CN107154853A - A kind of signature verification method, terminal and system - Google Patents
A kind of signature verification method, terminal and system Download PDFInfo
- Publication number
- CN107154853A CN107154853A CN201710267892.5A CN201710267892A CN107154853A CN 107154853 A CN107154853 A CN 107154853A CN 201710267892 A CN201710267892 A CN 201710267892A CN 107154853 A CN107154853 A CN 107154853A
- Authority
- CN
- China
- Prior art keywords
- signature
- current time
- time stamp
- signature value
- initial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The embodiment of the invention discloses a kind of signature verification method, terminal and system, wherein, this method includes:Obtain application programming interfaces required parameter and current time stamp;First signature value is obtained according to application programming interfaces required parameter and current time stamp;Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;The result transmitted by receiving interface provider, the result is compared obtained by the first signature value and the second signature value by interface provider.The embodiment of the present invention first obtains the first signature value and the second signature value based on application programming interfaces required parameter and current time stamp, then by comparing the first signature value and the second signature value to be verified result, improves the security of signature verification and data interaction.
Description
Technical field
The present invention relates to network safety filed, more particularly to a kind of signature verification method, terminal and system.
Background technology
Interface interchange side and interface provider, in order to ensure the security of data, generally require when carrying out data interaction
Signature verification is carried out to application programming interface (Application Programming Interface, API).At present, it is right
Api interface carries out the key that signature verification needs to use interface interchange side and interface provider to arrange.Because there is quilt in the key
Leakage or the risk of Brute Force, therefore, the security of above-mentioned api interface signature-verification process is relatively low, it is difficult to ensure that data are handed over
Mutual security.
The content of the invention
The embodiment of the present invention provides a kind of signature verification method, terminal and system, to improve signature verification and data interaction
Security.
In a first aspect, the embodiments of the invention provide a kind of signature verification method, including:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to application programming interfaces required parameter and current time stamp;
Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;
Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;
The result transmitted by receiving interface provider, the result by interface provider compare the first signature value and
Obtained by second signature value.
Second aspect, the embodiments of the invention provide a kind of signature verification terminal, including:
Acquiring unit, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit, for obtaining the first signature value according to application programming interfaces required parameter and current time stamp;
Structural unit, for constructing target according to application programming interfaces required parameter, current time stamp and the first signature value
Request;
Transmitting element, for destination request to be sent to interface provider, so that interface provider gives birth to according to destination request
Into the second signature value;
Receiving unit, for the result transmitted by receiving interface provider, the result is by interface provider ratio
To obtained by the first signature value and the second signature value.
The third aspect, the embodiment of the present invention additionally provides a kind of signature verification method, including:
Required parameter answering by interface interchange side in destination request transmitted by receiving interface called side, the destination request
With obtained by routine interface required parameter, the first signature value of interface interchange side and current time stamp, the first signature value is by applying
Obtained by routine interface required parameter and current time stamp;
Application programming interfaces required parameter and current time stamp in destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
Fourth aspect, the embodiment of the present invention additionally provides a kind of signature verification terminal, including:
Receiving unit, for the destination request transmitted by receiving interface called side, required parameter in the destination request by
Obtained by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and current time stamp, this
One signature value is obtained by application programming interfaces required parameter and current time stamp;
Processing unit, second is obtained for the application programming interfaces required parameter and current time stamp in destination request
Signature value;
Comparing unit, for comparing the first signature value and the second signature value to be verified result.
5th aspect, the embodiment of the present invention additionally provides a kind of signature verification system, including first terminal and second terminal.
Wherein, the first terminal is as described in above-mentioned second aspect, and second terminal is as described in above-mentioned fourth aspect.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp
Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data
Interactive security.
Brief description of the drawings
Technical scheme, is used required in being described below to embodiment in order to illustrate the embodiments of the present invention more clearly
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, general for this area
For logical technical staff, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow diagram for the signature verification method that first embodiment of the invention is provided;
Fig. 2 is the schematic flow diagram for the signature verification method that second embodiment of the invention is provided;
Fig. 3 is the schematic flow diagram for the signature verification method that third embodiment of the invention is provided;
Fig. 4 is the schematic flow diagram for the signature verification method that fourth embodiment of the invention is provided;
Fig. 5 is the schematic flow diagram for the signature verification method that fifth embodiment of the invention is provided;
Fig. 6 is the schematic configuration diagram for the signature verification terminal that first embodiment of the invention is provided;
Fig. 7 is the schematic configuration diagram for the signature verification terminal that second embodiment of the invention is provided;
Fig. 8 is the structural representation for the signature verification terminal that third embodiment of the invention is provided;
Fig. 9 is the structural representation for the signature verification system that first embodiment of the invention is provided.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" be indicated
Described feature, entirety, step, operation, the presence of element and/or component, but be not precluded from one or more of the other feature, it is whole
Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment
And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singulative, " one " and "the" are intended to include plural form.
It will be further appreciated that, the term "and/or" used in description of the invention and appended claims is
Refer to any combinations of one or more of the associated item listed and be possible to combination, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, the terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface
The mobile phone, laptop computer or tablet PC of (for example, touch-screen display and/or touch pad) etc it is other just
Portable device.It is to be further understood that in certain embodiments, the equipment not portable communication device, but with touching
Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal including display and touch sensitive surface is described.It is, however, to be understood that
It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Fig. 1 is refer to, is the schematic flow diagram for the signature verification method that first embodiment of the invention is provided, as illustrated,
This method may include following steps:
S101, obtains application programming interfaces required parameter and current time stamp.
When two terminals need to carry out data interaction, it usually needs first to application programming interface (Application
Programming Interface, API) carry out signature verification.Two terminals are commonly referred to as interface interchange side and interface is provided
Side.The interface interchange side or interface provider can with but be not limited only to client server or third party.In the present embodiment
In, interface interchange side refers to client, and interface provider refers to server, but is not limited.Carrying out signature verification
When, interface interchange side obtains api interface required parameter (i.e. application programming interfaces required parameter) and current time stamp.Wherein, connect
Mouthful called side can obtain the system time of itself as current time stamp, can also obtain current network time using as current
Timestamp.
S102, the first signature value is obtained according to application programming interfaces required parameter and current time stamp.
The arrangement of dictionary ascending order is first done to api interface required parameter by interface interchange side, further according to the ginseng of api interface required parameter
Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed
Name.Wherein, the initial signature can be 32 word lengths, and in order to be made a distinction with subsequent content, initial signature herein can
It is designated as Sign1.It should be noted that the above-mentioned method initially signed only is exemplary, it is not limited thereto.Further
Ground, interface interchange side also intercepts rear three bit value of current time stamp, and target variations per hour, and root are determined according to rear three bit value
Processing is replaced to some positions of the initial signature of 32 word lengths according to target variations per hour, to obtain the first signature value.The portion
The detailed process divided will be described in detail in next embodiment.
S103, destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value.
Interface interchange side adds current time stamp and the first signature value in api interface required parameter, so as to obtain target
Request.It should be noted that the destination request include but are not limited to http request, https request, TCP/IP request and
Socket requests etc..
S104, destination request is sent to interface provider, so that interface provider signs according to destination request generation second
Name value.
Interface interchange side sends destination request to interface provider, and interface provider receives the destination request.The interface
Provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to the ginseng of api interface required parameter
Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed
Name.Wherein, the initial signature can be 32 word lengths, and can be designated as Sign2.It should be noted that above-mentioned initially signed
The method of name is only exemplary, is not limited thereto., can be according in destination request after interface provider is initially signed
Current time stamp initial signature Sign2 is replaced processing to obtain the second signature value.
S105, the result transmitted by receiving interface provider, the result compares first by interface provider and signed
Obtained by name value and the second signature value.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first
Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side
It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both,
The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface
The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp
Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data
Interactive security.
Fig. 2 is refer to, is the schematic flow diagram for the signature verification method that second embodiment of the invention is provided, as illustrated,
This method may include following steps:
S201, obtains application programming interfaces required parameter and current time stamp.
Interface interchange side obtains api interface required parameter (i.e. application programming interfaces required parameter) and current time stamp.Its
In, interface interchange can obtain the system time of itself as current time stamp, can also obtain current network time to make
For current time stamp.In the present embodiment, interface interchange side refers to client, and interface provider refers to server, but not
As limit.
For example, acquired api interface required parameter includes a=1, m=2, c=3, acquired current time stamp
Timestamp=1486695218.
S202, according to the initial signature of application programming interfaces required parameter generation.
Are made interface interchange side by the arrangement of dictionary ascending order, new API is obtained and connects by api interface required parameter a=1, m=2, c=3
Mouth required parameter a=1, c=3, m=2.Parameter name a, c, m of the new api interface required parameter and parameter value 1,3,2 are entered
Row splicing obtains signature original text a1c3m2.Afterwards, signature original text a1c3m2 is encrypted using MD5 algorithms and obtains 32 word lengths
Initial signature 5fbc803b084ea0036d30250f93130bc3.
S203, intercepts rear three bit value of current time stamp to obtain initial variations per hour, the initial variations per hour includes initial
Key name and initial key assignments.
Three bit values after interface interchange side's interception current time stamp, wherein, last bit value is labeled as x, second from the bottom
Bit value is labeled as y, and antepenulatimate numeric indicia is z, rear three bit value is converted into the variable of int types, and constitute
Associate array A, data structure is A [0]=x, A [1]=y, A [2]=z, i.e., resulting initial variations per hour is A [0]=x, A
[1]=y, A [2]=z.The initial variations per hour includes initial key name (such as 0,1,2) and initial key assignments (such as x, y, z).The present embodiment
In, it is A [0]=8, A [1]=1, A according to the available initial variations per hours of current time stamp timestamp=1486695218
[2]=2.
S204, target key name is calculated according to initial key assignments.
Specifically, using A [0] numerical value as the key name of A [0], key name that A [0] is added with A [1] and as A [1] will
A [0], key names that A [1] is added with A [2] and as A [2].In the present embodiment, recalculate obtained target key name be 8,9,
11, i.e. key name are changed to 8,9,11 by 0,1,2.
S205, target variations per hour is determined according to target key name.
It is 8,9,11 to determine target variations per hour according to target key name:A [8]=8, A [9]=1, A [11]=2.
S206, is replaced processing to obtain the first signature value according to target variations per hour to initial signature.
According to three target variations per hour A [8]=8 above, A [9]=1, A [11]=2, to initial signature
5fbc803b084ea0036d30250f93130bc3 is replaced.The 8th bit value b so initially signed is substituted for the 8, the 9th
Bit value 0 is substituted for the 1, the 11st bit value 4 and is substituted for 2, show that the first signature value is
5fbc8038182ea0036d30250f93130bc3。
S207, destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value.
Interface interchange side adds current time stamp and the first signature value in api interface required parameter, so as to obtain target
Request.It should be noted that the destination request include but are not limited to http request, https request, TCP/IP request and
Socket requests etc..
S208, destination request is sent to interface provider, so that interface provider signs according to destination request generation second
Name value.
Interface interchange side sends destination request to interface provider, and interface provider receives the destination request.The interface
Provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to the ginseng of api interface required parameter
Numerical value and parameter name generation signature original text, finally use the AESs such as MD5 that signature original text is encrypted initially to be signed
Name.Afterwards, the current time stamp that interface provider can be in destination request is replaced processing to obtain to initial signature Sign2
To the second signature value.Detailed process refer to step S203 to S206.
S209, the result transmitted by receiving interface provider, the result compares first by interface provider and signed
Obtained by name value and the second signature value.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first
Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side
It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both,
The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface
The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second
Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time
Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention
Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention
In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention
Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature
Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come
Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no
Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters
Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction
Property.
Fig. 3 is refer to, is the schematic flow diagram for the signature verification method that third embodiment of the invention is provided, as illustrated,
This method may include following steps:
S301, the destination request transmitted by receiving interface called side.
The destination request by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and
Obtained by current time stamp, the first signature value is obtained by application programming interfaces required parameter and current time stamp.
When two terminals need to carry out data interaction, it usually needs first to application programming interface (Application
Programming Interface, API) carry out signature verification.Two terminals are commonly referred to as interface interchange side and interface is provided
Side.The interface interchange side or interface provider can with but be not limited only to client server or third party.In the present embodiment
In, interface interchange side refers to client, and interface provider refers to server, but is not limited.
Interface interchange side first obtains routine interface required parameter and current time stamp, asks to join further according to application programming interfaces
Number and current time stamp obtain the first signature value, afterwards according to application programming interfaces required parameter, current time stamp and first
Signature value constructs destination request, will finally send destination request to interface provider.Interface provider receives the destination request.
It should be noted that the detailed process of interface interchange side's construction destination request refer to the step in first embodiment of the invention
S101 to S103.
S302, application programming interfaces required parameter and current time stamp in destination request obtain the second signature value.
Interface provider first does the arrangement of dictionary ascending order to the api interface required parameter in destination request, further according to api interface
Parameter value and parameter name the generation signature original text of required parameter, finally signature original text is encrypted using AESs such as MD5
Initially to be signed.Wherein, the initial signature can be 32 word lengths.It should be noted that above-mentioned initially signed
Method be only exemplary, be not limited thereto., can be according in destination request after interface provider is initially signed
Current time stamp is replaced processing to obtain the second signature value to initial signature.
S303, compares the first signature value and the second signature value to be verified result.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first
Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side
It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both,
The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface
The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp
Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data
Interactive security.
Fig. 4 is refer to, is the schematic flow diagram for the signature verification method that fourth embodiment of the invention is provided, as illustrated,
This method may include following steps:
S401, the destination request transmitted by receiving interface called side.
The destination request by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and
Obtained by current time stamp, the first signature value is obtained by application programming interfaces required parameter and current time stamp.
Interface interchange side first obtains routine interface required parameter and current time stamp, asks to join further according to application programming interfaces
Number and current time stamp obtain the first signature value, afterwards according to application programming interfaces required parameter, current time stamp and first
Signature value constructs destination request, will finally send destination request to interface provider.Interface provider receives the destination request.
It should be noted that the detailed process of interface interchange side's construction destination request refer to the step in first embodiment of the invention
S101 to S103.
S402, according to the initial signature of application programming interfaces required parameter generation.
If the api interface required parameter that destination request includes is a=1, m=2, c=3.Interface provider is to api interface
Required parameter a=1, m=2, c=3 make dictionary ascending order and arranged, and obtain new api interface required parameter a=1, c=3, m=2.Will
Parameter name a, c, m and parameter value 1,3,2 of the new api interface required parameter, which splice, obtains signature original text a1c3m2.It
Afterwards, the initial signature for obtaining 32 word lengths signature original text a1c3m2 is encrypted using MD5 algorithms
5fbc803b084ea0036d30250f93130bc3。
S403, intercepts rear three bit value of current time stamp to obtain initial variations per hour, the initial variations per hour includes initial
Key name and initial key assignments.
Three bit values after interface provider interception current time stamp, wherein, last bit value is labeled as x, second from the bottom
Bit value is labeled as y, and antepenulatimate numeric indicia is z, rear three bit value is converted into the variable of int types, and constitute
Associate array A, data structure is A [0]=x, A [1]=y, A [2]=z, i.e., resulting initial variations per hour is A [0]=x, A
[1]=y, A [2]=z.The initial variations per hour includes initial key name (such as 0,1,2) and initial key assignments (such as x, y, z).If target please
Ask the current time stamp included for the available initial variations per hours of timestamp=1486695218 be A [0]=8, A [1]=
1st, A [2]=2.
S404, target key name is calculated according to initial key assignments.
Specifically, using A [0] numerical value as the key name of A [0], key name that A [0] is added with A [1] and as A [1] will
A [0], key names that A [1] is added with A [2] and as A [2].In the present embodiment, recalculate obtained target key name be 8,9,
11, i.e. key name are changed to 8,9,11 by 0,1,2.
S405, target variations per hour is determined according to target key name.
It is 8,9,11 to determine target variations per hour according to target key name:A [8]=8, A [9]=1, A [11]=2.
S406, is replaced processing to obtain the second signature value according to target variations per hour to initial signature.
According to three target variations per hour A [8]=8 above, A [9]=1, A [11]=2, to initial signature
5fbc803b084ea0036d30250f93130bc3 is replaced.The 8th bit value b so initially signed is substituted for the 8, the 9th
Bit value 0 is substituted for the 1, the 11st bit value 4 and is substituted for 2, show that the second signature value is
5fbc8038182ea0036d30250f93130bc3。
S407, compares the first signature value and the second signature value to be verified result.
Interface provider is generated after the second signature value, can be generated the second signature value and interface provider first
Signature value is compared, if comparing out, both are consistent, and the request of specification interface called side is connect being sent to from interface interchange side
It is not tampered with during mouth provider, the request of interface interchange side is legal, passes through checking;If it is inconsistent to compare out both,
The request of specification interface called side may have been tampered with during interface provider is sent to from interface interchange side, interface
The request of called side is illegal, does not pass through checking.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second
Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time
Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention
Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention
In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention
Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature
Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come
Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no
Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters
Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction
Property.
Fig. 5 is refer to, is the schematic flow diagram for the signature verification method that fifth embodiment of the invention is provided, as illustrated,
This method may include following steps:
S501, interface interchange side obtains application programming interfaces required parameter and current time stamp.
S502, interface interchange root is according to the initial signature of application programming interfaces required parameter generation.
S503, interface interchange side intercepts rear three bit value of current time stamp to obtain initial variations per hour.
S504, interface interchange root determines target variations per hour according to initial variations per hour.
S505, interface interchange root is replaced processing to obtain the first signature value according to target variations per hour to initial signature.
S506, interface interchange root constructs mesh according to application programming interfaces required parameter, current time stamp and the first signature value
Mark request.
S507, interface interchange side sends destination request to interface provider.
S508, the destination request transmitted by interface provider's receiving interface called side.
S509, application programming interfaces required parameter and current time stamp of the interface provider in destination request obtains
Two signature values.
S510, interface provider compares the first signature value and the second signature value to be verified result.
It should be noted that step S501 to S508 detailed process refer to step S201 in second embodiment extremely
S208, step S509 to S511 detailed process refer to step S401 to S407.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second
Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time
Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention
Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention
In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention
Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature
Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come
Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no
Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters
Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction
Property.
Fig. 6 is refer to, is the schematic configuration diagram for the signature verification terminal that first embodiment of the invention is provided, as illustrated,
The terminal can include:
Acquiring unit 10, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit 11, for obtaining the first signature value according to application programming interfaces required parameter and current time stamp;
Structural unit 12, for constructing mesh according to application programming interfaces required parameter, current time stamp and the first signature value
Mark request;
Transmitting element 13, for destination request to be sent to interface provider, so that interface provider is according to destination request
Generate the second signature value;
Receiving unit 14, for the result transmitted by receiving interface provider, the result is by interface provider ratio
To obtained by the first signature value and the second signature value.
As an alternative embodiment, processing unit 11 specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the first signature value according to target variations per hour.
As an alternative embodiment, processing unit 11 specifically for:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first
Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second
Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time
Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention
Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention
In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention
Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature
Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come
Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no
Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters
Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction
Property.
Fig. 7 is refer to, is the schematic configuration diagram for the signature verification terminal that second embodiment of the invention is provided, as illustrated,
The terminal can include:
Receiving unit 20, for the destination request transmitted by receiving interface called side, the required parameter in the destination request
, should obtained by the application programming interfaces required parameter of interface interchange side, the first signature value of interface interchange side and current time stamp
First signature value is obtained by application programming interfaces required parameter and current time stamp;
Processing unit 21, is obtained for the application programming interfaces required parameter and current time stamp in destination request
Two signature values;
Comparing unit 22, for comparing the first signature value and the second signature value to be verified result.
As an alternative embodiment, processing unit 21 specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the second signature value according to target variations per hour.
As an alternative embodiment, processing unit 21 specifically for:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first
Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name value.
The embodiment of the present invention, based on application programming interfaces required parameter and current time stamp generation the first signature value and second
Signature value, when the first signature value of specific generation and the second signature value, is stabbed to the replacement position initially signed and numerical value with the time
Change and change, changing rule is complicated, can hardly be by Brute Force with very strong dynamic.In addition, the embodiment of the present invention
Abandon traditional secrete key signature scheme, it is to avoid because data leak risk caused by Key Exposure.In addition, the embodiment of the present invention
In the initial signature of generation, MD5 algorithms are employed, due to the versatility of MD5 algorithms so that the signature verification of the embodiment of the present invention
Method can be more widely used;And, the first signature value and the second signature value finally given still retains original MD5 generations signature
Data structure, still fall within standard md5 encryption signature form, this for beyond interface provider and called side third party come
Say with strong fascination.Due to the characteristic that md5 encryption is signed, once signature changes, its former data mapped has no
Relevance.Even if therefore signature is cracked by traditional MD5 manner of decryption, obtained parametric results are a little associated with this interface parameters
Property does not all have, and the result cracked is also meaningless.To sum up, the embodiment of the present invention improves the safety of signature verification and data interaction
Property.
It should be noted that the specific workflow of terminal of the embodiment of the present invention has been done in detail in foregoing method part
State, will not be repeated here.
It is a kind of structural representation for terminal that third embodiment of the invention is provided with reference to Fig. 8.As illustrated, the terminal
Including:At least one processor 301, such as CPU, at least one user interface 303, memory 304, at least one communication bus
302.Wherein, communication bus 302 is used to realize the connection communication between these components.Wherein, user interface 303 can include aobvious
Display screen (Display), keyboard (Keyboard), optional user interface 303 can also include the wireline interface of standard, wirelessly connect
Mouthful.Memory 304 can be high-speed RAM memory or non-labile memory (non-volatile
Memory), for example, at least one magnetic disk storage.Memory 304 optionally can also be that at least one is located remotely from foregoing place
Manage the storage device of device 301.One group is stored in the terminal that wherein processor 301 can be with reference to described by Fig. 6 to 7, memory 304
Program code, and processor 301 calls the program code stored in memory 304, for performing following operation:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to application programming interfaces required parameter and current time stamp;
Destination request is constructed according to application programming interfaces required parameter, current time stamp and the first signature value;
Destination request is sent to interface provider, so that interface provider generates the second signature value according to destination request;
The result transmitted by receiving interface provider, the result by interface provider compare the first signature value and
Obtained by second signature value.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding
Row is following to be operated:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the first signature value according to target variations per hour.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding
Row is following to be operated:
Rear three bit value of current time stamp is intercepted to obtain initial variations per hour, initial variations per hour includes initial key name and first
Beginning key assignments;
Target key name is calculated according to initial key assignments;
Target variations per hour is determined according to target key name value.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding
Row is following to be operated:
Required parameter answering by interface interchange side in destination request transmitted by receiving interface called side, the destination request
With obtained by routine interface required parameter, the first signature value of interface interchange side and current time stamp, the first signature value is by applying
Obtained by routine interface required parameter and current time stamp;
Application programming interfaces required parameter and current time stamp in destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
As an alternative embodiment, processor 301 calls the program code stored in memory 304, for holding
Row is following to be operated:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to current time stamp;
It is replaced processing to initial signature to obtain the second signature value according to target variations per hour.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp
Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data
Interactive security.
Fig. 9 is refer to, is the schematic configuration diagram for the signature verification system that first embodiment of the invention is provided, as illustrated,
The system can include first terminal 100 and second terminal 200.Wherein, the concrete structure and its function of first terminal 100 please join
Terminal as described in Figure 6 is examined, the concrete structure and function of second terminal 200 refer to terminal as described in Figure 7.
The embodiment of the present invention, first obtains the first signature value and based on application programming interfaces required parameter and current time stamp
Two signature values, then by comparing the first signature value and the second signature value to be verified result, improve signature verification and data
Interactive security.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware
With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This
A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially
Industry technical staff can realize described function to each specific application using distinct methods, but this realization is not
It is considered as beyond the scope of this invention.
In addition, in several embodiments provided herein, it should be understood that disclosed method, terminal and system,
It can realize by another way.For example, device embodiment described above is only schematical, for example, the list
The division of member, only a kind of division of logic function can have other dividing mode when actually realizing, such as multiple units or
Component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.In addition, shown
Or the coupling each other discussed or direct-coupling or communication connection can be by the indirect of some interfaces, device or unit
Coupling or communication connection or electricity, mechanical or other forms are connected.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs
Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated
Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
Step in present invention method can be sequentially adjusted, merged and deleted according to actual needs.
Unit in terminal of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced
Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain be defined.
Claims (13)
1. a kind of signature verification method, it is characterised in that including:
Obtain application programming interfaces required parameter and current time stamp;
First signature value is obtained according to the application programming interfaces required parameter and current time stamp;
Destination request is constructed according to the application programming interfaces required parameter, current time stamp and the first signature value;
The destination request is sent to interface provider, so that the interface provider generates second according to the destination request
Signature value;
Receive the result transmitted by the interface provider, the result compares described the by the interface provider
Obtained by one signature value and the second signature value.
2. the method as described in claim 1, it is characterised in that according to the application programming interfaces required parameter and current time
Stamp obtains the first signature value and specifically included:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the first signature value according to the target variations per hour.
3. method as claimed in claim 2, it is characterised in that determine that target variations per hour is specifically wrapped according to the current time stamp
Include:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name
With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
4. a kind of signature verification terminal, it is characterised in that including:
Acquiring unit, for obtaining application programming interfaces required parameter and current time stamp;
Processing unit, for obtaining the first signature value according to the application programming interfaces required parameter and current time stamp;
Structural unit, for constructing target according to the application programming interfaces required parameter, current time stamp and the first signature value
Request;
Transmitting element, for the destination request to be sent to interface provider, so that the interface provider is according to the mesh
Mark request the second signature value of generation;
Receiving unit, for receiving the result transmitted by the interface provider, the result is carried by the interface
Supplier is compared obtained by the first signature value and the second signature value.
5. terminal as claimed in claim 4, it is characterised in that the processing unit specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the first signature value according to the target variations per hour.
6. terminal as claimed in claim 5, it is characterised in that the processing unit is additionally operable to:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name
With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
7. a kind of signature verification method, it is characterised in that including:
Required parameter in destination request transmitted by receiving interface called side, the destination request is by the interface interchange side
Obtained by application programming interfaces required parameter, the first signature value of the interface interchange side and current time stamp, first signature
Value is obtained by the application programming interfaces required parameter and the current time stamp;
Application programming interfaces required parameter and the current time stamp in the destination request obtain the second signature value;
The first signature value and the second signature value is compared to be verified result.
8. method as claimed in claim 7, it is characterised in that the application programming interfaces request ginseng in the destination request
Number and the current time stamp obtain the second signature value and specifically included:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the second signature value according to the target variations per hour.
9. method as claimed in claim 8, it is characterised in that determine that target variations per hour is specifically wrapped according to the current time stamp
Include:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name
With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name.
10. a kind of signature verification terminal, it is characterised in that including:
Receiving unit, for the destination request transmitted by receiving interface called side, the required parameter in the destination request is by institute
State the application programming interfaces required parameter of interface interchange side, the first signature value of the interface interchange side and current time stamp institute
, the first signature value is obtained by the application programming interfaces required parameter and the current time stamp;
Processing unit, is obtained for the application programming interfaces required parameter and the current time stamp in the destination request
Second signature value;
Comparing unit, for comparing the first signature value and the second signature value to be verified result.
11. terminal as claimed in claim 10, it is characterised in that the processing unit specifically for:
According to the initial signature of application programming interfaces required parameter generation;
Target variations per hour is determined according to the current time stamp;
It is replaced processing to the initial signature to obtain the second signature value according to the target variations per hour.
12. terminal as claimed in claim 11, it is characterised in that the processing unit is additionally operable to:
Rear three bit value of the current time stamp is intercepted to obtain initial variations per hour, the initial variations per hour includes initial key name
With initial key assignments;
Target key name is calculated according to the initial key assignments;
The target variations per hour is determined according to the target key name value.
13. a kind of signature verification system, including first terminal and second terminal, it is characterised in that the first terminal such as right
It is required that described in any one of 4-6, the second terminal is as described in claim any one of 10-12.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710267892.5A CN107154853A (en) | 2017-04-22 | 2017-04-22 | A kind of signature verification method, terminal and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710267892.5A CN107154853A (en) | 2017-04-22 | 2017-04-22 | A kind of signature verification method, terminal and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107154853A true CN107154853A (en) | 2017-09-12 |
Family
ID=59793086
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710267892.5A Withdrawn CN107154853A (en) | 2017-04-22 | 2017-04-22 | A kind of signature verification method, terminal and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107154853A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107888656A (en) * | 2017-10-09 | 2018-04-06 | 北京京东尚科信息技术有限公司 | Service the call method and calling device of end interface |
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
CN110768956A (en) * | 2019-09-19 | 2020-02-07 | 苏宁云计算有限公司 | Data service providing method, device, computer equipment and storage medium |
CN111767221A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | Interface test method, device, equipment and storage medium |
-
2017
- 2017-04-22 CN CN201710267892.5A patent/CN107154853A/en not_active Withdrawn
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107888656A (en) * | 2017-10-09 | 2018-04-06 | 北京京东尚科信息技术有限公司 | Service the call method and calling device of end interface |
CN107888656B (en) * | 2017-10-09 | 2020-11-20 | 北京京东尚科信息技术有限公司 | Calling method and calling device of server-side interface |
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
CN110768956A (en) * | 2019-09-19 | 2020-02-07 | 苏宁云计算有限公司 | Data service providing method, device, computer equipment and storage medium |
CN110768956B (en) * | 2019-09-19 | 2022-09-27 | 苏宁云计算有限公司 | Data service providing method, device, computer equipment and storage medium |
CN111767221A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | Interface test method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107154853A (en) | A kind of signature verification method, terminal and system | |
US10241991B2 (en) | Providing context-aware input data | |
CN104834449B (en) | The icon management method and device of mobile terminal | |
WO2020181937A1 (en) | Method and system for modifying blockchain network configuration | |
WO2021114918A1 (en) | Integrity checking method and apparatus, terminal device and verification server | |
JP2015528162A (en) | Generate localized user interface | |
WO2012137567A1 (en) | Drawing management server, drawing management program, and drawing management system | |
JP5102916B2 (en) | Storage system and storage system management method | |
CN107864039A (en) | A kind of application signature method, terminal and computer-readable recording medium | |
CN106603510A (en) | Data processing method and terminal | |
JP2020135154A (en) | System and method that assist in developing application software | |
CN107506200A (en) | A kind of screen content switching method, terminal and computer-readable recording medium | |
CN106886364A (en) | A kind of text handling method and terminal based on speech recognition | |
CN107766708A (en) | Nullify method, terminal and the computer-readable recording medium of account Entered state | |
CN114189553A (en) | Flow playback method, system and computing equipment | |
US11354492B2 (en) | EDOC utility using non-structured-query-language databases | |
CN108171063A (en) | Method, terminal and the computer readable storage medium of access safety element | |
US10282527B2 (en) | Information processing apparatus, information processing method, program, storage medium, and password entry apparatus | |
WO2021077862A1 (en) | File synchronization method and device | |
WO2021031429A1 (en) | Blockchain account address generation method, system and apparatus and computer-readable storage medium | |
CN113158217A (en) | Authority verification method and device, computer equipment and storage medium | |
US8955061B2 (en) | Information processing apparatus, authentication system, authentication method, and program | |
CN106778219A (en) | A kind of cipher code protection method and terminal | |
CN105046017A (en) | Rapid node placement method and system for electromechanical seismic design | |
JP2009301190A (en) | Document processor and document processing program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170912 |