CN113962696A

CN113962696A - Data calling method and device and terminal equipment

Info

Publication number: CN113962696A
Application number: CN202111227215.3A
Authority: CN
Inventors: 于文奇; 夏伏彪; 沈敏文; 谢翔; 李升林; 孙立林
Original assignee: Shanghai Qianfang Technology Co ltd
Current assignee: Shanghai Qianfang Technology Co ltd
Priority date: 2021-10-21
Filing date: 2021-10-21
Publication date: 2022-01-21

Abstract

The specification provides a data calling method, a data calling device and terminal equipment. The third party application generates a target calling request and generates a third party signature by using a private key of the third party application under the condition that the operation of the user meets the preset triggering condition and the target service needs to be called; then the target calling request and the third party signature are sent to the authorization plug-in; the authorization plug-in signs the target calling request and sends the signed target calling request and the signature of the third party to an open API platform of a related target service party; and the platform responds to the target calling request and calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the third party signature. Therefore, on the premise of protecting the data security of the user, when the user operates in the third-party application, the required target service of the target service party can be automatically and safely called, the user experience is improved, and the invasion to the third-party application is reduced.

Description

Data calling method and device and terminal equipment

Technical Field

The specification belongs to the technical field of internet, and particularly relates to a data calling method, a data calling device and terminal equipment.

Background

Based on the Open API platform (Open API) technology, the website platform may encapsulate the provided website service into a plurality of APIs (Application Programming interfaces) that are Open for a third party to call.

However, based on the existing method, when a third party calls the website service, in order to protect data privacy and security of a user, complicated and complicated user authorization verification is often required, so that complexity of user operation is increased, and user experience is affected. In addition, based on the existing method, the interior of the third party is necessarily required to be changed, and the invasion to the third party exists.

In view of the above problems, no effective solution has been proposed.

Disclosure of Invention

The present specification provides a data calling method, an apparatus, and a terminal device, which can automatically and safely call a target service provided by a target service party, which is required by an operation, when the user operates in a third-party application on the premise of protecting privacy and security of user data, so as to improve user experience and reduce intrusion to the third-party application.

An embodiment of the present specification provides a data calling method, which is applied to a third-party application, where the third-party application is installed in a terminal device, the terminal device is also installed with an authorization plug-in associated with an open API platform of a target service party, the open API platform of the target service party provides a plurality of API interfaces, and the API interfaces respectively correspond to a service provided by the target service party, and the method includes:

under the condition that the operation of a user in the third-party application is detected to meet a preset trigger condition, generating a target calling request aiming at the target service of a target service party, and generating a third-party signature by using a private key of the third-party application;

awakening an authorization plug-in and sending the third party signature and the target calling request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party;

and receiving the target result.

In some embodiments, after receiving the target result, the method further comprises:

and carrying out corresponding target data processing according to the target result.

In some embodiments, the third party application comprises: APP of a third party shopping platform; the target service party comprises: and (5) opening a bank.

In some embodiments, the target result comprises: account credit data for the user;

correspondingly, according to the target result, corresponding target data processing is performed, and the processing comprises the following steps:

determining the transaction risk level of the user according to the account credit data of the user;

and providing the matched transaction service for the user according to the transaction risk level of the user.

In some embodiments, in the case that it is detected that the operation of the user in the third-party application satisfies the preset trigger condition, the method further includes:

presenting prompt information about target service of a target service calling party to a user;

and under the condition that a confirmation instruction of the user for the prompt information is determined to be received, generating a target calling request for the target service of the target business party, and generating a third party signature by using a private key of a third party application.

In some embodiments, the method further comprises:

receiving and responding to a first registration instruction sent by the authorization plug-in, and performing third-party application registration through the authorization plug-in; the method comprises the steps that an authorization plug-in obtains an application identity certificate and an identity mark of a third-party application;

and sending the application identity certificate and the identity of the third-party application to an open API platform of the target service party for registration and storage.

The embodiment of the present specification further provides a data calling method, which is applied to an authorization plug-in, where the authorization plug-in is associated with an open API platform of a target service party, the authorization plug-in is installed in a terminal device, and the terminal device is also installed with a third-party application, where the method includes:

receiving a third party signature and a target calling request sent by a third party application;

signing the target calling request to obtain a signed target calling request;

sending the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

In some embodiments, the method further comprises:

displaying a user registration interface to a user;

acquiring registration information of a user through the user registration interface;

obtaining a user identity certificate and an identity mark of a user according to registration information of the user;

and sending the user identity certificate and the identity mark of the user to an open API platform of the target service party for registration and storage.

In some embodiments, the method further comprises:

generating a user private key according to the registration information of the user; and locally storing the user private key;

accordingly, the method can be used for solving the problems that,

and signing the target calling request by using the user private key to obtain the signed target calling request.

In some embodiments, the method further comprises:

searching whether unregistered third-party application exists in the applications installed in the terminal equipment;

in the event that an unregistered third party application is retrieved, a first registration instruction is sent to the third party application.

In some embodiments, after sending the first registration instruction to the third party application, the method further comprises:

receiving registration information of the third-party application fed back by the third-party application;

obtaining an application identity certificate and an identity label of the third-party application according to the registration information of the third-party application;

In some embodiments, the method further comprises:

responding to an authorization instruction of a user, and displaying an authorization setting interface to the user;

obtaining authorization parameters through the authorization setting interface;

generating an authorization file according to the authorization parameter; and sending the authorization file to an open API platform of the target service party for storage.

In some embodiments, the authorization parameters include at least one of: identity of the authorized application, service identity of the service authorized to be invoked, type of operation authorized, time authorized, authorization rights.

In some embodiments, after receiving the third party signature and the target invocation request sent by the third party application, the method further comprises:

verifying the third party signature;

and under the condition that the signature of the third party is verified, signing the target calling request to obtain a signed target calling request.

An embodiment of the present specification further provides a data call method, which is applied to an open API platform of a target service party, where the open API platform of the target service party provides a plurality of API interfaces, and the API interfaces respectively correspond to a service provided by the target service party, and the method includes:

receiving a signed target calling request and a third party signature sent by an authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of a target service party;

performing preset verification according to the signed target calling request and the third party signature;

and under the condition that the preset verification is passed, responding to the target calling request, and calling the target service to obtain a corresponding target result.

In some embodiments, after obtaining the corresponding target result, the method further comprises:

sending the target result to a third party application; and the third-party application is arranged on the terminal equipment where the authorization plug-in is located.

In some embodiments, performing a preset verification according to the signed target invocation request and the third party signature includes:

performing first verification on the third party signature according to the stored application identity certificate and the identity mark of the third party application;

performing second verification on the signed target calling request according to the stored user identity certificate and the stored identity mark of the user;

and determining that the preset verification passes under the condition that the first verification passes and the second verification passes.

In some embodiments, in the case that the preset verification is determined to pass, the method further comprises:

and verifying the request content of the target calling request according to the authorization file.

An embodiment of the present specification further provides a data calling apparatus, including:

the generation module is used for generating a target calling request aiming at the target service of a target business party under the condition that the operation of a user in the third-party application is detected to meet a preset trigger condition, and generating a third-party signature by using a private key of the third-party application;

the sending module is used for awakening the authorization plug-in and sending the third party signature and the target calling request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party;

and the receiving module is used for receiving the target result.

the receiving module is used for receiving a third party signature and a target calling request sent by a third party application;

the signature module is used for signing the target calling request to obtain a signed target calling request;

the sending module is used for sending the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

the receiving module is used for receiving the signed target calling request and the third party signature sent by the authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of a target service party;

the verification module is used for carrying out preset verification according to the signed target calling request and the third party signature;

and the calling module is used for responding to the target calling request and calling the target service to obtain a corresponding target result under the condition that the preset verification is passed.

The embodiment of the present specification further provides a terminal device, which includes a processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the relevant steps of the data call method.

The embodiment of the specification also provides a computer readable storage medium, and computer instructions are stored on the computer readable storage medium, and when the instructions are executed, the relevant steps of the data calling method are realized.

Based on the data calling method, the data calling device and the terminal equipment provided by the specification, when a user operates in a third-party application arranged on the terminal equipment, the third-party application detects that the operation of the user meets a preset trigger condition and needs to call a target service provided by a target service party, a target calling request aiming at the target service of the target service party can be automatically generated, and meanwhile, a third-party signature is generated by using a private key of the third-party application; further, the third party application can wake up an authorization plug-in arranged on the same terminal device and send the target calling request and the third party signature to the authorization plug-in; the authorization plug-in signs the target calling request to obtain the signed target calling request; then the signed target calling request and the third party signature are sent to an open API platform of a related target service party; the open API platform performs preset verification according to the signed target calling request and the third party signature; and under the condition that the preset verification is passed, responding to the target calling request, calling the target service to obtain a corresponding target result, and feeding the target result back to the third-party application. Therefore, on the premise of protecting the privacy and the safety of user data, when a user operates in the third-party application, the target service provided by the target service party required by the operation can be automatically and safely called, the use experience of the user is improved, and meanwhile, the invasion to the third-party application is reduced.

Drawings

In order to more clearly illustrate the embodiments of the present specification, the drawings needed to be used in the embodiments will be briefly described below, and the drawings in the following description are only some of the embodiments described in the specification, and it is obvious to those skilled in the art that other drawings can be obtained based on the drawings without any inventive work.

Fig. 1 is a schematic diagram of an embodiment of an interface of a terminal device to which a data calling method provided in an embodiment of the present specification is applied;

FIG. 2 is a diagram illustrating an embodiment of a data call method provided by an embodiment of the present specification in one example scenario;

FIG. 3 is a diagram illustrating an embodiment of a data call method provided by an embodiment of the present specification in one example scenario;

FIG. 4 is a flow diagram of a data call method provided by one embodiment of the present description;

FIG. 5 is a flow diagram of a data call method provided by one embodiment of the present description;

FIG. 6 is a flow diagram of a data call method provided by one embodiment of the present description;

fig. 7 is a schematic structural component diagram of a terminal device provided in an embodiment of the present specification;

fig. 8 is a schematic structural component diagram of a data call device according to an embodiment of the present specification.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

The embodiment of the specification provides a data calling method, which can be particularly applied to terminal equipment (for example, a mobile phone of a user).

Specifically, as shown in fig. 1, at least a third-party application (e.g., XX shopping network APP) and an authorization plug-in (e.g., YY authorization APP) associated with an open API platform of a target business party (e.g., YY open bank) are deployed in a terminal device (e.g., a smart phone, etc.). Wherein, the authorization plug-in can perform communication interaction with the open API platform of the target service party.

The Open API platform of the target service party may be specifically understood as an Open platform constructed by the target service party based on an Open API technology. Through the open platform, the target service party can encapsulate the provided services into a plurality of corresponding API interfaces and open the API interfaces to the outside, so that third-party applications can call corresponding services through the API interfaces. The open API platform of the target service party may be specifically arranged on the cloud server, or may be arranged on the terminal device.

The authorization plug-in may be specifically understood as an application program associated with the open API platform of the target service party and participating in data processing, such as registration and authorization, on the terminal device related to the open API platform of the target service party. The authorization plug-in can be in communication interaction with the open API platform of the target business party. Specifically, the authorization plug-in may be an independent APP installed in the user smartphone (e.g., YY authorization APP), or may be a plug-in module integrated in an APP related to the target service party (e.g., an authorization module in YY bank APP), and the like.

The third-party application may be specifically understood as an application program that is arranged on one side of the terminal device and is different from the third party of the target service party. Specifically, the third-party application may be an application provided by a service party having a cooperative relationship with the target service party.

The terminal device may specifically include a front-end electronic device that is applied to a user side and can implement functions such as data acquisition and data transmission. Specifically, the terminal device may be, for example, a desktop computer, a tablet computer, a notebook computer, a smart phone, and the like.

In some embodiments, before the implementation, the user may use the terminal device to download and install the authorization plug-in through a website or link provided by the target service provider.

In some embodiments, after the user installs the authorization plug-in on the terminal device, the user may first start the authorization plug-in by clicking. Accordingly, the authorization plug-in may expose a corresponding user registration interface to the user. Referring to fig. 2, the authorization plug-in may obtain the registration information input by the user through the user registration interface; and generating a user identity certificate and an identity label of the user according to the registration information of the user. The identity (for example, u) of the user may be specifically a name of the user, an account name of the user, an identity number of the user, or identification information that can correspond to the user, such as a user registration mobile phone number.

Specifically, the user registration interface may be an encrypted user registration interface based on a privacy protection mechanism. Accordingly, the user can complete the registration operation in a desensitized registration mode through the encrypted user registration interface. Therefore, the authorization plug-in can smoothly acquire the required registration information of the user; meanwhile, the personal privacy information of the user can be effectively prevented from being disclosed, and the data security of the user is protected.

Specifically, when generating the user identity certificate, the authorization plug-in may first generate a user public key (which may be denoted as pk (u)) and a user private key (which may be denoted as sk (u)) for the user according to the registration information of the user. And then, generating a user identity certificate for the user according to the user private key of the user and the identity of the user, wherein the generation of the corresponding user identity certificate can be expressed as the following formula: [ u, PK (u), CA)]_Sk(CA). Wherein, the CA may specifically be an identity of an authorized plug-in, SK (CA) may specifically be the plug-in private key of the authorizing plug-in. At the same time, the authorization plug-in may locally hold the user private key sk (u).

The authorization plug-in may then send the user identity certificate and the identity of the user to the open API platform of the target business party. The open API platform of the target service party may specifically register and store the user identity certificate and the identity of the user for subsequent use. As can be seen in fig. 2.

In some embodiments, the authorization plug-in deployed in the terminal device may receive and respond to a retrieval instruction actively initiated by a user, or the authorization plug-in automatically triggers when detecting that a new application program is installed on the terminal device, and retrieves an application currently installed on the terminal device to determine whether a cooperation relationship exists and an unregistered third-party application exists.

The authorization plug-in may generate and send a first registration instruction to an unregistered third party application if the third party application is retrieved.

The third-party application can respond to the first registration instruction and feed back registration information of the third-party application so as to complete registration of the third-party application. During specific registration, the third-party application can complete the registration in a desensitization registration mode.

Accordingly, referring to fig. 2, the authorization plug-in may receive registration information of the third-party application (e.g., the identity of the third-party application, the public key pk (v) of the third-party application, etc.) fed back by the third-party application; and then according to the registration information of the third-party application, generating an application identity certificate of the third-party application, and acquiring an identity of the third-party application.

Then, the authorization plug-in can send the application identity certificate and the identity of the third-party application to the open API platform of the target business party. The open API platform of the target service party may specifically register and store an application identity and an identity certificate of the third party application for subsequent use. As can be seen in fig. 2.

In some embodiments, the user may use the authorization plug-in to perform corresponding authorization settings according to specific situations and processing requirements. In particular, the user may initiate an authorization instruction in the authorization plug-in.

The authorization plug-in may present a corresponding authorization setup interface to the user in response to the authorization instruction. The user may enter and set authorization parameters such as an identity of an authorization application (e.g., identity XX of XX shopping network), a service identity of a service authorized to be invoked (target business party) (e.g., account credit inquiry of a user of YY open bank, credit risk prediction of the user, etc.), an authorized operation type (e.g., proxy signature operation, proxy payment operation, etc.), an authorization time (e.g., validity duration of authorization, validity period of authorization, etc.), authorization authority (e.g., read-only, rewrite, invokable interface function, etc.), and the like in the authorization setting interface.

Further, the authorization plug-in can generate an authorization file capable of describing the authorization relationship according to the authorization parameters. Wherein, the authorization file contains the authorization parameters. And then the authorization file is sent to an open API platform of the target service party for storage for subsequent use. As can be seen in fig. 2.

In some embodiments, in implementation, when the user performs an operation in the third-party application, the third-party application may detect whether the operation in the third-party application by the user satisfies a preset trigger condition in real time or at preset time intervals (for example, at 5 seconds intervals).

Specifically, the third-party application may determine that the preset trigger condition is satisfied by detecting whether the operation of the user in the third-party application requires a target result obtained by the target service provider through invoking the target service.

For example, when the third-party application detects that the operation of the user XX applying the installment purchasing service in the shopping APP requires the account credit data obtained by the account credit inquiry service of the user using the YY open bank, it is determined that the operation of the user in the third-party application satisfies the preset trigger condition.

Under the condition that the operation of the user in the third-party application is detected to meet the preset trigger condition, the third-party application can automatically generate a target calling request aiming at the target server.

The target calling request at least carries an identity of a third-party application. The target call request may further carry an identity of a user, a service identifier of a target service requested to be called, or an interface identifier of an API interface corresponding to the target service requested to be called.

Meanwhile, the third party application may generate a third signature using the private key of the third party application (which may be denoted as sk (v)).

In some embodiments, as shown in fig. 3, the third party application may wake up the authorization plug-in and then send the third party signature and the target invocation request to the authorization plug-in.

In particular implementations, the authorization plug-in may be in a dormant state. The third party application may wake up the authorization plug-in by sending a preset trigger message to the authorization plug-in.

In some embodiments, after receiving the third-party signature and the target invocation request, the authorization plug-in may first sign the target invocation request by using a held user private key (sk (u)), so as to obtain a signed target invocation request; and then the signed target call request and the third party signature are sent to the open API platform of the target service party together.

The authorization plug-in can also verify the signature of the third party by using the saved registration information of the third party application; under the condition that the third party signature passes verification, signing the target calling request to obtain a signed target calling request; and then the signed target call request and the third party signature are sent to the open API platform of the target service party together. Therefore, the data privacy security of the user can be better protected.

In some embodiments, the signed target call request and the third party signature sent by the authorization plug-in may be received by the open API platform of the target business party. The open API platform of the target service party may perform preset verification according to the signed target call request and the third party signature. The preset verification specifically may include: a first verification of an application identity with respect to a third party application, and a second verification of a user identity with respect to a user.

Specifically, when performing the preset verification, the open API platform of the target service party may first perform the first verification on the signature of the third party by using the stored application identity certificate and the stored identity identifier that the third party should use; and meanwhile, performing second verification on the signed target calling request by using the stored user identity certificate and the stored identity mark of the user.

And determining that the preset verification passes under the condition that the first verification and the second verification pass. In contrast, in a case where it is determined that there is at least one of the first authentication and the second authentication failed, it is determined that the preset authentication failed.

Under the condition that the preset verification is determined to be failed, in order to protect the data security of the user and avoid that a third party calls the target service by falsely using the user information by the user or other data parties, the open API platform of the target service party can refuse to respond to the target calling request, generate calling prompt information and send the calling prompt information to the terminal equipment so as to carry out related reminding on the user and better protect the data privacy security of the user.

In some embodiments, in the case that it is determined that the preset verification is passed, the open API platform of the target service party may further verify the request content of the target call request according to the saved authorization file.

Specifically, for example, the open API platform of the target service party may perform content verification on the specific request content of the target call request according to the authorization parameter and the authorization relationship included in the authorization file, so as to determine whether the target service requested to be called by the target call request meets the authorization right, is in the authorization time, and the like.

And under the condition that the request content of the target call request passes the verification, responding to the target call request, and calling the requested target service through the corresponding API interface to obtain a corresponding target result.

For example, an API interface corresponding to the account credit query for the user is called, and a database of the YY bank is queried to obtain the account credit data of the user.

In some embodiments, in implementation, the open API platform of the target service party may directly send the obtained target result to the third-party application. As shown in fig. 3.

Certainly, in some scenarios, the open API platform of the target service party may also send the target result to the authorization plug-in first; and the target result is forwarded to the third-party application by the authorization plug-in.

In some embodiments, after receiving the target result, the third-party application may perform corresponding target data processing according to the target result.

Specifically, for example, the XX shopping APP can determine the transaction risk level of the user according to account credit data of the user provided by the YY open bank; and further determining whether to provide the applied stage purchase service for the user according to the transaction risk level of the user.

By the above scenario example, the data calling method implemented based on the present specification can automatically generate a target calling request for a target service of a target service party when a user operates in a third-party application deployed in a terminal device and the third-party application detects that the operation of the user meets a preset trigger condition, and generate a third-party signature by using a private key of the third-party application; then awakening an authorization plug-in arranged on the same terminal device, and sending the target calling request and the third party signature to the authorization plug-in; the authorization plug-in signs the target calling request to obtain the signed target calling request; then the signed target calling request and the third party signature are sent to an open API platform of a related target service party; the open API platform performs preset verification according to the signed target calling request and the third party signature; and under the condition that the preset verification is passed, responding to the target calling request, calling the target service to obtain a corresponding target result, and feeding the target result back to the third-party application. Therefore, on the premise of protecting the privacy and the safety of user data, when a user operates in a third-party application, the target service provided by a target service party required by the operation can be automatically and safely called in a user weak perception mode, so that the user operation is reduced, and the use experience of the user is improved; meanwhile, the intrusion to the third-party application is reduced as the third-party application does not need to be greatly changed.

Referring to fig. 4, an embodiment of the present specification provides a data calling method. The method is particularly applied to third-party applications. The third party application is arranged on the terminal equipment, the terminal equipment is also provided with an authorization plug-in associated with the open API platform of the target business party, the open API platform of the target business party provides a plurality of API interfaces, and the API interfaces respectively correspond to one business service provided by the target business party. In particular implementations, the method may include the following.

S401: and under the condition that the operation of the user in the third-party application is detected to meet the preset trigger condition, generating a target calling request aiming at the target service of the target service party, and generating a third-party signature by using a private key of the third-party application.

S402: awakening an authorization plug-in and sending the third party signature and the target calling request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party.

S403: and receiving the target result.

In some embodiments, the third-party application may specifically be an application program of a third party in a cooperative relationship with the target business party. Alternatively, the third-party application may be an application program of a third party that allows the target business party to invoke the provided service although there is no cooperative relationship with the target business party.

In some embodiments, the condition that the preset trigger condition is satisfied may be specifically understood as a condition that a relevant operation (or instruction) of the user in the third-party application needs to invoke a target service provided by the target service party.

In some embodiments, after receiving the target result, when the method is implemented, the method may further include: and carrying out corresponding target data processing according to the target result.

In some embodiments, the third-party application may specifically include: APP of a third party shopping platform, etc.; the target service party may specifically include: open banks, etc.

In some embodiments, the target result may specifically include: account credit data for the user, etc.; correspondingly, according to the target result, performing corresponding target data processing, which may specifically include: determining the transaction risk level of the user according to the account credit data of the user; and providing the matched transaction service for the user according to the transaction risk level of the user.

Of course, it should be noted that the above listed third party application, target business party, target result, and target data processing are only schematic illustrations. In specific implementation, according to a specific application scenario and a processing requirement, the third-party application, the target service party, the target result, and the target data processing may further include other types of applications, service parties, result data, data processing, and the like.

For example, in a health management scenario of a user, the third-party application may be a health management APP installed on a mobile phone of the user, and the target business party may be a certain hospital platform that stores and manages physical examination data of the user. Accordingly, the target result may be physical examination data of the user, and the target data processing may be to predict the current health status of the user according to the physical examination data of the user and generate a health management scheme matching the current health status for the user.

In some embodiments, when the method is implemented when it is detected that the operation of the user in the third-party application satisfies the preset trigger condition, the method may further include: presenting prompt information about target service of a target service calling party to a user; and under the condition that a confirmation instruction of the user for the prompt information is determined to be received, generating a target calling request for the target service of the target business party, and generating a third party signature by using a private key of a third party application.

And under the condition that the confirmation instruction of the user for the prompt message is determined not to be received, the third-party application does not automatically generate a target call request and a third-party signature for the target service of the target business party.

Through the embodiment, the explicit authentication can be performed in an active prompting mode, so that the control right of the user on the private data is protected on the basis of simplifying the user operation.

In some embodiments, the method, when implemented, may further include:

s1: receiving and responding to a first registration instruction sent by the authorization plug-in, and performing third-party application registration through the authorization plug-in; the method comprises the steps that an authorization plug-in obtains an application identity certificate and an identity mark of a third-party application;

s2: and sending the application identity certificate and the identity of the third-party application to an open API platform of the target service party for registration and storage.

Through the embodiment, the third-party application can be prevented from being changed, so that the third-party application can automatically complete the related registration.

As can be seen from the above, in the data call method provided in the embodiments of the present specification, when a user operates in a third-party application disposed in a terminal device, the third-party application may automatically generate a target call request for a target service of a target service party when detecting that the operation of the user satisfies a preset trigger condition, and generate a third-party signature using a private key of the third-party application; then awakening an authorization plug-in arranged on the same terminal device, and sending the target calling request and the third party signature to the authorization plug-in; the authorization plug-in signs the target calling request to obtain the signed target calling request; then the signed target calling request and the third party signature are sent to an open API platform of a related target service party; the open API platform performs preset verification according to the signed target calling request and the third party signature; and under the condition that the preset verification is passed, responding to the target calling request, calling the target service to obtain a corresponding target result, and feeding the target result back to the third-party application. Therefore, on the premise of protecting the privacy and the safety of user data, when a user operates in the third-party application, the target service provided by the target service party required by the operation can be automatically and safely called, the use experience of the user is improved, and meanwhile, the invasion to the third-party application is reduced.

Referring to fig. 5, an embodiment of the present specification further provides a data call method, which is applied to an authorization plug-in, where the authorization plug-in is associated with an open API platform of a target service party, the authorization plug-in is disposed in a terminal device, and the terminal device is further disposed with a third party application. When the method is implemented, the following contents may be included.

S501: and receiving a third party signature and a target calling request sent by a third party application.

S502: and signing the target calling request to obtain the signed target calling request.

S503: sending the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

In some embodiments, when the method is implemented, the method may further include: displaying a user registration interface to a user; acquiring registration information of a user through the user registration interface; obtaining a user identity certificate and an identity mark of a user according to registration information of the user; and sending the user identity certificate and the identity mark of the user to an open API platform of the target service party for registration and storage.

In some embodiments, when the method is implemented, the method may further include: generating a user private key according to the registration information of the user; and locally storing the user private key; correspondingly, the target calling request is signed by using the user private key, and the signed target calling request is obtained.

In some embodiments, when the method is implemented, the method may further include: searching whether unregistered third-party application exists in the applications installed in the terminal equipment; in the event that an unregistered third party application is retrieved, a first registration instruction is sent to the third party application.

In some embodiments, after sending the first registration instruction to the third-party application, when the method is implemented, the method may further include: receiving registration information of the third-party application fed back by the third-party application; obtaining an application identity certificate and an identity label of the third-party application according to the registration information of the third-party application; and sending the application identity certificate and the identity of the third-party application to an open API platform of the target service party for registration and storage.

In some embodiments, when the method is implemented, the method may further include: responding to an authorization instruction of a user, and displaying an authorization setting interface to the user; obtaining authorization parameters through the authorization setting interface; generating an authorization file according to the authorization parameter; and sending the authorization file to an open API platform of the target service party for storage.

In some embodiments, the authorization parameter may specifically include at least one of: identity of the authorizing application, service identity of the service authorized to be invoked, type of operation authorized, time authorized, authorization rights, and the like.

It should be understood that the above listed authorization parameters are only exemplary. In specific implementation, the authorization parameters may also include other types of attribute parameters according to specific application scenarios and processing requirements. The present specification is not limited to these.

In some embodiments, after receiving the third party signature and the target invocation request sent by the third party application, when the method is implemented, the method may further include: verifying the third party signature; and under the condition that the signature of the third party is verified, signing the target calling request to obtain a signed target calling request.

Referring to fig. 6, an embodiment of the present disclosure further provides a data call method, which is applied to an open API platform of a target service party, where the open API platform of the target service party provides a plurality of API interfaces, and the API interfaces respectively correspond to a service provided by the target service party. The method may include the following steps when implemented.

S601: receiving a signed target calling request and a third party signature sent by an authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of the target business party.

S602: and performing preset verification according to the signed target calling request and the third party signature.

S603: and under the condition that the preset verification is passed, responding to the target calling request, and calling the target service to obtain a corresponding target result.

In some implementations, after obtaining the corresponding target result, when the method is implemented, the method may further include: sending the target result to a third party application; and the third-party application is arranged on the terminal equipment where the authorization plug-in is located.

In some implementations, the performing of the preset verification according to the signed target invocation request and the third-party signature may include the following steps:

s1: performing first verification on the third party signature according to the stored application identity certificate and the identity mark of the third party application;

s2: performing second verification on the signed target calling request according to the stored user identity certificate and the stored identity mark of the user;

s3: and determining that the preset verification passes under the condition that the first verification passes and the second verification passes.

In some embodiments, when the method is implemented in the case that it is determined that the preset verification passes, the method may further include: and verifying the request content of the target calling request according to the authorization file.

In some embodiments, the open API platform of the target service party starts to accumulate the authorization duration after receiving and storing the authorization file; and determining whether the authorization file is invalid or not by detecting whether the accumulated authorization duration exceeds the authorization time or not according to the authorization parameters in the stored authorization file at intervals of a preset time period.

And when the accumulated authorization duration is detected to exceed the authorization time and the authorization file is determined to be invalid, generating authorization update prompt information and sending the authorization update prompt to the authorization plug-in.

The authorization plug-in can display the authorization update prompt to the user through the terminal equipment and receive an operation instruction of the user for the authorization prompt information. And determining whether to update the authorization file according to the operation instruction of the user for the authorization prompt message.

Specifically, the authorization plug-in may generate the update confirmation information and send the update confirmation information to the open API platform of the target service party, when the received operation instruction is to determine the update. The open API platform of the target service party may respond to the confirmation update information and newly accumulate the authorization duration for the original authorization file. Therefore, the user does not need to carry out excessive operation, and the original authorization file can be efficiently and practically updated.

On the contrary, in the case that the received operation instruction is determined not to be updated, the authorization plug-in may generate deletion information and send the deletion information to the open API platform of the target service party. The open API platform of the target service party may delete the stored authorization file in response to the deletion information.

Therefore, the data calling method provided by the embodiment of the specification can automatically and safely call the target service of the required target service party when the user operates in the third-party application on the premise of protecting the data security of the user, so that the user experience is improved, and the invasion to the third-party application is reduced.

An embodiment of the present specification further provides a terminal device, including a processor and a memory for storing processor-executable instructions, where the processor, when implemented specifically, may perform the following steps according to the instructions: under the condition that the operation of a user in the third-party application is detected to meet a preset trigger condition, generating a target calling request aiming at the target service of a target service party, and generating a third-party signature by using a private key of the third-party application; awakening an authorization plug-in and sending the third party signature and the target calling request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party; and receiving the target result.

In order to complete the above instruction more accurately, referring to fig. 7, another specific terminal device is provided in the embodiments of the present specification, where the terminal device includes a network communication port 701, a processor 702, and a memory 703, and the above structures are connected by an internal cable, so that the structures may perform specific data interaction.

The network communication port 701 may be specifically configured to generate a target call request for a target service of a target service party when it is detected that an operation of a user in a third-party application satisfies a preset trigger condition, and generate a third-party signature by using a private key of the third-party application.

The processor 702 may be specifically configured to wake up an authorization plug-in, and send the third party signature and the target invocation request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party; and receiving the target result.

The memory 703 may be specifically configured to store a corresponding instruction program.

In this embodiment, the network communication port 701 may be a virtual port that is bound to different communication protocols, so that different data can be sent or received. For example, the network communication port may be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for mail data communication. In addition, the network communication port can also be a communication interface or a communication chip of an entity. For example, it may be a wireless mobile network communication chip, such as GSM, CDMA, etc.; it can also be a Wifi chip; it may also be a bluetooth chip.

In this embodiment, the processor 702 may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The description is not intended to be limiting.

In this embodiment, the memory 703 may include multiple layers, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.

The embodiment of the present specification further provides another terminal device, including a processor and a memory for storing executable instructions of the processor, where the processor may perform the following steps according to the instructions when being implemented: receiving a third party signature and a target calling request sent by a third party application; signing the target calling request to obtain a signed target calling request; sending the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

The embodiment of the present specification further provides another terminal device, including a processor and a memory for storing executable instructions of the processor, where the processor may perform the following steps according to the instructions when being implemented: receiving a signed target calling request and a third party signature sent by an authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of a target service party; performing preset verification according to the signed target calling request and the third party signature; and under the condition that the preset verification is passed, responding to the target calling request, and calling the target service to obtain a corresponding target result.

The embodiment of the present specification further provides a computer storage medium based on the above data calling method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium implements: under the condition that the operation of a user in the third-party application is detected to meet a preset trigger condition, generating a target calling request aiming at the target service of a target service party, and generating a third-party signature by using a private key of the third-party application; awakening an authorization plug-in and sending the third party signature and the target calling request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party; and receiving the target result.

The embodiment of the present specification further provides a computer storage medium based on the above data calling method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium implements: receiving a third party signature and a target calling request sent by a third party application; signing the target calling request to obtain a signed target calling request; sending the signed target calling request and the third party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

The embodiment of the present specification further provides a computer storage medium based on the above data calling method, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer storage medium implements: receiving a signed target calling request and a third party signature sent by an authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of a target service party; performing preset verification according to the signed target calling request and the third party signature; and under the condition that the preset verification is passed, responding to the target calling request, and calling the target service to obtain a corresponding target result.

In this embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk Drive (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.

In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.

Referring to fig. 8, in a software level, an embodiment of the present specification further provides a data calling apparatus, which may specifically include the following structural modules:

the generating module 801 may be specifically configured to generate a target invocation request for a target service of a target service party and generate a third party signature by using a private key of a third party application, when it is detected that an operation of a user in the third party application satisfies a preset trigger condition;

the sending module 802 may be specifically configured to wake up an authorization plug-in, and send the third-party signature and the target invocation request to the authorization plug-in; the authorization plug-in signs the target calling request to obtain a signed target calling request; the authorization plug-in sends the signed target calling request and the third party signature to an open API platform of a target service party; the open API platform of the target service party calls a target service to obtain a corresponding target result under the condition that the preset verification passes according to the signed target calling request and the signature of the third party;

the receiving module 803 may be specifically configured to receive the target result.

It should be noted that, the units, devices, modules, etc. illustrated in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. It is to be understood that, in implementing the present specification, functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules or sub-units, or the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

An embodiment of the present specification further provides another data invoking device, which may specifically include: the receiving module is specifically used for receiving a third party signature and a target calling request sent by a third party application; the signature module is specifically used for signing the target calling request to obtain a signed target calling request; the sending module is specifically configured to send the signed target invocation request and the third-party signature to an open API platform of a target service party; and the open API platform of the target service party calls the target service to obtain a corresponding target result under the condition that the preset verification is passed according to the signed target calling request and the signature of the third party.

An embodiment of the present specification further provides another data invoking device, which may specifically include: the receiving module is specifically used for receiving the signed target calling request and the third party signature sent by the authorization plug-in; the authorization plug-in is arranged on the terminal equipment; the authorization plug-in is associated with an open API platform of a target service party; the verification module is specifically used for performing preset verification according to the signed target calling request and the third-party signature; the calling module may be specifically configured to respond to the target calling request and call the target service to obtain a corresponding target result when the preset verification passes.

As can be seen from the above, the data invoking device provided in the embodiments of the present specification can, on the premise of protecting the privacy and security of user data, automatically and safely invoke a target service provided by a target service party required by a user when the user operates in a third-party application, thereby improving the user experience and reducing the intrusion to the third-party application.

Although the present specification provides method steps as described in the examples or flowcharts, additional or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus necessary general hardware platform. With this understanding, the technical solutions in the present specification may be essentially embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments in the present specification.

The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims

1. A data calling method is characterized in that the method is applied to third-party application, the third-party application is arranged on a terminal device, the terminal device is also provided with an authorization plug-in associated with an open API platform of a target service party, the open API platform of the target service party provides a plurality of API interfaces, and the API interfaces respectively correspond to a service provided by the target service party, and the method comprises the following steps:

and receiving the target result.

2. The method of claim 1, wherein after receiving the target result, the method further comprises:

3. The method of claim 2, wherein the third party application comprises: APP of a third party shopping platform; the target service party comprises: and (5) opening a bank.

4. The method of claim 3, wherein the target result comprises: account credit data for the user;

5. The method according to claim 1, wherein in case that it is detected that the operation of the user in the third-party application meets a preset trigger condition, the method further comprises:

6. The method of claim 1, further comprising:

7. A data calling method is characterized in that the method is applied to an authorization plug-in, the authorization plug-in is associated with an open API platform of a target service party, the authorization plug-in is arranged on a terminal device, the terminal device is also provided with a third party application, and the method comprises the following steps:

signing the target calling request to obtain a signed target calling request;

8. The method of claim 7, further comprising:

displaying a user registration interface to a user;

9. The method of claim 8, further comprising:

accordingly, the method can be used for solving the problems that,

10. The method of claim 8, further comprising:

11. The method of claim 10, wherein after sending the first registration instruction to the third-party application, the method further comprises:

12. The method of claim 11, further comprising:

obtaining authorization parameters through the authorization setting interface;

13. The method of claim 12, wherein the authorization parameters comprise at least one of: identity of the authorized application, service identity of the service authorized to be invoked, type of operation authorized, time authorized, authorization rights.

14. The method of claim 11, wherein after receiving the third party signature and the target invocation request sent by the third party application, the method further comprises:

verifying the third party signature;

15. A data calling method is characterized in that the method is applied to an open API platform of a target service party, the open API platform of the target service party provides a plurality of API interfaces, and the API interfaces respectively correspond to a service provided by the target service party, and the method comprises the following steps:

16. The method of claim 15, wherein after obtaining the corresponding target result, the method further comprises:

17. The method of claim 15, wherein performing a predetermined verification based on the signed target invocation request and a third party signature comprises:

18. The method of claim 17, wherein in case that the preset authentication is determined to pass, the method further comprises:

19. A data call apparatus, comprising:

and the receiving module is used for receiving the target result.

20. A data call apparatus, comprising:

21. A data call apparatus, comprising:

22. A terminal device comprising a processor and a memory for storing processor-executable instructions which, when executed by the processor, implement the steps of the method of any one of claims 1 to 6, 7 to 14, or 15 to 18.

23. A computer readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1 to 6, 7 to 14, or 15 to 18.