CN107204977A - Interface security method of calibration and device, computer-readable recording medium - Google Patents

Interface security method of calibration and device, computer-readable recording medium Download PDF

Info

Publication number
CN107204977A
CN107204977A CN201710370072.9A CN201710370072A CN107204977A CN 107204977 A CN107204977 A CN 107204977A CN 201710370072 A CN201710370072 A CN 201710370072A CN 107204977 A CN107204977 A CN 107204977A
Authority
CN
China
Prior art keywords
interface
check
information
check information
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710370072.9A
Other languages
Chinese (zh)
Other versions
CN107204977B (en
Inventor
倪秉炬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nubia Technology Co Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201710370072.9A priority Critical patent/CN107204977B/en
Publication of CN107204977A publication Critical patent/CN107204977A/en
Application granted granted Critical
Publication of CN107204977B publication Critical patent/CN107204977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of interface security method of calibration and device, computer-readable recording medium, methods described includes step:The first system is intercepted by safety check tangent plane is added to the check information of the check information of the second system got and second system interface in the header of hypertext transfer protocol requests;Hypertext transfer protocol requests, which are sent, to second system calls second system interface;Second system receives hypertext transfer protocol requests, is intercepted by safety check tangent plane and the check information of second system and the check information of second system interface are verified respectively;After being verified, perform second system interface and implementing result is fed back into the first system.Interface security method of calibration disclosed by the invention and device, computer-readable recording medium, system and system interface use different check informations, and security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the security of transmission data.

Description

Interface security method of calibration and device, computer-readable recording medium
Technical field
The present invention relates to communication technical field, more particularly to it is a kind of interface security method of calibration and device, computer-readable Storage medium.
Background technology
When being interacted between system, including cell-phone customer terminal and server system, it is required for using HTTP interface.For Ensure safety, be often required for using safety check mechanism.The more verification scheme used in the prior art is Base Auth mechanism, i.e., to need access oneself system distribute a username and password;After username and password is verified, just All interfaces of the system can be accessed.
There is problems with prior art:
1st, system only provides a username and password to external system, just can be with as long as breaking through this set user name password Whole interfaces of access system, its security intensity is relatively low;
2nd, some interfaces can not be defined with the username and password different from system, the flexibility of system is poor;
3rd, during interface check, only username and password verification once, security mechanism is more weak;
4th, developer and operation maintenance personnel can know username and password, once leakage, may result in system and owns Interface on the network, increase the risk attacked.
The content of the invention
It is a primary object of the present invention to propose a kind of interface security method of calibration and device, computer-readable storage medium Matter, it is intended to solve the problem of prior art is present.
To achieve the above object, first aspect of the embodiment of the present invention provides a kind of interface security method of calibration, methods described Including step:
The first system is using the first safety certification certificate and passes through security socket layer hypertext transfer protocol requests, Xiang An Whole school's check system obtains the check information of second system and the check information of second system interface;Wherein described second system The check information of check information and the second system interface is differed;
Check information and the school of second system interface for the second system that will be got are intercepted by safety check tangent plane Information is tested to be added in the header of hypertext transfer protocol requests;
Hypertext transfer protocol requests, which are sent, to second system calls second system interface;
The second system receives the hypertext transfer protocol requests, and the head of the hypertext transfer protocol requests is believed The check information of second system in breath and the check information of second system interface are extracted;
Using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the safe school Check system obtains the check information of second system and the check information of second system interface;
The check information of second system to extracting and getting is intercepted by safety check tangent plane and second is The check information of system interface is verified respectively;
After being verified, perform the second system interface and implementing result is fed back into the first system.
Further, the first safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the first system;According to the secure registration information of acquisition The first safety certification certificate is generated for the first system;
The second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;According to the secure registration information of acquisition The second safety certification certificate is generated for the second system.
Further, the check information of the second system interface is generated in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, institute is scanned All codes of second system are stated, and parse the total interface of the second system automatically;The second system that configuration is explained is connect The check information that the check information of mouth generation and the second system is differed.
Further, methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, root The check information for whether generating and being differed with the check information of the second system according to needing to set.
Further, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR One system and the second system are used.
Further, methods described also includes step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system Whether the update cycle of check information alreadys exceed;
If the update cycle alreadys exceed, the check information and/or the second system interface of the second system are updated Check information.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system Whether check information has renewal;
If there is renewal, the first system is notified by message center.
In addition, to achieve the above object, second aspect of the embodiment of the present invention provides a kind of interface security calibration equipment, described Interface security calibration equipment includes:Memory, processor and it is stored on the memory and can runs on the processor Interface security checking routine, above-mentioned interface security school is realized when the interface security checking routine is by the computing device The step of proved recipe method.
Furthermore, to achieve the above object, the third aspect of the embodiment of the present invention provides a kind of computer-readable recording medium, its It is characterised by, be stored with interface security checking routine on the computer-readable recording medium, the interface security checking routine The step of above-mentioned interface security method of calibration is realized when being executed by processor.
A kind of interface security method of calibration provided in an embodiment of the present invention and device, computer-readable recording medium, system Different check informations is used with system interface, security intensity is high;Communication between each system and safety check system is used HTTPS form, it is ensured that the security of transmission data;Interface security verification between system, uses unified SDK Bag, is supplied to each system, JAR bags provide tangent plane and the interface code to each system is blocked by safety check system generation JAR bags Processing is cut, each system, which oneself need not write any code again, can just access safety check system;The school of system and system interface The update cycle of information is tested, can independently be configured;When the check information of system or system interface changes, by disappearing Center notice is ceased to each system;Each system need not change code or configuration file, you can in exploitation, test and formal environments Use different safety check information.
Brief description of the drawings
Fig. 1 is the hardware architecture diagram for the mobile terminal for realizing each embodiment of the invention;
Fig. 2 is a kind of communications network system Organization Chart provided in an embodiment of the present invention;
Fig. 3 is the interface security method of calibration schematic flow sheet of the embodiment of the present invention;
Fig. 4 is the interface security method of calibration apparatus structure schematic diagram of the embodiment of the present invention;
Fig. 5 is the interface security checking procedure structural representation of the embodiment of the present invention;
Fig. 6 is safety certification certificates constructing procedure structure schematic diagram in the interface security verification of the embodiment of the present invention;
Fig. 7 is message center structural representation in the interface security verification of the embodiment of the present invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only Be conducive to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can be mixed Ground is used.
Terminal can be implemented in a variety of manners.For example, the terminal described in the present invention can include such as mobile phone, flat board Computer, notebook computer, palm PC, personal digital assistant (Personal Digital Assistant, PDA), portable Media player (Portable Media Player, PMP), guider, wearable device, Intelligent bracelet, pedometer etc. are moved Move the fixed terminals such as terminal, and numeral TV, desktop computer.
It will be illustrated in subsequent descriptions by taking mobile terminal as an example, it will be appreciated by those skilled in the art that except special Outside element for moving purpose, construction according to the embodiment of the present invention can also apply to the terminal of fixed type.
Referring to Fig. 1, its hardware architecture diagram for a kind of mobile terminal of realization each embodiment of the invention, the shifting Dynamic terminal 100 can include:RF (Radio Frequency, radio frequency) unit 101, WiFi module 102, audio output unit 103rd, A/V (audio/video) input block 104, sensor 105, display unit 106, user input unit 107, interface unit 108th, the part such as memory 109, processor 110 and power supply 111.It will be understood by those skilled in the art that shown in Fig. 1 Mobile terminal structure does not constitute the restriction to mobile terminal, and mobile terminal can be included than illustrating more or less parts, Either combine some parts or different parts arrangement.
The all parts of mobile terminal are specifically introduced with reference to Fig. 1:
Radio frequency unit 101 can be used for receiving and sending messages or communication process in, the reception and transmission of signal, specifically, by base station Downlink information receive after, handled to processor 110;In addition, up data are sent into base station.Generally, radio frequency unit 101 Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier, duplexer etc..In addition, penetrating Frequency unit 101 can also be communicated by radio communication with network and other equipment.Above-mentioned radio communication can use any communication Standard or agreement, including but not limited to GSM (Global System of Mobile communication, global system for mobile telecommunications System), GPRS (General Packet Radio Service, general packet radio service), CDMA2000 (Code Division Multiple Access 2000, CDMA 2000), WCDMA (Wideband Code Division Multiple Access, WCDMA), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access, TD SDMA), FDD-LTE (Frequency Division Duplexing-Long Term Evolution, FDD Long Term Evolution) and TDD-LTE (Time Division Duplexing-Long Term Evolution, time division duplex Long Term Evolution) etc..
WiFi belongs to short range wireless transmission technology, and mobile terminal can help user's transmitting-receiving electricity by WiFi module 102 Sub- mail, browse webpage and access streaming video etc., it has provided the user wireless broadband internet and accessed.Although Fig. 1 shows Go out WiFi module 102, but it is understood that, it is simultaneously not belonging to must be configured into for mobile terminal, completely can be according to need To be omitted in the essential scope for do not change invention.
Audio output unit 103 can be in call signal reception pattern, call mode, record mould in mobile terminal 1 00 When under the isotypes such as formula, speech recognition mode, broadcast reception mode, it is that radio frequency unit 101 or WiFi module 102 are received or The voice data stored in memory 109 is converted into audio signal and is output as sound.Moreover, audio output unit 103 The audio output related to the specific function that mobile terminal 1 00 is performed can also be provided (for example, call signal receives sound, disappeared Breath receives sound etc.).Audio output unit 103 can include loudspeaker, buzzer etc..
A/V input blocks 104 are used to receive audio or video signal.A/V input blocks 104 can include graphics processor (Graphics Processing Unit, GPU) 1041 and microphone 1042,1041 pairs of graphics processor is in video acquisition mode Or the view data progress of the static images or video obtained in image capture mode by image capture apparatus (such as camera) Reason.Picture frame after processing may be displayed on display unit 106.Picture frame after being handled through graphics processor 1041 can be deposited Storage is transmitted in memory 109 (or other storage mediums) or via radio frequency unit 101 or WiFi module 102.Mike Wind 1042 can connect in telephone calling model, logging mode, speech recognition mode etc. operational mode via microphone 1042 Quiet down sound (voice data), and can be voice data by such acoustic processing.Audio (voice) data after processing can To be converted to the form output that mobile communication base station can be sent to via radio frequency unit 101 in the case of telephone calling model. Microphone 1042 can implement various types of noises and eliminate (or suppression) algorithm to eliminate (or suppression) in reception and send sound The noise produced during frequency signal or interference.
Mobile terminal 1 00 also includes at least one sensor 105, such as optical sensor, motion sensor and other biographies Sensor.Specifically, optical sensor includes ambient light sensor and proximity transducer, wherein, ambient light sensor can be according to environment The light and shade of light adjusts the brightness of display panel 1061, and proximity transducer can close when mobile terminal 1 00 is moved in one's ear Display panel 1061 and/or backlight.As one kind of motion sensor, accelerometer sensor can detect in all directions (general For three axles) size of acceleration, size and the direction of gravity are can detect that when static, the application available for identification mobile phone posture (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.; The fingerprint sensor that can also configure as mobile phone, pressure sensor, iris sensor, molecule sensor, gyroscope, barometer, The other sensors such as hygrometer, thermometer, infrared ray sensor, will not be repeated here.
Display unit 106 is used for the information for showing the information inputted by user or being supplied to user.Display unit 106 can be wrapped Display panel 1061 is included, liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode can be used Forms such as (Organic Light-Emitting Diode, OLED) configures display panel 1061.
User input unit 107 can be used for the numeral or character information for receiving input, and produce the use with mobile terminal The key signals input that family is set and function control is relevant.Specifically, user input unit 107 may include contact panel 1071 with And other input equipments 1072.Contact panel 1071, also referred to as touch-screen, collect touch operation of the user on or near it (such as user is using any suitable objects such as finger, stylus or annex on contact panel 1071 or in contact panel 1071 Neighbouring operation), and corresponding attachment means are driven according to formula set in advance.Contact panel 1071 may include touch detection Two parts of device and touch controller.Wherein, touch detecting apparatus detects the touch orientation of user, and detects touch operation band The signal come, transmits a signal to touch controller;Touch controller receives touch information from touch detecting apparatus, and by it It is converted into contact coordinate, then gives processor 110, and the order sent of reception processing device 110 and can be performed.In addition, can To realize contact panel 1071 using polytypes such as resistance-type, condenser type, infrared ray and surface acoustic waves.Except contact panel 1071, user input unit 107 can also include other input equipments 1072.Specifically, other input equipments 1072 can be wrapped Include but be not limited to physical keyboard, in function key (such as volume control button, switch key etc.), trace ball, mouse, action bars etc. One or more, do not limit herein specifically.
Further, contact panel 1071 can cover display panel 1061, detect thereon when contact panel 1071 or After neighbouring touch operation, processor 110 is sent to determine the type of touch event, with preprocessor 110 according to touch thing The type of part provides corresponding visual output on display panel 1061.Although in Fig. 1, contact panel 1071 and display panel 1061 be input and the output function that mobile terminal is realized as two independent parts, but in certain embodiments, can By contact panel 1071 and the input that is integrated and realizing mobile terminal of display panel 1061 and output function, not do specifically herein Limit.
Interface unit 108 is connected the interface that can pass through as at least one external device (ED) with mobile terminal 1 00.For example, External device (ED) can include wired or wireless head-band earphone port, external power source (or battery charger) port, wired or nothing Line FPDP, memory card port, the port for connecting the device with identification module, audio input/output (I/O) end Mouth, video i/o port, ear port etc..Interface unit 108 can be used for receiving the input from external device (ED) (for example, number It is believed that breath, electric power etc.) and the input received is transferred to one or more elements in mobile terminal 1 00 or can be with For transmitting data between mobile terminal 1 00 and external device (ED).
Memory 109 can be used for storage software program and various data.Memory 109 can mainly include storing program area And storage data field, wherein, application program (the such as sound that storing program area can be needed for storage program area, at least one function Sound playing function, image player function etc.) etc.;Storage data field can be stored uses created data (such as according to mobile phone Voice data, phone directory etc.) etc..In addition, memory 109 can include high-speed random access memory, it can also include non-easy The property lost memory, for example, at least one disk memory, flush memory device or other volatile solid-state parts.
Processor 110 is the control centre of mobile terminal, utilizes each of various interfaces and the whole mobile terminal of connection Individual part, by operation or performs and is stored in software program and/or module in memory 109, and calls and be stored in storage Data in device 109, perform the various functions and processing data of mobile terminal, so as to carry out integral monitoring to mobile terminal.Place Reason device 110 may include one or more processing units;It is preferred that, processor 110 can integrated application processor and modulatedemodulate mediate Device is managed, wherein, application processor mainly handles operating system, user interface and application program etc., and modem processor is main Handle radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 110.
Mobile terminal 1 00 can also include the power supply 111 (such as battery) powered to all parts, it is preferred that power supply 111 Can be logically contiguous by power-supply management system and processor 110, so as to realize management charging by power-supply management system, put The function such as electricity and power managed.
Although Fig. 1 is not shown, mobile terminal 1 00 can also will not be repeated here including bluetooth module etc..
For the ease of understanding the embodiment of the present invention, the communications network system that the mobile terminal of the present invention is based on is entered below Row description.
Referring to Fig. 2, Fig. 2 is a kind of communications network system Organization Chart provided in an embodiment of the present invention, the communication network system Unite as the LTE system of universal mobile communications technology, UE (User Equipment, use of the LTE system including communicating connection successively Family equipment) 201, E-UTRAN (Evolved UMTS Terrestrial Radio Access Network, evolved UMTS lands Ground wireless access network) 202, EPC (Evolved Packet Core, evolved packet-based core networks) 203 and operator IP operation 204。
Specifically, UE201 can be above-mentioned terminal 100, and here is omitted.
E-UTRAN202 includes eNodeB2021 and other eNodeB2022 etc..Wherein, eNodeB2021 can be by returning Journey (backhaul) (such as X2 interface) is connected with other eNodeB2022, and eNodeB2021 is connected to EPC203, ENodeB2021 can provide UE201 to EPC203 access.
EPC203 can include MME (Mobility Management Entity, mobility management entity) 2031, HSS (Home Subscriber Server, home subscriber server) 2032, other MME2033, SGW (Serving Gate Way, Gateway) 2034, PGW (PDN Gate Way, grouped data network gateway) 2035 and PCRF (Policy and Charging Rules Function, policy and rate functional entity) 2036 etc..Wherein, MME2031 be processing UE201 and There is provided carrying and connection management for the control node of signaling between EPC203.HSS2032 is all to manage for providing some registers Such as function of attaching position register (not shown) etc, and some are preserved about the use such as service features, data rate The special information in family.All customer data can be transmitted by SGW2034, and PGW2035 can provide UE 201 IP Address is distributed and other functions, and PCRF2036 is strategy and the charging control strategic decision-making of business data flow and IP bearing resources Point, it selects and provided available strategy and charging control decision-making with charge execution function unit (not shown) for strategy.
IP operation 204 can include internet, Intranet, IMS (IP Multimedia Subsystem, IP multimedia System) or other IP operations etc..
Although above-mentioned be described by taking LTE system as an example, those skilled in the art it is to be understood that the present invention not only Suitable for LTE system, be readily applicable to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA with And following new network system etc., do not limit herein.
Based on above-mentioned mobile terminal hardware configuration and communications network system, each embodiment of the inventive method is proposed.
First embodiment
As shown in figure 3, first embodiment of the invention provides a kind of interface security method of calibration, methods described includes step:
31st, the first system uses the first safety certification certificate and by security socket layer hypertext transfer protocol requests, The check information of second system and the check information of second system interface are obtained to safety check system;Wherein described second is The check information of the check information of system and the second system interface is differed;
In the present embodiment, system and system interface use different check informations, and security intensity is high.Each system and safety Communication between check system uses security socket layer hypertext transfer protocol requests (Hyper Text Transfer Protocol over Secure Socket Layer, HTTPS) form, it is ensured that transmission data security.
In the present embodiment, the first safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the first system;According to the secure registration information of acquisition The first safety certification certificate is generated for the first system.
Secure registration information includes domain name of systematic name, unique identifying number, exploitation test and formal environments etc..
In the present embodiment, the check information of the second system interface is generated in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, institute is scanned All codes of second system are stated, and parse the total interface of the second system automatically;The second system that configuration is explained is connect The check information that the check information of mouth generation and the second system is differed.Configuration is explained, for example,@ ApiUserPassword, to represent that interface needs oneself to define the check informations different from system, the scanning of safety check system is arrived After this is explained, the check informations different from the system will be generated for the interface automatically.
Further, methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, root The check information for whether generating and being differed with the check information of the second system according to needing to set.
In the present embodiment, check information includes user name and encrypted message.
32nd, the check information of second system that will be got and second system interface are intercepted by safety check tangent plane Check information is added in the header of hypertext transfer protocol requests;
In the present embodiment, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR One system is used.
In the present embodiment, using unified SDK, it is supplied to respectively by safety check system generation JAR bags System, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not write any code again Safety check system can just be accessed.Each system need not change code or configuration file, you can in exploitation, test and formal environments It is middle to use different safety check information.
33rd, hypertext transfer protocol requests are sent to second system and calls second system interface;
34th, the second system receives the hypertext transfer protocol requests, by the hypertext transfer protocol requests The check information of second system in header and the check information of second system interface are extracted;
35th, using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the peace Whole school's check system obtains the check information of second system and the check information of second system interface;
In the present embodiment, the second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;According to the secure registration information of acquisition The second safety certification certificate is generated for the second system.
Secure registration information includes domain name of systematic name, unique identifying number, exploitation test and formal environments etc..
36th, intercepted by safety check tangent plane to the check information and second for the second system for extracting and getting The check information of system interface is verified respectively;
In the present embodiment, the safety check tangent plane is intercepted and generated in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied to described the in the form of JAR Two system is used.
In the present embodiment, the interface security verification between system, using unified SDK, by safety check System generation JAR bags are supplied to each system, and JAR bags provide tangent plane and the interface code to each system does intercept process, each system Oneself need not write any code again can just access safety check system.Each system need not change code or configuration file, i.e., Can be in exploitation, test from using different safety check information in formal environments.
37th, after being verified, perform the second system interface and implementing result is fed back into the first system.
In one embodiment, methods described also includes step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
Further, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system Whether the update cycle of check information alreadys exceed;
If the update cycle alreadys exceed, the check information and/or the second system interface of the second system are updated Check information.
In this embodiment, the update cycle of the check information of system and system interface, can independently it be configured.
In another embodiment, methods described also includes step:
The safety check system detectio judges the check information and/or the second system interface of the second system Whether check information has renewal;
If there is renewal, the first system is notified by message center.
As shown in fig. 7, notifying the structural representation of different system by message center Zookeeper.
In this embodiment, when the check information of system or system interface changes, notified by message center To each system.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6 Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1 Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again 1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
A kind of interface security method of calibration provided in an embodiment of the present invention, system and system interface are believed using different verifications Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
Second embodiment
Reference picture 4, Fig. 4 provides a kind of interface security calibration equipment, the interface security school for second embodiment of the invention Experiment device 40 includes:Memory 41, processor 42 and it is stored on the memory 41 and can be run on the processor 42 Interface security checking routine, the interface security checking routine realized described in first embodiment when being performed by the processor 42 Interface security method of calibration the step of.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6 Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1 Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again 1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
A kind of interface security calibration equipment provided in an embodiment of the present invention, system and system interface are believed using different verifications Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
3rd embodiment
Third embodiment of the invention is provided deposits on a kind of computer-readable recording medium, the computer-readable recording medium Interface security checking routine is contained, the interface security checking routine realizes connecing described in first embodiment when being executed by processor The step of mouth safe checking method.
For a better understanding of the present invention, below by taking cell-phone customer terminal and server as an example, carried out with reference to shown in Fig. 5-Fig. 6 Explanation:
As shown in figure 5, cell-phone customer terminal is first begin to prepare the interface 1 of invoking server.
In the preparatory stage, if not getting the check information of server and server interface 1, cell-phone customer terminal is used Safety certification certificate and by security socket layer hypertext transfer protocol requests, server and clothes are obtained to safety check system The check information of business device interface 1.
Fig. 6 is the generating process of cell-phone customer terminal safety certification certificate, specifically, secure registration is filled in cell-phone customer terminal Information;Safety check system is obtained after secure registration information, and client provides access path;Safety check system obtains client The access path at end, scans all codes of client, and parses the total interface of client automatically;The client explained configuration The check information that the check information of end generation and client is differed;Then cell phone customer is generated according to secure registration information registering Hold safety certification certificate.
The generating process of server security certification certificate is similar, and therefore not to repeat here.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to cell-phone customer terminal.
Cell-phone customer terminal gets the check information of server and server interface 1, is preserved and by safety check Tangent plane, which is intercepted, believes the head that the check information of the server got and server interface 1 is added to hypertext transfer protocol requests In breath;Hypertext transfer protocol requests invoking server interface 1 is sent then to server.
Received server-side is to hypertext transfer protocol requests, by the service in the header of hypertext transfer protocol requests The check information of device and server interface 1 is extracted;Meanwhile, if not getting the verification of server and server interface 1 Information, using server security certification certificate and by security socket layer hypertext transfer protocol requests, to safety check system System obtains the check information of server and server interface 1.
Safety check system is received after security socket layer hypertext transfer protocol requests, and server and server are connect The check information of mouth 1 returns to server.
Server is intercepted to the server for extracting and getting and the school of server interface 1 by safety check tangent plane Information is tested to be verified respectively.Specifically, the check information of first authentication server, is verified afterwards authentication server interface again 1 check information.Verify and all pass through twice, just represent that the verification of server interface 1 passes through.
After the verification of server interface 1 passes through, implementing result is simultaneously fed back to cell-phone customer terminal by execute server interface 1.
Computer-readable recording medium provided in an embodiment of the present invention, system and system interface are believed using different verifications Breath, security intensity is high;Communication between each system and safety check system uses HTTPS form, it is ensured that the peace of transmission data Quan Xing;Interface security verification between system, using unified SDK, is carried by safety check system generation JAR bags Each system is supplied, JAR bags provide tangent plane and the interface code to each system does intercept process, and each system oneself need not be write again appoints What code can just access safety check system;The update cycle of the check information of system and system interface, can independently it carry out Configuration;When the check information of system or system interface changes, each system is notified by message center;Each system without Code or configuration file must be changed, you can in exploitation, test from using different safety check information in formal environments.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property is included, so that process, method, article or device including a series of key elements not only include those key elements, and And also including other key elements being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Also there is other identical element in process, method, article or the device of key element.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Understood based on such, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal (can be mobile phone, computer, service Device, air conditioner, or network equipment etc.) perform method described in each of the invention embodiment.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot Form, these are belonged within the protection of the present invention.

Claims (10)

1. a kind of interface security method of calibration, methods described includes step:
The first system is using the first safety certification certificate and by security socket layer hypertext transfer protocol requests, to safety school Check system obtains the check information of second system and the check information of second system interface;The verification of wherein described second system Information and the check information of the second system interface are differed;
The verification that the check information and second system interface of the second system that will be got are intercepted by safety check tangent plane is believed Breath is added in the header of hypertext transfer protocol requests;
Hypertext transfer protocol requests, which are sent, to second system calls second system interface;
The second system receives the hypertext transfer protocol requests, by the header of the hypertext transfer protocol requests The check information of second system and the check information of second system interface extract;
Using the second safety certification certificate and by security socket layer hypertext transfer protocol requests, to the safety check system System obtains the check information of second system and the check information of second system interface;
Intercepted by safety check tangent plane and the check information of second system and second system that extract and get are connect The check information of mouth is verified respectively;
After being verified, perform the second system interface and implementing result is fed back into the first system.
2. a kind of interface security method of calibration according to claim 1, it is characterised in that the first safety certification certificate Generate in the following manner:
The safety check system obtains the secure registration information of the first system;It is institute according to the secure registration information of acquisition State the first system and generate the first safety certification certificate;
The second safety certification certificate is generated in the following manner:
The safety check system obtains the secure registration information of the second system;It is institute according to the secure registration information of acquisition State second system and generate the second safety certification certificate.
3. a kind of interface security method of calibration according to claim 2, it is characterised in that the school of the second system interface Information is tested to generate in the following manner:
The safety check system obtains the access path of the second system;According to the access path of acquisition, described the is scanned All codes of two system, and the total interface of the second system is parsed automatically;The second system interface life explained configuration The check information differed into the check information with the second system.
4. a kind of interface security method of calibration according to claim 3, it is characterised in that methods described also includes step:
The safety check system to be configured without explain second system interface, interface security configuration the page in, according to need Set the check information for whether generating and being differed with the check information of the second system.
5. a kind of interface security method of calibration according to claim 1, it is characterised in that the safety check tangent plane is intercepted Generate in the following manner:
Code packing that the safety check system intercepts safety check tangent plane is simultaneously supplied in the form of JAR and described first is System and the second system are used.
6. according to a kind of any described interface security methods of calibration of claim 1-5, it is characterised in that methods described also includes Step:
The update cycle of the check information of the second system and/or the check information of the second system interface is set.
7. a kind of interface security method of calibration according to claim 6, it is characterised in that methods described also includes step:
The safety check system detectio judges the verification of the check information and/or the second system interface of the second system Whether the update cycle of information alreadys exceed;
If the update cycle alreadys exceed, the check information of the second system and/or the school of the second system interface are updated Test information.
8. a kind of interface security method of calibration according to claim 6, it is characterised in that methods described also includes step:
The safety check system detectio judges the verification of the check information and/or the second system interface of the second system Whether information has renewal;
If there is renewal, the first system is notified by message center.
9. a kind of interface security calibration equipment, it is characterised in that the interface security calibration equipment includes:Memory, processor And it is stored in the interface security checking routine that can be run on the memory and on the processor, the interface security verification Program is realized the interface security method of calibration as any one of claim 1 to 8 during computing device the step of.
10. a kind of computer-readable recording medium, it is characterised in that the interface that is stored with the computer-readable recording medium is pacified Full checking routine, is realized as any one of claim 1 to 8 when the interface security checking routine is executed by processor The step of interface security method of calibration.
CN201710370072.9A 2017-05-23 2017-05-23 Interface security verification method and device and computer readable storage medium Active CN107204977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710370072.9A CN107204977B (en) 2017-05-23 2017-05-23 Interface security verification method and device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710370072.9A CN107204977B (en) 2017-05-23 2017-05-23 Interface security verification method and device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN107204977A true CN107204977A (en) 2017-09-26
CN107204977B CN107204977B (en) 2020-11-06

Family

ID=59905219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710370072.9A Active CN107204977B (en) 2017-05-23 2017-05-23 Interface security verification method and device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN107204977B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113242121A (en) * 2021-04-15 2021-08-10 哈尔滨工业大学 Safety communication method based on combined encryption
CN113778725A (en) * 2020-06-03 2021-12-10 北京沃东天骏信息技术有限公司 Data verification method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030208695A1 (en) * 2002-05-01 2003-11-06 Ronald Soto Method and system for controlled, centrally authenticated remote access
CN101515932A (en) * 2009-03-23 2009-08-26 中兴通讯股份有限公司 Method and system for accessing Web service safely
CN102946384A (en) * 2012-10-24 2013-02-27 北京奇虎科技有限公司 User authentication method and device
CN105100059A (en) * 2015-06-10 2015-11-25 努比亚技术有限公司 Method, device and system for processing high-concurrent requests
CN105677326A (en) * 2015-12-28 2016-06-15 国云科技股份有限公司 Software interface parameter validation method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030208695A1 (en) * 2002-05-01 2003-11-06 Ronald Soto Method and system for controlled, centrally authenticated remote access
CN101515932A (en) * 2009-03-23 2009-08-26 中兴通讯股份有限公司 Method and system for accessing Web service safely
CN102946384A (en) * 2012-10-24 2013-02-27 北京奇虎科技有限公司 User authentication method and device
CN105100059A (en) * 2015-06-10 2015-11-25 努比亚技术有限公司 Method, device and system for processing high-concurrent requests
CN105677326A (en) * 2015-12-28 2016-06-15 国云科技股份有限公司 Software interface parameter validation method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113778725A (en) * 2020-06-03 2021-12-10 北京沃东天骏信息技术有限公司 Data verification method and device
CN113242121A (en) * 2021-04-15 2021-08-10 哈尔滨工业大学 Safety communication method based on combined encryption

Also Published As

Publication number Publication date
CN107204977B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
CN107508892A (en) A kind of page access method, server and computer-readable recording medium
CN107507007A (en) One kind pays 2 D code verification method, terminal and computer-readable recording medium
CN107451460A (en) Interface processing method, equipment, server and computer-readable recording medium
CN107395850A (en) A kind of social communication information guard method, device and computer-readable recording medium
CN107862196A (en) Fingerprint verification method, mobile terminal and computer-readable recording medium
CN106953684A (en) A kind of method for searching star, mobile terminal and computer-readable recording medium
CN107395560A (en) Safety check and its initiation, management method, equipment, server and storage medium
CN107343272A (en) A kind of data traffic sharing method and mobile terminal
CN107517208A (en) Apparatus control method, device and computer-readable recording medium
CN107360139A (en) A kind of mobile terminal, data ciphering method and computer-readable recording medium
CN107276991A (en) Load method, equipment and the computer-readable recording medium of Web page
CN107580336A (en) A kind of method for connecting network, terminal and computer-readable recording medium
CN107220050A (en) Adaptive display method, terminal and computer-readable recording medium
CN107635232A (en) A kind of network share method, terminal and computer-readable recording medium
CN107896287A (en) Phone number risk monitoring method and mobile terminal
CN107133151A (en) A kind of daily record data processing method, equipment and computer-readable recording medium
CN107172605A (en) A kind of Emmergency call method, mobile terminal and computer-readable recording medium
CN107302526A (en) System interface call method, equipment and computer-readable recording medium
CN107347117A (en) A kind of message management method, mobile terminal and computer-readable recording medium
CN107204977A (en) Interface security method of calibration and device, computer-readable recording medium
CN107516051A (en) A kind of data encryption storage method, device and computer-readable recording medium
CN107194217A (en) User data access control method, equipment and computer-readable recording medium
CN107239690A (en) Unlocking screen method and mobile terminal
CN107133108A (en) Implementation method, terminal, server and the computer-readable recording medium of distributed complex lock
CN108879117A (en) Mobile terminal and its antenna structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant