CN107154853A - A kind of signature verification method, terminal and system - Google Patents

A kind of signature verification method, terminal and system Download PDF

Info

Publication number
CN107154853A
CN107154853A CN201710267892.5A CN201710267892A CN107154853A CN 107154853 A CN107154853 A CN 107154853A CN 201710267892 A CN201710267892 A CN 201710267892A CN 107154853 A CN107154853 A CN 107154853A
Authority
CN
China
Prior art keywords
signature
current time
time stamp
signature value
initial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710267892.5A
Other languages
Chinese (zh)
Inventor
黄浩坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jinli Communication Equipment Co Ltd
Original Assignee
Shenzhen Jinli Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jinli Communication Equipment Co Ltd filed Critical Shenzhen Jinli Communication Equipment Co Ltd
Priority to CN201710267892.5A priority Critical patent/CN107154853A/en
Publication of CN107154853A publication Critical patent/CN107154853A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The embodiment of the invention discloses a kind of signature verification method, terminal and system, wherein, this method includes:Obtain application programming interfaces required parameter and current time stamp;First signature value is obtained according to application programming interfaces required parameter and current time stamp;Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;The result transmitted by receiving interface provider, the result is compared obtained by the first signature value and the second signature value by interface provider.The embodiment of the present invention first obtains the first signature value and the second signature value based on application programming interfaces required parameter and current time stamp, then by comparing the first signature value and the second signature value to be verified result, improves the security of signature verification and data interaction.

Description

A kind of signature verification method, terminal and system
Technical field
The present invention relates to network safety filed, more particularly to a kind of signature verification method, terminal and system.
Background technology
Interface interchange side and interface provider, in order to ensure the security of data, generally require when carrying out data interaction Signature verification is carried out to application programming interface (Application Programming Interface, API).At present, it is right Api interface carries out the key that signature verification needs to use interface interchange side and interface provider to arrange.Because there is quilt in the key Leakage or the risk of Brute Force, therefore, the security of above-mentioned api interface signature-verification process is relatively low, it is difficult to ensure that data are handed over Mutual security.
The content of the invention
The embodiment of the present invention provides a kind of signature verification method, terminal and system, to improve signature verification and data interaction Security.
In a first aspect, the embodiments of the invention provide a kind of signature verification method, including:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to application programming interfaces required parameter and current time stamp;
Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;
Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;
The result transmitted by receiving interface provider, the result by interface provider compare the first signature value and Obtained by second signature value.
Second aspect, the embodiments of the invention provide a kind of signature verification terminal, including:
Acquiring unit, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit, for obtaining the first signature value according to application programming interfaces required parameter and current time stamp;
Structural unit, for constructing target according to application programming interfaces required parameter, current time stamp and the first signature value Request;
Transmitting element, for destination request to be sent to interface provider, so that interface provider gives birth to according to destination request Into the second signature value;
Receiving unit, for the result transmitted by receiving interface provider, the result is by interface provider ratio To obtained by the first signature value and the second signature value.
The third aspect, the embodiment of the present invention additionally provides a kind of signature verification method, including:
Required parameter answering by interface interchange side in destination request transmitted by receiving interface called side, the destination request With obtained by routine interface required parameter, the first signature value of interface interchange side and current time stamp, the first signature value is by applying Obtained by routine interface required parameter and current time stamp;
Application programming interfaces required parameter and current time stamp in destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
Fourth aspect, the embodiment of the present invention additionally provides a kind of signature verification terminal, including:
Receiving unit, for the destination request transmitted by receiving interface called side, required parameter in the destination request by Obtained by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and current time stamp, this One signature value is obtained by application programming interfaces required parameter and current time stamp;
Processing unit, second is obtained for the application programming interfaces required parameter and current time stamp in destination request Signature value;
Comparing unit, for comparing the first signature value and the second signature value to be verified result.
5th aspect, the embodiment of the present invention additionally provides a kind of signature verification system, including first terminal and second terminal. Wherein, the first terminal is as described in above-mentioned second aspect, and second terminal is as described in above-mentioned fourth aspect.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data Interactive security.
Brief description of the drawings
Technical scheme, is used required in being described below to embodiment in order to illustrate the embodiments of the present invention more clearly Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow diagram for the signature verification method that first embodiment of the invention is provided;
Fig. 2 is the schematic flow diagram for the signature verification method that second embodiment of the invention is provided;
Fig. 3 is the schematic flow diagram for the signature verification method that third embodiment of the invention is provided;
Fig. 4 is the schematic flow diagram for the signature verification method that fourth embodiment of the invention is provided;
Fig. 5 is the schematic flow diagram for the signature verification method that fifth embodiment of the invention is provided;
Fig. 6 is the schematic configuration diagram for the signature verification terminal that first embodiment of the invention is provided;
Fig. 7 is the schematic configuration diagram for the signature verification terminal that second embodiment of the invention is provided;
Fig. 8 is the structural representation for the signature verification terminal that third embodiment of the invention is provided;
Fig. 9 is the structural representation for the signature verification system that first embodiment of the invention is provided.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" be indicated Described feature, entirety, step, operation, the presence of element and/or component, but be not precluded from one or more of the other feature, it is whole Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singulative, " one " and "the" are intended to include plural form.
It will be further appreciated that, the term "and/or" used in description of the invention and appended claims is Refer to any combinations of one or more of the associated item listed and be possible to combination, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or " if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, the terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface The mobile phone, laptop computer or tablet PC of (for example, touch-screen display and/or touch pad) etc it is other just Portable device.It is to be further understood that in certain embodiments, the equipment not portable communication device, but with touching Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal including display and touch sensitive surface is described.It is, however, to be understood that It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Fig. 1 is refer to, is the schematic flow diagram for the signature verification method that first embodiment of the invention is provided, as illustrated, This method may include following steps:
S101, obtains application programming interfaces required parameter and current time stamp.
When two terminals need to carry out data interaction, it usually needs first to application programming interface (Application Programming Interface, API) carry out signature verification.Two terminals are commonly referred to as interface interchange side and interface is provided Side.The interface interchange side or interface provider can with but be not limited only to client server or third party.In the present embodiment In, interface interchange side refers to client, and interface provider refers to server, but is not limited.Carrying out signature verification When, interface interchange side obtains api interface required parameter (i.e. application programming interfaces required parameter) and current time stamp.Wherein, connect Mouthful called side can obtain the system time of itself as current time stamp, can also obtain current network time using as current Timestamp.
S102, the first signature value is obtained according to application programming interfaces required parameter and current time stamp.
The arrangement of dictionary ascending order is first done to api interface required parameter by interface interchange side, further according to the ginseng of api interface required parameter Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed Name.Wherein, the initial signature can be 32 word lengths, and in order to be made a distinction with subsequent content, initial signature herein can It is designated as Sign1.It should be noted that the above-mentioned method initially signed only is exemplary, it is not limited thereto.Further Ground, interface interchange side also intercepts rear three bit value of current time stamp, and target variations per hour, and root are determined according to rear three bit value Processing is replaced to some positions of the initial signature of 32 word lengths according to target variations per hour, to obtain the first signature value.The portion The detailed process divided will be described in detail in next embodiment.
S103, destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value.
Interface interchange side adds current time stamp and the first signature value in api interface required parameter, so as to obtain target Request.It should be noted that the destination request include but are not limited to http request, https request, TCP/IP request and Socket requests etc..
S104, destination request is sent to interface provider, so that interface provider signs according to destination request generation second Name value.
Interface interchange side sends destination request to interface provider, and interface provider receives the destination request.The interface Provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to the ginseng of api interface required parameter Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed Name.Wherein, the initial signature can be 32 word lengths, and can be designated as Sign2.It should be noted that above-mentioned initially signed The method of name is only exemplary, is not limited thereto., can be according in destination request after interface provider is initially signed Current time stamp initial signature Sign2 is replaced processing to obtain the second signature value.
S105, the result transmitted by receiving interface provider, the result compares first by interface provider and signed Obtained by name value and the second signature value.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both, The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data Interactive security.
Fig. 2 is refer to, is the schematic flow diagram for the signature verification method that second embodiment of the invention is provided, as illustrated, This method may include following steps:
S201, obtains application programming interfaces required parameter and current time stamp.
Interface interchange side obtains api interface required parameter (i.e. application programming interfaces required parameter) and current time stamp.Its In, interface interchange can obtain the system time of itself as current time stamp, can also obtain current network time to make For current time stamp.In the present embodiment, interface interchange side refers to client, and interface provider refers to server, but not As limit.
For example, acquired api interface required parameter includes a=1, m=2, c=3, acquired current time stamp Timestamp=1486695218.
S202, according to the initial signature of application programming interfaces required parameter generation.
Are made interface interchange side by the arrangement of dictionary ascending order, new API is obtained and connects by api interface required parameter a=1, m=2, c=3 Mouth required parameter a=1, c=3, m=2.Parameter name a, c, m of the new api interface required parameter and parameter value 1,3,2 are entered Row splicing obtains signature original text a1c3m2.Afterwards, signature original text a1c3m2 is encrypted using MD5 algorithms and obtains 32 word lengths Initial signature 5fbc803b084ea0036d30250f93130bc3.
S203, intercepts rear three bit value of current time stamp to obtain initial variations per hour, the initial variations per hour includes initial Key name and initial key assignments.
Three bit values after interface interchange side's interception current time stamp, wherein, last bit value is labeled as x, second from the bottom Bit value is labeled as y, and antepenulatimate numeric indicia is z, rear three bit value is converted into the variable of int types, and constitute Associate array A, data structure is A [0]=x, A [1]=y, A [2]=z, i.e., resulting initial variations per hour is A [0]=x, A [1]=y, A [2]=z.The initial variations per hour includes initial key name (such as 0,1,2) and initial key assignments (such as x, y, z).The present embodiment In, it is A [0]=8, A [1]=1, A according to the available initial variations per hours of current time stamp timestamp=1486695218 [2]=2.
S204, target key name is calculated according to initial key assignments.
Specifically, using A [0] numerical value as the key name of A [0], key name that A [0] is added with A [1] and as A [1] will A [0], key names that A [1] is added with A [2] and as A [2].In the present embodiment, recalculate obtained target key name be 8,9, 11, i.e. key name are changed to 8,9,11 by 0,1,2.
S205, target variations per hour is determined according to target key name.
It is 8,9,11 to determine target variations per hour according to target key name:A [8]=8, A [9]=1, A [11]=2.
S206, is replaced processing to obtain the first signature value according to target variations per hour to initial signature.
According to three target variations per hour A [8]=8 above, A [9]=1, A [11]=2, to initial signature 5fbc803b084ea0036d30250f93130bc3 is replaced.The 8th bit value b so initially signed is substituted for the 8, the 9th Bit value 0 is substituted for the 1, the 11st bit value 4 and is substituted for 2, show that the first signature value is 5fbc8038182ea0036d30250f93130bc3。
S207, destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value.
Interface interchange side adds current time stamp and the first signature value in api interface required parameter, so as to obtain target Request.It should be noted that the destination request include but are not limited to http request, https request, TCP/IP request and Socket requests etc..
S208, destination request is sent to interface provider, so that interface provider signs according to destination request generation second Name value.
Interface interchange side sends destination request to interface provider, and interface provider receives the destination request.The interface Provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to the ginseng of api interface required parameter Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed Name.Afterwards, the current time stamp that interface provider can be in destination request is replaced processing to obtain to initial signature Sign2 To the second signature value.Detailed process refer to step S203 to S206.
S209, the result transmitted by receiving interface provider, the result compares first by interface provider and signed Obtained by name value and the second signature value.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both, The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction Property.
Fig. 3 is refer to, is the schematic flow diagram for the signature verification method that third embodiment of the invention is provided, as illustrated, This method may include following steps:
S301, the destination request transmitted by receiving interface called side.
The destination request by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and Obtained by current time stamp, the first signature value is obtained by application programming interfaces required parameter and current time stamp.
When two terminals need to carry out data interaction, it usually needs first to application programming interface (Application Programming Interface, API) carry out signature verification.Two terminals are commonly referred to as interface interchange side and interface is provided Side.The interface interchange side or interface provider can with but be not limited only to client server or third party.In the present embodiment In, interface interchange side refers to client, and interface provider refers to server, but is not limited.
Interface interchange side first obtains routine interface required parameter and current time stamp, asks to join further according to application programming interfaces Number and current time stamp obtain the first signature value, afterwards according to application programming interfaces required parameter, current time stamp and first Signature value constructs destination request, will finally send destination request to interface provider.Interface provider receives the destination request. It should be noted that the detailed process of interface interchange side's construction destination request refer to the step in first embodiment of the invention S101 to S103.
S302, application programming interfaces required parameter and current time stamp in destination request obtain the second signature value.
Interface provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to api interface Parameter value and parameter name the generation signature original text of required parameter, finally signature original text is encrypted using AESs such as MD5 Initially to be signed.Wherein, the initial signature can be 32 word lengths.It should be noted that above-mentioned initially signed Method be only exemplary, be not limited thereto., can be according in destination request after interface provider is initially signed Current time stamp is replaced processing to obtain the second signature value to initial signature.
S303, compares the first signature value and the second signature value to be verified result.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both, The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data Interactive security.
Fig. 4 is refer to, is the schematic flow diagram for the signature verification method that fourth embodiment of the invention is provided, as illustrated, This method may include following steps:
S401, the destination request transmitted by receiving interface called side.
The destination request by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and Obtained by current time stamp, the first signature value is obtained by application programming interfaces required parameter and current time stamp.
Interface interchange side first obtains routine interface required parameter and current time stamp, asks to join further according to application programming interfaces Number and current time stamp obtain the first signature value, afterwards according to application programming interfaces required parameter, current time stamp and first Signature value constructs destination request, will finally send destination request to interface provider.Interface provider receives the destination request. It should be noted that the detailed process of interface interchange side's construction destination request refer to the step in first embodiment of the invention S101 to S103.
S402, according to the initial signature of application programming interfaces required parameter generation.
If the api interface required parameter that destination request includes is a=1, m=2, c=3.Interface provider is to api interface Required parameter a=1, m=2, c=3 make dictionary ascending order and arranged, and obtain new api interface required parameter a=1, c=3, m=2.Will Parameter name a, c, m and parameter value 1,3,2 of the new api interface required parameter, which splice, obtains signature original text a1c3m2.It Afterwards, the initial signature for obtaining 32 word lengths signature original text a1c3m2 is encrypted using MD5 algorithms 5fbc803b084ea0036d30250f93130bc3。
S403, intercepts rear three bit value of current time stamp to obtain initial variations per hour, the initial variations per hour includes initial Key name and initial key assignments.
Three bit values after interface provider interception current time stamp, wherein, last bit value is labeled as x, second from the bottom Bit value is labeled as y, and antepenulatimate numeric indicia is z, rear three bit value is converted into the variable of int types, and constitute Associate array A, data structure is A [0]=x, A [1]=y, A [2]=z, i.e., resulting initial variations per hour is A [0]=x, A [1]=y, A [2]=z.The initial variations per hour includes initial key name (such as 0,1,2) and initial key assignments (such as x, y, z).If target please Ask the current time stamp included for the available initial variations per hours of timestamp=1486695218 be A [0]=8, A [1]= 1st, A [2]=2.
S404, target key name is calculated according to initial key assignments.
Specifically, using A [0] numerical value as the key name of A [0], key name that A [0] is added with A [1] and as A [1] will A [0], key names that A [1] is added with A [2] and as A [2].In the present embodiment, recalculate obtained target key name be 8,9, 11, i.e. key name are changed to 8,9,11 by 0,1,2.
S405, target variations per hour is determined according to target key name.
It is 8,9,11 to determine target variations per hour according to target key name:A [8]=8, A [9]=1, A [11]=2.
S406, is replaced processing to obtain the second signature value according to target variations per hour to initial signature.
According to three target variations per hour A [8]=8 above, A [9]=1, A [11]=2, to initial signature 5fbc803b084ea0036d30250f93130bc3 is replaced.The 8th bit value b so initially signed is substituted for the 8, the 9th Bit value 0 is substituted for the 1, the 11st bit value 4 and is substituted for 2, show that the second signature value is 5fbc8038182ea0036d30250f93130bc3。
S407, compares the first signature value and the second signature value to be verified result.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both, The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction Property.
Fig. 5 is refer to, is the schematic flow diagram for the signature verification method that fifth embodiment of the invention is provided, as illustrated, This method may include following steps:
S501, interface interchange side obtains application programming interfaces required parameter and current time stamp.
S502, interface interchange root is according to the initial signature of application programming interfaces required parameter generation.
S503, interface interchange side intercepts rear three bit value of current time stamp to obtain initial variations per hour.
S504, interface interchange root determines target variations per hour according to initial variations per hour.
S505, interface interchange root is replaced processing to obtain the first signature value according to target variations per hour to initial signature.
S506, interface interchange root constructs mesh according to application programming interfaces required parameter, current time stamp and the first signature value Mark request.
S507, interface interchange side sends destination request to interface provider.
S508, the destination request transmitted by interface provider's receiving interface called side.
S509, application programming interfaces required parameter and current time stamp of the interface provider in destination request obtains Two signature values.
S510, interface provider compares the first signature value and the second signature value to be verified result.
It should be noted that step S501 to S508 detailed process refer to step S201 in second embodiment extremely S208, step S509 to S511 detailed process refer to step S401 to S407.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction Property.
Fig. 6 is refer to, is the schematic configuration diagram for the signature verification terminal that first embodiment of the invention is provided, as illustrated, The terminal can include:
Acquiring unit 10, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit 11, for obtaining the first signature value according to application programming interfaces required parameter and current time stamp;
Structural unit 12, for constructing mesh according to application programming interfaces required parameter, current time stamp and the first signature value Mark request;
Transmitting element 13, for destination request to be sent to interface provider, so that interface provider is according to destination request Generate the second signature value;
Receiving unit 14, for the result transmitted by receiving interface provider, the result is by interface provider ratio To obtained by the first signature value and the second signature value.
As an alternative embodiment, processing unit 11 specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the first signature value according to target variations per hour.
As an alternative embodiment, processing unit 11 specifically for:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction Property.
Fig. 7 is refer to, is the schematic configuration diagram for the signature verification terminal that second embodiment of the invention is provided, as illustrated, The terminal can include:
Receiving unit 20, for the destination request transmitted by receiving interface called side, the required parameter in the destination request , should obtained by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and current time stamp First signature value is obtained by application programming interfaces required parameter and current time stamp;
Processing unit 21, is obtained for the application programming interfaces required parameter and current time stamp in destination request Two signature values;
Comparing unit 22, for comparing the first signature value and the second signature value to be verified result.
As an alternative embodiment, processing unit 21 specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the second signature value according to target variations per hour.
As an alternative embodiment, processing unit 21 specifically for:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name value.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction Property.
It should be noted that the specific workflow of terminal of the embodiment of the present invention has been done in detail in foregoing method part State, will not be repeated here.
It is a kind of structural representation for terminal that third embodiment of the invention is provided with reference to Fig. 8.As illustrated, the terminal Including:At least one processor 301, such as CPU, at least one user interface 303, memory 304, at least one communication bus 302.Wherein, communication bus 302 is used to realize the connection communication between these components.Wherein, user interface 303 can include aobvious Display screen (Display), keyboard (Keyboard), optional user interface 303 can also include the wireline interface of standard, wirelessly connect Mouthful.Memory 304 can be high-speed RAM memory or non-labile memory (non-volatile Memory), for example, at least one magnetic disk storage.Memory 304 optionally can also be that at least one is located remotely from foregoing place Manage the storage device of device 301.One group is stored in the terminal that wherein processor 301 can be with reference to described by Fig. 6 to 7, memory 304 Program code, and processor 301 calls the program code stored in memory 304, for performing following operation:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to application programming interfaces required parameter and current time stamp;
Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;
Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;
The result transmitted by receiving interface provider, the result by interface provider compare the first signature value and Obtained by second signature value.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding Row is following to be operated:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the first signature value according to target variations per hour.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding Row is following to be operated:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name value.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding Row is following to be operated:
Required parameter answering by interface interchange side in destination request transmitted by receiving interface called side, the destination request With obtained by routine interface required parameter, the first signature value of interface interchange side and current time stamp, the first signature value is by applying Obtained by routine interface required parameter and current time stamp;
Application programming interfaces required parameter and current time stamp in destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding Row is following to be operated:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the second signature value according to target variations per hour.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data Interactive security.
Fig. 9 is refer to, is the schematic configuration diagram for the signature verification system that first embodiment of the invention is provided, as illustrated, The system can include first terminal 100 and second terminal 200.Wherein, the concrete structure and its function of first terminal 100 please join Terminal as described in Figure 6 is examined, the concrete structure and function of second terminal 200 refer to terminal as described in Figure 7.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data Interactive security.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially Industry technical staff can realize described function to each specific application using distinct methods, but this realization is not It is considered as beyond the scope of this invention.
In addition, in several embodiments provided herein, it should be understood that disclosed method, terminal and system, It can realize by another way.For example, device embodiment described above is only schematical, for example, the list The division of member, only a kind of division of logic function can have other dividing mode when actually realizing, such as multiple units or Component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.In addition, shown Or the coupling each other discussed or direct-coupling or communication connection can be by the indirect of some interfaces, device or unit Coupling or communication connection or electricity, mechanical or other forms are connected.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
Step in present invention method can be sequentially adjusted, merged and deleted according to actual needs.
Unit in terminal of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right It is required that protection domain be defined.

Claims (13)

1. a kind of signature verification method, it is characterised in that including:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to the application programming interfaces required parameter and current time stamp;
Destination request is constructed according to the application programming interfaces required parameter, current time stamp and the first signature value;
The destination request is sent to interface provider, so that the interface provider generates second according to the destination request Signature value;
Receive the result transmitted by the interface provider, the result compares described the by the interface provider Obtained by one signature value and the second signature value.
2. the method as described in claim 1, it is characterised in that according to the application programming interfaces required parameter and current time Stamp obtains the first signature value and specifically included:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the first signature value according to the target variations per hour.
3. method as claimed in claim 2, it is characterised in that determine that target variations per hour is specifically wrapped according to the current time stamp Include:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
4. a kind of signature verification terminal, it is characterised in that including:
Acquiring unit, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit, for obtaining the first signature value according to the application programming interfaces required parameter and current time stamp;
Structural unit, for constructing target according to the application programming interfaces required parameter, current time stamp and the first signature value Request;
Transmitting element, for the destination request to be sent to interface provider, so that the interface provider is according to the mesh Mark request the second signature value of generation;
Receiving unit, for receiving the result transmitted by the interface provider, the result is carried by the interface Supplier is compared obtained by the first signature value and the second signature value.
5. terminal as claimed in claim 4, it is characterised in that the processing unit specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the first signature value according to the target variations per hour.
6. terminal as claimed in claim 5, it is characterised in that the processing unit is additionally operable to:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
7. a kind of signature verification method, it is characterised in that including:
Required parameter in destination request transmitted by receiving interface called side, the destination request is by the interface interchange side Obtained by application programming interfaces required parameter, the first signature value of the interface interchange side and current time stamp, first signature Value is obtained by the application programming interfaces required parameter and the current time stamp;
Application programming interfaces required parameter and the current time stamp in the destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
8. method as claimed in claim 7, it is characterised in that the application programming interfaces request ginseng in the destination request Number and the current time stamp obtain the second signature value and specifically included:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the second signature value according to the target variations per hour.
9. method as claimed in claim 8, it is characterised in that determine that target variations per hour is specifically wrapped according to the current time stamp Include:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
10. a kind of signature verification terminal, it is characterised in that including:
Receiving unit, for the destination request transmitted by receiving interface called side, the required parameter in the destination request is by institute State the application programming interfaces required parameter of interface interchange side, the first signature value of the interface interchange side and current time stamp institute , the first signature value is obtained by the application programming interfaces required parameter and the current time stamp;
Processing unit, is obtained for the application programming interfaces required parameter and the current time stamp in the destination request Second signature value;
Comparing unit, for comparing the first signature value and the second signature value to be verified result.
11. terminal as claimed in claim 10, it is characterised in that the processing unit specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the second signature value according to the target variations per hour.
12. terminal as claimed in claim 11, it is characterised in that the processing unit is additionally operable to:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name value.
13. a kind of signature verification system, including first terminal and second terminal, it is characterised in that the first terminal such as right It is required that described in any one of 4-6, the second terminal is as described in claim any one of 10-12.
CN201710267892.5A 2017-04-22 2017-04-22 A kind of signature verification method, terminal and system Withdrawn CN107154853A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710267892.5A CN107154853A (en) 2017-04-22 2017-04-22 A kind of signature verification method, terminal and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710267892.5A CN107154853A (en) 2017-04-22 2017-04-22 A kind of signature verification method, terminal and system

Publications (1)

Publication Number Publication Date
CN107154853A true CN107154853A (en) 2017-09-12

Family

ID=59793086

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710267892.5A Withdrawn CN107154853A (en) 2017-04-22 2017-04-22 A kind of signature verification method, terminal and system

Country Status (1)

Country Link
CN (1) CN107154853A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107888656A (en) * 2017-10-09 2018-04-06 北京京东尚科信息技术有限公司 Service the call method and calling device of end interface
CN109450649A (en) * 2018-12-28 2019-03-08 北京金山安全软件有限公司 Gateway verification method and device based on application program interface and electronic equipment
CN110768956A (en) * 2019-09-19 2020-02-07 苏宁云计算有限公司 Data service providing method, device, computer equipment and storage medium
CN111767221A (en) * 2020-06-28 2020-10-13 北京百度网讯科技有限公司 Interface test method, device, equipment and storage medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107888656A (en) * 2017-10-09 2018-04-06 北京京东尚科信息技术有限公司 Service the call method and calling device of end interface
CN107888656B (en) * 2017-10-09 2020-11-20 北京京东尚科信息技术有限公司 Calling method and calling device of server-side interface
CN109450649A (en) * 2018-12-28 2019-03-08 北京金山安全软件有限公司 Gateway verification method and device based on application program interface and electronic equipment
CN110768956A (en) * 2019-09-19 2020-02-07 苏宁云计算有限公司 Data service providing method, device, computer equipment and storage medium
CN110768956B (en) * 2019-09-19 2022-09-27 苏宁云计算有限公司 Data service providing method, device, computer equipment and storage medium
CN111767221A (en) * 2020-06-28 2020-10-13 北京百度网讯科技有限公司 Interface test method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107154853A (en) A kind of signature verification method, terminal and system
US10241991B2 (en) Providing context-aware input data
CN104834449B (en) The icon management method and device of mobile terminal
WO2020181937A1 (en) Method and system for modifying blockchain network configuration
WO2021114918A1 (en) Integrity checking method and apparatus, terminal device and verification server
JP2015528162A (en) Generate localized user interface
WO2012137567A1 (en) Drawing management server, drawing management program, and drawing management system
JP5102916B2 (en) Storage system and storage system management method
CN107864039A (en) A kind of application signature method, terminal and computer-readable recording medium
CN106603510A (en) Data processing method and terminal
JP2020135154A (en) System and method that assist in developing application software
CN107506200A (en) A kind of screen content switching method, terminal and computer-readable recording medium
CN106886364A (en) A kind of text handling method and terminal based on speech recognition
CN107766708A (en) Nullify method, terminal and the computer-readable recording medium of account Entered state
CN114189553A (en) Flow playback method, system and computing equipment
US11354492B2 (en) EDOC utility using non-structured-query-language databases
CN108171063A (en) Method, terminal and the computer readable storage medium of access safety element
US10282527B2 (en) Information processing apparatus, information processing method, program, storage medium, and password entry apparatus
WO2021077862A1 (en) File synchronization method and device
WO2021031429A1 (en) Blockchain account address generation method, system and apparatus and computer-readable storage medium
CN113158217A (en) Authority verification method and device, computer equipment and storage medium
US8955061B2 (en) Information processing apparatus, authentication system, authentication method, and program
CN106778219A (en) A kind of cipher code protection method and terminal
CN105046017A (en) Rapid node placement method and system for electromechanical seismic design
JP2009301190A (en) Document processor and document processing program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20170912