CN107317800A - Safe checking method, terminal and computer-readable recording medium - Google Patents

Safe checking method, terminal and computer-readable recording medium Download PDF

Info

Publication number
CN107317800A
CN107317800A CN201710404772.5A CN201710404772A CN107317800A CN 107317800 A CN107317800 A CN 107317800A CN 201710404772 A CN201710404772 A CN 201710404772A CN 107317800 A CN107317800 A CN 107317800A
Authority
CN
China
Prior art keywords
checking information
checking
check
information
safe
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710404772.5A
Other languages
Chinese (zh)
Inventor
倪秉炬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nubia Technology Co Ltd
Original Assignee
Nubia Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nubia Technology Co Ltd filed Critical Nubia Technology Co Ltd
Priority to CN201710404772.5A priority Critical patent/CN107317800A/en
Publication of CN107317800A publication Critical patent/CN107317800A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention discloses a kind of safe checking method, terminal and computer-readable recording medium, belong to communication technical field.The method comprising the steps of:The first system obtains the first checking information of second system to check system, and first checking information is added in the interface requests for calling the second system;Second system receives the interface requests, and the second checking information for distributing to the first system is obtained from the check system, when judging that first checking information is consistent with second checking information, then verification passes through.So as to which each system need not change code or configuration file, you can in development environment, test environment from using different safety check information in formal environments.

Description

Safe checking method, terminal and computer-readable recording medium
Technical field
The present invention relates to network communication technology field, more particularly to safe checking method, terminal and computer-readable storage Medium.
Background technology
When interacting between each system on fixed terminal or mobile terminal, it is required for using Hyper text transfer Agreement (HyperText Transfer Protocol, HTTP) interface.In order to ensure safety, often it is required for using safe school Test mechanism.Wherein, the more verification scheme used is BaseAuth mechanism, i.e., accessed system is to the system for needing to access Distribute a username and password.Current scheme is that these username and passwords are placed on into every destination code or configuration text In part.
However, at least there is problems with currently existing scheme:
1st, developer and operation maintenance personnel can know username and password, there is greatly leakage in terms of information security Hole and hidden danger.
2nd, each system has exploitation, test and formal environments, and each partition gives the username and password of remaining system all Different, it is necessary to go modification manually so in handoff environment, efficiency is low and easy error.
3rd, each system all uses the same BaseAuth mechanism, there is more repeated work, and the efficiency of exploitation and joint debugging is low.
Therefore, it is necessary to propose a kind of safe checking method, terminal and computer-readable recording medium, asked with solving these Topic.
The content of the invention
It is a primary object of the present invention to propose a kind of safe checking method, terminal and computer-readable recording medium, purport Solving system safety problem.
To achieve the above object, a kind of safe checking method that the present invention is provided, methods described includes step:
The first system obtains the first checking information of second system to check system, and first checking information is added Into the interface requests for calling the second system;
The second system receives the interface requests, and the first system is distributed in acquisition from the check system The second checking information, when judging that first checking information is consistent with second checking information, then verification pass through.
Alternatively, methods described also includes:
The second system sets the update cycle of checking information, and the update cycle is sent to the verification system System;
When reaching the update cycle, the check system is updated to checking information.
Alternatively, methods described also includes:
Message center, which is detected, have updated the checking information, and be sent out respectively to the first system and the second system Send notice;
Notified according to described, the first system and the second system are obtained to the check system after updating respectively Checking information.
Alternatively, before the first checking information that the first system obtains second system to check system, methods described is also Including:
The checking information for distributing to each system is sent to the check system registered in advance by the second system;
The check system Generates Certificate according to the checking information;
The second system downloads the certificate, is communicated with being encrypted by the certificate with the check system.
In addition, to achieve the above object, the present invention also proposes a kind of safe checking method, runs in check system, institute Stating method includes step:
When the first system, which is sent, calls the interface requests of second system, send second system to the first system first is tested Demonstrate,prove information;
The second system is received after the interface requests, is sent to the second system and is distributed to the first system Second checking information, when the second system judges that first checking information is consistent with second checking information, then Verification passes through.
Alternatively, methods described also includes:
Receive the update cycle for the checking information that the second system is sent;
When reaching the update cycle, then checking information is updated.
Alternatively, methods described also includes:
According to the request of the first system and the renewal checking information of the second system, respectively to the first system The checking information after updating is sent with second system.
Alternatively, before first checking information that second system is sent to the first system, methods described also includes:
The checking information of each system is pre-assigned to according to the second system, and is registered;
Generated Certificate, communicated with being encrypted by the certificate with the second system according to the checking information.
In addition, to achieve the above object, the present invention also proposes a kind of terminal, the terminal includes processor and storage Device;
The processor is used to perform the safety check routines stored in memory, to realize above-mentioned method.
In addition, to achieve the above object, the present invention also proposes a kind of computer-readable recording medium, described computer-readable Be stored with safety check routines on storage medium, and the safety check routines realize above-mentioned safety check when being executed by processor The step of method.
Safe checking method proposed by the present invention, terminal and computer-readable recording medium, by the first system to verification System obtains the first checking information of second system, and the first checking information is added to the interface requests for calling second system In, after the request of second system receiving interface, the second checking information for distributing to the first system is obtained from check system, when When judging that the first checking information is consistent with the second checking information, then verification passes through, so that each system need not change code or match somebody with somebody Put file, you can in development environment, test environment from using different safety check information in formal environments.
Brief description of the drawings
The schematic flow sheet for the safe checking method that Fig. 1 provides for first embodiment of the invention;
The sub-process schematic diagram for the safe checking method that Fig. 2 provides for first embodiment of the invention;
The another schematic flow sheet for the safe checking method that Fig. 3 provides for first embodiment of the invention;
The another schematic flow sheet for the safe checking method that Fig. 4 provides for first embodiment of the invention;
Fig. 5 be check system in preserve each system distribution username and password information table schematic diagram;
The schematic flow sheet for the safe checking method that Fig. 6 provides for second embodiment of the invention;
The another schematic flow sheet for the safe checking method that Fig. 7 provides for second embodiment of the invention;
The another schematic flow sheet for the safe checking method that Fig. 8 provides for second embodiment of the invention;
The structural representation for the safety check system that Fig. 9 provides for third embodiment of the invention.
The realization, functional characteristics and advantage of the object of the invention will be described further referring to the drawings in conjunction with the embodiments.
Embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
In follow-up description, the suffix using such as " module ", " part " or " unit " for representing element is only Be conducive to the explanation of the present invention, itself there is no a specific meaning.Therefore, " module ", " part " or " unit " can be mixed Ground is used.
Fig. 1 is refer to, first embodiment of the invention provides a kind of safe checking method, the described method comprises the following steps:
Step 110, the first system obtains the first checking information of second system to check system, and described first is verified Information is added in the interface requests for calling the second system.
Specifically, the first system first judges whether to obtain second system distribution when calling the interface of second system First checking information, if not obtaining, into step 110, if having obtained, is directly entered step 120.
In step 110, the first system can be according to the domain of the environment of the second system to be accessed, that is, second system Name, asks to obtain to check system by HTTP (HyperText TransferProtocol, HTTP) first Second system is pre-assigned to the first checking information of the first system in the present context.The first system preserves the first checking information, And the first checking information is added in the header of HTTP request.
Further, the first checking information be at least included in stored in check system distribute to first by second system and be The username and password of system.
Step 120, second system receives the interface requests, and acquisition distributes to described first from the check system Second checking information of system, when judging that first checking information is consistent with second checking information, is then verified logical Cross.
Specifically, Fig. 2 is refer to, step 120 further comprises:
Step 210, second system receives the interface requests of the first system;
Step 220, second system judges whether to obtain the second checking information for distributing to the first system;If so, then entering Enter step 240, if it is not, then entering step 230;
Specifically, the second checking information includes:Under the present circumstances, second system is pre-assigned to the user of the first system Name and password.
Step 230, second system obtains the second checking information for distributing to the first system from check system;
Specifically, check system preserves the second checking information after the second checking information that second system is sent is received In checking system.
Step 240, second system judges whether the first checking information is consistent with the second checking information;If so, then entering step Rapid 250, if it is not, then flow terminates;
Specifically, second system is by the use in the username and password and the header of interface requests in the second checking information Name in an account book and password are compared, if unanimously, into step 250, if inconsistent, verification fails and flow terminates.
Further, the checking action in step 240 is all the tangent plane in the JAR bags provided by safety check system Intercept what is carried out.By way of tangent plane is intercepted, unified processing is carried out to total interface.In the present embodiment, based on BaseAuth verification schemes, realize a set of check system, and the system tests the client of this safety check mechanism with service end Code is demonstrate,proved all to be realized, and by the form of tangent plane, to intercept the interface processing of each system, to carry out at unified client Reason and service end checking.Safety check system packs the code of this part, is supplied to each system to make in the form of JAR bags With.So, each system avoids the need for oneself going to write the code of repetition again realizing interface check function.
Further, for the security of strengthening system, each system user name and password preserved in check system is all It is encrypting storing, the information that keeper is seen also all is the information after encryption, so as to ensure information security.
Step 250, verification passes through.
After verification passes through, then second system performs interface, and returns to implementing result to the first system.
Further, Fig. 3 is refer to, as to further improvement of this embodiment, before step 110, methods described Also include:
Step 310, the checking information for distributing to each system is sent to the check system carry out in advance by second system Registration.
Specifically, check system provides enrollment page, believes in checking of the related field provided with each system of enrollment page Breath, the checking information at least includes:Systematic name, the domain for accessing systematic name, unique identifying number, exploitation test and formal environments Name etc..For example:Second system according to the environment at place (such as:Test environment either formal environments etc.), at least one will be distributed to The checking information of individual the first system is sent to check system and registered.
Correspondingly, the username and password information table of each system distribution is preserved in check system.
Step 320, check system Generates Certificate according to the checking information.
Specifically, after succeeding in registration, according to the checking information of reception, check system, which generates a https traffic, to be needed The certificate used.
Step 330, second system downloads the certificate, logical to be encrypted by the certificate and the check system Letter.
Specifically, second system is downloaded after the certificate, is encrypted and communicated with safety check system using the certificate, to obtain The username and password for taking second system to need calling system to distribute to oneself.
Further, Fig. 4 is refer to, as a further improvement on the present invention, after step 120, in addition to step:
Step 410, second system sets the update cycle of checking information, and the update cycle is sent to the verification System.
Specifically, the update cycle can be one month or 1 year, and second system sends the update cycle being provided with To check system.
Step 420, when reaching the update cycle, the check system is updated to checking information.
Specifically, the checking information after renewal can second system set the update cycle when be configured, also may be used To be set by check system.After the update cycle is reached, check system is according to default or randomly update checking information.
Step 430, message center, which is detected, have updated the checking information, and respectively to the first system and described Two system, which is sent, to be notified.
Specifically, in the present embodiment, message center can be Zookeeper, that is to say, that when Zookeeper detections When have updated checking information to check system, Zookeeper notifies the first system and second system to carry out checking letter by HTTPS The renewal of breath.In the present embodiment, unified check system provides Zookeeper as message center, when secure authentication information becomes During change, each system can be notified by the message center in time.
Step 440, notified according to described, the first system and the second system are obtained to the check system respectively Checking information after renewal.
Specifically, after the first system and second system receive Zookeeper message, obtained respectively by check system Take the checking information after updating.
Exemplarily, the username and password information table of each system distribution preserved in the check system shown in Fig. 5 shows It is intended to.In Figure 5, the enrollment page field of check system includes:Systematic name, environment, domain name, access system, it is user name, close Code and update cycle.System B needs calling system A interface, and the environment residing for system A is development environment, and domain name is A.dev.com, then check system B process is as follows:
(1) system B obtains the user name that system B is distributed under the system A environment by HTTPS request to check system And password (bdeva) (adevb).
(2) system B preserves the username and password, and username and password is added in the header of HTTP request.
(3) system A is obtained to check system after system B request is received and is distributed to system B's under development environment User name (adevb) and password (bdeva), and preserve in systems.
(4) username and password is compared by system A with the user name password in system B request header informations, and result is Consistent, then it is verified.
The safe checking method of the present embodiment, the first checking for obtaining second system to check system by the first system is believed Breath, and the first checking information is added in the interface requests for calling second system, after the request of second system receiving interface, from school Obtained in check system and distribute to the second checking information of the first system, when judging the first checking information and the second checking information When consistent, then verification passes through, so that each system need not change code or configuration file, you can in development environment, test environment From using different safety check information in formal environments.
Fig. 6 is refer to, the safe checking method provided for second embodiment of the invention, this method runs on check system In, comprise the following steps:
Step 610, when the first system, which is sent, calls the interface requests of second system, second system is sent to the first system The first checking information.
Specifically, the first system can be according to the domain name of the environment of the second system to be accessed, that is, second system, first The first checking information that second system is pre-assigned to the first system in the present context is sent to the first system by HTTP request. The first system preserves the first checking information, and the first checking information is added in the header of HTTP request.
Further, the first checking information be at least included in stored in check system distribute to first by second system and be The username and password of system.
Step 620, second system is received after the interface requests, and distributing to described first to second system transmission is Second checking information of system, when the second system judges that first checking information is consistent with second checking information When, then verification passes through.
Specifically, after second system receives interface requests, the request sent according to second system is sent out to second system The second checking information for being pre-assigned to the first system is sent, second system is by the username and password in the second checking information with connecing Username and password in the header of mouth request is compared, if unanimously, verification passes through, if inconsistent, verification failure.
Second checking information includes:Under the present circumstances, second system is pre-assigned to the user name of the first system and close Code.
The checking for carrying out second system is further intercepted there is provided the tangent plane in JAR bags.By way of tangent plane is intercepted, Unified processing is carried out to total interface.In the present embodiment, based on BaseAuth verification schemes, by this safety check machine The client and service end Validation Code of system all realized, and by the form of tangent plane, is handled the interface that intercepts each system, To carry out unified client process and service end checking.The code of this part is packed, each is supplied in the form of JAR bags System is used.
Further, for the security of strengthening system, in addition it is also necessary to each system user name of encrypting storing and password, keeper The information seen also all is the information after encryption, so as to ensure information security.
Further, Fig. 7 is refer to, as further improvement of this embodiment, before step 610, methods described is also Including:
Step 710, the checking information of each system is pre-assigned to according to institute's second system, and registered.
Specifically, in checking information of the related field provided with each system of enrollment page, the checking information at least includes: Systematic name, the domain name for accessing systematic name, unique identifying number, exploitation test and formal environments etc..For example:Second system according to The environment at place is (such as:Test environment either formal environments etc.), receive that second system sends distribute at least one first The checking information of system, and registered.
Correspondingly, the username and password information table of each system distribution is preserved.
Step 720, Generated Certificate according to the checking information, to be encrypted by the certificate with the second system Communication.
Specifically, after succeeding in registration, according to the checking information of reception, one https traffic of generation needs the card used Book.Second system is downloaded after the certificate, is encrypted and communicated with second system using the certificate, and tune is needed to obtain second system The username and password of oneself is distributed to system.
Further, Fig. 8 is refer to, as a further improvement on the present invention, after step 620, in addition to step:
Step 810, the update cycle for the checking information that second system is sent is received.
Specifically, the update cycle can be one month or 1 year, receive the renewal being provided with that second system is sent Cycle.
Step 820, when reaching the update cycle, then checking information is updated.
Specifically, the checking information after renewal can second system set the update cycle when be configured, also may be used To be set by check system.After the update cycle is reached, according to default or randomly update checking information.
Step 830, according to the request of the first system and the renewal checking information of the second system, respectively to described The first system and second system send the checking information after updating.
Specifically, when the first system and second system receive message center transmission message after, receive the first system and Second system sends the request for updating checking information, and is sent respectively to the first system and second system after renewal according to the request Checking information.
The safe checking method of the present embodiment, when the first system, which is sent, calls the interface requests of second system, to first System sends the first checking information of second system, after the request of second system receiving interface, is sent to second system and distributes to the Second checking information of one system, when second system judges that the first checking information is consistent with the second checking information, is then verified Pass through, so that each system need not change code or configuration file, you can used in development environment, test environment and formal environments Different safety check information.
Fig. 9 is refer to, third embodiment of the invention also provides a kind of safety check system, and the system includes:Check system 910 and the first system 920 and second system 930 that are communicated respectively with the check system 910, wherein,
The first system 920, the first checking information for obtaining second system 930 to check system 910, and by described the One checking information is added in the interface requests for calling the second system 930.
Specifically, the first system 920 first judges whether to obtain second system when calling the interface of second system 930 First checking information of 930 distribution, if not obtaining, is first obtained to check system 910, if having obtained, is touched Send out second system 920.
The first system 920 can be first according to the domain name of the environment of the second system 930 to be accessed, that is, second system 930 HTTP (HyperText TransferProtocol, HTTP) is first passed through to ask to obtain the to check system 910 Two system 930 is pre-assigned to the first checking information of the first system 920 in the present context.The first system 920 preserves first and tested Information is demonstrate,proved, and the first checking information is added in the header of HTTP request.
Further, the first checking information is at least included in being distributed to by second system 930 of being stored in check system 910 The username and password of the first system 920.
Second system 930, for receiving the interface requests, and obtain from the check system 910 distribute to it is described Second checking information of the first system 920, when judging that first checking information is consistent with second checking information, then Verification passes through.
Specifically, second system 930 specifically for:
Receive the interface requests of the first system 920;
Judge whether to obtain the second checking information for distributing to the first system 920;First is distributed to when judgement is obtained Second checking information of system 920, then judge whether the first checking information is consistent with the second checking information, if unanimously, verifying Pass through, if inconsistent, verification failure;
When the second checking information of the first system 920 is distributed in judgement without acquisition, then obtain and divide from check system 910 Second checking information of dispensing the first system 920;
Specifically, the second checking information includes:Under the present circumstances, second system 930 is pre-assigned to the first system 920 Username and password.
Second checking information is stored in by check system 910 after the second checking information that second system 930 is sent is received In checking system.
More specifically, second system 930 is by the username and password and the header of interface requests in the second checking information In username and password be compared, if unanimously, enter step verification passes through, if inconsistent, verification failure and flow Terminate.
Further, during the checking action in the present embodiment is all the JAR bags provided by safety check system 910 Tangent plane intercepts what is carried out.By way of tangent plane is intercepted, unified processing is carried out to total interface.In the present embodiment, it is based on With BaseAuth verification schemes, a set of check system 910 is realized, the system is by the client of this safety check mechanism and service Validation Code is held all to be realized, and by the form of tangent plane, to intercept the interface processing of each system, to carry out unified client End processing and service end checking.Safety check system 910 packs the code of this part, and each is supplied in the form of JAR bags System is used.So, each system avoids the need for oneself going to write the code of repetition again realizing interface check function.
Further, for the security of strengthening system, each system user name and password preserved in check system 910 All it is encrypting storing, the information that keeper is seen also all is the information after encryption, so as to ensure information security.
After verification passes through, then second system 930 performs interface, and returns to implementing result to the first system 920.
Further, second system 930, are additionally operable in advance send the checking information for distributing to each system to the school Check system 910 is registered.
Specifically, check system 910 provides enrollment page, and the checking of each system is provided with the related field of enrollment page Information, the checking information at least includes:Systematic name, access systematic name, unique identifying number, exploitation test and formal environments Domain name etc..For example:Second system 930 according to the environment at place (such as:Test environment either formal environments etc.), will distribute to The checking information of a few the first system 920 is sent to check system 910 and registered.
Correspondingly, the username and password information table of each system distribution is preserved in check system 910.
Check system 910, is additionally operable to be Generated Certificate according to the checking information.
Specifically, after succeeding in registration, according to the checking information of reception, check system 910 generates a https traffic and needed The certificate to be used.
Second system 930, is additionally operable to download the certificate, to be added by the certificate and the check system 910 Close communication.
Specifically, second system 930 is downloaded after the certificate, is encrypted using the certificate and safety check system 910 logical Letter, to obtain the username and password that second system 930 needs calling system to distribute to oneself.
Further, second system 930, are additionally operable to set the update cycle of checking information, and the update cycle is sent out Deliver to the check system 910.
Specifically, the update cycle can be one month or 1 year, and second system 930 sends out the update cycle being provided with Deliver to check system 910.
The check system 910, is additionally operable to, when reaching the update cycle, be updated checking information.
Specifically, the checking information after renewal can second system 930 set the update cycle when be configured, It can be set by check system 910.After the update cycle is reached, check system 910 is according to default or randomly update Checking information.
Further, system also includes message center 940, and the message center 940 have updated described test for detecting Information is demonstrate,proved, and sends notice to the first system 920 and the second system 930 respectively.
Specifically, in the present embodiment, message center 940 can be Zookeeper, that is to say, that when Zookeeper inspections When measuring check system 910 and have updated checking information, Zookeeper passes through HTTPS and notifies the first system 920 and second system 930 carry out the renewal of checking information.In the present embodiment, unified check system 910 provides Zookeeper and is used as message center 940, when secure authentication information changes, each system can be notified by the message center 940 in time.
Notified according to described, the first system 920 and the second system 930 are obtained to the check system 910 respectively Take the checking information after updating.
Specifically, after the first system 920 and second system 930 receive Zookeeper message, verification is passed through respectively System 910 obtains the checking information after updating.
Exemplarily, the username and password information table of each system distribution preserved in the check system 910 shown in Fig. 5 Block diagram.In Figure 5, the enrollment page field of check system 910 includes:Systematic name, environment, domain name, access system, user Name, password and update cycle.System B needs calling system A interface, and the environment residing for system A is development environment, and domain name is A.dev.com, then check system 910B process is as follows:
(1) system B obtains the user that system B is distributed under the system A environment by HTTPS request to check system 910 Name (adevb) and password (bdeva).
(2) system B preserves the username and password, and username and password is added in the header of HTTP request.
(3) system A is obtained to check system 910 after system B request is received and is distributed to system under development environment B user name (adevb) and password (bdeva), and preserve in systems.
(4) username and password is compared by system A with the user name password in system B request header informations, and result is Consistent, then it is verified.
The safety check system of the present embodiment, second system 930 is obtained by the first system 920 to check system 910 First checking information, and the first checking information is added in the interface requests for calling second system 930, second system 930 connects Receive after interface requests, obtained from check system 910 and distribute to the second checking information of the first system 920, when judging the When one checking information is consistent with the second checking information, then verification passes through, so that each system need not change code or configuration file, Can be in development environment, test environment from using different safety check information in formal environments.
Fifth embodiment of the invention further provides for a kind of terminal, based on the above embodiments, terminal include processor, with And memory;
Processor is used to perform the safety check routines stored in memory, to realize following steps:
When the first system, which is sent, calls the interface requests of second system, send second system to the first system first is tested Demonstrate,prove information;
Second system is received after the interface requests, is sent to the second system and is distributed to the second of the first system Checking information, when the second system judges that first checking information is consistent with second checking information, is then verified Pass through.
Specifically, the first system can be according to the domain name of the environment of the second system to be accessed, that is, second system, first The first checking information that second system is pre-assigned to the first system in the present context is sent to the first system by HTTP request. The first system preserves the first checking information, and the first checking information is added in the header of HTTP request.
Further, the first checking information be at least included in stored in check system distribute to first by second system and be The username and password of system.
After second system receives interface requests, the request sent according to second system sends advance to second system Distribute to the second checking information of the first system, second system is by the username and password and interface requests in the second checking information Header in username and password be compared, if unanimously, verification pass through, if inconsistent, verification failure.
Second checking information includes:Under the present circumstances, second system is pre-assigned to the user name of the first system and close Code.
The checking for carrying out second system is further intercepted there is provided the tangent plane in JAR bags.By way of tangent plane is intercepted, Unified processing is carried out to total interface.In the present embodiment, based on BaseAuth verification schemes, by this safety check machine The client and service end Validation Code of system all realized, and by the form of tangent plane, is handled the interface that intercepts each system, To carry out unified client process and service end checking.The code of this part is packed, each is supplied in the form of JAR bags System is used.
Further, for the security of strengthening system, in addition it is also necessary to each system user name of encrypting storing and password, keeper The information seen also all is the information after encryption, so as to ensure information security.
Alternatively, processor is additionally operable to perform the safety check routines stored in memory, to realize following steps:
The checking information of each system is pre-assigned to according to institute's second system, and registered;
Generated Certificate, communicated with being encrypted by the certificate with the second system according to the checking information.
Specifically, in checking information of the related field provided with each system of enrollment page, the checking information at least includes: Systematic name, the domain name for accessing systematic name, unique identifying number, exploitation test and formal environments etc..For example:Second system according to The environment at place is (such as:Test environment either formal environments etc.), receive that second system sends distribute at least one first The checking information of system, and registered.
Correspondingly, the username and password information table of each system distribution is preserved.
After succeeding in registration, according to the checking information of reception, one https traffic of generation needs the certificate used.Second System is downloaded after the certificate, is encrypted and communicated with second system using the certificate, calling system is needed to obtain second system Distribute to the username and password of oneself.
Alternatively, processor is additionally operable to perform the safety check routines stored in memory, to realize following steps:
Receive the update cycle for the checking information that second system is sent;
When reaching the update cycle, then checking information is updated;
According to the request of the first system and the renewal checking information of the second system, respectively to the first system The checking information after updating is sent with second system.
Specifically, the update cycle can be one month or 1 year, receive the renewal being provided with that second system is sent Cycle.
Checking information after renewal can be that second system is configured when setting the update cycle or by school What check system was set.After the update cycle is reached, according to default or randomly update checking information.
After the first system and second system receive the message of message center transmission, the first system and second system are received The request for updating checking information is sent, and the checking after updating is sent to the first system and second system according to the request respectively and is believed Breath.
The terminal of the present embodiment, when the first system, which is sent, calls the interface requests of second system, sends to the first system First checking information of second system, after the request of second system receiving interface, sends to second system and distributes to the first system Second checking information, when second system judges that the first checking information is consistent with the second checking information, then verification passes through, so that Each system need not change code or configuration file, you can in development environment, test environment from using different peaces in formal environments Full check information.
The embodiment of the present application additionally provides a kind of computer-readable recording medium.Here computer-readable recording medium is deposited Contain one or more program.Wherein, computer-readable recording medium can include volatile memory, such as arbitrary access Memory;Memory can also include nonvolatile memory, and such as read-only storage, flash memory, hard disk or solid-state are hard Disk;Memory can also include the combination of the memory of mentioned kind.When one or more in computer-readable recording medium Program can be by one or more computing device, to realize safe checking method that above-mentioned second embodiment is provided.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property is included, so that process, method, article or device including a series of key elements not only include those key elements, and And also including other key elements being not expressly set out, or also include for this process, method, article or device institute inherently Key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including this Also there is other identical element in process, method, article or the device of key element.
The embodiments of the present invention are for illustration only, and the quality of embodiment is not represented.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Understood based on such, technical scheme is substantially done to prior art in other words Going out the part of contribution can be embodied in the form of software product, and the computer software product is stored in a storage medium In (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal (can be mobile phone, computer, service Device, air conditioner, or network equipment etc.) perform method described in each of the invention embodiment.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot Form, these are belonged within the protection of the present invention.

Claims (10)

1. a kind of safe checking method, it is characterised in that methods described includes step:
The first system obtains the first checking information of second system to check system, and first checking information is added into tune In interface requests with the second system;
The second system receives the interface requests, and obtains from the check system and to distribute to the of the first system Two checking informations, when judging that first checking information is consistent with second checking information, then verification passes through.
2. safe checking method according to claim 1, it is characterised in that methods described also includes:
The second system sets the update cycle of checking information, and the update cycle is sent to the check system;
When reaching the update cycle, the check system is updated to checking information.
3. safe checking method according to claim 2, it is characterised in that methods described also includes:
Message center, which is detected, have updated the checking information, and send logical to the first system and the second system respectively Know;
Notified according to described, the first system and the second system obtain the checking after updating to the check system respectively Information.
4. safe checking method according to claim 1, it is characterised in that obtain second to check system in the first system Before first checking information of system, methods described also includes:
The checking information for distributing to each system is sent to the check system registered in advance by the second system;
The check system Generates Certificate according to the checking information;
The second system downloads the certificate, is communicated with being encrypted by the certificate with the check system.
5. a kind of safe checking method, it is characterised in that run in check system, methods described includes step:
When the first system, which is sent, calls the interface requests of second system, the first checking for sending second system to the first system is believed Breath;
The second system is received after the interface requests, is sent to the second system and is distributed to the second of the first system Checking information, when the second system judges that first checking information is consistent with second checking information, is then verified Pass through.
6. safe checking method according to claim 5, it is characterised in that methods described also includes:
Receive the update cycle for the checking information that the second system is sent;
When reaching the update cycle, then checking information is updated.
7. safe checking method according to claim 6, it is characterised in that methods described also includes:
According to the request of the first system and the renewal checking information of the second system, respectively to the first system and Two system sends the checking information after updating.
8. safe checking method according to claim 5, it is characterised in that described to the first system transmission second system The first checking information before, methods described also includes:
The checking information of each system is pre-assigned to according to the second system, and is registered;
Generated Certificate, communicated with being encrypted by the certificate with the second system according to the checking information.
9. a kind of terminal, it is characterised in that the terminal includes processor and memory;
The processor is used to perform the safety check routines stored in memory, to realize described in claim any one of 5-8 Method.
10. a kind of computer-readable recording medium, it is characterised in that be stored with safe school on the computer-readable recording medium Program is tested, the safety check side as described in claim any one of 5-8 is realized when the safety check routines are executed by processor The step of method.
CN201710404772.5A 2017-06-01 2017-06-01 Safe checking method, terminal and computer-readable recording medium Pending CN107317800A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710404772.5A CN107317800A (en) 2017-06-01 2017-06-01 Safe checking method, terminal and computer-readable recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710404772.5A CN107317800A (en) 2017-06-01 2017-06-01 Safe checking method, terminal and computer-readable recording medium

Publications (1)

Publication Number Publication Date
CN107317800A true CN107317800A (en) 2017-11-03

Family

ID=60182268

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710404772.5A Pending CN107317800A (en) 2017-06-01 2017-06-01 Safe checking method, terminal and computer-readable recording medium

Country Status (1)

Country Link
CN (1) CN107317800A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302526A (en) * 2017-06-07 2017-10-27 努比亚技术有限公司 System interface call method, equipment and computer-readable recording medium
CN110399411A (en) * 2019-06-21 2019-11-01 中国平安财产保险股份有限公司 Data source switch method, device, equipment and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104301331A (en) * 2014-10-31 2015-01-21 北京思特奇信息技术股份有限公司 Service interface permissions validation method and device
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device
CN107241308A (en) * 2017-04-27 2017-10-10 努比亚技术有限公司 A kind of method, device and mobile terminal for realizing safety check

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701761A (en) * 2012-09-28 2014-04-02 中国电信股份有限公司 Authentication method for invoking open interface and system
CN104301331A (en) * 2014-10-31 2015-01-21 北京思特奇信息技术股份有限公司 Service interface permissions validation method and device
CN105262717A (en) * 2015-08-31 2016-01-20 福建天晴数码有限公司 Network service security management method and device
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device
CN107241308A (en) * 2017-04-27 2017-10-10 努比亚技术有限公司 A kind of method, device and mobile terminal for realizing safety check

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302526A (en) * 2017-06-07 2017-10-27 努比亚技术有限公司 System interface call method, equipment and computer-readable recording medium
CN110399411A (en) * 2019-06-21 2019-11-01 中国平安财产保险股份有限公司 Data source switch method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN104378342B (en) Many accounts verification method, Apparatus and system
CN106506146A (en) Based on the Transaction Information method of calibration of block chain technology, apparatus and system
CN103581105B (en) Login validation method and login authentication system
US9059978B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
CN108416589A (en) Connection method, system and the computer readable storage medium of block chain node
US9641535B2 (en) Apparatus and data processing systems for accessing an object
CN110519115A (en) Gateway interface test method, terminal device, storage medium and device
CN106304074A (en) Auth method and system towards mobile subscriber
CN104980393B (en) Method of calibration, system, server and terminal
CN105991709A (en) Cloud desktop account number management method and apparatus thereof
CN103812651B (en) Method of password authentication, apparatus and system
CN206212040U (en) A kind of real-name authentication system for express delivery industry
CN102143492B (en) Method for establishing virtual private network (VPN) connection, mobile terminal and server
CN108322416A (en) A kind of safety certification implementation method, apparatus and system
CN109040069A (en) A kind of dissemination method, delivery system and the access method of cloud application program
CN110175439A (en) User management method, device, equipment and computer readable storage medium
CN103944889A (en) Method for online identity authentication of network user and authentication server
CN110708162A (en) Resource acquisition method and device, computer readable medium and electronic equipment
CN103401686B (en) A kind of user's OTP WEB Authentication System and application process thereof
CN106203021A (en) The application login method of a kind of many certification modes integration and system
CN107317800A (en) Safe checking method, terminal and computer-readable recording medium
CN111431957B (en) File processing method, device, equipment and system
CN109981677A (en) A kind of credit management method and device
CN110362984A (en) Method and device for operating service system by multiple devices
CN109495458A (en) A kind of method, system and the associated component of data transmission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171103