CN112866296A - Application online verification method, device, equipment and storage medium - Google Patents
Application online verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112866296A CN112866296A CN202110352514.3A CN202110352514A CN112866296A CN 112866296 A CN112866296 A CN 112866296A CN 202110352514 A CN202110352514 A CN 202110352514A CN 112866296 A CN112866296 A CN 112866296A
- Authority
- CN
- China
- Prior art keywords
- key
- application
- dynamic key
- request message
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
Abstract
An embodiment of the specification provides an application online verification method, an application online verification device, application online verification equipment and a storage medium, wherein the method comprises the following steps: when a request message is received, sequentially acquiring a dynamic key from a first dynamic key pool; when the request message is confirmed to carry the simulation mark, discarding the dynamic secret key; informing an upstream application to sequentially acquire a dynamic key from a second dynamic key pool and abandoning the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency; and performing service processing and verification on the request message. The embodiment of the specification can realize the on-line automatic verification of the application in a cross-application and one-time pad encryption scene.
Description
Technical Field
The present disclosure relates to the field of system testing technologies, and in particular, to an online verification method, an online verification device, an online verification apparatus, and a storage medium.
Background
For any Application (Application), various forms of testing or validation are performed before commissioning. However, this does not guarantee that no problem will occur after the application is put on production and therefore, on-line verification is generally required after the application is put on production and put on production.
At present, the existing online verification method for application is as follows: after the new online application or update upgrade is applied, after a transaction (here, a transaction Service is taken as an example) actually occurs, a Platform, namely a Platform-as-a-Service (PAAS) Platform is used for verifying a specified transaction in the transaction which actually occurs. Obviously, the on-line verification method has time lag and low verification efficiency. Moreover, for encryption scenarios that are cross-application and one-time pad (i.e., dynamic keys), this approach does not enable on-line automatic authentication of applications.
Disclosure of Invention
An object of the embodiments of the present specification is to provide an online verification method, an apparatus, a device, and a storage medium for an application, so as to implement online automatic verification of an application in a cross-application and one-time pad encryption scenario.
In order to achieve the above object, in one aspect, an embodiment of the present specification provides an application online verification method, including:
when a request message is received, sequentially acquiring a dynamic key from a first dynamic key pool;
when the request message is confirmed to carry the simulation mark, discarding the dynamic secret key;
informing an upstream application to sequentially acquire a dynamic key from a second dynamic key pool and abandoning the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency;
and performing service processing and verification on the request message.
In an embodiment of the present specification, the method further comprises:
and when the request message is confirmed not to carry the simulation mark, decrypting the request message by using the dynamic key acquired from the first dynamic key pool.
In an embodiment of this specification, after receiving the request packet, the method further includes:
assigning a key value to the request message according to a set assignment rule;
adding the request messages with the assigned key values into a message queue to be processed according to the receiving sequence;
and when the traffic of the application server reaches a set threshold value, adjusting the message queue to be processed according to the key value so as to enable the request message not carrying the analog mark to be processed preferentially.
In an embodiment of this specification, the assigning a key value to the request packet according to a set assignment rule includes:
according to the formula
Assigning a key value to the request message;
the key is a key value, s is a receiving sequence number of the request message, a is a constant, and a is far larger than s.
In an embodiment of this specification, the adjusting the to-be-processed packet queue according to the key value includes:
and carrying out priority sequencing on the request messages in the message queue to be processed according to the sequence of key values from small to large so as to form a new message queue to be processed.
In the embodiment of this specification, after performing service processing and verification on the request packet, the method further includes:
determining the maximum key value in the current message queue to be processed;
and when the key value with the maximum key value is the request message not carrying the analog mark, confirming that all the request messages carrying the analog mark complete service processing and verification.
In an embodiment of this specification, the analog flag is located in a header of the request packet.
On the other hand, an embodiment of the present specification further provides an application online verification apparatus, including:
the key acquisition module is used for sequentially acquiring a dynamic key from the first dynamic key pool when receiving the request message;
the key abandoning module is used for abandoning the dynamic key when the request message is confirmed to carry the simulation mark;
a message notification module, configured to notify an upstream application to sequentially obtain a dynamic key from a second dynamic key pool and discard the dynamic key, so that the first dynamic key pool and the second dynamic key pool maintain key consistency;
and the processing and verifying module is used for carrying out service processing and verification on the request message.
In another aspect, the embodiments of the present specification further provide a computer device, which includes a memory, a processor, and a computer program stored on the memory, and when the computer program is executed by the processor, the computer program executes the instructions of the above method.
In another aspect, the present specification further provides a computer storage medium, on which a computer program is stored, and the computer program is executed by a processor of a computer device to execute the instructions of the method.
As can be seen from the technical solutions provided in the embodiments of the present specification, when an application receives a request message, a dynamic key is sequentially obtained from a first dynamic key pool; and if the request message carries the analog mark (namely the request message is the analog message), discarding the dynamic key. Because the request message is an analog message, and the upstream application does not actually use the dynamic key for the message, the application can also inform the upstream application to sequentially obtain one dynamic key from the second dynamic key pool and discard the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency; then the application processes and verifies the service of the request message; therefore, the on-line automatic verification of the application under the cross-application and one-time pad encryption scene is realized, the verification cost is reduced, and the verification efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort. In the drawings:
FIG. 1 illustrates a flow chart of an application on-line verification method in some embodiments of the present description;
FIG. 2 is a schematic diagram of a business cross-application in one embodiment of the present description;
FIG. 3 is a block diagram showing the structure of an on-line authentication device used in some embodiments of the present description;
FIG. 4 shows a block diagram of a computing device in some embodiments of the present description.
[ description of reference ]
31. A key acquisition module;
32. a key discarding module;
33. a message notification module;
34. a processing verification module;
402. a computer device;
404. a processor;
406. a memory;
408. a drive mechanism;
410. an input/output module;
412. an input device;
414. an output device;
416. a presentation device;
418. a graphical user interface;
420. a network interface;
422. a communication link;
424. a communication bus.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
At present, an online verification mode for a service system is generally message processing verification aiming at a non-encryption scene. For the encryption scenario of cross-application and one-time pad (i.e. dynamic key), the traditional scheme has difficulty in implementing on-line automatic authentication of the application. In view of this, in order to reduce the verification cost and improve the verification efficiency. The embodiment of the specification provides an online automatic verification scheme of an application in a cross-application and one-time pad encryption scene.
In embodiments of the present specification, cross-application means that a service requires interworking of two or more applications to be completed. During the interactive orchestration process, one application may invoke the data of the other application. For example, when ordering payments at a cell phone banking client, third party application payments (e.g., pay-for-treasure payments, WeChat payments), etc. may be invoked.
In the embodiments of the present specification, the one-time pad means that a random key equal to the message length is used in the stream cipher, and the key is used only once.
In some embodiments of the present description, an application-online verification method is provided that may be applied to a computer device. Referring to fig. 1, the method for verifying the application online may include the following steps:
s101, when a request message is received, a dynamic key is sequentially acquired from the first dynamic key pool.
And S102, discarding the dynamic secret key when the request message is confirmed to carry the simulation mark.
S103, informing the upstream application to sequentially obtain a dynamic key from the second dynamic key pool and abandoning the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency.
And S104, performing service processing and verification on the request message.
In the embodiment of the present description, when an application receives a request message, a dynamic key is sequentially obtained from a first dynamic key pool; and if the request message carries the analog mark (namely the request message is the analog message), discarding the dynamic key. Because the request message is an analog message, and the upstream application does not actually use the dynamic key for the message, the application can also inform the upstream application to sequentially obtain one dynamic key from the second dynamic key pool and discard the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency; then the application processes and verifies the service of the request message; therefore, the on-line automatic verification of the application under the cross-application and one-time pad encryption scene is realized, the verification cost is reduced, and the verification efficiency is improved.
After an application is newly online or updated, when the application needs to be verified online, an analog message (i.e., a request message carrying an analog tag) may be initiated on a link between the application and an upstream application of the application. For example, in the exemplary embodiment shown in FIG. 2, one service spans three applications (i.e., application one, application two, and application three in FIG. 2). After the second application is updated and upgraded, if on-line verification is required, an analog message can be initiated on a link between the second application and the first application at the upstream of the second application.
The simulation message may be a simulation of message information generated by an actual operation of the user, for example, an operation behavior such as logging in to the client, registering on the client, authenticating, paying, refunding, and the like. The simulation message may be generated based on the historical message information, that is, the external computer device may collect data from the database and assemble the data into the simulation message. In order to enable the server deployed by the application to distinguish the simulation message from the real message, the assembled simulation message may carry a simulation tag. For example, in an embodiment of the present specification, taking an HTTP message as an example, the HTTP message generally consists of fields such as "start line + header (head) + empty line + entity", and the head field is very flexible and can be arbitrarily extended. Therefore, since the field status can be added to the head: simulate as an analog marker.
After the update of the target application is updated, the latest starting time of a server (hereinafter referred to as a target server) deployed by the target application is updated, and the xml or class file related to the business process (such as a transaction process) on the target server is changed. Therefore, when the starting time of the target server is updated and the file is updated and replaced, the simulation message can be initiated to the link between the target application and the upstream application thereof, and the service verification can be carried out. Accordingly, the target application may receive the message over the link.
In the encryption scenario of cross-application and one-time pad (i.e., dynamic key), there is a need to maintain consistency of upstream and downstream keys on the traffic link between applications. The first dynamic key pool and the second dynamic key pool are dynamic keys which are agreed by the target application and the upstream application and are used for encryption and decryption. The second dynamic key pool stores a plurality of dynamic keys used by the upstream application for encrypting the message, and the first dynamic key pool stores a plurality of dynamic keys used by the target application for decrypting; the dynamic keys in the second dynamic key pool are in one-to-one correspondence with the dynamic keys in the first dynamic key pool. Based on user operation, when a transaction needs to be initiated, the upstream application can sequentially take one dynamic key from the second dynamic key pool to generate an encrypted message, and then send the encrypted message to the target application; when the target application receives the message, one dynamic key can be sequentially taken from the first dynamic key pool to decrypt the encrypted message.
For the target application, after receiving the request message, one dynamic key is sequentially obtained from the corresponding dynamic key pool. However, if the request message carries an analog flag (i.e. the request message is an analog message), decryption is not required because the analog message is not encrypted by the upstream application of the target application; thus, the target application may discard the dynamic key. Obviously, in this process, the target application consumes a dynamic key in order. However, since the dummy message is initiated externally on the link between the target application and its upstream application, rather than from the upstream application of the target application, the upstream application does not therefore consume a dynamic key. In this way, the consistency of the dynamic key is lost between the target application and its upstream applications. Therefore, in this case, the target application needs to notify the upstream application to also sequentially obtain one dynamic key from the second dynamic key pool and discard the dynamic key, so that the first dynamic key pool and the second dynamic key pool recover or continue to maintain key consistency.
For example, in the exemplary embodiment shown in FIG. 2, the dynamic keys used for encryption and decryption should be agreed upon between application one and application two (e.g., as shown in Table 1 below); similarly, a dynamic key for encryption and decryption should be agreed well between application two and application three.
TABLE 1
| Dynamic key sequence numbers | Application one (dynamic key) | Application two (dynamic key) |
| 1 | E1 | D1 |
| 2 | E2 | D2 |
| 3 | E3 | D3 |
| 4 | E4 | D4 |
| 5 | E5 | D5 |
| 6 | E6 | D6 |
| … | … | … |
For real messages, each time an application uses a dynamic key, one dynamic key is sequentially taken from the corresponding dynamic key pool (i.e., E1, E2, etc.). For example, when an application one uses the dynamic key E3 to initiate an encrypted message to an application two, the application two should sequentially fetch one dynamic key D3 from the corresponding dynamic key pool (i.e., D1, D2, etc.) to decrypt the encrypted message.
However, for the analog message, since the analog message is added externally on the link between application one and application two, it is not actually originated by application one. After receiving the analog message, the second application obtains a dynamic key from the corresponding dynamic key pool in sequence, which may result in the consistency of the upstream and downstream keys of the service link between the first application and the second application being destroyed. Therefore, when the second application confirms that the request message carries the simulation mark (i.e., confirms that the request message is a simulation message), not only the currently acquired dynamic key needs to be discarded, but also the first application is informed to sequentially acquire and discard one dynamic key from the corresponding dynamic key pool, so as to maintain the key consistency. For example, if the application two currently obsolete dynamic keys is D4, the application one sequentially obtained and obsolete dynamic keys should be E4; and so on. At this time, when the first application needs to initiate a request message, it will be E5 if it obtains one dynamic key from the corresponding dynamic key pool in sequence, and when the first application encrypts the request message using E5 and sends the encrypted message to the second application, it will also be D5 if the second application obtains one dynamic key from the corresponding dynamic key pool in sequence, thereby maintaining the key consistency.
Of course, in the embodiment of the present description, if it is determined that the request message does not carry the analog flag (i.e., it is determined that the request message is a real message), the request message may be decrypted by using the dynamic key obtained from the first dynamic key pool, and then the direct step S104 is executed.
In some embodiments of this specification, performing service processing and verification on the request packet refers to: performing service processing on the request message by using set service processing logic (such as payment logic, transfer logic and the like), judging whether the processing is successful or not after the service processing is completed, and if the processing is successful, confirming that the processing is passed; otherwise, verification failure may be confirmed. Of course, for the simulation message, after the verification fails, related information (such as the service type, the server IP, etc.) may also be recorded, and a new simulation message may be initiated again. For the target application, if all the simulation messages are not successfully verified, the possibility that the data obtained from the database contains dirty data (for example, the agreement between the user and the financial institution has expired, but the key information such as the user number, card number, etc. is still stored in the database) is not excluded. Therefore, before assembling the simulation message again and initiating the request, data washing is required to be performed on the data acquired from the database. When the simulation message is found to be still not successfully verified on the basis, the problems of program upgrading failure and the like are not eliminated, and timely examination is needed to achieve quick response.
It should be noted that the verification result of the simulation message should not be included in the production monitoring statistics, so as to avoid affecting the indexes of the actual production, such as the transaction amount, the success rate, the response time, and the like.
In some embodiments of this specification, after receiving the request packet, the following steps may be further included:
1) and assigning a key value to the request message according to a set assignment rule.
For example, in one embodiment of the present specification, the formula may be based on
Assigning a key value to the request message; wherein, key is a key value, s is a receiving sequence number of the request message (such as the receiving sequence number of the current day), a is a constant, and a is far larger than the receiving sequence number of the current dayAnd s. For example, a is 1000 and s is 30.
Of course, the above is merely an exemplary illustration, and in other embodiments of the present specification, any suitable assignment rule may be adopted according to actual needs, and the present specification does not limit this.
2) And adding the request messages with the assigned keys into a message queue to be processed according to the receiving sequence.
Wherein, the receiving sequence is the sequence of receiving the request messages.
3) When the traffic of the application server (namely the target server) reaches a set threshold, the message queue to be processed is adjusted according to the key value, so that the request message which does not carry the analog mark is processed preferentially.
And adjusting the message queue to be processed according to the key values, namely performing priority sequencing on the request messages in the message queue to be processed according to the sequence of the key values from small to large so as to form a new message queue to be processed. In the new message queue to be processed, the request message with the smallest key value has higher priority, and the request message with the smallest key value is arranged at the head of the queue. Therefore, when the request message is taken from the new message queue to be processed, the request message (namely, the real message) which does not carry the analog mark can be processed preferentially, so that the influence of on-line verification on normal service can be reduced.
In another embodiment of this specification, when the traffic volume of the application server does not reach the set threshold, it indicates that the application server is in the non-service peak period, and even if the pending message queue is not adjusted, the normal service is not greatly affected. Therefore, in this case, the pending packet queue may not be adjusted, that is, the real packet may not be processed preferentially.
In an embodiment of this specification, the traffic condition of the application server may be obtained by deploying a log collection program or an SQL script, or the like. Of course, in other embodiments of the present disclosure, the traffic volume may be replaced by a resource utilization rate (e.g., memory occupancy rate, CPU utilization rate, etc.) of the application server.
In an embodiment of this specification, when performing batch verification (for example, performing online verification on an application cluster), due to inconsistency between the usage of resources of each server and queues of messages to be processed of each server, the simulation messages initiated in batch cannot be guaranteed to be verified at the same time. Therefore, after the service processing and verification are performed on the request message, the method further comprises the following steps:
1) and determining the maximum key value in the current message queue to be processed.
2) When the key value is the largest request message without carrying the analog mark, confirming that all the request messages carrying the analog mark complete the service processing and verification; otherwise, continuing to judge after waiting for the specified time.
In another embodiment of the present specification, after it is confirmed that all request messages carrying analog tags complete service processing and verification, the received messages are all real messages thereafter. Therefore, the assigning value and the queue adjusting step can be stopped, so that unnecessary calculation amount of the server is reduced, and the service processing efficiency is improved.
While the process flows described above include operations that occur in a particular order, it should be appreciated that the processes may include more or less operations that are performed sequentially or in parallel (e.g., using parallel processors or a multi-threaded environment).
Referring to fig. 3, in some embodiments of the present disclosure, there is provided an online authentication apparatus corresponding to the above online authentication, including:
the key obtaining module 31 may be configured to, when receiving the request packet, sequentially obtain one dynamic key from the first dynamic key pool;
a key discarding module 32, configured to discard the dynamic key when it is determined that the request packet carries the analog flag;
a message notification module 33, configured to notify an upstream application to sequentially obtain a dynamic key from a second dynamic key pool and discard the dynamic key, so that the first dynamic key pool and the second dynamic key pool maintain key consistency;
the processing and verifying module 34 may be configured to perform service processing and verification on the request packet.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware implementations of the present description.
Embodiments of the present description also provide a computer device. As shown in FIG. 4, in some embodiments of the present description, the computer device 402 may include one or more processors 404, such as one or more Central Processing Units (CPUs) or Graphics Processors (GPUs), each of which may implement one or more hardware threads. The computer device 402 may also comprise any memory 406 for storing any kind of information, such as code, settings, data, etc., and in a particular embodiment a computer program running on the memory 406 and on the processor 404, which computer program, when executed by the processor 404, may perform the instructions according to the above-described method. For example, and without limitation, memory 406 may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any memory may use any technology to store information. Further, any memory may provide volatile or non-volatile retention of information. Further, any memory may represent fixed or removable components of computer device 402. In one case, when the processor 404 executes the associated instructions, which are stored in any memory or combination of memories, the computer device 402 can perform any of the operations of the associated instructions. The computer device 402 also includes one or more drive mechanisms 408, such as a hard disk drive mechanism, an optical disk drive mechanism, etc., for interacting with any memory.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products of some embodiments of the specification. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processor to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processor, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processor to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processor to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computer device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The embodiments of this specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The described embodiments may also be practiced in distributed computing environments where tasks are performed by remote processors that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. An application online verification method, comprising:
when a request message is received, sequentially acquiring a dynamic key from a first dynamic key pool;
when the request message is confirmed to carry the simulation mark, discarding the dynamic secret key;
informing an upstream application to sequentially acquire a dynamic key from a second dynamic key pool and abandoning the dynamic key so as to ensure that the first dynamic key pool and the second dynamic key pool maintain key consistency;
and performing service processing and verification on the request message.
2. The method for on-line authentication of an application as recited in claim 1, further comprising:
and when the request message is confirmed not to carry the simulation mark, decrypting the request message by using the dynamic key acquired from the first dynamic key pool.
3. The method for on-line authentication of an application according to claim 1, further comprising, after receiving the request message:
assigning a key value to the request message according to a set assignment rule;
adding the request messages with the assigned key values into a message queue to be processed according to the receiving sequence;
and when the traffic of the application server reaches a set threshold value, adjusting the message queue to be processed according to the key value so as to enable the request message not carrying the analog mark to be processed preferentially.
4. The method for on-line verification according to claim 3, wherein the assigning a key value to the request packet according to a set assignment rule includes:
according to the formula
Assigning a key value to the request message;
the key is a key value, s is a receiving sequence number of the request message, a is a constant, and a is far larger than s.
5. The method according to claim 4, wherein the adjusting the pending packet queue according to the key value comprises:
and carrying out priority sequencing on the request messages in the message queue to be processed according to the sequence of key values from small to large so as to form a new message queue to be processed.
6. The method for on-line verification according to any of claims 4 or 5, further comprising, after performing service processing and verification on the request packet:
determining the maximum key value in the current message queue to be processed;
and when the key value with the maximum key value is the request message not carrying the analog mark, confirming that all the request messages carrying the analog mark complete service processing and verification.
7. The method of on-line authentication of claim 6, wherein the analog tag is located in a header of the request message.
8. An application online verification apparatus, comprising:
the key acquisition module is used for sequentially acquiring a dynamic key from the first dynamic key pool when receiving the request message;
the key abandoning module is used for abandoning the dynamic key when the request message is confirmed to carry the simulation mark;
a message notification module, configured to notify an upstream application to sequentially obtain a dynamic key from a second dynamic key pool and discard the dynamic key, so that the first dynamic key pool and the second dynamic key pool maintain key consistency;
and the processing and verifying module is used for carrying out service processing and verification on the request message.
9. A computer device comprising a memory, a processor, and a computer program stored on the memory, wherein the computer program, when executed by the processor, performs the instructions of the method of any one of claims 1-7.
10. A computer storage medium on which a computer program is stored, characterized in that the computer program, when being executed by a processor of a computer device, executes instructions of a method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110352514.3A CN112866296B (en) | 2021-03-31 | 2021-03-31 | Application online verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110352514.3A CN112866296B (en) | 2021-03-31 | 2021-03-31 | Application online verification method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112866296A true CN112866296A (en) | 2021-05-28 |
| CN112866296B CN112866296B (en) | 2022-09-06 |
Family
ID=75992026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110352514.3A Active CN112866296B (en) | 2021-03-31 | 2021-03-31 | Application online verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112866296B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115955358A (en) * | 2023-01-11 | 2023-04-11 | 北京唯科致远科技有限公司 | Data stream transmission system based on point-to-point communication |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1627678A (en) * | 2003-12-09 | 2005-06-15 | 鸿富锦精密工业(深圳)有限公司 | Fast cryptographic key distribution system and method |
| US20140181957A1 (en) * | 2012-12-21 | 2014-06-26 | Dan Due Nguyen | Methods and apparatus for authenticating user login |
| CN105637800A (en) * | 2013-09-13 | 2016-06-01 | 微软技术许可有限责任公司 | Keying infrastructure |
| CN108989021A (en) * | 2018-06-04 | 2018-12-11 | 北京辰森世纪科技股份有限公司 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
| US20200099517A1 (en) * | 2018-09-20 | 2020-03-26 | International Business Machines Corporation | Transient Management of Data Encryption and Authentication |
-
2021
- 2021-03-31 CN CN202110352514.3A patent/CN112866296B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1627678A (en) * | 2003-12-09 | 2005-06-15 | 鸿富锦精密工业(深圳)有限公司 | Fast cryptographic key distribution system and method |
| US20140181957A1 (en) * | 2012-12-21 | 2014-06-26 | Dan Due Nguyen | Methods and apparatus for authenticating user login |
| CN105637800A (en) * | 2013-09-13 | 2016-06-01 | 微软技术许可有限责任公司 | Keying infrastructure |
| CN108989021A (en) * | 2018-06-04 | 2018-12-11 | 北京辰森世纪科技股份有限公司 | Information authentication method, device, computer equipment and readable storage medium storing program for executing |
| US20200099517A1 (en) * | 2018-09-20 | 2020-03-26 | International Business Machines Corporation | Transient Management of Data Encryption and Authentication |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115955358A (en) * | 2023-01-11 | 2023-04-11 | 北京唯科致远科技有限公司 | Data stream transmission system based on point-to-point communication |
| CN115955358B (en) * | 2023-01-11 | 2023-05-02 | 北京唯科致远科技有限公司 | Data stream transmission system based on point-to-point communication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112866296B (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109756582B (en) | Information recording method, device, node and storage medium in block chain network | |
| US10635430B2 (en) | Over-the-air provisioning of application library | |
| CN108712395B (en) | Account management method, device, server and storage medium based on block chain | |
| US20240013212A1 (en) | Transferring cryptocurrency from a remote limited access wallet | |
| CN103403731B (en) | The data encryption treating apparatus of cloud storage system and method | |
| EP4216077A1 (en) | Blockchain network-based method and apparatus for data processing, and computer device | |
| CN107124281A (en) | A kind of data security method and related system | |
| CN111641563B (en) | Flow self-adaption method and system based on distributed scene | |
| CN108564363B (en) | Transaction processing method, server, client and system | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| CN109495874A (en) | The method and apparatus of Profile downloading | |
| CN112866296B (en) | Application online verification method, device, equipment and storage medium | |
| CN111669434A (en) | Method, system, device and equipment for establishing communication group | |
| CN113132363B (en) | Front-end and back-end security verification method and equipment | |
| US20150006894A1 (en) | Method and system for secure data communication between a user device and a server | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| WO2020247095A1 (en) | Event management in distributed computing system | |
| WO2016123823A1 (en) | Data interaction method, apparatus and system | |
| CN115409511A (en) | Personal information protection system based on block chain | |
| CN117882416A (en) | Blockchain key generation | |
| CN110766407A (en) | Transaction verification method, accounting node and medium based on block chain | |
| Silva et al. | Performance evaluation of cryptography on middleware-based computational offloading | |
| WO2023207471A1 (en) | Data processing method based on block chain, related device, medium, and program product | |
| CN110912987B (en) | Information processing method and related equipment | |
| CN115964749A (en) | Dynamic capacity expansion system, method, equipment and medium for privacy asking for mutual communication component |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |