CN110569138A - Remote service calling method, response method, device, electronic equipment and server - Google Patents
Remote service calling method, response method, device, electronic equipment and server Download PDFInfo
- Publication number
- CN110569138A CN110569138A CN201910871763.6A CN201910871763A CN110569138A CN 110569138 A CN110569138 A CN 110569138A CN 201910871763 A CN201910871763 A CN 201910871763A CN 110569138 A CN110569138 A CN 110569138A
- Authority
- CN
- China
- Prior art keywords
- remote service
- content
- service content
- server
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the application discloses a remote service calling method, a response device, electronic equipment and a server. The method comprises the following steps: acquiring remote service content required to be called; encrypting the remote service content to obtain the encrypted remote service content; generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on a target uniform resource identifier; and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request. By the method, the content in the remote service calling request triggered by the target uniform resource identifier can be encrypted and sent, so that the safety of the remote service content in the transmission process is improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a remote service invoking method, a remote service responding method, a remote service invoking device, an electronic device, and a server.
Background
With the advent of the network age, more services between electronic devices can be mutually invoked. The REST Web application service is an RPC (remote procedure call) service that completes a remote service call by sending a request to a specified network address. In the related remote service calling process, the called content is usually encrypted according to the rule defined by the adopted communication protocol, so that the security of the data transmitted in the remote service calling process is still to be improved.
disclosure of Invention
in view of the above problems, the present application provides a remote service invoking method, a response method, an apparatus, an electronic device and a server to improve the above problems.
in a first aspect, the present application provides a remote service invocation method, applied to a client, where the method includes: acquiring remote service content required to be called; encrypting the remote service content to obtain the encrypted remote service content; generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on a target uniform resource identifier; and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
In a second aspect, the present application provides a remote service response method, which is applied to a server, and the method includes: acquiring encrypted remote service content carried in a remote service calling request; executing the decrypted remote service content to obtain an execution result; signing the execution result to obtain a signed execution result; generating reply information based on a specified communication protocol, wherein the reply information carries the execution result after signature; and returning the reply information to the client side which sends the remote service calling request.
in a third aspect, the present application provides a remote service invocation apparatus, including: the calling content acquisition unit is used for acquiring remote service content to be called; the content encryption unit is used for encrypting the remote service content to obtain the encrypted remote service content; a request generating unit, configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the encrypted remote service content, and a destination address of the remote service invocation request is obtained based on a target uniform resource identifier; and the information communication unit is used for sending the remote service calling request to a server corresponding to the destination address so that the server can execute the service corresponding to the remote service calling request.
in a fourth aspect, the present application provides a remote service response apparatus, the apparatus comprising: the request analysis unit is used for acquiring the encrypted remote service content carried in the remote service calling request; the service execution unit is used for executing the decrypted remote service content to obtain an execution result; the signature unit is used for signing the execution result to obtain a signed execution result; a response generation unit, configured to generate reply information based on a specified communication protocol, where the reply information carries the signed execution result; and the communication unit is used for returning the reply information to the client side sending the remote service invoking request.
In a fifth aspect, the present application provides an electronic device comprising one or more processors and a memory; one or more programs are stored in the memory and configured to be executed by the one or more processors to implement the methods described above.
In a sixth aspect, the present application provides a computer readable storage medium having program code stored therein, wherein the program code performs the above-mentioned method when executed by a processor.
The application provides a remote service calling method, a response device, an electronic device and a server, after obtaining the remote service content to be called, the remote service content is encrypted to obtain the encrypted remote service content, then based on appointed communication protocol, generating remote service call request carrying encrypted remote service content and pointing to target address identified by target uniform resource identification, sending the remote service call request to service end corresponding to the target address, for the server to execute the service corresponding to the remote service invocation request, and further in the above way, the content in the remote service calling request triggered by the target uniform resource identifier can be encrypted and sent, so that the safety of the remote service content in the transmission process is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram illustrating a client interacting with a server according to an embodiment of the present application;
Fig. 2 shows a schematic diagram of a proposed remote service in which content sent by a client is intercepted;
FIG. 3 is a diagram illustrating a remote service content sent by a client being converted to clear text at a gateway for subsequent transmission;
FIG. 4 is a flow chart illustrating a remote service invocation method according to an embodiment of the present application;
Fig. 5 is a schematic diagram illustrating a selection of a processing manner of a calculation procedure in a remote service invocation method according to an embodiment of the present application;
FIG. 6 is a flow chart illustrating a method for remote service invocation according to another embodiment of the present application;
Fig. 7 is a schematic diagram illustrating a json format-based remote service invocation instruction and a corresponding instruction parameter in a remote service invocation method according to another embodiment of the present application;
Fig. 8 is a schematic diagram illustrating a remote service invocation instruction based on json format and a corresponding instruction parameter after merging in a remote service invocation method according to another embodiment of the present application;
FIG. 9 is a diagram illustrating an embodiment of a remote service invocation method according to another embodiment of the present application;
FIG. 10 is a flow chart illustrating a method for remote service invocation in accordance with yet another embodiment of the present application;
FIG. 11 is a flow chart illustrating a method for remote service invocation in accordance with yet another embodiment of the present application;
Fig. 12 is a block diagram illustrating a remote service invocation apparatus according to an embodiment of the present application;
Fig. 13 is a block diagram illustrating a remote service invocation apparatus according to still another embodiment of the present application;
Fig. 14 is a block diagram illustrating a remote service invocation apparatus according to another embodiment of the present application;
FIG. 15 is a block diagram illustrating an electronic device for executing a remote service invocation method according to an embodiment of the present application in real time;
fig. 16 illustrates a storage unit for storing or carrying program code implementing the remote service invocation method according to an embodiment of the present application in real time.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
with the development of information systems, the services of the information systems are increased, and when the access amount of the system is increased and the services are increased, a single machine can not bear the services when the system is operated. We can split the information system traffic into several unrelated services deployed on respective machines, so that each machine can run one or more services to clear the logic and reduce the pressure on the individual machines. In this case, a protocol is required to support the invocation of services between different machines. Further, an RPC (Remote Procedure Call Protocol) Protocol is produced.
RPC employs a client/server mode. Wherein, the program requesting for remote calling service is a client, and the service providing program is a server. First, the calling process sends a calling message with process parameters to the service process, and then waits for a response message. At the server, the process remains in a sleep state until the arrival of the call information. When a calling message arrives, the server side obtains the process parameters, calculates the result, sends the reply message, then waits for the next calling message, and finally, the client side calls the process to receive the reply message, obtains the process result, and then calls execution to continue. For example, as shown in FIG. 1, throughout the remote service invocation, the client handle may be invoked, the transfer parameters performed, and the local communication module may be invoked to pass the network message to the remote host (server). The server handle obtains the message and obtains the parameter to further execute the remote process corresponding to the parameter, the executed process returns the result to the server handle, the server handle returns the result, the communication module calling the remote host (server) returns the result to the local host (client), and the client handle is received by the local communication module to return the result.
However, the inventor finds out in the research on the working process of the related remote service invocation that the communication protocol adopted between the client and the server at present may not have the function of encrypting the transmitted content, and even if the communication protocol has the function of encrypting the transmitted content, the communication protocol cannot effectively protect the data transmitted in the remote service invocation process. For example, as shown in fig. 2, even if the HTTPS protocol (or other communication protocol, for example, FTP protocol) with an encryption function is used by the client for data transmission, in a case where the HTTPS agent is used by the client for communication with the server, the HTTPS agent may cause leakage of data transmitted during the remote service invocation due to an intermediate attack. For another example, as shown in fig. 3, when data in the remote service invocation process transmitted by the client is transmitted to the HTTPS gateway of the service internal domain to which the service end belongs, the data is decrypted into a plaintext, so that the data transmitted between the HTTPS gateway and the service end is the plaintext, and the transmitted data is intercepted.
therefore, the inventor proposes a remote service invocation method, a response method, a device, an electronic device and a server in the present application, in which after obtaining remote service content to be invoked, the remote service content is encrypted to obtain encrypted remote service content, and then a remote service invocation request carrying the encrypted remote service content and pointing to a destination address identified by a target uniform resource identifier is generated based on a specified communication protocol, so as to improve the security of the remote service content carried by the remote service invocation request in a transmission process.
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
referring to fig. 4, a remote service invoking method provided in the embodiment of the present application is applied to a client, and the method includes:
step S110: and acquiring the remote service content required to be called.
it is understood that the remote service call is initiated from the client-side to the server-side, so that the client-side can call the service on the server-side. Before generating a remote service call request sent to the server, the client needs to determine what the service that the client needs to call is, and then the client may first perform obtaining the remote service content that needs to be called.
For example, the client needs to call the server to perform calculation on the acquired data. In this case, the acquired remote service content may include data of the required calculation and the required calculation method. For another example, the client needs to call the server to perform deduplication processing on the content in one file, and in this case, the obtained remote service content may include the file to be deduplicated and a call instruction to perform deduplication processing. It can be understood that a unique identifier may be configured for a service that needs to be invoked, and in this way, after receiving a remote service invocation request sent by a client, a server may determine which service the client needs to invoke by judging the unique identifier.
there may be various ways to trigger the client to execute the remote service content required to be invoked.
As one approach, the triggering may be based on automated events.
For application programs outside the client or the client itself in the running process, if data processing needs to be performed by means of equipment outside the electronic equipment where the client is located, the method can be regarded as a mode of triggering based on an automatic event. In this manner, the client, or an application outside the client, may send a remote service invocation request via the client so that services in other devices may be invoked. For example, the client runs in a first electronic device, which further includes an application a, and the application a needs to call a function a to perform calculation during running. The application a can send the request for calling the function a and the input data input to the function a to the client, and the client then obtains the remote service content (function a and input data).
Alternatively, the triggering may be based on an operation by the user.
In this manner, the client may be configured with controls for user touch. Specifically, the client may decompose the computation content to be executed to obtain a plurality of computation processes, and when all of the plurality of computation processes are executed, the computation content is represented to be completed. In this manner, the client may configure each computing process with a selection control for the user to select whether the computing process is to be performed locally by the client or by way of a remote service call. For example, as shown in fig. 5, for the decomposed calculation process a, calculation process B, and calculation process C among them. Both local and remote selection controls are respectively associated with each. If the user selects local corresponding to the calculation process a, the client may directly perform calculation locally when the client subsequently performs the calculation process a. If the user selects remote corresponding to the computing process B, the client acquires remote service content to be invoked according to the computing process B when the client executes the computing process B subsequently.
step S120: and encrypting the remote service content to obtain the encrypted remote service content.
In order to further enable the remote service content called by the client to have better security without being hijacked or monitored by other equipment, the client encrypts the acquired remote service content. The client can encrypt the remote service content in various ways.
as one approach, the client may encrypt the remote service content based on a locally stored static key. It is to be understood that a static key may be understood as a key that remains unchanged from being stored to the client. In this way, after receiving the remote service invocation request sent by the client, the subsequent server also performs decryption based on the key corresponding to the static key. Optionally, if the static key used by the client is a key in a symmetric encryption manner, the key corresponding to the static key is the same as the static key. Optionally, if the static key used by the client is a key in an asymmetric encryption manner, the key corresponding to the static key is a corresponding asymmetric key.
alternatively, the client may encrypt the remote service content based on a dynamic key that is periodically obtained from the server. It is understood that the dynamic key refers to a key that is updated periodically. For example, the client may request the current and latest key from the server in a cycle of every hour or even shorter, and then encrypt based on the current and latest key stored locally each time the remote service content is encrypted.
it is understood that, in order to make the key requested by the client regularly the latest key, the server also updates the key regularly, and the period for updating the key by the server may be the same as the request period of the client. For example, the server may update the key every half hour or every hour, and then broadcast a message that the current key is updated to all the clients, so that the clients may subsequently request the latest key from the server. In addition, the server can also broadcast the latest key to the client directly through a broadcast message. By means of the dynamic secret key, the secret key used for encrypting the remote service content can be updated regularly, so that even if a certain secret key is decrypted by other illegal users, the remote service content encrypted by other updated secret keys cannot be easily acquired, and the safety of the remote service content in the transmission process is further improved.
It should be noted that the server may determine the update period of the key according to various ways.
As one way, the server may update the secret key according to a period configured by the backend maintenance staff. For example, if the key update period configured by the backend maintenance staff is 1 hour, the server will update the key according to the period of 1 hour, and the corresponding client may also obtain the latest key every 1 hour.
Alternatively, the server may determine the key update period according to the current remote service invocation frequency. It can be understood that if the frequency of the current remote service invocation is not high, for example, there is an invocation at an interval of 1 hour on average, but if the key is updated at an interval of 10 minutes by the server, a great waste of resources is inevitable. Because, even if the server intensively updates the key, the client does not effectively use the thinner key, and even some updated keys are not used and are replaced by new keys. Then, the update period of the secret key is determined according to the current remote service call frequency, so that the utilization rate of the updated secret key can be improved, and the security of the remote service content in the transmission process can also be improved.
optionally, the length of the period for updating the key by the server is inversely proportional to the current remote service invocation frequency. I.e. the higher the current remote service invocation frequency, the shorter the period for the server to update the key. It can be understood that, for the server, it may be that multiple clients may make remote service calls, and when the clients make frequent remote service calls, the more remote service contents that need to be transmitted to the server in a certain period of time, the greater the probability that the transmitted remote service contents are packetized or intercepted. In this way, the server updates the key with higher frequency, and correspondingly, the client obtains the latest key of the server with higher frequency, so that the security of the transmitted remote service content can be ensured to a greater extent. For example, at the server, when it is detected that the current remote service invocation time is a first target time, the current key update period is configured to be updated every m minutes, and when it is detected that the current remote service invocation time is a second target time, the current key update period is configured to be updated every n minutes, where the first target time is greater than the second target time, and m is smaller than n.
step S130: and generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on a target uniform resource identifier.
It is understood that the client and the server communicate with each other based on a certain communication protocol. The client, when generating the remote service invocation request, generates the remote service invocation request based on the communication protocol currently agreed upon with the client. For example, if the client and the server communicate via the HTTP protocol or the HTTPs protocol, the client generates the remote service invocation request based on the HTTP protocol or the HTTPs protocol. For example, for the HTTP-based protocol or the HTTPs protocol, both include a header portion and a body portion. The body part in which the encrypted teleservice content can be deposited.
It should be noted that, no matter what communication protocol the client generates the remote service invocation request, the client needs to first obtain the network address of the server. In this embodiment, the client may obtain the destination address of the server based on various ways.
As one way, the client obtains a plurality of Uniform Resource Identifiers (URIs). It should be noted that the url is a string used to identify a name of an internet resource, and this kind of identification allows a client to interact with resources of the internet (including local and internet) through a specific protocol. Then in this embodiment, the configured uniform resource identifier may be used to mark the network address of the server.
Optionally, the same server may support different clients to perform remote service invocation, and correspondingly, the same client may also perform remote service invocation to different servers, so that in this manner, the client may obtain the server to be currently performed remote service invocation by obtaining the current target uniform resource identifier. It should be noted that the uniform resource identifier may identify different remote service contents in addition to the network address of the service end. For example, the uniform resource identifier may characterize the remote service content by the value of a specified field it includes. In this way, after determining the required remote service content, the client may determine, as the target uniform resource identifier, the uniform resource identifier whose remote service content represented by the value of the specified field is the same as the required remote service content determined by the client, and further obtain, as the network address of the server, the target address specified by the determined target uniform resource identifier.
for example, the client locally stores a uniform resource identifier a, a uniform resource identifier B, and a uniform resource identifier C. The destination address represented by the uniform resource identifier A points to the server A, the destination address represented by the uniform resource identifier B points to the server B, and the destination address represented by the uniform resource identifier C points to the server C. Then, when the client acquires the remote service content and determines that the acquired remote service content is the same as the remote service content represented by the specified field of the uniform resource identifier C, the uniform resource identifier C is used as the target uniform resource identifier, and the network address of the server C is used as the destination address of the generated remote service invocation request.
Step S140: and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
After obtaining the remote service content to be called, the remote service content is encrypted to obtain the encrypted remote service content, then a remote service calling request which carries the encrypted remote service content and points to a destination address identified by a target uniform resource identifier is generated based on a specified communication protocol, the remote service calling request is sent to a server corresponding to the destination address to be used for the server to execute the service corresponding to the remote service calling request, and then the content in the remote service calling request triggered by the target uniform resource identifier can be encrypted and sent by the method, so that the security problem caused by the fact that the content encryption mode of the communication protocol is not safe enough in the transmission process of the remote service content is avoided, thereby improving the safety of the remote service content in the transmission process.
Referring to fig. 6, a remote service invoking method provided in the embodiment of the present application is applied to a client, and the method includes:
Step S210: and acquiring the remote service content required to be called.
It should be noted that what kind of actions the client expects the server to perform is characterized by the remote service content, and what parameters the server performs when performing the specified actions. For example, a client expects a server to deduplicate repeated chinese characters in the contents of a specified file. The 'deduplication' is the action that the client expects the server to perform, and the 'chinese character' is the parameter on which the client expects the server to be based in the deduplication process. For another example, the client expects the server to call the specified function block to perform the numerical calculation, and the function block needs to have an input value, so the "output value" is the parameter on which the server expects to call the specified function block to perform the numerical calculation.
based on the above, as one mode, the step of obtaining the remote service content to be called includes: acquiring a remote service calling instruction arranged based on a target data exchange format; acquiring instruction parameters corresponding to the remote service calling instructions arranged based on the target data exchange format; and combining the remote service call instruction with an instruction parameter corresponding to the remote service call instruction, and taking the combined content arranged based on the target data exchange format as the remote service content.
It should be noted that the included remote service call instruction is an operation performed by the client expecting server, and an instruction parameter corresponding to the remote service call instruction is a parameter based on which the client expecting server executes the operation. The target data exchange format may be various, and for example, the target data exchange format may be a json or xml data exchange format. As shown in fig. 7, remote service content is shown in json format. The common content block in the remote service content is used for storing a remote service call instruction. For example, the content corresponding to the "Action" field in the common content block in the figure is a remote service call instruction. And the content in the Specific content block is an instruction parameter corresponding to the remote service call instruction.
As a mode, the remote service call instruction includes an instruction item and instruction content corresponding to the instruction item, the instruction parameter includes a parameter item and parameter content corresponding to the parameter item, and the step of combining the remote service call instruction and the instruction parameter corresponding to the remote service call instruction includes: combining the remote service calling instruction and instruction parameters corresponding to the remote service calling instruction according to an arrangement sequence; converting the characters of the instruction item and the parameter item into lower case characters; and deleting the specified characters in the instruction content and the parameter content at the end positions in the instruction content and the parameter content to configure a line feed character.
For example, referring back to FIG. 7, for "Action" in the remote service invocation instruction, "XXXX", the "Action" can be regarded as the instruction item, and the "XXXX" can be regarded as the instruction content. Similarly, "Arg 1", "Arg 2" and "Arg 3" are parameter items, and "alias/mydek", "1234" and "hex value of 1234 byte data" are parameter contents.
Then reference may be made to the representation shown in fig. 8 for the form after merging.
step S220: and signing the remote service content to obtain the signed remote service content.
It can be understood that the signature of the remote service content in the present embodiment is to prevent the remote service content from being tampered during transmission. Wherein the client may sign the remotely transmitted content based on a variety of means. Alternatively, the client may sign the remote transmission based on a hash algorithm (e.g., MD5, SHA1, and SHA 256).
Step S230: and encrypting the signed remote service content to obtain the encrypted remote service content.
It can be understood that the client encrypts the signed remote service content, so that the remote service content therein has better security. In the embodiment of the present application, the client may encrypt the signed remote service content based on a plurality of ways.
as one mode, the step of encrypting the signed remote service content to obtain an encrypted remote service content includes: acquiring values of target fields in the target uniform resource identifiers, wherein different uniform resource identifiers have different represented destination addresses, different target fields have different values, and different encryption algorithms corresponding to the different target fields have different values; acquiring an encryption algorithm corresponding to the value of the target field; and encrypting the signed remote service content based on the encryption algorithm to obtain the encrypted remote service content.
it will be appreciated that the remote services that can be invoked are characterized by different uniform resource identifications. In this way, different uniform resource identifiers can correspond to different encryption algorithms, so that the security of the remote service content is further improved. For example, the services listed above for the exemplary file deduplication service and the calculation of the call function block may encrypt the corresponding remote service content for different encryption algorithms.
For another example, in the case of multiple servers, different servers may be responsible for executing different remote service content. For example, one of the servers may be configured to be specially responsible for document processing, and the other server may be configured to provide a function block for numerical calculation, and the other server may be configured to be responsible for crawling network information. In this way, different encryption algorithms can be configured for different servers. For example, the remote service content acquired by the client is a processing file of the calling server, and then the final remote service calling request is sent to the server responsible for processing the file, so that the remote service content can be encrypted based on the encryption algorithm a. If the remote service content acquired by the client is used for calling the server to perform function calculation, the final remote service calling request is sent to the server responsible for providing function block calculation, and further the remote service content can be encrypted based on the encryption algorithm B.
Step S240: and generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on a target uniform resource identifier.
Step S250: and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
Illustratively, as shown in FIG. 9, a specific embodiment is shown. In the method, the client and the server communicate based on an HTTP/HTTPS protocol. Wherein, the assembly command parameter can be understood as the remote service content required to be called in step S210. And then signing the remote service content based on an HMAC signature mode, and encrypting the signed remote service content based on a PKCS7 mode (a certificate ServiceCertificate of a built-in server of the client). Correspondingly, after analyzing the received remote service call request, the server side decrypts the remote service call request in a PKCS7 mode and verifies the remote service call request in an HMAC signature mode.
For the server, the server can encrypt the execution result based on the AES-256-GCM mode and sign the execution result based on the HMAC signature. Correspondingly, the client checks the signature based on the HMAC signature mode and decrypts the signature based on the AES-256-GCM mode.
The remote service calling method provided by the application can firstly sign the remote service content after acquiring the remote service content which is generated based on the specified data exchange format and needs to be called, then encrypting the signed content to obtain encrypted remote service content, then generating a remote service call request carrying the encrypted remote service content and pointing to a destination address identified by a target uniform resource identifier based on a specified communication protocol, sending the remote service call request to a server corresponding to the destination address, for the server to execute the service corresponding to the remote service invocation request, and further in the above way, the content in the remote service calling request triggered by the target uniform resource identifier can be encrypted and sent, so that the safety of the remote service content in the transmission process is improved.
Referring to fig. 10, a remote service invoking method provided in the embodiment of the present application is applied to a client, and the method includes:
step S310: and acquiring the remote service content required to be called.
Step S320: and encrypting the remote service content to obtain the encrypted remote service content.
step S330: and acquiring pseudo remote service content, wherein the pseudo remote service content is different from the remote service content required to be called.
Note that the pseudo remote service content in the present embodiment is a content for interfering with other unauthorized persons to determine the real remote service content. For example, what the client actually needs to perform is to call a function block of the server to perform function calculation, and the pseudo remote service content here may be to call the server to perform file processing. For another example, if the client actually needs to perform processing for calling the server to perform a file, the pseudo remote service content may be to call the server to perform network information crawling.
Step S340: and splicing the pseudo remote service content and the encrypted remote service content to obtain target remote service content, wherein interval characters are configured between the pseudo remote service content and the encrypted remote service content for the server to perform character segmentation.
It should be noted that, the pseudo remote service content is transmitted in the form of plaintext, which is beneficial to confusing other illegal persons. The reason is that after other illegal persons intercept the target remote service content through the device, the pseudo remote service content in the clear text can be easily acquired, and the pseudo remote service content may be mistaken for the remote service content actually sent by the client, and the encrypted real remote service content is easily ignored, so that the protection effect on the real remote service content is achieved.
it will be appreciated that both the encrypted teleservice content (real teleservice content) and the pseudo teleservice content are placed in the same field in a subsequently generated teleservice invocation request. The server side, which may be configured with a space character between the pseudo teleservice content and the encrypted teleservice content, may determine how to perform character segmentation in order to distinguish the pseudo teleservice content from the encrypted teleservice content.
Step S350: and generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the target remote service content, and the destination address of the remote service call request is obtained based on the target uniform resource identifier.
Step S360: and sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
after obtaining the remote service content to be called, the remote service content is encrypted to obtain the encrypted remote service content, then the pseudo remote service content different from the encrypted remote service content is obtained, the pseudo remote service content is spliced with the encrypted remote service content to obtain the target remote service content, then a remote service calling request carrying the target remote service content and pointing to a target address identified by a target uniform resource identifier is generated based on a specified communication protocol, the remote service calling request is sent to a server corresponding to the target address to be used for the server to execute the service corresponding to the remote service calling request, and further, the content in the remote service calling request triggered by the target uniform resource identifier can be encrypted and sent in the manner, thereby improving the safety of the remote service content in the transmission process.
Referring to fig. 11, a remote service invoking method provided in the embodiment of the present application is applied to a server, and the method includes:
step S410: and acquiring the encrypted remote service content carried in the remote service calling request.
Step S420: and executing the decrypted remote service content to obtain an execution result.
step S430: and signing the execution result to obtain the signed execution result.
Step S440: and generating reply information based on a specified communication protocol, wherein the reply information carries the signed execution result.
Step S450: and returning the reply information to the client side which sends the remote service calling request.
According to the remote service response method, the decrypted remote service content is executed, the execution result is signed after the execution result is obtained, the signed execution result is obtained, then the reply information is generated based on the specified communication protocol, the reply information carries the signed execution result, the reply information is returned to the client side sending the remote service calling request, and the execution result can be protected in an information safety mode without completely depending on the encryption mode of the communication protocol, so that the safety of the remote service content in the transmission process is improved.
Referring to fig. 12, an embodiment of the present application provides a remote service invocation device, where the device includes:
A call content obtaining unit 510 for obtaining the remote service content to be called.
As one way, the call content obtaining unit 510 is specifically configured to obtain a remote service call instruction arranged based on a target data exchange format; acquiring instruction parameters corresponding to the remote service calling instructions arranged based on the target data exchange format; and combining the remote service call instruction with an instruction parameter corresponding to the remote service call instruction, and taking the combined content arranged based on the target data exchange format as the remote service content.
Specifically, in one mode, the remote service call instruction includes an instruction item and instruction content corresponding to the instruction item, the instruction parameter includes a parameter item and parameter content corresponding to the parameter item, and the call content obtaining unit 510 is specifically configured to combine the remote service call instruction and the instruction parameter corresponding to the remote service call instruction according to an arrangement sequence; converting the characters of the instruction item and the parameter item into lower case characters; deleting specified characters in the instruction content and the parameter content; and arranging a line feed character at the end position in the instruction content and the parameter content.
a content encryption unit 520, configured to encrypt the remote service content to obtain an encrypted remote service content.
as one mode, the content encryption unit 520 is specifically configured to sign the remote service content to obtain a signed remote service content; and encrypting the signed remote service content to obtain the encrypted remote service content.
Further, the content encryption unit 520 is specifically configured to obtain a value of a target field in the target uniform resource identifier, where different uniform resource identifiers represent different destination addresses, the included values of the target field are different, and encryption algorithms corresponding to different values of the target field are different; acquiring an encryption algorithm corresponding to the value of the target field; and encrypting the signed remote service content based on the encryption algorithm to obtain the encrypted remote service content.
A request generating unit 530, configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the encrypted remote service content, and a destination address of the remote service invocation request is obtained based on a target uniform resource identifier.
as shown in fig. 13, the request generating unit 530 includes:
a pseudo content obtaining subunit 531, configured to obtain pseudo remote service content, where the pseudo remote service content is different from the remote service content to be invoked.
A content merging subunit 532, configured to splice the pseudo remote service content and the encrypted remote service content to obtain a target remote service content, where an interval character is configured between the pseudo remote service content and the encrypted remote service content, so that the server performs character segmentation.
a request generating subunit 533, configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the target remote service content.
An information communication unit 540, configured to send the remote service invocation request to a server corresponding to the destination address, so that the server executes a service corresponding to the remote service invocation request.
Referring to fig. 14, an embodiment of the present application provides a remote service invocation apparatus 600, where the apparatus 600 includes:
A request analysis unit 610, configured to obtain encrypted remote service content carried in the remote service invocation request;
A service execution unit 620, configured to execute the decrypted remote service content to obtain an execution result;
A signature unit 630, configured to sign the execution result to obtain a signed execution result;
A response generating unit 640, configured to generate reply information based on a specified communication protocol, where the reply information carries the signed execution result;
A communication unit 650 for returning the reply information to the client sending the remote service invocation request
It should be noted that the device embodiment and the method embodiment in the present application correspond to each other, and specific principles in the device embodiment may refer to the contents in the method embodiment, which is not described herein again.
an electronic device provided by the present application will be described below with reference to fig. 15.
referring to fig. 15, based on the remote service invoking method and apparatus, another electronic device 100 capable of executing the remote service invoking method is further provided in the embodiment of the present application. The electronic device 100 includes one or more processors 102 (only one shown), a memory 104, and a network module 106 coupled to each other. The memory 104 stores programs that can execute the content of the foregoing embodiments, and the processor 102 can execute the programs stored in the memory 104.
Processor 102 may include one or more processing cores, among other things. The processor 102 interfaces with various components throughout the electronic device 100 using various interfaces and circuitry to perform various functions of the electronic device 100 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 104 and invoking data stored in the memory 104. Alternatively, the processor 102 may be implemented in hardware using at least one of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 102 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 102, but may be implemented by a communication chip.
The Memory 104 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). The memory 104 may be used to store instructions, programs, code sets, or instruction sets. The memory 104 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like. The storage data area may also store data created by the terminal 100 in use, such as a phonebook, audio-video data, chat log data, and the like.
The network module 106 is configured to receive and transmit electromagnetic waves, and implement interconversion between the electromagnetic waves and electrical signals, so as to communicate with a communication network or other devices, for example, an audio playing device. The network module 106 may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and so forth. The network module 106 may communicate with various networks, such as the internet, an intranet, a wireless network, or with other devices via a wireless network. The wireless network may comprise a cellular telephone network, a wireless local area network, or a metropolitan area network. For example, the network module 106 may interact with a base station.
referring to fig. 16, a block diagram of a computer-readable storage medium according to an embodiment of the present application is shown. The computer-readable medium 800 has stored therein a program code that can be called by a processor to execute the method described in the above-described method embodiments.
The computer-readable storage medium 800 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium 800 includes a non-volatile computer-readable storage medium. The computer readable storage medium 800 has storage space for program code 810 to perform any of the method steps of the method described above. The program code can be read from or written to one or more computer program products. The program code 810 may be compressed, for example, in a suitable form.
According to the remote service calling method, the remote service calling response device, the electronic equipment and the server, after the remote service content to be called is obtained, the remote service content is encrypted to obtain the encrypted remote service content, then a remote service calling request which carries the encrypted remote service content and points to the destination address identified by the target uniform resource identifier is generated based on the specified communication protocol, the remote service calling request is sent to the server corresponding to the destination address to be used for the server to execute the service corresponding to the remote service calling request, and further, the content in the remote service calling request triggered by the target uniform resource identifier can be sent in an encrypted mode, so that the safety problem caused by the fact that the content encryption mode of the communication protocol is not safe enough in the transmission process of the remote service content is avoided, thereby improving the safety of the remote service content in the transmission process.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (14)
1. A remote service calling method applied to a client side is characterized by comprising the following steps:
Acquiring remote service content required to be called;
Encrypting the remote service content to obtain the encrypted remote service content;
generating a remote service call request based on a specified communication protocol, wherein the remote service call request carries the encrypted remote service content, and the destination address of the remote service call request is obtained based on a target uniform resource identifier;
And sending the remote service calling request to a server corresponding to the destination address so that the server executes the service corresponding to the remote service calling request.
2. the method of claim 1, wherein the step of encrypting the teleservice content to obtain the encrypted teleservice content comprises:
Signing the remote service content to obtain signed remote service content;
and encrypting the signed remote service content to obtain the encrypted remote service content.
3. the method of claim 2, wherein the step of encrypting the signed teleservice content to obtain the encrypted teleservice content comprises:
Acquiring values of target fields in the target uniform resource identifiers, wherein different uniform resource identifiers have different represented destination addresses, different target fields have different values, and different encryption algorithms corresponding to the different target fields have different values;
Acquiring an encryption algorithm corresponding to the value of the target field;
and encrypting the signed remote service content based on the encryption algorithm to obtain the encrypted remote service content.
4. The method of claim 1, wherein the step of obtaining the remote service content to be invoked comprises:
Acquiring a remote service calling instruction arranged based on a target data exchange format;
Acquiring instruction parameters corresponding to the remote service calling instructions arranged based on the target data exchange format;
And combining the remote service call instruction with an instruction parameter corresponding to the remote service call instruction, and taking the combined content arranged based on the target data exchange format as the remote service content.
5. The method according to claim 4, wherein the remote service call instruction comprises an instruction item and an instruction content corresponding to the instruction item, the instruction parameter comprises a parameter item and a parameter content corresponding to the parameter item, and the step of combining the remote service call instruction and the instruction parameter corresponding to the remote service call instruction comprises:
merging the remote service calling instruction and instruction parameters corresponding to the remote service calling instruction according to an arrangement sequence;
Converting the characters of the instruction item and the parameter item into lower case characters;
Deleting specified characters in the instruction content and the parameter content;
And arranging a line feed character at the end position in the instruction content and the parameter content.
6. The method of claim 1, wherein generating a remote service invocation request based on a specified communication protocol comprises:
Acquiring pseudo remote service content, wherein the pseudo remote service content is different from the remote service content required to be called;
Splicing the pseudo remote service content and the encrypted remote service content to obtain target remote service content, wherein interval characters are configured between the pseudo remote service content and the encrypted remote service content for the server to perform character segmentation;
and generating a remote service calling request based on a specified communication protocol, wherein the remote service calling request carries the target remote service content.
7. a remote service response method is applied to a server side, and the method comprises the following steps:
Acquiring encrypted remote service content carried in a remote service calling request;
executing the decrypted remote service content to obtain an execution result;
signing the execution result to obtain a signed execution result;
Generating reply information based on a specified communication protocol, wherein the reply information carries the execution result after signature;
and returning the reply information to the client side which sends the remote service calling request.
8. The method of claim 1, wherein encrypting the execution result to obtain a signed execution result comprises:
Encrypting the execution result to obtain an encrypted execution result;
and signing the encrypted execution result to obtain a signed execution result.
9. A remote service invocation apparatus, characterized in that said apparatus comprises:
the calling content acquisition unit is used for acquiring remote service content to be called;
The content encryption unit is used for encrypting the remote service content to obtain the encrypted remote service content;
a request generating unit, configured to generate a remote service invocation request based on a specified communication protocol, where the remote service invocation request carries the encrypted remote service content, and a destination address of the remote service invocation request is obtained based on a target uniform resource identifier;
and the information communication unit is used for sending the remote service calling request to a server corresponding to the destination address so that the server can execute the service corresponding to the remote service calling request.
10. A remote service response apparatus, the apparatus comprising:
the request analysis unit is used for acquiring the encrypted remote service content carried in the remote service calling request;
The service execution unit is used for executing the decrypted remote service content to obtain an execution result;
The signature unit is used for signing the execution result to obtain a signed execution result;
A response generation unit, configured to generate reply information based on a specified communication protocol, where the reply information carries the signed execution result;
and the communication unit is used for returning the reply information to the client side sending the remote service invoking request.
11. an electronic device comprising one or more processors and memory;
One or more programs are stored in the memory and configured to be executed by the one or more processors to implement the method of any of claims 1-6.
12. a server, comprising one or more processors and memory;
One or more programs are stored in the memory and configured to be executed by the one or more processors to implement the method of any of claims 7-8.
13. a computer-readable storage medium, having a program code stored therein, wherein the program code when executed by a processor performs the method of any of claims 1-6.
14. A computer-readable storage medium, having a program code stored therein, wherein the program code when executed by a processor performs the method of any of claims 7-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910871763.6A CN110569138B (en) | 2019-09-16 | 2019-09-16 | Remote service calling method, response method, device, electronic equipment and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910871763.6A CN110569138B (en) | 2019-09-16 | 2019-09-16 | Remote service calling method, response method, device, electronic equipment and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110569138A true CN110569138A (en) | 2019-12-13 |
| CN110569138B CN110569138B (en) | 2022-06-17 |
Family
ID=68780170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910871763.6A Active CN110569138B (en) | 2019-09-16 | 2019-09-16 | Remote service calling method, response method, device, electronic equipment and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110569138B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094057A (en) * | 2006-06-20 | 2007-12-26 | 国际商业机器公司 | Content dividing method, device and system |
| CN105721512A (en) * | 2016-05-06 | 2016-06-29 | 深圳前海大数点科技有限公司 | Remote process calling system and method thereof |
| CN106656953A (en) * | 2016-09-23 | 2017-05-10 | 焦点科技股份有限公司 | Method for realizing safe interface calling between systems based on Internet |
| CN109960594A (en) * | 2017-12-14 | 2019-07-02 | 苏宁云商集团股份有限公司 | Method without intrusively transmitting tracking id when Java far call C is serviced |
-
2019
- 2019-09-16 CN CN201910871763.6A patent/CN110569138B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094057A (en) * | 2006-06-20 | 2007-12-26 | 国际商业机器公司 | Content dividing method, device and system |
| CN105721512A (en) * | 2016-05-06 | 2016-06-29 | 深圳前海大数点科技有限公司 | Remote process calling system and method thereof |
| CN106656953A (en) * | 2016-09-23 | 2017-05-10 | 焦点科技股份有限公司 | Method for realizing safe interface calling between systems based on Internet |
| CN109960594A (en) * | 2017-12-14 | 2019-07-02 | 苏宁云商集团股份有限公司 | Method without intrusively transmitting tracking id when Java far call C is serviced |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110569138B (en) | 2022-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10972908B2 (en) | Wireless network connection method, apparatus, and system | |
| US8484472B2 (en) | System and method of filtering unsolicited messages | |
| US20200236087A1 (en) | Secure anonymous communications methods and apparatus | |
| CN112019541B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN107733639B (en) | Key management method, device and readable storage medium | |
| CN109359472B (en) | Data encryption and decryption processing method and device and related equipment | |
| CN109391618B (en) | Method and system for establishing communication link | |
| CN108768928B (en) | Information acquisition method, terminal and server | |
| CN113254103A (en) | Application function implementation method and device and storage medium | |
| CN114401151A (en) | Group message encryption method, device, equipment and storage medium | |
| CN114499836A (en) | Key management method, key management device, computer equipment and readable storage medium | |
| CN109120576B (en) | Data sharing method and device, computer equipment and storage medium | |
| CN113297603A (en) | Data processing method, apparatus, device, storage medium and program product | |
| CN111224955B (en) | Service response method and system | |
| CN110569138B (en) | Remote service calling method, response method, device, electronic equipment and server | |
| CN108055356A (en) | A kind of information processing method, server, client and readable storage medium storing program for executing | |
| CN110266641B (en) | Information reading method, system, device and computer readable storage medium | |
| CN106487637B (en) | Application message processing system and method and application device | |
| CN111246407A (en) | Data encryption and decryption method and device for short message transmission | |
| CN112395633B (en) | Method and device for carrying out data statistics by combining multiple parties for protecting privacy | |
| CN113852624A (en) | Data cross-network transmission method, device and computer medium thereof | |
| CN113505382A (en) | Micro-service authentication method, electronic device and storage medium | |
| CN113992669A (en) | Distributed data distribution method for trusted messages in industry | |
| CN113761566A (en) | Data processing method and device | |
| US20210044971A1 (en) | Security Credentials Recovery in Bluetooth Mesh Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |