CN114140200A - Verification method, verification device, electronic equipment and storage medium - Google Patents
Verification method, verification device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114140200A CN114140200A CN202111447357.0A CN202111447357A CN114140200A CN 114140200 A CN114140200 A CN 114140200A CN 202111447357 A CN202111447357 A CN 202111447357A CN 114140200 A CN114140200 A CN 114140200A
- Authority
- CN
- China
- Prior art keywords
- information
- resource transfer
- callback
- verification
- parameter item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to a verification method, a verification device, electronic equipment and a storage medium, relates to the technical field of information security, and at least solves the problem of low security in the related technology. The verification method comprises the following steps: acquiring credential information of a target resource transfer credential; the target resource transfer certificate is a resource transfer certificate successfully accepted by the service server; determining first resource transfer callback information of a target resource transfer credential, wherein the first resource transfer callback information is configured with at least one parameter item to be verified; the information content corresponding to the parameter item to be verified is different from the certificate information; sending first resource transfer callback information to a service server and receiving first callback result information; and determining a first verification result based on the first callback result information, wherein the first verification result is used for representing whether the service server performs data processing on at least one parameter item to be verified.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a verification method, an apparatus, an electronic device, and a storage medium.
Background
After the user account completes resource transfer on the application program, the resource transfer server informs the service server in the form of resource transfer callback notification. After receiving the resource transfer callback notification, the service server needs to perform data processing on the callback information in the resource transfer callback notification to prevent malicious and false resource transfer callbacks. And once the service server does not perform data processing on the resource transfer callback information, the security of the resource transfer is low. However, in the related art, it is not clear whether the service server performs data processing on the resource transfer callback information, and thus the security is low.
Disclosure of Invention
The present disclosure provides a verification method, an apparatus, an electronic device, and a storage medium, so as to at least solve the problem of low security in the related art. The technical scheme of the disclosure is as follows:
according to a first aspect of embodiments of the present disclosure, there is provided a verification method, including: acquiring credential information of a target resource transfer credential; the target resource transfer certificate is a resource transfer certificate successfully accepted by the service server; determining first resource transfer callback information of a target resource transfer credential; the first resource transfer callback information is configured with at least one parameter item to be verified, and the information content corresponding to the parameter item to be verified is different from the credential information; sending first resource transfer callback information to a service server and receiving first callback result information; the first callback result information is result information obtained by the service server based on the first resource transfer callback information; determining a first verification result based on the first callback result information; the first verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information.
In one possible implementation, obtaining credential information of the target resource transfer credential includes: acquiring preset verification configuration information, wherein the verification configuration information at least comprises a plurality of parameter items to be verified and a resource transfer certificate identifier; and acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
In another possible embodiment, determining the first verification result based on the first callback result information includes: under the condition that the first callback result information represents that the verification is successful, determining that the first verification result is that the service server does not execute data processing on at least one parameter item to be verified; and under the condition that the first callback result information represents that the verification fails, determining that the first verification result is that the service server has executed data processing on at least one parameter item to be verified.
In another possible implementation, in a case that the first callback result information indicates that the verification is successful, the method further includes: and sending alarm information.
In another possible implementation manner, in the case that the first callback result information indicates that the verification fails, the method further includes: determining second resource transfer callback information of the target resource transfer credential, wherein the second resource transfer callback information is configured with at least one parameter item to be verified; the parameter item to be verified configured by the second resource transfer callback information is different from the parameter item to be verified configured by the first resource transfer callback information; sending second resource transfer callback information to the service server and receiving second callback result information; the second callback result information is result information obtained by the service server based on the second resource transfer callback information; determining a second verification result based on the second callback result information; the second verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the second resource transfer callback information.
In another possible embodiment, the parameter item to be verified includes at least one of a signature parameter item, a false resource transfer credential parameter item, a false verification parameter item, a false user account parameter item, and a repeat callback parameter item.
In another possible implementation, in a case that the parameter item to be verified includes a signature parameter item, determining first resource transfer callback information of the target resource transfer credential includes: generating first signature information, wherein the content of the first signature information is different from the signature information in the certificate information; based on the first signature information, first resource transfer callback information is determined.
In another possible implementation, in a case that the parameter item to be verified includes a false resource transfer credential parameter item, determining first resource transfer callback information of the target resource transfer credential includes: generating first resource transfer information, wherein the content of the first resource transfer information is different from the resource transfer information in the voucher information; based on the first resource transfer information, first resource transfer callback information is determined.
In another possible implementation, in a case that the parameter item to be verified includes a false verification parameter item, determining the first resource transfer callback information of the target resource transfer credential includes: generating false verification information of the target resource transfer certificate according to the certificate information; determining first resource transfer callback information, the first resource transfer callback information including false verification information.
In another possible implementation, in a case where the parameter item to be verified includes a false user account parameter item, determining the first resource transfer callback information of the target resource transfer credential includes: generating first user account information, wherein the content of the first user account information is different from the user account information in the voucher information; first resource transfer callback information is determined based on the first user account information.
In another possible implementation, in a case that the parameter item to be verified includes a repeat callback parameter item, determining first resource transfer callback information of the target resource transfer credential includes: configuring the callback times of the first resource transfer callback information as N times, wherein N is a positive integer greater than 1; sending first resource transfer callback information to a service server, comprising: and sending the first resource transfer callback information to the service server for N times.
According to a second aspect of embodiments of the present disclosure, there is provided an authentication apparatus including: the acquisition module is configured to execute the acquisition of the credential information of the target resource transfer credential; the target resource transfer certificate is a resource transfer certificate successfully accepted by the service server; the determining module is configured to execute first resource transfer callback information for determining the target resource transfer credential, the first resource transfer callback information is configured with at least one parameter item to be verified, and the information content corresponding to the parameter item to be verified is different from credential information; the sending module is configured to send the first resource transfer callback information to the service server and receive the first callback result information; the first callback result information is result information obtained by the service server based on the first resource transfer callback information; a verification module configured to perform determining a first verification result based on the first callback result information; the first verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information.
In one possible embodiment, the obtaining module is further configured to perform: acquiring preset verification configuration information, wherein the verification configuration information comprises a plurality of parameter items to be verified and resource transfer certificate identifiers; and acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
In another possible embodiment, the verification module is specifically configured to perform: under the condition that the first callback result information represents that the verification is successful, determining that the first verification result is that the service server does not execute data processing on at least one parameter item to be verified; and under the condition that the first callback result information represents that the verification fails, determining that the first verification result is that the service server has executed data processing on at least one parameter item to be verified.
In another possible implementation manner, in a case that the first callback result information indicates that the verification is successful, the sending module is further configured to perform: and sending alarm information.
In another possible implementation manner, in a case that the first callback result information indicates that the verification fails, the determining module is further configured to perform: determining second resource transfer callback information of the target resource transfer credential, wherein the second resource transfer callback information is configured with at least one parameter item to be verified; the parameter item to be verified configured by the second resource transfer callback information is different from the parameter item to be verified configured by the first resource transfer callback information; the sending module is further configured to perform: sending second resource transfer callback information to the service server and receiving second callback result information; the second callback result information is result information obtained by the service server based on the second resource transfer callback information; the verification module is further configured to perform: determining a second verification result based on the second callback result information; the second verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the second resource transfer callback information.
In another possible embodiment, the parameter item to be verified includes at least one of a signature parameter item, a false resource transfer credential parameter item, a false verification parameter item, a false user account parameter item, and a repeat callback parameter item.
In another possible implementation, in a case that the parameter item to be verified includes a signature parameter item, the determining module is specifically configured to perform: generating first signature information, wherein the content of the first signature information is different from the signature information in the certificate information; based on the first signature information, first resource transfer callback information is determined.
In another possible implementation, in the case that the parameter item to be verified includes a false resource transfer credential parameter item, the determining module is specifically configured to perform: generating first resource transfer information, wherein the content of the first resource transfer information is different from the resource transfer information in the voucher information; based on the first resource transfer information, first resource transfer callback information is determined.
In another possible implementation, in a case that the parameter item to be verified includes an SQL injection parameter item, the determining module is specifically configured to perform: generating false verification information of the target resource transfer certificate according to the certificate information; determining first resource transfer callback information, the first resource transfer callback information including false verification information.
In another possible implementation, in a case where the parameter item to be verified includes a false user account parameter item, the determining module is specifically configured to perform: generating first user account information, wherein the content of the first user account information is different from the user account information in the voucher information; first resource transfer callback information is determined based on the first user account information.
In another possible implementation manner, in the case that the parameter item to be verified includes a repeated callback parameter item, the determining module is specifically configured to perform: configuring the callback times of the first resource transfer callback information as N times, wherein N is a positive integer greater than 1; the sending module is specifically configured to perform: and sending the first resource transfer callback information to the service server for N times.
According to a third aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the instructions to implement the verification method of the first aspect and any possible implementation thereof.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium, in which instructions, when executed by a processor of an electronic device, enable the electronic device to perform the authentication method of any one of the above-mentioned first aspects and any one of its possible implementations.
According to a fifth aspect of embodiments of the present disclosure, there is provided a computer program product comprising computer instructions which, when run on an electronic device, cause the electronic device to perform the authentication method of the first aspect and any of its possible implementations.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects: determining first resource transfer callback information of the target resource transfer credential, and configuring at least one parameter item to be verified for the first resource transfer callback information, the first resource transfer callback information is configured with the content of the information content different from the content of the voucher information of the target resource transfer voucher, namely, the resource transfer callback information configured with false information is sent to the service server, thereby realizing that whether the service server executes the verification processing to at least one parameter item to be verified or not is judged according to the first callback result information returned by the service server, and further determine whether the callback check logic of the service server is reasonable, so that when the callback check logic of the service server is not reasonable, the callback check logic of the service server is adjusted in time, the safety of the service server is improved, meanwhile, the defect of low safety caused by unreasonable callback check logic of the service server is avoided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
FIG. 1 is a flow diagram illustrating a verification method in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating another authentication method in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating another authentication method in accordance with an exemplary embodiment;
FIG. 4 is a flow diagram illustrating another authentication method in accordance with an exemplary embodiment;
FIG. 5 is a flow diagram illustrating another authentication method in accordance with an exemplary embodiment;
FIG. 6 is a flow diagram illustrating another authentication method in accordance with an exemplary embodiment;
FIG. 7 is an interaction diagram illustrating a method of authentication in accordance with an exemplary embodiment;
FIG. 8 is a block diagram illustrating an authentication device in accordance with an exemplary embodiment;
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment.
Detailed Description
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Before describing the verification method provided by the present disclosure in detail, a brief description is given to an application scenario and an implementation environment related to the present disclosure.
First, a brief description is given of an application scenario to which the present disclosure relates.
After the user account purchases goods on the application program, the business server deducts the goods inventory first, and then calls the resource transfer server to initiate ordering. Furthermore, the user account initiates a resource transfer request through the resource transfer server, and after the user account completes the resource transfer, the resource transfer server informs the service server in a resource transfer callback notification mode. After receiving the resource transfer callback notification, the service server accepts the request and performs subsequent flow operations, such as issuing commodities to a user account.
Further, in order to ensure fund security and prevent malicious and false resource transfer callback, after receiving the resource transfer callback notification, the service server needs to perform data processing on the resource transfer callback information in the resource transfer callback notification, for example, perform information matching verification on the resource transfer callback information and perform signature verification on the signature information in the resource transfer callback notification, and meanwhile, since the resource transfer callback is performed in the http form, in order to prevent resource release repetition caused by network jitter and other conditions, the service server needs to perform power-like processing on the resource transfer callback information, and the like. Once the service server does not perform data processing on the resource transfer callback information, the security of the resource transfer is reduced. However, in the related art, the resource transfer server does not know whether the service server performs data processing on the resource transfer callback information, and thus the security of resource transfer is low.
In view of the above problems, the present disclosure provides a verification method, which determines first resource transfer callback information of a target resource transfer credential, and configures at least one parameter item to be verified for the first resource transfer callback information, so that the first resource transfer callback information is configured with content of information different from the credential information of the target resource transfer credential, that is, sends a resource transfer callback information configured with false information to a service server, thereby implementing a determination of whether the service server performs data processing on the at least one parameter item to be verified according to the first callback result information returned by the service server, and further determining whether the callback check logic of the service server is reasonable, so as to adjust the callback check logic of the service server in time when the callback check logic of the service server is unreasonable, thereby improving the security of the service server, the problem of low security of resource transfer caused by unreasonable callback check logic of the service server is solved.
Next, the following briefly describes an implementation environment (implementation architecture) related to the present disclosure.
The verification method provided by the embodiment of the disclosure can be applied to electronic equipment. The electronic device may be a terminal device or a server. The terminal device can be a smart phone, a tablet computer, a palm computer, a vehicle-mounted terminal, a desktop computer, a notebook computer and the like. The server may be any one server or server cluster, and the disclosure is not limited thereto.
In addition, the user information (including but not limited to the credential information of the resource transfer credential, the user personal information, etc.) related to the present disclosure is information authorized by the user or sufficiently authorized by each party.
For ease of understanding, the authentication methods provided by the present disclosure are specifically described below with reference to the accompanying drawings.
FIG. 1 is a flow diagram illustrating a verification method for an electronic device, according to an example embodiment. As shown in fig. 1, the authentication method includes the following S101-S104.
In S101, credential information of the target resource transfer credential is acquired.
The target resource transfer certificate is a resource transfer certificate successfully accepted by the service server.
In one embodiment, after the user account purchases goods on the application program and completes resource transfer, the resource transfer server sends target resource transfer callback information of a target resource transfer certificate of the user account completing resource transfer to the service server so as to inform the service server of the resource transfer result of the user account. And after receiving the target resource transfer callback information, the service server returns callback success information for calling back the target resource transfer callback information to the resource transfer server, wherein the callback success information is used for representing that the service server successfully accepts the target callback information, and then the purchased commodity is issued to the target user account.
Optionally, the credential information of the target resource transfer credential includes at least one of user account information, resource transfer information, target resource transfer callback information, service party information, and signature information.
In one embodiment, the user account information includes user account identification, user address information. The resource transfer information comprises resource transfer voucher identification, resource transfer money amount, resource transfer account information and commodity information. The target resource transfer callback information includes a callback identification. The service party information includes a service party identification.
In one possible implementation, obtaining credential information of the target resource transfer credential includes: acquiring preset verification configuration information; the verification configuration information at least comprises a plurality of parameter items to be verified and a resource transfer certificate identifier; and acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
In one embodiment, when the callback success information of the target resource transfer callback information is received, it indicates that the service server has successfully accepted the target resource transfer callback information. However, the electronic device does not know whether the service server performs verification processing on the target resource transfer callback information, that is, whether information content of the target resource transfer callback information is verified, for example, whether signature information in the target resource transfer callback information is verified, whether power-like processing is performed on repeated callbacks, or the like. Therefore, the electronic equipment starts a test environment and calls the resource transfer callback verification service to verify whether the service server performs verification processing on the target resource transfer callback information.
Optionally, after the target resource transfer credential receives the callback success information of the first resource transfer callback information, the configuration server obtains the verification configuration information, for example, the verification configuration information may be manually set, and then input to the configuration server. Further, after the electronic device starts the test environment, that is, after the resource transfer callback verification service is called, the preset verification configuration information is acquired from the configuration server.
In one embodiment, the electronic device obtains the verification configuration information after invoking the resource transfer callback verification service. The verification configuration information is preset verification configuration information of a target resource transfer certificate, and at least comprises a plurality of parameter items to be verified and a resource transfer certificate identifier. Because the verification configuration information is the preset verification configuration information of the target resource transfer voucher, the resource transfer voucher identifier in the verification configuration information is the identifier of the target resource transfer voucher. And after the electronic equipment acquires the configuration information, acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
Optionally, the parameter item to be verified comprises at least one of a signature parameter item, a false resource transfer credential parameter item, a repeat callback parameter item, a false verification parameter item, and a false user account parameter item. At least one item of a plurality of parameter items to be verified is configured for the first resource transfer callback information, so that whether the service server performs verification processing on at least one item of signature information, resource transfer certificate information, false verification information, user account information and repeated callback information is realized, and when the service server does not perform verification processing on the information, the callback verification logic of the service server is adjusted in time, and the economic loss caused by the fact that the service server omits the verification processing of important data is avoided. Furthermore, when a plurality of parameter items to be verified are configured for the first resource transfer callback information, the verification efficiency of the service server can be improved.
It can be understood that the parameter item to be verified refers to whether the service server to be verified performs verification on the parameter item to be verified. For example, in the case that the parameter item to be verified includes a false resource transfer credential parameter item, the first resource transfer callback information is used to verify whether the service server performs verification of the false resource transfer credential parameter item on the first resource transfer callback information.
In the embodiment, the preset parameter item to be verified is obtained by obtaining the verification configuration information, so that the resource transfer callback processing logic of the service server is verified according to the parameter item to be verified, the service server can be verified in a targeted manner, and the accuracy and the rationality of the verification method are improved.
In S102, determining first resource transfer callback information of a target resource transfer credential;
the first resource transfer callback information is configured with at least one parameter item to be verified, and the information content corresponding to the parameter item to be verified is different from the credential information. That is, the information content corresponding to the parameter item to be verified in the first resource transfer callback information is different from the real information content of the target resource transfer credential, or in other words, the information content corresponding to the parameter item to be verified in the first resource transfer callback information is a false content.
Optionally, the first resource transfer callback information is configured with one or more of signature information, resource transfer information, false verification information, user account information, and callback number information.
Optionally, the verification method further comprises: and configuring the corresponding relation between the parameter items and the information. And the electronic equipment determines the information content corresponding to the parameter item to be verified according to the corresponding relation between the pre-configured parameter item and the information. For example, the signature parameter item corresponds to signature information, the false resource transfer credential parameter item corresponds to resource transfer information, the repeated callback parameter item corresponds to callback number information, the false verification parameter item corresponds to false verification information, and the false user account parameter item corresponds to user account information.
In one embodiment, the correspondence between the parameter item and the information includes a correspondence between a parameter item identifier and an information identifier. For example, the signature parameter item identifier corresponds to the signature information identifier one to one.
In one embodiment, the electronic device determines the following information according to the pre-configured correspondence between the parameter items and the information: the information content corresponding to the signature parameter item is the content of the signature information, the information content corresponding to the false resource transfer credential parameter is the content of the resource transfer information, the information content corresponding to the repeated callback parameter item is the content of the callback time information, the information content corresponding to the false verification parameter item is the content of the false verification information in the resource transfer callback information, and the information content corresponding to the false user account parameter item is the content of the user account information.
The first resource transfer callback information is enabled to verify whether the service server performs verification on the parameter item to be verified or not by configuring the parameter to be verified for the first resource transfer callback information.
Optionally, after obtaining the credential information of the target resource transfer credential, the electronic device constructs the false resource transfer callback information to obtain the first resource transfer callback information.
In one embodiment, the electronic device changes the information content of the target information in the credential information, for example, changes the information content of the signature information in the credential information to obtain the target signature information, and generates the first resource transfer callback information according to the target signature information, and it is seen that the content of the target signature information in the first resource transfer callback information is different from the signature information in the credential information. At this time, the parameter item to be verified configured by the first resource transfer callback information is a signature parameter item, and the information content corresponding to the signature parameter item (i.e., the content of the target signature information) is different from the signature information in the credential information.
In another embodiment, after obtaining the credential information of the target resource transfer credential, a parameter item to be verified for which verification is to be performed is determined, for example, the parameter item to be verified for which verification is to be performed may be determined according to verification configuration information, or the parameter item to be verified for which verification is to be performed may be determined according to a preset parameter item to be verified. After determining the parameter item to be verified, for example, determining that the parameter item to be verified includes a false resource transfer credential parameter item, obtaining information content corresponding to the parameter item to be verified in the credential information, that is, content of resource transfer information corresponding to the false resource transfer credential parameter item, and changing the content of the resource transfer information in the credential information to obtain target resource transfer information. After the target resource transfer information is obtained, the electronic device generates first resource transfer callback information according to the target resource transfer information, and it is obvious that the content of the target resource transfer information in the first resource transfer callback information is different from the resource transfer information in the credential information.
Note that the change in the above embodiment includes the content of the modification information and the content of the deletion information.
In S103, first resource transfer callback information is sent to the service server, and first callback result information is received.
And the first callback result information is result information obtained by the service server based on the first resource transfer callback information.
Optionally, the verification configuration information further includes a service identifier.
In an embodiment, the electronic device sends first resource transfer callback information to a service server corresponding to the service identifier, and receives first callback result information returned by the service server for the first resource transfer callback information.
And sending the first resource transfer callback information configured with the parameter item to be verified to the service server to verify whether the service server executes verification processing on the parameter item to be verified configured with the first resource transfer callback information. Further, the service server performing verification processing on the parameter item to be verified configured by the first resource transfer callback information includes: and the service server verifies the information content corresponding to the parameter item to be verified. For example, first resource transfer callback information configured with a false user account parameter item is sent to the service server to verify whether the service server performed a check on the false user account parameter item. Specifically, the service server performing verification on the false user account parameter item comprises: the service server performs verification on the information content corresponding to the false user account parameter item (i.e. the content of the user account information).
In S104, a first verification result is determined based on the first callback result information, where the first verification result is used to characterize whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information.
Optionally, after receiving the first callback result information, the electronic device determines a first verification result according to the content represented by the first callback result information. Specifically, under the condition that the first callback result information represents that the verification is successful, determining that the first verification result is that the service server does not perform verification processing on at least one parameter item to be verified, that is, the service server does not pass the verification; and under the condition that the callback result information represents that the verification fails, determining that the first verification result is that the service server has performed verification processing on at least one parameter item to be verified, namely, the service server passes the verification.
In an embodiment, the first resource transfer callback information is configured with at least one parameter item to be verified, and when the first callback result information represents that verification is successful, it indicates that the service server does not verify that information content corresponding to the at least one parameter item to be verified is different from credential information of the target resource transfer credential, that is, information content corresponding to the at least one parameter item to be verified is not verified as false information, so that it is determined that a problem exists in service implementation logic (that is, callback check logic) of the service server on the resource transfer callback information, that is, the service server fails to verify.
In an embodiment, the first resource transfer callback information is configured with at least one parameter item to be verified, and when the first callback result information represents that verification fails, it indicates that the service server verifies that information content corresponding to the at least one parameter item to be verified is different from credential information of the target resource transfer credential, that is, the information content corresponding to the at least one parameter item to be verified is verified as false information, so that it is determined that the service server has no problem with service implementation logic (that is, callback check logic) of the resource transfer callback information, that is, the service server passes verification.
In the above embodiment, it is determined whether the service server performs verification processing on the parameter item to be verified configured in the first resource transfer callback information according to the content represented by the first callback result information, so as to determine whether the processing logic of the service server for resource transfer callback is reasonable, and further obtain a verification result for the callback verification logic of the service server.
In a possible implementation manner, in a case that the first callback result information represents that the verification is successful, the verification method further includes: and sending alarm information.
Optionally, when the first callback result information represents that the verification is successful, that is, the service server does not perform data processing on at least one parameter item to be verified configured by the first resource transfer callback information, the electronic device sends alarm information to the target device, so that the target device displays the alarm information.
In the above embodiment, the alarm information is sent when the first callback result information represents that the verification is successful, so as to remind the service server that the data processing is not performed on at least one parameter item to be verified, and further, the parameter item to be verified can be found and processed in time.
In the above embodiment, by determining the first resource transfer callback information of the target resource transfer credential and configuring at least one parameter item to be verified for the first resource transfer callback information, the first resource transfer callback information is configured with a content of information different from the credential information of the target resource transfer credential, that is, by sending a resource transfer callback information configured with false information to the service server, it is determined whether the service server performs verification processing on the at least one parameter item to be verified according to the first callback result information returned by the service server, and further determined whether the callback checking logic of the service server is reasonable, so that when the callback checking logic of the service server is unreasonable, the callback checking logic of the service server is adjusted in time, and the security of the service server is improved.
In a possible implementation manner, referring to fig. 1 and as shown in fig. 2, in a case that the callback result information represents that the verification fails, the verification method further includes: S105-S107.
In S105, second resource transfer callback information of the target resource transfer credential is determined, where the second resource transfer callback information is configured with at least one parameter item to be verified.
And the parameter item to be verified configured by the second resource transfer callback information is different from the parameter item to be verified configured by the first resource transfer callback information.
In one embodiment, the parameter item to be verified of the second resource transfer callback information configuration is different from the parameter item to be verified of the first resource transfer callback information configuration, including: the number of parameter items to be verified is different. For example, the first resource transfer callback information is configured with three to-be-verified parameter items, and the second resource transfer callback information is configured with two to-be-verified parameter items.
In another embodiment, the parameter item to be verified of the second resource transfer callback information configuration is different from the parameter item to be verified of the first resource transfer callback information configuration, including: the identifiers of the parameter items to be verified are different. For example, the first resource transfer callback information is configured with a signature parameter item, and the second resource transfer callback information is configured with a dummy resource transfer credential parameter item.
In another embodiment, the parameter item to be verified of the second resource transfer callback information configuration is different from the parameter item to be verified of the first resource transfer callback information configuration, including: the number of the parameter items to be verified is different, and the identifiers of the parameter items to be verified are different.
In S106, second resource transfer callback information is sent to the service server, and second callback result information is received.
Wherein the second callback result information is result information obtained by the service server based on the second resource transfer callback information
Optionally, the electronic device sends the second resource transfer callback information to the service server to verify whether the service server performs verification on the to-be-verified parameter configured by the second resource transfer callback information, so as to more comprehensively verify whether the callback verification logic of the service server is reasonable.
In S107, a second verification result is determined based on the second callback result information.
And the second verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the second resource transfer callback information.
Optionally, a principle that the electronic device determines the second verification result based on the second callback result information is the same as a principle that the electronic device determines the first verification result based on the first callback result information, and details are not repeated here.
In the foregoing embodiment, when the callback result information represents that the verification fails, that is, the callback verification logic of the service server for the first resource transfer callback information is reasonable, the electronic device sends the second resource transfer callback information and configures a parameter item to be verified, which is different from the first resource transfer callback information, for the second resource transfer callback information, so as to continuously verify whether the service server performs verification processing on other parameter items to be verified, thereby verifying the callback verification logic of the service server more accurately.
In another possible implementation, in the case that the parameter item to be verified includes a signature parameter item, as shown in fig. 3 in conjunction with fig. 1, S102 includes: s102a-S102 b.
In S102a, first signature information whose content is different from that in the credential information is generated.
Optionally, in a case that the parameter item to be verified includes a signature parameter item, the first resource transfer callback information is configured with first signature information.
Optionally, according to a pre-configured correspondence between the parameter item and the information, when the parameter item to be verified includes the signature parameter item, the information content corresponding to the parameter item to be verified includes content of the signature information, that is, the content of the signature information configured by the first resource transfer callback information is different from the signature information in the credential information.
Optionally, the electronic device changes the content of the signature information in the credential information to generate the first signature information. Since the signature information in the credential information is real signature information, the first signature information generated by changing the content of the real signature information is false signature information different from the content of the real signature information.
In one embodiment, the electronic device may modify the content of the signature information in the credential information by modifying a partial content of the signature information in the credential information to generate the first signature information.
In another embodiment, the electronic device may change the content of the signature information in the credential information by modifying the content of the signature information in the target credential information into null information to generate the first signature information, that is, the content of the first signature information is null information.
It can be understood that the content of the first signature information is null information, that is, the first resource transfer callback information is not configured with signature information.
In S102b, first resource transfer callback information is determined based on the first signature information.
Optionally, the electronic device determines, based on the first signature information, first resource transfer callback information, so that the first resource transfer callback information is configured with the first signature information.
It should be noted that the first resource transfer callback information is configured with only one signature information, that is, the first signature information, which does not include other signature information that is the same as the signature information in the credential information.
In the above embodiment, whether the service server performs verification on the signature parameter item is realized by configuring the to-be-verified parameter item including the signature parameter item for the first resource transfer callback information, so that the callback verification logic of the service server is adjusted in time under the condition that the service server does not perform verification on the signature parameter item, so as to ensure that the service server can perform verification on the signature information corresponding to the signature parameter item, prevent malicious and false resource transfer callbacks, and improve the security of funds.
In another possible implementation, in the case that the parameter item to be verified includes a false resource transfer credential parameter item, as shown in fig. 4 in conjunction with fig. 1, S102 includes: s102c-S102 d.
In S102c, first resource transfer information is generated, the content of which is different from the resource transfer information in the credential information.
Wherein the first resource transfer information at least comprises one or more items of resource transfer voucher identification, resource transfer amount and user account identification information.
Optionally, in a case that the parameter item to be verified includes a false resource transfer credential parameter item, the first resource transfer callback information is configured with the first resource transfer information.
Optionally, according to a pre-configured correspondence between the parameter item and the information, in a case that the parameter item to be verified includes the false resource transfer credential parameter item, the information content corresponding to the parameter item to be verified includes content of the resource transfer information, that is, the content of the resource transfer information configured by the first resource transfer callback information is different from the resource transfer information in the credential information.
Optionally, the electronic device changes the content of the resource transfer information in the credential information to generate the first resource transfer information. Since the resource transfer information in the credential information is real resource transfer information, the first resource transfer information generated by changing the content of the resource transfer information is false resource transfer information different from the content of the real resource transfer information.
In one embodiment, the electronic device changes the content of the resource transfer information in the credential information, which may be part of the modification of the resource transfer information in the credential information, for example, modifying at least one of the resource transfer credential identifier, the resource transfer credential amount, or the user account identification information in the resource transfer information, to generate the first resource transfer information.
In another embodiment, the electronic device may change the content of the resource transfer information in the credential information by modifying the content of the resource transfer information in the credential information into null information, for example, modifying the resource transfer credential identifier, the resource transfer amount, or the user account identifier information in the resource transfer information into null information, and generating the first resource transfer information, that is, the content of the resource transfer credential identifier, the resource transfer amount, or the user account identifier information in the first resource transfer information is null information.
In S102d, first resource transfer callback information is determined based on the first resource transfer information.
Optionally, the electronic device determines first resource transfer callback information based on the first resource transfer information, so that the first resource transfer callback information is configured with the first resource transfer information.
In the above embodiment, whether the service server performs verification on the parameter item of the false resource transfer credential is realized by configuring the parameter item to be verified including the parameter item of the false resource transfer credential for the first resource transfer callback information, so that under the condition that the service server does not perform verification on the parameter item of the false resource transfer credential, the callback verification logic of the service server is adjusted in time to ensure that the service server can perform verification on the resource transfer information corresponding to the parameter item of the false resource transfer credential, and prevent that the user account does not actually perform resource transfer, but when malicious callback is performed through forged data, the service server does not perform verification on the resource transfer information, which results in that the service server mistakenly considers that the user account has performed resource transfer successfully, and delivers the resource to the user, thereby causing fund loss.
In another possible implementation, in the case that the parameter item to be verified includes a dummy verification parameter item, as shown in fig. 5 in conjunction with fig. 1, S102 includes: s102e-S102 f.
At S102e, false verification information of the target resource transfer credential is generated based on the credential information.
Wherein the false verification information comprises a Structured Query Language (SQL) statement. The false verification information comprises a Structured Query Language (SQL) statement, so that SQL injection of the first resource transfer callback information is realized, and whether the business server verifies the SQL injection in the first resource transfer callback information is judged.
Optionally, in a case that the parameter item to be verified includes a false verification parameter item, the first resource transfer callback information is configured with false verification information.
In one embodiment, according to a pre-configured correspondence between a parameter item and information, in the case that the parameter item to be verified includes a false verification parameter item, the information content corresponding to the parameter item to be verified includes the content of the false verification information. Because the target resource transfer credential is a real resource transfer credential, the historical resource transfer callback information in the credential information does not include the false verification information, and the first resource transfer callback information is configured with the false verification information, so that the content of the false verification information corresponding to the false verification parameter item is different from the content of the historical resource transfer callback information in the credential information.
Optionally, the electronic device generates false verification information of the target resource transfer credential according to the resource transfer amount in the credential information and/or the historical resource transfer callback identifier of the target resource transfer credential.
At S102f, first resource transfer callback information is determined, the first resource transfer callback information including dummy verification information.
Optionally, the electronic device determines that the first resource transfer callback information includes false verification information to verify whether the service server verifies the false verification parameter item.
In the above embodiment, whether the service server performs verification on the false verification parameter item is realized by configuring the to-be-verified parameter item including the false verification parameter item for the first resource transfer callback information, so that the callback verification logic of the service server is adjusted in time under the condition that the service server does not perform verification on the false verification parameter item, so as to ensure that the service server can perform verification on the false verification information corresponding to the false verification parameter item, prevent malicious and false resource transfer callbacks, and improve fund security.
In another possible implementation, in the case that the parameter item to be verified includes a false user account parameter item, as shown in fig. 6 in conjunction with fig. 1, S102 includes: s102g-S102 h.
In S102g, first user account information is generated, the content of which is different from the user account information in the credential information.
Optionally, in a case that the parameter item to be verified includes a false user account parameter item, the first resource transfer callback information is configured with first user account information.
Optionally, according to a pre-configured correspondence between the parameter item and the information, in a case that the parameter item to be verified includes a false user account parameter item, the information content corresponding to the parameter item to be verified includes content of the user account information, that is, the content of the user account information configured by the first resource transfer callback information is different from the user account information in the credential information.
Optionally, the electronic device alters content of the user account information in the credential information to generate first user account information. Since the user account information in the credential information is real user account information, the first user account information generated by changing the content of the user account information is false user account information different from the content of the real user account information.
In one embodiment, the electronic device changes the content of the user account information in the credential information, which may be part of modifying the user account information in the credential information, for example, modifying the user account identifier, the user address information, and the like in the user account information, to generate the first user account information.
In S102h, first resource transfer callback information is determined based on the first user account information.
Optionally, the electronic device determines first resource transfer callback information based on the first user account information, so that the first resource transfer callback information is configured with the first user account information.
In the above embodiment, whether the service server performs verification on the false user account parameter item is realized by configuring the to-be-verified parameter item including the false user account parameter item for the first resource transfer callback information, so that under the condition that the service server does not perform verification on the false user account parameter item, the callback verification logic of the service server is adjusted in time to ensure that the service server can perform verification on the user account information corresponding to the false user account parameter item, and when the service server performs resource transfer back using the wrong user account information, the service server performs delivery without performing verification on the user account information corresponding to the false user account parameter item, so that goods are sent to the wrong user account, and economic loss is caused.
In another possible implementation, in a case where the parameter item to be verified includes a repeated callback parameter item, S102 includes: step one, S103 includes: and step two.
In the first step, the number of callbacks of the first resource transfer callback information is configured to be N, where N is a positive integer greater than 1.
Optionally, in a case that the parameter item to be verified includes a repeated callback parameter item, the number of callbacks configured by the first resource transfer callback information is N.
Optionally, according to a pre-configured correspondence between the parameter item and the information, in a case that the parameter item to be verified includes a repeated callback parameter item, the information content corresponding to the parameter item to be verified includes content with a callback number of N times, that is, the content of the callback number information configured by the first resource transfer callback information is different from the callback number information in the credential information. Because the target resource transfer voucher is a real resource transfer voucher and the number of the target resource transfer vouchers is 1, the target resource transfer voucher carries out resource transfer callback information, and the callback times are single. Therefore, the content of the callback time information corresponding to the parameter item to be verified is different from the callback time of the historical resource transfer callback information in the credential information.
And in the second step, sending the first resource transfer callback information for N times to the service server.
Optionally, the electronic device sends the first resource transfer callback information to the service server N times to verify whether the service server performs verification processing, such as performing idempotent processing, on the repeated callback parameter item.
In an embodiment, after the N times of sending the second resource transfer callback information to the service server, the number of times of receiving the first callback result information is greater than or equal to 2, that is, the service server successfully accepts at least two pieces of first resource transfer callback information, which indicates that the service server does not perform verification on the repeated callback parameter item, for example, does not perform power-off processing on the resource transfer callback information, and at this time, the service server needs to perform at least 2 shipping operations for the target resource transfer credential, resulting in repeated shipping.
In the above embodiment, whether the verification of the repeated callback parameter item is performed by the service server is realized by configuring the to-be-verified parameter item including the repeated callback parameter item for the first resource transfer callback information, so that the callback verification logic of the service server is adjusted in time under the condition that the verification of the repeated callback parameter item is not performed by the service server, so as to ensure that the service server can perform verification of the signature information corresponding to the repeated callback parameter item, and avoid that the service server repeatedly issues resources and economic loss are caused due to repeated sending of the resource transfer callback information caused by conditions such as network jitter when performing resource transfer back-calling in an http manner.
In a specific embodiment, the generation process of the target resource transfer credential is as shown in fig. 7. The method specifically comprises the following steps:
the method comprises the following steps: the terminal device sends a purchase request to the service server.
In one embodiment, the user account sends a purchase request to the service server via the terminal device, for example, clicking a "buy" control on a display screen of the terminal device.
Step two: and the service server receives the purchase request and sends a ordering request to the resource transfer server.
In one embodiment, after receiving a purchase request sent by a user account through a terminal device, a service server sends an ordering request to a resource transfer server to acquire resource transfer information.
Step three: and the resource transfer server receives the ordering request and sends resource transfer information to the service server.
In one embodiment, after receiving an order placing request of a service server, a resource transfer server returns resource transfer information to the service server, where the resource transfer information at least includes a resource transfer credential identifier and order placing success information.
Step four: and the service server receives the resource transfer information and sends a resource transfer certificate identifier to the terminal equipment.
In an embodiment, the service server receives the resource transfer information sent by the resource transfer server, and sends the resource transfer credential identifier in the resource transfer information to the terminal device, so that the terminal device performs resource transfer.
Step five: and the terminal equipment receives the resource transfer certificate identification and sends a resource transfer request to the resource transfer server.
In one embodiment, the terminal device receives the resource transfer voucher identifier sent by the service server, and sends a resource transfer request to the resource transfer server based on the resource transfer voucher identifier, so as to perform resource transfer on the commodity in the purchase request.
And step six, the resource transfer server receives the resource transfer request and sends a resource transfer message to the terminal equipment.
In one embodiment, after receiving a resource transfer request sent by a terminal device, a resource transfer server generates a resource transfer message based on the resource transfer request, and returns the resource transfer message to the terminal device.
Step seven: and the terminal equipment receives the resource transfer message and transfers the resource based on the resource transfer message.
In one embodiment, after receiving a resource transfer message sent by a resource transfer server, a terminal device pulls up a resource transfer service provider based on the resource transfer message to perform resource transfer.
And step eight, the terminal equipment receives the information of successful resource transfer.
In one embodiment, after the terminal device completes the resource transfer, the resource transfer facilitator sends the resource transfer success information to the terminal device through the facilitator server.
It should be noted that, in the above steps from one to eight, the information involved is real information, such as resource transfer information and user account information, in the process of actually purchasing goods in the user account.
Further, after the terminal device completes payment, the process of purchasing goods by the user account is ended, and a resource transfer callback process is entered, as shown in fig. 7, the method specifically includes the following steps:
step one, the resource transfer server receives third resource transfer callback information.
In one embodiment, the resource transfer service sends third resource transfer callback information to the resource transfer server through the server, where the third resource transfer callback information may be asynchronous resource transfer callback information to notify the resource transfer server that the user account has completed the resource transfer.
And step two, the resource transfer server sends fourth resource transfer callback information to the service server.
In one embodiment, after determining that the user account completes the resource transfer, the resource transfer server sends fourth resource transfer callback information to the service server to notify the service server that the user account completes the resource transfer, and a shipping process can be performed.
Step three: and the service server receives the fourth resource transfer callback information and verifies the fourth resource transfer callback information.
In one embodiment, the verification process at least comprises the steps of verifying the signature information, the resource transfer information, the false verification information and the user account information in the fourth resource transfer callback information, and performing idempotent processing on the fourth resource transfer callback information, so as to prevent repeated requests caused by network jitter.
And step four, under the condition that the call-back is successful, the service server updates the resource transfer result of the purchase request.
In one embodiment, when the service server performs verification processing on the signature information, the resource transfer information, the false verification information and the user account information, the verification is successful, which indicates that the resource transfer is true and effective, and the service server updates the resource transfer result of the purchase request to be the successful resource transfer and delivers the goods to the user account.
Further, in order to verify whether the service server verifies the signature information, the resource transfer information, the false verification information, the user account information, and the like, and whether to perform power-like processing on the fourth resource transfer callback information, the electronic device starts a resource transfer callback verification service in a test environment, and verifies the service server, as shown in fig. 7, the method specifically includes the following steps:
the method comprises the following steps: the electronic equipment sends a configuration acquisition request for requesting to acquire verification configuration information.
In one embodiment, the configuration server stores the verification configuration information for the target resource transfer credential in advance. For example, the verification configuration information may be manually entered into the configuration server, or the verification configuration information may be automatically generated by the configuration server based on credential information of the target resource transfer credential.
Step two: the electronic equipment receives preset verification configuration information.
And the verification configuration information at least comprises the parameter item to be verified and the resource transfer certificate identification.
In one embodiment, the electronic device receives verification configuration information sent by the configuration server, and is used for determining which parameter items need to be verified for the service area. For example, the format of the configuration information is as follows:
step three: the electronic equipment sends a certificate acquisition request to the resource transfer server, and the certificate acquisition request is used for requesting to acquire the certificate information of the target resource transfer certificate.
In one embodiment, after receiving the verification configuration information, the electronic device sends a credential obtaining request to the resource transfer server to obtain credential information of a target resource transfer credential corresponding to the resource transfer credential identifier.
Step four: the electronic device receives credential information for the target resource transfer credential.
The target resource transfer credential is a resource transfer credential that has been successfully accepted by the service server, and the specific acceptance process is as described above and is not described herein again.
Step five: the electronic device determines first resource transfer callback information of the target resource transfer credential.
The first resource transfer callback information is configured with at least one parameter item to be verified, and the information content corresponding to the parameter item to be verified is different from the credential information.
And step six, the electronic equipment sends the first resource transfer callback information to the service server.
In one embodiment, after determining the parameter item to be verified in the first resource transfer callback information, the electronic device sends the first resource transfer callback information to the service area.
And step seven, the electronic equipment receives the first callback result information returned by the service server.
And step eight, the electronic equipment determines a verification result of the service server based on the first callback result information.
In an embodiment, after receiving the first callback result information, the electronic device determines whether the service server performs verification processing on at least one to-be-verified parameter in the first resource transfer callback information.
Further, the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information, that is, the verification result of the service server is verified, and the electronic device determines the second resource transfer callback information to continue verifying the service server.
Further, when the service server does not verify at least one parameter item to be verified in the first resource transfer callback information, that is, when the verification result of the service server is not verified, the electronic device sends alarm information.
The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects: determining first resource transfer callback information of the target resource transfer credential, and configuring at least one parameter item to be verified for the first resource transfer callback information, the first resource transfer callback information is configured with the content of the information content different from the content of the voucher information of the target resource transfer voucher, namely, the resource transfer callback information configured with false information is sent to the service server, thereby realizing that whether the service server executes the verification processing to at least one parameter item to be verified or not is judged according to the first callback result information returned by the service server, and further determine whether the callback check logic of the service server is reasonable, so that when the callback check logic of the service server is not reasonable, the callback check logic of the service server is adjusted in time, so that the safety of the service server is improved, and the problem of low safety of resource transfer caused by unreasonable callback check logic of the service server is solved.
The scheme provided by the embodiment of the application is mainly introduced from the perspective of a method. To implement the above functions, it includes hardware structures and/or software modules for performing the respective functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the disclosure also provides a verification device.
FIG. 8 is a block diagram illustrating an authentication device according to an example embodiment. Referring to fig. 8, the authentication apparatus 800 includes an acquisition module 801, a determination module 802, a transmission module 803, and an authentication module 804.
An obtaining module 801 configured to perform obtaining credential information of a target resource transfer credential; the target resource transfer voucher is a resource transfer voucher successfully accepted by the service server. For example, in conjunction with fig. 1, the obtaining module 801 may be configured to perform S101.
The determining module 802 is configured to perform determining first resource transfer callback information of the target resource transfer credential, where the first resource transfer callback information is configured with at least one parameter item to be verified, and information content corresponding to the parameter item to be verified is different from credential information. For example, in conjunction with fig. 1, the determination module 802 may be configured to perform S102.
A sending module 803 configured to execute sending the first resource transfer callback information to the service server and receiving the first callback result information; the first callback result information is result information obtained by the service server based on the first resource transfer callback information. For example, in conjunction with fig. 1, the sending module 803 may be configured to execute S103.
The verifying module 804 is configured to perform determining a first verification result based on the first callback result information, where the first verification result is used to characterize whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information. For example, in conjunction with fig. 1, the verification module 804 may be used to perform S104.
In one possible embodiment, the obtaining module is further configured to perform: acquiring preset verification configuration information, wherein the verification configuration information comprises a plurality of parameter items to be verified and resource transfer certificate identifiers; and acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
In another possible embodiment, the verification module is specifically configured to perform: under the condition that the first callback result information represents that the verification is successful, determining that the first verification result is that the service server does not execute data processing on at least one parameter item to be verified; and under the condition that the first callback result information represents that the verification fails, determining that the first verification result is that the service server has executed data processing on at least one parameter item to be verified.
In another possible implementation manner, in a case that the first callback result information indicates that the verification is successful, the sending module is further configured to perform: and sending alarm information.
In another possible implementation manner, in a case that the first callback result information indicates that the verification fails, the determining module is further configured to perform: determining second resource transfer callback information of the target resource transfer credential, wherein the second resource transfer callback information is configured with at least one parameter item to be verified; the parameter item to be verified configured by the second resource transfer callback information is different from the parameter item to be verified configured by the first resource transfer callback information; the sending module is further configured to perform: sending second resource transfer callback information to the service server and receiving second callback result information; the second callback result information is result information obtained by the service server based on the second resource transfer callback information; the verification module is further configured to perform: determining a second verification result based on the second callback result information; the second verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the second resource transfer callback information.
In another possible embodiment, the parameter item to be verified includes at least one of a signature parameter item, a false resource transfer credential parameter item, a false verification parameter item, a false user account parameter item, and a repeat callback parameter item.
In another possible implementation, in a case that the parameter item to be verified includes a signature parameter item, the determining module is specifically configured to perform: generating first signature information, wherein the content of the first signature information is different from the signature information in the certificate information; based on the first signature information, first resource transfer callback information is determined.
In another possible implementation, in the case that the parameter item to be verified includes a false resource transfer credential parameter item, the determining module is specifically configured to perform: generating first resource transfer information, wherein the content of the first resource transfer information is different from the resource transfer information in the voucher information; based on the first resource transfer information, first resource transfer callback information is determined.
In another possible implementation, in a case that the parameter item to be verified includes a false verification parameter item, the determining module is specifically configured to perform: generating false verification information of the target resource transfer certificate according to the certificate information; determining first resource transfer callback information, the first resource transfer callback information including false verification information.
In another possible implementation, in a case where the parameter item to be verified includes a false user account parameter item, the determining module is specifically configured to perform: generating first user account information, wherein the content of the first user account information is different from the user account information in the voucher information; first resource transfer callback information is determined based on the first user account information.
In another possible implementation manner, in the case that the parameter item to be verified includes a repeated callback parameter item, the determining module is specifically configured to perform: configuring the callback times of the first resource transfer callback information as N times, wherein N is a positive integer greater than 1; the sending module is specifically configured to perform: and sending the first resource transfer callback information to the service server for N times.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment. As shown in fig. 9, electronic device 900 includes, but is not limited to: a processor 901 and a memory 902.
The memory 902 is configured to store executable instructions of the processor 901. It is understood that the processor 901 is configured to execute instructions to implement the verification method shown in any one of fig. 1 to 7 in the above embodiments.
It should be noted that the electronic device structure shown in fig. 9 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown in fig. 9, or combine some components, or arrange different components, as will be understood by those skilled in the art.
The processor 901 is a control center of the electronic device, connects various parts of the whole electronic device by using various interfaces and lines, and performs various functions of the electronic device and processes data by running or executing software programs and/or modules stored in the memory 902 and calling data stored in the memory 902, thereby performing overall monitoring of the electronic device. Processor 901 may include one or more processing units; optionally, the processor 901 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, and the like, and the modem processor mainly processes wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 901.
The memory 902 may be used to store software programs as well as various data. The memory 902 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as an acquisition module, a determination module, a transmission module, and a verification module) required by at least one functional module, and the like. Further, the memory 902 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
In an exemplary embodiment, the disclosed embodiments also provide a computer-readable storage medium comprising instructions, such as the memory 902 comprising instructions, which are executable by the processor 901 of the electronic device 900 to perform the authentication method as shown in any one of fig. 1 to 7 of the above embodiments.
In actual implementation, the processing functions of the obtaining module 801, the determining module 802, the sending module 803 and the verifying module 804 can be implemented by the processor 901 shown in fig. 9 calling the program code in the memory 902. The specific implementation process may refer to the description of the verification method portion shown in any one of fig. 1 to 7, and is not described herein again.
Alternatively, the computer-readable storage medium may be a non-transitory computer-readable storage medium, which may be, for example, a Read-Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, the disclosed embodiments also provide a computer program product comprising one or more instructions executable by the processor 901 of the electronic device 900 to perform the authentication method illustrated in any one of fig. 1 to 7 in the above embodiments.
It should be noted that when being executed by the processor 901 of the electronic device 900, the instructions in the computer-readable storage medium or one or more instructions in the computer program product implement various processes of the foregoing verification method embodiment, and can achieve the same technical effects as the verification method shown in any one of fig. 1 to fig. 7 in the foregoing embodiment, and in order to avoid repetition, details are not repeated here.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. A method of authentication, comprising:
acquiring credential information of a target resource transfer credential; the target resource transfer certificate is a resource transfer certificate successfully accepted by the service server;
determining first resource transfer callback information of the target resource transfer credential; the first resource transfer callback information is configured with at least one parameter item to be verified, and the information content corresponding to the parameter item to be verified is different from the credential information;
sending the first resource transfer callback information to the service server, and receiving first callback result information; the first callback result information is result information obtained by the service server based on the first resource transfer callback information;
determining a first verification result based on the first callback result information; the first verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information.
2. The authentication method as claimed in claim 1, wherein obtaining the credential information of the target resource transfer credential comprises:
acquiring preset verification configuration information; the verification configuration information at least comprises the parameter item to be verified and a resource transfer certificate identifier;
and acquiring the credential information of the target resource transfer credential corresponding to the resource transfer credential identifier.
3. The authentication method according to claim 1, wherein said determining a first authentication result based on said first callback result information comprises:
under the condition that the first callback result information represents that verification is successful, determining that the first verification result is that the service server does not execute data processing on the at least one parameter item to be verified;
and under the condition that the first callback result information represents that the verification fails, determining that the first verification result is that the service server has executed data processing on the at least one parameter item to be verified.
4. The verification method according to claim 3, wherein in case that the first callback result information indicates that the verification is successful, the method further comprises: and sending alarm information.
5. The method according to claim 3, wherein in case that the first callback result information indicates that the verification fails, the method further comprises:
determining second resource transfer callback information of the target resource transfer credential, wherein the second resource transfer callback information is configured with at least one parameter item to be verified; wherein the parameter item to be verified configured by the second resource transfer callback information is different from the parameter item to be verified configured by the first resource transfer callback information;
sending the second resource transfer callback information to the service server and receiving second callback result information; the second callback result information is result information obtained by the service server based on the second resource transfer callback information;
determining a second verification result based on the second callback result information; and the second verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the second resource transfer callback information.
6. The verification method of claim 1, wherein the parameter items to be verified comprise at least one of a signature parameter item, a false resource transfer credential parameter item, a false verification parameter item, a false user account parameter item, and a repeat callback parameter item.
7. An authentication apparatus, comprising:
the acquisition module is configured to execute the acquisition of the credential information of the target resource transfer credential; the target resource transfer certificate is a resource transfer certificate successfully accepted by the service server;
the determining module is configured to perform determining first resource transfer callback information of the target resource transfer credential, wherein the first resource transfer callback information is configured with at least one parameter item to be verified, and information content corresponding to the parameter item to be verified is different from the credential information;
a sending module configured to execute sending the first resource transfer callback information to the service server and receive first callback result information; the first callback result information is result information obtained by the service server based on the first resource transfer callback information;
a verification module configured to perform determining a first verification result based on the first callback result information; the first verification result is used for representing whether the service server performs verification processing on at least one parameter item to be verified in the first resource transfer callback information.
8. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the authentication method of any one of claims 1 to 6.
9. A computer-readable storage medium, wherein instructions in the computer-readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the authentication method of any one of claims 1 to 6.
10. A computer program product, characterized in that it comprises computer instructions which, when run on an electronic device, cause the electronic device to perform the authentication method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111447357.0A CN114140200A (en) | 2021-11-30 | 2021-11-30 | Verification method, verification device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111447357.0A CN114140200A (en) | 2021-11-30 | 2021-11-30 | Verification method, verification device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114140200A true CN114140200A (en) | 2022-03-04 |
Family
ID=80386295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111447357.0A Pending CN114140200A (en) | 2021-11-30 | 2021-11-30 | Verification method, verification device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114140200A (en) |
-
2021
- 2021-11-30 CN CN202111447357.0A patent/CN114140200A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10540273B2 (en) | Simulator for system testing | |
| EP3079326B1 (en) | Network payment method, apparatus and system | |
| US10096025B2 (en) | Expert engine tier for adapting transaction-specific user requirements and transaction record handling | |
| US10032160B2 (en) | Isolating distinct service provider widgets within a wallet container | |
| US20150310430A1 (en) | Mobile payment system and method | |
| EP2767110A1 (en) | A multi-tiered secure mobile transactions enabling platform | |
| CN108805701A (en) | Across the chain transaction processing system of multi-tiling chain and method, block catenary system and storage medium | |
| CN110517046A (en) | Customer certification system and method | |
| CN110889106A (en) | Configuration method, device, system and computer readable storage medium | |
| CN113420090A (en) | Cross-chain processing method and device, electronic equipment and readable storage medium | |
| CN111801696A (en) | Payment page management method, payment page management device, payment system and storage medium | |
| CN114140200A (en) | Verification method, verification device, electronic equipment and storage medium | |
| US20210374042A1 (en) | Automatic portable device testing method and system | |
| CN113988844A (en) | Service subscription method, device and system | |
| WO2021121030A1 (en) | Resource transfer method, settlement terminal, and server node | |
| US11789834B2 (en) | Computer and conduit for system testing | |
| CN114240436A (en) | Electronic certificate verification and cancellation method and device, computer equipment and storage medium | |
| CN113360547A (en) | Cross-chain query method and device, electronic equipment and readable storage medium | |
| CN108932785B (en) | Method and system for calling lottery micro-service and mobile intelligent terminal | |
| CN112150126A (en) | Information processing method, information processing apparatus, electronic device, and medium | |
| TWI839875B (en) | Payment method, user terminal, device, equipment, system and medium | |
| CN112311838B (en) | Business asynchronous interaction method and device | |
| CN112801739A (en) | Information processing method and device for commodity distribution of supply chain platform | |
| CN113434883A (en) | Cross-chain processing method and device, electronic equipment and readable storage medium | |
| CN116308346A (en) | Method and device for identifying virtual resource acquisition object and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |