CN107204977A - Interface security method of calibration and device, computer-readable recording medium - Google Patents
Interface security method of calibration and device, computer-readable recording medium Download PDFInfo
- Publication number
- CN107204977A CN107204977A CN201710370072.9A CN201710370072A CN107204977A CN 107204977 A CN107204977 A CN 107204977A CN 201710370072 A CN201710370072 A CN 201710370072A CN 107204977 A CN107204977 A CN 107204977A
- Authority
- CN
- China
- Prior art keywords
- interface
- check
- information
- check information
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of interface security method of calibration and device, computer-readable recording medium, methods described includes step:The first system is intercepted by safety check tangent plane is added to the check information of the check information of the second system got and second system interface in the header of hypertext transfer protocol requests;Hypertext transfer protocol requests, which are sent, to second system calls second system interface;Second system receives hypertext transfer protocol requests, is intercepted by safety check tangent plane and the check information of second system and the check information of second system interface are verified respectively;After being verified, perform second system interface and implementing result is fed back into the first system.Interface security method of calibration disclosed by the invention and device, computer-readable recording medium, system and system interface use different check informations, and security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the security of transmission data.
Description
Technical field
The present invention relates to communication technical field, more particularly to it is a kind of interface security method of calibration and device, computer-readable
Storage medium.
Background technology
When being interacted between system, including cell-phone customer terminal and server system, it is required for using HTTP interface.For
Ensure safety, be often required for using safety check mechanism.The more verification scheme used in the prior art is Base
Auth mechanism, i.e., to need access oneself system distribute a username and password;After username and password is verified, just
All interfaces of the system can be accessed.
There is problems with prior art:
1st, system only provides a username and password to external system, just can be with as long as breaking through this set user name password
Whole interfaces of access system, its security intensity is relatively low;
2nd, some interfaces can not be defined with the username and password different from system, the flexibility of system is poor;
3rd, during interface check, only username and password verification once, security mechanism is more weak;
4th, developer and operation maintenance personnel can know username and password, once leakage, may result in system and owns
Interface on the network, increase the risk attacked.
The content of the invention
It is a primary object of the present invention to propose a kind of interface security method of calibration and device, computer-readable storage medium
Matter, it is intended to solve the problem of prior art is present.
To achieve the above object, first aspect of the embodiment of the present invention provides a kind of interface security method of calibration, methods described
Including step:
The first system is using the first safety certification certificate and passes through security socket layer hypertext transfer protocol requests, Xiang An
Whole school's check system obtains the check information of second system and the check information of second system interface;Wherein described second system
The check information of check information and the second system interface is differed;
Check information and the school of second system interface for the second system that will be got are intercepted by safety check tangent plane
Information is tested to be added in the header of hypertext transfer protocol requests;
Hypertext transfer protocol requests, which are sent, to second system calls second system interface;
The second system receives the hypertext transfer protocol requests, and the head of the hypertext transfer protocol requests is believed
The check information of second system in breath and the check information of second system interface are extracted;
Using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the safe school
Check system obtains the check information of second system and the check information of second system interface;
The check information of second system to extracting and getting is intercepted by safety check tangent plane and second is
The check information of system interface is verified respectively;
After being verified, perform the second system interface and implementing result is fed back into the first system.
Further, the first safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the first system;According to the secure registration information of acquisition
The first safety certification certificate is generated for the first system;
The second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;According to the secure registration information of acquisition
The second safety certification certificate is generated for the second system.
Further, the check information of the second system interface is generated in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, institute is scanned
All codes of second system are stated, and parse the total interface of the second system automatically;The second system that configuration is explained is connect
The check information that the check information of mouth generation and the second system is differed.
Further, methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, root
The check information for whether generating and being differed with the check information of the second system according to needing to set.
Further, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR
One system and the second system are used.
Further, methods described also includes step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system
Whether the update cycle of check information alreadys exceed;
If the update cycle alreadys exceed, the check information and/or the second system interface of the second system are updated
Check information.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system
Whether check information has renewal;
If there is renewal, the first system is notified by message center.
In addition, to achieve the above object, second aspect of the embodiment of the present invention provides a kind of interface security calibration equipment, described
Interface security calibration equipment includes:Memory, processor and it is stored on the memory and can runs on the processor
Interface security checking routine, above-mentioned interface security school is realized when the interface security checking routine is by the computing device
The step of proved recipe method.
Furthermore, to achieve the above object, the third aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, its
It is characterised by, be stored with interface security checking routine on the computer-readable recording medium, the interface security checking routine
The step of above-mentioned interface security method of calibration is realized when being executed by processor.
A kind of interface security method of calibration provided in an embodiment of the present invention and device, computer-readable recording medium, system
Different check informations is used with system interface, security intensity is high;Communication between each system and safety check system is used
HTTPS form, it is ensured that the security of transmission data;Interface security verification between system, uses unified SDK
Bag, is supplied to each system, JAR bags provide tangent plane and the interface code to each system is blocked by safety check system generation JAR bags
Processing is cut, each system, which oneself need not write any code again, can just access safety check system;The school of system and system interface
The update cycle of information is tested, can independently be configured;When the check information of system or system interface changes, by disappearing
Center notice is ceased to each system;Each system need not change code or configuration file, you can in exploitation, test and formal environments
Use different safety check information.
Brief description of the drawings
Fig. 1 is the hardware architecture diagram for the mobile terminal for realizing each embodiment of the invention;
Fig. 2 is a kind of communications network system Organization Chart provided in an embodiment of the present invention;
Fig. 3 is the interface security method of calibration schematic flow sheet of the embodiment of the present invention;
Fig. 4 is the interface security method of calibration apparatus structure schematic diagram of the embodiment of the present invention;
Fig. 5 is the interface security checking procedure structural representation of the embodiment of the present invention;
Fig. 6 is safety certification certificates constructing procedure structure schematic diagram in the interface security verification of the embodiment of the present invention;
Fig. 7 is message center structural representation in the interface security verification of the embodiment of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only
Be conducive to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can be mixed
Ground is used.
Terminal can be implemented in a variety of manners.For example, the terminal described in the present invention can include such as mobile phone, flat board
Computer, notebook computer, palm PC, personal digital assistant (Personal Digital Assistant, PDA), portable
Media player (Portable Media Player, PMP), guider, wearable device, Intelligent bracelet, pedometer etc. are moved
Move the fixed terminals such as terminal, and numeral TV, desktop computer.
It will be illustrated in subsequent descriptions by taking mobile terminal as an example, it will be appreciated by those skilled in the art that except special
Outside element for moving purpose, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.
Referring to Fig. 1, its hardware architecture diagram for a kind of mobile terminal of realization each embodiment of the invention, the shifting
Dynamic terminal 100 can include:RF (Radio Frequency, radio frequency) unit 101, WiFi module 102, audio output unit
103rd, A/V (audio/video) input block 104, sensor 105, display unit 106, user input unit 107, interface unit
108th, the part such as memory 109, processor 110 and power supply 111.It will be understood by those skilled in the art that shown in Fig. 1
Mobile terminal structure does not constitute the restriction to mobile terminal, and mobile terminal can be included than illustrating more or less parts,
Either combine some parts or different parts arrangement.
The all parts of mobile terminal are specifically introduced with reference to Fig. 1:
Radio frequency unit 101 can be used for receiving and sending messages or communication process in, the reception and transmission of signal, specifically, by base station
Downlink information receive after, handled to processor 110;In addition, up data are sent into base station.Generally, radio frequency unit 101
Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier, duplexer etc..In addition, penetrating
Frequency unit 101 can also be communicated by radio communication with network and other equipment.Above-mentioned radio communication can use any communication
Standard or agreement, including but not limited to GSM (Global System of Mobile communication, global system for mobile telecommunications
System), GPRS (General Packet Radio Service, general packet radio service), CDMA2000 (Code
Division Multiple Access 2000, CDMA 2000), WCDMA (Wideband Code Division
Multiple Access, WCDMA), TD-SCDMA (Time Division-Synchronous Code
Division Multiple Access, TD SDMA), FDD-LTE (Frequency Division
Duplexing-Long Term Evolution, FDD Long Term Evolution) and TDD-LTE (Time Division
Duplexing-Long Term Evolution, time division duplex Long Term Evolution) etc..
WiFi belongs to short range wireless transmission technology, and mobile terminal can help user's transmitting-receiving electricity by WiFi module 102
Sub- mail, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and accessed.Although Fig. 1 shows
Go out WiFi module 102, but it is understood that, it is simultaneously not belonging to must be configured into for mobile terminal, completely can be according to need
To be omitted in the essential scope for do not change invention.
Audio output unit 103 can be in call signal reception pattern, call mode, record mould in mobile terminal 1 00
When under the isotypes such as formula, speech recognition mode, broadcast reception mode, it is that radio frequency unit 101 or WiFi module 102 are received or
The voice data stored in memory 109 is converted into audio signal and is output as sound.Moreover, audio output unit 103
The audio output related to the specific function that mobile terminal 1 00 is performed can also be provided (for example, call signal receives sound, disappeared
Breath receives sound etc.).Audio output unit 103 can include loudspeaker, buzzer etc..
A/V input blocks 104 are used to receive audio or video signal.A/V input blocks 104 can include graphics processor
(Graphics Processing Unit, GPU) 1041 and microphone 1042,1041 pairs of graphics processor is in video acquisition mode
Or the view data progress of the static images or video obtained in image capture mode by image capture apparatus (such as camera)
Reason.Picture frame after processing may be displayed on display unit 106.Picture frame after being handled through graphics processor 1041 can be deposited
Storage is transmitted in memory 109 (or other storage mediums) or via radio frequency unit 101 or WiFi module 102.Mike
Wind 1042 can connect in telephone calling model, logging mode, speech recognition mode etc. operational mode via microphone 1042
Quiet down sound (voice data), and can be voice data by such acoustic processing.Audio (voice) data after processing can
To be converted to the form output that mobile communication base station can be sent to via radio frequency unit 101 in the case of telephone calling model.
Microphone 1042 can implement various types of noises and eliminate (or suppression) algorithm to eliminate (or suppression) in reception and send sound
The noise produced during frequency signal or interference.
Mobile terminal 1 00 also includes at least one sensor 105, such as optical sensor, motion sensor and other biographies
Sensor.Specifically, optical sensor includes ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to environment
The light and shade of light adjusts the brightness of display panel 1061, and proximity transducer can close when mobile terminal 1 00 is moved in one's ear
Display panel 1061 and/or backlight.As one kind of motion sensor, accelerometer sensor can detect in all directions (general
For three axles) size of acceleration, size and the direction of gravity are can detect that when static, the application available for identification mobile phone posture
(such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.;
The fingerprint sensor that can also configure as mobile phone, pressure sensor, iris sensor, molecule sensor, gyroscope, barometer,
The other sensors such as hygrometer, thermometer, infrared ray sensor, will not be repeated here.
Display unit 106 is used for the information for showing the information inputted by user or being supplied to user.Display unit 106 can be wrapped
Display panel 1061 is included, liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode can be used
Forms such as (Organic Light-Emitting Diode, OLED) configures display panel 1061.
User input unit 107 can be used for the numeral or character information for receiving input, and produce the use with mobile terminal
The key signals input that family is set and function control is relevant.Specifically, user input unit 107 may include contact panel 1071 with
And other input equipments 1072.Contact panel 1071, also referred to as touch-screen, collect touch operation of the user on or near it
(such as user is using any suitable objects such as finger, stylus or annex on contact panel 1071 or in contact panel 1071
Neighbouring operation), and corresponding attachment means are driven according to formula set in advance.Contact panel 1071 may include touch detection
Two parts of device and touch controller.Wherein, touch detecting apparatus detects the touch orientation of user, and detects touch operation band
The signal come, transmits a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and by it
It is converted into contact coordinate, then gives processor 110, and the order sent of reception processing device 110 and can be performed.In addition, can
To realize contact panel 1071 using polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.Except contact panel
1071, user input unit 107 can also include other input equipments 1072.Specifically, other input equipments 1072 can be wrapped
Include but be not limited to physical keyboard, in function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc.
One or more, do not limit herein specifically.
Further, contact panel 1071 can cover display panel 1061, detect thereon when contact panel 1071 or
After neighbouring touch operation, processor 110 is sent to determine the type of touch event, with preprocessor 110 according to touch thing
The type of part provides corresponding visual output on display panel 1061.Although in Fig. 1, contact panel 1071 and display panel
1061 be input and the output function that mobile terminal is realized as two independent parts, but in certain embodiments, can
By contact panel 1071 and the input that is integrated and realizing mobile terminal of display panel 1061 and output function, not do specifically herein
Limit.
Interface unit 108 is connected the interface that can pass through as at least one external device (ED) with mobile terminal 1 00.For example,
External device (ED) can include wired or wireless head-band earphone port, external power source (or battery charger) port, wired or nothing
Line FPDP, memory card port, the port for connecting the device with identification module, audio input/output (I/O) end
Mouth, video i/o port, ear port etc..Interface unit 108 can be used for receiving the input from external device (ED) (for example, number
It is believed that breath, electric power etc.) and the input received is transferred to one or more elements in mobile terminal 1 00 or can be with
For transmitting data between mobile terminal 1 00 and external device (ED).
Memory 109 can be used for storage software program and various data.Memory 109 can mainly include storing program area
And storage data field, wherein, application program (the such as sound that storing program area can be needed for storage program area, at least one function
Sound playing function, image player function etc.) etc.;Storage data field can be stored uses created data (such as according to mobile phone
Voice data, phone directory etc.) etc..In addition, memory 109 can include high-speed random access memory, it can also include non-easy
The property lost memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts.
Processor 110 is the control centre of mobile terminal, utilizes each of various interfaces and the whole mobile terminal of connection
Individual part, by operation or performs and is stored in software program and/or module in memory 109, and calls and be stored in storage
Data in device 109, perform the various functions and processing data of mobile terminal, so as to carry out integral monitoring to mobile terminal.Place
Reason device 110 may include one or more processing units;It is preferred that, processor 110 can integrated application processor and modulatedemodulate mediate
Device is managed, wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor is main
Handle radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 110.
Mobile terminal 1 00 can also include the power supply 111 (such as battery) powered to all parts, it is preferred that power supply 111
Can be logically contiguous by power-supply management system and processor 110, so as to realize management charging by power-supply management system, put
The function such as electricity and power managed.
Although Fig. 1 is not shown, mobile terminal 1 00 can also will not be repeated here including bluetooth module etc..
For the ease of understanding the embodiment of the present invention, the communications network system that the mobile terminal of the present invention is based on is entered below
Row description.
Referring to Fig. 2, Fig. 2 is a kind of communications network system Organization Chart provided in an embodiment of the present invention, the communication network system
Unite as the LTE system of universal mobile communications technology, UE (User Equipment, use of the LTE system including communicating connection successively
Family equipment) 201, E-UTRAN (Evolved UMTS Terrestrial Radio Access Network, evolved UMTS lands
Ground wireless access network) 202, EPC (Evolved Packet Core, evolved packet-based core networks) 203 and operator IP operation
204。
Specifically, UE201 can be above-mentioned terminal 100, and here is omitted.
E-UTRAN202 includes eNodeB2021 and other eNodeB2022 etc..Wherein, eNodeB2021 can be by returning
Journey (backhaul) (such as X2 interface) is connected with other eNodeB2022, and eNodeB2021 is connected to EPC203,
ENodeB2021 can provide UE201 to EPC203 access.
EPC203 can include MME (Mobility Management Entity, mobility management entity) 2031, HSS
(Home Subscriber Server, home subscriber server) 2032, other MME2033, SGW (Serving Gate Way,
Gateway) 2034, PGW (PDN Gate Way, grouped data network gateway) 2035 and PCRF (Policy and
Charging Rules Function, policy and rate functional entity) 2036 etc..Wherein, MME2031 be processing UE201 and
There is provided carrying and connection management for the control node of signaling between EPC203.HSS2032 is all to manage for providing some registers
Such as function of attaching position register (not shown) etc, and some are preserved about the use such as service features, data rate
The special information in family.All customer data can be transmitted by SGW2034, and PGW2035 can provide UE 201 IP
Address is distributed and other functions, and PCRF2036 is strategy and the charging control strategic decision-making of business data flow and IP bearing resources
Point, it selects and provided available strategy and charging control decision-making with charge execution function unit (not shown) for strategy.
IP operation 204 can include internet, Intranet, IMS (IP Multimedia Subsystem, IP multimedia
System) or other IP operations etc..
Although above-mentioned be described by taking LTE system as an example, those skilled in the art it is to be understood that the present invention not only
Suitable for LTE system, be readily applicable to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA with
And following new network system etc., do not limit herein.
Based on above-mentioned mobile terminal hardware configuration and communications network system, each embodiment of the inventive method is proposed.
First embodiment
As shown in figure 3, first embodiment of the invention provides a kind of interface security method of calibration, methods described includes step:
31st, the first system uses the first safety certification certificate and by security socket layer hypertext transfer protocol requests,
The check information of second system and the check information of second system interface are obtained to safety check system;Wherein described second is
The check information of the check information of system and the second system interface is differed;
In the present embodiment, system and system interface use different check informations, and security intensity is high.Each system and safety
Communication between check system uses security socket layer hypertext transfer protocol requests (Hyper Text Transfer
Protocol over Secure Socket Layer, HTTPS) form, it is ensured that transmission data security.
In the present embodiment, the first safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the first system;According to the secure registration information of acquisition
The first safety certification certificate is generated for the first system.
Secure registration information includes domain name of systematic name, unique identifying number, exploitation test and formal environments etc..
In the present embodiment, the check information of the second system interface is generated in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, institute is scanned
All codes of second system are stated, and parse the total interface of the second system automatically;The second system that configuration is explained is connect
The check information that the check information of mouth generation and the second system is differed.Configuration is explained, for example,@
ApiUserPassword, to represent that interface needs oneself to define the check informations different from system, the scanning of safety check system is arrived
After this is explained, the check informations different from the system will be generated for the interface automatically.
Further, methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, root
The check information for whether generating and being differed with the check information of the second system according to needing to set.
In the present embodiment, check information includes user name and encrypted message.
32nd, the check information of second system that will be got and second system interface are intercepted by safety check tangent plane
Check information is added in the header of hypertext transfer protocol requests;
In the present embodiment, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR
One system is used.
In the present embodiment, using unified SDK, it is supplied to respectively by safety check system generation JAR bags
System, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not write any code again
Safety check system can just be accessed.Each system need not change code or configuration file, you can in exploitation, test and formal environments
It is middle to use different safety check information.
33rd, hypertext transfer protocol requests are sent to second system and calls second system interface;
34th, the second system receives the hypertext transfer protocol requests, by the hypertext transfer protocol requests
The check information of second system in header and the check information of second system interface are extracted;
35th, using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the peace
Whole school's check system obtains the check information of second system and the check information of second system interface;
In the present embodiment, the second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;According to the secure registration information of acquisition
The second safety certification certificate is generated for the second system.
Secure registration information includes domain name of systematic name, unique identifying number, exploitation test and formal environments etc..
36th, intercepted by safety check tangent plane to the check information and second for the second system for extracting and getting
The check information of system interface is verified respectively;
In the present embodiment, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR
Two system is used.
In the present embodiment, the interface security verification between system, using unified SDK, by safety check
System generation JAR bags are supplied to each system, and JAR bags provide tangent plane and the interface code to each system does intercept process, each system
Oneself need not write any code again can just access safety check system.Each system need not change code or configuration file, i.e.,
Can be in exploitation, test from using different safety check information in formal environments.
37th, after being verified, perform the second system interface and implementing result is fed back into the first system.
In one embodiment, methods described also includes step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system
Whether the update cycle of check information alreadys exceed;
If the update cycle alreadys exceed, the check information and/or the second system interface of the second system are updated
Check information.
In this embodiment, the update cycle of the check information of system and system interface, can independently it be configured.
In another embodiment, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system
Whether check information has renewal;
If there is renewal, the first system is notified by message center.
As shown in fig. 7, notifying the structural representation of different system by message center Zookeeper.
In this embodiment, when the check information of system or system interface changes, notified by message center
To each system.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6
Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used
Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system
The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal
Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client
The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration
The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering
Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check
Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests
In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests
The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1
Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system
System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane
Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again
1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
A kind of interface security method of calibration provided in an embodiment of the present invention, system and system interface are believed using different verifications
Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data
Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags
Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints
What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out
Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without
Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
Second embodiment
Reference picture 4, Fig. 4 provides a kind of interface security calibration equipment, the interface security school for second embodiment of the invention
Experiment device 40 includes:Memory 41, processor 42 and it is stored on the memory 41 and can be run on the processor 42
Interface security checking routine, the interface security checking routine realized described in first embodiment when being performed by the processor 42
Interface security method of calibration the step of.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6
Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used
Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system
The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal
Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client
The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration
The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering
Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check
Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests
In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests
The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1
Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system
System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane
Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again
1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
A kind of interface security calibration equipment provided in an embodiment of the present invention, system and system interface are believed using different verifications
Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data
Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags
Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints
What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out
Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without
Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
3rd embodiment
Third embodiment of the invention is provided deposits on a kind of computer-readable recording medium, the computer-readable recording medium
Interface security checking routine is contained, the interface security checking routine realizes connecing described in first embodiment when being executed by processor
The step of mouth safe checking method.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6
Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used
Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system
The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal
Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client
The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration
The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering
Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check
Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests
In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests
The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1
Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system
System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect
The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane
Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again
1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
Computer-readable recording medium provided in an embodiment of the present invention, system and system interface are believed using different verifications
Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data
Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags
Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints
What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out
Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without
Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row
His property is included, so that process, method, article or device including a series of key elements not only include those key elements, and
And also including other key elements being not expressly set out, or also include for this process, method, article or device institute inherently
Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this
Also there is other identical element in process, method, article or the device of key element.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Understood based on such, technical scheme is substantially done to prior art in other words
Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium
In (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal (can be mobile phone, computer, service
Device, air conditioner, or network equipment etc.) perform method described in each of the invention embodiment.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific
Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art
Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot
Form, these are belonged within the protection of the present invention.
Claims (10)
1. a kind of interface security method of calibration, methods described includes step:
The first system is using the first safety certification certificate and by security socket layer hypertext transfer protocol requests, to safety school
Check system obtains the check information of second system and the check information of second system interface;The verification of wherein described second system
Information and the check information of the second system interface are differed;
The verification that the check information and second system interface of the second system that will be got are intercepted by safety check tangent plane is believed
Breath is added in the header of hypertext transfer protocol requests;
Hypertext transfer protocol requests, which are sent, to second system calls second system interface;
The second system receives the hypertext transfer protocol requests, by the header of the hypertext transfer protocol requests
The check information of second system and the check information of second system interface extract;
Using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the safety check system
System obtains the check information of second system and the check information of second system interface;
Intercepted by safety check tangent plane and the check information of second system and second system that extract and get are connect
The check information of mouth is verified respectively;
After being verified, perform the second system interface and implementing result is fed back into the first system.
2. a kind of interface security method of calibration according to claim 1, it is characterised in that the first safety certification certificate
Generate in the following manner:
The safety check system obtains the secure registration information of the first system;It is institute according to the secure registration information of acquisition
State the first system and generate the first safety certification certificate;
The second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;It is institute according to the secure registration information of acquisition
State second system and generate the second safety certification certificate.
3. a kind of interface security method of calibration according to claim 2, it is characterised in that the school of the second system interface
Information is tested to generate in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, described the is scanned
All codes of two system, and the total interface of the second system is parsed automatically;The second system interface life explained configuration
The check information differed into the check information with the second system.
4. a kind of interface security method of calibration according to claim 3, it is characterised in that methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, according to need
Set the check information for whether generating and being differed with the check information of the second system.
5. a kind of interface security method of calibration according to claim 1, it is characterised in that the safety check tangent plane is intercepted
Generate in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied in the form of JAR and described first is
System and the second system are used.
6. according to a kind of any described interface security methods of calibration of claim 1-5, it is characterised in that methods described also includes
Step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
7. a kind of interface security method of calibration according to claim 6, it is characterised in that methods described also includes step:
The safety check system detectio judges the verification of the check information and/or the second system interface of the second system
Whether the update cycle of information alreadys exceed;
If the update cycle alreadys exceed, the check information of the second system and/or the school of the second system interface are updated
Test information.
8. a kind of interface security method of calibration according to claim 6, it is characterised in that methods described also includes step:
The safety check system detectio judges the verification of the check information and/or the second system interface of the second system
Whether information has renewal;
If there is renewal, the first system is notified by message center.
9. a kind of interface security calibration equipment, it is characterised in that the interface security calibration equipment includes:Memory, processor
And it is stored in the interface security checking routine that can be run on the memory and on the processor, the interface security verification
Program is realized the interface security method of calibration as any one of claim 1 to 8 during computing device the step of.
10. a kind of computer-readable recording medium, it is characterised in that the interface that is stored with the computer-readable recording medium is pacified
Full checking routine, is realized as any one of claim 1 to 8 when the interface security checking routine is executed by processor
The step of interface security method of calibration.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710370072.9A CN107204977B (en) | 2017-05-23 | 2017-05-23 | Interface security verification method and device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710370072.9A CN107204977B (en) | 2017-05-23 | 2017-05-23 | Interface security verification method and device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107204977A true CN107204977A (en) | 2017-09-26 |
CN107204977B CN107204977B (en) | 2020-11-06 |
Family
ID=59905219
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710370072.9A Active CN107204977B (en) | 2017-05-23 | 2017-05-23 | Interface security verification method and device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204977B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113242121A (en) * | 2021-04-15 | 2021-08-10 | 哈尔滨工业大学 | Safety communication method based on combined encryption |
CN113778725A (en) * | 2020-06-03 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Data verification method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030208695A1 (en) * | 2002-05-01 | 2003-11-06 | Ronald Soto | Method and system for controlled, centrally authenticated remote access |
CN101515932A (en) * | 2009-03-23 | 2009-08-26 | 中兴通讯股份有限公司 | Method and system for accessing Web service safely |
CN102946384A (en) * | 2012-10-24 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and device |
CN105100059A (en) * | 2015-06-10 | 2015-11-25 | 努比亚技术有限公司 | Method, device and system for processing high-concurrent requests |
CN105677326A (en) * | 2015-12-28 | 2016-06-15 | 国云科技股份有限公司 | Software interface parameter validation method |
-
2017
- 2017-05-23 CN CN201710370072.9A patent/CN107204977B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030208695A1 (en) * | 2002-05-01 | 2003-11-06 | Ronald Soto | Method and system for controlled, centrally authenticated remote access |
CN101515932A (en) * | 2009-03-23 | 2009-08-26 | 中兴通讯股份有限公司 | Method and system for accessing Web service safely |
CN102946384A (en) * | 2012-10-24 | 2013-02-27 | 北京奇虎科技有限公司 | User authentication method and device |
CN105100059A (en) * | 2015-06-10 | 2015-11-25 | 努比亚技术有限公司 | Method, device and system for processing high-concurrent requests |
CN105677326A (en) * | 2015-12-28 | 2016-06-15 | 国云科技股份有限公司 | Software interface parameter validation method |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113778725A (en) * | 2020-06-03 | 2021-12-10 | 北京沃东天骏信息技术有限公司 | Data verification method and device |
CN113242121A (en) * | 2021-04-15 | 2021-08-10 | 哈尔滨工业大学 | Safety communication method based on combined encryption |
Also Published As
Publication number | Publication date |
---|---|
CN107204977B (en) | 2020-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107508892A (en) | A kind of page access method, server and computer-readable recording medium | |
CN107507007A (en) | One kind pays 2 D code verification method, terminal and computer-readable recording medium | |
CN107451460A (en) | Interface processing method, equipment, server and computer-readable recording medium | |
CN107395850A (en) | A kind of social communication information guard method, device and computer-readable recording medium | |
CN107862196A (en) | Fingerprint verification method, mobile terminal and computer-readable recording medium | |
CN106953684A (en) | A kind of method for searching star, mobile terminal and computer-readable recording medium | |
CN107395560A (en) | Safety check and its initiation, management method, equipment, server and storage medium | |
CN107343272A (en) | A kind of data traffic sharing method and mobile terminal | |
CN107517208A (en) | Apparatus control method, device and computer-readable recording medium | |
CN107360139A (en) | A kind of mobile terminal, data ciphering method and computer-readable recording medium | |
CN107276991A (en) | Load method, equipment and the computer-readable recording medium of Web page | |
CN107580336A (en) | A kind of method for connecting network, terminal and computer-readable recording medium | |
CN107220050A (en) | Adaptive display method, terminal and computer-readable recording medium | |
CN107635232A (en) | A kind of network share method, terminal and computer-readable recording medium | |
CN107896287A (en) | Phone number risk monitoring method and mobile terminal | |
CN107133151A (en) | A kind of daily record data processing method, equipment and computer-readable recording medium | |
CN107172605A (en) | A kind of Emmergency call method, mobile terminal and computer-readable recording medium | |
CN107302526A (en) | System interface call method, equipment and computer-readable recording medium | |
CN107347117A (en) | A kind of message management method, mobile terminal and computer-readable recording medium | |
CN107204977A (en) | Interface security method of calibration and device, computer-readable recording medium | |
CN107516051A (en) | A kind of data encryption storage method, device and computer-readable recording medium | |
CN107194217A (en) | User data access control method, equipment and computer-readable recording medium | |
CN107239690A (en) | Unlocking screen method and mobile terminal | |
CN107133108A (en) | Implementation method, terminal, server and the computer-readable recording medium of distributed complex lock | |
CN108879117A (en) | Mobile terminal and its antenna structure |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |