is located in the master control system and used for creating two socket file descriptors for the first container system and the second container system according to the channel creating request message;

the first obtaining unit is located in the first container system and used for obtaining a corresponding socket file descriptor;

the second obtaining unit is located in the second container system and used for obtaining a corresponding socket file descriptor;

and the first transmission unit is used for transmitting messages according to the corresponding socket file descriptors.

7. The apparatus of claim 5, further comprising:

the creating unit is located in the master control system and is configured to create a bridge node before the second sending unit sends the verification information to the first container system, and create corresponding virtual network ports for the first container system and the second container system, where one end of each virtual network port is disposed in the corresponding container system, and the other end of each virtual network port is connected to the bridge node;

the establishing unit is positioned in the second container system and used for establishing a data path with the virtual network port corresponding to the first container system through the corresponding virtual network port and the bridge node;

the second transmission unit is located in the second container system and is used for performing data transmission with the mobile network of the first container system based on the data path.

8. The apparatus according to claim 5, wherein the second sending unit sends the verification information to the first container system, including:

and encrypting the verification information to generate encrypted verification information, and sending the encrypted verification information to the first container system.