CN111131416B - Service providing method and device, storage medium and electronic device - Google Patents
Service providing method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN111131416B CN111131416B CN201911276916.9A CN201911276916A CN111131416B CN 111131416 B CN111131416 B CN 111131416B CN 201911276916 A CN201911276916 A CN 201911276916A CN 111131416 B CN111131416 B CN 111131416B
- Authority
- CN
- China
- Prior art keywords
- platform
- service
- target
- equipment
- service request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
The application discloses a business service providing method and device, a storage medium and an electronic device. Wherein the method comprises the following steps: the method comprises the steps that a target service request sent by service equipment is obtained through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request for requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service equipment is equipment used in the second platform; performing an authentication operation on the second platform using the information determined by the service request, wherein the authentication operation is used for verifying the identity of the second platform; and providing the target business service matched with the second platform to the second platform under the condition that the authentication operation of the second platform is passed. The application solves the technical problem of complicated operation for external service in the related technology.
Description
Technical Field
The present application relates to the field of the internet, and in particular, to a method and apparatus for providing business services, a storage medium, and an electronic apparatus.
Background
Many enterprise platforms may provide real-time services (e.g., payment services, loan services, cash-out services, etc.) to external platforms (e.g., taxi taking software, online shopping software, take-away software, etc. merchant platforms).
The operation is complicated when providing the service, and according to the requirements of different merchants, the required service of each merchant needs to be configured independently, for example, an independent interface is provided, and the authority of the merchant access interface needs to be configured for each merchant one by one.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a business service providing method and device, a storage medium and an electronic device, which are used for at least solving the technical problem that the operation of providing service to outside is complicated in the related technology.
According to an aspect of an embodiment of the present application, there is provided a method for providing a business service, including: the method comprises the steps that a target service request sent by service equipment is obtained through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request for requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service equipment is equipment used in the second platform; performing an authentication operation on the second platform using the information determined by the service request, wherein the authentication operation is used for verifying the identity of the second platform; and providing the target business service matched with the second platform to the second platform under the condition that the authentication operation of the second platform is passed.
According to another aspect of the embodiment of the present application, there is also provided a business service providing apparatus, including: the system comprises an acquisition unit, a target interface and a service equipment, wherein the acquisition unit is used for acquiring a target service request sent by the service equipment through the target interface, the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service equipment is equipment used in the second platform; an authentication unit for performing an authentication operation on the second platform using the information determined by the service request, wherein the authentication operation is used for verifying an identity of the second platform; and the service unit is used for providing the target business service matched with the second platform for the second platform under the condition that the authentication operation of the second platform is passed.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program that executes the above-described method when running.
According to another aspect of the embodiments of the present application, there is also provided an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor executing the method described above by the computer program.
In the embodiment of the application, for each second platform applying business service to the first platform, the information related to the authentication of the second platform can be stored in the gateway or the first platform in advance, and when the second platform needs to use the business service, the application is uniformly applied through the target interface of the gateway, and the independent access interface and the authority of the access interface are not required to be provided according to the merchant demand, so that the technical problem of complicated operation of providing the service to the outside in the related art can be solved, and the technical effect of reducing the operation complexity of providing the service to the outside is achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a schematic view of a hardware environment of a business service providing method according to an embodiment of the present application;
FIG. 2 is a flow chart of an alternative method of providing business services according to an embodiment of the present application;
FIG. 3 is a flow chart of an alternative method of providing business services according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an alternative business service providing apparatus according to an embodiment of the present application; the method comprises the steps of,
Fig. 5 is a block diagram of a structure of a terminal according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, partial terms or terminology appearing in the course of describing the embodiments of the application are applicable to the following explanation:
HTTPS (full name: hyper Text Transfer Protocol over SecureSocket Layer), which is an HTTP channel targeting security, guarantees the security of the transmission process by transmission encryption and identity authentication on the basis of HTTP.
RPC is an abbreviated form of remote procedure call (Remote Procedure Call) and has a C/S system similar to a three-layer architecture, and a client program of a third party calls a standard or custom function inside the system through an interface to obtain data returned by the function for processing.
The RSA encryption algorithm is an asymmetric encryption algorithm, and an RSA public key cryptosystem. The public key cryptosystem is a cryptosystem that uses different encryption keys and decryption keys, and is a "computationally infeasible" cryptosystem in which decryption keys are derived from known encryption keys.
Advanced encryption standard (Advanced Encryption Standard, AES), also known as Rijndael encryption, is a commonly used encryption standard in cryptography.
According to an aspect of the embodiment of the application, a method embodiment of a business service providing method is provided.
Alternatively, in the present embodiment, the above-described business service providing method may be applied to a hardware environment constituted by the first platform 101, the second platform 103, and the gateway 105 as shown in fig. 1. As shown in fig. 1, the gateway 105 is connected to the first platform 101 and the second platform 103 through a network, which may be used to provide authentication services for the first platform 101, and a database 107 may be provided on the gateway 105 or independent of the gateway 105, for providing data storage services for the gateway 105, where the network includes, but is not limited to: a wide area network, a metropolitan area network, or a local area network.
The method for providing the business service according to the embodiment of the present application may be performed by the gateway 105, or may be performed by the gateway 105 together with the first platform 101 and the second platform 103.
Fig. 2 is a flowchart of an alternative business service providing method according to an embodiment of the present application, and as shown in fig. 2, the method may include the steps of:
step S202, a target service request sent by a service device is obtained through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service device is used in the second platform.
The first platform is a platform for outputting services (such as checkout service, lending service, taxi service, take-away service, etc.) to the outside; the second platform is a platform using the service output by the first platform, such as a certain online shopping platform, which uses the checkout service output by the first platform; the target interface is an interface for uniformly receiving service requests sent by the second platforms on the gateway of the first platform, and the service devices can be devices such as a server and a user terminal on the second platform.
Step S204, an authentication operation is performed on the second platform using the information determined by the service request, and the authentication operation is used to verify the identity of the second platform.
Step S206, in the case that the authentication operation to the second platform is passed, the target business service matched with the second platform is provided to the second platform.
The target business service matched with the second platforms can be determined according to the second platforms, for example, the business service which can be used by each second platform is preconfigured, that is, the business service which can be used by each second platform can be searched as long as the specific second platform is known; the above-mentioned target service matched with the second platform may also be determined according to the target service request, for example, the target service request carries an identifier of a required target service, the service that can be used by the second platform may be preconfigured (may be a plurality of service services, for example, a corresponding relationship between the second platform and a plurality of identifiers of the plurality of service services is saved), when the target service request is initiated, the identifier carried by the target service request is obtained, and in the case that the identifier is a part of the identifiers in the plurality of identifiers, the service corresponding to the identifier may be provided to the second platform.
In the related technology, required services of each merchant need to be configured independently, an independent interface is provided, encryption and decryption modes are not uniform, a blacklist or a white list cannot be controlled, each internal RPC service needs to be packaged and converted into an HTTPS protocol interface, each interface needs to apply for an external domain name independently, and the process of enabling the merchant is low in processing efficiency and resource waste. Through the steps of the application, for each second platform applying business services to the first platform, the information related to the authentication of the second platform can be stored in the gateway or the first platform in advance, and when the second platform needs to use the business services, the application is uniformly applied through the target interface of the gateway, and the independent access interface and the authority for configuring the access interface are not required to be provided according to the merchant demands, so that the technical problem of complicated operation for providing the services to the outside in the related art can be solved, and the technical effect of reducing the operation complexity for providing the services to the outside is achieved.
By adopting the technical scheme of the application, the target interface (such as HTTPS interface) of the external output gateway can be unified, and unified packaging service, security service and control service can be provided. The following further details the technical solution of the present application in connection with the steps shown in fig. 2:
In the technical solution provided in step S202, for each second platform (such as a merchant), the required services thereof can be actively configured through the background, or the required services thereof can be configured by the merchant, and the services can be directly used when the merchant is enabled (i.e. the provided services) of a certain first platform for which the merchant starts the application, for example, the merchant corresponds to the merchant (such as the identification ID of the merchant); and providing service through a target interface (such as an HTTPS interface) of the unified gateway, and acquiring a target service request sent by service equipment through the target interface by the gateway when initiating the service request.
Alternatively, for services provided to merchants, services such as upgrade maintenance, pause, stop, resume, etc. may be provided.
In the technical scheme provided in step S204, the authentication operation is performed on the second platform by using the information determined by the service request, for example, when a merchant accesses through the target interface, authentication is implemented through asymmetric encryption and decryption, so as to provide a corresponding service.
Optionally, performing an authentication operation on the second platform using the information determined by the service request includes step S2042-step S2044:
step S2042, obtaining the device address and/or key information of the service device according to the service request, wherein the key information is used for asymmetrically encrypting and decrypting the information transmitted between the first platform and the second platform.
Optionally, acquiring the device address of the service device according to the service request includes: the device address carried in the service request is obtained as the device address of the service device, and the device address can be the hardware MAC address of the device or the network IP address.
Step S2044 performs an authentication operation on the second platform using the device address and/or key information of the service device.
In the above embodiment, if the authentication is performed only by using the device address, that is, the authentication operation is performed on the second platform by using the device address of the service device, the following steps 1 to 2 may be implemented:
step 1, under the condition that a white list is configured on a second platform and the equipment address of service equipment exists in the white list, determining that the authentication operation of the service equipment passes; determining that the authentication operation on the service equipment is not passed under the condition that the second platform is configured with a white list and the equipment address of the service equipment does not exist in the white list, wherein the white list is used for storing the address of the equipment allowing information to be sent;
step 2, determining that the authentication operation of the service equipment passes under the condition that the second platform is configured with a blacklist and the equipment address of the service equipment does not exist in the blacklist; and in the case that the second platform is configured with a blacklist and the device address of the service device exists in the blacklist, determining that the authentication operation on the service device is not passed, wherein the blacklist is used for storing the address of the device which is not allowed to send information.
Optionally, taking the device address as an IP address as an example, in the verification of the blacklist and the whitelist, the order of the verification may be: if the current merchant has configured the white list IP of the access gateway, performing white list verification, namely, the IP in the white list is accessible, the IP not in the white list is directly refused, and if the current merchant has not configured the white list IP of the access gateway, the white list verification is skipped; if the current merchant has configured the blacklist IP of the access gateway, blacklist verification is carried out, namely the IP which is not in the blacklist is accessible, the IP in the blacklist is directly refused, and if the current merchant has not configured the blacklist IP of the access gateway, blacklist verification is skipped.
In the above embodiment, if only the key information is used for authentication, that is, the authentication operation is performed on the second platform by using the key information, the following steps 1 to 6 may be implemented:
step 1, determining whether a platform public key of a second platform corresponding to a platform identification (such as a merchant ID, a merchant number, etc.) in the target service request exists, wherein the key information comprises the platform public key of the second platform. The step is public key verification, which is to verify the public key of the merchant platform, and the verification logic verifies whether the merchant number is configured with public key information on the gateway platform according to the merchant number.
And step 2, determining whether a platform private key of the first platform corresponding to the temporary token in the target service request exists or not under the condition that the platform public key corresponding to the platform identification of the second platform exists, wherein the key information comprises the platform private key of the first platform.
And step 3, under the condition that the platform private key of the first platform corresponding to the temporary token exists, decrypting the encrypted message in the target service request by using the platform private key of the first platform.
And 4, under the condition that the encrypted message in the target service request is successfully decrypted by using the platform private key of the first platform, verifying the signature information of the second platform in the target service request by using the platform public key of the second platform.
And step 5, determining that the authentication operation of the service equipment passes under the condition that the verification of the signature information of the second platform by using the platform public key of the second platform passes.
And 6, determining that the authentication operation of the service equipment is not passed under the condition that the platform public key corresponding to the platform identification of the second platform does not exist or the platform private key of the first platform corresponding to the temporary token does not exist or the encrypted message in the target service request is failed to be decrypted by using the platform private key of the first platform or the verification of the signature information of the second platform by using the platform public key of the second platform is not passed.
The above steps 1-6 are verification, and according to the message Wen Miwen (or called encrypted message) in the request sent by the merchant, the decryption is performed according to the private Key of the first platform, so as to obtain the plaintext of the request message, the decryption may be performed according to the private Key of the first platform and the Key information in the request message, by RSA decryption, an encrypted random string with 16 bit length is obtained, and then by AES algorithm, the plaintext information in the Body of the request message is obtained by decryption according to the encrypted random string with 16 bit length and Body information (a component in HTTPS message). And then, assembling a signature body according to the signature rule appointed by the first platform, and checking the signature according to the public key of the merchant.
It should be noted that, the above keys are all in the form of a key pair, and the public key in the same key pair is public and can be known by other platforms, while the private key is private and only known by the platform itself.
In the above embodiment, if the device address and the key information are used to perform authentication at the same time, the step of performing authentication using the device address may be performed first, and if the device address and the key information pass, the step of performing authentication using the key information is performed again, and if either authentication fails, the authentication is regarded as failed.
In the above embodiment, if authentication is performed using only the key information, that is, the authentication operation is performed on the second platform using the key information, it may be implemented according to steps 1 to 6 as shown above.
In the technical scheme provided in step S206, a target service matched with the second platform is provided to the second platform, for example, the target service is determined according to the information obtained by decrypting the encrypted message in the target service request; the encrypted data (e.g., transaction data) of the target business service is provided to the second platform.
As an alternative embodiment, the technical solution of the present application may be divided into the following parts:
logic is implemented inside the gateway platform: the gateway platform configures the merchant, allocates corresponding interfaces according to the service required by the merchant, each accessible interface in the merchant is unique, the gateway platform supports unifying the interfaces of HTTP, HTTPS, JSF protocol types into HTTPS protocol, and the merchant can use appointed enabling service according to the merchant number, the interface type, the public key and the token allocated to the merchant.
Gateway platform call flow (merchant calls second platform): the merchant (i.e. the second platform) assembles the gateway request message according to the interface rule provided by the platform side of the first platform, including: the method comprises the steps of sending a post request (namely a service request) of HTTPS to a gateway platform by information such as a merchant number, an interface type, an external user id, a financial openId, a token, a signature, an encrypted message body, a version and the like, performing request IP black-and-white list verification, public key verification, signature verification and message body decryption on a received message by the gateway platform, routing the merchant request to a specific service on a platform side of a second platform according to the interface type, performing encryption and signature operation by the gateway platform according to a stipulated rule after receiving return information of the specific service on the platform side of the second platform, and returning the message to the merchant.
Gateway platform call flow (platform callback merchant of second platform): the platform side service of the second platform calls the service of a merchant configured to the gateway platform, and the gateway platform comprises the following steps according to the request message information of the platform side service of the second platform: and after the merchant side returns the encrypted and signed request result according to the constraint rule, the gateway platform decrypts and checks the request result of the merchant side according to the constraint rule, and returns the service plaintext result of the merchant side to the service of the second platform side.
Gateway platform processing flow: flow of platform services of the second platform requested by the external merchant: acquiring a private key of the second platform side according to the request message; acquiring a merchant side public key according to the request message; decrypting and checking the message body according to the platform side private key and the merchant side public key of the second platform to obtain a plaintext message for requesting service; routing service requested by the merchant according to the request message; according to the plaintext message, routing the plaintext message to the service requested by the merchant, and packaging the message requesting the platform service of the second platform; according to the service routed to the merchant, packaging a message requesting the platform service of the second platform, and executing specific request operation according to different protocol types (JSF/Http); checking a return result of the platform service of the second platform; encrypting and signing a returned result of the platform service of the second platform; returning a result record log; and returning the return value message of the platform side service of the second platform after the encryption signature to the merchant side.
The service routing flow: routing platform side service of a second platform requested by the merchant according to the gateway merchant number and the interface type; code for checking signature and decrypting message: acquiring a signature Key according to the signature in the merchant request message and a platform private Key of the second platform; acquiring a plaintext of a Body in a request message according to the Body and a signature Key of the request message; acquiring data to be verified according to a plaintext of Body and a request message; checking whether the signature of the request message is correct or not; returning the plaintext information of Body; and (3) checking a black-and-white list: acquiring a request IP from a message requested by a merchant; checking whether the list is in a white list; checking whether the list is in a blacklist; the platform side of the second platform recalls the code of the merchant: acquiring public key information of the merchant according to a request message of a platform side of the second platform; acquiring private key information of a platform side of the second platform according to a request message of the platform side of the second platform; constructing a message body of a request merchant according to the platform side message body of the second platform, the merchant public key and the platform side private key of the second platform; sending a request to a merchant according to the service of the platform side request message routing of the second platform; checking the return value of the merchant side; decrypting and checking the returned value of the merchant side; returning the plaintext of the return value of the merchant side to platform side service of the second platform; the code of encryption and signature (applicable object: request message when the platform of the second platform calls back the merchant, return message when the merchant requests the second platform): randomly generating an AES key; AES encrypted data; encrypting the AESkey randomly generated by the merchant by using an RSA algorithm; a data signature; and returning the encrypted and signed message body.
The technical scheme of the application is suitable for various scenes such as loan, payment, cash taking and the like, for example, an applicable business case of a loan business A is taken as an example, the business is a loan joint product which is formed by cooperation of a platform A (namely a first platform) and a platform B (namely a second platform), and two user accounts are associated and share a loan amount and support the overrun of the amount in a temple scene. The user can complete the closed-loop operation of activation, transaction, audit and repayment in the APP of the second platform, wherein the audit and repayment is realized by jumping to the bill page of the first platform, and the user can complete the activation flow of the first platform and consume the bill page on the second platform after the activation. The following further details the technical scheme of the present application in connection with the steps shown in fig. 3.
In step S302, a merchant (i.e., an ecoapplication) of the second platform initiates a request to the gateway.
Step S304, according to the merchant number in the request parameter, the associated merchant side public key is obtained.
Step S306, if the associated merchant side public key does not exist, the prompt information of access failure is returned.
Step S308, if yes, the token in the ecological side request parameter is obtained, and the associated platform side private key is obtained.
Step S310, if the associated platform side private key does not exist, the prompt information of access failure is returned.
Step S312, if so, signature verification and decryption are performed according to the platform side private key and the merchant side public key.
In step S314, if the signature verification or decryption fails, a prompt message of access failure is returned.
Step S316, if signature verification and decryption are successful, searching the corresponding merchant service according to the merchant number and the interface type.
In step S318, if no corresponding merchant service is found, a prompt message is returned to prompt that the merchant service is unregistered.
Step S320, if the corresponding merchant service is found, the merchant service is called to receive the returned result of the merchant service.
Step S322, the returned result of the merchant service is sent to the merchant side, and if the merchant side does not respond, the business interface of the merchant side is abnormal.
Step S324, if the merchant side responds, the returned result sent by the business interface of the merchant side is decrypted and the signature is verified.
Step S326, if the decryption and signature verification are passed, the gateway returns corresponding information to the merchant side according to the return result.
By adopting the technical scheme of the application, the service required by the merchant is unified in protocol, the security authentication mechanism and the access control mechanism are unified, the management system functions of roles are enriched, the management efficiency is improved, and the enabling efficiency of products is improved.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily required for the present application.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
According to another aspect of the embodiment of the present application, there is also provided a service providing apparatus for implementing the above service providing method. Fig. 4 is a schematic diagram of an alternative business service providing apparatus according to an embodiment of the present application, and as shown in fig. 4, the apparatus may include:
an obtaining unit 401, configured to obtain, through a target interface, a target service request sent by a service device, where the target interface is an interface on a gateway of a first platform, the target interface is configured to receive a service request that requests the first platform to provide a service, the target service request is configured to request a second platform to provide a service for the first platform, and the service device is a device used in the second platform;
an authentication unit 403, configured to perform an authentication operation on the second platform using information determined by the service request, where the authentication operation is used to verify an identity of the second platform;
and the service unit 405 is configured to provide, to the second platform, a target business service that matches the second platform, if the authentication operation on the second platform passes.
It should be noted that, the acquiring unit 401 in this embodiment may be used to perform step S202 in the embodiment of the present application, the authentication unit 403 in this embodiment may be used to perform step S204 in the embodiment of the present application, and the service unit 405 in this embodiment may be used to perform step S206 in the embodiment of the present application.
It should be noted that the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to what is disclosed in the above embodiments. It should be noted that the above modules may be implemented in software or hardware as a part of the apparatus in the hardware environment shown in fig. 1.
In the related technology, required services of each merchant need to be configured independently, an independent interface is provided, encryption and decryption modes are not uniform, a blacklist or a white list cannot be controlled, each internal RPC service needs to be packaged and converted into an HTTPS protocol interface, each interface needs to apply for an external domain name independently, and the process of enabling the merchant is low in processing efficiency and resource waste. Through the steps of the application, for each second platform applying business services to the first platform, the information related to the authentication of the second platform can be stored in the gateway or the first platform in advance, and when the second platform needs to use the business services, the application is uniformly applied through the target interface of the gateway, and the independent access interface and the authority of the access interface are not required to be provided according to the merchant demands, so that the technical problem of complicated operation of providing the services to the outside in the related art can be solved, and the technical effect of reducing the operation complexity of providing the services to the outside is achieved.
Optionally, the authentication unit includes: the acquisition module is used for acquiring equipment address and/or key information of the service equipment according to the service request, wherein the key information is used for asymmetrically encrypting and decrypting information transmitted between the first platform and the second platform; and the authentication module is used for executing the authentication operation on the second platform by using the equipment address of the service equipment and/or the secret key information.
Optionally, the authentication module is further operable to: determining that the authentication operation of the service equipment passes under the condition that the second platform is configured with a white list and the equipment address of the service equipment exists in the white list; determining that the authentication operation on the service equipment is not passed under the condition that the second platform is configured with the white list and the equipment address of the service equipment does not exist in the white list, wherein the white list is used for storing the address of equipment allowing information to be sent; determining that the authentication operation of the service equipment passes under the condition that the second platform is configured with a blacklist and the equipment address of the service equipment does not exist in the blacklist; and under the condition that the second platform is configured with the blacklist and the device address of the service device exists in the blacklist, determining that the authentication operation of the service device is not passed, wherein the blacklist is used for storing the address of the device which is not allowed to send information.
Optionally, the authentication module is further operable to: determining whether a platform public key of the second platform corresponding to the platform identifier in the target service request exists, wherein the key information comprises the platform public key of the second platform; determining whether a platform private key of the first platform corresponding to a temporary token in the target service request exists or not under the condition that a platform public key corresponding to a platform identifier of the second platform exists, wherein the key information comprises the platform private key of the first platform; under the condition that the platform private key of the first platform corresponding to the temporary token exists, decrypting the encrypted message in the target service request by using the platform private key of the first platform; under the condition that the encrypted message in the target service request is successfully decrypted by using the platform private key of the first platform, verifying the signature information of the second platform in the target service request by using the platform public key of the second platform; determining that the authentication operation of the service equipment passes under the condition that the verification of the signature information of the second platform by using the platform public key of the second platform passes; and determining that the authentication operation of the service equipment is not passed under the condition that the platform public key corresponding to the platform identification of the second platform does not exist or the platform private key of the first platform corresponding to the temporary token does not exist or the encrypted message in the target service request is failed to be decrypted by using the platform private key of the first platform or the verification of the signature information of the second platform by using the platform public key of the second platform is not passed.
Optionally, the acquiring module may be further configured to acquire an equipment address carried in the service request as an equipment address of the service device.
Optionally, the service unit may be further configured to determine the target service according to information obtained by decrypting the encrypted packet in the target service request; and providing the encrypted data of the target business service for the second platform.
It should be noted that the above modules are the same as examples and application scenarios implemented by the corresponding steps, but are not limited to what is disclosed in the above embodiments. It should be noted that the above modules may be implemented in software or in hardware as part of the apparatus shown in fig. 1, where the hardware environment includes a network environment.
According to another aspect of the embodiment of the present application, there is also provided a server or a terminal for implementing the above-mentioned providing method of business service.
Fig. 5 is a block diagram of a terminal according to an embodiment of the present application, and as shown in fig. 5, the terminal may include: one or more (only one is shown in fig. 5) processors 501, memory 503, and transmission means 505, as shown in fig. 5, the terminal may further comprise input output devices 507.
The memory 503 may be used to store software programs and modules, such as program instructions/modules corresponding to the method and apparatus for providing a business service in the embodiment of the present application, and the processor 501 executes the software programs and modules stored in the memory 503, thereby performing various functional applications and data processing, that is, implementing the method for providing a business service described above. Memory 503 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, the memory 503 may further include memory located remotely from the processor 501, which may be connected to the terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 505 is used for receiving or transmitting data via a network, and may also be used for data transmission between the processor and the memory. Specific examples of the network described above may include wired networks and wireless networks. In one example, the transmission device 505 includes a network adapter (Network Interface Controller, NIC) that may be connected to other network devices and routers via a network cable to communicate with the internet or a local area network. In one example, the transmission device 505 is a Radio Frequency (RF) module, which is used to communicate with the internet wirelessly.
Wherein in particular the memory 503 is used for storing application programs.
The processor 501 may call an application stored in the memory 503 via the transmission means 505 to perform the following steps:
the method comprises the steps that a target service request sent by service equipment is obtained through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request for requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service equipment is equipment used in the second platform;
performing an authentication operation on the second platform using the information determined by the service request, wherein the authentication operation is used for verifying the identity of the second platform;
and providing the target business service matched with the second platform to the second platform under the condition that the authentication operation of the second platform is passed.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the structure shown in fig. 5 is only illustrative, and the terminal may be a smart phone (such as an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, a mobile internet device (Mobile Internet Devices, MID), a PAD, etc. Fig. 5 is not limited to the structure of the electronic device. For example, the terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in fig. 5, or have a different configuration than shown in fig. 5.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of the above embodiments may be implemented by a program for instructing a terminal device to execute in association with hardware, the program may be stored in a computer readable storage medium, and the storage medium may include: flash disk, read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), magnetic or optical disk, and the like.
The embodiment of the application also provides a storage medium. Alternatively, in the present embodiment, the above-described storage medium may be used for executing the program code of the providing method of the business service.
Alternatively, in this embodiment, the storage medium may be located on at least one network device of the plurality of network devices in the network shown in the above embodiment.
Alternatively, in the present embodiment, the storage medium is configured to store program code for performing the steps of:
the method comprises the steps that a target service request sent by service equipment is obtained through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request for requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, and the service equipment is equipment used in the second platform;
Performing an authentication operation on the second platform using the information determined by the service request, wherein the authentication operation is used for verifying the identity of the second platform;
and providing the target business service matched with the second platform to the second platform under the condition that the authentication operation of the second platform is passed.
Alternatively, specific examples in this embodiment may refer to examples described in the foregoing embodiments, and this embodiment is not described herein.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The integrated units in the above embodiments may be stored in the above-described computer-readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing one or more computer devices (which may be personal computers, servers or network devices, etc.) to perform all or part of the steps of the method described in the embodiments of the present application.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In several embodiments provided by the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (10)
1. A method for providing a business service, comprising:
acquiring a target service request sent by service equipment through a target interface, wherein the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request for requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, the service equipment is equipment used in the second platform, the target interface is an interface on the gateway of the first platform for uniformly receiving the service requests sent by all the second platforms, and the target interface is used for meeting different requirements of different merchants;
Performing an authentication operation on the second platform by using information determined by the service request, wherein the authentication operation is used for verifying the identity of the second platform, and the information determined by the service request comprises the equipment address and/or key information of the service equipment;
and providing the target business service matched with the second platform for the second platform under the condition that the authentication operation of the second platform is passed.
2. The method of claim 1, wherein performing an authentication operation on the second platform using information determined by the service request comprises:
acquiring equipment address and/or key information of the service equipment according to the service request, wherein the key information is used for asymmetrically encrypting and decrypting information transmitted between the first platform and the second platform;
and performing the authentication operation on the second platform by using the device address of the service device and/or the key information.
3. The method of claim 2, wherein performing the authentication operation on the second platform using the device address of the business device comprises:
determining that the authentication operation of the service equipment passes under the condition that the second platform is configured with a white list and the equipment address of the service equipment exists in the white list; determining that the authentication operation on the service equipment is not passed under the condition that the second platform is configured with the white list and the equipment address of the service equipment does not exist in the white list, wherein the white list is used for storing the address of equipment allowing information to be sent;
Determining that the authentication operation of the service equipment passes under the condition that the second platform is configured with a blacklist and the equipment address of the service equipment does not exist in the blacklist; and under the condition that the second platform is configured with the blacklist and the device address of the service device exists in the blacklist, determining that the authentication operation of the service device is not passed, wherein the blacklist is used for storing the address of the device which is not allowed to send information.
4. The method of claim 2, wherein performing the authentication operation on the second platform using the key information comprises:
determining whether a platform public key of the second platform corresponding to the platform identifier in the target service request exists, wherein the key information comprises the platform public key of the second platform;
determining whether a platform private key of the first platform corresponding to a temporary token in the target service request exists or not under the condition that a platform public key corresponding to a platform identifier of the second platform exists, wherein the key information comprises the platform private key of the first platform;
under the condition that the platform private key of the first platform corresponding to the temporary token exists, decrypting the encrypted message in the target service request by using the platform private key of the first platform;
Under the condition that the encrypted message in the target service request is successfully decrypted by using the platform private key of the first platform, verifying the signature information of the second platform in the target service request by using the platform public key of the second platform;
determining that the authentication operation of the service equipment passes under the condition that the verification of the signature information of the second platform by using the platform public key of the second platform passes;
and determining that the authentication operation of the service equipment is not passed under the condition that the platform public key corresponding to the platform identification of the second platform does not exist or the platform private key of the first platform corresponding to the temporary token does not exist or the encrypted message in the target service request is failed to be decrypted by using the platform private key of the first platform or the verification of the signature information of the second platform by using the platform public key of the second platform is not passed.
5. The method of claim 2, wherein obtaining the device address of the service device according to the service request comprises:
and acquiring the equipment address carried in the service request as the equipment address of the service equipment.
6. The method of claim 1, wherein providing the second platform with the target business service that matches the second platform comprises:
determining the target business service according to information obtained by decrypting the encrypted message in the target business request;
and providing the encrypted data of the target business service for the second platform.
7. A business service providing apparatus, comprising:
the system comprises an acquisition unit, a target interface and a control unit, wherein the acquisition unit is used for acquiring a target service request sent by service equipment through the target interface, the target interface is an interface on a gateway of a first platform, the target interface is used for receiving the service request requesting the first platform to provide service, the target service request is used for requesting a second platform to provide service for the first platform, the service equipment is equipment used in the second platform, the target interface is an interface on the gateway of the first platform for uniformly receiving the service requests sent by all the second platforms, and the target interface is used for meeting different requirements of different merchants;
an authentication unit, configured to perform an authentication operation on the second platform using information determined by the service request, where the authentication operation is used to verify an identity of the second platform, and the information determined by the service request includes a device address and/or key information of the service device;
And the service unit is used for providing the target business service matched with the second platform for the second platform under the condition that the authentication operation of the second platform is passed.
8. The apparatus of claim 7, wherein the authentication unit comprises:
the acquisition module is used for acquiring equipment address and/or key information of the service equipment according to the service request, wherein the key information is used for asymmetrically encrypting and decrypting information transmitted between the first platform and the second platform;
and the authentication module is used for executing the authentication operation on the second platform by using the equipment address of the service equipment and/or the secret key information.
9. A storage medium comprising a stored program, wherein the program when run performs the method of any one of the preceding claims 1 to 6.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor performs the method according to any of the preceding claims 1 to 6 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911276916.9A CN111131416B (en) | 2019-12-12 | 2019-12-12 | Service providing method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911276916.9A CN111131416B (en) | 2019-12-12 | 2019-12-12 | Service providing method and device, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111131416A CN111131416A (en) | 2020-05-08 |
| CN111131416B true CN111131416B (en) | 2023-09-05 |
Family
ID=70498559
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911276916.9A Active CN111131416B (en) | 2019-12-12 | 2019-12-12 | Service providing method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111131416B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901308B (en) * | 2020-06-30 | 2022-06-28 | 浙江深大智能科技有限公司 | Information interaction method |
| CN112468477A (en) * | 2020-11-20 | 2021-03-09 | 中国建设银行股份有限公司 | Data docking method, device and storage medium based on service desk gateway |
| CN112989325A (en) * | 2021-03-12 | 2021-06-18 | 远光软件股份有限公司 | Service calling method and device, storage medium and electronic equipment |
| CN113472752B (en) * | 2021-06-11 | 2023-12-01 | 北京达佳互联信息技术有限公司 | Authority processing method and device, electronic equipment and storage medium |
| CN113438242B (en) * | 2021-06-25 | 2023-08-29 | 广西三方大供应链技术服务有限公司 | Service authentication method, device and storage medium |
| CN114760127B (en) * | 2022-04-08 | 2023-10-03 | 多点生活(成都)科技有限公司 | Multi-interface authentication access method based on zero codes |
| CN115174650B (en) * | 2022-09-06 | 2022-12-06 | 深圳领筑科技有限公司 | Open service platform, service response method, device, equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009039719A1 (en) * | 2007-09-24 | 2009-04-02 | China Mobile Communications Corporation | A user identifier server, a system and method for processing the data service |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
| CN102004987A (en) * | 2010-10-21 | 2011-04-06 | 中国移动通信集团北京有限公司 | Method, device and system for realizing application service |
| CN104580342A (en) * | 2014-08-01 | 2015-04-29 | 南京坦道信息科技有限公司 | Extendable and completely self-defined unified interface service platform |
| CN105812341A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | User identity identifying method and device |
| CN107645378A (en) * | 2017-09-12 | 2018-01-30 | 中国联合网络通信集团有限公司 | Key management platform, communication encrypting method and terminal |
| CN108023921A (en) * | 2016-11-03 | 2018-05-11 | 平安科技(深圳)有限公司 | The cut-in method and device of a kind of third-party platform |
| CN109510802A (en) * | 2017-09-15 | 2019-03-22 | 华为技术有限公司 | Method for authenticating, apparatus and system |
| CN109711999A (en) * | 2018-11-14 | 2019-05-03 | 平安科技(深圳)有限公司 | Go out single method and device, computer equipment, storage medium based on halfpace |
| CN110149328A (en) * | 2019-05-22 | 2019-08-20 | 平安科技(深圳)有限公司 | Interface method for authenticating, device, equipment and computer readable storage medium |
| CN110248326A (en) * | 2019-04-30 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of data processing method and its device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10049391B2 (en) * | 2010-03-31 | 2018-08-14 | Mediamath, Inc. | Systems and methods for providing a demand side platform |
-
2019
- 2019-12-12 CN CN201911276916.9A patent/CN111131416B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009039719A1 (en) * | 2007-09-24 | 2009-04-02 | China Mobile Communications Corporation | A user identifier server, a system and method for processing the data service |
| CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
| CN102004987A (en) * | 2010-10-21 | 2011-04-06 | 中国移动通信集团北京有限公司 | Method, device and system for realizing application service |
| CN104580342A (en) * | 2014-08-01 | 2015-04-29 | 南京坦道信息科技有限公司 | Extendable and completely self-defined unified interface service platform |
| CN105812341A (en) * | 2014-12-31 | 2016-07-27 | 阿里巴巴集团控股有限公司 | User identity identifying method and device |
| CN110086768A (en) * | 2014-12-31 | 2019-08-02 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device |
| CN108023921A (en) * | 2016-11-03 | 2018-05-11 | 平安科技(深圳)有限公司 | The cut-in method and device of a kind of third-party platform |
| CN107645378A (en) * | 2017-09-12 | 2018-01-30 | 中国联合网络通信集团有限公司 | Key management platform, communication encrypting method and terminal |
| CN109510802A (en) * | 2017-09-15 | 2019-03-22 | 华为技术有限公司 | Method for authenticating, apparatus and system |
| CN109711999A (en) * | 2018-11-14 | 2019-05-03 | 平安科技(深圳)有限公司 | Go out single method and device, computer equipment, storage medium based on halfpace |
| CN110248326A (en) * | 2019-04-30 | 2019-09-17 | 中国联合网络通信集团有限公司 | A kind of data processing method and its device |
| CN110149328A (en) * | 2019-05-22 | 2019-08-20 | 平安科技(深圳)有限公司 | Interface method for authenticating, device, equipment and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于校园一卡通的电子商务平台的设计与实现;张宁;刘宏磊;谭薇;杨洁;韩博;;华中师范大学学报(自然科学版)(第S1期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111131416A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111131416B (en) | Service providing method and device, storage medium and electronic device | |
| US20240106660A1 (en) | Mutually Authenticated ECDHE Key Exchange for a Device and a Network Using Multiple PKI Key Pairs | |
| US10003582B2 (en) | Technologies for synchronizing and restoring reference templates | |
| CN108241517B (en) | Software upgrading method, client and electronic equipment | |
| US11676133B2 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| CN110401629B (en) | Authorization activation method and related device | |
| CN108243176B (en) | Data transmission method and device | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN112543166B (en) | Real name login method and device | |
| CN104753674A (en) | Application identity authentication method and device | |
| CN113497778A (en) | Data transmission method and device | |
| CN111130798B (en) | Request authentication method and related equipment | |
| CN112804354B (en) | Method and device for data transmission across chains, computer equipment and storage medium | |
| CN115834253B (en) | Identity verification method, identity verification system, client and server | |
| CN114465803B (en) | Object authorization method, device, system and storage medium | |
| CN110602133B (en) | Intelligent contract processing method, block chain management device and storage medium | |
| CN110166460B (en) | Service account registration method and device, storage medium and electronic device | |
| CN112565236A (en) | Information authentication method, device, computer equipment and storage medium | |
| CN112491777B (en) | Cross-block chain identity authentication method, computer equipment and readable storage medium | |
| CN111404901A (en) | Information verification method and device | |
| KR101664471B1 (en) | Method for Processing Mobile OTP Based On Network | |
| CN112148345A (en) | Applet package transmitting method, apparatus, electronic device and computer readable medium | |
| CN111698299B (en) | Session object replication method, device, distributed micro-service architecture and medium | |
| CN115967583B (en) | Key management system and method based on alliance chain | |
| WO2022206203A1 (en) | Connection resilient multi-factor authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant after: Jingdong Technology Holding Co.,Ltd. Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant before: Jingdong Digital Technology Holding Co.,Ltd. Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant after: Jingdong Digital Technology Holding Co.,Ltd. Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant before: JINGDONG DIGITAL TECHNOLOGY HOLDINGS Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |